Merge branch 'master' into percpu

Conflicts:
	arch/powerpc/platforms/pseries/hvCall.S
	include/linux/percpu.h

304 files changed, 11856 insertions, 6536 deletions

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 8da93745c087..55298e891571 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -49,7 +49,11 @@ config X86
         select HAVE_KERNEL_GZIP
         select HAVE_KERNEL_BZIP2
         select HAVE_KERNEL_LZMA
+        select HAVE_HW_BREAKPOINT
+        select PERF_EVENTS
+        select ANON_INODES
         select HAVE_ARCH_KMEMCHECK
+        select HAVE_USER_RETURN_NOTIFIER
 
 config OUTPUT_FORMAT
         string
@@ -86,10 +90,6 @@ config STACKTRACE_SUPPORT
 config HAVE_LATENCYTOP_SUPPORT
         def_bool y
 
-config FAST_CMPXCHG_LOCAL
-        bool
-        default y
-
 config MMU
         def_bool y
 
@@ -495,7 +495,7 @@ if PARAVIRT_GUEST
 source "arch/x86/xen/Kconfig"
 
 config VMI
-        bool "VMI Guest support"
+        bool "VMI Guest support (DEPRECATED)"
         select PARAVIRT
         depends on X86_32
         ---help---
@@ -504,6 +504,15 @@ config VMI
           at the moment), by linking the kernel to a GPL-ed ROM module
           provided by the hypervisor.
 
+          As of September 2009, VMware has started a phased retirement
+          of this feature from VMware's products. Please see
+          feature-removal-schedule.txt for details.  If you are
+          planning to enable this option, please note that you cannot
+          live migrate a VMI enabled VM to a future VMware product,
+          which doesn't support VMI. So if you expect your kernel to
+          seamlessly migrate to newer VMware products, keep this
+          disabled.
+
 config KVM_CLOCK
         bool "KVM paravirtualized clock"
         select PARAVIRT
@@ -1325,7 +1334,9 @@ config MATH_EMULATION
           kernel, it won't hurt.
 
 config MTRR
-        bool "MTRR (Memory Type Range Register) support"
+        bool
+        default y
+        prompt "MTRR (Memory Type Range Register) support" if EMBEDDED
         ---help---
           On Intel P6 family processors (Pentium Pro, Pentium II and later)
           the Memory Type Range Registers (MTRRs) may be used to control
@@ -1391,7 +1402,8 @@ config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
 
 config X86_PAT
         bool
-        prompt "x86 PAT support"
+        default y
+        prompt "x86 PAT support" if EMBEDDED
         depends on MTRR
         ---help---
           Use PAT attributes to setup page level cache control.
@@ -1438,12 +1450,8 @@ config SECCOMP
 
           If unsure, say Y. Only embedded should say N here.
 
-config CC_STACKPROTECTOR_ALL
-        bool
-
 config CC_STACKPROTECTOR
         bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
-        select CC_STACKPROTECTOR_ALL
         ---help---
           This option turns on the -fstack-protector GCC feature. This
           feature puts, at the beginning of functions, a canary value on
@@ -1601,7 +1609,7 @@ config COMPAT_VDSO
         depends on X86_32 || IA32_EMULATION
         ---help---
           Map the 32-bit VDSO to the predictable old-style address too.
-        ---help---
+
           Say N here if you are running a sufficiently recent glibc
           version (2.3.3 or later), to remove the high-mapped
           VDSO mapping and to exclusively use the randomized VDSO.
@@ -2006,18 +2014,9 @@ config SCx200HR_TIMER
           processor goes idle (as is done by the scheduler).  The
           other workaround is idle=poll boot option.
 
-config GEODE_MFGPT_TIMER
-        def_bool y
-        prompt "Geode Multi-Function General Purpose Timer (MFGPT) events"
-        depends on MGEODE_LX && GENERIC_TIME && GENERIC_CLOCKEVENTS
-        ---help---
-          This driver provides a clock event source based on the MFGPT
-          timer(s) in the CS5535 and CS5536 companion chip for the geode.
-          MFGPTs have a better resolution and max interval than the
-          generic PIT, and are suitable for use as high-res timers.
-
 config OLPC
         bool "One Laptop Per Child support"
+        select GPIOLIB
         default n
         ---help---
           Add support for detecting the unique features of the OLPC
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
index 527519b8a9f9..08e442bc3ab9 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
@@ -301,15 +301,11 @@ config X86_CPU
 
 #
 # Define implied options from the CPU selection here
-config X86_L1_CACHE_BYTES
+config X86_INTERNODE_CACHE_SHIFT
         int
-        default "128" if MPSC
-        default "64" if GENERIC_CPU || MK8 || MCORE2 || MATOM || X86_32
-
-config X86_INTERNODE_CACHE_BYTES
-        int
-        default "4096" if X86_VSMP
-        default X86_L1_CACHE_BYTES if !X86_VSMP
+        default "12" if X86_VSMP
+        default "7" if NUMA
+        default X86_L1_CACHE_SHIFT
 
 config X86_CMPXCHG
         def_bool X86_64 || (X86_32 && !M386)
@@ -317,9 +313,9 @@ config X86_CMPXCHG
 config X86_L1_CACHE_SHIFT
         int
         default "7" if MPENTIUM4 || MPSC
+        default "6" if MK7 || MK8 || MPENTIUMM || MCORE2 || MATOM || MVIAC7 || X86_GENERIC || GENERIC_CPU
         default "4" if X86_ELAN || M486 || M386 || MGEODEGX1
         default "5" if MWINCHIP3D || MWINCHIPC6 || MCRUSOE || MEFFICEON || MCYRIXIII || MK6 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || MVIAC3_2 || MGEODE_LX
-        default "6" if MK7 || MK8 || MPENTIUMM || MCORE2 || MATOM || MVIAC7 || X86_GENERIC || GENERIC_CPU
 
 config X86_XADD
         def_bool y
@@ -400,18 +396,19 @@ config X86_TSC
 
 config X86_CMPXCHG64
         def_bool y
-        depends on X86_PAE || X86_64
+        depends on !M386 && !M486
 
 # this should be set for all -march=.. options where the compiler
 # generates cmov.
 config X86_CMOV
         def_bool y
-        depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM)
+        depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
 
 config X86_MINIMUM_CPU_FAMILY
         int
         default "64" if X86_64
         default "6" if X86_32 && X86_P6_NOP
+        default "5" if X86_32 && X86_CMPXCHG64
         default "4" if X86_32 && (X86_XADD || X86_CMPXCHG || X86_BSWAP || X86_WP_WORKS_OK)
         default "3"
 
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index d105f29bb6bb..bc01e3ebfeb2 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -186,6 +186,15 @@ config X86_DS_SELFTEST
 config HAVE_MMIOTRACE_SUPPORT
         def_bool y
 
+config X86_DECODER_SELFTEST
+        bool "x86 instruction decoder selftest"
+        depends on DEBUG_KERNEL && KPROBES
+        ---help---
+         Perform x86 instruction decoder selftests at build time.
+         This option is useful for checking the sanity of x86 instruction
+         decoder code.
+         If unsure, say "N".
+
 #
 # IO delay types:
 #
@@ -287,4 +296,18 @@ config OPTIMIZE_INLINING
 
           If unsure, say N.
 
+config DEBUG_STRICT_USER_COPY_CHECKS
+        bool "Strict copy size checks"
+        depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING
+        ---help---
+          Enabling this option turns a certain set of sanity checks for user
+          copy operations into compile time failures.
+
+          The copy_from_user() etc checks are there to help test if there
+          are sufficient security checks on the length argument of
+          the copy operation, by having gcc prove that the argument is
+          within bounds.
+
+          If unsure, or if you run an older (pre 4.4) gcc, say N.
+
 endmenu
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index a012ee8ef803..78b32be55e9e 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -76,7 +76,6 @@ ifdef CONFIG_CC_STACKPROTECTOR
         cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
         ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(biarch)),y)
                 stackp-y := -fstack-protector
-                stackp-$(CONFIG_CC_STACKPROTECTOR_ALL) += -fstack-protector-all
                 KBUILD_CFLAGS += $(stackp-y)
         else
                 $(warning stack protector enabled but no compiler support)
@@ -156,6 +155,9 @@ all: bzImage
 KBUILD_IMAGE := $(boot)/bzImage
 
 bzImage: vmlinux
+ifeq ($(CONFIG_X86_DECODER_SELFTEST),y)
+        $(Q)$(MAKE) $(build)=arch/x86/tools posttest
+endif
         $(Q)$(MAKE) $(build)=$(boot) $(KBUILD_IMAGE)
         $(Q)mkdir -p $(objtree)/arch/$(UTS_MACHINE)/boot
         $(Q)ln -fsn ../../x86/boot/bzImage $(objtree)/arch/$(UTS_MACHINE)/boot/$@
diff --git a/arch/x86/Makefile_32.cpu b/arch/x86/Makefile_32.cpu
index 30e9a264f69d..1255d953c65d 100644
--- a/arch/x86/Makefile_32.cpu
+++ b/arch/x86/Makefile_32.cpu
@@ -41,11 +41,18 @@ cflags-$(CONFIG_X86_ELAN)	+= -march=i486
 
 # Geode GX1 support
 cflags-$(CONFIG_MGEODEGX1)      += -march=pentium-mmx
-
+cflags-$(CONFIG_MGEODE_LX)      += $(call cc-option,-march=geode,-march=pentium-mmx)
 # add at the end to overwrite eventual tuning options from earlier
 # cpu entries
 cflags-$(CONFIG_X86_GENERIC)    += $(call tune,generic,$(call tune,i686))
 
+# Work around the pentium-mmx code generator madness of gcc4.4.x which
+# does stack alignment by generating horrible code _before_ the mcount
+# prologue (push %ebp, mov %esp, %ebp) which breaks the function graph
+# tracer assumptions. For i686, generic, core2 this is set by the
+# compiler anyway
+cflags-$(CONFIG_FUNCTION_GRAPH_TRACER) += $(call cc-option,-maccumulate-outgoing-args)
+
 # Bug fix for binutils: this option is required in order to keep
 # binutils from generating NOPL instructions against our will.
 ifneq ($(CONFIG_X86_P6_NOP),y)
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index f8ed0658404c..f25bbd37765a 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -9,6 +9,7 @@ targets := vmlinux.lds vmlinux vmlinux.bin vmlinux.bin.gz vmlinux.bin.bz2 vmlinu
 KBUILD_CFLAGS := -m$(BITS) -D__KERNEL__ $(LINUX_INCLUDE) -O2
 KBUILD_CFLAGS += -fno-strict-aliasing -fPIC
 KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING
+cflags-$(CONFIG_X86_32) := -march=i386
 cflags-$(CONFIG_X86_64) := -mcmodel=small
 KBUILD_CFLAGS += $(cflags-y)
 KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index 077e1b69198e..faff0dc9c06a 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -107,8 +107,7 @@ ENTRY(startup_32)
         lgdt    gdt(%ebp)
 
         /* Enable PAE mode */
-        xorl    %eax, %eax
-        orl     $(X86_CR4_PAE), %eax
+        movl    $(X86_CR4_PAE), %eax
         movl    %eax, %cr4
 
  /*
diff --git a/arch/x86/boot/compressed/relocs.c b/arch/x86/boot/compressed/relocs.c
index bbeb0c3fbd90..89bbf4e4d05d 100644
--- a/arch/x86/boot/compressed/relocs.c
+++ b/arch/x86/boot/compressed/relocs.c
@@ -9,6 +9,9 @@
 #include <byteswap.h>
 #define USE_BSD
 #include <endian.h>
+#include <regex.h>
+
+static void die(char *fmt, ...);
 
 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
 static Elf32_Ehdr ehdr;
@@ -30,25 +33,47 @@ static struct section *secs;
  * the address for which it has been compiled. Don't warn user about
  * absolute relocations present w.r.t these symbols.
  */
-static const char* safe_abs_relocs[] = {
-                "xen_irq_disable_direct_reloc",
-                "xen_save_fl_direct_reloc",
-};
+static const char abs_sym_regex[] =
+        "^(xen_irq_disable_direct_reloc$|"
+        "xen_save_fl_direct_reloc$|"
+        "VDSO|"
+        "__crc_)";
+static regex_t abs_sym_regex_c;
+static int is_abs_reloc(const char *sym_name)
+{
+        return !regexec(&abs_sym_regex_c, sym_name, 0, NULL, 0);
+}
 
-static int is_safe_abs_reloc(const char* sym_name)
+/*
+ * These symbols are known to be relative, even if the linker marks them
+ * as absolute (typically defined outside any section in the linker script.)
+ */
+static const char rel_sym_regex[] =
+        "^_end$";
+static regex_t rel_sym_regex_c;
+static int is_rel_reloc(const char *sym_name)
 {
-        int i;
+        return !regexec(&rel_sym_regex_c, sym_name, 0, NULL, 0);
+}
 
-        for (i = 0; i < ARRAY_SIZE(safe_abs_relocs); i++) {
-                if (!strcmp(sym_name, safe_abs_relocs[i]))
-                        /* Match found */
-                        return 1;
-        }
-        if (strncmp(sym_name, "VDSO", 4) == 0)
-                return 1;
-        if (strncmp(sym_name, "__crc_", 6) == 0)
-                return 1;
-        return 0;
+static void regex_init(void)
+{
+        char errbuf[128];
+        int err;
+        
+        err = regcomp(&abs_sym_regex_c, abs_sym_regex,
+                      REG_EXTENDED|REG_NOSUB);
+        if (err) {
+                regerror(err, &abs_sym_regex_c, errbuf, sizeof errbuf);
+                die("%s", errbuf);
+        }
+
+        err = regcomp(&rel_sym_regex_c, rel_sym_regex,
+                      REG_EXTENDED|REG_NOSUB);
+        if (err) {
+                regerror(err, &rel_sym_regex_c, errbuf, sizeof errbuf);
+                die("%s", errbuf);
+        }
 }
 
 static void die(char *fmt, ...)
@@ -131,7 +156,7 @@ static const char *rel_type(unsigned type)
 #undef REL_TYPE
         };
         const char *name = "unknown type rel type name";
-        if (type < ARRAY_SIZE(type_name)) {
+        if (type < ARRAY_SIZE(type_name) && type_name[type]) {
                 name = type_name[type];
         }
         return name;
@@ -448,7 +473,7 @@ static void print_absolute_relocs(void)
                          * Before warning check if this absolute symbol
                          * relocation is harmless.
                          */
-                        if (is_safe_abs_reloc(name))
+                        if (is_abs_reloc(name) || is_rel_reloc(name))
                                 continue;
 
                         if (!printed) {
@@ -501,21 +526,26 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym))
                         sym = &sh_symtab[ELF32_R_SYM(rel->r_info)];
                         r_type = ELF32_R_TYPE(rel->r_info);
                         /* Don't visit relocations to absolute symbols */
-                        if (sym->st_shndx == SHN_ABS) {
+                        if (sym->st_shndx == SHN_ABS &&
+                            !is_rel_reloc(sym_name(sym_strtab, sym))) {
                                 continue;
                         }
-                        if (r_type == R_386_NONE || r_type == R_386_PC32) {
+                        switch (r_type) {
+                        case R_386_NONE:
+                        case R_386_PC32:
                                 /*
                                  * NONE can be ignored and and PC relative
                                  * relocations don't need to be adjusted.
                                  */
-                        }
-                        else if (r_type == R_386_32) {
+                                break;
+                        case R_386_32:
                                 /* Visit relocations that need to be adjusted */
                                 visit(rel, sym);
-                        }
-                        else {
-                                die("Unsupported relocation type: %d\n", r_type);
+                                break;
+                        default:
+                                die("Unsupported relocation type: %s (%d)\n",
+                                    rel_type(r_type), r_type);
+                                break;
                         }
                 }
         }
@@ -571,16 +601,15 @@ static void emit_relocs(int as_text)
         }
         else {
                 unsigned char buf[4];
-                buf[0] = buf[1] = buf[2] = buf[3] = 0;
                 /* Print a stop */
-                printf("%c%c%c%c", buf[0], buf[1], buf[2], buf[3]);
+                fwrite("\0\0\0\0", 4, 1, stdout);
                 /* Now print each relocation */
                 for (i = 0; i < reloc_count; i++) {
                         buf[0] = (relocs[i] >>  0) & 0xff;
                         buf[1] = (relocs[i] >>  8) & 0xff;
                         buf[2] = (relocs[i] >> 16) & 0xff;
                         buf[3] = (relocs[i] >> 24) & 0xff;
-                        printf("%c%c%c%c", buf[0], buf[1], buf[2], buf[3]);
+                        fwrite(buf, 4, 1, stdout);
                 }
         }
 }
@@ -598,6 +627,8 @@ int main(int argc, char **argv)
         FILE *fp;
         int i;
 
+        regex_init();
+
         show_absolute_syms = 0;
         show_absolute_relocs = 0;
         as_text = 0;
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index f4193bb48782..a6f1a59a5b0c 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -4,6 +4,7 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONFIG_OUTPUT_FORMAT, CONFIG_OUTPUT_FORMAT)
 
 #undef i386
 
+#include <asm/cache.h>
 #include <asm/page_types.h>
 
 #ifdef CONFIG_X86_64
@@ -46,7 +47,7 @@ SECTIONS
                 *(.data.*)
                 _edata = . ;
         }
-        . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+        . = ALIGN(L1_CACHE_BYTES);
         .bss : {
                 _bss = . ;
                 *(.bss)
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index b31cc54b4641..93e689f4bd86 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -16,7 +16,7 @@
  */
 
 #include <asm/segment.h>
-#include <linux/utsrelease.h>
+#include <generated/utsrelease.h>
 #include <asm/boot.h>
 #include <asm/e820.h>
 #include <asm/page_types.h>
diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld
index 0f6ec455a2b1..03c0683636b6 100644
--- a/arch/x86/boot/setup.ld
+++ b/arch/x86/boot/setup.ld
@@ -53,6 +53,9 @@ SECTIONS
 
         /DISCARD/ : { *(.note*) }
 
+        /*
+         * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility:
+         */
         . = ASSERT(_end <= 0x8000, "Setup too big!");
         . = ASSERT(hdr == 0x1f1, "The setup header has the wrong offset!");
         /* Necessary for the very-old-loader check to work... */
diff --git a/arch/x86/boot/version.c b/arch/x86/boot/version.c
index 2723d9b5ce43..2b15aa488ffb 100644
--- a/arch/x86/boot/version.c
+++ b/arch/x86/boot/version.c
@@ -13,8 +13,8 @@
  */
 
 #include "boot.h"
-#include <linux/utsrelease.h>
-#include <linux/compile.h>
+#include <generated/utsrelease.h>
+#include <generated/compile.h>
 
 const char kernel_version[] =
         UTS_RELEASE " (" LINUX_COMPILE_BY "@" LINUX_COMPILE_HOST ") "
diff --git a/arch/x86/boot/video.c b/arch/x86/boot/video.c
index d42da3802499..f767164cd5df 100644
--- a/arch/x86/boot/video.c
+++ b/arch/x86/boot/video.c
@@ -27,6 +27,12 @@ static void store_cursor_position(void)
 
         boot_params.screen_info.orig_x = oreg.dl;
         boot_params.screen_info.orig_y = oreg.dh;
+
+        if (oreg.ch & 0x20)
+                boot_params.screen_info.flags |= VIDEO_FLAGS_NOCURSOR;
+
+        if ((oreg.ch & 0x1f) > (oreg.cl & 0x1f))
+                boot_params.screen_info.flags |= VIDEO_FLAGS_NOCURSOR;
 }
 
 static void store_video_mode(void)
diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
index cfb0010fa940..1a58ad89fdf7 100644
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -12,6 +12,7 @@ obj-$(CONFIG_CRYPTO_AES_X86_64) += aes-x86_64.o
 obj-$(CONFIG_CRYPTO_TWOFISH_X86_64) += twofish-x86_64.o
 obj-$(CONFIG_CRYPTO_SALSA20_X86_64) += salsa20-x86_64.o
 obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o
+obj-$(CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL) += ghash-clmulni-intel.o
 
 obj-$(CONFIG_CRYPTO_CRC32C_INTEL) += crc32c-intel.o
 
@@ -24,3 +25,5 @@ twofish-x86_64-y := twofish-x86_64-asm_64.o twofish_glue.o
 salsa20-x86_64-y := salsa20-x86_64-asm_64.o salsa20_glue.o
 
 aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o
+
+ghash-clmulni-intel-y := ghash-clmulni-intel_asm.o ghash-clmulni-intel_glue.o
diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
index eb0566e83319..20bb0e1ac681 100644
--- a/arch/x86/crypto/aesni-intel_asm.S
+++ b/arch/x86/crypto/aesni-intel_asm.S
@@ -16,6 +16,7 @@
  */
 
 #include <linux/linkage.h>
+#include <asm/inst.h>
 
 .text
 
@@ -122,103 +123,72 @@ ENTRY(aesni_set_key)
         movups 0x10(%rsi), %xmm2        # other user key
         movaps %xmm2, (%rcx)
         add $0x10, %rcx
-        # aeskeygenassist $0x1, %xmm2, %xmm1    # round 1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x01
+        AESKEYGENASSIST 0x1 %xmm2 %xmm1         # round 1
         call _key_expansion_256a
-        # aeskeygenassist $0x1, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x01
+        AESKEYGENASSIST 0x1 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x2, %xmm2, %xmm1    # round 2
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x02
+        AESKEYGENASSIST 0x2 %xmm2 %xmm1         # round 2
         call _key_expansion_256a
-        # aeskeygenassist $0x2, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x02
+        AESKEYGENASSIST 0x2 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x4, %xmm2, %xmm1    # round 3
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x04
+        AESKEYGENASSIST 0x4 %xmm2 %xmm1         # round 3
         call _key_expansion_256a
-        # aeskeygenassist $0x4, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x04
+        AESKEYGENASSIST 0x4 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x8, %xmm2, %xmm1    # round 4
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x08
+        AESKEYGENASSIST 0x8 %xmm2 %xmm1         # round 4
         call _key_expansion_256a
-        # aeskeygenassist $0x8, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x08
+        AESKEYGENASSIST 0x8 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x10, %xmm2, %xmm1   # round 5
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x10
+        AESKEYGENASSIST 0x10 %xmm2 %xmm1        # round 5
         call _key_expansion_256a
-        # aeskeygenassist $0x10, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x10
+        AESKEYGENASSIST 0x10 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x20, %xmm2, %xmm1   # round 6
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x20
+        AESKEYGENASSIST 0x20 %xmm2 %xmm1        # round 6
         call _key_expansion_256a
-        # aeskeygenassist $0x20, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x20
+        AESKEYGENASSIST 0x20 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x40, %xmm2, %xmm1   # round 7
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x40
+        AESKEYGENASSIST 0x40 %xmm2 %xmm1        # round 7
         call _key_expansion_256a
         jmp .Ldec_key
 .Lenc_key192:
         movq 0x10(%rsi), %xmm2          # other user key
-        # aeskeygenassist $0x1, %xmm2, %xmm1    # round 1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x01
+        AESKEYGENASSIST 0x1 %xmm2 %xmm1         # round 1
         call _key_expansion_192a
-        # aeskeygenassist $0x2, %xmm2, %xmm1    # round 2
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x02
+        AESKEYGENASSIST 0x2 %xmm2 %xmm1         # round 2
         call _key_expansion_192b
-        # aeskeygenassist $0x4, %xmm2, %xmm1    # round 3
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x04
+        AESKEYGENASSIST 0x4 %xmm2 %xmm1         # round 3
         call _key_expansion_192a
-        # aeskeygenassist $0x8, %xmm2, %xmm1    # round 4
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x08
+        AESKEYGENASSIST 0x8 %xmm2 %xmm1         # round 4
         call _key_expansion_192b
-        # aeskeygenassist $0x10, %xmm2, %xmm1   # round 5
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x10
+        AESKEYGENASSIST 0x10 %xmm2 %xmm1        # round 5
         call _key_expansion_192a
-        # aeskeygenassist $0x20, %xmm2, %xmm1   # round 6
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x20
+        AESKEYGENASSIST 0x20 %xmm2 %xmm1        # round 6
         call _key_expansion_192b
-        # aeskeygenassist $0x40, %xmm2, %xmm1   # round 7
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x40
+        AESKEYGENASSIST 0x40 %xmm2 %xmm1        # round 7
         call _key_expansion_192a
-        # aeskeygenassist $0x80, %xmm2, %xmm1   # round 8
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x80
+        AESKEYGENASSIST 0x80 %xmm2 %xmm1        # round 8
         call _key_expansion_192b
         jmp .Ldec_key
 .Lenc_key128:
-        # aeskeygenassist $0x1, %xmm0, %xmm1    # round 1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x01
+        AESKEYGENASSIST 0x1 %xmm0 %xmm1         # round 1
         call _key_expansion_128
-        # aeskeygenassist $0x2, %xmm0, %xmm1    # round 2
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x02
+        AESKEYGENASSIST 0x2 %xmm0 %xmm1         # round 2
         call _key_expansion_128
-        # aeskeygenassist $0x4, %xmm0, %xmm1    # round 3
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x04
+        AESKEYGENASSIST 0x4 %xmm0 %xmm1         # round 3
         call _key_expansion_128
-        # aeskeygenassist $0x8, %xmm0, %xmm1    # round 4
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x08
+        AESKEYGENASSIST 0x8 %xmm0 %xmm1         # round 4
         call _key_expansion_128
-        # aeskeygenassist $0x10, %xmm0, %xmm1   # round 5
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x10
+        AESKEYGENASSIST 0x10 %xmm0 %xmm1        # round 5
         call _key_expansion_128
-        # aeskeygenassist $0x20, %xmm0, %xmm1   # round 6
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x20
+        AESKEYGENASSIST 0x20 %xmm0 %xmm1        # round 6
         call _key_expansion_128
-        # aeskeygenassist $0x40, %xmm0, %xmm1   # round 7
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x40
+        AESKEYGENASSIST 0x40 %xmm0 %xmm1        # round 7
         call _key_expansion_128
-        # aeskeygenassist $0x80, %xmm0, %xmm1   # round 8
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x80
+        AESKEYGENASSIST 0x80 %xmm0 %xmm1        # round 8
         call _key_expansion_128
-        # aeskeygenassist $0x1b, %xmm0, %xmm1   # round 9
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x1b
+        AESKEYGENASSIST 0x1b %xmm0 %xmm1        # round 9
         call _key_expansion_128
-        # aeskeygenassist $0x36, %xmm0, %xmm1   # round 10
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x36
+        AESKEYGENASSIST 0x36 %xmm0 %xmm1        # round 10
         call _key_expansion_128
 .Ldec_key:
         sub $0x10, %rcx
@@ -231,8 +201,7 @@ ENTRY(aesni_set_key)
 .align 4
 .Ldec_key_loop:
         movaps (%rdi), %xmm0
-        # aesimc %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x38, 0xdb, 0xc8
+        AESIMC %xmm0 %xmm1
         movaps %xmm1, (%rsi)
         add $0x10, %rdi
         sub $0x10, %rsi
@@ -274,51 +243,37 @@ _aesni_enc1:
         je .Lenc192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps -0x50(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
 .align 4
 .Lenc192:
         movaps -0x40(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps -0x30(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
 .align 4
 .Lenc128:
         movaps -0x20(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps -0x10(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps (TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x10(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x20(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x30(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x40(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x50(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x60(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x70(TKEYP), KEY
-        # aesenclast KEY, STATE # last round
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xc2
+        AESENCLAST KEY STATE
         ret
 
 /*
@@ -353,135 +308,79 @@ _aesni_enc4:
         je .L4enc192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps -0x50(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
 #.align 4
 .L4enc192:
         movaps -0x40(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps -0x30(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
 #.align 4
 .L4enc128:
         movaps -0x20(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps -0x10(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps (TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x10(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x20(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x30(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x40(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x50(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x60(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x70(TKEYP), KEY
-        # aesenclast KEY, STATE1        # last round
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xc2
-        # aesenclast KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xe2
-        # aesenclast KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xea
-        # aesenclast KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xf2
+        AESENCLAST KEY STATE1           # last round
+        AESENCLAST KEY STATE2
+        AESENCLAST KEY STATE3
+        AESENCLAST KEY STATE4
         ret
 
 /*
@@ -518,51 +417,37 @@ _aesni_dec1:
         je .Ldec192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps -0x50(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
 .align 4
 .Ldec192:
         movaps -0x40(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps -0x30(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
 .align 4
 .Ldec128:
         movaps -0x20(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps -0x10(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps (TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x10(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x20(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x30(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x40(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x50(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x60(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x70(TKEYP), KEY
-        # aesdeclast KEY, STATE         # last round
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xc2
+        AESDECLAST KEY STATE
         ret
 
 /*
@@ -597,135 +482,79 @@ _aesni_dec4:
         je .L4dec192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps -0x50(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
 .align 4
 .L4dec192:
         movaps -0x40(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps -0x30(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
 .align 4
 .L4dec128:
         movaps -0x20(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps -0x10(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps (TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x10(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x20(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x30(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x40(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x50(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x60(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x70(TKEYP), KEY
-        # aesdeclast KEY, STATE1        # last round
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xc2
-        # aesdeclast KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xe2
-        # aesdeclast KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xea
-        # aesdeclast KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xf2
+        AESDECLAST KEY STATE1           # last round
+        AESDECLAST KEY STATE2
+        AESDECLAST KEY STATE3
+        AESDECLAST KEY STATE4
         ret
 
 /*
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index 585edebe12cf..49c552c060e9 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -82,7 +82,7 @@ static int aes_set_key_common(struct crypto_tfm *tfm, void *raw_ctx,
                 return -EINVAL;
         }
 
-        if (irq_fpu_usable())
+        if (!irq_fpu_usable())
                 err = crypto_aes_expand_key(ctx, in_key, key_len);
         else {
                 kernel_fpu_begin();
@@ -103,7 +103,7 @@ static void aes_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
 {
         struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
 
-        if (irq_fpu_usable())
+        if (!irq_fpu_usable())
                 crypto_aes_encrypt_x86(ctx, dst, src);
         else {
                 kernel_fpu_begin();
@@ -116,7 +116,7 @@ static void aes_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
 {
         struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
 
-        if (irq_fpu_usable())
+        if (!irq_fpu_usable())
                 crypto_aes_decrypt_x86(ctx, dst, src);
         else {
                 kernel_fpu_begin();
@@ -342,7 +342,7 @@ static int ablk_encrypt(struct ablkcipher_request *req)
         struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req);
         struct async_aes_ctx *ctx = crypto_ablkcipher_ctx(tfm);
 
-        if (irq_fpu_usable()) {
+        if (!irq_fpu_usable()) {
                 struct ablkcipher_request *cryptd_req =
                         ablkcipher_request_ctx(req);
                 memcpy(cryptd_req, req, sizeof(*req));
@@ -363,7 +363,7 @@ static int ablk_decrypt(struct ablkcipher_request *req)
         struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req);
         struct async_aes_ctx *ctx = crypto_ablkcipher_ctx(tfm);
 
-        if (irq_fpu_usable()) {
+        if (!irq_fpu_usable()) {
                 struct ablkcipher_request *cryptd_req =
                         ablkcipher_request_ctx(req);
                 memcpy(cryptd_req, req, sizeof(*req));
diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S
new file mode 100644
index 000000000000..1eb7f90cb7b9
--- /dev/null
+++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S
@@ -0,0 +1,157 @@
+/*
+ * Accelerated GHASH implementation with Intel PCLMULQDQ-NI
+ * instructions. This file contains accelerated part of ghash
+ * implementation. More information about PCLMULQDQ can be found at:
+ *
+ * http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode/
+ *
+ * Copyright (c) 2009 Intel Corp.
+ *   Author: Huang Ying <ying.huang@intel.com>
+ *           Vinodh Gopal
+ *           Erdinc Ozturk
+ *           Deniz Karakoyunlu
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation.
+ */
+
+#include <linux/linkage.h>
+#include <asm/inst.h>
+
+.data
+
+.align 16
+.Lbswap_mask:
+        .octa 0x000102030405060708090a0b0c0d0e0f
+.Lpoly:
+        .octa 0xc2000000000000000000000000000001
+.Ltwo_one:
+        .octa 0x00000001000000000000000000000001
+
+#define DATA    %xmm0
+#define SHASH   %xmm1
+#define T1      %xmm2
+#define T2      %xmm3
+#define T3      %xmm4
+#define BSWAP   %xmm5
+#define IN1     %xmm6
+
+.text
+
+/*
+ * __clmul_gf128mul_ble:        internal ABI
+ * input:
+ *      DATA:                   operand1
+ *      SHASH:                  operand2, hash_key << 1 mod poly
+ * output:
+ *      DATA:                   operand1 * operand2 mod poly
+ * changed:
+ *      T1
+ *      T2
+ *      T3
+ */
+__clmul_gf128mul_ble:
+        movaps DATA, T1
+        pshufd $0b01001110, DATA, T2
+        pshufd $0b01001110, SHASH, T3
+        pxor DATA, T2
+        pxor SHASH, T3
+
+        PCLMULQDQ 0x00 SHASH DATA       # DATA = a0 * b0
+        PCLMULQDQ 0x11 SHASH T1         # T1 = a1 * b1
+        PCLMULQDQ 0x00 T3 T2            # T2 = (a1 + a0) * (b1 + b0)
+        pxor DATA, T2
+        pxor T1, T2                     # T2 = a0 * b1 + a1 * b0
+
+        movaps T2, T3
+        pslldq $8, T3
+        psrldq $8, T2
+        pxor T3, DATA
+        pxor T2, T1                     # <T1:DATA> is result of
+                                        # carry-less multiplication
+
+        # first phase of the reduction
+        movaps DATA, T3
+        psllq $1, T3
+        pxor DATA, T3
+        psllq $5, T3
+        pxor DATA, T3
+        psllq $57, T3
+        movaps T3, T2
+        pslldq $8, T2
+        psrldq $8, T3
+        pxor T2, DATA
+        pxor T3, T1
+
+        # second phase of the reduction
+        movaps DATA, T2
+        psrlq $5, T2
+        pxor DATA, T2
+        psrlq $1, T2
+        pxor DATA, T2
+        psrlq $1, T2
+        pxor T2, T1
+        pxor T1, DATA
+        ret
+
+/* void clmul_ghash_mul(char *dst, const be128 *shash) */
+ENTRY(clmul_ghash_mul)
+        movups (%rdi), DATA
+        movups (%rsi), SHASH
+        movaps .Lbswap_mask, BSWAP
+        PSHUFB_XMM BSWAP DATA
+        call __clmul_gf128mul_ble
+        PSHUFB_XMM BSWAP DATA
+        movups DATA, (%rdi)
+        ret
+
+/*
+ * void clmul_ghash_update(char *dst, const char *src, unsigned int srclen,
+ *                         const be128 *shash);
+ */
+ENTRY(clmul_ghash_update)
+        cmp $16, %rdx
+        jb .Lupdate_just_ret    # check length
+        movaps .Lbswap_mask, BSWAP
+        movups (%rdi), DATA
+        movups (%rcx), SHASH
+        PSHUFB_XMM BSWAP DATA
+.align 4
+.Lupdate_loop:
+        movups (%rsi), IN1
+        PSHUFB_XMM BSWAP IN1
+        pxor IN1, DATA
+        call __clmul_gf128mul_ble
+        sub $16, %rdx
+        add $16, %rsi
+        cmp $16, %rdx
+        jge .Lupdate_loop
+        PSHUFB_XMM BSWAP DATA
+        movups DATA, (%rdi)
+.Lupdate_just_ret:
+        ret
+
+/*
+ * void clmul_ghash_setkey(be128 *shash, const u8 *key);
+ *
+ * Calculate hash_key << 1 mod poly
+ */
+ENTRY(clmul_ghash_setkey)
+        movaps .Lbswap_mask, BSWAP
+        movups (%rsi), %xmm0
+        PSHUFB_XMM BSWAP %xmm0
+        movaps %xmm0, %xmm1
+        psllq $1, %xmm0
+        psrlq $63, %xmm1
+        movaps %xmm1, %xmm2
+        pslldq $8, %xmm1
+        psrldq $8, %xmm2
+        por %xmm1, %xmm0
+        # reduction
+        pshufd $0b00100100, %xmm2, %xmm1
+        pcmpeqd .Ltwo_one, %xmm1
+        pand .Lpoly, %xmm1
+        pxor %xmm1, %xmm0
+        movups %xmm0, (%rdi)
+        ret
diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c
new file mode 100644
index 000000000000..cbcc8d8ea93a
--- /dev/null
+++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
@@ -0,0 +1,333 @@
+/*
+ * Accelerated GHASH implementation with Intel PCLMULQDQ-NI
+ * instructions. This file contains glue code.
+ *
+ * Copyright (c) 2009 Intel Corp.
+ *   Author: Huang Ying <ying.huang@intel.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/crypto.h>
+#include <crypto/algapi.h>
+#include <crypto/cryptd.h>
+#include <crypto/gf128mul.h>
+#include <crypto/internal/hash.h>
+#include <asm/i387.h>
+
+#define GHASH_BLOCK_SIZE        16
+#define GHASH_DIGEST_SIZE       16
+
+void clmul_ghash_mul(char *dst, const be128 *shash);
+
+void clmul_ghash_update(char *dst, const char *src, unsigned int srclen,
+                        const be128 *shash);
+
+void clmul_ghash_setkey(be128 *shash, const u8 *key);
+
+struct ghash_async_ctx {
+        struct cryptd_ahash *cryptd_tfm;
+};
+
+struct ghash_ctx {
+        be128 shash;
+};
+
+struct ghash_desc_ctx {
+        u8 buffer[GHASH_BLOCK_SIZE];
+        u32 bytes;
+};
+
+static int ghash_init(struct shash_desc *desc)
+{
+        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
+
+        memset(dctx, 0, sizeof(*dctx));
+
+        return 0;
+}
+
+static int ghash_setkey(struct crypto_shash *tfm,
+                        const u8 *key, unsigned int keylen)
+{
+        struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
+
+        if (keylen != GHASH_BLOCK_SIZE) {
+                crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+                return -EINVAL;
+        }
+
+        clmul_ghash_setkey(&ctx->shash, key);
+
+        return 0;
+}
+
+static int ghash_update(struct shash_desc *desc,
+                         const u8 *src, unsigned int srclen)
+{
+        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
+        struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
+        u8 *dst = dctx->buffer;
+
+        kernel_fpu_begin();
+        if (dctx->bytes) {
+                int n = min(srclen, dctx->bytes);
+                u8 *pos = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
+
+                dctx->bytes -= n;
+                srclen -= n;
+
+                while (n--)
+                        *pos++ ^= *src++;
+
+                if (!dctx->bytes)
+                        clmul_ghash_mul(dst, &ctx->shash);
+        }
+
+        clmul_ghash_update(dst, src, srclen, &ctx->shash);
+        kernel_fpu_end();
+
+        if (srclen & 0xf) {
+                src += srclen - (srclen & 0xf);
+                srclen &= 0xf;
+                dctx->bytes = GHASH_BLOCK_SIZE - srclen;
+                while (srclen--)
+                        *dst++ ^= *src++;
+        }
+
+        return 0;
+}
+
+static void ghash_flush(struct ghash_ctx *ctx, struct ghash_desc_ctx *dctx)
+{
+        u8 *dst = dctx->buffer;
+
+        if (dctx->bytes) {
+                u8 *tmp = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
+
+                while (dctx->bytes--)
+                        *tmp++ ^= 0;
+
+                kernel_fpu_begin();
+                clmul_ghash_mul(dst, &ctx->shash);
+                kernel_fpu_end();
+        }
+
+        dctx->bytes = 0;
+}
+
+static int ghash_final(struct shash_desc *desc, u8 *dst)
+{
+        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
+        struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
+        u8 *buf = dctx->buffer;
+
+        ghash_flush(ctx, dctx);
+        memcpy(dst, buf, GHASH_BLOCK_SIZE);
+
+        return 0;
+}
+
+static struct shash_alg ghash_alg = {
+        .digestsize     = GHASH_DIGEST_SIZE,
+        .init           = ghash_init,
+        .update         = ghash_update,
+        .final          = ghash_final,
+        .setkey         = ghash_setkey,
+        .descsize       = sizeof(struct ghash_desc_ctx),
+        .base           = {
+                .cra_name               = "__ghash",
+                .cra_driver_name        = "__ghash-pclmulqdqni",
+                .cra_priority           = 0,
+                .cra_flags              = CRYPTO_ALG_TYPE_SHASH,
+                .cra_blocksize          = GHASH_BLOCK_SIZE,
+                .cra_ctxsize            = sizeof(struct ghash_ctx),
+                .cra_module             = THIS_MODULE,
+                .cra_list               = LIST_HEAD_INIT(ghash_alg.base.cra_list),
+        },
+};
+
+static int ghash_async_init(struct ahash_request *req)
+{
+        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+        struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+        struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+        if (!irq_fpu_usable()) {
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_init(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
+
+                desc->tfm = child;
+                desc->flags = req->base.flags;
+                return crypto_shash_init(desc);
+        }
+}
+
+static int ghash_async_update(struct ahash_request *req)
+{
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+
+        if (!irq_fpu_usable()) {
+                struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+                struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+                struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_update(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                return shash_ahash_update(req, desc);
+        }
+}
+
+static int ghash_async_final(struct ahash_request *req)
+{
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+
+        if (!irq_fpu_usable()) {
+                struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+                struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+                struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_final(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                return crypto_shash_final(desc, req->result);
+        }
+}
+
+static int ghash_async_digest(struct ahash_request *req)
+{
+        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+        struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+        struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+        if (!irq_fpu_usable()) {
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_digest(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
+
+                desc->tfm = child;
+                desc->flags = req->base.flags;
+                return shash_ahash_digest(req, desc);
+        }
+}
+
+static int ghash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
+                              unsigned int keylen)
+{
+        struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct crypto_ahash *child = &ctx->cryptd_tfm->base;
+        int err;
+
+        crypto_ahash_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+        crypto_ahash_set_flags(child, crypto_ahash_get_flags(tfm)
+                               & CRYPTO_TFM_REQ_MASK);
+        err = crypto_ahash_setkey(child, key, keylen);
+        crypto_ahash_set_flags(tfm, crypto_ahash_get_flags(child)
+                               & CRYPTO_TFM_RES_MASK);
+
+        return 0;
+}
+
+static int ghash_async_init_tfm(struct crypto_tfm *tfm)
+{
+        struct cryptd_ahash *cryptd_tfm;
+        struct ghash_async_ctx *ctx = crypto_tfm_ctx(tfm);
+
+        cryptd_tfm = cryptd_alloc_ahash("__ghash-pclmulqdqni", 0, 0);
+        if (IS_ERR(cryptd_tfm))
+                return PTR_ERR(cryptd_tfm);
+        ctx->cryptd_tfm = cryptd_tfm;
+        crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
+                                 sizeof(struct ahash_request) +
+                                 crypto_ahash_reqsize(&cryptd_tfm->base));
+
+        return 0;
+}
+
+static void ghash_async_exit_tfm(struct crypto_tfm *tfm)
+{
+        struct ghash_async_ctx *ctx = crypto_tfm_ctx(tfm);
+
+        cryptd_free_ahash(ctx->cryptd_tfm);
+}
+
+static struct ahash_alg ghash_async_alg = {
+        .init           = ghash_async_init,
+        .update         = ghash_async_update,
+        .final          = ghash_async_final,
+        .setkey         = ghash_async_setkey,
+        .digest         = ghash_async_digest,
+        .halg = {
+                .digestsize     = GHASH_DIGEST_SIZE,
+                .base = {
+                        .cra_name               = "ghash",
+                        .cra_driver_name        = "ghash-clmulni",
+                        .cra_priority           = 400,
+                        .cra_flags              = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
+                        .cra_blocksize          = GHASH_BLOCK_SIZE,
+                        .cra_type               = &crypto_ahash_type,
+                        .cra_module             = THIS_MODULE,
+                        .cra_list               = LIST_HEAD_INIT(ghash_async_alg.halg.base.cra_list),
+                        .cra_init               = ghash_async_init_tfm,
+                        .cra_exit               = ghash_async_exit_tfm,
+                },
+        },
+};
+
+static int __init ghash_pclmulqdqni_mod_init(void)
+{
+        int err;
+
+        if (!cpu_has_pclmulqdq) {
+                printk(KERN_INFO "Intel PCLMULQDQ-NI instructions are not"
+                       " detected.\n");
+                return -ENODEV;
+        }
+
+        err = crypto_register_shash(&ghash_alg);
+        if (err)
+                goto err_out;
+        err = crypto_register_ahash(&ghash_async_alg);
+        if (err)
+                goto err_shash;
+
+        return 0;
+
+err_shash:
+        crypto_unregister_shash(&ghash_alg);
+err_out:
+        return err;
+}
+
+static void __exit ghash_pclmulqdqni_mod_exit(void)
+{
+        crypto_unregister_ahash(&ghash_async_alg);
+        crypto_unregister_shash(&ghash_alg);
+}
+
+module_init(ghash_pclmulqdqni_mod_init);
+module_exit(ghash_pclmulqdqni_mod_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("GHASH Message Digest Algorithm, "
+                   "acclerated by PCLMULQDQ-NI");
+MODULE_ALIAS("ghash");
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 74619c4f9fda..53147ad85b96 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -21,8 +21,8 @@
 #define __AUDIT_ARCH_LE    0x40000000
 
 #ifndef CONFIG_AUDITSYSCALL
-#define sysexit_audit int_ret_from_sys_call
-#define sysretl_audit int_ret_from_sys_call
+#define sysexit_audit ia32_ret_from_sys_call
+#define sysretl_audit ia32_ret_from_sys_call
 #endif
 
 #define IA32_NR_syscalls ((ia32_syscall_end - ia32_sys_call_table)/8)
@@ -39,12 +39,12 @@
         .endm 
 
         /* clobbers %eax */     
-        .macro  CLEAR_RREGS _r9=rax
+        .macro  CLEAR_RREGS offset=0, _r9=rax
         xorl    %eax,%eax
-        movq    %rax,R11(%rsp)
-        movq    %rax,R10(%rsp)
-        movq    %\_r9,R9(%rsp)
-        movq    %rax,R8(%rsp)
+        movq    %rax,\offset+R11(%rsp)
+        movq    %rax,\offset+R10(%rsp)
+        movq    %\_r9,\offset+R9(%rsp)
+        movq    %rax,\offset+R8(%rsp)
         .endm
 
         /*
@@ -172,6 +172,10 @@ sysexit_from_sys_call:
         movl    RIP-R11(%rsp),%edx              /* User %eip */
         CFI_REGISTER rip,rdx
         RESTORE_ARGS 1,24,1,1,1,1
+        xorq    %r8,%r8
+        xorq    %r9,%r9
+        xorq    %r10,%r10
+        xorq    %r11,%r11
         popfq
         CFI_ADJUST_CFA_OFFSET -8
         /*CFI_RESTORE rflags*/
@@ -200,9 +204,9 @@ sysexit_from_sys_call:
         movl RDI-ARGOFFSET(%rsp),%r8d   /* reload 5th syscall arg */
         .endm
 
-        .macro auditsys_exit exit,ebpsave=RBP
+        .macro auditsys_exit exit
         testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
-        jnz int_ret_from_sys_call
+        jnz ia32_ret_from_sys_call
         TRACE_IRQS_ON
         sti
         movl %eax,%esi          /* second arg, syscall return value */
@@ -213,13 +217,13 @@ sysexit_from_sys_call:
         call audit_syscall_exit
         GET_THREAD_INFO(%r10)
         movl RAX-ARGOFFSET(%rsp),%eax   /* reload syscall return value */
-        movl \ebpsave-ARGOFFSET(%rsp),%ebp /* reload user register value */
         movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi
         cli
         TRACE_IRQS_OFF
         testl %edi,TI_flags(%r10)
-        jnz int_with_check
-        jmp \exit
+        jz \exit
+        CLEAR_RREGS -ARGOFFSET
+        jmp int_with_check
         .endm
 
 sysenter_auditsys:
@@ -329,6 +333,9 @@ sysretl_from_sys_call:
         CFI_REGISTER rip,rcx
         movl EFLAGS-ARGOFFSET(%rsp),%r11d       
         /*CFI_REGISTER rflags,r11*/
+        xorq    %r10,%r10
+        xorq    %r9,%r9
+        xorq    %r8,%r8
         TRACE_IRQS_ON
         movl RSP-ARGOFFSET(%rsp),%esp
         CFI_RESTORE rsp
@@ -343,7 +350,7 @@ cstar_auditsys:
         jmp cstar_dispatch
 
 sysretl_audit:
-        auditsys_exit sysretl_from_sys_call, RCX /* user %ebp in RCX slot */
+        auditsys_exit sysretl_from_sys_call
 #endif
 
 cstar_tracesys:
@@ -353,7 +360,7 @@ cstar_tracesys:
 #endif
         xchgl %r9d,%ebp
         SAVE_REST
-        CLEAR_RREGS r9
+        CLEAR_RREGS 0, r9
         movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
         movq %rsp,%rdi        /* &pt_regs -> arg1 */
         call syscall_trace_enter
@@ -425,6 +432,8 @@ ia32_do_call:
         call *ia32_sys_call_table(,%rax,8) # xxx: rip relative
 ia32_sysret:
         movq %rax,RAX-ARGOFFSET(%rsp)
+ia32_ret_from_sys_call:
+        CLEAR_RREGS -ARGOFFSET
         jmp int_ret_from_sys_call 
 
 ia32_tracesys:                   
@@ -442,8 +451,8 @@ END(ia32_syscall)
 
 ia32_badsys:
         movq $0,ORIG_RAX-ARGOFFSET(%rsp)
-        movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
-        jmp int_ret_from_sys_call
+        movq $-ENOSYS,%rax
+        jmp ia32_sysret
 
 quiet_ni_syscall:
         movq $-ENOSYS,%rax
@@ -644,7 +653,7 @@ ia32_sys_call_table:
         .quad compat_sys_writev
         .quad sys_getsid
         .quad sys_fdatasync
-        .quad sys32_sysctl      /* sysctl */
+        .quad compat_sys_sysctl /* sysctl */
         .quad sys_mlock         /* 150 */
         .quad sys_munlock
         .quad sys_mlockall
@@ -687,7 +696,7 @@ ia32_sys_call_table:
         .quad quiet_ni_syscall          /* streams2 */
         .quad stub32_vfork            /* 190 */
         .quad compat_sys_getrlimit
-        .quad sys32_mmap2
+        .quad sys_mmap_pgoff
         .quad sys32_truncate64
         .quad sys32_ftruncate64
         .quad sys32_stat64              /* 195 */
@@ -832,4 +841,5 @@ ia32_sys_call_table:
         .quad compat_sys_pwritev
         .quad compat_sys_rt_tgsigqueueinfo      /* 335 */
         .quad sys_perf_event_open
+        .quad compat_sys_recvmmsg
 ia32_syscall_end:
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
index 9f5527198825..422572c77923 100644
--- a/arch/x86/ia32/sys_ia32.c
+++ b/arch/x86/ia32/sys_ia32.c
@@ -155,9 +155,6 @@ struct mmap_arg_struct {
 asmlinkage long sys32_mmap(struct mmap_arg_struct __user *arg)
 {
         struct mmap_arg_struct a;
-        struct file *file = NULL;
-        unsigned long retval;
-        struct mm_struct *mm ;
 
         if (copy_from_user(&a, arg, sizeof(a)))
                 return -EFAULT;
@@ -165,22 +162,8 @@ asmlinkage long sys32_mmap(struct mmap_arg_struct __user *arg)
         if (a.offset & ~PAGE_MASK)
                 return -EINVAL;
 
-        if (!(a.flags & MAP_ANONYMOUS)) {
-                file = fget(a.fd);
-                if (!file)
-                        return -EBADF;
-        }
-
-        mm = current->mm;
-        down_write(&mm->mmap_sem);
-        retval = do_mmap_pgoff(file, a.addr, a.len, a.prot, a.flags,
+        return sys_mmap_pgoff(a.addr, a.len, a.prot, a.flags, a.fd,
                                a.offset>>PAGE_SHIFT);
-        if (file)
-                fput(file);
-
-        up_write(&mm->mmap_sem);
-
-        return retval;
 }
 
 asmlinkage long sys32_mprotect(unsigned long start, size_t len,
@@ -434,62 +417,6 @@ asmlinkage long sys32_rt_sigqueueinfo(int pid, int sig,
         return ret;
 }
 
-#ifdef CONFIG_SYSCTL_SYSCALL
-struct sysctl_ia32 {
-        unsigned int    name;
-        int             nlen;
-        unsigned int    oldval;
-        unsigned int    oldlenp;
-        unsigned int    newval;
-        unsigned int    newlen;
-        unsigned int    __unused[4];
-};
-
-
-asmlinkage long sys32_sysctl(struct sysctl_ia32 __user *args32)
-{
-        struct sysctl_ia32 a32;
-        mm_segment_t old_fs = get_fs();
-        void __user *oldvalp, *newvalp;
-        size_t oldlen;
-        int __user *namep;
-        long ret;
-
-        if (copy_from_user(&a32, args32, sizeof(a32)))
-                return -EFAULT;
-
-        /*
-         * We need to pre-validate these because we have to disable
-         * address checking before calling do_sysctl() because of
-         * OLDLEN but we can't run the risk of the user specifying bad
-         * addresses here.  Well, since we're dealing with 32 bit
-         * addresses, we KNOW that access_ok() will always succeed, so
-         * this is an expensive NOP, but so what...
-         */
-        namep = compat_ptr(a32.name);
-        oldvalp = compat_ptr(a32.oldval);
-        newvalp =  compat_ptr(a32.newval);
-
-        if ((oldvalp && get_user(oldlen, (int __user *)compat_ptr(a32.oldlenp)))
-            || !access_ok(VERIFY_WRITE, namep, 0)
-            || !access_ok(VERIFY_WRITE, oldvalp, 0)
-            || !access_ok(VERIFY_WRITE, newvalp, 0))
-                return -EFAULT;
-
-        set_fs(KERNEL_DS);
-        lock_kernel();
-        ret = do_sysctl(namep, a32.nlen, oldvalp, (size_t __user *)&oldlen,
-                        newvalp, (size_t) a32.newlen);
-        unlock_kernel();
-        set_fs(old_fs);
-
-        if (oldvalp && put_user(oldlen, (int __user *)compat_ptr(a32.oldlenp)))
-                return -EFAULT;
-
-        return ret;
-}
-#endif
-
 /* warning: next two assume little endian */
 asmlinkage long sys32_pread(unsigned int fd, char __user *ubuf, u32 count,
                             u32 poslo, u32 poshi)
@@ -539,30 +466,6 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd,
         return ret;
 }
 
-asmlinkage long sys32_mmap2(unsigned long addr, unsigned long len,
-                            unsigned long prot, unsigned long flags,
-                            unsigned long fd, unsigned long pgoff)
-{
-        struct mm_struct *mm = current->mm;
-        unsigned long error;
-        struct file *file = NULL;
-
-        flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
-        if (!(flags & MAP_ANONYMOUS)) {
-                file = fget(fd);
-                if (!file)
-                        return -EBADF;
-        }
-
-        down_write(&mm->mmap_sem);
-        error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
-        up_write(&mm->mmap_sem);
-
-        if (file)
-                fput(file);
-        return error;
-}
-
 asmlinkage long sys32_olduname(struct oldold_utsname __user *name)
 {
         char *arch = "x86_64";
diff --git a/arch/x86/include/asm/Kbuild b/arch/x86/include/asm/Kbuild
index 4a8e80cdcfa5..9f828f87ca35 100644
--- a/arch/x86/include/asm/Kbuild
+++ b/arch/x86/include/asm/Kbuild
@@ -10,6 +10,7 @@ header-y += ptrace-abi.h
 header-y += sigcontext32.h
 header-y += ucontext.h
 header-y += processor-flags.h
+header-y += hw_breakpoint.h
 
 unifdef-y += e820.h
 unifdef-y += ist.h
diff --git a/arch/x86/include/asm/a.out-core.h b/arch/x86/include/asm/a.out-core.h
index bb70e397aa84..7a15588e45d4 100644
--- a/arch/x86/include/asm/a.out-core.h
+++ b/arch/x86/include/asm/a.out-core.h
@@ -17,6 +17,7 @@
 
 #include <linux/user.h>
 #include <linux/elfcore.h>
+#include <asm/debugreg.h>
 
 /*
  * fill in the user structure for an a.out core dump
@@ -32,14 +33,7 @@ static inline void aout_dump_thread(struct pt_regs *regs, struct user *dump)
                         >> PAGE_SHIFT;
         dump->u_dsize -= dump->u_tsize;
         dump->u_ssize = 0;
-        dump->u_debugreg[0] = current->thread.debugreg0;
-        dump->u_debugreg[1] = current->thread.debugreg1;
-        dump->u_debugreg[2] = current->thread.debugreg2;
-        dump->u_debugreg[3] = current->thread.debugreg3;
-        dump->u_debugreg[4] = 0;
-        dump->u_debugreg[5] = 0;
-        dump->u_debugreg[6] = current->thread.debugreg6;
-        dump->u_debugreg[7] = current->thread.debugreg7;
+        aout_dump_debugregs(dump);
 
         if (dump->start_stack < TASK_SIZE)
                 dump->u_ssize = ((unsigned long)(TASK_SIZE - dump->start_stack))
diff --git a/arch/x86/include/asm/acpi.h b/arch/x86/include/asm/acpi.h
index 4518dc500903..56f462cf22d2 100644
--- a/arch/x86/include/asm/acpi.h
+++ b/arch/x86/include/asm/acpi.h
@@ -118,7 +118,7 @@ extern void acpi_restore_state_mem(void);
 extern unsigned long acpi_wakeup_address;
 
 /* early initialization routine */
-extern void acpi_reserve_bootmem(void);
+extern void acpi_reserve_wakeup_memory(void);
 
 /*
  * Check if the CPU can handle C2 and deeper
@@ -142,6 +142,32 @@ static inline unsigned int acpi_processor_cstate_check(unsigned int max_cstate)
                 return max_cstate;
 }
 
+static inline bool arch_has_acpi_pdc(void)
+{
+        struct cpuinfo_x86 *c = &cpu_data(0);
+        return (c->x86_vendor == X86_VENDOR_INTEL ||
+                c->x86_vendor == X86_VENDOR_CENTAUR);
+}
+
+static inline void arch_acpi_set_pdc_bits(u32 *buf)
+{
+        struct cpuinfo_x86 *c = &cpu_data(0);
+
+        buf[2] |= ACPI_PDC_C_CAPABILITY_SMP;
+
+        if (cpu_has(c, X86_FEATURE_EST))
+                buf[2] |= ACPI_PDC_EST_CAPABILITY_SWSMP;
+
+        if (cpu_has(c, X86_FEATURE_ACPI))
+                buf[2] |= ACPI_PDC_T_FFH;
+
+        /*
+         * If mwait/monitor is unsupported, C2/C3_FFH will be disabled
+         */
+        if (!cpu_has(c, X86_FEATURE_MWAIT))
+                buf[2] &= ~(ACPI_PDC_C_C2C3_FFH);
+}
+
 #else /* !CONFIG_ACPI */
 
 #define acpi_lapic 0
@@ -158,6 +184,7 @@ struct bootnode;
 
 #ifdef CONFIG_ACPI_NUMA
 extern int acpi_numa;
+extern int acpi_get_nodes(struct bootnode *physnodes);
 extern int acpi_scan_nodes(unsigned long start, unsigned long end);
 #define NR_NODE_MEMBLKS (MAX_NUMNODES*2)
 extern void acpi_fake_nodes(const struct bootnode *fake_nodes,
diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h
index e2077d343c33..b97f786a48d5 100644
--- a/arch/x86/include/asm/alternative-asm.h
+++ b/arch/x86/include/asm/alternative-asm.h
@@ -1,17 +1,13 @@
 #ifdef __ASSEMBLY__
 
-#ifdef CONFIG_X86_32
-# define X86_ALIGN .long
-#else
-# define X86_ALIGN .quad
-#endif
+#include <asm/asm.h>
 
 #ifdef CONFIG_SMP
         .macro LOCK_PREFIX
 1:      lock
         .section .smp_locks,"a"
-        .align 4
-        X86_ALIGN 1b
+        _ASM_ALIGN
+        _ASM_PTR 1b
         .previous
         .endm
 #else
diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h
index c240efc74e00..69b74a7b877f 100644
--- a/arch/x86/include/asm/alternative.h
+++ b/arch/x86/include/asm/alternative.h
@@ -84,6 +84,7 @@ static inline void alternatives_smp_switch(int smp) {}
       "  .byte " __stringify(feature) "\n"      /* feature bit     */   \
       "  .byte 662b-661b\n"                     /* sourcelen       */   \
       "  .byte 664f-663f\n"                     /* replacementlen  */   \
+      "  .byte 0xff + (664f-663f) - (662b-661b)\n" /* rlen <= slen */   \
       ".previous\n"                                                     \
       ".section .altinstr_replacement, \"ax\"\n"                        \
       "663:\n\t" newinstr "\n664:\n"            /* replacement     */   \
diff --git a/arch/x86/include/asm/amd_iommu.h b/arch/x86/include/asm/amd_iommu.h
index ac95995b7bad..5af2982133b5 100644
--- a/arch/x86/include/asm/amd_iommu.h
+++ b/arch/x86/include/asm/amd_iommu.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
+ * Copyright (C) 2007-2009 Advanced Micro Devices, Inc.
  * Author: Joerg Roedel <joerg.roedel@amd.com>
  *         Leo Duran <leo.duran@amd.com>
  *
@@ -23,18 +23,13 @@
 #include <linux/irqreturn.h>
 
 #ifdef CONFIG_AMD_IOMMU
-extern int amd_iommu_init(void);
-extern int amd_iommu_init_dma_ops(void);
-extern int amd_iommu_init_passthrough(void);
+
 extern void amd_iommu_detect(void);
-extern irqreturn_t amd_iommu_int_handler(int irq, void *data);
-extern void amd_iommu_flush_all_domains(void);
-extern void amd_iommu_flush_all_devices(void);
-extern void amd_iommu_shutdown(void);
+
 #else
-static inline int amd_iommu_init(void) { return -ENODEV; }
+
 static inline void amd_iommu_detect(void) { }
-static inline void amd_iommu_shutdown(void) { }
+
 #endif
 
 #endif /* _ASM_X86_AMD_IOMMU_H */
diff --git a/arch/x86/include/asm/amd_iommu_proto.h b/arch/x86/include/asm/amd_iommu_proto.h
new file mode 100644
index 000000000000..4d817f9e6e77
--- /dev/null
+++ b/arch/x86/include/asm/amd_iommu_proto.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2009 Advanced Micro Devices, Inc.
+ * Author: Joerg Roedel <joerg.roedel@amd.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
+ */
+
+#ifndef _ASM_X86_AMD_IOMMU_PROTO_H
+#define _ASM_X86_AMD_IOMMU_PROTO_H
+
+struct amd_iommu;
+
+extern int amd_iommu_init_dma_ops(void);
+extern int amd_iommu_init_passthrough(void);
+extern irqreturn_t amd_iommu_int_handler(int irq, void *data);
+extern void amd_iommu_flush_all_domains(void);
+extern void amd_iommu_flush_all_devices(void);
+extern void amd_iommu_apply_erratum_63(u16 devid);
+extern void amd_iommu_reset_cmd_buffer(struct amd_iommu *iommu);
+extern int amd_iommu_init_devices(void);
+extern void amd_iommu_uninit_devices(void);
+extern void amd_iommu_init_notifier(void);
+#ifndef CONFIG_AMD_IOMMU_STATS
+
+static inline void amd_iommu_stats_init(void) { }
+
+#endif /* !CONFIG_AMD_IOMMU_STATS */
+
+#endif /* _ASM_X86_AMD_IOMMU_PROTO_H  */
diff --git a/arch/x86/include/asm/amd_iommu_types.h b/arch/x86/include/asm/amd_iommu_types.h
index 2a2cc7a78a81..ba19ad4c47d0 100644
--- a/arch/x86/include/asm/amd_iommu_types.h
+++ b/arch/x86/include/asm/amd_iommu_types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
+ * Copyright (C) 2007-2009 Advanced Micro Devices, Inc.
  * Author: Joerg Roedel <joerg.roedel@amd.com>
  *         Leo Duran <leo.duran@amd.com>
  *
@@ -25,6 +25,11 @@
 #include <linux/spinlock.h>
 
 /*
+ * Maximum number of IOMMUs supported
+ */
+#define MAX_IOMMUS      32
+
+/*
  * some size calculation constants
  */
 #define DEV_TABLE_ENTRY_SIZE            32
@@ -206,6 +211,9 @@ extern bool amd_iommu_dump;
                         printk(KERN_INFO "AMD-Vi: " format, ## arg);    \
         } while(0);
 
+/* global flag if IOMMUs cache non-present entries */
+extern bool amd_iommu_np_cache;
+
 /*
  * Make iterating over all IOMMUs easier
  */
@@ -226,6 +234,8 @@ extern bool amd_iommu_dump;
  * independent of their use.
  */
 struct protection_domain {
+        struct list_head list;  /* for list of all protection domains */
+        struct list_head dev_list; /* List of all devices in this domain */
         spinlock_t lock;        /* mostly used to lock the page table*/
         u16 id;                 /* the domain id written to the device table */
         int mode;               /* paging mode (0-6 levels) */
@@ -233,7 +243,20 @@ struct protection_domain {
         unsigned long flags;    /* flags to find out type of domain */
         bool updated;           /* complete domain flush required */
         unsigned dev_cnt;       /* devices assigned to this domain */
+        unsigned dev_iommu[MAX_IOMMUS]; /* per-IOMMU reference count */
         void *priv;             /* private data */
+
+};
+
+/*
+ * This struct contains device specific data for the IOMMU
+ */
+struct iommu_dev_data {
+        struct list_head list;            /* For domain->dev_list */
+        struct device *dev;               /* Device this data belong to */
+        struct device *alias;             /* The Alias Device */
+        struct protection_domain *domain; /* Domain the device is bound to */
+        atomic_t bind;                    /* Domain attach reverent count */
 };
 
 /*
@@ -291,6 +314,9 @@ struct dma_ops_domain {
 struct amd_iommu {
         struct list_head list;
 
+        /* Index within the IOMMU array */
+        int index;
+
         /* locks the accesses to the hardware */
         spinlock_t lock;
 
@@ -357,6 +383,21 @@ struct amd_iommu {
 extern struct list_head amd_iommu_list;
 
 /*
+ * Array with pointers to each IOMMU struct
+ * The indices are referenced in the protection domains
+ */
+extern struct amd_iommu *amd_iommus[MAX_IOMMUS];
+
+/* Number of IOMMUs present in the system */
+extern int amd_iommus_present;
+
+/*
+ * Declarations for the global list of all protection domains
+ */
+extern spinlock_t amd_iommu_pd_lock;
+extern struct list_head amd_iommu_pd_list;
+
+/*
  * Structure defining one entry in the device table
  */
 struct dev_table_entry {
@@ -416,15 +457,9 @@ extern unsigned amd_iommu_aperture_order;
 /* largest PCI device id we expect translation requests for */
 extern u16 amd_iommu_last_bdf;
 
-/* data structures for protection domain handling */
-extern struct protection_domain **amd_iommu_pd_table;
-
 /* allocation bitmap for domain ids */
 extern unsigned long *amd_iommu_pd_alloc_bitmap;
 
-/* will be 1 if device isolation is enabled */
-extern bool amd_iommu_isolate;
-
 /*
  * If true, the addresses will be flushed on unmap time, not when
  * they are reused
@@ -462,11 +497,6 @@ struct __iommu_counter {
 #define ADD_STATS_COUNTER(name, x)
 #define SUB_STATS_COUNTER(name, x)
 
-static inline void amd_iommu_stats_init(void) { }
-
 #endif /* CONFIG_AMD_IOMMU_STATS */
 
-/* some function prototypes */
-extern void amd_iommu_reset_cmd_buffer(struct amd_iommu *iommu);
-
 #endif /* _ASM_X86_AMD_IOMMU_TYPES_H */
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index 474d80d3e6cc..b4ac2cdcb64f 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -297,20 +297,20 @@ struct apic {
         int disable_esr;
 
         int dest_logical;
-        unsigned long (*check_apicid_used)(physid_mask_t bitmap, int apicid);
+        unsigned long (*check_apicid_used)(physid_mask_t *map, int apicid);
         unsigned long (*check_apicid_present)(int apicid);
 
         void (*vector_allocation_domain)(int cpu, struct cpumask *retmask);
         void (*init_apic_ldr)(void);
 
-        physid_mask_t (*ioapic_phys_id_map)(physid_mask_t map);
+        void (*ioapic_phys_id_map)(physid_mask_t *phys_map, physid_mask_t *retmap);
 
         void (*setup_apic_routing)(void);
         int (*multi_timer_check)(int apic, int irq);
         int (*apicid_to_node)(int logical_apicid);
         int (*cpu_to_logical_apicid)(int cpu);
         int (*cpu_present_to_apicid)(int mps_cpu);
-        physid_mask_t (*apicid_to_cpu_present)(int phys_apicid);
+        void (*apicid_to_cpu_present)(int phys_apicid, physid_mask_t *retmap);
         void (*setup_portio_remap)(void);
         int (*check_phys_apicid_present)(int phys_apicid);
         void (*enable_apic_mode)(void);
@@ -488,6 +488,8 @@ static inline unsigned int read_apic_id(void)
 
 extern void default_setup_apic_routing(void);
 
+extern struct apic apic_noop;
+
 #ifdef CONFIG_X86_32
 
 extern struct apic apic_default;
@@ -532,9 +534,9 @@ default_cpu_mask_to_apicid_and(const struct cpumask *cpumask,
         return (unsigned int)(mask1 & mask2 & mask3);
 }
 
-static inline unsigned long default_check_apicid_used(physid_mask_t bitmap, int apicid)
+static inline unsigned long default_check_apicid_used(physid_mask_t *map, int apicid)
 {
-        return physid_isset(apicid, bitmap);
+        return physid_isset(apicid, *map);
 }
 
 static inline unsigned long default_check_apicid_present(int bit)
@@ -542,9 +544,9 @@ static inline unsigned long default_check_apicid_present(int bit)
         return physid_isset(bit, phys_cpu_present_map);
 }
 
-static inline physid_mask_t default_ioapic_phys_id_map(physid_mask_t phys_map)
+static inline void default_ioapic_phys_id_map(physid_mask_t *phys_map, physid_mask_t *retmap)
 {
-        return phys_map;
+        *retmap = *phys_map;
 }
 
 /* Mapping from cpu number to logical apicid */
@@ -583,11 +585,6 @@ extern int default_cpu_present_to_apicid(int mps_cpu);
 extern int default_check_phys_apicid_present(int phys_apicid);
 #endif
 
-static inline physid_mask_t default_apicid_to_cpu_present(int phys_apicid)
-{
-        return physid_mask_of_physid(phys_apicid);
-}
-
 #endif /* CONFIG_X86_LOCAL_APIC */
 
 #ifdef CONFIG_X86_32
diff --git a/arch/x86/include/asm/apicdef.h b/arch/x86/include/asm/apicdef.h
index 3b62da926de9..7fe3b3060f08 100644
--- a/arch/x86/include/asm/apicdef.h
+++ b/arch/x86/include/asm/apicdef.h
@@ -11,6 +11,12 @@
 #define IO_APIC_DEFAULT_PHYS_BASE       0xfec00000
 #define APIC_DEFAULT_PHYS_BASE          0xfee00000
 
+/*
+ * This is the IO-APIC register space as specified
+ * by Intel docs:
+ */
+#define IO_APIC_SLOT_SIZE               1024
+
 #define APIC_ID         0x20
 
 #define APIC_LVR        0x30
diff --git a/arch/x86/include/asm/apicnum.h b/arch/x86/include/asm/apicnum.h
deleted file mode 100644
index 82f613c607ce..000000000000
--- a/arch/x86/include/asm/apicnum.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef _ASM_X86_APICNUM_H
-#define _ASM_X86_APICNUM_H
-
-/* define MAX_IO_APICS */
-#ifdef CONFIG_X86_32
-# define MAX_IO_APICS 64
-#else
-# define MAX_IO_APICS 128
-# define MAX_LOCAL_APIC 32768
-#endif
-
-#endif /* _ASM_X86_APICNUM_H */
diff --git a/arch/x86/include/asm/asm-offsets.h b/arch/x86/include/asm/asm-offsets.h
new file mode 100644
index 000000000000..d370ee36a182
--- /dev/null
+++ b/arch/x86/include/asm/asm-offsets.h
@@ -0,0 +1 @@
+#include <generated/asm-offsets.h>
diff --git a/arch/x86/include/asm/bug.h b/arch/x86/include/asm/bug.h
index d9cf1cd156d2..f654d1bb17fb 100644
--- a/arch/x86/include/asm/bug.h
+++ b/arch/x86/include/asm/bug.h
@@ -22,14 +22,14 @@ do {								\
                      ".popsection"                              \
                      : : "i" (__FILE__), "i" (__LINE__),        \
                      "i" (sizeof(struct bug_entry)));           \
-        for (;;) ;                                              \
+        unreachable();                                          \
 } while (0)
 
 #else
 #define BUG()                                                   \
 do {                                                            \
         asm volatile("ud2");                                    \
-        for (;;) ;                                              \
+        unreachable();                                          \
 } while (0)
 #endif
 
diff --git a/arch/x86/include/asm/cache.h b/arch/x86/include/asm/cache.h
index 549860d3be8f..2f9047cfaaca 100644
--- a/arch/x86/include/asm/cache.h
+++ b/arch/x86/include/asm/cache.h
@@ -9,12 +9,13 @@
 
 #define __read_mostly __attribute__((__section__(".data.read_mostly")))
 
+#define INTERNODE_CACHE_SHIFT CONFIG_X86_INTERNODE_CACHE_SHIFT
+#define INTERNODE_CACHE_BYTES (1 << INTERNODE_CACHE_SHIFT)
+
 #ifdef CONFIG_X86_VSMP
-/* vSMP Internode cacheline shift */
-#define INTERNODE_CACHE_SHIFT (12)
 #ifdef CONFIG_SMP
 #define __cacheline_aligned_in_smp                                      \
-        __attribute__((__aligned__(1 << (INTERNODE_CACHE_SHIFT))))      \
+        __attribute__((__aligned__(INTERNODE_CACHE_BYTES)))             \
         __page_aligned_data
 #endif
 #endif
diff --git a/arch/x86/include/asm/cacheflush.h b/arch/x86/include/asm/cacheflush.h
index b54f6afe7ec4..634c40a739a6 100644
--- a/arch/x86/include/asm/cacheflush.h
+++ b/arch/x86/include/asm/cacheflush.h
@@ -12,6 +12,7 @@ static inline void flush_cache_range(struct vm_area_struct *vma,
                                      unsigned long start, unsigned long end) { }
 static inline void flush_cache_page(struct vm_area_struct *vma,
                                     unsigned long vmaddr, unsigned long pfn) { }
+#define ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE 0
 static inline void flush_dcache_page(struct page *page) { }
 static inline void flush_dcache_mmap_lock(struct address_space *mapping) { }
 static inline void flush_dcache_mmap_unlock(struct address_space *mapping) { }
@@ -176,6 +177,7 @@ void clflush_cache_range(void *addr, unsigned int size);
 #ifdef CONFIG_DEBUG_RODATA
 void mark_rodata_ro(void);
 extern const int rodata_test_data;
+extern int kernel_set_to_readonly;
 void set_kernel_text_rw(void);
 void set_kernel_text_ro(void);
 #else
diff --git a/arch/x86/include/asm/calgary.h b/arch/x86/include/asm/calgary.h
index b03bedb62aa7..0918654305af 100644
--- a/arch/x86/include/asm/calgary.h
+++ b/arch/x86/include/asm/calgary.h
@@ -62,10 +62,8 @@ struct cal_chipset_ops {
 extern int use_calgary;
 
 #ifdef CONFIG_CALGARY_IOMMU
-extern int calgary_iommu_init(void);
 extern void detect_calgary(void);
 #else
-static inline int calgary_iommu_init(void) { return 1; }
 static inline void detect_calgary(void) { return; }
 #endif
 
diff --git a/arch/x86/include/asm/cmpxchg_32.h b/arch/x86/include/asm/cmpxchg_32.h
index ee1931be6593..ffb9bb6b6c37 100644
--- a/arch/x86/include/asm/cmpxchg_32.h
+++ b/arch/x86/include/asm/cmpxchg_32.h
@@ -8,14 +8,50 @@
  *       you need to test for the feature in boot_cpu_data.
  */
 
-#define xchg(ptr, v)                                                    \
-        ((__typeof__(*(ptr)))__xchg((unsigned long)(v), (ptr), sizeof(*(ptr))))
+extern void __xchg_wrong_size(void);
+
+/*
+ * Note: no "lock" prefix even on SMP: xchg always implies lock anyway
+ * Note 2: xchg has side effect, so that attribute volatile is necessary,
+ *        but generally the primitive is invalid, *ptr is output argument. --ANK
+ */
 
 struct __xchg_dummy {
         unsigned long a[100];
 };
 #define __xg(x) ((struct __xchg_dummy *)(x))
 
+#define __xchg(x, ptr, size)                                            \
+({                                                                      \
+        __typeof(*(ptr)) __x = (x);                                     \
+        switch (size) {                                                 \
+        case 1:                                                         \
+                asm volatile("xchgb %b0,%1"                             \
+                             : "=q" (__x)                               \
+                             : "m" (*__xg(ptr)), "0" (__x)              \
+                             : "memory");                               \
+                break;                                                  \
+        case 2:                                                         \
+                asm volatile("xchgw %w0,%1"                             \
+                             : "=r" (__x)                               \
+                             : "m" (*__xg(ptr)), "0" (__x)              \
+                             : "memory");                               \
+                break;                                                  \
+        case 4:                                                         \
+                asm volatile("xchgl %0,%1"                              \
+                             : "=r" (__x)                               \
+                             : "m" (*__xg(ptr)), "0" (__x)              \
+                             : "memory");                               \
+                break;                                                  \
+        default:                                                        \
+                __xchg_wrong_size();                                    \
+        }                                                               \
+        __x;                                                            \
+})
+
+#define xchg(ptr, v)                                                    \
+        __xchg((v), (ptr), sizeof(*ptr))
+
 /*
  * The semantics of XCHGCMP8B are a bit strange, this is why
  * there is a loop and the loading of %%eax and %%edx has to
@@ -71,57 +107,63 @@ static inline void __set_64bit_var(unsigned long long *ptr,
                        (unsigned int)((value) >> 32))                   \
          : __set_64bit(ptr, ll_low((value)), ll_high((value))))
 
-/*
- * Note: no "lock" prefix even on SMP: xchg always implies lock anyway
- * Note 2: xchg has side effect, so that attribute volatile is necessary,
- *        but generally the primitive is invalid, *ptr is output argument. --ANK
- */
-static inline unsigned long __xchg(unsigned long x, volatile void *ptr,
-                                   int size)
-{
-        switch (size) {
-        case 1:
-                asm volatile("xchgb %b0,%1"
-                             : "=q" (x)
-                             : "m" (*__xg(ptr)), "0" (x)
-                             : "memory");
-                break;
-        case 2:
-                asm volatile("xchgw %w0,%1"
-                             : "=r" (x)
-                             : "m" (*__xg(ptr)), "0" (x)
-                             : "memory");
-                break;
-        case 4:
-                asm volatile("xchgl %0,%1"
-                             : "=r" (x)
-                             : "m" (*__xg(ptr)), "0" (x)
-                             : "memory");
-                break;
-        }
-        return x;
-}
+extern void __cmpxchg_wrong_size(void);
 
 /*
  * Atomic compare and exchange.  Compare OLD with MEM, if identical,
  * store NEW in MEM.  Return the initial value in MEM.  Success is
  * indicated by comparing RETURN with OLD.
  */
+#define __raw_cmpxchg(ptr, old, new, size, lock)                        \
+({                                                                      \
+        __typeof__(*(ptr)) __ret;                                       \
+        __typeof__(*(ptr)) __old = (old);                               \
+        __typeof__(*(ptr)) __new = (new);                               \
+        switch (size) {                                                 \
+        case 1:                                                         \
+                asm volatile(lock "cmpxchgb %b1,%2"                     \
+                             : "=a"(__ret)                              \
+                             : "q"(__new), "m"(*__xg(ptr)), "0"(__old)  \
+                             : "memory");                               \
+                break;                                                  \
+        case 2:                                                         \
+                asm volatile(lock "cmpxchgw %w1,%2"                     \
+                             : "=a"(__ret)                              \
+                             : "r"(__new), "m"(*__xg(ptr)), "0"(__old)  \
+                             : "memory");                               \
+                break;                                                  \
+        case 4:                                                         \
+                asm volatile(lock "cmpxchgl %1,%2"                      \
+                             : "=a"(__ret)                              \
+                             : "r"(__new), "m"(*__xg(ptr)), "0"(__old)  \
+                             : "memory");                               \
+                break;                                                  \
+        default:                                                        \
+                __cmpxchg_wrong_size();                                 \
+        }                                                               \
+        __ret;                                                          \
+})
+
+#define __cmpxchg(ptr, old, new, size)                                  \
+        __raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
+
+#define __sync_cmpxchg(ptr, old, new, size)                             \
+        __raw_cmpxchg((ptr), (old), (new), (size), "lock; ")
+
+#define __cmpxchg_local(ptr, old, new, size)                            \
+        __raw_cmpxchg((ptr), (old), (new), (size), "")
 
 #ifdef CONFIG_X86_CMPXCHG
 #define __HAVE_ARCH_CMPXCHG 1
-#define cmpxchg(ptr, o, n)                                              \
-        ((__typeof__(*(ptr)))__cmpxchg((ptr), (unsigned long)(o),       \
-                                       (unsigned long)(n),              \
-                                       sizeof(*(ptr))))
-#define sync_cmpxchg(ptr, o, n)                                         \
-        ((__typeof__(*(ptr)))__sync_cmpxchg((ptr), (unsigned long)(o),  \
-                                            (unsigned long)(n),         \
-                                            sizeof(*(ptr))))
-#define cmpxchg_local(ptr, o, n)                                        \
-        ((__typeof__(*(ptr)))__cmpxchg_local((ptr), (unsigned long)(o), \
-                                             (unsigned long)(n),        \
-                                             sizeof(*(ptr))))
+
+#define cmpxchg(ptr, old, new)                                          \
+        __cmpxchg((ptr), (old), (new), sizeof(*ptr))
+
+#define sync_cmpxchg(ptr, old, new)                                     \
+        __sync_cmpxchg((ptr), (old), (new), sizeof(*ptr))
+
+#define cmpxchg_local(ptr, old, new)                                    \
+        __cmpxchg_local((ptr), (old), (new), sizeof(*ptr))
 #endif
 
 #ifdef CONFIG_X86_CMPXCHG64
@@ -133,94 +175,6 @@ static inline unsigned long __xchg(unsigned long x, volatile void *ptr,
                                                (unsigned long long)(n)))
 #endif
 
-static inline unsigned long __cmpxchg(volatile void *ptr, unsigned long old,
-                                      unsigned long new, int size)
-{
-        unsigned long prev;
-        switch (size) {
-        case 1:
-                asm volatile(LOCK_PREFIX "cmpxchgb %b1,%2"
-                             : "=a"(prev)
-                             : "q"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 2:
-                asm volatile(LOCK_PREFIX "cmpxchgw %w1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 4:
-                asm volatile(LOCK_PREFIX "cmpxchgl %1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        }
-        return old;
-}
-
-/*
- * Always use locked operations when touching memory shared with a
- * hypervisor, since the system may be SMP even if the guest kernel
- * isn't.
- */
-static inline unsigned long __sync_cmpxchg(volatile void *ptr,
-                                           unsigned long old,
-                                           unsigned long new, int size)
-{
-        unsigned long prev;
-        switch (size) {
-        case 1:
-                asm volatile("lock; cmpxchgb %b1,%2"
-                             : "=a"(prev)
-                             : "q"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 2:
-                asm volatile("lock; cmpxchgw %w1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 4:
-                asm volatile("lock; cmpxchgl %1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        }
-        return old;
-}
-
-static inline unsigned long __cmpxchg_local(volatile void *ptr,
-                                            unsigned long old,
-                                            unsigned long new, int size)
-{
-        unsigned long prev;
-        switch (size) {
-        case 1:
-                asm volatile("cmpxchgb %b1,%2"
-                             : "=a"(prev)
-                             : "q"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 2:
-                asm volatile("cmpxchgw %w1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 4:
-                asm volatile("cmpxchgl %1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        }
-        return old;
-}
-
 static inline unsigned long long __cmpxchg64(volatile void *ptr,
                                              unsigned long long old,
                                              unsigned long long new)
diff --git a/arch/x86/include/asm/cmpxchg_64.h b/arch/x86/include/asm/cmpxchg_64.h
index 52de72e0de8c..485ae415faec 100644
--- a/arch/x86/include/asm/cmpxchg_64.h
+++ b/arch/x86/include/asm/cmpxchg_64.h
@@ -3,9 +3,6 @@
 
 #include <asm/alternative.h> /* Provides LOCK_PREFIX */
 
-#define xchg(ptr, v) ((__typeof__(*(ptr)))__xchg((unsigned long)(v), \
-                                                 (ptr), sizeof(*(ptr))))
-
 #define __xg(x) ((volatile long *)(x))
 
 static inline void set_64bit(volatile unsigned long *ptr, unsigned long val)
@@ -15,167 +12,118 @@ static inline void set_64bit(volatile unsigned long *ptr, unsigned long val)
 
 #define _set_64bit set_64bit
 
+extern void __xchg_wrong_size(void);
+extern void __cmpxchg_wrong_size(void);
+
 /*
  * Note: no "lock" prefix even on SMP: xchg always implies lock anyway
  * Note 2: xchg has side effect, so that attribute volatile is necessary,
  *        but generally the primitive is invalid, *ptr is output argument. --ANK
  */
-static inline unsigned long __xchg(unsigned long x, volatile void *ptr,
-                                   int size)
-{
-        switch (size) {
-        case 1:
-                asm volatile("xchgb %b0,%1"
-                             : "=q" (x)
-                             : "m" (*__xg(ptr)), "0" (x)
-                             : "memory");
-                break;
-        case 2:
-                asm volatile("xchgw %w0,%1"
-                             : "=r" (x)
-                             : "m" (*__xg(ptr)), "0" (x)
-                             : "memory");
-                break;
-        case 4:
-                asm volatile("xchgl %k0,%1"
-                             : "=r" (x)
-                             : "m" (*__xg(ptr)), "0" (x)
-                             : "memory");
-                break;
-        case 8:
-                asm volatile("xchgq %0,%1"
-                             : "=r" (x)
-                             : "m" (*__xg(ptr)), "0" (x)
-                             : "memory");
-                break;
-        }
-        return x;
-}
+#define __xchg(x, ptr, size)                                            \
+({                                                                      \
+        __typeof(*(ptr)) __x = (x);                                     \
+        switch (size) {                                                 \
+        case 1:                                                         \
+                asm volatile("xchgb %b0,%1"                             \
+                             : "=q" (__x)                               \
+                             : "m" (*__xg(ptr)), "0" (__x)              \
+                             : "memory");                               \
+                break;                                                  \
+        case 2:                                                         \
+                asm volatile("xchgw %w0,%1"                             \
+                             : "=r" (__x)                               \
+                             : "m" (*__xg(ptr)), "0" (__x)              \
+                             : "memory");                               \
+                break;                                                  \
+        case 4:                                                         \
+                asm volatile("xchgl %k0,%1"                             \
+                             : "=r" (__x)                               \
+                             : "m" (*__xg(ptr)), "0" (__x)              \
+                             : "memory");                               \
+                break;                                                  \
+        case 8:                                                         \
+                asm volatile("xchgq %0,%1"                              \
+                             : "=r" (__x)                               \
+                             : "m" (*__xg(ptr)), "0" (__x)              \
+                             : "memory");                               \
+                break;                                                  \
+        default:                                                        \
+                __xchg_wrong_size();                                    \
+        }                                                               \
+        __x;                                                            \
+})
+
+#define xchg(ptr, v)                                                    \
+        __xchg((v), (ptr), sizeof(*ptr))
+
+#define __HAVE_ARCH_CMPXCHG 1
 
 /*
  * Atomic compare and exchange.  Compare OLD with MEM, if identical,
  * store NEW in MEM.  Return the initial value in MEM.  Success is
  * indicated by comparing RETURN with OLD.
  */
+#define __raw_cmpxchg(ptr, old, new, size, lock)                        \
+({                                                                      \
+        __typeof__(*(ptr)) __ret;                                       \
+        __typeof__(*(ptr)) __old = (old);                               \
+        __typeof__(*(ptr)) __new = (new);                               \
+        switch (size) {                                                 \
+        case 1:                                                         \
+                asm volatile(lock "cmpxchgb %b1,%2"                     \
+                             : "=a"(__ret)                              \
+                             : "q"(__new), "m"(*__xg(ptr)), "0"(__old)  \
+                             : "memory");                               \
+                break;                                                  \
+        case 2:                                                         \
+                asm volatile(lock "cmpxchgw %w1,%2"                     \
+                             : "=a"(__ret)                              \
+                             : "r"(__new), "m"(*__xg(ptr)), "0"(__old)  \
+                             : "memory");                               \
+                break;                                                  \
+        case 4:                                                         \
+                asm volatile(lock "cmpxchgl %k1,%2"                     \
+                             : "=a"(__ret)                              \
+                             : "r"(__new), "m"(*__xg(ptr)), "0"(__old)  \
+                             : "memory");                               \
+                break;                                                  \
+        case 8:                                                         \
+                asm volatile(lock "cmpxchgq %1,%2"                      \
+                             : "=a"(__ret)                              \
+                             : "r"(__new), "m"(*__xg(ptr)), "0"(__old)  \
+                             : "memory");                               \
+                break;                                                  \
+        default:                                                        \
+                __cmpxchg_wrong_size();                                 \
+        }                                                               \
+        __ret;                                                          \
+})
 
-#define __HAVE_ARCH_CMPXCHG 1
+#define __cmpxchg(ptr, old, new, size)                                  \
+        __raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
 
-static inline unsigned long __cmpxchg(volatile void *ptr, unsigned long old,
-                                      unsigned long new, int size)
-{
-        unsigned long prev;
-        switch (size) {
-        case 1:
-                asm volatile(LOCK_PREFIX "cmpxchgb %b1,%2"
-                             : "=a"(prev)
-                             : "q"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 2:
-                asm volatile(LOCK_PREFIX "cmpxchgw %w1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 4:
-                asm volatile(LOCK_PREFIX "cmpxchgl %k1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 8:
-                asm volatile(LOCK_PREFIX "cmpxchgq %1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        }
-        return old;
-}
+#define __sync_cmpxchg(ptr, old, new, size)                             \
+        __raw_cmpxchg((ptr), (old), (new), (size), "lock; ")
 
-/*
- * Always use locked operations when touching memory shared with a
- * hypervisor, since the system may be SMP even if the guest kernel
- * isn't.
- */
-static inline unsigned long __sync_cmpxchg(volatile void *ptr,
-                                           unsigned long old,
-                                           unsigned long new, int size)
-{
-        unsigned long prev;
-        switch (size) {
-        case 1:
-                asm volatile("lock; cmpxchgb %b1,%2"
-                             : "=a"(prev)
-                             : "q"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 2:
-                asm volatile("lock; cmpxchgw %w1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 4:
-                asm volatile("lock; cmpxchgl %1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        }
-        return old;
-}
+#define __cmpxchg_local(ptr, old, new, size)                            \
+        __raw_cmpxchg((ptr), (old), (new), (size), "")
 
-static inline unsigned long __cmpxchg_local(volatile void *ptr,
-                                            unsigned long old,
-                                            unsigned long new, int size)
-{
-        unsigned long prev;
-        switch (size) {
-        case 1:
-                asm volatile("cmpxchgb %b1,%2"
-                             : "=a"(prev)
-                             : "q"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 2:
-                asm volatile("cmpxchgw %w1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 4:
-                asm volatile("cmpxchgl %k1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        case 8:
-                asm volatile("cmpxchgq %1,%2"
-                             : "=a"(prev)
-                             : "r"(new), "m"(*__xg(ptr)), "0"(old)
-                             : "memory");
-                return prev;
-        }
-        return old;
-}
+#define cmpxchg(ptr, old, new)                                          \
+        __cmpxchg((ptr), (old), (new), sizeof(*ptr))
+
+#define sync_cmpxchg(ptr, old, new)                                     \
+        __sync_cmpxchg((ptr), (old), (new), sizeof(*ptr))
+
+#define cmpxchg_local(ptr, old, new)                                    \
+        __cmpxchg_local((ptr), (old), (new), sizeof(*ptr))
 
-#define cmpxchg(ptr, o, n)                                              \
-        ((__typeof__(*(ptr)))__cmpxchg((ptr), (unsigned long)(o),       \
-                                       (unsigned long)(n), sizeof(*(ptr))))
 #define cmpxchg64(ptr, o, n)                                            \
 ({                                                                      \
         BUILD_BUG_ON(sizeof(*(ptr)) != 8);                              \
         cmpxchg((ptr), (o), (n));                                       \
 })
-#define cmpxchg_local(ptr, o, n)                                        \
-        ((__typeof__(*(ptr)))__cmpxchg_local((ptr), (unsigned long)(o), \
-                                             (unsigned long)(n),        \
-                                             sizeof(*(ptr))))
-#define sync_cmpxchg(ptr, o, n)                                         \
-        ((__typeof__(*(ptr)))__sync_cmpxchg((ptr), (unsigned long)(o),  \
-                                            (unsigned long)(n),         \
-                                            sizeof(*(ptr))))
+
 #define cmpxchg64_local(ptr, o, n)                                      \
 ({                                                                      \
         BUILD_BUG_ON(sizeof(*(ptr)) != 8);                              \
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 9cfc88b97742..637e1ec963c3 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -153,6 +153,7 @@
 #define X86_FEATURE_SSE5        (6*32+11) /* SSE-5 */
 #define X86_FEATURE_SKINIT      (6*32+12) /* SKINIT/STGI instructions */
 #define X86_FEATURE_WDT         (6*32+13) /* Watchdog timer */
+#define X86_FEATURE_NODEID_MSR  (6*32+19) /* NodeId MSR */
 
 /*
  * Auxiliary flags: Linux defined - For features scattered in various
@@ -248,6 +249,7 @@ extern const char * const x86_power_flags[32];
 #define cpu_has_x2apic          boot_cpu_has(X86_FEATURE_X2APIC)
 #define cpu_has_xsave           boot_cpu_has(X86_FEATURE_XSAVE)
 #define cpu_has_hypervisor      boot_cpu_has(X86_FEATURE_HYPERVISOR)
+#define cpu_has_pclmulqdq       boot_cpu_has(X86_FEATURE_PCLMULQDQ)
 
 #if defined(CONFIG_X86_INVLPG) || defined(CONFIG_X86_64)
 # define cpu_has_invlpg         1
diff --git a/arch/x86/include/asm/debugreg.h b/arch/x86/include/asm/debugreg.h
index 3ea6f37be9e2..8240f76b531e 100644
--- a/arch/x86/include/asm/debugreg.h
+++ b/arch/x86/include/asm/debugreg.h
@@ -18,6 +18,7 @@
 #define DR_TRAP1        (0x2)           /* db1 */
 #define DR_TRAP2        (0x4)           /* db2 */
 #define DR_TRAP3        (0x8)           /* db3 */
+#define DR_TRAP_BITS    (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)
 
 #define DR_STEP         (0x4000)        /* single-step */
 #define DR_SWITCH       (0x8000)        /* task switch */
@@ -49,6 +50,8 @@
 
 #define DR_LOCAL_ENABLE_SHIFT 0    /* Extra shift to the local enable bit */
 #define DR_GLOBAL_ENABLE_SHIFT 1   /* Extra shift to the global enable bit */
+#define DR_LOCAL_ENABLE (0x1)      /* Local enable for reg 0 */
+#define DR_GLOBAL_ENABLE (0x2)     /* Global enable for reg 0 */
 #define DR_ENABLE_SIZE 2           /* 2 enable bits per register */
 
 #define DR_LOCAL_ENABLE_MASK (0x55)  /* Set  local bits for all 4 regs */
@@ -67,4 +70,34 @@
 #define DR_LOCAL_SLOWDOWN (0x100)   /* Local slow the pipeline */
 #define DR_GLOBAL_SLOWDOWN (0x200)  /* Global slow the pipeline */
 
+/*
+ * HW breakpoint additions
+ */
+#ifdef __KERNEL__
+
+DECLARE_PER_CPU(unsigned long, cpu_dr7);
+
+static inline void hw_breakpoint_disable(void)
+{
+        /* Zero the control register for HW Breakpoint */
+        set_debugreg(0UL, 7);
+
+        /* Zero-out the individual HW breakpoint address registers */
+        set_debugreg(0UL, 0);
+        set_debugreg(0UL, 1);
+        set_debugreg(0UL, 2);
+        set_debugreg(0UL, 3);
+}
+
+static inline int hw_breakpoint_active(void)
+{
+        return __get_cpu_var(cpu_dr7) & DR_GLOBAL_ENABLE_MASK;
+}
+
+extern void aout_dump_debugregs(struct user *dump);
+
+extern void hw_breakpoint_restore(void);
+
+#endif  /* __KERNEL__ */
+
 #endif /* _ASM_X86_DEBUGREG_H */
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
index e8de2f6f5ca5..617bd56b3070 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -288,7 +288,7 @@ static inline void load_LDT(mm_context_t *pc)
 
 static inline unsigned long get_desc_base(const struct desc_struct *desc)
 {
-        return desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24);
+        return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24));
 }
 
 static inline void set_desc_base(struct desc_struct *desc, unsigned long base)
diff --git a/arch/x86/include/asm/desc_defs.h b/arch/x86/include/asm/desc_defs.h
index 9d6684849fd9..278441f39856 100644
--- a/arch/x86/include/asm/desc_defs.h
+++ b/arch/x86/include/asm/desc_defs.h
@@ -12,9 +12,9 @@
 #include <linux/types.h>
 
 /*
- * FIXME: Acessing the desc_struct through its fields is more elegant,
+ * FIXME: Accessing the desc_struct through its fields is more elegant,
  * and should be the one valid thing to do. However, a lot of open code
- * still touches the a and b acessors, and doing this allow us to do it
+ * still touches the a and b accessors, and doing this allow us to do it
  * incrementally. We keep the signature as a struct, rather than an union,
  * so we can get rid of it transparently in the future -- glommer
  */
diff --git a/arch/x86/include/asm/device.h b/arch/x86/include/asm/device.h
index cee34e9ca45b..029f230ab637 100644
--- a/arch/x86/include/asm/device.h
+++ b/arch/x86/include/asm/device.h
@@ -8,7 +8,7 @@ struct dev_archdata {
 #ifdef CONFIG_X86_64
 struct dma_map_ops *dma_ops;
 #endif
-#ifdef CONFIG_DMAR
+#if defined(CONFIG_DMAR) || defined(CONFIG_AMD_IOMMU)
         void *iommu; /* hook for IOMMU specific extension */
 #endif
 };
diff --git a/arch/x86/include/asm/dma-mapping.h b/arch/x86/include/asm/dma-mapping.h
index 0ee770d23d0e..ac91eed21061 100644
--- a/arch/x86/include/asm/dma-mapping.h
+++ b/arch/x86/include/asm/dma-mapping.h
@@ -14,7 +14,14 @@
 #include <asm/swiotlb.h>
 #include <asm-generic/dma-coherent.h>
 
-extern dma_addr_t bad_dma_address;
+#ifdef CONFIG_ISA
+# define ISA_DMA_BIT_MASK DMA_BIT_MASK(24)
+#else
+# define ISA_DMA_BIT_MASK DMA_BIT_MASK(32)
+#endif
+
+#define DMA_ERROR_CODE  0
+
 extern int iommu_merge;
 extern struct device x86_dma_fallback_dev;
 extern int panic_on_overflow;
@@ -42,7 +49,7 @@ static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
         if (ops->mapping_error)
                 return ops->mapping_error(dev, dma_addr);
 
-        return (dma_addr == bad_dma_address);
+        return (dma_addr == DMA_ERROR_CODE);
 }
 
 #define dma_alloc_noncoherent(d, s, h, f) dma_alloc_coherent(d, s, h, f)
@@ -60,7 +67,7 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size)
         if (!dev->dma_mask)
                 return 0;
 
-        return addr + size <= *dev->dma_mask;
+        return addr + size - 1 <= *dev->dma_mask;
 }
 
 static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr)
@@ -124,10 +131,8 @@ dma_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_handle,
         if (dma_alloc_from_coherent(dev, size, dma_handle, &memory))
                 return memory;
 
-        if (!dev) {
+        if (!dev)
                 dev = &x86_dma_fallback_dev;
-                gfp |= GFP_DMA;
-        }
 
         if (!is_device_dma_capable(dev))
                 return NULL;
diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h
index 40b4e614fe71..761249e396fe 100644
--- a/arch/x86/include/asm/e820.h
+++ b/arch/x86/include/asm/e820.h
@@ -61,6 +61,12 @@ struct e820map {
         struct e820entry map[E820_X_MAX];
 };
 
+#define ISA_START_ADDRESS       0xa0000
+#define ISA_END_ADDRESS         0x100000
+
+#define BIOS_BEGIN              0x000a0000
+#define BIOS_END                0x00100000
+
 #ifdef __KERNEL__
 /* see comment in arch/x86/kernel/e820.c */
 extern struct e820map e820;
@@ -126,15 +132,18 @@ extern void e820_reserve_resources(void);
 extern void e820_reserve_resources_late(void);
 extern void setup_memory_map(void);
 extern char *default_machine_specific_memory_setup(void);
-#endif /* __KERNEL__ */
-#endif /* __ASSEMBLY__ */
 
-#define ISA_START_ADDRESS       0xa0000
-#define ISA_END_ADDRESS         0x100000
-#define is_ISA_range(s, e) ((s) >= ISA_START_ADDRESS && (e) < ISA_END_ADDRESS)
+/*
+ * Returns true iff the specified range [s,e) is completely contained inside
+ * the ISA region.
+ */
+static inline bool is_ISA_range(u64 s, u64 e)
+{
+        return s >= ISA_START_ADDRESS && e <= ISA_END_ADDRESS;
+}
 
-#define BIOS_BEGIN              0x000a0000
-#define BIOS_END                0x00100000
+#endif /* __KERNEL__ */
+#endif /* __ASSEMBLY__ */
 
 #ifdef __KERNEL__
 #include <linux/ioport.h>
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
index 456a304b8172..b4501ee223ad 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -157,19 +157,6 @@ do {						\
 
 #define compat_elf_check_arch(x)        elf_check_arch_ia32(x)
 
-static inline void start_ia32_thread(struct pt_regs *regs, u32 ip, u32 sp)
-{
-        loadsegment(fs, 0);
-        loadsegment(ds, __USER32_DS);
-        loadsegment(es, __USER32_DS);
-        load_gs_index(0);
-        regs->ip = ip;
-        regs->sp = sp;
-        regs->flags = X86_EFLAGS_IF;
-        regs->cs = __USER32_CS;
-        regs->ss = __USER32_DS;
-}
-
 static inline void elf_common_init(struct thread_struct *t,
                                    struct pt_regs *regs, const u16 ds)
 {
@@ -191,11 +178,8 @@ do {							\
 #define COMPAT_ELF_PLAT_INIT(regs, load_addr)           \
         elf_common_init(&current->thread, regs, __USER_DS)
 
-#define compat_start_thread(regs, ip, sp)               \
-do {                                                    \
-        start_ia32_thread(regs, ip, sp);                \
-        set_fs(USER_DS);                                \
-} while (0)
+void start_thread_ia32(struct pt_regs *regs, u32 new_ip, u32 new_sp);
+#define compat_start_thread start_thread_ia32
 
 #define COMPAT_SET_PERSONALITY(ex)                      \
 do {                                                    \
@@ -255,7 +239,6 @@ extern int force_personality32;
 #endif /* !CONFIG_X86_32 */
 
 #define CORE_DUMP_USE_REGSET
-#define USE_ELF_CORE_DUMP
 #define ELF_EXEC_PAGESIZE       4096
 
 /* This is the location that an ET_DYN program is loaded if exec'ed.  Typical
diff --git a/arch/x86/include/asm/entry_arch.h b/arch/x86/include/asm/entry_arch.h
index f5693c81a1db..8e8ec663a98f 100644
--- a/arch/x86/include/asm/entry_arch.h
+++ b/arch/x86/include/asm/entry_arch.h
@@ -34,7 +34,7 @@ BUILD_INTERRUPT3(invalidate_interrupt7,INVALIDATE_TLB_VECTOR_START+7,
                  smp_invalidate_interrupt)
 #endif
 
-BUILD_INTERRUPT(generic_interrupt, GENERIC_INTERRUPT_VECTOR)
+BUILD_INTERRUPT(x86_platform_ipi, X86_PLATFORM_IPI_VECTOR)
 
 /*
  * every pentium local APIC has two 'local interrupts', with a
diff --git a/arch/x86/include/asm/gart.h b/arch/x86/include/asm/gart.h
index 6cfdafa409d8..4ac5b0f33fc1 100644
--- a/arch/x86/include/asm/gart.h
+++ b/arch/x86/include/asm/gart.h
@@ -35,8 +35,7 @@ extern int gart_iommu_aperture_allowed;
 extern int gart_iommu_aperture_disabled;
 
 extern void early_gart_iommu_check(void);
-extern void gart_iommu_init(void);
-extern void gart_iommu_shutdown(void);
+extern int gart_iommu_init(void);
 extern void __init gart_parse_options(char *);
 extern void gart_iommu_hole_init(void);
 
@@ -48,12 +47,6 @@ extern void gart_iommu_hole_init(void);
 static inline void early_gart_iommu_check(void)
 {
 }
-static inline void gart_iommu_init(void)
-{
-}
-static inline void gart_iommu_shutdown(void)
-{
-}
 static inline void gart_parse_options(char *options)
 {
 }
diff --git a/arch/x86/include/asm/geode.h b/arch/x86/include/asm/geode.h
index ad3c2ed75481..7cd73552a4e8 100644
--- a/arch/x86/include/asm/geode.h
+++ b/arch/x86/include/asm/geode.h
@@ -12,160 +12,7 @@
 
 #include <asm/processor.h>
 #include <linux/io.h>
-
-/* Generic southbridge functions */
-
-#define GEODE_DEV_PMS 0
-#define GEODE_DEV_ACPI 1
-#define GEODE_DEV_GPIO 2
-#define GEODE_DEV_MFGPT 3
-
-extern int geode_get_dev_base(unsigned int dev);
-
-/* Useful macros */
-#define geode_pms_base()        geode_get_dev_base(GEODE_DEV_PMS)
-#define geode_acpi_base()       geode_get_dev_base(GEODE_DEV_ACPI)
-#define geode_gpio_base()       geode_get_dev_base(GEODE_DEV_GPIO)
-#define geode_mfgpt_base()      geode_get_dev_base(GEODE_DEV_MFGPT)
-
-/* MSRS */
-
-#define MSR_GLIU_P2D_RO0        0x10000029
-
-#define MSR_LX_GLD_MSR_CONFIG   0x48002001
-#define MSR_LX_MSR_PADSEL       0x48002011      /* NOT 0x48000011; the data
-                                                 * sheet has the wrong value */
-#define MSR_GLCP_SYS_RSTPLL     0x4C000014
-#define MSR_GLCP_DOTPLL         0x4C000015
-
-#define MSR_LBAR_SMB            0x5140000B
-#define MSR_LBAR_GPIO           0x5140000C
-#define MSR_LBAR_MFGPT          0x5140000D
-#define MSR_LBAR_ACPI           0x5140000E
-#define MSR_LBAR_PMS            0x5140000F
-
-#define MSR_DIVIL_SOFT_RESET    0x51400017
-
-#define MSR_PIC_YSEL_LOW        0x51400020
-#define MSR_PIC_YSEL_HIGH       0x51400021
-#define MSR_PIC_ZSEL_LOW        0x51400022
-#define MSR_PIC_ZSEL_HIGH       0x51400023
-#define MSR_PIC_IRQM_LPC        0x51400025
-
-#define MSR_MFGPT_IRQ           0x51400028
-#define MSR_MFGPT_NR            0x51400029
-#define MSR_MFGPT_SETUP         0x5140002B
-
-#define MSR_LX_SPARE_MSR        0x80000011      /* DC-specific */
-
-#define MSR_GX_GLD_MSR_CONFIG   0xC0002001
-#define MSR_GX_MSR_PADSEL       0xC0002011
-
-/* Resource Sizes */
-
-#define LBAR_GPIO_SIZE          0xFF
-#define LBAR_MFGPT_SIZE         0x40
-#define LBAR_ACPI_SIZE          0x40
-#define LBAR_PMS_SIZE           0x80
-
-/* ACPI registers (PMS block) */
-
-/*
- * PM1_EN is only valid when VSA is enabled for 16 bit reads.
- * When VSA is not enabled, *always* read both PM1_STS and PM1_EN
- * with a 32 bit read at offset 0x0
- */
-
-#define PM1_STS                 0x00
-#define PM1_EN                  0x02
-#define PM1_CNT                 0x08
-#define PM2_CNT                 0x0C
-#define PM_TMR                  0x10
-#define PM_GPE0_STS             0x18
-#define PM_GPE0_EN              0x1C
-
-/* PMC registers (PMS block) */
-
-#define PM_SSD                  0x00
-#define PM_SCXA                 0x04
-#define PM_SCYA                 0x08
-#define PM_OUT_SLPCTL           0x0C
-#define PM_SCLK                 0x10
-#define PM_SED                  0x1
-#define PM_SCXD                 0x18
-#define PM_SCYD                 0x1C
-#define PM_IN_SLPCTL            0x20
-#define PM_WKD                  0x30
-#define PM_WKXD                 0x34
-#define PM_RD                   0x38
-#define PM_WKXA                 0x3C
-#define PM_FSD                  0x40
-#define PM_TSD                  0x44
-#define PM_PSD                  0x48
-#define PM_NWKD                 0x4C
-#define PM_AWKD                 0x50
-#define PM_SSC                  0x54
-
-/* VSA2 magic values */
-
-#define VSA_VRC_INDEX           0xAC1C
-#define VSA_VRC_DATA            0xAC1E
-#define VSA_VR_UNLOCK           0xFC53  /* unlock virtual register */
-#define VSA_VR_SIGNATURE        0x0003
-#define VSA_VR_MEM_SIZE         0x0200
-#define AMD_VSA_SIG             0x4132  /* signature is ascii 'VSA2' */
-#define GSW_VSA_SIG             0x534d  /* General Software signature */
-/* GPIO */
-
-#define GPIO_OUTPUT_VAL         0x00
-#define GPIO_OUTPUT_ENABLE      0x04
-#define GPIO_OUTPUT_OPEN_DRAIN  0x08
-#define GPIO_OUTPUT_INVERT      0x0C
-#define GPIO_OUTPUT_AUX1        0x10
-#define GPIO_OUTPUT_AUX2        0x14
-#define GPIO_PULL_UP            0x18
-#define GPIO_PULL_DOWN          0x1C
-#define GPIO_INPUT_ENABLE       0x20
-#define GPIO_INPUT_INVERT       0x24
-#define GPIO_INPUT_FILTER       0x28
-#define GPIO_INPUT_EVENT_COUNT  0x2C
-#define GPIO_READ_BACK          0x30
-#define GPIO_INPUT_AUX1         0x34
-#define GPIO_EVENTS_ENABLE      0x38
-#define GPIO_LOCK_ENABLE        0x3C
-#define GPIO_POSITIVE_EDGE_EN   0x40
-#define GPIO_NEGATIVE_EDGE_EN   0x44
-#define GPIO_POSITIVE_EDGE_STS  0x48
-#define GPIO_NEGATIVE_EDGE_STS  0x4C
-
-#define GPIO_MAP_X              0xE0
-#define GPIO_MAP_Y              0xE4
-#define GPIO_MAP_Z              0xE8
-#define GPIO_MAP_W              0xEC
-
-static inline u32 geode_gpio(unsigned int nr)
-{
-        BUG_ON(nr > 28);
-        return 1 << nr;
-}
-
-extern void geode_gpio_set(u32, unsigned int);
-extern void geode_gpio_clear(u32, unsigned int);
-extern int geode_gpio_isset(u32, unsigned int);
-extern void geode_gpio_setup_event(unsigned int, int, int);
-extern void geode_gpio_set_irq(unsigned int, unsigned int);
-
-static inline void geode_gpio_event_irq(unsigned int gpio, int pair)
-{
-        geode_gpio_setup_event(gpio, pair, 0);
-}
-
-static inline void geode_gpio_event_pme(unsigned int gpio, int pair)
-{
-        geode_gpio_setup_event(gpio, pair, 1);
-}
-
-/* Specific geode tests */
+#include <linux/cs5535.h>
 
 static inline int is_geode_gx(void)
 {
@@ -186,68 +33,4 @@ static inline int is_geode(void)
         return (is_geode_gx() || is_geode_lx());
 }
 
-#ifdef CONFIG_MGEODE_LX
-extern int geode_has_vsa2(void);
-#else
-static inline int geode_has_vsa2(void)
-{
-        return 0;
-}
-#endif
-
-/* MFGPTs */
-
-#define MFGPT_MAX_TIMERS        8
-#define MFGPT_TIMER_ANY         (-1)
-
-#define MFGPT_DOMAIN_WORKING    1
-#define MFGPT_DOMAIN_STANDBY    2
-#define MFGPT_DOMAIN_ANY        (MFGPT_DOMAIN_WORKING | MFGPT_DOMAIN_STANDBY)
-
-#define MFGPT_CMP1              0
-#define MFGPT_CMP2              1
-
-#define MFGPT_EVENT_IRQ         0
-#define MFGPT_EVENT_NMI         1
-#define MFGPT_EVENT_RESET       3
-
-#define MFGPT_REG_CMP1          0
-#define MFGPT_REG_CMP2          2
-#define MFGPT_REG_COUNTER       4
-#define MFGPT_REG_SETUP         6
-
-#define MFGPT_SETUP_CNTEN       (1 << 15)
-#define MFGPT_SETUP_CMP2        (1 << 14)
-#define MFGPT_SETUP_CMP1        (1 << 13)
-#define MFGPT_SETUP_SETUP       (1 << 12)
-#define MFGPT_SETUP_STOPEN      (1 << 11)
-#define MFGPT_SETUP_EXTEN       (1 << 10)
-#define MFGPT_SETUP_REVEN       (1 << 5)
-#define MFGPT_SETUP_CLKSEL      (1 << 4)
-
-static inline void geode_mfgpt_write(int timer, u16 reg, u16 value)
-{
-        u32 base = geode_get_dev_base(GEODE_DEV_MFGPT);
-        outw(value, base + reg + (timer * 8));
-}
-
-static inline u16 geode_mfgpt_read(int timer, u16 reg)
-{
-        u32 base = geode_get_dev_base(GEODE_DEV_MFGPT);
-        return inw(base + reg + (timer * 8));
-}
-
-extern int geode_mfgpt_toggle_event(int timer, int cmp, int event, int enable);
-extern int geode_mfgpt_set_irq(int timer, int cmp, int *irq, int enable);
-extern int geode_mfgpt_alloc_timer(int timer, int domain);
-
-#define geode_mfgpt_setup_irq(t, c, i) geode_mfgpt_set_irq((t), (c), (i), 1)
-#define geode_mfgpt_release_irq(t, c, i) geode_mfgpt_set_irq((t), (c), (i), 0)
-
-#ifdef CONFIG_GEODE_MFGPT_TIMER
-extern int __init mfgpt_timer_setup(void);
-#else
-static inline int mfgpt_timer_setup(void) { return 0; }
-#endif
-
 #endif /* _ASM_X86_GEODE_H */
diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h
index 82e3e8f01043..0f8576427cfe 100644
--- a/arch/x86/include/asm/hardirq.h
+++ b/arch/x86/include/asm/hardirq.h
@@ -12,7 +12,7 @@ typedef struct {
         unsigned int apic_timer_irqs;   /* arch dependent */
         unsigned int irq_spurious_count;
 #endif
-        unsigned int generic_irqs;      /* arch dependent */
+        unsigned int x86_platform_ipis; /* arch dependent */
         unsigned int apic_perf_irqs;
         unsigned int apic_pending_irqs;
 #ifdef CONFIG_SMP
@@ -20,11 +20,11 @@ typedef struct {
         unsigned int irq_call_count;
         unsigned int irq_tlb_count;
 #endif
-#ifdef CONFIG_X86_MCE
+#ifdef CONFIG_X86_THERMAL_VECTOR
         unsigned int irq_thermal_count;
-# ifdef CONFIG_X86_MCE_THRESHOLD
+#endif
+#ifdef CONFIG_X86_MCE_THRESHOLD
         unsigned int irq_threshold_count;
-# endif
 #endif
 } ____cacheline_aligned irq_cpustat_t;
 
diff --git a/arch/x86/include/asm/hpet.h b/arch/x86/include/asm/hpet.h
index 1c22cb05ad6a..5d89fd2a3690 100644
--- a/arch/x86/include/asm/hpet.h
+++ b/arch/x86/include/asm/hpet.h
@@ -65,11 +65,12 @@
 /* hpet memory map physical address */
 extern unsigned long hpet_address;
 extern unsigned long force_hpet_address;
+extern u8 hpet_blockid;
 extern int hpet_force_user;
 extern int is_hpet_enabled(void);
 extern int hpet_enable(void);
 extern void hpet_disable(void);
-extern unsigned long hpet_readl(unsigned long a);
+extern unsigned int hpet_readl(unsigned int a);
 extern void force_hpet_resume(void);
 
 extern void hpet_msi_unmask(unsigned int irq);
@@ -78,9 +79,9 @@ extern void hpet_msi_write(unsigned int irq, struct msi_msg *msg);
 extern void hpet_msi_read(unsigned int irq, struct msi_msg *msg);
 
 #ifdef CONFIG_PCI_MSI
-extern int arch_setup_hpet_msi(unsigned int irq);
+extern int arch_setup_hpet_msi(unsigned int irq, unsigned int id);
 #else
-static inline int arch_setup_hpet_msi(unsigned int irq)
+static inline int arch_setup_hpet_msi(unsigned int irq, unsigned int id)
 {
         return -EINVAL;
 }
diff --git a/arch/x86/include/asm/hw_breakpoint.h b/arch/x86/include/asm/hw_breakpoint.h
new file mode 100644
index 000000000000..0675a7c4c20e
--- /dev/null
+++ b/arch/x86/include/asm/hw_breakpoint.h
@@ -0,0 +1,73 @@
+#ifndef _I386_HW_BREAKPOINT_H
+#define _I386_HW_BREAKPOINT_H
+
+#ifdef  __KERNEL__
+#define __ARCH_HW_BREAKPOINT_H
+
+/*
+ * The name should probably be something dealt in
+ * a higher level. While dealing with the user
+ * (display/resolving)
+ */
+struct arch_hw_breakpoint {
+        char            *name; /* Contains name of the symbol to set bkpt */
+        unsigned long   address;
+        u8              len;
+        u8              type;
+};
+
+#include <linux/kdebug.h>
+#include <linux/percpu.h>
+#include <linux/list.h>
+
+/* Available HW breakpoint length encodings */
+#define X86_BREAKPOINT_LEN_1            0x40
+#define X86_BREAKPOINT_LEN_2            0x44
+#define X86_BREAKPOINT_LEN_4            0x4c
+#define X86_BREAKPOINT_LEN_EXECUTE      0x40
+
+#ifdef CONFIG_X86_64
+#define X86_BREAKPOINT_LEN_8            0x48
+#endif
+
+/* Available HW breakpoint type encodings */
+
+/* trigger on instruction execute */
+#define X86_BREAKPOINT_EXECUTE  0x80
+/* trigger on memory write */
+#define X86_BREAKPOINT_WRITE    0x81
+/* trigger on memory read or write */
+#define X86_BREAKPOINT_RW       0x83
+
+/* Total number of available HW breakpoint registers */
+#define HBP_NUM 4
+
+struct perf_event;
+struct pmu;
+
+extern int arch_check_va_in_userspace(unsigned long va, u8 hbp_len);
+extern int arch_validate_hwbkpt_settings(struct perf_event *bp,
+                                         struct task_struct *tsk);
+extern int hw_breakpoint_exceptions_notify(struct notifier_block *unused,
+                                           unsigned long val, void *data);
+
+
+int arch_install_hw_breakpoint(struct perf_event *bp);
+void arch_uninstall_hw_breakpoint(struct perf_event *bp);
+void hw_breakpoint_pmu_read(struct perf_event *bp);
+void hw_breakpoint_pmu_unthrottle(struct perf_event *bp);
+
+extern void
+arch_fill_perf_breakpoint(struct perf_event *bp);
+
+unsigned long encode_dr7(int drnum, unsigned int len, unsigned int type);
+int decode_dr7(unsigned long dr7, int bpnum, unsigned *len, unsigned *type);
+
+extern int arch_bp_generic_fields(int x86_len, int x86_type,
+                                  int *gen_len, int *gen_type);
+
+extern struct pmu perf_ops_bp;
+
+#endif  /* __KERNEL__ */
+#endif  /* _I386_HW_BREAKPOINT_H */
+
diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h
index ba180d93b08c..eeac829a0f44 100644
--- a/arch/x86/include/asm/hw_irq.h
+++ b/arch/x86/include/asm/hw_irq.h
@@ -27,7 +27,7 @@
 
 /* Interrupt handlers registered during init_IRQ */
 extern void apic_timer_interrupt(void);
-extern void generic_interrupt(void);
+extern void x86_platform_ipi(void);
 extern void error_interrupt(void);
 extern void perf_pending_interrupt(void);
 
@@ -79,14 +79,33 @@ static inline void set_io_apic_irq_attr(struct io_apic_irq_attr *irq_attr,
                                         int ioapic, int ioapic_pin,
                                         int trigger, int polarity)
 {
-        irq_attr->ioapic     = ioapic;
-        irq_attr->ioapic_pin = ioapic_pin;
-        irq_attr->trigger    = trigger;
-        irq_attr->polarity   = polarity;
+        irq_attr->ioapic        = ioapic;
+        irq_attr->ioapic_pin    = ioapic_pin;
+        irq_attr->trigger       = trigger;
+        irq_attr->polarity      = polarity;
 }
 
-extern int IO_APIC_get_PCI_irq_vector(int bus, int devfn, int pin,
-                                        struct io_apic_irq_attr *irq_attr);
+/*
+ * This is performance-critical, we want to do it O(1)
+ *
+ * Most irqs are mapped 1:1 with pins.
+ */
+struct irq_cfg {
+        struct irq_pin_list     *irq_2_pin;
+        cpumask_var_t           domain;
+        cpumask_var_t           old_domain;
+        u8                      vector;
+        u8                      move_in_progress : 1;
+};
+
+extern struct irq_cfg *irq_cfg(unsigned int);
+extern int assign_irq_vector(int, struct irq_cfg *, const struct cpumask *);
+extern void send_cleanup_vector(struct irq_cfg *);
+
+struct irq_desc;
+extern unsigned int set_desc_affinity(struct irq_desc *, const struct cpumask *,
+                                      unsigned int *dest_id);
+extern int IO_APIC_get_PCI_irq_vector(int bus, int devfn, int pin, struct io_apic_irq_attr *irq_attr);
 extern void setup_ioapic_dest(void);
 
 extern void enable_IO_APIC(void);
@@ -101,7 +120,7 @@ extern void eisa_set_level_irq(unsigned int irq);
 /* SMP */
 extern void smp_apic_timer_interrupt(struct pt_regs *);
 extern void smp_spurious_interrupt(struct pt_regs *);
-extern void smp_generic_interrupt(struct pt_regs *);
+extern void smp_x86_platform_ipi(struct pt_regs *);
 extern void smp_error_interrupt(struct pt_regs *);
 #ifdef CONFIG_X86_IO_APIC
 extern asmlinkage void smp_irq_move_cleanup_interrupt(void);
diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h
index 0b20bbb758f2..ebfb8a9e11f7 100644
--- a/arch/x86/include/asm/i387.h
+++ b/arch/x86/include/asm/i387.h
@@ -10,6 +10,8 @@
 #ifndef _ASM_X86_I387_H
 #define _ASM_X86_I387_H
 
+#ifndef __ASSEMBLY__
+
 #include <linux/sched.h>
 #include <linux/kernel_stat.h>
 #include <linux/regset.h>
@@ -411,4 +413,9 @@ static inline unsigned short get_fpu_mxcsr(struct task_struct *tsk)
         }
 }
 
+#endif /* __ASSEMBLY__ */
+
+#define PSHUFB_XMM5_XMM0 .byte 0x66, 0x0f, 0x38, 0x00, 0xc5
+#define PSHUFB_XMM5_XMM6 .byte 0x66, 0x0f, 0x38, 0x00, 0xf5
+
 #endif /* _ASM_X86_I387_H */
diff --git a/arch/x86/include/asm/inat.h b/arch/x86/include/asm/inat.h
new file mode 100644
index 000000000000..205b063e3e32
--- /dev/null
+++ b/arch/x86/include/asm/inat.h
@@ -0,0 +1,220 @@
+#ifndef _ASM_X86_INAT_H
+#define _ASM_X86_INAT_H
+/*
+ * x86 instruction attributes
+ *
+ * Written by Masami Hiramatsu <mhiramat@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+#include <asm/inat_types.h>
+
+/*
+ * Internal bits. Don't use bitmasks directly, because these bits are
+ * unstable. You should use checking functions.
+ */
+
+#define INAT_OPCODE_TABLE_SIZE 256
+#define INAT_GROUP_TABLE_SIZE 8
+
+/* Legacy last prefixes */
+#define INAT_PFX_OPNDSZ 1       /* 0x66 */ /* LPFX1 */
+#define INAT_PFX_REPE   2       /* 0xF3 */ /* LPFX2 */
+#define INAT_PFX_REPNE  3       /* 0xF2 */ /* LPFX3 */
+/* Other Legacy prefixes */
+#define INAT_PFX_LOCK   4       /* 0xF0 */
+#define INAT_PFX_CS     5       /* 0x2E */
+#define INAT_PFX_DS     6       /* 0x3E */
+#define INAT_PFX_ES     7       /* 0x26 */
+#define INAT_PFX_FS     8       /* 0x64 */
+#define INAT_PFX_GS     9       /* 0x65 */
+#define INAT_PFX_SS     10      /* 0x36 */
+#define INAT_PFX_ADDRSZ 11      /* 0x67 */
+/* x86-64 REX prefix */
+#define INAT_PFX_REX    12      /* 0x4X */
+/* AVX VEX prefixes */
+#define INAT_PFX_VEX2   13      /* 2-bytes VEX prefix */
+#define INAT_PFX_VEX3   14      /* 3-bytes VEX prefix */
+
+#define INAT_LSTPFX_MAX 3
+#define INAT_LGCPFX_MAX 11
+
+/* Immediate size */
+#define INAT_IMM_BYTE           1
+#define INAT_IMM_WORD           2
+#define INAT_IMM_DWORD          3
+#define INAT_IMM_QWORD          4
+#define INAT_IMM_PTR            5
+#define INAT_IMM_VWORD32        6
+#define INAT_IMM_VWORD          7
+
+/* Legacy prefix */
+#define INAT_PFX_OFFS   0
+#define INAT_PFX_BITS   4
+#define INAT_PFX_MAX    ((1 << INAT_PFX_BITS) - 1)
+#define INAT_PFX_MASK   (INAT_PFX_MAX << INAT_PFX_OFFS)
+/* Escape opcodes */
+#define INAT_ESC_OFFS   (INAT_PFX_OFFS + INAT_PFX_BITS)
+#define INAT_ESC_BITS   2
+#define INAT_ESC_MAX    ((1 << INAT_ESC_BITS) - 1)
+#define INAT_ESC_MASK   (INAT_ESC_MAX << INAT_ESC_OFFS)
+/* Group opcodes (1-16) */
+#define INAT_GRP_OFFS   (INAT_ESC_OFFS + INAT_ESC_BITS)
+#define INAT_GRP_BITS   5
+#define INAT_GRP_MAX    ((1 << INAT_GRP_BITS) - 1)
+#define INAT_GRP_MASK   (INAT_GRP_MAX << INAT_GRP_OFFS)
+/* Immediates */
+#define INAT_IMM_OFFS   (INAT_GRP_OFFS + INAT_GRP_BITS)
+#define INAT_IMM_BITS   3
+#define INAT_IMM_MASK   (((1 << INAT_IMM_BITS) - 1) << INAT_IMM_OFFS)
+/* Flags */
+#define INAT_FLAG_OFFS  (INAT_IMM_OFFS + INAT_IMM_BITS)
+#define INAT_MODRM      (1 << (INAT_FLAG_OFFS))
+#define INAT_FORCE64    (1 << (INAT_FLAG_OFFS + 1))
+#define INAT_SCNDIMM    (1 << (INAT_FLAG_OFFS + 2))
+#define INAT_MOFFSET    (1 << (INAT_FLAG_OFFS + 3))
+#define INAT_VARIANT    (1 << (INAT_FLAG_OFFS + 4))
+#define INAT_VEXOK      (1 << (INAT_FLAG_OFFS + 5))
+#define INAT_VEXONLY    (1 << (INAT_FLAG_OFFS + 6))
+/* Attribute making macros for attribute tables */
+#define INAT_MAKE_PREFIX(pfx)   (pfx << INAT_PFX_OFFS)
+#define INAT_MAKE_ESCAPE(esc)   (esc << INAT_ESC_OFFS)
+#define INAT_MAKE_GROUP(grp)    ((grp << INAT_GRP_OFFS) | INAT_MODRM)
+#define INAT_MAKE_IMM(imm)      (imm << INAT_IMM_OFFS)
+
+/* Attribute search APIs */
+extern insn_attr_t inat_get_opcode_attribute(insn_byte_t opcode);
+extern insn_attr_t inat_get_escape_attribute(insn_byte_t opcode,
+                                             insn_byte_t last_pfx,
+                                             insn_attr_t esc_attr);
+extern insn_attr_t inat_get_group_attribute(insn_byte_t modrm,
+                                            insn_byte_t last_pfx,
+                                            insn_attr_t esc_attr);
+extern insn_attr_t inat_get_avx_attribute(insn_byte_t opcode,
+                                          insn_byte_t vex_m,
+                                          insn_byte_t vex_pp);
+
+/* Attribute checking functions */
+static inline int inat_is_legacy_prefix(insn_attr_t attr)
+{
+        attr &= INAT_PFX_MASK;
+        return attr && attr <= INAT_LGCPFX_MAX;
+}
+
+static inline int inat_is_address_size_prefix(insn_attr_t attr)
+{
+        return (attr & INAT_PFX_MASK) == INAT_PFX_ADDRSZ;
+}
+
+static inline int inat_is_operand_size_prefix(insn_attr_t attr)
+{
+        return (attr & INAT_PFX_MASK) == INAT_PFX_OPNDSZ;
+}
+
+static inline int inat_is_rex_prefix(insn_attr_t attr)
+{
+        return (attr & INAT_PFX_MASK) == INAT_PFX_REX;
+}
+
+static inline int inat_last_prefix_id(insn_attr_t attr)
+{
+        if ((attr & INAT_PFX_MASK) > INAT_LSTPFX_MAX)
+                return 0;
+        else
+                return attr & INAT_PFX_MASK;
+}
+
+static inline int inat_is_vex_prefix(insn_attr_t attr)
+{
+        attr &= INAT_PFX_MASK;
+        return attr == INAT_PFX_VEX2 || attr == INAT_PFX_VEX3;
+}
+
+static inline int inat_is_vex3_prefix(insn_attr_t attr)
+{
+        return (attr & INAT_PFX_MASK) == INAT_PFX_VEX3;
+}
+
+static inline int inat_is_escape(insn_attr_t attr)
+{
+        return attr & INAT_ESC_MASK;
+}
+
+static inline int inat_escape_id(insn_attr_t attr)
+{
+        return (attr & INAT_ESC_MASK) >> INAT_ESC_OFFS;
+}
+
+static inline int inat_is_group(insn_attr_t attr)
+{
+        return attr & INAT_GRP_MASK;
+}
+
+static inline int inat_group_id(insn_attr_t attr)
+{
+        return (attr & INAT_GRP_MASK) >> INAT_GRP_OFFS;
+}
+
+static inline int inat_group_common_attribute(insn_attr_t attr)
+{
+        return attr & ~INAT_GRP_MASK;
+}
+
+static inline int inat_has_immediate(insn_attr_t attr)
+{
+        return attr & INAT_IMM_MASK;
+}
+
+static inline int inat_immediate_size(insn_attr_t attr)
+{
+        return (attr & INAT_IMM_MASK) >> INAT_IMM_OFFS;
+}
+
+static inline int inat_has_modrm(insn_attr_t attr)
+{
+        return attr & INAT_MODRM;
+}
+
+static inline int inat_is_force64(insn_attr_t attr)
+{
+        return attr & INAT_FORCE64;
+}
+
+static inline int inat_has_second_immediate(insn_attr_t attr)
+{
+        return attr & INAT_SCNDIMM;
+}
+
+static inline int inat_has_moffset(insn_attr_t attr)
+{
+        return attr & INAT_MOFFSET;
+}
+
+static inline int inat_has_variant(insn_attr_t attr)
+{
+        return attr & INAT_VARIANT;
+}
+
+static inline int inat_accept_vex(insn_attr_t attr)
+{
+        return attr & INAT_VEXOK;
+}
+
+static inline int inat_must_vex(insn_attr_t attr)
+{
+        return attr & INAT_VEXONLY;
+}
+#endif
diff --git a/arch/x86/include/asm/inat_types.h b/arch/x86/include/asm/inat_types.h
new file mode 100644
index 000000000000..cb3c20ce39cf
--- /dev/null
+++ b/arch/x86/include/asm/inat_types.h
@@ -0,0 +1,29 @@
+#ifndef _ASM_X86_INAT_TYPES_H
+#define _ASM_X86_INAT_TYPES_H
+/*
+ * x86 instruction attributes
+ *
+ * Written by Masami Hiramatsu <mhiramat@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+/* Instruction attributes */
+typedef unsigned int insn_attr_t;
+typedef unsigned char insn_byte_t;
+typedef signed int insn_value_t;
+
+#endif
diff --git a/arch/x86/include/asm/insn.h b/arch/x86/include/asm/insn.h
new file mode 100644
index 000000000000..96c2e0ad04ca
--- /dev/null
+++ b/arch/x86/include/asm/insn.h
@@ -0,0 +1,184 @@
+#ifndef _ASM_X86_INSN_H
+#define _ASM_X86_INSN_H
+/*
+ * x86 instruction analysis
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Copyright (C) IBM Corporation, 2009
+ */
+
+/* insn_attr_t is defined in inat.h */
+#include <asm/inat.h>
+
+struct insn_field {
+        union {
+                insn_value_t value;
+                insn_byte_t bytes[4];
+        };
+        /* !0 if we've run insn_get_xxx() for this field */
+        unsigned char got;
+        unsigned char nbytes;
+};
+
+struct insn {
+        struct insn_field prefixes;     /*
+                                         * Prefixes
+                                         * prefixes.bytes[3]: last prefix
+                                         */
+        struct insn_field rex_prefix;   /* REX prefix */
+        struct insn_field vex_prefix;   /* VEX prefix */
+        struct insn_field opcode;       /*
+                                         * opcode.bytes[0]: opcode1
+                                         * opcode.bytes[1]: opcode2
+                                         * opcode.bytes[2]: opcode3
+                                         */
+        struct insn_field modrm;
+        struct insn_field sib;
+        struct insn_field displacement;
+        union {
+                struct insn_field immediate;
+                struct insn_field moffset1;     /* for 64bit MOV */
+                struct insn_field immediate1;   /* for 64bit imm or off16/32 */
+        };
+        union {
+                struct insn_field moffset2;     /* for 64bit MOV */
+                struct insn_field immediate2;   /* for 64bit imm or seg16 */
+        };
+
+        insn_attr_t attr;
+        unsigned char opnd_bytes;
+        unsigned char addr_bytes;
+        unsigned char length;
+        unsigned char x86_64;
+
+        const insn_byte_t *kaddr;       /* kernel address of insn to analyze */
+        const insn_byte_t *next_byte;
+};
+
+#define X86_MODRM_MOD(modrm) (((modrm) & 0xc0) >> 6)
+#define X86_MODRM_REG(modrm) (((modrm) & 0x38) >> 3)
+#define X86_MODRM_RM(modrm) ((modrm) & 0x07)
+
+#define X86_SIB_SCALE(sib) (((sib) & 0xc0) >> 6)
+#define X86_SIB_INDEX(sib) (((sib) & 0x38) >> 3)
+#define X86_SIB_BASE(sib) ((sib) & 0x07)
+
+#define X86_REX_W(rex) ((rex) & 8)
+#define X86_REX_R(rex) ((rex) & 4)
+#define X86_REX_X(rex) ((rex) & 2)
+#define X86_REX_B(rex) ((rex) & 1)
+
+/* VEX bit flags  */
+#define X86_VEX_W(vex)  ((vex) & 0x80)  /* VEX3 Byte2 */
+#define X86_VEX_R(vex)  ((vex) & 0x80)  /* VEX2/3 Byte1 */
+#define X86_VEX_X(vex)  ((vex) & 0x40)  /* VEX3 Byte1 */
+#define X86_VEX_B(vex)  ((vex) & 0x20)  /* VEX3 Byte1 */
+#define X86_VEX_L(vex)  ((vex) & 0x04)  /* VEX3 Byte2, VEX2 Byte1 */
+/* VEX bit fields */
+#define X86_VEX3_M(vex) ((vex) & 0x1f)          /* VEX3 Byte1 */
+#define X86_VEX2_M      1                       /* VEX2.M always 1 */
+#define X86_VEX_V(vex)  (((vex) & 0x78) >> 3)   /* VEX3 Byte2, VEX2 Byte1 */
+#define X86_VEX_P(vex)  ((vex) & 0x03)          /* VEX3 Byte2, VEX2 Byte1 */
+#define X86_VEX_M_MAX   0x1f                    /* VEX3.M Maximum value */
+
+/* The last prefix is needed for two-byte and three-byte opcodes */
+static inline insn_byte_t insn_last_prefix(struct insn *insn)
+{
+        return insn->prefixes.bytes[3];
+}
+
+extern void insn_init(struct insn *insn, const void *kaddr, int x86_64);
+extern void insn_get_prefixes(struct insn *insn);
+extern void insn_get_opcode(struct insn *insn);
+extern void insn_get_modrm(struct insn *insn);
+extern void insn_get_sib(struct insn *insn);
+extern void insn_get_displacement(struct insn *insn);
+extern void insn_get_immediate(struct insn *insn);
+extern void insn_get_length(struct insn *insn);
+
+/* Attribute will be determined after getting ModRM (for opcode groups) */
+static inline void insn_get_attribute(struct insn *insn)
+{
+        insn_get_modrm(insn);
+}
+
+/* Instruction uses RIP-relative addressing */
+extern int insn_rip_relative(struct insn *insn);
+
+/* Init insn for kernel text */
+static inline void kernel_insn_init(struct insn *insn, const void *kaddr)
+{
+#ifdef CONFIG_X86_64
+        insn_init(insn, kaddr, 1);
+#else /* CONFIG_X86_32 */
+        insn_init(insn, kaddr, 0);
+#endif
+}
+
+static inline int insn_is_avx(struct insn *insn)
+{
+        if (!insn->prefixes.got)
+                insn_get_prefixes(insn);
+        return (insn->vex_prefix.value != 0);
+}
+
+static inline insn_byte_t insn_vex_m_bits(struct insn *insn)
+{
+        if (insn->vex_prefix.nbytes == 2)       /* 2 bytes VEX */
+                return X86_VEX2_M;
+        else
+                return X86_VEX3_M(insn->vex_prefix.bytes[1]);
+}
+
+static inline insn_byte_t insn_vex_p_bits(struct insn *insn)
+{
+        if (insn->vex_prefix.nbytes == 2)       /* 2 bytes VEX */
+                return X86_VEX_P(insn->vex_prefix.bytes[1]);
+        else
+                return X86_VEX_P(insn->vex_prefix.bytes[2]);
+}
+
+/* Offset of each field from kaddr */
+static inline int insn_offset_rex_prefix(struct insn *insn)
+{
+        return insn->prefixes.nbytes;
+}
+static inline int insn_offset_vex_prefix(struct insn *insn)
+{
+        return insn_offset_rex_prefix(insn) + insn->rex_prefix.nbytes;
+}
+static inline int insn_offset_opcode(struct insn *insn)
+{
+        return insn_offset_vex_prefix(insn) + insn->vex_prefix.nbytes;
+}
+static inline int insn_offset_modrm(struct insn *insn)
+{
+        return insn_offset_opcode(insn) + insn->opcode.nbytes;
+}
+static inline int insn_offset_sib(struct insn *insn)
+{
+        return insn_offset_modrm(insn) + insn->modrm.nbytes;
+}
+static inline int insn_offset_displacement(struct insn *insn)
+{
+        return insn_offset_sib(insn) + insn->sib.nbytes;
+}
+static inline int insn_offset_immediate(struct insn *insn)
+{
+        return insn_offset_displacement(insn) + insn->displacement.nbytes;
+}
+
+#endif /* _ASM_X86_INSN_H */
diff --git a/arch/x86/include/asm/inst.h b/arch/x86/include/asm/inst.h
new file mode 100644
index 000000000000..14cf526091f9
--- /dev/null
+++ b/arch/x86/include/asm/inst.h
@@ -0,0 +1,150 @@
+/*
+ * Generate .byte code for some instructions not supported by old
+ * binutils.
+ */
+#ifndef X86_ASM_INST_H
+#define X86_ASM_INST_H
+
+#ifdef __ASSEMBLY__
+
+        .macro XMM_NUM opd xmm
+        .ifc \xmm,%xmm0
+        \opd = 0
+        .endif
+        .ifc \xmm,%xmm1
+        \opd = 1
+        .endif
+        .ifc \xmm,%xmm2
+        \opd = 2
+        .endif
+        .ifc \xmm,%xmm3
+        \opd = 3
+        .endif
+        .ifc \xmm,%xmm4
+        \opd = 4
+        .endif
+        .ifc \xmm,%xmm5
+        \opd = 5
+        .endif
+        .ifc \xmm,%xmm6
+        \opd = 6
+        .endif
+        .ifc \xmm,%xmm7
+        \opd = 7
+        .endif
+        .ifc \xmm,%xmm8
+        \opd = 8
+        .endif
+        .ifc \xmm,%xmm9
+        \opd = 9
+        .endif
+        .ifc \xmm,%xmm10
+        \opd = 10
+        .endif
+        .ifc \xmm,%xmm11
+        \opd = 11
+        .endif
+        .ifc \xmm,%xmm12
+        \opd = 12
+        .endif
+        .ifc \xmm,%xmm13
+        \opd = 13
+        .endif
+        .ifc \xmm,%xmm14
+        \opd = 14
+        .endif
+        .ifc \xmm,%xmm15
+        \opd = 15
+        .endif
+        .endm
+
+        .macro PFX_OPD_SIZE
+        .byte 0x66
+        .endm
+
+        .macro PFX_REX opd1 opd2
+        .if (\opd1 | \opd2) & 8
+        .byte 0x40 | ((\opd1 & 8) >> 3) | ((\opd2 & 8) >> 1)
+        .endif
+        .endm
+
+        .macro MODRM mod opd1 opd2
+        .byte \mod | (\opd1 & 7) | ((\opd2 & 7) << 3)
+        .endm
+
+        .macro PSHUFB_XMM xmm1 xmm2
+        XMM_NUM pshufb_opd1 \xmm1
+        XMM_NUM pshufb_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX pshufb_opd1 pshufb_opd2
+        .byte 0x0f, 0x38, 0x00
+        MODRM 0xc0 pshufb_opd1 pshufb_opd2
+        .endm
+
+        .macro PCLMULQDQ imm8 xmm1 xmm2
+        XMM_NUM clmul_opd1 \xmm1
+        XMM_NUM clmul_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX clmul_opd1 clmul_opd2
+        .byte 0x0f, 0x3a, 0x44
+        MODRM 0xc0 clmul_opd1 clmul_opd2
+        .byte \imm8
+        .endm
+
+        .macro AESKEYGENASSIST rcon xmm1 xmm2
+        XMM_NUM aeskeygen_opd1 \xmm1
+        XMM_NUM aeskeygen_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aeskeygen_opd1 aeskeygen_opd2
+        .byte 0x0f, 0x3a, 0xdf
+        MODRM 0xc0 aeskeygen_opd1 aeskeygen_opd2
+        .byte \rcon
+        .endm
+
+        .macro AESIMC xmm1 xmm2
+        XMM_NUM aesimc_opd1 \xmm1
+        XMM_NUM aesimc_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesimc_opd1 aesimc_opd2
+        .byte 0x0f, 0x38, 0xdb
+        MODRM 0xc0 aesimc_opd1 aesimc_opd2
+        .endm
+
+        .macro AESENC xmm1 xmm2
+        XMM_NUM aesenc_opd1 \xmm1
+        XMM_NUM aesenc_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesenc_opd1 aesenc_opd2
+        .byte 0x0f, 0x38, 0xdc
+        MODRM 0xc0 aesenc_opd1 aesenc_opd2
+        .endm
+
+        .macro AESENCLAST xmm1 xmm2
+        XMM_NUM aesenclast_opd1 \xmm1
+        XMM_NUM aesenclast_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesenclast_opd1 aesenclast_opd2
+        .byte 0x0f, 0x38, 0xdd
+        MODRM 0xc0 aesenclast_opd1 aesenclast_opd2
+        .endm
+
+        .macro AESDEC xmm1 xmm2
+        XMM_NUM aesdec_opd1 \xmm1
+        XMM_NUM aesdec_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesdec_opd1 aesdec_opd2
+        .byte 0x0f, 0x38, 0xde
+        MODRM 0xc0 aesdec_opd1 aesdec_opd2
+        .endm
+
+        .macro AESDECLAST xmm1 xmm2
+        XMM_NUM aesdeclast_opd1 \xmm1
+        XMM_NUM aesdeclast_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesdeclast_opd1 aesdeclast_opd2
+        .byte 0x0f, 0x38, 0xdf
+        MODRM 0xc0 aesdeclast_opd1 aesdeclast_opd2
+        .endm
+#endif
+
+#endif
diff --git a/arch/x86/include/asm/iommu.h b/arch/x86/include/asm/iommu.h
index fd6d21bbee6c..345c99cef152 100644
--- a/arch/x86/include/asm/iommu.h
+++ b/arch/x86/include/asm/iommu.h
@@ -1,8 +1,6 @@
 #ifndef _ASM_X86_IOMMU_H
 #define _ASM_X86_IOMMU_H
 
-extern void pci_iommu_shutdown(void);
-extern void no_iommu_init(void);
 extern struct dma_map_ops nommu_dma_ops;
 extern int force_iommu, no_iommu;
 extern int iommu_detected;
diff --git a/arch/x86/include/asm/irq.h b/arch/x86/include/asm/irq.h
index ddda6cbed6f4..5458380b6ef8 100644
--- a/arch/x86/include/asm/irq.h
+++ b/arch/x86/include/asm/irq.h
@@ -34,9 +34,10 @@ static inline int irq_canonicalize(int irq)
 #ifdef CONFIG_HOTPLUG_CPU
 #include <linux/cpumask.h>
 extern void fixup_irqs(void);
+extern void irq_force_complete_move(int);
 #endif
 
-extern void (*generic_interrupt_extension)(void);
+extern void (*x86_platform_ipi_callback)(void);
 extern void native_init_IRQ(void);
 extern bool handle_irq(unsigned irq, struct pt_regs *regs);
 
diff --git a/arch/x86/include/asm/irq_vectors.h b/arch/x86/include/asm/irq_vectors.h
index 5b21f0ec3df2..4611f085cd43 100644
--- a/arch/x86/include/asm/irq_vectors.h
+++ b/arch/x86/include/asm/irq_vectors.h
@@ -106,14 +106,14 @@
 /*
  * Generic system vector for platform specific use
  */
-#define GENERIC_INTERRUPT_VECTOR        0xed
+#define X86_PLATFORM_IPI_VECTOR         0xed
 
 /*
  * Performance monitoring pending work vector:
  */
 #define LOCAL_PENDING_VECTOR            0xec
 
-#define UV_BAU_MESSAGE                  0xec
+#define UV_BAU_MESSAGE                  0xea
 
 /*
  * Self IPI vector for machine checks
diff --git a/arch/x86/include/asm/k8.h b/arch/x86/include/asm/k8.h
index c2d1f3b58e5f..f70e60071fe8 100644
--- a/arch/x86/include/asm/k8.h
+++ b/arch/x86/include/asm/k8.h
@@ -4,13 +4,16 @@
 #include <linux/pci.h>
 
 extern struct pci_device_id k8_nb_ids[];
+struct bootnode;
 
 extern int early_is_k8_nb(u32 value);
 extern struct pci_dev **k8_northbridges;
 extern int num_k8_northbridges;
 extern int cache_k8_northbridges(void);
 extern void k8_flush_garts(void);
-extern int k8_scan_nodes(unsigned long start, unsigned long end);
+extern int k8_get_nodes(struct bootnode *nodes);
+extern int k8_numa_init(unsigned long start_pfn, unsigned long end_pfn);
+extern int k8_scan_nodes(void);
 
 #ifdef CONFIG_K8_NB
 static inline struct pci_dev *node_to_k8_nb_misc(int node)
diff --git a/arch/x86/include/asm/kvm.h b/arch/x86/include/asm/kvm.h
index 4a5fe914dc59..f46b79f6c16c 100644
--- a/arch/x86/include/asm/kvm.h
+++ b/arch/x86/include/asm/kvm.h
@@ -19,6 +19,8 @@
 #define __KVM_HAVE_MSIX
 #define __KVM_HAVE_MCE
 #define __KVM_HAVE_PIT_STATE2
+#define __KVM_HAVE_XEN_HVM
+#define __KVM_HAVE_VCPU_EVENTS
 
 /* Architectural interrupt line count. */
 #define KVM_NR_INTERRUPTS 256
@@ -79,6 +81,7 @@ struct kvm_ioapic_state {
 #define KVM_IRQCHIP_PIC_MASTER   0
 #define KVM_IRQCHIP_PIC_SLAVE    1
 #define KVM_IRQCHIP_IOAPIC       2
+#define KVM_NR_IRQCHIPS          3
 
 /* for KVM_GET_REGS and KVM_SET_REGS */
 struct kvm_regs {
@@ -250,4 +253,35 @@ struct kvm_reinject_control {
         __u8 pit_reinject;
         __u8 reserved[31];
 };
+
+/* When set in flags, include corresponding fields on KVM_SET_VCPU_EVENTS */
+#define KVM_VCPUEVENT_VALID_NMI_PENDING 0x00000001
+#define KVM_VCPUEVENT_VALID_SIPI_VECTOR 0x00000002
+
+/* for KVM_GET/SET_VCPU_EVENTS */
+struct kvm_vcpu_events {
+        struct {
+                __u8 injected;
+                __u8 nr;
+                __u8 has_error_code;
+                __u8 pad;
+                __u32 error_code;
+        } exception;
+        struct {
+                __u8 injected;
+                __u8 nr;
+                __u8 soft;
+                __u8 pad;
+        } interrupt;
+        struct {
+                __u8 injected;
+                __u8 pending;
+                __u8 masked;
+                __u8 pad;
+        } nmi;
+        __u32 sipi_vector;
+        __u32 flags;
+        __u32 reserved[10];
+};
+
 #endif /* _ASM_X86_KVM_H */
diff --git a/arch/x86/include/asm/kvm_emulate.h b/arch/x86/include/asm/kvm_emulate.h
index b7ed2c423116..7c18e1230f54 100644
--- a/arch/x86/include/asm/kvm_emulate.h
+++ b/arch/x86/include/asm/kvm_emulate.h
@@ -129,7 +129,7 @@ struct decode_cache {
         u8 seg_override;
         unsigned int d;
         unsigned long regs[NR_VCPU_REGS];
-        unsigned long eip;
+        unsigned long eip, eip_orig;
         /* modrm */
         u8 modrm;
         u8 modrm_mod;
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 3be000435fad..4f865e8b8540 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -354,7 +354,6 @@ struct kvm_vcpu_arch {
         unsigned int time_offset;
         struct page *time_page;
 
-        bool singlestep; /* guest is single stepped by KVM */
         bool nmi_pending;
         bool nmi_injected;
 
@@ -371,6 +370,10 @@ struct kvm_vcpu_arch {
         u64 mcg_status;
         u64 mcg_ctl;
         u64 *mce_banks;
+
+        /* used for guest single stepping over the given code position */
+        u16 singlestep_cs;
+        unsigned long singlestep_rip;
 };
 
 struct kvm_mem_alias {
@@ -397,7 +400,6 @@ struct kvm_arch{
         struct kvm_pic *vpic;
         struct kvm_ioapic *vioapic;
         struct kvm_pit *vpit;
-        struct hlist_head irq_ack_notifier_list;
         int vapics_in_nmi_mode;
 
         unsigned int tss_addr;
@@ -410,8 +412,10 @@ struct kvm_arch{
         gpa_t ept_identity_map_addr;
 
         unsigned long irq_sources_bitmap;
-        unsigned long irq_states[KVM_IOAPIC_NUM_PINS];
         u64 vm_init_tsc;
+        s64 kvmclock_offset;
+
+        struct kvm_xen_hvm_config xen_hvm_config;
 };
 
 struct kvm_vm_stat {
@@ -461,7 +465,7 @@ struct descriptor_table {
 struct kvm_x86_ops {
         int (*cpu_has_kvm_support)(void);          /* __init */
         int (*disabled_by_bios)(void);             /* __init */
-        void (*hardware_enable)(void *dummy);      /* __init */
+        int (*hardware_enable)(void *dummy);
         void (*hardware_disable)(void *dummy);
         void (*check_processor_compatibility)(void *rtn);
         int (*hardware_setup)(void);               /* __init */
@@ -477,8 +481,8 @@ struct kvm_x86_ops {
         void (*vcpu_load)(struct kvm_vcpu *vcpu, int cpu);
         void (*vcpu_put)(struct kvm_vcpu *vcpu);
 
-        int (*set_guest_debug)(struct kvm_vcpu *vcpu,
-                               struct kvm_guest_debug *dbg);
+        void (*set_guest_debug)(struct kvm_vcpu *vcpu,
+                                struct kvm_guest_debug *dbg);
         int (*get_msr)(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata);
         int (*set_msr)(struct kvm_vcpu *vcpu, u32 msr_index, u64 data);
         u64 (*get_segment_base)(struct kvm_vcpu *vcpu, int seg);
@@ -506,8 +510,8 @@ struct kvm_x86_ops {
 
         void (*tlb_flush)(struct kvm_vcpu *vcpu);
 
-        void (*run)(struct kvm_vcpu *vcpu, struct kvm_run *run);
-        int (*handle_exit)(struct kvm_run *run, struct kvm_vcpu *vcpu);
+        void (*run)(struct kvm_vcpu *vcpu);
+        int (*handle_exit)(struct kvm_vcpu *vcpu);
         void (*skip_emulated_instruction)(struct kvm_vcpu *vcpu);
         void (*set_interrupt_shadow)(struct kvm_vcpu *vcpu, int mask);
         u32 (*get_interrupt_shadow)(struct kvm_vcpu *vcpu, int mask);
@@ -519,6 +523,8 @@ struct kvm_x86_ops {
                                 bool has_error_code, u32 error_code);
         int (*interrupt_allowed)(struct kvm_vcpu *vcpu);
         int (*nmi_allowed)(struct kvm_vcpu *vcpu);
+        bool (*get_nmi_mask)(struct kvm_vcpu *vcpu);
+        void (*set_nmi_mask)(struct kvm_vcpu *vcpu, bool masked);
         void (*enable_nmi_window)(struct kvm_vcpu *vcpu);
         void (*enable_irq_window)(struct kvm_vcpu *vcpu);
         void (*update_cr8_intercept)(struct kvm_vcpu *vcpu, int tpr, int irr);
@@ -568,7 +574,7 @@ enum emulation_result {
 #define EMULTYPE_NO_DECODE          (1 << 0)
 #define EMULTYPE_TRAP_UD            (1 << 1)
 #define EMULTYPE_SKIP               (1 << 2)
-int emulate_instruction(struct kvm_vcpu *vcpu, struct kvm_run *run,
+int emulate_instruction(struct kvm_vcpu *vcpu,
                         unsigned long cr2, u16 error_code, int emulation_type);
 void kvm_report_emulation_failure(struct kvm_vcpu *cvpu, const char *context);
 void realmode_lgdt(struct kvm_vcpu *vcpu, u16 size, unsigned long address);
@@ -585,9 +591,9 @@ int kvm_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data);
 
 struct x86_emulate_ctxt;
 
-int kvm_emulate_pio(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
+int kvm_emulate_pio(struct kvm_vcpu *vcpu, int in,
                      int size, unsigned port);
-int kvm_emulate_pio_string(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
+int kvm_emulate_pio_string(struct kvm_vcpu *vcpu, int in,
                            int size, unsigned long count, int down,
                             gva_t address, int rep, unsigned port);
 void kvm_emulate_cpuid(struct kvm_vcpu *vcpu);
@@ -616,6 +622,9 @@ void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l);
 int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata);
 int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data);
 
+unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu);
+void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
+
 void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr);
 void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code);
 void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long cr2,
@@ -796,9 +805,13 @@ asmlinkage void kvm_handle_fault_on_reboot(void);
 #define KVM_ARCH_WANT_MMU_NOTIFIER
 int kvm_unmap_hva(struct kvm *kvm, unsigned long hva);
 int kvm_age_hva(struct kvm *kvm, unsigned long hva);
+void kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte);
 int cpuid_maxphyaddr(struct kvm_vcpu *vcpu);
 int kvm_cpu_has_interrupt(struct kvm_vcpu *vcpu);
 int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu);
 int kvm_cpu_get_interrupt(struct kvm_vcpu *v);
 
+void kvm_define_shared_msr(unsigned index, u32 msr);
+void kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
+
 #endif /* _ASM_X86_KVM_HOST_H */
diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h
index b608a64c5814..858baa061cfc 100644
--- a/arch/x86/include/asm/mce.h
+++ b/arch/x86/include/asm/mce.h
@@ -108,6 +108,8 @@ struct mce_log {
 #define K8_MCE_THRESHOLD_BANK_5    (MCE_THRESHOLD_BASE + 5 * 9)
 #define K8_MCE_THRESHOLD_DRAM_ECC  (MCE_THRESHOLD_BANK_4 + 0)
 
+extern struct atomic_notifier_head x86_mce_decoder_chain;
+
 #ifdef __KERNEL__
 
 #include <linux/percpu.h>
@@ -118,9 +120,11 @@ extern int mce_disabled;
 extern int mce_p5_enabled;
 
 #ifdef CONFIG_X86_MCE
-void mcheck_init(struct cpuinfo_x86 *c);
+int mcheck_init(void);
+void mcheck_cpu_init(struct cpuinfo_x86 *c);
 #else
-static inline void mcheck_init(struct cpuinfo_x86 *c) {}
+static inline int mcheck_init(void) { return 0; }
+static inline void mcheck_cpu_init(struct cpuinfo_x86 *c) {}
 #endif
 
 #ifdef CONFIG_X86_ANCIENT_MCE
@@ -133,6 +137,8 @@ static inline void winchip_mcheck_init(struct cpuinfo_x86 *c) {}
 static inline void enable_p5_mce(void) {}
 #endif
 
+extern void (*x86_mce_decode_callback)(struct mce *m);
+
 void mce_setup(struct mce *m);
 void mce_log(struct mce *m);
 DECLARE_PER_CPU(struct sys_device, mce_dev);
@@ -212,5 +218,11 @@ void intel_init_thermal(struct cpuinfo_x86 *c);
 
 void mce_log_therm_throt_event(__u64 status);
 
+#ifdef CONFIG_X86_THERMAL_VECTOR
+extern void mcheck_intel_therm_init(void);
+#else
+static inline void mcheck_intel_therm_init(void) { }
+#endif
+
 #endif /* __KERNEL__ */
 #endif /* _ASM_X86_MCE_H */
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
index ef51b501e22a..c24ca9a56458 100644
--- a/arch/x86/include/asm/microcode.h
+++ b/arch/x86/include/asm/microcode.h
@@ -12,6 +12,8 @@ struct device;
 enum ucode_state { UCODE_ERROR, UCODE_OK, UCODE_NFOUND };
 
 struct microcode_ops {
+        void (*init)(struct device *device);
+        void (*fini)(void);
         enum ucode_state (*request_microcode_user) (int cpu,
                                 const void __user *buf, size_t size);
 
diff --git a/arch/x86/include/asm/mmzone_32.h b/arch/x86/include/asm/mmzone_32.h
index ede6998bd92c..91df7c51806c 100644
--- a/arch/x86/include/asm/mmzone_32.h
+++ b/arch/x86/include/asm/mmzone_32.h
@@ -47,7 +47,7 @@ static inline void resume_map_numa_kva(pgd_t *pgd) {}
 /*
  * generic node memory support, the following assumptions apply:
  *
- * 1) memory comes in 64Mb contigious chunks which are either present or not
+ * 1) memory comes in 64Mb contiguous chunks which are either present or not
  * 2) we will not have more than 64Gb in total
  *
  * for now assume that 64Gb is max amount of RAM for whole system
diff --git a/arch/x86/include/asm/mpspec.h b/arch/x86/include/asm/mpspec.h
index 79c94500c0bb..d8bf23a88d05 100644
--- a/arch/x86/include/asm/mpspec.h
+++ b/arch/x86/include/asm/mpspec.h
@@ -71,12 +71,7 @@ static inline void early_get_smp_config(void)
 
 static inline void find_smp_config(void)
 {
-        x86_init.mpparse.find_smp_config(1);
-}
-
-static inline void early_find_smp_config(void)
-{
-        x86_init.mpparse.find_smp_config(0);
+        x86_init.mpparse.find_smp_config();
 }
 
 #ifdef CONFIG_X86_MPPARSE
@@ -89,7 +84,7 @@ extern void default_mpc_oem_bus_info(struct mpc_bus *m, char *str);
 # else
 #  define default_mpc_oem_bus_info NULL
 # endif
-extern void default_find_smp_config(unsigned int reserve);
+extern void default_find_smp_config(void);
 extern void default_get_smp_config(unsigned int early);
 #else
 static inline void early_reserve_e820_mpc_new(void) { }
@@ -97,7 +92,7 @@ static inline void early_reserve_e820_mpc_new(void) { }
 #define default_mpc_apic_id NULL
 #define default_smp_read_mpc_oem NULL
 #define default_mpc_oem_bus_info NULL
-#define default_find_smp_config x86_init_uint_noop
+#define default_find_smp_config x86_init_noop
 #define default_get_smp_config x86_init_uint_noop
 #endif
 
@@ -163,14 +158,16 @@ typedef struct physid_mask physid_mask_t;
 #define physids_shift_left(d, s, n)                             \
         bitmap_shift_left((d).mask, (s).mask, n, MAX_APICS)
 
-#define physids_coerce(map)                     ((map).mask[0])
+static inline unsigned long physids_coerce(physid_mask_t *map)
+{
+        return map->mask[0];
+}
 
-#define physids_promote(physids)                                        \
-        ({                                                              \
-                physid_mask_t __physid_mask = PHYSID_MASK_NONE;         \
-                __physid_mask.mask[0] = physids;                        \
-                __physid_mask;                                          \
-        })
+static inline void physids_promote(unsigned long physids, physid_mask_t *map)
+{
+        physids_clear(*map);
+        map->mask[0] = physids;
+}
 
 /* Note: will create very large stack frames if physid_mask_t is big */
 #define physid_mask_of_physid(physid)                                   \
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 4ffe09b2ad75..1cd58cdbc03f 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -12,6 +12,7 @@
 #define MSR_FS_BASE             0xc0000100 /* 64bit FS base */
 #define MSR_GS_BASE             0xc0000101 /* 64bit GS base */
 #define MSR_KERNEL_GS_BASE      0xc0000102 /* SwapGS GS shadow */
+#define MSR_TSC_AUX             0xc0000103 /* Auxiliary TSC */
 
 /* EFER bits: */
 #define _EFER_SCE               0  /* SYSCALL/SYSRET */
@@ -123,6 +124,7 @@
 #define FAM10H_MMIO_CONF_BUSRANGE_SHIFT 2
 #define FAM10H_MMIO_CONF_BASE_MASK      0xfffffff
 #define FAM10H_MMIO_CONF_BASE_SHIFT     20
+#define MSR_FAM10H_NODE_ID              0xc001100c
 
 /* K8 MSRs */
 #define MSR_K8_TOP_MEM1                 0xc001001a
diff --git a/arch/x86/include/asm/msr.h b/arch/x86/include/asm/msr.h
index 7e2b6ba962ff..c5bc4c2d33f5 100644
--- a/arch/x86/include/asm/msr.h
+++ b/arch/x86/include/asm/msr.h
@@ -27,6 +27,18 @@ struct msr {
         };
 };
 
+struct msr_info {
+        u32 msr_no;
+        struct msr reg;
+        struct msr *msrs;
+        int err;
+};
+
+struct msr_regs_info {
+        u32 *regs;
+        int err;
+};
+
 static inline unsigned long long native_read_tscp(unsigned int *aux)
 {
         unsigned long low, high;
@@ -240,15 +252,18 @@ do {                                                            \
 #define checking_wrmsrl(msr, val) wrmsr_safe((msr), (u32)(val),         \
                                              (u32)((val) >> 32))
 
-#define write_tsc(val1, val2) wrmsr(0x10, (val1), (val2))
+#define write_tsc(val1, val2) wrmsr(MSR_IA32_TSC, (val1), (val2))
+
+#define write_rdtscp_aux(val) wrmsr(MSR_TSC_AUX, (val), 0)
 
-#define write_rdtscp_aux(val) wrmsr(0xc0000103, (val), 0)
+struct msr *msrs_alloc(void);
+void msrs_free(struct msr *msrs);
 
 #ifdef CONFIG_SMP
 int rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h);
 int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h);
-void rdmsr_on_cpus(const cpumask_t *mask, u32 msr_no, struct msr *msrs);
-void wrmsr_on_cpus(const cpumask_t *mask, u32 msr_no, struct msr *msrs);
+void rdmsr_on_cpus(const struct cpumask *mask, u32 msr_no, struct msr *msrs);
+void wrmsr_on_cpus(const struct cpumask *mask, u32 msr_no, struct msr *msrs);
 int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h);
 int wrmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h);
 int rdmsr_safe_regs_on_cpu(unsigned int cpu, u32 regs[8]);
@@ -264,12 +279,12 @@ static inline int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
         wrmsr(msr_no, l, h);
         return 0;
 }
-static inline void rdmsr_on_cpus(const cpumask_t *m, u32 msr_no,
+static inline void rdmsr_on_cpus(const struct cpumask *m, u32 msr_no,
                                 struct msr *msrs)
 {
        rdmsr_on_cpu(0, msr_no, &(msrs[0].l), &(msrs[0].h));
 }
-static inline void wrmsr_on_cpus(const cpumask_t *m, u32 msr_no,
+static inline void wrmsr_on_cpus(const struct cpumask *m, u32 msr_no,
                                 struct msr *msrs)
 {
        wrmsr_on_cpu(0, msr_no, msrs[0].l, msrs[0].h);
diff --git a/arch/x86/include/asm/olpc.h b/arch/x86/include/asm/olpc.h
index 834a30295fab..3a57385d9fa7 100644
--- a/arch/x86/include/asm/olpc.h
+++ b/arch/x86/include/asm/olpc.h
@@ -120,7 +120,7 @@ extern int olpc_ec_mask_unset(uint8_t bits);
 
 /* GPIO assignments */
 
-#define OLPC_GPIO_MIC_AC        geode_gpio(1)
+#define OLPC_GPIO_MIC_AC        1
 #define OLPC_GPIO_DCON_IRQ      geode_gpio(7)
 #define OLPC_GPIO_THRM_ALRM     geode_gpio(10)
 #define OLPC_GPIO_SMB_CLK       geode_gpio(14)
diff --git a/arch/x86/include/asm/page_types.h b/arch/x86/include/asm/page_types.h
index 6473f5ccff85..642fe34b36a2 100644
--- a/arch/x86/include/asm/page_types.h
+++ b/arch/x86/include/asm/page_types.h
@@ -49,7 +49,8 @@ extern unsigned long max_pfn_mapped;
 extern unsigned long init_memory_mapping(unsigned long start,
                                          unsigned long end);
 
-extern void initmem_init(unsigned long start_pfn, unsigned long end_pfn);
+extern void initmem_init(unsigned long start_pfn, unsigned long end_pfn,
+                                int acpi, int k8);
 extern void free_initmem(void);
 
 #endif  /* !__ASSEMBLY__ */
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index 8aebcc41041d..dd59a85a918f 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -731,34 +731,34 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
 
 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
 
-static inline int __raw_spin_is_locked(struct raw_spinlock *lock)
+static inline int arch_spin_is_locked(struct arch_spinlock *lock)
 {
         return PVOP_CALL1(int, pv_lock_ops.spin_is_locked, lock);
 }
 
-static inline int __raw_spin_is_contended(struct raw_spinlock *lock)
+static inline int arch_spin_is_contended(struct arch_spinlock *lock)
 {
         return PVOP_CALL1(int, pv_lock_ops.spin_is_contended, lock);
 }
-#define __raw_spin_is_contended __raw_spin_is_contended
+#define arch_spin_is_contended  arch_spin_is_contended
 
-static __always_inline void __raw_spin_lock(struct raw_spinlock *lock)
+static __always_inline void arch_spin_lock(struct arch_spinlock *lock)
 {
         PVOP_VCALL1(pv_lock_ops.spin_lock, lock);
 }
 
-static __always_inline void __raw_spin_lock_flags(struct raw_spinlock *lock,
+static __always_inline void arch_spin_lock_flags(struct arch_spinlock *lock,
                                                   unsigned long flags)
 {
         PVOP_VCALL2(pv_lock_ops.spin_lock_flags, lock, flags);
 }
 
-static __always_inline int __raw_spin_trylock(struct raw_spinlock *lock)
+static __always_inline int arch_spin_trylock(struct arch_spinlock *lock)
 {
         return PVOP_CALL1(int, pv_lock_ops.spin_trylock, lock);
 }
 
-static __always_inline void __raw_spin_unlock(struct raw_spinlock *lock)
+static __always_inline void arch_spin_unlock(struct arch_spinlock *lock)
 {
         PVOP_VCALL1(pv_lock_ops.spin_unlock, lock);
 }
@@ -840,42 +840,22 @@ static __always_inline void __raw_spin_unlock(struct raw_spinlock *lock)
 
 static inline unsigned long __raw_local_save_flags(void)
 {
-        unsigned long f;
-
-        asm volatile(paravirt_alt(PARAVIRT_CALL)
-                     : "=a"(f)
-                     : paravirt_type(pv_irq_ops.save_fl),
-                       paravirt_clobber(CLBR_EAX)
-                     : "memory", "cc");
-        return f;
+        return PVOP_CALLEE0(unsigned long, pv_irq_ops.save_fl);
 }
 
 static inline void raw_local_irq_restore(unsigned long f)
 {
-        asm volatile(paravirt_alt(PARAVIRT_CALL)
-                     : "=a"(f)
-                     : PV_FLAGS_ARG(f),
-                       paravirt_type(pv_irq_ops.restore_fl),
-                       paravirt_clobber(CLBR_EAX)
-                     : "memory", "cc");
+        PVOP_VCALLEE1(pv_irq_ops.restore_fl, f);
 }
 
 static inline void raw_local_irq_disable(void)
 {
-        asm volatile(paravirt_alt(PARAVIRT_CALL)
-                     :
-                     : paravirt_type(pv_irq_ops.irq_disable),
-                       paravirt_clobber(CLBR_EAX)
-                     : "memory", "eax", "cc");
+        PVOP_VCALLEE0(pv_irq_ops.irq_disable);
 }
 
 static inline void raw_local_irq_enable(void)
 {
-        asm volatile(paravirt_alt(PARAVIRT_CALL)
-                     :
-                     : paravirt_type(pv_irq_ops.irq_enable),
-                       paravirt_clobber(CLBR_EAX)
-                     : "memory", "eax", "cc");
+        PVOP_VCALLEE0(pv_irq_ops.irq_enable);
 }
 
 static inline unsigned long __raw_local_irq_save(void)
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
index dd0f5b32489d..b1e70d51e40c 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -318,14 +318,14 @@ struct pv_mmu_ops {
                            phys_addr_t phys, pgprot_t flags);
 };
 
-struct raw_spinlock;
+struct arch_spinlock;
 struct pv_lock_ops {
-        int (*spin_is_locked)(struct raw_spinlock *lock);
-        int (*spin_is_contended)(struct raw_spinlock *lock);
-        void (*spin_lock)(struct raw_spinlock *lock);
-        void (*spin_lock_flags)(struct raw_spinlock *lock, unsigned long flags);
-        int (*spin_trylock)(struct raw_spinlock *lock);
-        void (*spin_unlock)(struct raw_spinlock *lock);
+        int (*spin_is_locked)(struct arch_spinlock *lock);
+        int (*spin_is_contended)(struct arch_spinlock *lock);
+        void (*spin_lock)(struct arch_spinlock *lock);
+        void (*spin_lock_flags)(struct arch_spinlock *lock, unsigned long flags);
+        int (*spin_trylock)(struct arch_spinlock *lock);
+        void (*spin_unlock)(struct arch_spinlock *lock);
 };
 
 /* This contains all the paravirt structures: we get a convenient
@@ -494,10 +494,11 @@ int paravirt_disable_iospace(void);
 #define EXTRA_CLOBBERS
 #define VEXTRA_CLOBBERS
 #else  /* CONFIG_X86_64 */
+/* [re]ax isn't an arg, but the return val */
 #define PVOP_VCALL_ARGS                                 \
         unsigned long __edi = __edi, __esi = __esi,     \
-                __edx = __edx, __ecx = __ecx
-#define PVOP_CALL_ARGS          PVOP_VCALL_ARGS, __eax
+                __edx = __edx, __ecx = __ecx, __eax = __eax
+#define PVOP_CALL_ARGS          PVOP_VCALL_ARGS
 
 #define PVOP_CALL_ARG1(x)               "D" ((unsigned long)(x))
 #define PVOP_CALL_ARG2(x)               "S" ((unsigned long)(x))
@@ -509,6 +510,7 @@ int paravirt_disable_iospace(void);
                                 "=c" (__ecx)
 #define PVOP_CALL_CLOBBERS      PVOP_VCALL_CLOBBERS, "=a" (__eax)
 
+/* void functions are still allowed [re]ax for scratch */
 #define PVOP_VCALLEE_CLOBBERS   "=a" (__eax)
 #define PVOP_CALLEE_CLOBBERS    PVOP_VCALLEE_CLOBBERS
 
@@ -583,8 +585,8 @@ int paravirt_disable_iospace(void);
                        VEXTRA_CLOBBERS,                                 \
                        pre, post, ##__VA_ARGS__)
 
-#define __PVOP_VCALLEESAVE(rettype, op, pre, post, ...)                 \
-        ____PVOP_CALL(rettype, op.func, CLBR_RET_REG,                   \
+#define __PVOP_VCALLEESAVE(op, pre, post, ...)                          \
+        ____PVOP_VCALL(op.func, CLBR_RET_REG,                           \
                       PVOP_VCALLEE_CLOBBERS, ,                          \
                       pre, post, ##__VA_ARGS__)
 
diff --git a/arch/x86/include/asm/pci_x86.h b/arch/x86/include/asm/pci_x86.h
index b399988eee3a..b4bf9a942ed0 100644
--- a/arch/x86/include/asm/pci_x86.h
+++ b/arch/x86/include/asm/pci_x86.h
@@ -118,11 +118,27 @@ extern int __init pcibios_init(void);
 
 /* pci-mmconfig.c */
 
+/* "PCI MMCONFIG %04x [bus %02x-%02x]" */
+#define PCI_MMCFG_RESOURCE_NAME_LEN (22 + 4 + 2 + 2)
+
+struct pci_mmcfg_region {
+        struct list_head list;
+        struct resource res;
+        u64 address;
+        char __iomem *virt;
+        u16 segment;
+        u8 start_bus;
+        u8 end_bus;
+        char name[PCI_MMCFG_RESOURCE_NAME_LEN];
+};
+
 extern int __init pci_mmcfg_arch_init(void);
 extern void __init pci_mmcfg_arch_free(void);
+extern struct pci_mmcfg_region *pci_mmconfig_lookup(int segment, int bus);
+
+extern struct list_head pci_mmcfg_list;
 
-extern struct acpi_mcfg_allocation *pci_mmcfg_config;
-extern int pci_mmcfg_config_num;
+#define PCI_MMCFG_BUS_OFFSET(bus)      ((bus) << 20)
 
 /*
  * AMD Fam10h CPUs are buggy, and cannot access MMIO config space
diff --git a/arch/x86/include/asm/perf_event.h b/arch/x86/include/asm/perf_event.h
index ad7ce3fd5065..8d9f8548a870 100644
--- a/arch/x86/include/asm/perf_event.h
+++ b/arch/x86/include/asm/perf_event.h
@@ -28,9 +28,20 @@
  */
 #define ARCH_PERFMON_EVENT_MASK                             0xffff
 
+/*
+ * filter mask to validate fixed counter events.
+ * the following filters disqualify for fixed counters:
+ *  - inv
+ *  - edge
+ *  - cnt-mask
+ *  The other filters are supported by fixed counters.
+ *  The any-thread option is supported starting with v3.
+ */
+#define ARCH_PERFMON_EVENT_FILTER_MASK                  0xff840000
+
 #define ARCH_PERFMON_UNHALTED_CORE_CYCLES_SEL                 0x3c
 #define ARCH_PERFMON_UNHALTED_CORE_CYCLES_UMASK         (0x00 << 8)
-#define ARCH_PERFMON_UNHALTED_CORE_CYCLES_INDEX                  0
+#define ARCH_PERFMON_UNHALTED_CORE_CYCLES_INDEX                  0
 #define ARCH_PERFMON_UNHALTED_CORE_CYCLES_PRESENT \
                 (1 << (ARCH_PERFMON_UNHALTED_CORE_CYCLES_INDEX))
 
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index af6fd360ab35..a34c785c5a63 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -16,6 +16,8 @@
 
 #ifndef __ASSEMBLY__
 
+#include <asm/x86_init.h>
+
 /*
  * ZERO_PAGE is a global shared page that is always zero: used
  * for zero-mapped memory areas etc..
@@ -270,9 +272,9 @@ static inline int is_new_memtype_allowed(u64 paddr, unsigned long size,
                                          unsigned long new_flags)
 {
         /*
-         * PAT type is always WB for ISA. So no need to check.
+         * PAT type is always WB for untracked ranges, so no need to check.
          */
-        if (is_ISA_range(paddr, paddr + size - 1))
+        if (x86_platform.is_untracked_pat_range(paddr, paddr + size))
                 return 1;
 
         /*
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index c3429e8b2424..fc801bab1b3b 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -30,6 +30,7 @@ struct mm_struct;
 #include <linux/math64.h>
 #include <linux/init.h>
 
+#define HBP_NUM 4
 /*
  * Default implementation of macro that returns current
  * instruction pointer ("program counter").
@@ -180,7 +181,7 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,
                                 unsigned int *ecx, unsigned int *edx)
 {
         /* ecx is often an input as well as an output. */
-        asm("cpuid"
+        asm volatile("cpuid"
             : "=a" (*eax),
               "=b" (*ebx),
               "=c" (*ecx),
@@ -422,6 +423,8 @@ extern unsigned int xstate_size;
 extern void free_thread_xstate(struct task_struct *);
 extern struct kmem_cache *task_xstate_cachep;
 
+struct perf_event;
+
 struct thread_struct {
         /* Cached TLS descriptors: */
         struct desc_struct      tls_array[GDT_ENTRY_TLS_ENTRIES];
@@ -443,13 +446,10 @@ struct thread_struct {
         unsigned long           fs;
 #endif
         unsigned long           gs;
-        /* Hardware debugging registers: */
-        unsigned long           debugreg0;
-        unsigned long           debugreg1;
-        unsigned long           debugreg2;
-        unsigned long           debugreg3;
-        unsigned long           debugreg6;
-        unsigned long           debugreg7;
+        /* Save middle states of ptrace breakpoints */
+        struct perf_event       *ptrace_bps[HBP_NUM];
+        /* Debug status used for traps, single steps, etc... */
+        unsigned long           debugreg6;
         /* Fault info: */
         unsigned long           cr2;
         unsigned long           trap_no;
@@ -1000,7 +1000,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
 #define thread_saved_pc(t)      (*(unsigned long *)((t)->thread.sp - 8))
 
 #define task_pt_regs(tsk)       ((struct pt_regs *)(tsk)->thread.sp0 - 1)
-#define KSTK_ESP(tsk)           -1 /* sorry. doesn't work for syscall. */
+extern unsigned long KSTK_ESP(struct task_struct *task);
 #endif /* CONFIG_X86_64 */
 
 extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h
index 621f56d73121..4009f6534f52 100644
--- a/arch/x86/include/asm/proto.h
+++ b/arch/x86/include/asm/proto.h
@@ -5,18 +5,19 @@
 
 /* misc architecture specific prototypes */
 
-extern void early_idt_handler(void);
+void early_idt_handler(void);
 
-extern void system_call(void);
-extern void syscall_init(void);
+void system_call(void);
+void syscall_init(void);
 
-extern void ia32_syscall(void);
-extern void ia32_cstar_target(void);
-extern void ia32_sysenter_target(void);
+void ia32_syscall(void);
+void ia32_cstar_target(void);
+void ia32_sysenter_target(void);
 
-extern void syscall32_cpu_init(void);
+void syscall32_cpu_init(void);
 
-extern void check_efer(void);
+void x86_configure_nx(void);
+void x86_report_nx(void);
 
 extern int reboot_force;
 
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
index 0f0d908349aa..9d369f680321 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -7,6 +7,7 @@
 
 #ifdef __KERNEL__
 #include <asm/segment.h>
+#include <asm/page_types.h>
 #endif
 
 #ifndef __ASSEMBLY__
@@ -216,6 +217,67 @@ static inline unsigned long user_stack_pointer(struct pt_regs *regs)
         return regs->sp;
 }
 
+/* Query offset/name of register from its name/offset */
+extern int regs_query_register_offset(const char *name);
+extern const char *regs_query_register_name(unsigned int offset);
+#define MAX_REG_OFFSET (offsetof(struct pt_regs, ss))
+
+/**
+ * regs_get_register() - get register value from its offset
+ * @regs:       pt_regs from which register value is gotten.
+ * @offset:     offset number of the register.
+ *
+ * regs_get_register returns the value of a register. The @offset is the
+ * offset of the register in struct pt_regs address which specified by @regs.
+ * If @offset is bigger than MAX_REG_OFFSET, this returns 0.
+ */
+static inline unsigned long regs_get_register(struct pt_regs *regs,
+                                              unsigned int offset)
+{
+        if (unlikely(offset > MAX_REG_OFFSET))
+                return 0;
+        return *(unsigned long *)((unsigned long)regs + offset);
+}
+
+/**
+ * regs_within_kernel_stack() - check the address in the stack
+ * @regs:       pt_regs which contains kernel stack pointer.
+ * @addr:       address which is checked.
+ *
+ * regs_within_kernel_stack() checks @addr is within the kernel stack page(s).
+ * If @addr is within the kernel stack, it returns true. If not, returns false.
+ */
+static inline int regs_within_kernel_stack(struct pt_regs *regs,
+                                           unsigned long addr)
+{
+        return ((addr & ~(THREAD_SIZE - 1))  ==
+                (kernel_stack_pointer(regs) & ~(THREAD_SIZE - 1)));
+}
+
+/**
+ * regs_get_kernel_stack_nth() - get Nth entry of the stack
+ * @regs:       pt_regs which contains kernel stack pointer.
+ * @n:          stack entry number.
+ *
+ * regs_get_kernel_stack_nth() returns @n th entry of the kernel stack which
+ * is specified by @regs. If the @n th entry is NOT in the kernel stack,
+ * this returns 0.
+ */
+static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs,
+                                                      unsigned int n)
+{
+        unsigned long *addr = (unsigned long *)kernel_stack_pointer(regs);
+        addr += n;
+        if (regs_within_kernel_stack(regs, (unsigned long)addr))
+                return *addr;
+        else
+                return 0;
+}
+
+/* Get Nth argument at function call */
+extern unsigned long regs_get_argument_nth(struct pt_regs *regs,
+                                           unsigned int n);
+
 /*
  * These are defined as per linux/ptrace.h, which see.
  */
@@ -230,6 +292,8 @@ extern void user_enable_block_step(struct task_struct *);
 #define arch_has_block_step()   (boot_cpu_data.x86 >= 6)
 #endif
 
+#define ARCH_HAS_USER_SINGLE_STEP_INFO
+
 struct user_desc;
 extern int do_get_thread_area(struct task_struct *p, int idx,
                               struct user_desc __user *info);
diff --git a/arch/x86/include/asm/sections.h b/arch/x86/include/asm/sections.h
index 1b7ee5d673c2..0a5242428659 100644
--- a/arch/x86/include/asm/sections.h
+++ b/arch/x86/include/asm/sections.h
@@ -2,7 +2,13 @@
 #define _ASM_X86_SECTIONS_H
 
 #include <asm-generic/sections.h>
+#include <asm/uaccess.h>
 
 extern char __brk_base[], __brk_limit[];
+extern struct exception_table_entry __stop___ex_table[];
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
+extern char __end_rodata_hpage_align[];
+#endif
 
 #endif  /* _ASM_X86_SECTIONS_H */
diff --git a/arch/x86/include/asm/sigcontext.h b/arch/x86/include/asm/sigcontext.h
index 72e5a4491661..04459d25e66e 100644
--- a/arch/x86/include/asm/sigcontext.h
+++ b/arch/x86/include/asm/sigcontext.h
@@ -124,7 +124,7 @@ struct sigcontext {
          * fpstate is really (struct _fpstate *) or (struct _xstate *)
          * depending on the FP_XSTATE_MAGIC1 encoded in the SW reserved
          * bytes of (struct _fpstate) and FP_XSTATE_MAGIC2 present at the end
-         * of extended memory layout. See comments at the defintion of
+         * of extended memory layout. See comments at the definition of
          * (struct _fpx_sw_bytes)
          */
         void __user *fpstate;           /* zero when no FPU/extended context */
@@ -219,7 +219,7 @@ struct sigcontext {
          * fpstate is really (struct _fpstate *) or (struct _xstate *)
          * depending on the FP_XSTATE_MAGIC1 encoded in the SW reserved
          * bytes of (struct _fpstate) and FP_XSTATE_MAGIC2 present at the end
-         * of extended memory layout. See comments at the defintion of
+         * of extended memory layout. See comments at the definition of
          * (struct _fpx_sw_bytes)
          */
         void __user *fpstate;           /* zero when no FPU/extended context */
diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h
index 4e77853321db..3089f70c0c52 100644
--- a/arch/x86/include/asm/spinlock.h
+++ b/arch/x86/include/asm/spinlock.h
@@ -58,7 +58,7 @@
 #if (NR_CPUS < 256)
 #define TICKET_SHIFT 8
 
-static __always_inline void __ticket_spin_lock(raw_spinlock_t *lock)
+static __always_inline void __ticket_spin_lock(arch_spinlock_t *lock)
 {
         short inc = 0x0100;
 
@@ -77,7 +77,7 @@ static __always_inline void __ticket_spin_lock(raw_spinlock_t *lock)
                 : "memory", "cc");
 }
 
-static __always_inline int __ticket_spin_trylock(raw_spinlock_t *lock)
+static __always_inline int __ticket_spin_trylock(arch_spinlock_t *lock)
 {
         int tmp, new;
 
@@ -96,7 +96,7 @@ static __always_inline int __ticket_spin_trylock(raw_spinlock_t *lock)
         return tmp;
 }
 
-static __always_inline void __ticket_spin_unlock(raw_spinlock_t *lock)
+static __always_inline void __ticket_spin_unlock(arch_spinlock_t *lock)
 {
         asm volatile(UNLOCK_LOCK_PREFIX "incb %0"
                      : "+m" (lock->slock)
@@ -106,7 +106,7 @@ static __always_inline void __ticket_spin_unlock(raw_spinlock_t *lock)
 #else
 #define TICKET_SHIFT 16
 
-static __always_inline void __ticket_spin_lock(raw_spinlock_t *lock)
+static __always_inline void __ticket_spin_lock(arch_spinlock_t *lock)
 {
         int inc = 0x00010000;
         int tmp;
@@ -127,7 +127,7 @@ static __always_inline void __ticket_spin_lock(raw_spinlock_t *lock)
                      : "memory", "cc");
 }
 
-static __always_inline int __ticket_spin_trylock(raw_spinlock_t *lock)
+static __always_inline int __ticket_spin_trylock(arch_spinlock_t *lock)
 {
         int tmp;
         int new;
@@ -149,7 +149,7 @@ static __always_inline int __ticket_spin_trylock(raw_spinlock_t *lock)
         return tmp;
 }
 
-static __always_inline void __ticket_spin_unlock(raw_spinlock_t *lock)
+static __always_inline void __ticket_spin_unlock(arch_spinlock_t *lock)
 {
         asm volatile(UNLOCK_LOCK_PREFIX "incw %0"
                      : "+m" (lock->slock)
@@ -158,14 +158,14 @@ static __always_inline void __ticket_spin_unlock(raw_spinlock_t *lock)
 }
 #endif
 
-static inline int __ticket_spin_is_locked(raw_spinlock_t *lock)
+static inline int __ticket_spin_is_locked(arch_spinlock_t *lock)
 {
         int tmp = ACCESS_ONCE(lock->slock);
 
         return !!(((tmp >> TICKET_SHIFT) ^ tmp) & ((1 << TICKET_SHIFT) - 1));
 }
 
-static inline int __ticket_spin_is_contended(raw_spinlock_t *lock)
+static inline int __ticket_spin_is_contended(arch_spinlock_t *lock)
 {
         int tmp = ACCESS_ONCE(lock->slock);
 
@@ -174,43 +174,43 @@ static inline int __ticket_spin_is_contended(raw_spinlock_t *lock)
 
 #ifndef CONFIG_PARAVIRT_SPINLOCKS
 
-static inline int __raw_spin_is_locked(raw_spinlock_t *lock)
+static inline int arch_spin_is_locked(arch_spinlock_t *lock)
 {
         return __ticket_spin_is_locked(lock);
 }
 
-static inline int __raw_spin_is_contended(raw_spinlock_t *lock)
+static inline int arch_spin_is_contended(arch_spinlock_t *lock)
 {
         return __ticket_spin_is_contended(lock);
 }
-#define __raw_spin_is_contended __raw_spin_is_contended
+#define arch_spin_is_contended  arch_spin_is_contended
 
-static __always_inline void __raw_spin_lock(raw_spinlock_t *lock)
+static __always_inline void arch_spin_lock(arch_spinlock_t *lock)
 {
         __ticket_spin_lock(lock);
 }
 
-static __always_inline int __raw_spin_trylock(raw_spinlock_t *lock)
+static __always_inline int arch_spin_trylock(arch_spinlock_t *lock)
 {
         return __ticket_spin_trylock(lock);
 }
 
-static __always_inline void __raw_spin_unlock(raw_spinlock_t *lock)
+static __always_inline void arch_spin_unlock(arch_spinlock_t *lock)
 {
         __ticket_spin_unlock(lock);
 }
 
-static __always_inline void __raw_spin_lock_flags(raw_spinlock_t *lock,
+static __always_inline void arch_spin_lock_flags(arch_spinlock_t *lock,
                                                   unsigned long flags)
 {
-        __raw_spin_lock(lock);
+        arch_spin_lock(lock);
 }
 
 #endif  /* CONFIG_PARAVIRT_SPINLOCKS */
 
-static inline void __raw_spin_unlock_wait(raw_spinlock_t *lock)
+static inline void arch_spin_unlock_wait(arch_spinlock_t *lock)
 {
-        while (__raw_spin_is_locked(lock))
+        while (arch_spin_is_locked(lock))
                 cpu_relax();
 }
 
@@ -232,7 +232,7 @@ static inline void __raw_spin_unlock_wait(raw_spinlock_t *lock)
  * read_can_lock - would read_trylock() succeed?
  * @lock: the rwlock in question.
  */
-static inline int __raw_read_can_lock(raw_rwlock_t *lock)
+static inline int arch_read_can_lock(arch_rwlock_t *lock)
 {
         return (int)(lock)->lock > 0;
 }
@@ -241,12 +241,12 @@ static inline int __raw_read_can_lock(raw_rwlock_t *lock)
  * write_can_lock - would write_trylock() succeed?
  * @lock: the rwlock in question.
  */
-static inline int __raw_write_can_lock(raw_rwlock_t *lock)
+static inline int arch_write_can_lock(arch_rwlock_t *lock)
 {
         return (lock)->lock == RW_LOCK_BIAS;
 }
 
-static inline void __raw_read_lock(raw_rwlock_t *rw)
+static inline void arch_read_lock(arch_rwlock_t *rw)
 {
         asm volatile(LOCK_PREFIX " subl $1,(%0)\n\t"
                      "jns 1f\n"
@@ -255,7 +255,7 @@ static inline void __raw_read_lock(raw_rwlock_t *rw)
                      ::LOCK_PTR_REG (rw) : "memory");
 }
 
-static inline void __raw_write_lock(raw_rwlock_t *rw)
+static inline void arch_write_lock(arch_rwlock_t *rw)
 {
         asm volatile(LOCK_PREFIX " subl %1,(%0)\n\t"
                      "jz 1f\n"
@@ -264,7 +264,7 @@ static inline void __raw_write_lock(raw_rwlock_t *rw)
                      ::LOCK_PTR_REG (rw), "i" (RW_LOCK_BIAS) : "memory");
 }
 
-static inline int __raw_read_trylock(raw_rwlock_t *lock)
+static inline int arch_read_trylock(arch_rwlock_t *lock)
 {
         atomic_t *count = (atomic_t *)lock;
 
@@ -274,7 +274,7 @@ static inline int __raw_read_trylock(raw_rwlock_t *lock)
         return 0;
 }
 
-static inline int __raw_write_trylock(raw_rwlock_t *lock)
+static inline int arch_write_trylock(arch_rwlock_t *lock)
 {
         atomic_t *count = (atomic_t *)lock;
 
@@ -284,23 +284,23 @@ static inline int __raw_write_trylock(raw_rwlock_t *lock)
         return 0;
 }
 
-static inline void __raw_read_unlock(raw_rwlock_t *rw)
+static inline void arch_read_unlock(arch_rwlock_t *rw)
 {
         asm volatile(LOCK_PREFIX "incl %0" :"+m" (rw->lock) : : "memory");
 }
 
-static inline void __raw_write_unlock(raw_rwlock_t *rw)
+static inline void arch_write_unlock(arch_rwlock_t *rw)
 {
         asm volatile(LOCK_PREFIX "addl %1, %0"
                      : "+m" (rw->lock) : "i" (RW_LOCK_BIAS) : "memory");
 }
 
-#define __raw_read_lock_flags(lock, flags) __raw_read_lock(lock)
-#define __raw_write_lock_flags(lock, flags) __raw_write_lock(lock)
+#define arch_read_lock_flags(lock, flags) arch_read_lock(lock)
+#define arch_write_lock_flags(lock, flags) arch_write_lock(lock)
 
-#define _raw_spin_relax(lock)   cpu_relax()
-#define _raw_read_relax(lock)   cpu_relax()
-#define _raw_write_relax(lock)  cpu_relax()
+#define arch_spin_relax(lock)   cpu_relax()
+#define arch_read_relax(lock)   cpu_relax()
+#define arch_write_relax(lock)  cpu_relax()
 
 /* The {read|write|spin}_lock() on x86 are full memory barriers. */
 static inline void smp_mb__after_lock(void) { }
diff --git a/arch/x86/include/asm/spinlock_types.h b/arch/x86/include/asm/spinlock_types.h
index 845f81c87091..dcb48b2edc11 100644
--- a/arch/x86/include/asm/spinlock_types.h
+++ b/arch/x86/include/asm/spinlock_types.h
@@ -5,16 +5,16 @@
 # error "please don't include this file directly"
 #endif
 
-typedef struct raw_spinlock {
+typedef struct arch_spinlock {
         unsigned int slock;
-} raw_spinlock_t;
+} arch_spinlock_t;
 
-#define __RAW_SPIN_LOCK_UNLOCKED        { 0 }
+#define __ARCH_SPIN_LOCK_UNLOCKED       { 0 }
 
 typedef struct {
         unsigned int lock;
-} raw_rwlock_t;
+} arch_rwlock_t;
 
-#define __RAW_RW_LOCK_UNLOCKED          { RW_LOCK_BIAS }
+#define __ARCH_RW_LOCK_UNLOCKED         { RW_LOCK_BIAS }
 
 #endif /* _ASM_X86_SPINLOCK_TYPES_H */
diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h
index cf86a5e73815..35e89122a42f 100644
--- a/arch/x86/include/asm/stacktrace.h
+++ b/arch/x86/include/asm/stacktrace.h
@@ -5,6 +5,29 @@ extern int kstack_depth_to_print;
 
 int x86_is_stack_id(int id, char *name);
 
+struct thread_info;
+struct stacktrace_ops;
+
+typedef unsigned long (*walk_stack_t)(struct thread_info *tinfo,
+                                      unsigned long *stack,
+                                      unsigned long bp,
+                                      const struct stacktrace_ops *ops,
+                                      void *data,
+                                      unsigned long *end,
+                                      int *graph);
+
+extern unsigned long
+print_context_stack(struct thread_info *tinfo,
+                    unsigned long *stack, unsigned long bp,
+                    const struct stacktrace_ops *ops, void *data,
+                    unsigned long *end, int *graph);
+
+extern unsigned long
+print_context_stack_bp(struct thread_info *tinfo,
+                       unsigned long *stack, unsigned long bp,
+                       const struct stacktrace_ops *ops, void *data,
+                       unsigned long *end, int *graph);
+
 /* Generic stack tracer with callbacks */
 
 struct stacktrace_ops {
@@ -14,6 +37,7 @@ struct stacktrace_ops {
         void (*address)(void *data, unsigned long address, int reliable);
         /* On negative return stop dumping */
         int (*stack)(void *data, char *name);
+        walk_stack_t    walk_stack;
 };
 
 void dump_trace(struct task_struct *tsk, struct pt_regs *regs,
diff --git a/arch/x86/include/asm/string_32.h b/arch/x86/include/asm/string_32.h
index ae907e617181..3d3e8353ee5c 100644
--- a/arch/x86/include/asm/string_32.h
+++ b/arch/x86/include/asm/string_32.h
@@ -177,10 +177,15 @@ static inline void *__memcpy3d(void *to, const void *from, size_t len)
  */
 
 #ifndef CONFIG_KMEMCHECK
+
+#if (__GNUC__ >= 4)
+#define memcpy(t, f, n) __builtin_memcpy(t, f, n)
+#else
 #define memcpy(t, f, n)                         \
         (__builtin_constant_p((n))              \
          ? __constant_memcpy((t), (f), (n))     \
          : __memcpy((t), (f), (n)))
+#endif
 #else
 /*
  * kmemcheck becomes very happy if we use the REP instructions unconditionally,
@@ -316,11 +321,15 @@ void *__constant_c_and_count_memset(void *s, unsigned long pattern,
          : __memset_generic((s), (c), (count)))
 
 #define __HAVE_ARCH_MEMSET
+#if (__GNUC__ >= 4)
+#define memset(s, c, count) __builtin_memset(s, c, count)
+#else
 #define memset(s, c, count)                                             \
         (__builtin_constant_p(c)                                        \
          ? __constant_c_x_memset((s), (0x01010101UL * (unsigned char)(c)), \
                                  (count))                               \
          : __memset((s), (c), (count)))
+#endif
 
 /*
  * find the first occurrence of byte 'c', or 1 past the area if none
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index 85574b7c1bc1..1fecb7e61130 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -57,7 +57,8 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
         u16 intercept_dr_write;
         u32 intercept_exceptions;
         u64 intercept;
-        u8 reserved_1[44];
+        u8 reserved_1[42];
+        u16 pause_filter_count;
         u64 iopm_base_pa;
         u64 msrpm_base_pa;
         u64 tsc_offset;
diff --git a/arch/x86/include/asm/swiotlb.h b/arch/x86/include/asm/swiotlb.h
index b9e4e20174fb..8085277e1b8b 100644
--- a/arch/x86/include/asm/swiotlb.h
+++ b/arch/x86/include/asm/swiotlb.h
@@ -3,15 +3,16 @@
 
 #include <linux/swiotlb.h>
 
-/* SWIOTLB interface */
-
-extern int swiotlb_force;
-
 #ifdef CONFIG_SWIOTLB
 extern int swiotlb;
-extern void pci_swiotlb_init(void);
+extern int __init pci_swiotlb_detect(void);
+extern void __init pci_swiotlb_init(void);
 #else
 #define swiotlb 0
+static inline int pci_swiotlb_detect(void)
+{
+        return 0;
+}
 static inline void pci_swiotlb_init(void)
 {
 }
diff --git a/arch/x86/include/asm/sys_ia32.h b/arch/x86/include/asm/sys_ia32.h
index 72a6dcd1299b..d5f69045c100 100644
--- a/arch/x86/include/asm/sys_ia32.h
+++ b/arch/x86/include/asm/sys_ia32.h
@@ -30,7 +30,6 @@ struct mmap_arg_struct;
 asmlinkage long sys32_mmap(struct mmap_arg_struct __user *);
 asmlinkage long sys32_mprotect(unsigned long, size_t, unsigned long);
 
-asmlinkage long sys32_pipe(int __user *);
 struct sigaction32;
 struct old_sigaction32;
 asmlinkage long sys32_rt_sigaction(int, struct sigaction32 __user *,
@@ -51,20 +50,12 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t,
 asmlinkage long sys32_rt_sigpending(compat_sigset_t __user *, compat_size_t);
 asmlinkage long sys32_rt_sigqueueinfo(int, int, compat_siginfo_t __user *);
 
-#ifdef CONFIG_SYSCTL_SYSCALL
-struct sysctl_ia32;
-asmlinkage long sys32_sysctl(struct sysctl_ia32 __user *);
-#endif
-
 asmlinkage long sys32_pread(unsigned int, char __user *, u32, u32, u32);
 asmlinkage long sys32_pwrite(unsigned int, char __user *, u32, u32, u32);
 
 asmlinkage long sys32_personality(unsigned long);
 asmlinkage long sys32_sendfile(int, int, compat_off_t __user *, s32);
 
-asmlinkage long sys32_mmap2(unsigned long, unsigned long, unsigned long,
-                            unsigned long, unsigned long, unsigned long);
-
 struct oldold_utsname;
 struct old_utsname;
 asmlinkage long sys32_olduname(struct oldold_utsname __user *);
diff --git a/arch/x86/include/asm/syscalls.h b/arch/x86/include/asm/syscalls.h
index 372b76edd63f..8868b9420b0e 100644
--- a/arch/x86/include/asm/syscalls.h
+++ b/arch/x86/include/asm/syscalls.h
@@ -18,16 +18,24 @@
 /* Common in X86_32 and X86_64 */
 /* kernel/ioport.c */
 asmlinkage long sys_ioperm(unsigned long, unsigned long, int);
+long sys_iopl(unsigned int, struct pt_regs *);
 
 /* kernel/process.c */
 int sys_fork(struct pt_regs *);
 int sys_vfork(struct pt_regs *);
+long sys_execve(char __user *, char __user * __user *,
+                char __user * __user *, struct pt_regs *);
+long sys_clone(unsigned long, unsigned long, void __user *,
+               void __user *, struct pt_regs *);
 
 /* kernel/ldt.c */
 asmlinkage int sys_modify_ldt(int, void __user *, unsigned long);
 
 /* kernel/signal.c */
 long sys_rt_sigreturn(struct pt_regs *);
+long sys_sigaltstack(const stack_t __user *, stack_t __user *,
+                     struct pt_regs *);
+
 
 /* kernel/tls.c */
 asmlinkage int sys_set_thread_area(struct user_desc __user *);
@@ -35,18 +43,11 @@ asmlinkage int sys_get_thread_area(struct user_desc __user *);
 
 /* X86_32 only */
 #ifdef CONFIG_X86_32
-/* kernel/ioport.c */
-long sys_iopl(struct pt_regs *);
-
-/* kernel/process_32.c */
-int sys_clone(struct pt_regs *);
-int sys_execve(struct pt_regs *);
 
 /* kernel/signal.c */
 asmlinkage int sys_sigsuspend(int, int, old_sigset_t);
 asmlinkage int sys_sigaction(int, const struct old_sigaction __user *,
                              struct old_sigaction __user *);
-int sys_sigaltstack(struct pt_regs *);
 unsigned long sys_sigreturn(struct pt_regs *);
 
 /* kernel/sys_i386_32.c */
@@ -55,8 +56,6 @@ struct sel_arg_struct;
 struct oldold_utsname;
 struct old_utsname;
 
-asmlinkage long sys_mmap2(unsigned long, unsigned long, unsigned long,
-                          unsigned long, unsigned long, unsigned long);
 asmlinkage int old_mmap(struct mmap_arg_struct __user *);
 asmlinkage int old_select(struct sel_arg_struct __user *);
 asmlinkage int sys_ipc(uint, int, int, int, void __user *, long);
@@ -64,28 +63,15 @@ asmlinkage int sys_uname(struct old_utsname __user *);
 asmlinkage int sys_olduname(struct oldold_utsname __user *);
 
 /* kernel/vm86_32.c */
-int sys_vm86old(struct pt_regs *);
-int sys_vm86(struct pt_regs *);
+int sys_vm86old(struct vm86_struct __user *, struct pt_regs *);
+int sys_vm86(unsigned long, unsigned long, struct pt_regs *);
 
 #else /* CONFIG_X86_32 */
 
 /* X86_64 only */
-/* kernel/ioport.c */
-asmlinkage long sys_iopl(unsigned int, struct pt_regs *);
-
 /* kernel/process_64.c */
-asmlinkage long sys_clone(unsigned long, unsigned long,
-                          void __user *, void __user *,
-                          struct pt_regs *);
-asmlinkage long sys_execve(char __user *, char __user * __user *,
-                           char __user * __user *,
-                           struct pt_regs *);
 long sys_arch_prctl(int, unsigned long);
 
-/* kernel/signal.c */
-asmlinkage long sys_sigaltstack(const stack_t __user *, stack_t __user *,
-                                struct pt_regs *);
-
 /* kernel/sys_x86_64.c */
 struct new_utsname;
 
diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system.h
index de10c19d9558..e529f26c3292 100644
--- a/arch/x86/include/asm/system.h
+++ b/arch/x86/include/asm/system.h
@@ -23,6 +23,7 @@ struct task_struct *__switch_to(struct task_struct *prev,
 struct tss_struct;
 void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
                       struct tss_struct *tss);
+extern void show_regs_common(void);
 
 #ifdef CONFIG_X86_32
 
@@ -128,8 +129,6 @@ do {									\
              "movq %%rsp,%P[threadrsp](%[prev])\n\t" /* save RSP */       \
              "movq %P[threadrsp](%[next]),%%rsp\n\t" /* restore RSP */    \
              "call __switch_to\n\t"                                       \
-             ".globl thread_return\n"                                     \
-             "thread_return:\n\t"                                         \
              "movq "__percpu_arg([current_task])",%%rsi\n\t"              \
              __switch_canary                                              \
              "movq %P[thread_info](%%rsi),%%r8\n\t"                       \
@@ -157,19 +156,22 @@ extern void native_load_gs_index(unsigned);
  * Load a segment. Fall back on loading the zero
  * segment if something goes wrong..
  */
-#define loadsegment(seg, value)                 \
-        asm volatile("\n"                       \
-                     "1:\t"                     \
-                     "movl %k0,%%" #seg "\n"    \
-                     "2:\n"                     \
-                     ".section .fixup,\"ax\"\n" \
-                     "3:\t"                     \
-                     "movl %k1, %%" #seg "\n\t" \
-                     "jmp 2b\n"                 \
-                     ".previous\n"              \
-                     _ASM_EXTABLE(1b,3b)        \
-                     : :"r" (value), "r" (0) : "memory")
-
+#define loadsegment(seg, value)                                         \
+do {                                                                    \
+        unsigned short __val = (value);                                 \
+                                                                        \
+        asm volatile("                                          \n"     \
+                     "1:        movl %k0,%%" #seg "             \n"     \
+                                                                        \
+                     ".section .fixup,\"ax\"                    \n"     \
+                     "2:        xorl %k0,%k0                    \n"     \
+                     "          jmp 1b                          \n"     \
+                     ".previous                                 \n"     \
+                                                                        \
+                     _ASM_EXTABLE(1b, 2b)                               \
+                                                                        \
+                     : "+r" (__val) : : "memory");                      \
+} while (0)
 
 /*
  * Save a segment register away
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index d27d0a2fec4c..375c917c37d2 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -83,6 +83,7 @@ struct thread_info {
 #define TIF_SYSCALL_AUDIT       7       /* syscall auditing active */
 #define TIF_SECCOMP             8       /* secure computing */
 #define TIF_MCE_NOTIFY          10      /* notify userspace of an MCE */
+#define TIF_USER_RETURN_NOTIFY  11      /* notify kernel of userspace return */
 #define TIF_NOTSC               16      /* TSC is not accessible in userland */
 #define TIF_IA32                17      /* 32bit process */
 #define TIF_FORK                18      /* ret_from_fork */
@@ -107,6 +108,7 @@ struct thread_info {
 #define _TIF_SYSCALL_AUDIT      (1 << TIF_SYSCALL_AUDIT)
 #define _TIF_SECCOMP            (1 << TIF_SECCOMP)
 #define _TIF_MCE_NOTIFY         (1 << TIF_MCE_NOTIFY)
+#define _TIF_USER_RETURN_NOTIFY (1 << TIF_USER_RETURN_NOTIFY)
 #define _TIF_NOTSC              (1 << TIF_NOTSC)
 #define _TIF_IA32               (1 << TIF_IA32)
 #define _TIF_FORK               (1 << TIF_FORK)
@@ -142,13 +144,14 @@ struct thread_info {
 
 /* Only used for 64 bit */
 #define _TIF_DO_NOTIFY_MASK                                             \
-        (_TIF_SIGPENDING|_TIF_MCE_NOTIFY|_TIF_NOTIFY_RESUME)
+        (_TIF_SIGPENDING | _TIF_MCE_NOTIFY | _TIF_NOTIFY_RESUME |       \
+         _TIF_USER_RETURN_NOTIFY)
 
 /* flags to check in __switch_to() */
 #define _TIF_WORK_CTXSW                                                 \
         (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR|_TIF_NOTSC)
 
-#define _TIF_WORK_CTXSW_PREV _TIF_WORK_CTXSW
+#define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
 #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW|_TIF_DEBUG)
 
 #define PREEMPT_ACTIVE          0x10000000
diff --git a/arch/x86/include/asm/topology.h b/arch/x86/include/asm/topology.h
index 25a92842dd99..c5087d796587 100644
--- a/arch/x86/include/asm/topology.h
+++ b/arch/x86/include/asm/topology.h
@@ -35,11 +35,16 @@
 # endif
 #endif
 
-/* Node not present */
-#define NUMA_NO_NODE    (-1)
+/*
+ * to preserve the visibility of NUMA_NO_NODE definition,
+ * moved to there from here.  May be used independent of
+ * CONFIG_NUMA.
+ */
+#include <linux/numa.h>
 
 #ifdef CONFIG_NUMA
 #include <linux/cpumask.h>
+
 #include <asm/mpspec.h>
 
 #ifdef CONFIG_X86_32
@@ -143,6 +148,7 @@ extern unsigned long node_remap_size[];
                                 | 1*SD_BALANCE_FORK                     \
                                 | 0*SD_BALANCE_WAKE                     \
                                 | 1*SD_WAKE_AFFINE                      \
+                                | 0*SD_PREFER_LOCAL                     \
                                 | 0*SD_SHARE_CPUPOWER                   \
                                 | 0*SD_POWERSAVINGS_BALANCE             \
                                 | 0*SD_SHARE_PKG_RESOURCES              \
diff --git a/arch/x86/include/asm/trampoline.h b/arch/x86/include/asm/trampoline.h
index 90f06c25221d..cb507bb05d79 100644
--- a/arch/x86/include/asm/trampoline.h
+++ b/arch/x86/include/asm/trampoline.h
@@ -16,7 +16,6 @@ extern unsigned long initial_code;
 extern unsigned long initial_gs;
 
 #define TRAMPOLINE_SIZE roundup(trampoline_end - trampoline_data, PAGE_SIZE)
-#define TRAMPOLINE_BASE 0x6000
 
 extern unsigned long setup_trampoline(void);
 extern void __init reserve_trampoline_memory(void);
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index d2c6c930b491..abd3e0ea762a 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -570,7 +570,6 @@ extern struct movsl_mask {
 #ifdef CONFIG_X86_32
 # include "uaccess_32.h"
 #else
-# define ARCH_HAS_SEARCH_EXTABLE
 # include "uaccess_64.h"
 #endif
 
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
index 632fb44b4cb5..0c9825e97f36 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
@@ -187,9 +187,34 @@ __copy_from_user_inatomic_nocache(void *to, const void __user *from,
 
 unsigned long __must_check copy_to_user(void __user *to,
                                         const void *from, unsigned long n);
-unsigned long __must_check copy_from_user(void *to,
+unsigned long __must_check _copy_from_user(void *to,
                                           const void __user *from,
                                           unsigned long n);
+
+
+extern void copy_from_user_overflow(void)
+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+        __compiletime_error("copy_from_user() buffer size is not provably correct")
+#else
+        __compiletime_warning("copy_from_user() buffer size is not provably correct")
+#endif
+;
+
+static inline unsigned long __must_check copy_from_user(void *to,
+                                          const void __user *from,
+                                          unsigned long n)
+{
+        int sz = __compiletime_object_size(to);
+        int ret = -EFAULT;
+
+        if (likely(sz == -1 || sz >= n))
+                ret = _copy_from_user(to, from, n);
+        else
+                copy_from_user_overflow();
+
+        return ret;
+}
+
 long __must_check strncpy_from_user(char *dst, const char __user *src,
                                     long count);
 long __must_check __strncpy_from_user(char *dst,
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index db24b215fc50..46324c6a4f6e 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -19,12 +19,37 @@ __must_check unsigned long
 copy_user_generic(void *to, const void *from, unsigned len);
 
 __must_check unsigned long
-copy_to_user(void __user *to, const void *from, unsigned len);
+_copy_to_user(void __user *to, const void *from, unsigned len);
 __must_check unsigned long
-copy_from_user(void *to, const void __user *from, unsigned len);
+_copy_from_user(void *to, const void __user *from, unsigned len);
 __must_check unsigned long
 copy_in_user(void __user *to, const void __user *from, unsigned len);
 
+static inline unsigned long __must_check copy_from_user(void *to,
+                                          const void __user *from,
+                                          unsigned long n)
+{
+        int sz = __compiletime_object_size(to);
+        int ret = -EFAULT;
+
+        might_fault();
+        if (likely(sz == -1 || sz >= n))
+                ret = _copy_from_user(to, from, n);
+#ifdef CONFIG_DEBUG_VM
+        else
+                WARN(1, "Buffer overflow detected!\n");
+#endif
+        return ret;
+}
+
+static __always_inline __must_check
+int copy_to_user(void __user *dst, const void *src, unsigned size)
+{
+        might_fault();
+
+        return _copy_to_user(dst, src, size);
+}
+
 static __always_inline __must_check
 int __copy_from_user(void *dst, const void __user *src, unsigned size)
 {
@@ -176,8 +201,11 @@ __must_check long strlen_user(const char __user *str);
 __must_check unsigned long clear_user(void __user *mem, unsigned long len);
 __must_check unsigned long __clear_user(void __user *mem, unsigned long len);
 
-__must_check long __copy_from_user_inatomic(void *dst, const void __user *src,
-                                            unsigned size);
+static __must_check __always_inline int
+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size)
+{
+        return copy_user_generic(dst, (__force const void *)src, size);
+}
 
 static __must_check __always_inline int
 __copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
diff --git a/arch/x86/include/asm/unistd_32.h b/arch/x86/include/asm/unistd_32.h
index 6fb3c209a7e3..3baf379fa840 100644
--- a/arch/x86/include/asm/unistd_32.h
+++ b/arch/x86/include/asm/unistd_32.h
@@ -342,10 +342,11 @@
 #define __NR_pwritev            334
 #define __NR_rt_tgsigqueueinfo  335
 #define __NR_perf_event_open    336
+#define __NR_recvmmsg           337
 
 #ifdef __KERNEL__
 
-#define NR_syscalls 337
+#define NR_syscalls 338
 
 #define __ARCH_WANT_IPC_PARSE_VERSION
 #define __ARCH_WANT_OLD_READDIR
diff --git a/arch/x86/include/asm/unistd_64.h b/arch/x86/include/asm/unistd_64.h
index 8d3ad0adbc68..4843f7ba754a 100644
--- a/arch/x86/include/asm/unistd_64.h
+++ b/arch/x86/include/asm/unistd_64.h
@@ -661,6 +661,8 @@ __SYSCALL(__NR_pwritev, sys_pwritev)
 __SYSCALL(__NR_rt_tgsigqueueinfo, sys_rt_tgsigqueueinfo)
 #define __NR_perf_event_open                    298
 __SYSCALL(__NR_perf_event_open, sys_perf_event_open)
+#define __NR_recvmmsg                           299
+__SYSCALL(__NR_recvmmsg, sys_recvmmsg)
 
 #ifndef __NO_STUBS
 #define __ARCH_WANT_OLD_READDIR
diff --git a/arch/x86/include/asm/uv/bios.h b/arch/x86/include/asm/uv/bios.h
index 7ed17ff502b9..2751f3075d8b 100644
--- a/arch/x86/include/asm/uv/bios.h
+++ b/arch/x86/include/asm/uv/bios.h
@@ -76,15 +76,6 @@ union partition_info_u {
         };
 };
 
-union uv_watchlist_u {
-        u64     val;
-        struct {
-                u64     blade   : 16,
-                        size    : 32,
-                        filler  : 16;
-        };
-};
-
 enum uv_memprotect {
         UV_MEMPROT_RESTRICT_ACCESS,
         UV_MEMPROT_ALLOW_AMO,
@@ -100,7 +91,7 @@ extern s64 uv_bios_call_reentrant(enum uv_bios_cmd, u64, u64, u64, u64, u64);
 
 extern s64 uv_bios_get_sn_info(int, int *, long *, long *, long *);
 extern s64 uv_bios_freq_base(u64, u64 *);
-extern int uv_bios_mq_watchlist_alloc(int, unsigned long, unsigned int,
+extern int uv_bios_mq_watchlist_alloc(unsigned long, unsigned int,
                                         unsigned long *);
 extern int uv_bios_mq_watchlist_free(int, int);
 extern s64 uv_bios_change_memprotect(u64, u64, enum uv_memprotect);
diff --git a/arch/x86/include/asm/uv/uv_bau.h b/arch/x86/include/asm/uv/uv_bau.h
index 80e2984f521c..b414d2b401f6 100644
--- a/arch/x86/include/asm/uv/uv_bau.h
+++ b/arch/x86/include/asm/uv/uv_bau.h
@@ -55,7 +55,7 @@
 #define DESC_STATUS_SOURCE_TIMEOUT      3
 
 /*
- * source side threshholds at which message retries print a warning
+ * source side thresholds at which message retries print a warning
  */
 #define SOURCE_TIMEOUT_LIMIT            20
 #define DESTINATION_TIMEOUT_LIMIT       20
diff --git a/arch/x86/include/asm/uv/uv_hub.h b/arch/x86/include/asm/uv/uv_hub.h
index 04eb6c958b9d..bc54fa965af3 100644
--- a/arch/x86/include/asm/uv/uv_hub.h
+++ b/arch/x86/include/asm/uv/uv_hub.h
@@ -19,6 +19,8 @@
 #include <asm/types.h>
 #include <asm/percpu.h>
 #include <asm/uv/uv_mmrs.h>
+#include <asm/irq_vectors.h>
+#include <asm/io_apic.h>
 
 
 /*
@@ -29,20 +31,20 @@
  *                contiguous (although various IO spaces may punch holes in
  *                it)..
  *
- *      N       - Number of bits in the node portion of a socket physical
- *                address.
+ *      N       - Number of bits in the node portion of a socket physical
+ *                address.
  *
- *      NASID   - network ID of a router, Mbrick or Cbrick. Nasid values of
- *                routers always have low bit of 1, C/MBricks have low bit
- *                equal to 0. Most addressing macros that target UV hub chips
- *                right shift the NASID by 1 to exclude the always-zero bit.
- *                NASIDs contain up to 15 bits.
+ *      NASID   - network ID of a router, Mbrick or Cbrick. Nasid values of
+ *                routers always have low bit of 1, C/MBricks have low bit
+ *                equal to 0. Most addressing macros that target UV hub chips
+ *                right shift the NASID by 1 to exclude the always-zero bit.
+ *                NASIDs contain up to 15 bits.
  *
  *      GNODE   - NASID right shifted by 1 bit. Most mmrs contain gnodes instead
  *                of nasids.
  *
- *      PNODE   - the low N bits of the GNODE. The PNODE is the most useful variant
- *                of the nasid for socket usage.
+ *      PNODE   - the low N bits of the GNODE. The PNODE is the most useful variant
+ *                of the nasid for socket usage.
  *
  *
  *  NumaLink Global Physical Address Format:
@@ -69,12 +71,12 @@
  *
  *
  * APICID format
- *      NOTE!!!!!! This is the current format of the APICID. However, code
- *      should assume that this will change in the future. Use functions
- *      in this file for all APICID bit manipulations and conversion.
+ *      NOTE!!!!!! This is the current format of the APICID. However, code
+ *      should assume that this will change in the future. Use functions
+ *      in this file for all APICID bit manipulations and conversion.
  *
- *              1111110000000000
- *              5432109876543210
+ *              1111110000000000
+ *              5432109876543210
  *              pppppppppplc0cch
  *              sssssssssss
  *
@@ -87,9 +89,9 @@
  *      Note: Processor only supports 12 bits in the APICID register. The ACPI
  *            tables hold all 16 bits. Software needs to be aware of this.
  *
- *            Unless otherwise specified, all references to APICID refer to
- *            the FULL value contained in ACPI tables, not the subset in the
- *            processor APICID register.
+ *            Unless otherwise specified, all references to APICID refer to
+ *            the FULL value contained in ACPI tables, not the subset in the
+ *            processor APICID register.
  */
 
 
@@ -114,7 +116,7 @@
 /*
  * The largest possible NASID of a C or M brick (+ 2)
  */
-#define UV_MAX_NASID_VALUE      (UV_MAX_NUMALINK_NODES * 2)
+#define UV_MAX_NASID_VALUE      (UV_MAX_NUMALINK_BLADES * 2)
 
 struct uv_scir_s {
         struct timer_list timer;
@@ -149,16 +151,16 @@ struct uv_hub_info_s {
 };
 
 DECLARE_PER_CPU(struct uv_hub_info_s, __uv_hub_info);
-#define uv_hub_info             (&__get_cpu_var(__uv_hub_info))
+#define uv_hub_info             (&__get_cpu_var(__uv_hub_info))
 #define uv_cpu_hub_info(cpu)    (&per_cpu(__uv_hub_info, cpu))
 
 /*
  * Local & Global MMR space macros.
- *      Note: macros are intended to be used ONLY by inline functions
- *      in this file - not by other kernel code.
- *              n -  NASID (full 15-bit global nasid)
- *              g -  GNODE (full 15-bit global nasid, right shifted 1)
- *              p -  PNODE (local part of nsids, right shifted 1)
+ *      Note: macros are intended to be used ONLY by inline functions
+ *      in this file - not by other kernel code.
+ *              n -  NASID (full 15-bit global nasid)
+ *              g -  GNODE (full 15-bit global nasid, right shifted 1)
+ *              p -  PNODE (local part of nsids, right shifted 1)
  */
 #define UV_NASID_TO_PNODE(n)            (((n) >> 1) & uv_hub_info->pnode_mask)
 #define UV_PNODE_TO_GNODE(p)            ((p) |uv_hub_info->gnode_extra)
@@ -170,6 +172,8 @@ DECLARE_PER_CPU(struct uv_hub_info_s, __uv_hub_info);
 #define UV_LOCAL_MMR_SIZE               (64UL * 1024 * 1024)
 #define UV_GLOBAL_MMR32_SIZE            (64UL * 1024 * 1024)
 
+#define UV_GLOBAL_GRU_MMR_BASE          0x4000000
+
 #define UV_GLOBAL_MMR32_PNODE_SHIFT     15
 #define UV_GLOBAL_MMR64_PNODE_SHIFT     26
 
@@ -211,8 +215,8 @@ DECLARE_PER_CPU(struct uv_hub_info_s, __uv_hub_info);
 /*
  * Macros for converting between kernel virtual addresses, socket local physical
  * addresses, and UV global physical addresses.
- *      Note: use the standard __pa() & __va() macros for converting
- *            between socket virtual and socket physical addresses.
+ *      Note: use the standard __pa() & __va() macros for converting
+ *            between socket virtual and socket physical addresses.
  */
 
 /* socket phys RAM --> UV global physical address */
@@ -230,6 +234,40 @@ static inline unsigned long uv_gpa(void *v)
         return uv_soc_phys_ram_to_gpa(__pa(v));
 }
 
+/* Top two bits indicate the requested address is in MMR space.  */
+static inline int
+uv_gpa_in_mmr_space(unsigned long gpa)
+{
+        return (gpa >> 62) == 0x3UL;
+}
+
+/* UV global physical address --> socket phys RAM */
+static inline unsigned long uv_gpa_to_soc_phys_ram(unsigned long gpa)
+{
+        unsigned long paddr = gpa & uv_hub_info->gpa_mask;
+        unsigned long remap_base = uv_hub_info->lowmem_remap_base;
+        unsigned long remap_top =  uv_hub_info->lowmem_remap_top;
+
+        if (paddr >= remap_base && paddr < remap_base + remap_top)
+                paddr -= remap_base;
+        return paddr;
+}
+
+
+/* gnode -> pnode */
+static inline unsigned long uv_gpa_to_gnode(unsigned long gpa)
+{
+        return gpa >> uv_hub_info->m_val;
+}
+
+/* gpa -> pnode */
+static inline int uv_gpa_to_pnode(unsigned long gpa)
+{
+        unsigned long n_mask = (1UL << uv_hub_info->n_val) - 1;
+
+        return uv_gpa_to_gnode(gpa) & n_mask;
+}
+
 /* pnode, offset --> socket virtual */
 static inline void *uv_pnode_offset_to_vaddr(int pnode, unsigned long offset)
 {
@@ -249,21 +287,18 @@ static inline int uv_apicid_to_pnode(int apicid)
  * Access global MMRs using the low memory MMR32 space. This region supports
  * faster MMR access but not all MMRs are accessible in this space.
  */
-static inline unsigned long *uv_global_mmr32_address(int pnode,
-                                unsigned long offset)
+static inline unsigned long *uv_global_mmr32_address(int pnode, unsigned long offset)
 {
         return __va(UV_GLOBAL_MMR32_BASE |
                        UV_GLOBAL_MMR32_PNODE_BITS(pnode) | offset);
 }
 
-static inline void uv_write_global_mmr32(int pnode, unsigned long offset,
-                                 unsigned long val)
+static inline void uv_write_global_mmr32(int pnode, unsigned long offset, unsigned long val)
 {
         writeq(val, uv_global_mmr32_address(pnode, offset));
 }
 
-static inline unsigned long uv_read_global_mmr32(int pnode,
-                                                 unsigned long offset)
+static inline unsigned long uv_read_global_mmr32(int pnode, unsigned long offset)
 {
         return readq(uv_global_mmr32_address(pnode, offset));
 }
@@ -272,26 +307,42 @@ static inline unsigned long uv_read_global_mmr32(int pnode,
  * Access Global MMR space using the MMR space located at the top of physical
  * memory.
  */
-static inline unsigned long *uv_global_mmr64_address(int pnode,
-                                unsigned long offset)
+static inline unsigned long *uv_global_mmr64_address(int pnode, unsigned long offset)
 {
         return __va(UV_GLOBAL_MMR64_BASE |
                     UV_GLOBAL_MMR64_PNODE_BITS(pnode) | offset);
 }
 
-static inline void uv_write_global_mmr64(int pnode, unsigned long offset,
-                                unsigned long val)
+static inline void uv_write_global_mmr64(int pnode, unsigned long offset, unsigned long val)
 {
         writeq(val, uv_global_mmr64_address(pnode, offset));
 }
 
-static inline unsigned long uv_read_global_mmr64(int pnode,
-                                                 unsigned long offset)
+static inline unsigned long uv_read_global_mmr64(int pnode, unsigned long offset)
 {
         return readq(uv_global_mmr64_address(pnode, offset));
 }
 
 /*
+ * Global MMR space addresses when referenced by the GRU. (GRU does
+ * NOT use socket addressing).
+ */
+static inline unsigned long uv_global_gru_mmr_address(int pnode, unsigned long offset)
+{
+        return UV_GLOBAL_GRU_MMR_BASE | offset | (pnode << uv_hub_info->m_val);
+}
+
+static inline void uv_write_global_mmr8(int pnode, unsigned long offset, unsigned char val)
+{
+        writeb(val, uv_global_mmr64_address(pnode, offset));
+}
+
+static inline unsigned char uv_read_global_mmr8(int pnode, unsigned long offset)
+{
+        return readb(uv_global_mmr64_address(pnode, offset));
+}
+
+/*
  * Access hub local MMRs. Faster than using global space but only local MMRs
  * are accessible.
  */
@@ -410,21 +461,37 @@ static inline void uv_set_scir_bits(unsigned char value)
         }
 }
 
+static inline unsigned long uv_scir_offset(int apicid)
+{
+        return SCIR_LOCAL_MMR_BASE | (apicid & 0x3f);
+}
+
 static inline void uv_set_cpu_scir_bits(int cpu, unsigned char value)
 {
         if (uv_cpu_hub_info(cpu)->scir.state != value) {
+                uv_write_global_mmr8(uv_cpu_to_pnode(cpu),
+                                uv_cpu_hub_info(cpu)->scir.offset, value);
                 uv_cpu_hub_info(cpu)->scir.state = value;
-                uv_write_local_mmr8(uv_cpu_hub_info(cpu)->scir.offset, value);
         }
 }
 
+static unsigned long uv_hub_ipi_value(int apicid, int vector, int mode)
+{
+        return (1UL << UVH_IPI_INT_SEND_SHFT) |
+                        ((apicid) << UVH_IPI_INT_APIC_ID_SHFT) |
+                        (mode << UVH_IPI_INT_DELIVERY_MODE_SHFT) |
+                        (vector << UVH_IPI_INT_VECTOR_SHFT);
+}
+
 static inline void uv_hub_send_ipi(int pnode, int apicid, int vector)
 {
         unsigned long val;
+        unsigned long dmode = dest_Fixed;
 
-        val = (1UL << UVH_IPI_INT_SEND_SHFT) |
-                        ((apicid) << UVH_IPI_INT_APIC_ID_SHFT) |
-                        (vector << UVH_IPI_INT_VECTOR_SHFT);
+        if (vector == NMI_VECTOR)
+                dmode = dest_NMI;
+
+        val = uv_hub_ipi_value(apicid, vector, dmode);
         uv_write_global_mmr64(pnode, UVH_IPI_INT, val);
 }
 
diff --git a/arch/x86/include/asm/uv/uv_irq.h b/arch/x86/include/asm/uv/uv_irq.h
index 9613c8c0b647..d6b17c760622 100644
--- a/arch/x86/include/asm/uv/uv_irq.h
+++ b/arch/x86/include/asm/uv/uv_irq.h
@@ -25,12 +25,14 @@ struct uv_IO_APIC_route_entry {
                 dest            : 32;
 };
 
-extern struct irq_chip uv_irq_chip;
-
-extern int arch_enable_uv_irq(char *, unsigned int, int, int, unsigned long);
-extern void arch_disable_uv_irq(int, unsigned long);
+enum {
+        UV_AFFINITY_ALL,
+        UV_AFFINITY_NODE,
+        UV_AFFINITY_CPU
+};
 
-extern int uv_setup_irq(char *, int, int, unsigned long);
-extern void uv_teardown_irq(unsigned int, int, unsigned long);
+extern int uv_irq_2_mmr_info(int, unsigned long *, int *);
+extern int uv_setup_irq(char *, int, int, unsigned long, int);
+extern void uv_teardown_irq(unsigned int);
 
 #endif /* _ASM_X86_UV_UV_IRQ_H */
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 272514c2d456..2b4945419a84 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -56,6 +56,7 @@
 #define SECONDARY_EXEC_ENABLE_VPID              0x00000020
 #define SECONDARY_EXEC_WBINVD_EXITING           0x00000040
 #define SECONDARY_EXEC_UNRESTRICTED_GUEST       0x00000080
+#define SECONDARY_EXEC_PAUSE_LOOP_EXITING       0x00000400
 
 
 #define PIN_BASED_EXT_INTR_MASK                 0x00000001
@@ -144,6 +145,8 @@ enum vmcs_field {
         VM_ENTRY_INSTRUCTION_LEN        = 0x0000401a,
         TPR_THRESHOLD                   = 0x0000401c,
         SECONDARY_VM_EXEC_CONTROL       = 0x0000401e,
+        PLE_GAP                         = 0x00004020,
+        PLE_WINDOW                      = 0x00004022,
         VM_INSTRUCTION_ERROR            = 0x00004400,
         VM_EXIT_REASON                  = 0x00004402,
         VM_EXIT_INTR_INFO               = 0x00004404,
@@ -248,6 +251,7 @@ enum vmcs_field {
 #define EXIT_REASON_MSR_READ            31
 #define EXIT_REASON_MSR_WRITE           32
 #define EXIT_REASON_MWAIT_INSTRUCTION   36
+#define EXIT_REASON_PAUSE_INSTRUCTION   40
 #define EXIT_REASON_MCE_DURING_VMENTRY   41
 #define EXIT_REASON_TPR_BELOW_THRESHOLD 43
 #define EXIT_REASON_APIC_ACCESS         44
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
index 2c756fd4ab0e..ea0e8ea15e15 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -26,7 +26,7 @@ struct x86_init_mpparse {
         void (*smp_read_mpc_oem)(struct mpc_table *mpc);
         void (*mpc_oem_pci_bus)(struct mpc_bus *m);
         void (*mpc_oem_bus_info)(struct mpc_bus *m, char *name);
-        void (*find_smp_config)(unsigned int reserve);
+        void (*find_smp_config)(void);
         void (*get_smp_config)(unsigned int early);
 };
 
@@ -91,6 +91,14 @@ struct x86_init_timers {
 };
 
 /**
+ * struct x86_init_iommu - platform specific iommu setup
+ * @iommu_init:                 platform specific iommu setup
+ */
+struct x86_init_iommu {
+        int (*iommu_init)(void);
+};
+
+/**
  * struct x86_init_ops - functions for platform specific setup
  *
  */
@@ -101,6 +109,7 @@ struct x86_init_ops {
         struct x86_init_oem             oem;
         struct x86_init_paging          paging;
         struct x86_init_timers          timers;
+        struct x86_init_iommu           iommu;
 };
 
 /**
@@ -116,11 +125,14 @@ struct x86_cpuinit_ops {
  * @calibrate_tsc:              calibrate TSC
  * @get_wallclock:              get time from HW clock like RTC etc.
  * @set_wallclock:              set time back to HW clock
+ * @is_untracked_pat_range      exclude from PAT logic
  */
 struct x86_platform_ops {
         unsigned long (*calibrate_tsc)(void);
         unsigned long (*get_wallclock)(void);
         int (*set_wallclock)(unsigned long nowtime);
+        void (*iommu_shutdown)(void);
+        bool (*is_untracked_pat_range)(u64 start, u64 end);
 };
 
 extern struct x86_init_ops x86_init;
diff --git a/arch/x86/include/asm/xen/hypervisor.h b/arch/x86/include/asm/xen/hypervisor.h
index d5b7e90c0edf..396ff4cc8ed4 100644
--- a/arch/x86/include/asm/xen/hypervisor.h
+++ b/arch/x86/include/asm/xen/hypervisor.h
@@ -37,31 +37,4 @@
 extern struct shared_info *HYPERVISOR_shared_info;
 extern struct start_info *xen_start_info;
 
-enum xen_domain_type {
-        XEN_NATIVE,             /* running on bare hardware    */
-        XEN_PV_DOMAIN,          /* running in a PV domain      */
-        XEN_HVM_DOMAIN,         /* running in a Xen hvm domain */
-};
-
-#ifdef CONFIG_XEN
-extern enum xen_domain_type xen_domain_type;
-#else
-#define xen_domain_type         XEN_NATIVE
-#endif
-
-#define xen_domain()            (xen_domain_type != XEN_NATIVE)
-#define xen_pv_domain()         (xen_domain() &&                        \
-                                 xen_domain_type == XEN_PV_DOMAIN)
-#define xen_hvm_domain()        (xen_domain() &&                        \
-                                 xen_domain_type == XEN_HVM_DOMAIN)
-
-#ifdef CONFIG_XEN_DOM0
-#include <xen/interface/xen.h>
-
-#define xen_initial_domain()    (xen_pv_domain() && \
-                                 xen_start_info->flags & SIF_INITDOMAIN)
-#else  /* !CONFIG_XEN_DOM0 */
-#define xen_initial_domain()    (0)
-#endif  /* CONFIG_XEN_DOM0 */
-
 #endif /* _ASM_X86_XEN_HYPERVISOR_H */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index d8e5d0cdd678..d87f09bc5a52 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -40,7 +40,7 @@ obj-$(CONFIG_X86_64)	+= sys_x86_64.o x8664_ksyms_64.o
 obj-$(CONFIG_X86_64)    += syscall_64.o vsyscall_64.o
 obj-y                   += bootflag.o e820.o
 obj-y                   += pci-dma.o quirks.o i8237.o topology.o kdebugfs.o
-obj-y                   += alternative.o i8253.o pci-nommu.o
+obj-y                   += alternative.o i8253.o pci-nommu.o hw_breakpoint.o
 obj-y                   += tsc.o io_delay.o rtc.o
 
 obj-$(CONFIG_X86_TRAMPOLINE)    += trampoline.o
@@ -89,7 +89,6 @@ obj-$(CONFIG_EARLY_PRINTK)	+= early_printk.o
 obj-$(CONFIG_HPET_TIMER)        += hpet.o
 
 obj-$(CONFIG_K8_NB)             += k8.o
-obj-$(CONFIG_MGEODE_LX)         += geode_32.o mfgpt_32.o
 obj-$(CONFIG_DEBUG_RODATA_TEST) += test_rodata.o
 obj-$(CONFIG_DEBUG_NX_TEST)     += test_nx.o
 
diff --git a/arch/x86/kernel/acpi/Makefile b/arch/x86/kernel/acpi/Makefile
index fd5ca97a2ad5..6f35260bb3ef 100644
--- a/arch/x86/kernel/acpi/Makefile
+++ b/arch/x86/kernel/acpi/Makefile
@@ -4,7 +4,7 @@ obj-$(CONFIG_ACPI)		+= boot.o
 obj-$(CONFIG_ACPI_SLEEP)        += sleep.o wakeup_rm.o wakeup_$(BITS).o
 
 ifneq ($(CONFIG_ACPI_PROCESSOR),)
-obj-y                           += cstate.o processor.o
+obj-y                           += cstate.o
 endif
 
 $(obj)/wakeup_rm.o:    $(obj)/realmode/wakeup.bin
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
index 67e929b89875..fb1035cd9a6a 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -624,6 +624,7 @@ static int __init acpi_parse_hpet(struct acpi_table_header *table)
         }
 
         hpet_address = hpet_tbl->address.address;
+        hpet_blockid = hpet_tbl->sequence;
 
         /*
          * Some broken BIOSes advertise HPET at 0x0. We really do not
@@ -1122,7 +1123,7 @@ static int __init acpi_parse_madt_ioapic_entries(void)
         if (!acpi_sci_override_gsi)
                 acpi_sci_ioapic_setup(acpi_gbl_FADT.sci_interrupt, 0, 0);
 
-        /* Fill in identity legacy mapings where no override */
+        /* Fill in identity legacy mappings where no override */
         mp_config_acpi_legacy_irqs();
 
         count =
diff --git a/arch/x86/kernel/acpi/cstate.c b/arch/x86/kernel/acpi/cstate.c
index 59cdfa4686b2..2e837f5080fe 100644
--- a/arch/x86/kernel/acpi/cstate.c
+++ b/arch/x86/kernel/acpi/cstate.c
@@ -48,7 +48,7 @@ void acpi_processor_power_init_bm_check(struct acpi_processor_flags *flags,
          * P4, Core and beyond CPUs
          */
         if (c->x86_vendor == X86_VENDOR_INTEL &&
-            (c->x86 > 0xf || (c->x86 == 6 && c->x86_model >= 14)))
+            (c->x86 > 0xf || (c->x86 == 6 && c->x86_model >= 0x0f)))
                         flags->bm_control = 0;
 }
 EXPORT_SYMBOL(acpi_processor_power_init_bm_check);
diff --git a/arch/x86/kernel/acpi/processor.c b/arch/x86/kernel/acpi/processor.c
deleted file mode 100644
index d296f4a195c9..000000000000
--- a/arch/x86/kernel/acpi/processor.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (C) 2005 Intel Corporation
- *      Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
- *      - Added _PDC for platforms with Intel CPUs
- */
-
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/acpi.h>
-
-#include <acpi/processor.h>
-#include <asm/acpi.h>
-
-static void init_intel_pdc(struct acpi_processor *pr, struct cpuinfo_x86 *c)
-{
-        struct acpi_object_list *obj_list;
-        union acpi_object *obj;
-        u32 *buf;
-
-        /* allocate and initialize pdc. It will be used later. */
-        obj_list = kmalloc(sizeof(struct acpi_object_list), GFP_KERNEL);
-        if (!obj_list) {
-                printk(KERN_ERR "Memory allocation error\n");
-                return;
-        }
-
-        obj = kmalloc(sizeof(union acpi_object), GFP_KERNEL);
-        if (!obj) {
-                printk(KERN_ERR "Memory allocation error\n");
-                kfree(obj_list);
-                return;
-        }
-
-        buf = kmalloc(12, GFP_KERNEL);
-        if (!buf) {
-                printk(KERN_ERR "Memory allocation error\n");
-                kfree(obj);
-                kfree(obj_list);
-                return;
-        }
-
-        buf[0] = ACPI_PDC_REVISION_ID;
-        buf[1] = 1;
-        buf[2] = ACPI_PDC_C_CAPABILITY_SMP;
-
-        /*
-         * The default of PDC_SMP_T_SWCOORD bit is set for intel x86 cpu so
-         * that OSPM is capable of native ACPI throttling software
-         * coordination using BIOS supplied _TSD info.
-         */
-        buf[2] |= ACPI_PDC_SMP_T_SWCOORD;
-        if (cpu_has(c, X86_FEATURE_EST))
-                buf[2] |= ACPI_PDC_EST_CAPABILITY_SWSMP;
-
-        if (cpu_has(c, X86_FEATURE_ACPI))
-                buf[2] |= ACPI_PDC_T_FFH;
-
-        /*
-         * If mwait/monitor is unsupported, C2/C3_FFH will be disabled
-         */
-        if (!cpu_has(c, X86_FEATURE_MWAIT))
-                buf[2] &= ~(ACPI_PDC_C_C2C3_FFH);
-
-        obj->type = ACPI_TYPE_BUFFER;
-        obj->buffer.length = 12;
-        obj->buffer.pointer = (u8 *) buf;
-        obj_list->count = 1;
-        obj_list->pointer = obj;
-        pr->pdc = obj_list;
-
-        return;
-}
-
-
-/* Initialize _PDC data based on the CPU vendor */
-void arch_acpi_processor_init_pdc(struct acpi_processor *pr)
-{
-        struct cpuinfo_x86 *c = &cpu_data(pr->id);
-
-        pr->pdc = NULL;
-        if (c->x86_vendor == X86_VENDOR_INTEL)
-                init_intel_pdc(pr, c);
-
-        return;
-}
-
-EXPORT_SYMBOL(arch_acpi_processor_init_pdc);
-
-void arch_acpi_processor_cleanup_pdc(struct acpi_processor *pr)
-{
-        if (pr->pdc) {
-                kfree(pr->pdc->pointer->buffer.pointer);
-                kfree(pr->pdc->pointer);
-                kfree(pr->pdc);
-                pr->pdc = NULL;
-        }
-}
-
-EXPORT_SYMBOL(arch_acpi_processor_cleanup_pdc);
diff --git a/arch/x86/kernel/acpi/realmode/wakeup.lds.S b/arch/x86/kernel/acpi/realmode/wakeup.lds.S
index 7da00b799cda..060fff8f5c5b 100644
--- a/arch/x86/kernel/acpi/realmode/wakeup.lds.S
+++ b/arch/x86/kernel/acpi/realmode/wakeup.lds.S
@@ -57,5 +57,8 @@ SECTIONS
                 *(.note*)
         }
 
+        /*
+         * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility:
+         */
         . = ASSERT(_end <= WAKEUP_SIZE, "Wakeup too big!");
 }
diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
index ca93638ba430..f9961034e557 100644
--- a/arch/x86/kernel/acpi/sleep.c
+++ b/arch/x86/kernel/acpi/sleep.c
@@ -78,12 +78,9 @@ int acpi_save_state_mem(void)
 #ifndef CONFIG_64BIT
         store_gdt((struct desc_ptr *)&header->pmode_gdt);
 
-        header->pmode_efer_low = nx_enabled;
-        if (header->pmode_efer_low & 1) {
-                /* This is strange, why not save efer, always? */
-                rdmsr(MSR_EFER, header->pmode_efer_low,
-                        header->pmode_efer_high);
-        }
+        if (rdmsr_safe(MSR_EFER, &header->pmode_efer_low,
+                       &header->pmode_efer_high))
+                header->pmode_efer_low = header->pmode_efer_high = 0;
 #endif /* !CONFIG_64BIT */
 
         header->pmode_cr0 = read_cr0();
@@ -119,29 +116,32 @@ void acpi_restore_state_mem(void)
 
 
 /**
- * acpi_reserve_bootmem - do _very_ early ACPI initialisation
+ * acpi_reserve_wakeup_memory - do _very_ early ACPI initialisation
  *
  * We allocate a page from the first 1MB of memory for the wakeup
  * routine for when we come back from a sleep state. The
  * runtime allocator allows specification of <16MB pages, but not
  * <1MB pages.
  */
-void __init acpi_reserve_bootmem(void)
+void __init acpi_reserve_wakeup_memory(void)
 {
+        unsigned long mem;
+
         if ((&wakeup_code_end - &wakeup_code_start) > WAKEUP_SIZE) {
                 printk(KERN_ERR
                        "ACPI: Wakeup code way too big, S3 disabled.\n");
                 return;
         }
 
-        acpi_realmode = (unsigned long)alloc_bootmem_low(WAKEUP_SIZE);
+        mem = find_e820_area(0, 1<<20, WAKEUP_SIZE, PAGE_SIZE);
 
-        if (!acpi_realmode) {
+        if (mem == -1L) {
                 printk(KERN_ERR "ACPI: Cannot allocate lowmem, S3 disabled.\n");
                 return;
         }
-
-        acpi_wakeup_address = virt_to_phys((void *)acpi_realmode);
+        acpi_realmode = (unsigned long) phys_to_virt(mem);
+        acpi_wakeup_address = mem;
+        reserve_early(mem, mem + WAKEUP_SIZE, "ACPI WAKEUP");
 }
 
 
@@ -162,6 +162,8 @@ static int __init acpi_sleep_setup(char *str)
 #endif
                 if (strncmp(str, "old_ordering", 12) == 0)
                         acpi_old_suspend_ordering();
+                if (strncmp(str, "sci_force_enable", 16) == 0)
+                        acpi_set_sci_en_on_resume();
                 str = strchr(str, ',');
                 if (str != NULL)
                         str += strspn(str, ", \t");
diff --git a/arch/x86/kernel/amd_iommu.c b/arch/x86/kernel/amd_iommu.c
index 98f230f6a28d..23824fef789c 100644
--- a/arch/x86/kernel/amd_iommu.c
+++ b/arch/x86/kernel/amd_iommu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
+ * Copyright (C) 2007-2009 Advanced Micro Devices, Inc.
  * Author: Joerg Roedel <joerg.roedel@amd.com>
  *         Leo Duran <leo.duran@amd.com>
  *
@@ -19,7 +19,7 @@
 
 #include <linux/pci.h>
 #include <linux/gfp.h>
-#include <linux/bitops.h>
+#include <linux/bitmap.h>
 #include <linux/debugfs.h>
 #include <linux/scatterlist.h>
 #include <linux/dma-mapping.h>
@@ -28,6 +28,7 @@
 #include <asm/proto.h>
 #include <asm/iommu.h>
 #include <asm/gart.h>
+#include <asm/amd_iommu_proto.h>
 #include <asm/amd_iommu_types.h>
 #include <asm/amd_iommu.h>
 
@@ -56,20 +57,152 @@ struct iommu_cmd {
         u32 data[4];
 };
 
-static int dma_ops_unity_map(struct dma_ops_domain *dma_dom,
-                             struct unity_map_entry *e);
-static struct dma_ops_domain *find_protection_domain(u16 devid);
-static u64 *alloc_pte(struct protection_domain *domain,
-                      unsigned long address, int end_lvl,
-                      u64 **pte_page, gfp_t gfp);
-static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
-                                      unsigned long start_page,
-                                      unsigned int pages);
 static void reset_iommu_command_buffer(struct amd_iommu *iommu);
-static u64 *fetch_pte(struct protection_domain *domain,
-                      unsigned long address, int map_size);
 static void update_domain(struct protection_domain *domain);
 
+/****************************************************************************
+ *
+ * Helper functions
+ *
+ ****************************************************************************/
+
+static inline u16 get_device_id(struct device *dev)
+{
+        struct pci_dev *pdev = to_pci_dev(dev);
+
+        return calc_devid(pdev->bus->number, pdev->devfn);
+}
+
+static struct iommu_dev_data *get_dev_data(struct device *dev)
+{
+        return dev->archdata.iommu;
+}
+
+/*
+ * In this function the list of preallocated protection domains is traversed to
+ * find the domain for a specific device
+ */
+static struct dma_ops_domain *find_protection_domain(u16 devid)
+{
+        struct dma_ops_domain *entry, *ret = NULL;
+        unsigned long flags;
+        u16 alias = amd_iommu_alias_table[devid];
+
+        if (list_empty(&iommu_pd_list))
+                return NULL;
+
+        spin_lock_irqsave(&iommu_pd_list_lock, flags);
+
+        list_for_each_entry(entry, &iommu_pd_list, list) {
+                if (entry->target_dev == devid ||
+                    entry->target_dev == alias) {
+                        ret = entry;
+                        break;
+                }
+        }
+
+        spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
+
+        return ret;
+}
+
+/*
+ * This function checks if the driver got a valid device from the caller to
+ * avoid dereferencing invalid pointers.
+ */
+static bool check_device(struct device *dev)
+{
+        u16 devid;
+
+        if (!dev || !dev->dma_mask)
+                return false;
+
+        /* No device or no PCI device */
+        if (!dev || dev->bus != &pci_bus_type)
+                return false;
+
+        devid = get_device_id(dev);
+
+        /* Out of our scope? */
+        if (devid > amd_iommu_last_bdf)
+                return false;
+
+        if (amd_iommu_rlookup_table[devid] == NULL)
+                return false;
+
+        return true;
+}
+
+static int iommu_init_device(struct device *dev)
+{
+        struct iommu_dev_data *dev_data;
+        struct pci_dev *pdev;
+        u16 devid, alias;
+
+        if (dev->archdata.iommu)
+                return 0;
+
+        dev_data = kzalloc(sizeof(*dev_data), GFP_KERNEL);
+        if (!dev_data)
+                return -ENOMEM;
+
+        dev_data->dev = dev;
+
+        devid = get_device_id(dev);
+        alias = amd_iommu_alias_table[devid];
+        pdev = pci_get_bus_and_slot(PCI_BUS(alias), alias & 0xff);
+        if (pdev)
+                dev_data->alias = &pdev->dev;
+
+        atomic_set(&dev_data->bind, 0);
+
+        dev->archdata.iommu = dev_data;
+
+
+        return 0;
+}
+
+static void iommu_uninit_device(struct device *dev)
+{
+        kfree(dev->archdata.iommu);
+}
+
+void __init amd_iommu_uninit_devices(void)
+{
+        struct pci_dev *pdev = NULL;
+
+        for_each_pci_dev(pdev) {
+
+                if (!check_device(&pdev->dev))
+                        continue;
+
+                iommu_uninit_device(&pdev->dev);
+        }
+}
+
+int __init amd_iommu_init_devices(void)
+{
+        struct pci_dev *pdev = NULL;
+        int ret = 0;
+
+        for_each_pci_dev(pdev) {
+
+                if (!check_device(&pdev->dev))
+                        continue;
+
+                ret = iommu_init_device(&pdev->dev);
+                if (ret)
+                        goto out_free;
+        }
+
+        return 0;
+
+out_free:
+
+        amd_iommu_uninit_devices();
+
+        return ret;
+}
 #ifdef CONFIG_AMD_IOMMU_STATS
 
 /*
@@ -90,7 +223,6 @@ DECLARE_STATS_COUNTER(alloced_io_mem);
 DECLARE_STATS_COUNTER(total_map_requests);
 
 static struct dentry *stats_dir;
-static struct dentry *de_isolate;
 static struct dentry *de_fflush;
 
 static void amd_iommu_stats_add(struct __iommu_counter *cnt)
@@ -108,9 +240,6 @@ static void amd_iommu_stats_init(void)
         if (stats_dir == NULL)
                 return;
 
-        de_isolate = debugfs_create_bool("isolation", 0444, stats_dir,
-                                         (u32 *)&amd_iommu_isolate);
-
         de_fflush  = debugfs_create_bool("fullflush", 0444, stats_dir,
                                          (u32 *)&amd_iommu_unmap_flush);
 
@@ -130,12 +259,6 @@ static void amd_iommu_stats_init(void)
 
 #endif
 
-/* returns !0 if the IOMMU is caching non-present entries in its TLB */
-static int iommu_has_npcache(struct amd_iommu *iommu)
-{
-        return iommu->cap & (1UL << IOMMU_CAP_NPCACHE);
-}
-
 /****************************************************************************
  *
  * Interrupt handling functions
@@ -199,6 +322,7 @@ static void iommu_print_event(struct amd_iommu *iommu, void *__evt)
                 break;
         case EVENT_TYPE_ILL_CMD:
                 printk("ILLEGAL_COMMAND_ERROR address=0x%016llx]\n", address);
+                iommu->reset_in_progress = true;
                 reset_iommu_command_buffer(iommu);
                 dump_command(address);
                 break;
@@ -321,11 +445,8 @@ static void __iommu_wait_for_completion(struct amd_iommu *iommu)
         status &= ~MMIO_STATUS_COM_WAIT_INT_MASK;
         writel(status, iommu->mmio_base + MMIO_STATUS_OFFSET);
 
-        if (unlikely(i == EXIT_LOOP_COUNT)) {
-                spin_unlock(&iommu->lock);
-                reset_iommu_command_buffer(iommu);
-                spin_lock(&iommu->lock);
-        }
+        if (unlikely(i == EXIT_LOOP_COUNT))
+                iommu->reset_in_progress = true;
 }
 
 /*
@@ -372,26 +493,46 @@ static int iommu_completion_wait(struct amd_iommu *iommu)
 out:
         spin_unlock_irqrestore(&iommu->lock, flags);
 
+        if (iommu->reset_in_progress)
+                reset_iommu_command_buffer(iommu);
+
         return 0;
 }
 
+static void iommu_flush_complete(struct protection_domain *domain)
+{
+        int i;
+
+        for (i = 0; i < amd_iommus_present; ++i) {
+                if (!domain->dev_iommu[i])
+                        continue;
+
+                /*
+                 * Devices of this domain are behind this IOMMU
+                 * We need to wait for completion of all commands.
+                 */
+                iommu_completion_wait(amd_iommus[i]);
+        }
+}
+
 /*
  * Command send function for invalidating a device table entry
  */
-static int iommu_queue_inv_dev_entry(struct amd_iommu *iommu, u16 devid)
+static int iommu_flush_device(struct device *dev)
 {
+        struct amd_iommu *iommu;
         struct iommu_cmd cmd;
-        int ret;
+        u16 devid;
 
-        BUG_ON(iommu == NULL);
+        devid = get_device_id(dev);
+        iommu = amd_iommu_rlookup_table[devid];
 
+        /* Build command */
         memset(&cmd, 0, sizeof(cmd));
         CMD_SET_TYPE(&cmd, CMD_INV_DEV_ENTRY);
         cmd.data[0] = devid;
 
-        ret = iommu_queue_command(iommu, &cmd);
-
-        return ret;
+        return iommu_queue_command(iommu, &cmd);
 }
 
 static void __iommu_build_inv_iommu_pages(struct iommu_cmd *cmd, u64 address,
@@ -430,11 +571,11 @@ static int iommu_queue_inv_iommu_pages(struct amd_iommu *iommu,
  * It invalidates a single PTE if the range to flush is within a single
  * page. Otherwise it flushes the whole TLB of the IOMMU.
  */
-static int iommu_flush_pages(struct amd_iommu *iommu, u16 domid,
-                u64 address, size_t size)
+static void __iommu_flush_pages(struct protection_domain *domain,
+                                u64 address, size_t size, int pde)
 {
-        int s = 0;
-        unsigned pages = iommu_num_pages(address, size, PAGE_SIZE);
+        int s = 0, i;
+        unsigned long pages = iommu_num_pages(address, size, PAGE_SIZE);
 
         address &= PAGE_MASK;
 
@@ -447,142 +588,212 @@ static int iommu_flush_pages(struct amd_iommu *iommu, u16 domid,
                 s = 1;
         }
 
-        iommu_queue_inv_iommu_pages(iommu, address, domid, 0, s);
 
-        return 0;
+        for (i = 0; i < amd_iommus_present; ++i) {
+                if (!domain->dev_iommu[i])
+                        continue;
+
+                /*
+                 * Devices of this domain are behind this IOMMU
+                 * We need a TLB flush
+                 */
+                iommu_queue_inv_iommu_pages(amd_iommus[i], address,
+                                            domain->id, pde, s);
+        }
+
+        return;
 }
 
-/* Flush the whole IO/TLB for a given protection domain */
-static void iommu_flush_tlb(struct amd_iommu *iommu, u16 domid)
+static void iommu_flush_pages(struct protection_domain *domain,
+                             u64 address, size_t size)
 {
-        u64 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
-
-        INC_STATS_COUNTER(domain_flush_single);
+        __iommu_flush_pages(domain, address, size, 0);
+}
 
-        iommu_queue_inv_iommu_pages(iommu, address, domid, 0, 1);
+/* Flush the whole IO/TLB for a given protection domain */
+static void iommu_flush_tlb(struct protection_domain *domain)
+{
+        __iommu_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 0);
 }
 
 /* Flush the whole IO/TLB for a given protection domain - including PDE */
-static void iommu_flush_tlb_pde(struct amd_iommu *iommu, u16 domid)
+static void iommu_flush_tlb_pde(struct protection_domain *domain)
 {
-       u64 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
-
-       INC_STATS_COUNTER(domain_flush_single);
-
-       iommu_queue_inv_iommu_pages(iommu, address, domid, 1, 1);
+        __iommu_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 1);
 }
 
+
 /*
- * This function flushes one domain on one IOMMU
+ * This function flushes the DTEs for all devices in domain
  */
-static void flush_domain_on_iommu(struct amd_iommu *iommu, u16 domid)
+static void iommu_flush_domain_devices(struct protection_domain *domain)
 {
-        struct iommu_cmd cmd;
+        struct iommu_dev_data *dev_data;
         unsigned long flags;
 
-        __iommu_build_inv_iommu_pages(&cmd, CMD_INV_IOMMU_ALL_PAGES_ADDRESS,
-                                      domid, 1, 1);
+        spin_lock_irqsave(&domain->lock, flags);
 
-        spin_lock_irqsave(&iommu->lock, flags);
-        __iommu_queue_command(iommu, &cmd);
-        __iommu_completion_wait(iommu);
-        __iommu_wait_for_completion(iommu);
-        spin_unlock_irqrestore(&iommu->lock, flags);
+        list_for_each_entry(dev_data, &domain->dev_list, list)
+                iommu_flush_device(dev_data->dev);
+
+        spin_unlock_irqrestore(&domain->lock, flags);
 }
 
-static void flush_all_domains_on_iommu(struct amd_iommu *iommu)
+static void iommu_flush_all_domain_devices(void)
 {
-        int i;
+        struct protection_domain *domain;
+        unsigned long flags;
 
-        for (i = 1; i < MAX_DOMAIN_ID; ++i) {
-                if (!test_bit(i, amd_iommu_pd_alloc_bitmap))
-                        continue;
-                flush_domain_on_iommu(iommu, i);
+        spin_lock_irqsave(&amd_iommu_pd_lock, flags);
+
+        list_for_each_entry(domain, &amd_iommu_pd_list, list) {
+                iommu_flush_domain_devices(domain);
+                iommu_flush_complete(domain);
         }
 
+        spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
+}
+
+void amd_iommu_flush_all_devices(void)
+{
+        iommu_flush_all_domain_devices();
 }
 
 /*
- * This function is used to flush the IO/TLB for a given protection domain
- * on every IOMMU in the system
+ * This function uses heavy locking and may disable irqs for some time. But
+ * this is no issue because it is only called during resume.
  */
-static void iommu_flush_domain(u16 domid)
+void amd_iommu_flush_all_domains(void)
 {
-        struct amd_iommu *iommu;
+        struct protection_domain *domain;
+        unsigned long flags;
 
-        INC_STATS_COUNTER(domain_flush_all);
+        spin_lock_irqsave(&amd_iommu_pd_lock, flags);
 
-        for_each_iommu(iommu)
-                flush_domain_on_iommu(iommu, domid);
+        list_for_each_entry(domain, &amd_iommu_pd_list, list) {
+                spin_lock(&domain->lock);
+                iommu_flush_tlb_pde(domain);
+                iommu_flush_complete(domain);
+                spin_unlock(&domain->lock);
+        }
+
+        spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
 }
 
-void amd_iommu_flush_all_domains(void)
+static void reset_iommu_command_buffer(struct amd_iommu *iommu)
 {
-        struct amd_iommu *iommu;
+        pr_err("AMD-Vi: Resetting IOMMU command buffer\n");
 
-        for_each_iommu(iommu)
-                flush_all_domains_on_iommu(iommu);
+        if (iommu->reset_in_progress)
+                panic("AMD-Vi: ILLEGAL_COMMAND_ERROR while resetting command buffer\n");
+
+        amd_iommu_reset_cmd_buffer(iommu);
+        amd_iommu_flush_all_devices();
+        amd_iommu_flush_all_domains();
+
+        iommu->reset_in_progress = false;
 }
 
-static void flush_all_devices_for_iommu(struct amd_iommu *iommu)
+/****************************************************************************
+ *
+ * The functions below are used the create the page table mappings for
+ * unity mapped regions.
+ *
+ ****************************************************************************/
+
+/*
+ * This function is used to add another level to an IO page table. Adding
+ * another level increases the size of the address space by 9 bits to a size up
+ * to 64 bits.
+ */
+static bool increase_address_space(struct protection_domain *domain,
+                                   gfp_t gfp)
 {
-        int i;
+        u64 *pte;
 
-        for (i = 0; i <= amd_iommu_last_bdf; ++i) {
-                if (iommu != amd_iommu_rlookup_table[i])
-                        continue;
+        if (domain->mode == PAGE_MODE_6_LEVEL)
+                /* address space already 64 bit large */
+                return false;
 
-                iommu_queue_inv_dev_entry(iommu, i);
-                iommu_completion_wait(iommu);
-        }
+        pte = (void *)get_zeroed_page(gfp);
+        if (!pte)
+                return false;
+
+        *pte             = PM_LEVEL_PDE(domain->mode,
+                                        virt_to_phys(domain->pt_root));
+        domain->pt_root  = pte;
+        domain->mode    += 1;
+        domain->updated  = true;
+
+        return true;
 }
 
-static void flush_devices_by_domain(struct protection_domain *domain)
+static u64 *alloc_pte(struct protection_domain *domain,
+                      unsigned long address,
+                      int end_lvl,
+                      u64 **pte_page,
+                      gfp_t gfp)
 {
-        struct amd_iommu *iommu;
-        int i;
+        u64 *pte, *page;
+        int level;
 
-        for (i = 0; i <= amd_iommu_last_bdf; ++i) {
-                if ((domain == NULL && amd_iommu_pd_table[i] == NULL) ||
-                    (amd_iommu_pd_table[i] != domain))
-                        continue;
+        while (address > PM_LEVEL_SIZE(domain->mode))
+                increase_address_space(domain, gfp);
 
-                iommu = amd_iommu_rlookup_table[i];
-                if (!iommu)
-                        continue;
+        level =  domain->mode - 1;
+        pte   = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
+
+        while (level > end_lvl) {
+                if (!IOMMU_PTE_PRESENT(*pte)) {
+                        page = (u64 *)get_zeroed_page(gfp);
+                        if (!page)
+                                return NULL;
+                        *pte = PM_LEVEL_PDE(level, virt_to_phys(page));
+                }
+
+                level -= 1;
+
+                pte = IOMMU_PTE_PAGE(*pte);
+
+                if (pte_page && level == end_lvl)
+                        *pte_page = pte;
 
-                iommu_queue_inv_dev_entry(iommu, i);
-                iommu_completion_wait(iommu);
+                pte = &pte[PM_LEVEL_INDEX(level, address)];
         }
+
+        return pte;
 }
 
-static void reset_iommu_command_buffer(struct amd_iommu *iommu)
+/*
+ * This function checks if there is a PTE for a given dma address. If
+ * there is one, it returns the pointer to it.
+ */
+static u64 *fetch_pte(struct protection_domain *domain,
+                      unsigned long address, int map_size)
 {
-        pr_err("AMD-Vi: Resetting IOMMU command buffer\n");
+        int level;
+        u64 *pte;
 
-        if (iommu->reset_in_progress)
-                panic("AMD-Vi: ILLEGAL_COMMAND_ERROR while resetting command buffer\n");
+        level =  domain->mode - 1;
+        pte   = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
 
-        iommu->reset_in_progress = true;
+        while (level > map_size) {
+                if (!IOMMU_PTE_PRESENT(*pte))
+                        return NULL;
 
-        amd_iommu_reset_cmd_buffer(iommu);
-        flush_all_devices_for_iommu(iommu);
-        flush_all_domains_on_iommu(iommu);
+                level -= 1;
 
-        iommu->reset_in_progress = false;
-}
+                pte = IOMMU_PTE_PAGE(*pte);
+                pte = &pte[PM_LEVEL_INDEX(level, address)];
 
-void amd_iommu_flush_all_devices(void)
-{
-        flush_devices_by_domain(NULL);
-}
+                if ((PM_PTE_LEVEL(*pte) == 0) && level != map_size) {
+                        pte = NULL;
+                        break;
+                }
+        }
 
-/****************************************************************************
- *
- * The functions below are used the create the page table mappings for
- * unity mapped regions.
- *
- ****************************************************************************/
+        return pte;
+}
 
 /*
  * Generic mapping functions. It maps a physical address into a DMA
@@ -654,28 +865,6 @@ static int iommu_for_unity_map(struct amd_iommu *iommu,
 }
 
 /*
- * Init the unity mappings for a specific IOMMU in the system
- *
- * Basically iterates over all unity mapping entries and applies them to
- * the default domain DMA of that IOMMU if necessary.
- */
-static int iommu_init_unity_mappings(struct amd_iommu *iommu)
-{
-        struct unity_map_entry *entry;
-        int ret;
-
-        list_for_each_entry(entry, &amd_iommu_unity_map, list) {
-                if (!iommu_for_unity_map(iommu, entry))
-                        continue;
-                ret = dma_ops_unity_map(iommu->default_dom, entry);
-                if (ret)
-                        return ret;
-        }
-
-        return 0;
-}
-
-/*
  * This function actually applies the mapping to the page table of the
  * dma_ops domain.
  */
@@ -704,6 +893,28 @@ static int dma_ops_unity_map(struct dma_ops_domain *dma_dom,
 }
 
 /*
+ * Init the unity mappings for a specific IOMMU in the system
+ *
+ * Basically iterates over all unity mapping entries and applies them to
+ * the default domain DMA of that IOMMU if necessary.
+ */
+static int iommu_init_unity_mappings(struct amd_iommu *iommu)
+{
+        struct unity_map_entry *entry;
+        int ret;
+
+        list_for_each_entry(entry, &amd_iommu_unity_map, list) {
+                if (!iommu_for_unity_map(iommu, entry))
+                        continue;
+                ret = dma_ops_unity_map(iommu->default_dom, entry);
+                if (ret)
+                        return ret;
+        }
+
+        return 0;
+}
+
+/*
  * Inits the unity mappings required for a specific device
  */
 static int init_unity_mappings_for_device(struct dma_ops_domain *dma_dom,
@@ -740,34 +951,23 @@ static int init_unity_mappings_for_device(struct dma_ops_domain *dma_dom,
  */
 
 /*
- * This function checks if there is a PTE for a given dma address. If
- * there is one, it returns the pointer to it.
+ * Used to reserve address ranges in the aperture (e.g. for exclusion
+ * ranges.
  */
-static u64 *fetch_pte(struct protection_domain *domain,
-                      unsigned long address, int map_size)
+static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
+                                      unsigned long start_page,
+                                      unsigned int pages)
 {
-        int level;
-        u64 *pte;
-
-        level =  domain->mode - 1;
-        pte   = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
-
-        while (level > map_size) {
-                if (!IOMMU_PTE_PRESENT(*pte))
-                        return NULL;
-
-                level -= 1;
+        unsigned int i, last_page = dom->aperture_size >> PAGE_SHIFT;
 
-                pte = IOMMU_PTE_PAGE(*pte);
-                pte = &pte[PM_LEVEL_INDEX(level, address)];
+        if (start_page + pages > last_page)
+                pages = last_page - start_page;
 
-                if ((PM_PTE_LEVEL(*pte) == 0) && level != map_size) {
-                        pte = NULL;
-                        break;
-                }
+        for (i = start_page; i < start_page + pages; ++i) {
+                int index = i / APERTURE_RANGE_PAGES;
+                int page  = i % APERTURE_RANGE_PAGES;
+                __set_bit(page, dom->aperture[index]->bitmap);
         }
-
-        return pte;
 }
 
 /*
@@ -775,11 +975,11 @@ static u64 *fetch_pte(struct protection_domain *domain,
  * aperture in case of dma_ops domain allocation or address allocation
  * failure.
  */
-static int alloc_new_range(struct amd_iommu *iommu,
-                           struct dma_ops_domain *dma_dom,
+static int alloc_new_range(struct dma_ops_domain *dma_dom,
                            bool populate, gfp_t gfp)
 {
         int index = dma_dom->aperture_size >> APERTURE_RANGE_SHIFT;
+        struct amd_iommu *iommu;
         int i;
 
 #ifdef CONFIG_IOMMU_STRESS
@@ -819,14 +1019,17 @@ static int alloc_new_range(struct amd_iommu *iommu,
         dma_dom->aperture_size += APERTURE_RANGE_SIZE;
 
         /* Intialize the exclusion range if necessary */
-        if (iommu->exclusion_start &&
-            iommu->exclusion_start >= dma_dom->aperture[index]->offset &&
-            iommu->exclusion_start < dma_dom->aperture_size) {
-                unsigned long startpage = iommu->exclusion_start >> PAGE_SHIFT;
-                int pages = iommu_num_pages(iommu->exclusion_start,
-                                            iommu->exclusion_length,
-                                            PAGE_SIZE);
-                dma_ops_reserve_addresses(dma_dom, startpage, pages);
+        for_each_iommu(iommu) {
+                if (iommu->exclusion_start &&
+                    iommu->exclusion_start >= dma_dom->aperture[index]->offset
+                    && iommu->exclusion_start < dma_dom->aperture_size) {
+                        unsigned long startpage;
+                        int pages = iommu_num_pages(iommu->exclusion_start,
+                                                    iommu->exclusion_length,
+                                                    PAGE_SIZE);
+                        startpage = iommu->exclusion_start >> PAGE_SHIFT;
+                        dma_ops_reserve_addresses(dma_dom, startpage, pages);
+                }
         }
 
         /*
@@ -928,7 +1131,7 @@ static unsigned long dma_ops_alloc_addresses(struct device *dev,
         }
 
         if (unlikely(address == -1))
-                address = bad_dma_address;
+                address = DMA_ERROR_CODE;
 
         WARN_ON((address + (PAGE_SIZE*pages)) > dom->aperture_size);
 
@@ -959,7 +1162,7 @@ static void dma_ops_free_addresses(struct dma_ops_domain *dom,
 
         address = (address % APERTURE_RANGE_SIZE) >> PAGE_SHIFT;
 
-        iommu_area_free(range->bitmap, address, pages);
+        bitmap_clear(range->bitmap, address, pages);
 
 }
 
@@ -973,6 +1176,31 @@ static void dma_ops_free_addresses(struct dma_ops_domain *dom,
  *
  ****************************************************************************/
 
+/*
+ * This function adds a protection domain to the global protection domain list
+ */
+static void add_domain_to_list(struct protection_domain *domain)
+{
+        unsigned long flags;
+
+        spin_lock_irqsave(&amd_iommu_pd_lock, flags);
+        list_add(&domain->list, &amd_iommu_pd_list);
+        spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
+}
+
+/*
+ * This function removes a protection domain to the global
+ * protection domain list
+ */
+static void del_domain_from_list(struct protection_domain *domain)
+{
+        unsigned long flags;
+
+        spin_lock_irqsave(&amd_iommu_pd_lock, flags);
+        list_del(&domain->list);
+        spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
+}
+
 static u16 domain_id_alloc(void)
 {
         unsigned long flags;
@@ -1000,26 +1228,6 @@ static void domain_id_free(int id)
         write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
 }
 
-/*
- * Used to reserve address ranges in the aperture (e.g. for exclusion
- * ranges.
- */
-static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
-                                      unsigned long start_page,
-                                      unsigned int pages)
-{
-        unsigned int i, last_page = dom->aperture_size >> PAGE_SHIFT;
-
-        if (start_page + pages > last_page)
-                pages = last_page - start_page;
-
-        for (i = start_page; i < start_page + pages; ++i) {
-                int index = i / APERTURE_RANGE_PAGES;
-                int page  = i % APERTURE_RANGE_PAGES;
-                __set_bit(page, dom->aperture[index]->bitmap);
-        }
-}
-
 static void free_pagetable(struct protection_domain *domain)
 {
         int i, j;
@@ -1061,6 +1269,8 @@ static void dma_ops_domain_free(struct dma_ops_domain *dom)
         if (!dom)
                 return;
 
+        del_domain_from_list(&dom->domain);
+
         free_pagetable(&dom->domain);
 
         for (i = 0; i < APERTURE_MAX_RANGES; ++i) {
@@ -1078,7 +1288,7 @@ static void dma_ops_domain_free(struct dma_ops_domain *dom)
  * It also intializes the page table and the address allocator data
  * structures required for the dma_ops interface
  */
-static struct dma_ops_domain *dma_ops_domain_alloc(struct amd_iommu *iommu)
+static struct dma_ops_domain *dma_ops_domain_alloc(void)
 {
         struct dma_ops_domain *dma_dom;
 
@@ -1091,6 +1301,7 @@ static struct dma_ops_domain *dma_ops_domain_alloc(struct amd_iommu *iommu)
         dma_dom->domain.id = domain_id_alloc();
         if (dma_dom->domain.id == 0)
                 goto free_dma_dom;
+        INIT_LIST_HEAD(&dma_dom->domain.dev_list);
         dma_dom->domain.mode = PAGE_MODE_2_LEVEL;
         dma_dom->domain.pt_root = (void *)get_zeroed_page(GFP_KERNEL);
         dma_dom->domain.flags = PD_DMA_OPS_MASK;
@@ -1101,7 +1312,9 @@ static struct dma_ops_domain *dma_ops_domain_alloc(struct amd_iommu *iommu)
         dma_dom->need_flush = false;
         dma_dom->target_dev = 0xffff;
 
-        if (alloc_new_range(iommu, dma_dom, true, GFP_KERNEL))
+        add_domain_to_list(&dma_dom->domain);
+
+        if (alloc_new_range(dma_dom, true, GFP_KERNEL))
                 goto free_dma_dom;
 
         /*
@@ -1129,22 +1342,6 @@ static bool dma_ops_domain(struct protection_domain *domain)
         return domain->flags & PD_DMA_OPS_MASK;
 }
 
-/*
- * Find out the protection domain structure for a given PCI device. This
- * will give us the pointer to the page table root for example.
- */
-static struct protection_domain *domain_for_device(u16 devid)
-{
-        struct protection_domain *dom;
-        unsigned long flags;
-
-        read_lock_irqsave(&amd_iommu_devtable_lock, flags);
-        dom = amd_iommu_pd_table[devid];
-        read_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
-
-        return dom;
-}
-
 static void set_dte_entry(u16 devid, struct protection_domain *domain)
 {
         u64 pte_root = virt_to_phys(domain->pt_root);
@@ -1156,42 +1353,123 @@ static void set_dte_entry(u16 devid, struct protection_domain *domain)
         amd_iommu_dev_table[devid].data[2] = domain->id;
         amd_iommu_dev_table[devid].data[1] = upper_32_bits(pte_root);
         amd_iommu_dev_table[devid].data[0] = lower_32_bits(pte_root);
+}
 
-        amd_iommu_pd_table[devid] = domain;
+static void clear_dte_entry(u16 devid)
+{
+        /* remove entry from the device table seen by the hardware */
+        amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV;
+        amd_iommu_dev_table[devid].data[1] = 0;
+        amd_iommu_dev_table[devid].data[2] = 0;
+
+        amd_iommu_apply_erratum_63(devid);
+}
+
+static void do_attach(struct device *dev, struct protection_domain *domain)
+{
+        struct iommu_dev_data *dev_data;
+        struct amd_iommu *iommu;
+        u16 devid;
+
+        devid    = get_device_id(dev);
+        iommu    = amd_iommu_rlookup_table[devid];
+        dev_data = get_dev_data(dev);
+
+        /* Update data structures */
+        dev_data->domain = domain;
+        list_add(&dev_data->list, &domain->dev_list);
+        set_dte_entry(devid, domain);
+
+        /* Do reference counting */
+        domain->dev_iommu[iommu->index] += 1;
+        domain->dev_cnt                 += 1;
+
+        /* Flush the DTE entry */
+        iommu_flush_device(dev);
+}
+
+static void do_detach(struct device *dev)
+{
+        struct iommu_dev_data *dev_data;
+        struct amd_iommu *iommu;
+        u16 devid;
+
+        devid    = get_device_id(dev);
+        iommu    = amd_iommu_rlookup_table[devid];
+        dev_data = get_dev_data(dev);
+
+        /* decrease reference counters */
+        dev_data->domain->dev_iommu[iommu->index] -= 1;
+        dev_data->domain->dev_cnt                 -= 1;
+
+        /* Update data structures */
+        dev_data->domain = NULL;
+        list_del(&dev_data->list);
+        clear_dte_entry(devid);
+
+        /* Flush the DTE entry */
+        iommu_flush_device(dev);
 }
 
 /*
  * If a device is not yet associated with a domain, this function does
  * assigns it visible for the hardware
  */
-static void __attach_device(struct amd_iommu *iommu,
-                            struct protection_domain *domain,
-                            u16 devid)
+static int __attach_device(struct device *dev,
+                           struct protection_domain *domain)
 {
+        struct iommu_dev_data *dev_data, *alias_data;
+
+        dev_data   = get_dev_data(dev);
+        alias_data = get_dev_data(dev_data->alias);
+
+        if (!alias_data)
+                return -EINVAL;
+
         /* lock domain */
         spin_lock(&domain->lock);
 
-        /* update DTE entry */
-        set_dte_entry(devid, domain);
+        /* Some sanity checks */
+        if (alias_data->domain != NULL &&
+            alias_data->domain != domain)
+                return -EBUSY;
+
+        if (dev_data->domain != NULL &&
+            dev_data->domain != domain)
+                return -EBUSY;
 
-        domain->dev_cnt += 1;
+        /* Do real assignment */
+        if (dev_data->alias != dev) {
+                alias_data = get_dev_data(dev_data->alias);
+                if (alias_data->domain == NULL)
+                        do_attach(dev_data->alias, domain);
+
+                atomic_inc(&alias_data->bind);
+        }
+
+        if (dev_data->domain == NULL)
+                do_attach(dev, domain);
+
+        atomic_inc(&dev_data->bind);
 
         /* ready */
         spin_unlock(&domain->lock);
+
+        return 0;
 }
 
 /*
  * If a device is not yet associated with a domain, this function does
  * assigns it visible for the hardware
  */
-static void attach_device(struct amd_iommu *iommu,
-                          struct protection_domain *domain,
-                          u16 devid)
+static int attach_device(struct device *dev,
+                         struct protection_domain *domain)
 {
         unsigned long flags;
+        int ret;
 
         write_lock_irqsave(&amd_iommu_devtable_lock, flags);
-        __attach_device(iommu, domain, devid);
+        ret = __attach_device(dev, domain);
         write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
 
         /*
@@ -1199,96 +1477,125 @@ static void attach_device(struct amd_iommu *iommu,
          * left the caches in the IOMMU dirty. So we have to flush
          * here to evict all dirty stuff.
          */
-        iommu_queue_inv_dev_entry(iommu, devid);
-        iommu_flush_tlb_pde(iommu, domain->id);
+        iommu_flush_tlb_pde(domain);
+
+        return ret;
 }
 
 /*
  * Removes a device from a protection domain (unlocked)
  */
-static void __detach_device(struct protection_domain *domain, u16 devid)
+static void __detach_device(struct device *dev)
 {
+        struct iommu_dev_data *dev_data = get_dev_data(dev);
+        struct iommu_dev_data *alias_data;
+        unsigned long flags;
 
-        /* lock domain */
-        spin_lock(&domain->lock);
+        BUG_ON(!dev_data->domain);
 
-        /* remove domain from the lookup table */
-        amd_iommu_pd_table[devid] = NULL;
+        spin_lock_irqsave(&dev_data->domain->lock, flags);
 
-        /* remove entry from the device table seen by the hardware */
-        amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV;
-        amd_iommu_dev_table[devid].data[1] = 0;
-        amd_iommu_dev_table[devid].data[2] = 0;
+        if (dev_data->alias != dev) {
+                alias_data = get_dev_data(dev_data->alias);
+                if (atomic_dec_and_test(&alias_data->bind))
+                        do_detach(dev_data->alias);
+        }
 
-        /* decrease reference counter */
-        domain->dev_cnt -= 1;
+        if (atomic_dec_and_test(&dev_data->bind))
+                do_detach(dev);
 
-        /* ready */
-        spin_unlock(&domain->lock);
+        spin_unlock_irqrestore(&dev_data->domain->lock, flags);
 
         /*
          * If we run in passthrough mode the device must be assigned to the
          * passthrough domain if it is detached from any other domain
          */
-        if (iommu_pass_through) {
-                struct amd_iommu *iommu = amd_iommu_rlookup_table[devid];
-                __attach_device(iommu, pt_domain, devid);
-        }
+        if (iommu_pass_through && dev_data->domain == NULL)
+                __attach_device(dev, pt_domain);
 }
 
 /*
  * Removes a device from a protection domain (with devtable_lock held)
  */
-static void detach_device(struct protection_domain *domain, u16 devid)
+static void detach_device(struct device *dev)
 {
         unsigned long flags;
 
         /* lock device table */
         write_lock_irqsave(&amd_iommu_devtable_lock, flags);
-        __detach_device(domain, devid);
+        __detach_device(dev);
         write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
 }
 
+/*
+ * Find out the protection domain structure for a given PCI device. This
+ * will give us the pointer to the page table root for example.
+ */
+static struct protection_domain *domain_for_device(struct device *dev)
+{
+        struct protection_domain *dom;
+        struct iommu_dev_data *dev_data, *alias_data;
+        unsigned long flags;
+        u16 devid, alias;
+
+        devid      = get_device_id(dev);
+        alias      = amd_iommu_alias_table[devid];
+        dev_data   = get_dev_data(dev);
+        alias_data = get_dev_data(dev_data->alias);
+        if (!alias_data)
+                return NULL;
+
+        read_lock_irqsave(&amd_iommu_devtable_lock, flags);
+        dom = dev_data->domain;
+        if (dom == NULL &&
+            alias_data->domain != NULL) {
+                __attach_device(dev, alias_data->domain);
+                dom = alias_data->domain;
+        }
+
+        read_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
+
+        return dom;
+}
+
 static int device_change_notifier(struct notifier_block *nb,
                                   unsigned long action, void *data)
 {
         struct device *dev = data;
-        struct pci_dev *pdev = to_pci_dev(dev);
-        u16 devid = calc_devid(pdev->bus->number, pdev->devfn);
+        u16 devid;
         struct protection_domain *domain;
         struct dma_ops_domain *dma_domain;
         struct amd_iommu *iommu;
         unsigned long flags;
 
-        if (devid > amd_iommu_last_bdf)
-                goto out;
-
-        devid = amd_iommu_alias_table[devid];
-
-        iommu = amd_iommu_rlookup_table[devid];
-        if (iommu == NULL)
-                goto out;
-
-        domain = domain_for_device(devid);
+        if (!check_device(dev))
+                return 0;
 
-        if (domain && !dma_ops_domain(domain))
-                WARN_ONCE(1, "AMD IOMMU WARNING: device %s already bound "
-                          "to a non-dma-ops domain\n", dev_name(dev));
+        devid  = get_device_id(dev);
+        iommu  = amd_iommu_rlookup_table[devid];
 
         switch (action) {
         case BUS_NOTIFY_UNBOUND_DRIVER:
+
+                domain = domain_for_device(dev);
+
                 if (!domain)
                         goto out;
                 if (iommu_pass_through)
                         break;
-                detach_device(domain, devid);
+                detach_device(dev);
                 break;
         case BUS_NOTIFY_ADD_DEVICE:
+
+                iommu_init_device(dev);
+
+                domain = domain_for_device(dev);
+
                 /* allocate a protection domain if a device is added */
                 dma_domain = find_protection_domain(devid);
                 if (dma_domain)
                         goto out;
-                dma_domain = dma_ops_domain_alloc(iommu);
+                dma_domain = dma_ops_domain_alloc();
                 if (!dma_domain)
                         goto out;
                 dma_domain->target_dev = devid;
@@ -1298,11 +1605,15 @@ static int device_change_notifier(struct notifier_block *nb,
                 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
 
                 break;
+        case BUS_NOTIFY_DEL_DEVICE:
+
+                iommu_uninit_device(dev);
+
         default:
                 goto out;
         }
 
-        iommu_queue_inv_dev_entry(iommu, devid);
+        iommu_flush_device(dev);
         iommu_completion_wait(iommu);
 
 out:
@@ -1313,6 +1624,11 @@ static struct notifier_block device_nb = {
         .notifier_call = device_change_notifier,
 };
 
+void amd_iommu_init_notifier(void)
+{
+        bus_register_notifier(&pci_bus_type, &device_nb);
+}
+
 /*****************************************************************************
  *
  * The next functions belong to the dma_ops mapping/unmapping code.
@@ -1320,106 +1636,46 @@ static struct notifier_block device_nb = {
  *****************************************************************************/
 
 /*
- * This function checks if the driver got a valid device from the caller to
- * avoid dereferencing invalid pointers.
- */
-static bool check_device(struct device *dev)
-{
-        if (!dev || !dev->dma_mask)
-                return false;
-
-        return true;
-}
-
-/*
- * In this function the list of preallocated protection domains is traversed to
- * find the domain for a specific device
- */
-static struct dma_ops_domain *find_protection_domain(u16 devid)
-{
-        struct dma_ops_domain *entry, *ret = NULL;
-        unsigned long flags;
-
-        if (list_empty(&iommu_pd_list))
-                return NULL;
-
-        spin_lock_irqsave(&iommu_pd_list_lock, flags);
-
-        list_for_each_entry(entry, &iommu_pd_list, list) {
-                if (entry->target_dev == devid) {
-                        ret = entry;
-                        break;
-                }
-        }
-
-        spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
-
-        return ret;
-}
-
-/*
  * In the dma_ops path we only have the struct device. This function
  * finds the corresponding IOMMU, the protection domain and the
  * requestor id for a given device.
  * If the device is not yet associated with a domain this is also done
  * in this function.
  */
-static int get_device_resources(struct device *dev,
-                                struct amd_iommu **iommu,
-                                struct protection_domain **domain,
-                                u16 *bdf)
+static struct protection_domain *get_domain(struct device *dev)
 {
+        struct protection_domain *domain;
         struct dma_ops_domain *dma_dom;
-        struct pci_dev *pcidev;
-        u16 _bdf;
-
-        *iommu = NULL;
-        *domain = NULL;
-        *bdf = 0xffff;
-
-        if (dev->bus != &pci_bus_type)
-                return 0;
-
-        pcidev = to_pci_dev(dev);
-        _bdf = calc_devid(pcidev->bus->number, pcidev->devfn);
+        u16 devid = get_device_id(dev);
 
-        /* device not translated by any IOMMU in the system? */
-        if (_bdf > amd_iommu_last_bdf)
-                return 0;
+        if (!check_device(dev))
+                return ERR_PTR(-EINVAL);
 
-        *bdf = amd_iommu_alias_table[_bdf];
+        domain = domain_for_device(dev);
+        if (domain != NULL && !dma_ops_domain(domain))
+                return ERR_PTR(-EBUSY);
 
-        *iommu = amd_iommu_rlookup_table[*bdf];
-        if (*iommu == NULL)
-                return 0;
-        *domain = domain_for_device(*bdf);
-        if (*domain == NULL) {
-                dma_dom = find_protection_domain(*bdf);
-                if (!dma_dom)
-                        dma_dom = (*iommu)->default_dom;
-                *domain = &dma_dom->domain;
-                attach_device(*iommu, *domain, *bdf);
-                DUMP_printk("Using protection domain %d for device %s\n",
-                            (*domain)->id, dev_name(dev));
-        }
+        if (domain != NULL)
+                return domain;
 
-        if (domain_for_device(_bdf) == NULL)
-                attach_device(*iommu, *domain, _bdf);
+        /* Device not bount yet - bind it */
+        dma_dom = find_protection_domain(devid);
+        if (!dma_dom)
+                dma_dom = amd_iommu_rlookup_table[devid]->default_dom;
+        attach_device(dev, &dma_dom->domain);
+        DUMP_printk("Using protection domain %d for device %s\n",
+                    dma_dom->domain.id, dev_name(dev));
 
-        return 1;
+        return &dma_dom->domain;
 }
 
 static void update_device_table(struct protection_domain *domain)
 {
-        unsigned long flags;
-        int i;
+        struct iommu_dev_data *dev_data;
 
-        for (i = 0; i <= amd_iommu_last_bdf; ++i) {
-                if (amd_iommu_pd_table[i] != domain)
-                        continue;
-                write_lock_irqsave(&amd_iommu_devtable_lock, flags);
-                set_dte_entry(i, domain);
-                write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
+        list_for_each_entry(dev_data, &domain->dev_list, list) {
+                u16 devid = get_device_id(dev_data->dev);
+                set_dte_entry(devid, domain);
         }
 }
 
@@ -1429,76 +1685,13 @@ static void update_domain(struct protection_domain *domain)
                 return;
 
         update_device_table(domain);
-        flush_devices_by_domain(domain);
-        iommu_flush_domain(domain->id);
+        iommu_flush_domain_devices(domain);
+        iommu_flush_tlb_pde(domain);
 
         domain->updated = false;
 }
 
 /*
- * This function is used to add another level to an IO page table. Adding
- * another level increases the size of the address space by 9 bits to a size up
- * to 64 bits.
- */
-static bool increase_address_space(struct protection_domain *domain,
-                                   gfp_t gfp)
-{
-        u64 *pte;
-
-        if (domain->mode == PAGE_MODE_6_LEVEL)
-                /* address space already 64 bit large */
-                return false;
-
-        pte = (void *)get_zeroed_page(gfp);
-        if (!pte)
-                return false;
-
-        *pte             = PM_LEVEL_PDE(domain->mode,
-                                        virt_to_phys(domain->pt_root));
-        domain->pt_root  = pte;
-        domain->mode    += 1;
-        domain->updated  = true;
-
-        return true;
-}
-
-static u64 *alloc_pte(struct protection_domain *domain,
-                      unsigned long address,
-                      int end_lvl,
-                      u64 **pte_page,
-                      gfp_t gfp)
-{
-        u64 *pte, *page;
-        int level;
-
-        while (address > PM_LEVEL_SIZE(domain->mode))
-                increase_address_space(domain, gfp);
-
-        level =  domain->mode - 1;
-        pte   = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
-
-        while (level > end_lvl) {
-                if (!IOMMU_PTE_PRESENT(*pte)) {
-                        page = (u64 *)get_zeroed_page(gfp);
-                        if (!page)
-                                return NULL;
-                        *pte = PM_LEVEL_PDE(level, virt_to_phys(page));
-                }
-
-                level -= 1;
-
-                pte = IOMMU_PTE_PAGE(*pte);
-
-                if (pte_page && level == end_lvl)
-                        *pte_page = pte;
-
-                pte = &pte[PM_LEVEL_INDEX(level, address)];
-        }
-
-        return pte;
-}
-
-/*
  * This function fetches the PTE for a given address in the aperture
  */
 static u64* dma_ops_get_pte(struct dma_ops_domain *dom,
@@ -1528,8 +1721,7 @@ static u64* dma_ops_get_pte(struct dma_ops_domain *dom,
  * This is the generic map function. It maps one 4kb page at paddr to
  * the given address in the DMA address space for the domain.
  */
-static dma_addr_t dma_ops_domain_map(struct amd_iommu *iommu,
-                                     struct dma_ops_domain *dom,
+static dma_addr_t dma_ops_domain_map(struct dma_ops_domain *dom,
                                      unsigned long address,
                                      phys_addr_t paddr,
                                      int direction)
@@ -1542,7 +1734,7 @@ static dma_addr_t dma_ops_domain_map(struct amd_iommu *iommu,
 
         pte  = dma_ops_get_pte(dom, address);
         if (!pte)
-                return bad_dma_address;
+                return DMA_ERROR_CODE;
 
         __pte = paddr | IOMMU_PTE_P | IOMMU_PTE_FC;
 
@@ -1563,8 +1755,7 @@ static dma_addr_t dma_ops_domain_map(struct amd_iommu *iommu,
 /*
  * The generic unmapping function for on page in the DMA address space.
  */
-static void dma_ops_domain_unmap(struct amd_iommu *iommu,
-                                 struct dma_ops_domain *dom,
+static void dma_ops_domain_unmap(struct dma_ops_domain *dom,
                                  unsigned long address)
 {
         struct aperture_range *aperture;
@@ -1595,7 +1786,6 @@ static void dma_ops_domain_unmap(struct amd_iommu *iommu,
  * Must be called with the domain lock held.
  */
 static dma_addr_t __map_single(struct device *dev,
-                               struct amd_iommu *iommu,
                                struct dma_ops_domain *dma_dom,
                                phys_addr_t paddr,
                                size_t size,
@@ -1623,7 +1813,7 @@ static dma_addr_t __map_single(struct device *dev,
 retry:
         address = dma_ops_alloc_addresses(dev, dma_dom, pages, align_mask,
                                           dma_mask);
-        if (unlikely(address == bad_dma_address)) {
+        if (unlikely(address == DMA_ERROR_CODE)) {
                 /*
                  * setting next_address here will let the address
                  * allocator only scan the new allocated range in the
@@ -1631,11 +1821,11 @@ retry:
                  */
                 dma_dom->next_address = dma_dom->aperture_size;
 
-                if (alloc_new_range(iommu, dma_dom, false, GFP_ATOMIC))
+                if (alloc_new_range(dma_dom, false, GFP_ATOMIC))
                         goto out;
 
                 /*
-                 * aperture was sucessfully enlarged by 128 MB, try
+                 * aperture was successfully enlarged by 128 MB, try
                  * allocation again
                  */
                 goto retry;
@@ -1643,8 +1833,8 @@ retry:
 
         start = address;
         for (i = 0; i < pages; ++i) {
-                ret = dma_ops_domain_map(iommu, dma_dom, start, paddr, dir);
-                if (ret == bad_dma_address)
+                ret = dma_ops_domain_map(dma_dom, start, paddr, dir);
+                if (ret == DMA_ERROR_CODE)
                         goto out_unmap;
 
                 paddr += PAGE_SIZE;
@@ -1655,10 +1845,10 @@ retry:
         ADD_STATS_COUNTER(alloced_io_mem, size);
 
         if (unlikely(dma_dom->need_flush && !amd_iommu_unmap_flush)) {
-                iommu_flush_tlb(iommu, dma_dom->domain.id);
+                iommu_flush_tlb(&dma_dom->domain);
                 dma_dom->need_flush = false;
-        } else if (unlikely(iommu_has_npcache(iommu)))
-                iommu_flush_pages(iommu, dma_dom->domain.id, address, size);
+        } else if (unlikely(amd_iommu_np_cache))
+                iommu_flush_pages(&dma_dom->domain, address, size);
 
 out:
         return address;
@@ -1667,20 +1857,19 @@ out_unmap:
 
         for (--i; i >= 0; --i) {
                 start -= PAGE_SIZE;
-                dma_ops_domain_unmap(iommu, dma_dom, start);
+                dma_ops_domain_unmap(dma_dom, start);
         }
 
         dma_ops_free_addresses(dma_dom, address, pages);
 
-        return bad_dma_address;
+        return DMA_ERROR_CODE;
 }
 
 /*
  * Does the reverse of the __map_single function. Must be called with
  * the domain lock held too
  */
-static void __unmap_single(struct amd_iommu *iommu,
-                           struct dma_ops_domain *dma_dom,
+static void __unmap_single(struct dma_ops_domain *dma_dom,
                            dma_addr_t dma_addr,
                            size_t size,
                            int dir)
@@ -1688,7 +1877,7 @@ static void __unmap_single(struct amd_iommu *iommu,
         dma_addr_t i, start;
         unsigned int pages;
 
-        if ((dma_addr == bad_dma_address) ||
+        if ((dma_addr == DMA_ERROR_CODE) ||
             (dma_addr + size > dma_dom->aperture_size))
                 return;
 
@@ -1697,7 +1886,7 @@ static void __unmap_single(struct amd_iommu *iommu,
         start = dma_addr;
 
         for (i = 0; i < pages; ++i) {
-                dma_ops_domain_unmap(iommu, dma_dom, start);
+                dma_ops_domain_unmap(dma_dom, start);
                 start += PAGE_SIZE;
         }
 
@@ -1706,7 +1895,7 @@ static void __unmap_single(struct amd_iommu *iommu,
         dma_ops_free_addresses(dma_dom, dma_addr, pages);
 
         if (amd_iommu_unmap_flush || dma_dom->need_flush) {
-                iommu_flush_pages(iommu, dma_dom->domain.id, dma_addr, size);
+                iommu_flush_pages(&dma_dom->domain, dma_addr, size);
                 dma_dom->need_flush = false;
         }
 }
@@ -1720,36 +1909,29 @@ static dma_addr_t map_page(struct device *dev, struct page *page,
                            struct dma_attrs *attrs)
 {
         unsigned long flags;
-        struct amd_iommu *iommu;
         struct protection_domain *domain;
-        u16 devid;
         dma_addr_t addr;
         u64 dma_mask;
         phys_addr_t paddr = page_to_phys(page) + offset;
 
         INC_STATS_COUNTER(cnt_map_single);
 
-        if (!check_device(dev))
-                return bad_dma_address;
-
-        dma_mask = *dev->dma_mask;
-
-        get_device_resources(dev, &iommu, &domain, &devid);
-
-        if (iommu == NULL || domain == NULL)
-                /* device not handled by any AMD IOMMU */
+        domain = get_domain(dev);
+        if (PTR_ERR(domain) == -EINVAL)
                 return (dma_addr_t)paddr;
+        else if (IS_ERR(domain))
+                return DMA_ERROR_CODE;
 
-        if (!dma_ops_domain(domain))
-                return bad_dma_address;
+        dma_mask = *dev->dma_mask;
 
         spin_lock_irqsave(&domain->lock, flags);
-        addr = __map_single(dev, iommu, domain->priv, paddr, size, dir, false,
+
+        addr = __map_single(dev, domain->priv, paddr, size, dir, false,
                             dma_mask);
-        if (addr == bad_dma_address)
+        if (addr == DMA_ERROR_CODE)
                 goto out;
 
-        iommu_completion_wait(iommu);
+        iommu_flush_complete(domain);
 
 out:
         spin_unlock_irqrestore(&domain->lock, flags);
@@ -1764,25 +1946,19 @@ static void unmap_page(struct device *dev, dma_addr_t dma_addr, size_t size,
                        enum dma_data_direction dir, struct dma_attrs *attrs)
 {
         unsigned long flags;
-        struct amd_iommu *iommu;
         struct protection_domain *domain;
-        u16 devid;
 
         INC_STATS_COUNTER(cnt_unmap_single);
 
-        if (!check_device(dev) ||
-            !get_device_resources(dev, &iommu, &domain, &devid))
-                /* device not handled by any AMD IOMMU */
-                return;
-
-        if (!dma_ops_domain(domain))
+        domain = get_domain(dev);
+        if (IS_ERR(domain))
                 return;
 
         spin_lock_irqsave(&domain->lock, flags);
 
-        __unmap_single(iommu, domain->priv, dma_addr, size, dir);
+        __unmap_single(domain->priv, dma_addr, size, dir);
 
-        iommu_completion_wait(iommu);
+        iommu_flush_complete(domain);
 
         spin_unlock_irqrestore(&domain->lock, flags);
 }
@@ -1814,9 +1990,7 @@ static int map_sg(struct device *dev, struct scatterlist *sglist,
                   struct dma_attrs *attrs)
 {
         unsigned long flags;
-        struct amd_iommu *iommu;
         struct protection_domain *domain;
-        u16 devid;
         int i;
         struct scatterlist *s;
         phys_addr_t paddr;
@@ -1825,25 +1999,20 @@ static int map_sg(struct device *dev, struct scatterlist *sglist,
 
         INC_STATS_COUNTER(cnt_map_sg);
 
-        if (!check_device(dev))
+        domain = get_domain(dev);
+        if (PTR_ERR(domain) == -EINVAL)
+                return map_sg_no_iommu(dev, sglist, nelems, dir);
+        else if (IS_ERR(domain))
                 return 0;
 
         dma_mask = *dev->dma_mask;
 
-        get_device_resources(dev, &iommu, &domain, &devid);
-
-        if (!iommu || !domain)
-                return map_sg_no_iommu(dev, sglist, nelems, dir);
-
-        if (!dma_ops_domain(domain))
-                return 0;
-
         spin_lock_irqsave(&domain->lock, flags);
 
         for_each_sg(sglist, s, nelems, i) {
                 paddr = sg_phys(s);
 
-                s->dma_address = __map_single(dev, iommu, domain->priv,
+                s->dma_address = __map_single(dev, domain->priv,
                                               paddr, s->length, dir, false,
                                               dma_mask);
 
@@ -1854,7 +2023,7 @@ static int map_sg(struct device *dev, struct scatterlist *sglist,
                         goto unmap;
         }
 
-        iommu_completion_wait(iommu);
+        iommu_flush_complete(domain);
 
 out:
         spin_unlock_irqrestore(&domain->lock, flags);
@@ -1863,7 +2032,7 @@ out:
 unmap:
         for_each_sg(sglist, s, mapped_elems, i) {
                 if (s->dma_address)
-                        __unmap_single(iommu, domain->priv, s->dma_address,
+                        __unmap_single(domain->priv, s->dma_address,
                                        s->dma_length, dir);
                 s->dma_address = s->dma_length = 0;
         }
@@ -1882,30 +2051,25 @@ static void unmap_sg(struct device *dev, struct scatterlist *sglist,
                      struct dma_attrs *attrs)
 {
         unsigned long flags;
-        struct amd_iommu *iommu;
         struct protection_domain *domain;
         struct scatterlist *s;
-        u16 devid;
         int i;
 
         INC_STATS_COUNTER(cnt_unmap_sg);
 
-        if (!check_device(dev) ||
-            !get_device_resources(dev, &iommu, &domain, &devid))
-                return;
-
-        if (!dma_ops_domain(domain))
+        domain = get_domain(dev);
+        if (IS_ERR(domain))
                 return;
 
         spin_lock_irqsave(&domain->lock, flags);
 
         for_each_sg(sglist, s, nelems, i) {
-                __unmap_single(iommu, domain->priv, s->dma_address,
+                __unmap_single(domain->priv, s->dma_address,
                                s->dma_length, dir);
                 s->dma_address = s->dma_length = 0;
         }
 
-        iommu_completion_wait(iommu);
+        iommu_flush_complete(domain);
 
         spin_unlock_irqrestore(&domain->lock, flags);
 }
@@ -1918,49 +2082,44 @@ static void *alloc_coherent(struct device *dev, size_t size,
 {
         unsigned long flags;
         void *virt_addr;
-        struct amd_iommu *iommu;
         struct protection_domain *domain;
-        u16 devid;
         phys_addr_t paddr;
         u64 dma_mask = dev->coherent_dma_mask;
 
         INC_STATS_COUNTER(cnt_alloc_coherent);
 
-        if (!check_device(dev))
+        domain = get_domain(dev);
+        if (PTR_ERR(domain) == -EINVAL) {
+                virt_addr = (void *)__get_free_pages(flag, get_order(size));
+                *dma_addr = __pa(virt_addr);
+                return virt_addr;
+        } else if (IS_ERR(domain))
                 return NULL;
 
-        if (!get_device_resources(dev, &iommu, &domain, &devid))
-                flag &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
+        dma_mask  = dev->coherent_dma_mask;
+        flag     &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
+        flag     |= __GFP_ZERO;
 
-        flag |= __GFP_ZERO;
         virt_addr = (void *)__get_free_pages(flag, get_order(size));
         if (!virt_addr)
                 return NULL;
 
         paddr = virt_to_phys(virt_addr);
 
-        if (!iommu || !domain) {
-                *dma_addr = (dma_addr_t)paddr;
-                return virt_addr;
-        }
-
-        if (!dma_ops_domain(domain))
-                goto out_free;
-
         if (!dma_mask)
                 dma_mask = *dev->dma_mask;
 
         spin_lock_irqsave(&domain->lock, flags);
 
-        *dma_addr = __map_single(dev, iommu, domain->priv, paddr,
+        *dma_addr = __map_single(dev, domain->priv, paddr,
                                  size, DMA_BIDIRECTIONAL, true, dma_mask);
 
-        if (*dma_addr == bad_dma_address) {
+        if (*dma_addr == DMA_ERROR_CODE) {
                 spin_unlock_irqrestore(&domain->lock, flags);
                 goto out_free;
         }
 
-        iommu_completion_wait(iommu);
+        iommu_flush_complete(domain);
 
         spin_unlock_irqrestore(&domain->lock, flags);
 
@@ -1980,28 +2139,19 @@ static void free_coherent(struct device *dev, size_t size,
                           void *virt_addr, dma_addr_t dma_addr)
 {
         unsigned long flags;
-        struct amd_iommu *iommu;
         struct protection_domain *domain;
-        u16 devid;
 
         INC_STATS_COUNTER(cnt_free_coherent);
 
-        if (!check_device(dev))
-                return;
-
-        get_device_resources(dev, &iommu, &domain, &devid);
-
-        if (!iommu || !domain)
-                goto free_mem;
-
-        if (!dma_ops_domain(domain))
+        domain = get_domain(dev);
+        if (IS_ERR(domain))
                 goto free_mem;
 
         spin_lock_irqsave(&domain->lock, flags);
 
-        __unmap_single(iommu, domain->priv, dma_addr, size, DMA_BIDIRECTIONAL);
+        __unmap_single(domain->priv, dma_addr, size, DMA_BIDIRECTIONAL);
 
-        iommu_completion_wait(iommu);
+        iommu_flush_complete(domain);
 
         spin_unlock_irqrestore(&domain->lock, flags);
 
@@ -2015,22 +2165,7 @@ free_mem:
  */
 static int amd_iommu_dma_supported(struct device *dev, u64 mask)
 {
-        u16 bdf;
-        struct pci_dev *pcidev;
-
-        /* No device or no PCI device */
-        if (!dev || dev->bus != &pci_bus_type)
-                return 0;
-
-        pcidev = to_pci_dev(dev);
-
-        bdf = calc_devid(pcidev->bus->number, pcidev->devfn);
-
-        /* Out of our scope? */
-        if (bdf > amd_iommu_last_bdf)
-                return 0;
-
-        return 1;
+        return check_device(dev);
 }
 
 /*
@@ -2044,25 +2179,28 @@ static void prealloc_protection_domains(void)
 {
         struct pci_dev *dev = NULL;
         struct dma_ops_domain *dma_dom;
-        struct amd_iommu *iommu;
         u16 devid;
 
         while ((dev = pci_get_device(PCI_ANY_ID, PCI_ANY_ID, dev)) != NULL) {
-                devid = calc_devid(dev->bus->number, dev->devfn);
-                if (devid > amd_iommu_last_bdf)
-                        continue;
-                devid = amd_iommu_alias_table[devid];
-                if (domain_for_device(devid))
+
+                /* Do we handle this device? */
+                if (!check_device(&dev->dev))
                         continue;
-                iommu = amd_iommu_rlookup_table[devid];
-                if (!iommu)
+
+                /* Is there already any domain for it? */
+                if (domain_for_device(&dev->dev))
                         continue;
-                dma_dom = dma_ops_domain_alloc(iommu);
+
+                devid = get_device_id(&dev->dev);
+
+                dma_dom = dma_ops_domain_alloc();
                 if (!dma_dom)
                         continue;
                 init_unity_mappings_for_device(dma_dom, devid);
                 dma_dom->target_dev = devid;
 
+                attach_device(&dev->dev, &dma_dom->domain);
+
                 list_add_tail(&dma_dom->list, &iommu_pd_list);
         }
 }
@@ -2091,7 +2229,7 @@ int __init amd_iommu_init_dma_ops(void)
          * protection domain will be assigned to the default one.
          */
         for_each_iommu(iommu) {
-                iommu->default_dom = dma_ops_domain_alloc(iommu);
+                iommu->default_dom = dma_ops_domain_alloc();
                 if (iommu->default_dom == NULL)
                         return -ENOMEM;
                 iommu->default_dom->domain.flags |= PD_DEFAULT_MASK;
@@ -2101,15 +2239,12 @@ int __init amd_iommu_init_dma_ops(void)
         }
 
         /*
-         * If device isolation is enabled, pre-allocate the protection
-         * domains for each device.
+         * Pre-allocate the protection domains for each device.
          */
-        if (amd_iommu_isolate)
-                prealloc_protection_domains();
+        prealloc_protection_domains();
 
         iommu_detected = 1;
-        force_iommu = 1;
-        bad_dma_address = 0;
+        swiotlb = 0;
 #ifdef CONFIG_GART_IOMMU
         gart_iommu_aperture_disabled = 1;
         gart_iommu_aperture = 0;
@@ -2120,8 +2255,6 @@ int __init amd_iommu_init_dma_ops(void)
 
         register_iommu(&amd_iommu_ops);
 
-        bus_register_notifier(&pci_bus_type, &device_nb);
-
         amd_iommu_stats_init();
 
         return 0;
@@ -2148,14 +2281,17 @@ free_domains:
 
 static void cleanup_domain(struct protection_domain *domain)
 {
+        struct iommu_dev_data *dev_data, *next;
         unsigned long flags;
-        u16 devid;
 
         write_lock_irqsave(&amd_iommu_devtable_lock, flags);
 
-        for (devid = 0; devid <= amd_iommu_last_bdf; ++devid)
-                if (amd_iommu_pd_table[devid] == domain)
-                        __detach_device(domain, devid);
+        list_for_each_entry_safe(dev_data, next, &domain->dev_list, list) {
+                struct device *dev = dev_data->dev;
+
+                do_detach(dev);
+                atomic_set(&dev_data->bind, 0);
+        }
 
         write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
 }
@@ -2165,6 +2301,8 @@ static void protection_domain_free(struct protection_domain *domain)
         if (!domain)
                 return;
 
+        del_domain_from_list(domain);
+
         if (domain->id)
                 domain_id_free(domain->id);
 
@@ -2183,6 +2321,9 @@ static struct protection_domain *protection_domain_alloc(void)
         domain->id = domain_id_alloc();
         if (!domain->id)
                 goto out_err;
+        INIT_LIST_HEAD(&domain->dev_list);
+
+        add_domain_to_list(domain);
 
         return domain;
 
@@ -2239,26 +2380,23 @@ static void amd_iommu_domain_destroy(struct iommu_domain *dom)
 static void amd_iommu_detach_device(struct iommu_domain *dom,
                                     struct device *dev)
 {
-        struct protection_domain *domain = dom->priv;
+        struct iommu_dev_data *dev_data = dev->archdata.iommu;
         struct amd_iommu *iommu;
-        struct pci_dev *pdev;
         u16 devid;
 
-        if (dev->bus != &pci_bus_type)
+        if (!check_device(dev))
                 return;
 
-        pdev = to_pci_dev(dev);
+        devid = get_device_id(dev);
 
-        devid = calc_devid(pdev->bus->number, pdev->devfn);
-
-        if (devid > 0)
-                detach_device(domain, devid);
+        if (dev_data->domain != NULL)
+                detach_device(dev);
 
         iommu = amd_iommu_rlookup_table[devid];
         if (!iommu)
                 return;
 
-        iommu_queue_inv_dev_entry(iommu, devid);
+        iommu_flush_device(dev);
         iommu_completion_wait(iommu);
 }
 
@@ -2266,35 +2404,30 @@ static int amd_iommu_attach_device(struct iommu_domain *dom,
                                    struct device *dev)
 {
         struct protection_domain *domain = dom->priv;
-        struct protection_domain *old_domain;
+        struct iommu_dev_data *dev_data;
         struct amd_iommu *iommu;
-        struct pci_dev *pdev;
+        int ret;
         u16 devid;
 
-        if (dev->bus != &pci_bus_type)
+        if (!check_device(dev))
                 return -EINVAL;
 
-        pdev = to_pci_dev(dev);
-
-        devid = calc_devid(pdev->bus->number, pdev->devfn);
+        dev_data = dev->archdata.iommu;
 
-        if (devid >= amd_iommu_last_bdf ||
-                        devid != amd_iommu_alias_table[devid])
-                return -EINVAL;
+        devid = get_device_id(dev);
 
         iommu = amd_iommu_rlookup_table[devid];
         if (!iommu)
                 return -EINVAL;
 
-        old_domain = domain_for_device(devid);
-        if (old_domain)
-                detach_device(old_domain, devid);
+        if (dev_data->domain)
+                detach_device(dev);
 
-        attach_device(iommu, domain, devid);
+        ret = attach_device(dev, domain);
 
         iommu_completion_wait(iommu);
 
-        return 0;
+        return ret;
 }
 
 static int amd_iommu_map_range(struct iommu_domain *dom,
@@ -2340,7 +2473,7 @@ static void amd_iommu_unmap_range(struct iommu_domain *dom,
                 iova  += PAGE_SIZE;
         }
 
-        iommu_flush_domain(domain->id);
+        iommu_flush_tlb_pde(domain);
 }
 
 static phys_addr_t amd_iommu_iova_to_phys(struct iommu_domain *dom,
@@ -2391,10 +2524,11 @@ static struct iommu_ops amd_iommu_ops = {
 
 int __init amd_iommu_init_passthrough(void)
 {
+        struct amd_iommu *iommu;
         struct pci_dev *dev = NULL;
-        u16 devid, devid2;
+        u16 devid;
 
-        /* allocate passthroug domain */
+        /* allocate passthrough domain */
         pt_domain = protection_domain_alloc();
         if (!pt_domain)
                 return -ENOMEM;
@@ -2402,20 +2536,17 @@ int __init amd_iommu_init_passthrough(void)
         pt_domain->mode |= PAGE_MODE_NONE;
 
         while ((dev = pci_get_device(PCI_ANY_ID, PCI_ANY_ID, dev)) != NULL) {
-                struct amd_iommu *iommu;
 
-                devid = calc_devid(dev->bus->number, dev->devfn);
-                if (devid > amd_iommu_last_bdf)
+                if (!check_device(&dev->dev))
                         continue;
 
-                devid2 = amd_iommu_alias_table[devid];
+                devid = get_device_id(&dev->dev);
 
-                iommu = amd_iommu_rlookup_table[devid2];
+                iommu = amd_iommu_rlookup_table[devid];
                 if (!iommu)
                         continue;
 
-                __attach_device(iommu, pt_domain, devid);
-                __attach_device(iommu, pt_domain, devid2);
+                attach_device(&dev->dev, pt_domain);
         }
 
         pr_info("AMD-Vi: Initialized for Passthrough Mode\n");
diff --git a/arch/x86/kernel/amd_iommu_init.c b/arch/x86/kernel/amd_iommu_init.c
index b4b61d462dcc..fb490ce7dd55 100644
--- a/arch/x86/kernel/amd_iommu_init.c
+++ b/arch/x86/kernel/amd_iommu_init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
+ * Copyright (C) 2007-2009 Advanced Micro Devices, Inc.
  * Author: Joerg Roedel <joerg.roedel@amd.com>
  *         Leo Duran <leo.duran@amd.com>
  *
@@ -25,10 +25,12 @@
 #include <linux/interrupt.h>
 #include <linux/msi.h>
 #include <asm/pci-direct.h>
+#include <asm/amd_iommu_proto.h>
 #include <asm/amd_iommu_types.h>
 #include <asm/amd_iommu.h>
 #include <asm/iommu.h>
 #include <asm/gart.h>
+#include <asm/x86_init.h>
 
 /*
  * definitions for the ACPI scanning code
@@ -123,18 +125,29 @@ u16 amd_iommu_last_bdf;			/* largest PCI device id we have
                                            to handle */
 LIST_HEAD(amd_iommu_unity_map);         /* a list of required unity mappings
                                            we find in ACPI */
-#ifdef CONFIG_IOMMU_STRESS
-bool amd_iommu_isolate = false;
-#else
-bool amd_iommu_isolate = true;          /* if true, device isolation is
-                                           enabled */
-#endif
-
 bool amd_iommu_unmap_flush;             /* if true, flush on every unmap */
 
 LIST_HEAD(amd_iommu_list);              /* list of all AMD IOMMUs in the
                                            system */
 
+/* Array to assign indices to IOMMUs*/
+struct amd_iommu *amd_iommus[MAX_IOMMUS];
+int amd_iommus_present;
+
+/* IOMMUs have a non-present cache? */
+bool amd_iommu_np_cache __read_mostly;
+
+/*
+ * Set to true if ACPI table parsing and hardware intialization went properly
+ */
+static bool amd_iommu_initialized;
+
+/*
+ * List of protection domains - used during resume
+ */
+LIST_HEAD(amd_iommu_pd_list);
+spinlock_t amd_iommu_pd_lock;
+
 /*
  * Pointer to the device table which is shared by all AMD IOMMUs
  * it is indexed by the PCI device id or the HT unit id and contains
@@ -157,12 +170,6 @@ u16 *amd_iommu_alias_table;
 struct amd_iommu **amd_iommu_rlookup_table;
 
 /*
- * The pd table (protection domain table) is used to find the protection domain
- * data structure a device belongs to. Indexed with the PCI device id too.
- */
-struct protection_domain **amd_iommu_pd_table;
-
-/*
  * AMD IOMMU allows up to 2^16 differend protection domains. This is a bitmap
  * to know which ones are already in use.
  */
@@ -240,7 +247,7 @@ static void iommu_feature_enable(struct amd_iommu *iommu, u8 bit)
         writel(ctrl, iommu->mmio_base + MMIO_CONTROL_OFFSET);
 }
 
-static void __init iommu_feature_disable(struct amd_iommu *iommu, u8 bit)
+static void iommu_feature_disable(struct amd_iommu *iommu, u8 bit)
 {
         u32 ctrl;
 
@@ -519,6 +526,26 @@ static void set_dev_entry_bit(u16 devid, u8 bit)
         amd_iommu_dev_table[devid].data[i] |= (1 << _bit);
 }
 
+static int get_dev_entry_bit(u16 devid, u8 bit)
+{
+        int i = (bit >> 5) & 0x07;
+        int _bit = bit & 0x1f;
+
+        return (amd_iommu_dev_table[devid].data[i] & (1 << _bit)) >> _bit;
+}
+
+
+void amd_iommu_apply_erratum_63(u16 devid)
+{
+        int sysmgt;
+
+        sysmgt = get_dev_entry_bit(devid, DEV_ENTRY_SYSMGT1) |
+                 (get_dev_entry_bit(devid, DEV_ENTRY_SYSMGT2) << 1);
+
+        if (sysmgt == 0x01)
+                set_dev_entry_bit(devid, DEV_ENTRY_IW);
+}
+
 /* Writes the specific IOMMU for a device into the rlookup table */
 static void __init set_iommu_for_device(struct amd_iommu *iommu, u16 devid)
 {
@@ -547,6 +574,8 @@ static void __init set_dev_entry_from_acpi(struct amd_iommu *iommu,
         if (flags & ACPI_DEVFLAG_LINT1)
                 set_dev_entry_bit(devid, DEV_ENTRY_LINT1_PASS);
 
+        amd_iommu_apply_erratum_63(devid);
+
         set_iommu_for_device(iommu, devid);
 }
 
@@ -816,7 +845,18 @@ static void __init free_iommu_all(void)
 static int __init init_iommu_one(struct amd_iommu *iommu, struct ivhd_header *h)
 {
         spin_lock_init(&iommu->lock);
+
+        /* Add IOMMU to internal data structures */
         list_add_tail(&iommu->list, &amd_iommu_list);
+        iommu->index             = amd_iommus_present++;
+
+        if (unlikely(iommu->index >= MAX_IOMMUS)) {
+                WARN(1, "AMD-Vi: System has more IOMMUs than supported by this driver\n");
+                return -ENOSYS;
+        }
+
+        /* Index is fine - add IOMMU to the array */
+        amd_iommus[iommu->index] = iommu;
 
         /*
          * Copy data from ACPI table entry to the iommu struct
@@ -846,6 +886,9 @@ static int __init init_iommu_one(struct amd_iommu *iommu, struct ivhd_header *h)
         init_iommu_from_acpi(iommu, h);
         init_iommu_devices(iommu);
 
+        if (iommu->cap & (1UL << IOMMU_CAP_NPCACHE))
+                amd_iommu_np_cache = true;
+
         return pci_enable_device(iommu->dev);
 }
 
@@ -891,6 +934,8 @@ static int __init init_iommu_all(struct acpi_table_header *table)
         }
         WARN_ON(p != end);
 
+        amd_iommu_initialized = true;
+
         return 0;
 }
 
@@ -903,7 +948,7 @@ static int __init init_iommu_all(struct acpi_table_header *table)
  *
  ****************************************************************************/
 
-static int __init iommu_setup_msi(struct amd_iommu *iommu)
+static int iommu_setup_msi(struct amd_iommu *iommu)
 {
         int r;
 
@@ -1154,19 +1199,10 @@ static struct sys_device device_amd_iommu = {
  * functions. Finally it prints some information about AMD IOMMUs and
  * the driver state and enables the hardware.
  */
-int __init amd_iommu_init(void)
+static int __init amd_iommu_init(void)
 {
         int i, ret = 0;
 
-
-        if (no_iommu) {
-                printk(KERN_INFO "AMD-Vi disabled by kernel command line\n");
-                return 0;
-        }
-
-        if (!amd_iommu_detected)
-                return -ENODEV;
-
         /*
          * First parse ACPI tables to find the largest Bus/Dev/Func
          * we need to handle. Upon this information the shared data
@@ -1203,15 +1239,6 @@ int __init amd_iommu_init(void)
         if (amd_iommu_rlookup_table == NULL)
                 goto free;
 
-        /*
-         * Protection Domain table - maps devices to protection domains
-         * This table has the same size as the rlookup_table
-         */
-        amd_iommu_pd_table = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
-                                     get_order(rlookup_table_size));
-        if (amd_iommu_pd_table == NULL)
-                goto free;
-
         amd_iommu_pd_alloc_bitmap = (void *)__get_free_pages(
                                             GFP_KERNEL | __GFP_ZERO,
                                             get_order(MAX_DOMAIN_ID/8));
@@ -1233,6 +1260,8 @@ int __init amd_iommu_init(void)
          */
         amd_iommu_pd_alloc_bitmap[0] = 1;
 
+        spin_lock_init(&amd_iommu_pd_lock);
+
         /*
          * now the data structures are allocated and basically initialized
          * start the real acpi table scan
@@ -1241,6 +1270,9 @@ int __init amd_iommu_init(void)
         if (acpi_table_parse("IVRS", init_iommu_all) != 0)
                 goto free;
 
+        if (!amd_iommu_initialized)
+                goto free;
+
         if (acpi_table_parse("IVRS", init_memory_definitions) != 0)
                 goto free;
 
@@ -1252,6 +1284,10 @@ int __init amd_iommu_init(void)
         if (ret)
                 goto free;
 
+        ret = amd_iommu_init_devices();
+        if (ret)
+                goto free;
+
         if (iommu_pass_through)
                 ret = amd_iommu_init_passthrough();
         else
@@ -1259,32 +1295,29 @@ int __init amd_iommu_init(void)
         if (ret)
                 goto free;
 
+        amd_iommu_init_notifier();
+
         enable_iommus();
 
         if (iommu_pass_through)
                 goto out;
 
-        printk(KERN_INFO "AMD-Vi: device isolation ");
-        if (amd_iommu_isolate)
-                printk("enabled\n");
-        else
-                printk("disabled\n");
-
         if (amd_iommu_unmap_flush)
                 printk(KERN_INFO "AMD-Vi: IO/TLB flush on unmap enabled\n");
         else
                 printk(KERN_INFO "AMD-Vi: Lazy IO/TLB flushing enabled\n");
 
+        x86_platform.iommu_shutdown = disable_iommus;
 out:
         return ret;
 
 free:
+
+        amd_iommu_uninit_devices();
+
         free_pages((unsigned long)amd_iommu_pd_alloc_bitmap,
                    get_order(MAX_DOMAIN_ID/8));
 
-        free_pages((unsigned long)amd_iommu_pd_table,
-                   get_order(rlookup_table_size));
-
         free_pages((unsigned long)amd_iommu_rlookup_table,
                    get_order(rlookup_table_size));
 
@@ -1301,11 +1334,6 @@ free:
         goto out;
 }
 
-void amd_iommu_shutdown(void)
-{
-        disable_iommus();
-}
-
 /****************************************************************************
  *
  * Early detect code. This code runs at IOMMU detection time in the DMA
@@ -1320,16 +1348,16 @@ static int __init early_amd_iommu_detect(struct acpi_table_header *table)
 
 void __init amd_iommu_detect(void)
 {
-        if (swiotlb || no_iommu || (iommu_detected && !gart_iommu_aperture))
+        if (no_iommu || (iommu_detected && !gart_iommu_aperture))
                 return;
 
         if (acpi_table_parse("IVRS", early_amd_iommu_detect) == 0) {
                 iommu_detected = 1;
                 amd_iommu_detected = 1;
-#ifdef CONFIG_GART_IOMMU
-                gart_iommu_aperture_disabled = 1;
-                gart_iommu_aperture = 0;
-#endif
+                x86_init.iommu.iommu_init = amd_iommu_init;
+
+                /* Make sure ACS will be enabled */
+                pci_request_acs();
         }
 }
 
@@ -1350,10 +1378,6 @@ static int __init parse_amd_iommu_dump(char *str)
 static int __init parse_amd_iommu_options(char *str)
 {
         for (; *str; ++str) {
-                if (strncmp(str, "isolate", 7) == 0)
-                        amd_iommu_isolate = true;
-                if (strncmp(str, "share", 5) == 0)
-                        amd_iommu_isolate = false;
                 if (strncmp(str, "fullflush", 9) == 0)
                         amd_iommu_unmap_flush = true;
         }
diff --git a/arch/x86/kernel/aperture_64.c b/arch/x86/kernel/aperture_64.c
index 128111d8ffe0..3704997e8b25 100644
--- a/arch/x86/kernel/aperture_64.c
+++ b/arch/x86/kernel/aperture_64.c
@@ -28,6 +28,7 @@
 #include <asm/pci-direct.h>
 #include <asm/dma.h>
 #include <asm/k8.h>
+#include <asm/x86_init.h>
 
 int gart_iommu_aperture;
 int gart_iommu_aperture_disabled __initdata;
@@ -279,7 +280,8 @@ void __init early_gart_iommu_check(void)
          * or BIOS forget to put that in reserved.
          * try to update e820 to make that region as reserved.
          */
-        int i, fix, slot;
+        u32 agp_aper_base = 0, agp_aper_order = 0;
+        int i, fix, slot, valid_agp = 0;
         u32 ctl;
         u32 aper_size = 0, aper_order = 0, last_aper_order = 0;
         u64 aper_base = 0, last_aper_base = 0;
@@ -289,6 +291,8 @@ void __init early_gart_iommu_check(void)
                 return;
 
         /* This is mostly duplicate of iommu_hole_init */
+        agp_aper_base = search_agp_bridge(&agp_aper_order, &valid_agp);
+
         fix = 0;
         for (i = 0; i < ARRAY_SIZE(bus_dev_ranges); i++) {
                 int bus;
@@ -341,10 +345,10 @@ void __init early_gart_iommu_check(void)
                 }
         }
 
-        if (!fix)
+        if (valid_agp)
                 return;
 
-        /* different nodes have different setting, disable them all at first*/
+        /* disable them all at first */
         for (i = 0; i < ARRAY_SIZE(bus_dev_ranges); i++) {
                 int bus;
                 int dev_base, dev_limit;
@@ -400,6 +404,7 @@ void __init gart_iommu_hole_init(void)
 
                         iommu_detected = 1;
                         gart_iommu_aperture = 1;
+                        x86_init.iommu.iommu_init = gart_iommu_init;
 
                         aper_order = (read_pci_config(bus, slot, 3, AMD64_GARTAPERTURECTL) >> 1) & 7;
                         aper_size = (32 * 1024 * 1024) << aper_order;
@@ -456,8 +461,6 @@ out:
 
         if (aper_alloc) {
                 /* Got the aperture from the AGP bridge */
-        } else if (swiotlb && !valid_agp) {
-                /* Do nothing */
         } else if ((!no_iommu && max_pfn > MAX_DMA32_PFN) ||
                    force_iommu ||
                    valid_agp ||
diff --git a/arch/x86/kernel/apic/Makefile b/arch/x86/kernel/apic/Makefile
index da7b7b9f8bd8..565c1bfc507d 100644
--- a/arch/x86/kernel/apic/Makefile
+++ b/arch/x86/kernel/apic/Makefile
@@ -2,7 +2,7 @@
 # Makefile for local APIC drivers and for the IO-APIC code
 #
 
-obj-$(CONFIG_X86_LOCAL_APIC)    += apic.o probe_$(BITS).o ipi.o nmi.o
+obj-$(CONFIG_X86_LOCAL_APIC)    += apic.o apic_noop.o probe_$(BITS).o ipi.o nmi.o
 obj-$(CONFIG_X86_IO_APIC)       += io_apic.o
 obj-$(CONFIG_SMP)               += ipi.o
 
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 894aa97f0717..aa57c079c98f 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -241,28 +241,13 @@ static int modern_apic(void)
 }
 
 /*
- * bare function to substitute write operation
- * and it's _that_ fast :)
- */
-static void native_apic_write_dummy(u32 reg, u32 v)
-{
-        WARN_ON_ONCE((cpu_has_apic || !disable_apic));
-}
-
-static u32 native_apic_read_dummy(u32 reg)
-{
-        WARN_ON_ONCE((cpu_has_apic && !disable_apic));
-        return 0;
-}
-
-/*
- * right after this call apic->write/read doesn't do anything
- * note that there is no restore operation it works one way
+ * right after this call apic become NOOP driven
+ * so apic->write/read doesn't do anything
  */
 void apic_disable(void)
 {
-        apic->read = native_apic_read_dummy;
-        apic->write = native_apic_write_dummy;
+        pr_info("APIC: switched to apic NOOP\n");
+        apic = &apic_noop;
 }
 
 void native_apic_wait_icr_idle(void)
@@ -459,7 +444,7 @@ static void lapic_timer_setup(enum clock_event_mode mode,
                 v = apic_read(APIC_LVTT);
                 v |= (APIC_LVT_MASKED | LOCAL_TIMER_VECTOR);
                 apic_write(APIC_LVTT, v);
-                apic_write(APIC_TMICT, 0xffffffff);
+                apic_write(APIC_TMICT, 0);
                 break;
         case CLOCK_EVT_MODE_RESUME:
                 /* Nothing to do here */
@@ -662,7 +647,7 @@ static int __init calibrate_APIC_clock(void)
         calibration_result = (delta * APIC_DIVISOR) / LAPIC_CAL_LOOPS;
 
         apic_printk(APIC_VERBOSE, "..... delta %ld\n", delta);
-        apic_printk(APIC_VERBOSE, "..... mult: %ld\n", lapic_clockevent.mult);
+        apic_printk(APIC_VERBOSE, "..... mult: %u\n", lapic_clockevent.mult);
         apic_printk(APIC_VERBOSE, "..... calibration result: %u\n",
                     calibration_result);
 
@@ -1356,7 +1341,7 @@ void enable_x2apic(void)
 
         rdmsr(MSR_IA32_APICBASE, msr, msr2);
         if (!(msr & X2APIC_ENABLE)) {
-                pr_info("Enabling x2apic\n");
+                printk_once(KERN_INFO "Enabling x2apic\n");
                 wrmsr(MSR_IA32_APICBASE, msr | X2APIC_ENABLE, 0);
         }
 }
@@ -1392,14 +1377,11 @@ void __init enable_IR_x2apic(void)
         unsigned long flags;
         struct IO_APIC_route_entry **ioapic_entries = NULL;
         int ret, x2apic_enabled = 0;
-        int dmar_table_init_ret = 0;
+        int dmar_table_init_ret;
 
-#ifdef CONFIG_INTR_REMAP
         dmar_table_init_ret = dmar_table_init();
-        if (dmar_table_init_ret)
-                pr_debug("dmar_table_init() failed with %d:\n",
-                                dmar_table_init_ret);
-#endif
+        if (dmar_table_init_ret && !x2apic_supported())
+                return;
 
         ioapic_entries = alloc_ioapic_entries();
         if (!ioapic_entries) {
diff --git a/arch/x86/kernel/apic/apic_flat_64.c b/arch/x86/kernel/apic/apic_flat_64.c
index d0c99abc26c3..eacbd2b31d27 100644
--- a/arch/x86/kernel/apic/apic_flat_64.c
+++ b/arch/x86/kernel/apic/apic_flat_64.c
@@ -306,10 +306,7 @@ physflat_cpu_mask_to_apicid_and(const struct cpumask *cpumask,
                 if (cpumask_test_cpu(cpu, cpu_online_mask))
                         break;
         }
-        if (cpu < nr_cpu_ids)
-                return per_cpu(x86_cpu_to_apicid, cpu);
-
-        return BAD_APICID;
+        return per_cpu(x86_cpu_to_apicid, cpu);
 }
 
 struct apic apic_physflat =  {
diff --git a/arch/x86/kernel/apic/apic_noop.c b/arch/x86/kernel/apic/apic_noop.c
new file mode 100644
index 000000000000..e31b9ffe25f5
--- /dev/null
+++ b/arch/x86/kernel/apic/apic_noop.c
@@ -0,0 +1,200 @@
+/*
+ * NOOP APIC driver.
+ *
+ * Does almost nothing and should be substituted by a real apic driver via
+ * probe routine.
+ *
+ * Though in case if apic is disabled (for some reason) we try
+ * to not uglify the caller's code and allow to call (some) apic routines
+ * like self-ipi, etc...
+ */
+
+#include <linux/threads.h>
+#include <linux/cpumask.h>
+#include <linux/module.h>
+#include <linux/string.h>
+#include <linux/kernel.h>
+#include <linux/ctype.h>
+#include <linux/init.h>
+#include <linux/errno.h>
+#include <asm/fixmap.h>
+#include <asm/mpspec.h>
+#include <asm/apicdef.h>
+#include <asm/apic.h>
+#include <asm/setup.h>
+
+#include <linux/smp.h>
+#include <asm/ipi.h>
+
+#include <linux/interrupt.h>
+#include <asm/acpi.h>
+#include <asm/e820.h>
+
+static void noop_init_apic_ldr(void) { }
+static void noop_send_IPI_mask(const struct cpumask *cpumask, int vector) { }
+static void noop_send_IPI_mask_allbutself(const struct cpumask *cpumask, int vector) { }
+static void noop_send_IPI_allbutself(int vector) { }
+static void noop_send_IPI_all(int vector) { }
+static void noop_send_IPI_self(int vector) { }
+static void noop_apic_wait_icr_idle(void) { }
+static void noop_apic_icr_write(u32 low, u32 id) { }
+
+static int noop_wakeup_secondary_cpu(int apicid, unsigned long start_eip)
+{
+        return -1;
+}
+
+static u32 noop_safe_apic_wait_icr_idle(void)
+{
+        return 0;
+}
+
+static u64 noop_apic_icr_read(void)
+{
+        return 0;
+}
+
+static int noop_cpu_to_logical_apicid(int cpu)
+{
+        return 0;
+}
+
+static int noop_phys_pkg_id(int cpuid_apic, int index_msb)
+{
+        return 0;
+}
+
+static unsigned int noop_get_apic_id(unsigned long x)
+{
+        return 0;
+}
+
+static int noop_probe(void)
+{
+        /*
+         * NOOP apic should not ever be
+         * enabled via probe routine
+         */
+        return 0;
+}
+
+static int noop_apic_id_registered(void)
+{
+        /*
+         * if we would be really "pedantic"
+         * we should pass read_apic_id() here
+         * but since NOOP suppose APIC ID = 0
+         * lets save a few cycles
+         */
+        return physid_isset(0, phys_cpu_present_map);
+}
+
+static const struct cpumask *noop_target_cpus(void)
+{
+        /* only BSP here */
+        return cpumask_of(0);
+}
+
+static unsigned long noop_check_apicid_used(physid_mask_t *map, int apicid)
+{
+        return physid_isset(apicid, *map);
+}
+
+static unsigned long noop_check_apicid_present(int bit)
+{
+        return physid_isset(bit, phys_cpu_present_map);
+}
+
+static void noop_vector_allocation_domain(int cpu, struct cpumask *retmask)
+{
+        if (cpu != 0)
+                pr_warning("APIC: Vector allocated for non-BSP cpu\n");
+        cpumask_clear(retmask);
+        cpumask_set_cpu(cpu, retmask);
+}
+
+int noop_apicid_to_node(int logical_apicid)
+{
+        /* we're always on node 0 */
+        return 0;
+}
+
+static u32 noop_apic_read(u32 reg)
+{
+        WARN_ON_ONCE((cpu_has_apic && !disable_apic));
+        return 0;
+}
+
+static void noop_apic_write(u32 reg, u32 v)
+{
+        WARN_ON_ONCE(cpu_has_apic && !disable_apic);
+}
+
+struct apic apic_noop = {
+        .name                           = "noop",
+        .probe                          = noop_probe,
+        .acpi_madt_oem_check            = NULL,
+
+        .apic_id_registered             = noop_apic_id_registered,
+
+        .irq_delivery_mode              = dest_LowestPrio,
+        /* logical delivery broadcast to all CPUs: */
+        .irq_dest_mode                  = 1,
+
+        .target_cpus                    = noop_target_cpus,
+        .disable_esr                    = 0,
+        .dest_logical                   = APIC_DEST_LOGICAL,
+        .check_apicid_used              = noop_check_apicid_used,
+        .check_apicid_present           = noop_check_apicid_present,
+
+        .vector_allocation_domain       = noop_vector_allocation_domain,
+        .init_apic_ldr                  = noop_init_apic_ldr,
+
+        .ioapic_phys_id_map             = default_ioapic_phys_id_map,
+        .setup_apic_routing             = NULL,
+        .multi_timer_check              = NULL,
+        .apicid_to_node                 = noop_apicid_to_node,
+
+        .cpu_to_logical_apicid          = noop_cpu_to_logical_apicid,
+        .cpu_present_to_apicid          = default_cpu_present_to_apicid,
+        .apicid_to_cpu_present          = physid_set_mask_of_physid,
+
+        .setup_portio_remap             = NULL,
+        .check_phys_apicid_present      = default_check_phys_apicid_present,
+        .enable_apic_mode               = NULL,
+
+        .phys_pkg_id                    = noop_phys_pkg_id,
+
+        .mps_oem_check                  = NULL,
+
+        .get_apic_id                    = noop_get_apic_id,
+        .set_apic_id                    = NULL,
+        .apic_id_mask                   = 0x0F << 24,
+
+        .cpu_mask_to_apicid             = default_cpu_mask_to_apicid,
+        .cpu_mask_to_apicid_and         = default_cpu_mask_to_apicid_and,
+
+        .send_IPI_mask                  = noop_send_IPI_mask,
+        .send_IPI_mask_allbutself       = noop_send_IPI_mask_allbutself,
+        .send_IPI_allbutself            = noop_send_IPI_allbutself,
+        .send_IPI_all                   = noop_send_IPI_all,
+        .send_IPI_self                  = noop_send_IPI_self,
+
+        .wakeup_secondary_cpu           = noop_wakeup_secondary_cpu,
+
+        /* should be safe */
+        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
+        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
+
+        .wait_for_init_deassert         = NULL,
+
+        .smp_callin_clear_local_apic    = NULL,
+        .inquire_remote_apic            = NULL,
+
+        .read                           = noop_apic_read,
+        .write                          = noop_apic_write,
+        .icr_read                       = noop_apic_icr_read,
+        .icr_write                      = noop_apic_icr_write,
+        .wait_icr_idle                  = noop_apic_wait_icr_idle,
+        .safe_wait_icr_idle             = noop_safe_apic_wait_icr_idle,
+};
diff --git a/arch/x86/kernel/apic/bigsmp_32.c b/arch/x86/kernel/apic/bigsmp_32.c
index 77a06413b6b2..cb804c5091b9 100644
--- a/arch/x86/kernel/apic/bigsmp_32.c
+++ b/arch/x86/kernel/apic/bigsmp_32.c
@@ -35,7 +35,7 @@ static const struct cpumask *bigsmp_target_cpus(void)
 #endif
 }
 
-static unsigned long bigsmp_check_apicid_used(physid_mask_t bitmap, int apicid)
+static unsigned long bigsmp_check_apicid_used(physid_mask_t *map, int apicid)
 {
         return 0;
 }
@@ -93,11 +93,6 @@ static int bigsmp_cpu_present_to_apicid(int mps_cpu)
         return BAD_APICID;
 }
 
-static physid_mask_t bigsmp_apicid_to_cpu_present(int phys_apicid)
-{
-        return physid_mask_of_physid(phys_apicid);
-}
-
 /* Mapping from cpu number to logical apicid */
 static inline int bigsmp_cpu_to_logical_apicid(int cpu)
 {
@@ -106,10 +101,10 @@ static inline int bigsmp_cpu_to_logical_apicid(int cpu)
         return cpu_physical_id(cpu);
 }
 
-static physid_mask_t bigsmp_ioapic_phys_id_map(physid_mask_t phys_map)
+static void bigsmp_ioapic_phys_id_map(physid_mask_t *phys_map, physid_mask_t *retmap)
 {
         /* For clustered we don't have a good way to do this yet - hack */
-        return physids_promote(0xFFL);
+        physids_promote(0xFFL, retmap);
 }
 
 static int bigsmp_check_phys_apicid_present(int phys_apicid)
@@ -136,10 +131,7 @@ static unsigned int bigsmp_cpu_mask_to_apicid_and(const struct cpumask *cpumask,
                 if (cpumask_test_cpu(cpu, cpu_online_mask))
                         break;
         }
-        if (cpu < nr_cpu_ids)
-                return bigsmp_cpu_to_logical_apicid(cpu);
-
-        return BAD_APICID;
+        return bigsmp_cpu_to_logical_apicid(cpu);
 }
 
 static int bigsmp_phys_pkg_id(int cpuid_apic, int index_msb)
@@ -230,7 +222,7 @@ struct apic apic_bigsmp = {
         .apicid_to_node                 = bigsmp_apicid_to_node,
         .cpu_to_logical_apicid          = bigsmp_cpu_to_logical_apicid,
         .cpu_present_to_apicid          = bigsmp_cpu_present_to_apicid,
-        .apicid_to_cpu_present          = bigsmp_apicid_to_cpu_present,
+        .apicid_to_cpu_present          = physid_set_mask_of_physid,
         .setup_portio_remap             = NULL,
         .check_phys_apicid_present      = bigsmp_check_phys_apicid_present,
         .enable_apic_mode               = NULL,
diff --git a/arch/x86/kernel/apic/es7000_32.c b/arch/x86/kernel/apic/es7000_32.c
index 89174f847b49..dd2b5f264643 100644
--- a/arch/x86/kernel/apic/es7000_32.c
+++ b/arch/x86/kernel/apic/es7000_32.c
@@ -27,6 +27,9 @@
  *
  * http://www.unisys.com
  */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/notifier.h>
 #include <linux/spinlock.h>
 #include <linux/cpumask.h>
@@ -223,9 +226,9 @@ static int parse_unisys_oem(char *oemptr)
                         mip_addr = val;
                         mip = (struct mip_reg *)val;
                         mip_reg = __va(mip);
-                        pr_debug("es7000_mipcfg: host_reg = 0x%lx \n",
+                        pr_debug("host_reg = 0x%lx\n",
                                  (unsigned long)host_reg);
-                        pr_debug("es7000_mipcfg: mip_reg = 0x%lx \n",
+                        pr_debug("mip_reg = 0x%lx\n",
                                  (unsigned long)mip_reg);
                         success++;
                         break;
@@ -401,7 +404,7 @@ static void es7000_enable_apic_mode(void)
         if (!es7000_plat)
                 return;
 
-        printk(KERN_INFO "ES7000: Enabling APIC mode.\n");
+        pr_info("Enabling APIC mode.\n");
         memset(&es7000_mip_reg, 0, sizeof(struct mip_reg));
         es7000_mip_reg.off_0x00 = MIP_SW_APIC;
         es7000_mip_reg.off_0x38 = MIP_VALID;
@@ -466,11 +469,11 @@ static const struct cpumask *es7000_target_cpus(void)
         return cpumask_of(smp_processor_id());
 }
 
-static unsigned long
-es7000_check_apicid_used(physid_mask_t bitmap, int apicid)
+static unsigned long es7000_check_apicid_used(physid_mask_t *map, int apicid)
 {
         return 0;
 }
+
 static unsigned long es7000_check_apicid_present(int bit)
 {
         return physid_isset(bit, phys_cpu_present_map);
@@ -514,8 +517,7 @@ static void es7000_setup_apic_routing(void)
 {
         int apic = per_cpu(x86_bios_cpu_apicid, smp_processor_id());
 
-        printk(KERN_INFO
-          "Enabling APIC mode:  %s. Using %d I/O APICs, target cpus %lx\n",
+        pr_info("Enabling APIC mode:  %s. Using %d I/O APICs, target cpus %lx\n",
                 (apic_version[apic] == 0x14) ?
                         "Physical Cluster" : "Logical Cluster",
                 nr_ioapics, cpumask_bits(es7000_target_cpus())[0]);
@@ -539,14 +541,10 @@ static int es7000_cpu_present_to_apicid(int mps_cpu)
 
 static int cpu_id;
 
-static physid_mask_t es7000_apicid_to_cpu_present(int phys_apicid)
+static void es7000_apicid_to_cpu_present(int phys_apicid, physid_mask_t *retmap)
 {
-        physid_mask_t mask;
-
-        mask = physid_mask_of_physid(cpu_id);
+        physid_set_mask_of_physid(cpu_id, retmap);
         ++cpu_id;
-
-        return mask;
 }
 
 /* Mapping from cpu number to logical apicid */
@@ -561,10 +559,10 @@ static int es7000_cpu_to_logical_apicid(int cpu)
 #endif
 }
 
-static physid_mask_t es7000_ioapic_phys_id_map(physid_mask_t phys_map)
+static void es7000_ioapic_phys_id_map(physid_mask_t *phys_map, physid_mask_t *retmap)
 {
         /* For clustered we don't have a good way to do this yet - hack */
-        return physids_promote(0xff);
+        physids_promote(0xFFL, retmap);
 }
 
 static int es7000_check_phys_apicid_present(int cpu_physical_apicid)
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index dc69f28489f5..de00c4619a55 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -60,8 +60,6 @@
 #include <asm/irq_remapping.h>
 #include <asm/hpet.h>
 #include <asm/hw_irq.h>
-#include <asm/uv/uv_hub.h>
-#include <asm/uv/uv_irq.h>
 
 #include <asm/apic.h>
 
@@ -140,20 +138,6 @@ static struct irq_pin_list *get_one_free_irq_2_pin(int node)
         return pin;
 }
 
-/*
- * This is performance-critical, we want to do it O(1)
- *
- * Most irqs are mapped 1:1 with pins.
- */
-struct irq_cfg {
-        struct irq_pin_list *irq_2_pin;
-        cpumask_var_t domain;
-        cpumask_var_t old_domain;
-        unsigned move_cleanup_count;
-        u8 vector;
-        u8 move_in_progress : 1;
-};
-
 /* irq_cfg is indexed by the sum of all RTEs in all I/O APICs. */
 #ifdef CONFIG_SPARSE_IRQ
 static struct irq_cfg irq_cfgx[] = {
@@ -209,7 +193,7 @@ int __init arch_early_irq_init(void)
 }
 
 #ifdef CONFIG_SPARSE_IRQ
-static struct irq_cfg *irq_cfg(unsigned int irq)
+struct irq_cfg *irq_cfg(unsigned int irq)
 {
         struct irq_cfg *cfg = NULL;
         struct irq_desc *desc;
@@ -361,7 +345,7 @@ void arch_free_chip_data(struct irq_desc *old_desc, struct irq_desc *desc)
 /* end for move_irq_desc */
 
 #else
-static struct irq_cfg *irq_cfg(unsigned int irq)
+struct irq_cfg *irq_cfg(unsigned int irq)
 {
         return irq < nr_irqs ? irq_cfgx + irq : NULL;
 }
@@ -555,23 +539,41 @@ static void __init replace_pin_at_irq_node(struct irq_cfg *cfg, int node,
         add_pin_to_irq_node(cfg, node, newapic, newpin);
 }
 
+static void __io_apic_modify_irq(struct irq_pin_list *entry,
+                                 int mask_and, int mask_or,
+                                 void (*final)(struct irq_pin_list *entry))
+{
+        unsigned int reg, pin;
+
+        pin = entry->pin;
+        reg = io_apic_read(entry->apic, 0x10 + pin * 2);
+        reg &= mask_and;
+        reg |= mask_or;
+        io_apic_modify(entry->apic, 0x10 + pin * 2, reg);
+        if (final)
+                final(entry);
+}
+
 static void io_apic_modify_irq(struct irq_cfg *cfg,
                                int mask_and, int mask_or,
                                void (*final)(struct irq_pin_list *entry))
 {
-        int pin;
         struct irq_pin_list *entry;
 
-        for_each_irq_pin(entry, cfg->irq_2_pin) {
-                unsigned int reg;
-                pin = entry->pin;
-                reg = io_apic_read(entry->apic, 0x10 + pin * 2);
-                reg &= mask_and;
-                reg |= mask_or;
-                io_apic_modify(entry->apic, 0x10 + pin * 2, reg);
-                if (final)
-                        final(entry);
-        }
+        for_each_irq_pin(entry, cfg->irq_2_pin)
+                __io_apic_modify_irq(entry, mask_and, mask_or, final);
+}
+
+static void __mask_and_edge_IO_APIC_irq(struct irq_pin_list *entry)
+{
+        __io_apic_modify_irq(entry, ~IO_APIC_REDIR_LEVEL_TRIGGER,
+                             IO_APIC_REDIR_MASKED, NULL);
+}
+
+static void __unmask_and_level_IO_APIC_irq(struct irq_pin_list *entry)
+{
+        __io_apic_modify_irq(entry, ~IO_APIC_REDIR_MASKED,
+                             IO_APIC_REDIR_LEVEL_TRIGGER, NULL);
 }
 
 static void __unmask_IO_APIC_irq(struct irq_cfg *cfg)
@@ -595,18 +597,6 @@ static void __mask_IO_APIC_irq(struct irq_cfg *cfg)
         io_apic_modify_irq(cfg, ~0, IO_APIC_REDIR_MASKED, &io_apic_sync);
 }
 
-static void __mask_and_edge_IO_APIC_irq(struct irq_cfg *cfg)
-{
-        io_apic_modify_irq(cfg, ~IO_APIC_REDIR_LEVEL_TRIGGER,
-                        IO_APIC_REDIR_MASKED, NULL);
-}
-
-static void __unmask_and_level_IO_APIC_irq(struct irq_cfg *cfg)
-{
-        io_apic_modify_irq(cfg, ~IO_APIC_REDIR_MASKED,
-                        IO_APIC_REDIR_LEVEL_TRIGGER, NULL);
-}
-
 static void mask_IO_APIC_irq_desc(struct irq_desc *desc)
 {
         struct irq_cfg *cfg = desc->chip_data;
@@ -1177,7 +1167,7 @@ __assign_irq_vector(int irq, struct irq_cfg *cfg, const struct cpumask *mask)
         int cpu, err;
         cpumask_var_t tmp_mask;
 
-        if ((cfg->move_in_progress) || cfg->move_cleanup_count)
+        if (cfg->move_in_progress)
                 return -EBUSY;
 
         if (!alloc_cpumask_var(&tmp_mask, GFP_ATOMIC))
@@ -1237,8 +1227,7 @@ next:
         return err;
 }
 
-static int
-assign_irq_vector(int irq, struct irq_cfg *cfg, const struct cpumask *mask)
+int assign_irq_vector(int irq, struct irq_cfg *cfg, const struct cpumask *mask)
 {
         int err;
         unsigned long flags;
@@ -1599,9 +1588,6 @@ __apicdebuginit(void) print_IO_APIC(void)
         struct irq_desc *desc;
         unsigned int irq;
 
-        if (apic_verbosity == APIC_QUIET)
-                return;
-
         printk(KERN_DEBUG "number of MP IRQ sources: %d.\n", mp_irq_entries);
         for (i = 0; i < nr_ioapics; i++)
                 printk(KERN_DEBUG "number of IO-APIC #%d registers: %d.\n",
@@ -1708,9 +1694,6 @@ __apicdebuginit(void) print_APIC_field(int base)
 {
         int i;
 
-        if (apic_verbosity == APIC_QUIET)
-                return;
-
         printk(KERN_DEBUG);
 
         for (i = 0; i < 8; i++)
@@ -1724,9 +1707,6 @@ __apicdebuginit(void) print_local_APIC(void *dummy)
         unsigned int i, v, ver, maxlvt;
         u64 icr;
 
-        if (apic_verbosity == APIC_QUIET)
-                return;
-
         printk(KERN_DEBUG "printing local APIC contents on CPU#%d/%d:\n",
                 smp_processor_id(), hard_smp_processor_id());
         v = apic_read(APIC_ID);
@@ -1824,13 +1804,19 @@ __apicdebuginit(void) print_local_APIC(void *dummy)
         printk("\n");
 }
 
-__apicdebuginit(void) print_all_local_APICs(void)
+__apicdebuginit(void) print_local_APICs(int maxcpu)
 {
         int cpu;
 
+        if (!maxcpu)
+                return;
+
         preempt_disable();
-        for_each_online_cpu(cpu)
+        for_each_online_cpu(cpu) {
+                if (cpu >= maxcpu)
+                        break;
                 smp_call_function_single(cpu, print_local_APIC, NULL, 1);
+        }
         preempt_enable();
 }
 
@@ -1839,7 +1825,7 @@ __apicdebuginit(void) print_PIC(void)
         unsigned int v;
         unsigned long flags;
 
-        if (apic_verbosity == APIC_QUIET || !nr_legacy_irqs)
+        if (!nr_legacy_irqs)
                 return;
 
         printk(KERN_DEBUG "\nprinting PIC contents\n");
@@ -1866,21 +1852,41 @@ __apicdebuginit(void) print_PIC(void)
         printk(KERN_DEBUG "... PIC ELCR: %04x\n", v);
 }
 
-__apicdebuginit(int) print_all_ICs(void)
+static int __initdata show_lapic = 1;
+static __init int setup_show_lapic(char *arg)
+{
+        int num = -1;
+
+        if (strcmp(arg, "all") == 0) {
+                show_lapic = CONFIG_NR_CPUS;
+        } else {
+                get_option(&arg, &num);
+                if (num >= 0)
+                        show_lapic = num;
+        }
+
+        return 1;
+}
+__setup("show_lapic=", setup_show_lapic);
+
+__apicdebuginit(int) print_ICs(void)
 {
+        if (apic_verbosity == APIC_QUIET)
+                return 0;
+
         print_PIC();
 
         /* don't print out if apic is not there */
         if (!cpu_has_apic && !apic_from_smp_config())
                 return 0;
 
-        print_all_local_APICs();
+        print_local_APICs(show_lapic);
         print_IO_APIC();
 
         return 0;
 }
 
-fs_initcall(print_all_ICs);
+fs_initcall(print_ICs);
 
 
 /* Where if anywhere is the i8259 connect in external int mode */
@@ -2031,7 +2037,7 @@ void __init setup_ioapic_ids_from_mpc(void)
          * This is broken; anything with a real cpu count has to
          * circumvent this idiocy regardless.
          */
-        phys_id_present_map = apic->ioapic_phys_id_map(phys_cpu_present_map);
+        apic->ioapic_phys_id_map(&phys_cpu_present_map, &phys_id_present_map);
 
         /*
          * Set the IOAPIC ID to the value stored in the MPC table.
@@ -2058,7 +2064,7 @@ void __init setup_ioapic_ids_from_mpc(void)
                  * system must have a unique ID or we get lots of nice
                  * 'stuck on smp_invalidate_needed IPI wait' messages.
                  */
-                if (apic->check_apicid_used(phys_id_present_map,
+                if (apic->check_apicid_used(&phys_id_present_map,
                                         mp_ioapics[apic_id].apicid)) {
                         printk(KERN_ERR "BIOS bug, IO-APIC#%d ID %d is already used!...\n",
                                 apic_id, mp_ioapics[apic_id].apicid);
@@ -2073,7 +2079,7 @@ void __init setup_ioapic_ids_from_mpc(void)
                         mp_ioapics[apic_id].apicid = i;
                 } else {
                         physid_mask_t tmp;
-                        tmp = apic->apicid_to_cpu_present(mp_ioapics[apic_id].apicid);
+                        apic->apicid_to_cpu_present(mp_ioapics[apic_id].apicid, &tmp);
                         apic_printk(APIC_VERBOSE, "Setting %d in the "
                                         "phys_id_present_map\n",
                                         mp_ioapics[apic_id].apicid);
@@ -2228,20 +2234,16 @@ static int ioapic_retrigger_irq(unsigned int irq)
  */
 
 #ifdef CONFIG_SMP
-static void send_cleanup_vector(struct irq_cfg *cfg)
+void send_cleanup_vector(struct irq_cfg *cfg)
 {
         cpumask_var_t cleanup_mask;
 
         if (unlikely(!alloc_cpumask_var(&cleanup_mask, GFP_ATOMIC))) {
                 unsigned int i;
-                cfg->move_cleanup_count = 0;
-                for_each_cpu_and(i, cfg->old_domain, cpu_online_mask)
-                        cfg->move_cleanup_count++;
                 for_each_cpu_and(i, cfg->old_domain, cpu_online_mask)
                         apic->send_IPI_mask(cpumask_of(i), IRQ_MOVE_CLEANUP_VECTOR);
         } else {
                 cpumask_and(cleanup_mask, cfg->old_domain, cpu_online_mask);
-                cfg->move_cleanup_count = cpumask_weight(cleanup_mask);
                 apic->send_IPI_mask(cleanup_mask, IRQ_MOVE_CLEANUP_VECTOR);
                 free_cpumask_var(cleanup_mask);
         }
@@ -2272,31 +2274,30 @@ static void __target_IO_APIC_irq(unsigned int irq, unsigned int dest, struct irq
         }
 }
 
-static int
-assign_irq_vector(int irq, struct irq_cfg *cfg, const struct cpumask *mask);
-
 /*
  * Either sets desc->affinity to a valid value, and returns
- * ->cpu_mask_to_apicid of that, or returns BAD_APICID and
+ * ->cpu_mask_to_apicid of that in dest_id, or returns -1 and
  * leaves desc->affinity untouched.
  */
-static unsigned int
-set_desc_affinity(struct irq_desc *desc, const struct cpumask *mask)
+unsigned int
+set_desc_affinity(struct irq_desc *desc, const struct cpumask *mask,
+                  unsigned int *dest_id)
 {
         struct irq_cfg *cfg;
         unsigned int irq;
 
         if (!cpumask_intersects(mask, cpu_online_mask))
-                return BAD_APICID;
+                return -1;
 
         irq = desc->irq;
         cfg = desc->chip_data;
         if (assign_irq_vector(irq, cfg, mask))
-                return BAD_APICID;
+                return -1;
 
         cpumask_copy(desc->affinity, mask);
 
-        return apic->cpu_mask_to_apicid_and(desc->affinity, cfg->domain);
+        *dest_id = apic->cpu_mask_to_apicid_and(desc->affinity, cfg->domain);
+        return 0;
 }
 
 static int
@@ -2312,12 +2313,11 @@ set_ioapic_affinity_irq_desc(struct irq_desc *desc, const struct cpumask *mask)
         cfg = desc->chip_data;
 
         spin_lock_irqsave(&ioapic_lock, flags);
-        dest = set_desc_affinity(desc, mask);
-        if (dest != BAD_APICID) {
+        ret = set_desc_affinity(desc, mask, &dest);
+        if (!ret) {
                 /* Only the high 8 bits are valid. */
                 dest = SET_APIC_LOGICAL_ID(dest);
                 __target_IO_APIC_irq(irq, dest, cfg);
-                ret = 0;
         }
         spin_unlock_irqrestore(&ioapic_lock, flags);
 
@@ -2432,9 +2432,7 @@ asmlinkage void smp_irq_move_cleanup_interrupt(void)
                         continue;
 
                 cfg = irq_cfg(irq);
-                spin_lock(&desc->lock);
-                if (!cfg->move_cleanup_count)
-                        goto unlock;
+                raw_spin_lock(&desc->lock);
 
                 if (vector == cfg->vector && cpumask_test_cpu(me, cfg->domain))
                         goto unlock;
@@ -2452,29 +2450,40 @@ asmlinkage void smp_irq_move_cleanup_interrupt(void)
                         goto unlock;
                 }
                 __get_cpu_var(vector_irq)[vector] = -1;
-                cfg->move_cleanup_count--;
 unlock:
-                spin_unlock(&desc->lock);
+                raw_spin_unlock(&desc->lock);
         }
 
         irq_exit();
 }
 
-static void irq_complete_move(struct irq_desc **descp)
+static void __irq_complete_move(struct irq_desc **descp, unsigned vector)
 {
         struct irq_desc *desc = *descp;
         struct irq_cfg *cfg = desc->chip_data;
-        unsigned vector, me;
+        unsigned me;
 
         if (likely(!cfg->move_in_progress))
                 return;
 
-        vector = ~get_irq_regs()->orig_ax;
         me = smp_processor_id();
 
         if (vector == cfg->vector && cpumask_test_cpu(me, cfg->domain))
                 send_cleanup_vector(cfg);
 }
+
+static void irq_complete_move(struct irq_desc **descp)
+{
+        __irq_complete_move(descp, ~get_irq_regs()->orig_ax);
+}
+
+void irq_force_complete_move(int irq)
+{
+        struct irq_desc *desc = irq_to_desc(irq);
+        struct irq_cfg *cfg = desc->chip_data;
+
+        __irq_complete_move(&desc, cfg->vector);
+}
 #else
 static inline void irq_complete_move(struct irq_desc **descp) {}
 #endif
@@ -2490,6 +2499,59 @@ static void ack_apic_edge(unsigned int irq)
 
 atomic_t irq_mis_count;
 
+/*
+ * IO-APIC versions below 0x20 don't support EOI register.
+ * For the record, here is the information about various versions:
+ *     0Xh     82489DX
+ *     1Xh     I/OAPIC or I/O(x)APIC which are not PCI 2.2 Compliant
+ *     2Xh     I/O(x)APIC which is PCI 2.2 Compliant
+ *     30h-FFh Reserved
+ *
+ * Some of the Intel ICH Specs (ICH2 to ICH5) documents the io-apic
+ * version as 0x2. This is an error with documentation and these ICH chips
+ * use io-apic's of version 0x20.
+ *
+ * For IO-APIC's with EOI register, we use that to do an explicit EOI.
+ * Otherwise, we simulate the EOI message manually by changing the trigger
+ * mode to edge and then back to level, with RTE being masked during this.
+*/
+static void __eoi_ioapic_irq(unsigned int irq, struct irq_cfg *cfg)
+{
+        struct irq_pin_list *entry;
+
+        for_each_irq_pin(entry, cfg->irq_2_pin) {
+                if (mp_ioapics[entry->apic].apicver >= 0x20) {
+                        /*
+                         * Intr-remapping uses pin number as the virtual vector
+                         * in the RTE. Actual vector is programmed in
+                         * intr-remapping table entry. Hence for the io-apic
+                         * EOI we use the pin number.
+                         */
+                        if (irq_remapped(irq))
+                                io_apic_eoi(entry->apic, entry->pin);
+                        else
+                                io_apic_eoi(entry->apic, cfg->vector);
+                } else {
+                        __mask_and_edge_IO_APIC_irq(entry);
+                        __unmask_and_level_IO_APIC_irq(entry);
+                }
+        }
+}
+
+static void eoi_ioapic_irq(struct irq_desc *desc)
+{
+        struct irq_cfg *cfg;
+        unsigned long flags;
+        unsigned int irq;
+
+        irq = desc->irq;
+        cfg = desc->chip_data;
+
+        spin_lock_irqsave(&ioapic_lock, flags);
+        __eoi_ioapic_irq(irq, cfg);
+        spin_unlock_irqrestore(&ioapic_lock, flags);
+}
+
 static void ack_apic_level(unsigned int irq)
 {
         struct irq_desc *desc = irq_to_desc(irq);
@@ -2525,6 +2587,19 @@ static void ack_apic_level(unsigned int irq)
          * level-triggered interrupt.  We mask the source for the time of the
          * operation to prevent an edge-triggered interrupt escaping meanwhile.
          * The idea is from Manfred Spraul.  --macro
+         *
+         * Also in the case when cpu goes offline, fixup_irqs() will forward
+         * any unhandled interrupt on the offlined cpu to the new cpu
+         * destination that is handling the corresponding interrupt. This
+         * interrupt forwarding is done via IPI's. Hence, in this case also
+         * level-triggered io-apic interrupt will be seen as an edge
+         * interrupt in the IRR. And we can't rely on the cpu's EOI
+         * to be broadcasted to the IO-APIC's which will clear the remoteIRR
+         * corresponding to the level-triggered interrupt. Hence on IO-APIC's
+         * supporting EOI register, we do an explicit EOI to clear the
+         * remote IRR and on IO-APIC's which don't have an EOI register,
+         * we use the above logic (mask+edge followed by unmask+level) from
+         * Manfred Spraul to clear the remote IRR.
          */
         cfg = desc->chip_data;
         i = cfg->vector;
@@ -2536,6 +2611,19 @@ static void ack_apic_level(unsigned int irq)
          */
         ack_APIC_irq();
 
+        /*
+         * Tail end of clearing remote IRR bit (either by delivering the EOI
+         * message via io-apic EOI register write or simulating it using
+         * mask+edge followed by unnask+level logic) manually when the
+         * level triggered interrupt is seen as the edge triggered interrupt
+         * at the cpu.
+         */
+        if (!(v & (1 << (i & 0x1f)))) {
+                atomic_inc(&irq_mis_count);
+
+                eoi_ioapic_irq(desc);
+        }
+
         /* Now we can move and renable the irq */
         if (unlikely(do_unmask_irq)) {
                 /* Only migrate the irq if the ack has been received.
@@ -2569,41 +2657,9 @@ static void ack_apic_level(unsigned int irq)
                         move_masked_irq(irq);
                 unmask_IO_APIC_irq_desc(desc);
         }
-
-        /* Tail end of version 0x11 I/O APIC bug workaround */
-        if (!(v & (1 << (i & 0x1f)))) {
-                atomic_inc(&irq_mis_count);
-                spin_lock(&ioapic_lock);
-                __mask_and_edge_IO_APIC_irq(cfg);
-                __unmask_and_level_IO_APIC_irq(cfg);
-                spin_unlock(&ioapic_lock);
-        }
 }
 
 #ifdef CONFIG_INTR_REMAP
-static void __eoi_ioapic_irq(unsigned int irq, struct irq_cfg *cfg)
-{
-        struct irq_pin_list *entry;
-
-        for_each_irq_pin(entry, cfg->irq_2_pin)
-                io_apic_eoi(entry->apic, entry->pin);
-}
-
-static void
-eoi_ioapic_irq(struct irq_desc *desc)
-{
-        struct irq_cfg *cfg;
-        unsigned long flags;
-        unsigned int irq;
-
-        irq = desc->irq;
-        cfg = desc->chip_data;
-
-        spin_lock_irqsave(&ioapic_lock, flags);
-        __eoi_ioapic_irq(irq, cfg);
-        spin_unlock_irqrestore(&ioapic_lock, flags);
-}
-
 static void ir_ack_apic_edge(unsigned int irq)
 {
         ack_APIC_irq();
@@ -3157,6 +3213,7 @@ unsigned int create_irq_nr(unsigned int irq_want, int node)
                         continue;
 
                 desc_new = move_irq_desc(desc_new, node);
+                cfg_new = desc_new->chip_data;
 
                 if (__assign_irq_vector(new, cfg_new, apic->target_cpus()) == 0)
                         irq = new;
@@ -3211,7 +3268,8 @@ void destroy_irq(unsigned int irq)
  * MSI message composition
  */
 #ifdef CONFIG_PCI_MSI
-static int msi_compose_msg(struct pci_dev *pdev, unsigned int irq, struct msi_msg *msg)
+static int msi_compose_msg(struct pci_dev *pdev, unsigned int irq,
+                           struct msi_msg *msg, u8 hpet_id)
 {
         struct irq_cfg *cfg;
         int err;
@@ -3245,7 +3303,10 @@ static int msi_compose_msg(struct pci_dev *pdev, unsigned int irq, struct msi_ms
                 irte.dest_id = IRTE_DEST(dest);
 
                 /* Set source-id of interrupt request */
-                set_msi_sid(&irte, pdev);
+                if (pdev)
+                        set_msi_sid(&irte, pdev);
+                else
+                        set_hpet_sid(&irte, hpet_id);
 
                 modify_irte(irq, &irte);
 
@@ -3291,8 +3352,7 @@ static int set_msi_irq_affinity(unsigned int irq, const struct cpumask *mask)
         struct msi_msg msg;
         unsigned int dest;
 
-        dest = set_desc_affinity(desc, mask);
-        if (dest == BAD_APICID)
+        if (set_desc_affinity(desc, mask, &dest))
                 return -1;
 
         cfg = desc->chip_data;
@@ -3324,8 +3384,7 @@ ir_set_msi_irq_affinity(unsigned int irq, const struct cpumask *mask)
         if (get_irte(irq, &irte))
                 return -1;
 
-        dest = set_desc_affinity(desc, mask);
-        if (dest == BAD_APICID)
+        if (set_desc_affinity(desc, mask, &dest))
                 return -1;
 
         irte.vector = cfg->vector;
@@ -3410,7 +3469,7 @@ static int setup_msi_irq(struct pci_dev *dev, struct msi_desc *msidesc, int irq)
         int ret;
         struct msi_msg msg;
 
-        ret = msi_compose_msg(dev, irq, &msg);
+        ret = msi_compose_msg(dev, irq, &msg, -1);
         if (ret < 0)
                 return ret;
 
@@ -3507,8 +3566,7 @@ static int dmar_msi_set_affinity(unsigned int irq, const struct cpumask *mask)
         struct msi_msg msg;
         unsigned int dest;
 
-        dest = set_desc_affinity(desc, mask);
-        if (dest == BAD_APICID)
+        if (set_desc_affinity(desc, mask, &dest))
                 return -1;
 
         cfg = desc->chip_data;
@@ -3543,7 +3601,7 @@ int arch_setup_dmar_msi(unsigned int irq)
         int ret;
         struct msi_msg msg;
 
-        ret = msi_compose_msg(NULL, irq, &msg);
+        ret = msi_compose_msg(NULL, irq, &msg, -1);
         if (ret < 0)
                 return ret;
         dmar_msi_write(irq, &msg);
@@ -3563,8 +3621,7 @@ static int hpet_msi_set_affinity(unsigned int irq, const struct cpumask *mask)
         struct msi_msg msg;
         unsigned int dest;
 
-        dest = set_desc_affinity(desc, mask);
-        if (dest == BAD_APICID)
+        if (set_desc_affinity(desc, mask, &dest))
                 return -1;
 
         cfg = desc->chip_data;
@@ -3583,6 +3640,19 @@ static int hpet_msi_set_affinity(unsigned int irq, const struct cpumask *mask)
 
 #endif /* CONFIG_SMP */
 
+static struct irq_chip ir_hpet_msi_type = {
+        .name = "IR-HPET_MSI",
+        .unmask = hpet_msi_unmask,
+        .mask = hpet_msi_mask,
+#ifdef CONFIG_INTR_REMAP
+        .ack = ir_ack_apic_edge,
+#ifdef CONFIG_SMP
+        .set_affinity = ir_set_msi_irq_affinity,
+#endif
+#endif
+        .retrigger = ioapic_retrigger_irq,
+};
+
 static struct irq_chip hpet_msi_type = {
         .name = "HPET_MSI",
         .unmask = hpet_msi_unmask,
@@ -3594,20 +3664,36 @@ static struct irq_chip hpet_msi_type = {
         .retrigger = ioapic_retrigger_irq,
 };
 
-int arch_setup_hpet_msi(unsigned int irq)
+int arch_setup_hpet_msi(unsigned int irq, unsigned int id)
 {
         int ret;
         struct msi_msg msg;
         struct irq_desc *desc = irq_to_desc(irq);
 
-        ret = msi_compose_msg(NULL, irq, &msg);
+        if (intr_remapping_enabled) {
+                struct intel_iommu *iommu = map_hpet_to_ir(id);
+                int index;
+
+                if (!iommu)
+                        return -1;
+
+                index = alloc_irte(iommu, irq, 1);
+                if (index < 0)
+                        return -1;
+        }
+
+        ret = msi_compose_msg(NULL, irq, &msg, id);
         if (ret < 0)
                 return ret;
 
         hpet_msi_write(irq, &msg);
         desc->status |= IRQ_MOVE_PCNTXT;
-        set_irq_chip_and_handler_name(irq, &hpet_msi_type, handle_edge_irq,
-                "edge");
+        if (irq_remapped(irq))
+                set_irq_chip_and_handler_name(irq, &ir_hpet_msi_type,
+                                              handle_edge_irq, "edge");
+        else
+                set_irq_chip_and_handler_name(irq, &hpet_msi_type,
+                                              handle_edge_irq, "edge");
 
         return 0;
 }
@@ -3641,8 +3727,7 @@ static int set_ht_irq_affinity(unsigned int irq, const struct cpumask *mask)
         struct irq_cfg *cfg;
         unsigned int dest;
 
-        dest = set_desc_affinity(desc, mask);
-        if (dest == BAD_APICID)
+        if (set_desc_affinity(desc, mask, &dest))
                 return -1;
 
         cfg = desc->chip_data;
@@ -3708,75 +3793,6 @@ int arch_setup_ht_irq(unsigned int irq, struct pci_dev *dev)
 }
 #endif /* CONFIG_HT_IRQ */
 
-#ifdef CONFIG_X86_UV
-/*
- * Re-target the irq to the specified CPU and enable the specified MMR located
- * on the specified blade to allow the sending of MSIs to the specified CPU.
- */
-int arch_enable_uv_irq(char *irq_name, unsigned int irq, int cpu, int mmr_blade,
-                       unsigned long mmr_offset)
-{
-        const struct cpumask *eligible_cpu = cpumask_of(cpu);
-        struct irq_cfg *cfg;
-        int mmr_pnode;
-        unsigned long mmr_value;
-        struct uv_IO_APIC_route_entry *entry;
-        unsigned long flags;
-        int err;
-
-        BUILD_BUG_ON(sizeof(struct uv_IO_APIC_route_entry) != sizeof(unsigned long));
-
-        cfg = irq_cfg(irq);
-
-        err = assign_irq_vector(irq, cfg, eligible_cpu);
-        if (err != 0)
-                return err;
-
-        spin_lock_irqsave(&vector_lock, flags);
-        set_irq_chip_and_handler_name(irq, &uv_irq_chip, handle_percpu_irq,
-                                      irq_name);
-        spin_unlock_irqrestore(&vector_lock, flags);
-
-        mmr_value = 0;
-        entry = (struct uv_IO_APIC_route_entry *)&mmr_value;
-        entry->vector           = cfg->vector;
-        entry->delivery_mode    = apic->irq_delivery_mode;
-        entry->dest_mode        = apic->irq_dest_mode;
-        entry->polarity         = 0;
-        entry->trigger          = 0;
-        entry->mask             = 0;
-        entry->dest             = apic->cpu_mask_to_apicid(eligible_cpu);
-
-        mmr_pnode = uv_blade_to_pnode(mmr_blade);
-        uv_write_global_mmr64(mmr_pnode, mmr_offset, mmr_value);
-
-        if (cfg->move_in_progress)
-                send_cleanup_vector(cfg);
-
-        return irq;
-}
-
-/*
- * Disable the specified MMR located on the specified blade so that MSIs are
- * longer allowed to be sent.
- */
-void arch_disable_uv_irq(int mmr_blade, unsigned long mmr_offset)
-{
-        unsigned long mmr_value;
-        struct uv_IO_APIC_route_entry *entry;
-        int mmr_pnode;
-
-        BUILD_BUG_ON(sizeof(struct uv_IO_APIC_route_entry) != sizeof(unsigned long));
-
-        mmr_value = 0;
-        entry = (struct uv_IO_APIC_route_entry *)&mmr_value;
-        entry->mask = 1;
-
-        mmr_pnode = uv_blade_to_pnode(mmr_blade);
-        uv_write_global_mmr64(mmr_pnode, mmr_offset, mmr_value);
-}
-#endif /* CONFIG_X86_64 */
-
 int __init io_apic_get_redir_entries (int ioapic)
 {
         union IO_APIC_reg_01    reg_01;
@@ -3944,7 +3960,7 @@ int __init io_apic_get_unique_id(int ioapic, int apic_id)
          */
 
         if (physids_empty(apic_id_map))
-                apic_id_map = apic->ioapic_phys_id_map(phys_cpu_present_map);
+                apic->ioapic_phys_id_map(&phys_cpu_present_map, &apic_id_map);
 
         spin_lock_irqsave(&ioapic_lock, flags);
         reg_00.raw = io_apic_read(ioapic, 0);
@@ -3960,10 +3976,10 @@ int __init io_apic_get_unique_id(int ioapic, int apic_id)
          * Every APIC in a system must have a unique ID or we get lots of nice
          * 'stuck on smp_invalidate_needed IPI wait' messages.
          */
-        if (apic->check_apicid_used(apic_id_map, apic_id)) {
+        if (apic->check_apicid_used(&apic_id_map, apic_id)) {
 
                 for (i = 0; i < get_physical_broadcast(); i++) {
-                        if (!apic->check_apicid_used(apic_id_map, i))
+                        if (!apic->check_apicid_used(&apic_id_map, i))
                                 break;
                 }
 
@@ -3976,7 +3992,7 @@ int __init io_apic_get_unique_id(int ioapic, int apic_id)
                 apic_id = i;
         }
 
-        tmp = apic->apicid_to_cpu_present(apic_id);
+        apic->apicid_to_cpu_present(apic_id, &tmp);
         physids_or(apic_id_map, apic_id_map, tmp);
 
         if (reg_00.bits.ID != apic_id) {
@@ -4106,7 +4122,7 @@ static struct resource * __init ioapic_setup_resources(int nr_ioapics)
         for (i = 0; i < nr_ioapics; i++) {
                 res[i].name = mem;
                 res[i].flags = IORESOURCE_MEM | IORESOURCE_BUSY;
-                sprintf(mem,  "IOAPIC %u", i);
+                snprintf(mem, IOAPIC_RESOURCE_NAME_SIZE, "IOAPIC %u", i);
                 mem += IOAPIC_RESOURCE_NAME_SIZE;
         }
 
@@ -4140,18 +4156,17 @@ void __init ioapic_init_mappings(void)
 #ifdef CONFIG_X86_32
 fake_ioapic_page:
 #endif
-                        ioapic_phys = (unsigned long)
-                                alloc_bootmem_pages(PAGE_SIZE);
+                        ioapic_phys = (unsigned long)alloc_bootmem_pages(PAGE_SIZE);
                         ioapic_phys = __pa(ioapic_phys);
                 }
                 set_fixmap_nocache(idx, ioapic_phys);
-                apic_printk(APIC_VERBOSE,
-                            "mapped IOAPIC to %08lx (%08lx)\n",
-                            __fix_to_virt(idx), ioapic_phys);
+                apic_printk(APIC_VERBOSE, "mapped IOAPIC to %08lx (%08lx)\n",
+                        __fix_to_virt(idx) + (ioapic_phys & ~PAGE_MASK),
+                        ioapic_phys);
                 idx++;
 
                 ioapic_res->start = ioapic_phys;
-                ioapic_res->end = ioapic_phys + (4 * 1024) - 1;
+                ioapic_res->end = ioapic_phys + IO_APIC_SLOT_SIZE - 1;
                 ioapic_res++;
         }
 }
diff --git a/arch/x86/kernel/apic/nmi.c b/arch/x86/kernel/apic/nmi.c
index 45404379d173..4ada42c3dabb 100644
--- a/arch/x86/kernel/apic/nmi.c
+++ b/arch/x86/kernel/apic/nmi.c
@@ -39,7 +39,8 @@
 int unknown_nmi_panic;
 int nmi_watchdog_enabled;
 
-static cpumask_t backtrace_mask __read_mostly;
+/* For reliability, we're prepared to waste bits here. */
+static DECLARE_BITMAP(backtrace_mask, NR_CPUS) __read_mostly;
 
 /* nmi_active:
  * >0: the lapic NMI watchdog is active, but can be disabled
@@ -414,7 +415,7 @@ nmi_watchdog_tick(struct pt_regs *regs, unsigned reason)
         }
 
         /* We can be called before check_nmi_watchdog, hence NULL check. */
-        if (cpumask_test_cpu(cpu, &backtrace_mask)) {
+        if (cpumask_test_cpu(cpu, to_cpumask(backtrace_mask))) {
                 static DEFINE_SPINLOCK(lock);   /* Serialise the printks */
 
                 spin_lock(&lock);
@@ -422,7 +423,7 @@ nmi_watchdog_tick(struct pt_regs *regs, unsigned reason)
                 show_regs(regs);
                 dump_stack();
                 spin_unlock(&lock);
-                cpumask_clear_cpu(cpu, &backtrace_mask);
+                cpumask_clear_cpu(cpu, to_cpumask(backtrace_mask));
 
                 rc = 1;
         }
@@ -558,14 +559,14 @@ void arch_trigger_all_cpu_backtrace(void)
 {
         int i;
 
-        cpumask_copy(&backtrace_mask, cpu_online_mask);
+        cpumask_copy(to_cpumask(backtrace_mask), cpu_online_mask);
 
         printk(KERN_INFO "sending NMI to all CPUs:\n");
         apic->send_IPI_all(NMI_VECTOR);
 
         /* Wait for up to 10 seconds for all CPUs to do the backtrace */
         for (i = 0; i < 10 * 1000; i++) {
-                if (cpumask_empty(&backtrace_mask))
+                if (cpumask_empty(to_cpumask(backtrace_mask)))
                         break;
                 mdelay(1);
         }
diff --git a/arch/x86/kernel/apic/numaq_32.c b/arch/x86/kernel/apic/numaq_32.c
index efa00e2b8505..98c4665f251c 100644
--- a/arch/x86/kernel/apic/numaq_32.c
+++ b/arch/x86/kernel/apic/numaq_32.c
@@ -264,11 +264,6 @@ static void __init smp_read_mpc_oem(struct mpc_table *mpc)
 static __init void early_check_numaq(void)
 {
         /*
-         * Find possible boot-time SMP configuration:
-         */
-        early_find_smp_config();
-
-        /*
          * get boot-time SMP configuration:
          */
         if (smp_found_config)
@@ -334,10 +329,9 @@ static inline const struct cpumask *numaq_target_cpus(void)
         return cpu_all_mask;
 }
 
-static inline unsigned long
-numaq_check_apicid_used(physid_mask_t bitmap, int apicid)
+static unsigned long numaq_check_apicid_used(physid_mask_t *map, int apicid)
 {
-        return physid_isset(apicid, bitmap);
+        return physid_isset(apicid, *map);
 }
 
 static inline unsigned long numaq_check_apicid_present(int bit)
@@ -371,10 +365,10 @@ static inline int numaq_multi_timer_check(int apic, int irq)
         return apic != 0 && irq == 0;
 }
 
-static inline physid_mask_t numaq_ioapic_phys_id_map(physid_mask_t phys_map)
+static inline void numaq_ioapic_phys_id_map(physid_mask_t *phys_map, physid_mask_t *retmap)
 {
         /* We don't have a good way to do this yet - hack */
-        return physids_promote(0xFUL);
+        return physids_promote(0xFUL, retmap);
 }
 
 static inline int numaq_cpu_to_logical_apicid(int cpu)
@@ -402,12 +396,12 @@ static inline int numaq_apicid_to_node(int logical_apicid)
         return logical_apicid >> 4;
 }
 
-static inline physid_mask_t numaq_apicid_to_cpu_present(int logical_apicid)
+static void numaq_apicid_to_cpu_present(int logical_apicid, physid_mask_t *retmap)
 {
         int node = numaq_apicid_to_node(logical_apicid);
         int cpu = __ffs(logical_apicid & 0xf);
 
-        return physid_mask_of_physid(cpu + 4*node);
+        physid_set_mask_of_physid(cpu + 4*node, retmap);
 }
 
 /* Where the IO area was mapped on multiquad, always 0 otherwise */
diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c
index 0c0182cc947d..1a6559f6768c 100644
--- a/arch/x86/kernel/apic/probe_32.c
+++ b/arch/x86/kernel/apic/probe_32.c
@@ -108,7 +108,7 @@ struct apic apic_default = {
         .apicid_to_node                 = default_apicid_to_node,
         .cpu_to_logical_apicid          = default_cpu_to_logical_apicid,
         .cpu_present_to_apicid          = default_cpu_present_to_apicid,
-        .apicid_to_cpu_present          = default_apicid_to_cpu_present,
+        .apicid_to_cpu_present          = physid_set_mask_of_physid,
         .setup_portio_remap             = NULL,
         .check_phys_apicid_present      = default_check_phys_apicid_present,
         .enable_apic_mode               = NULL,
diff --git a/arch/x86/kernel/apic/summit_32.c b/arch/x86/kernel/apic/summit_32.c
index 645ecc4ff0be..9b419263d90d 100644
--- a/arch/x86/kernel/apic/summit_32.c
+++ b/arch/x86/kernel/apic/summit_32.c
@@ -183,7 +183,7 @@ static const struct cpumask *summit_target_cpus(void)
         return cpumask_of(0);
 }
 
-static unsigned long summit_check_apicid_used(physid_mask_t bitmap, int apicid)
+static unsigned long summit_check_apicid_used(physid_mask_t *map, int apicid)
 {
         return 0;
 }
@@ -261,15 +261,15 @@ static int summit_cpu_present_to_apicid(int mps_cpu)
                 return BAD_APICID;
 }
 
-static physid_mask_t summit_ioapic_phys_id_map(physid_mask_t phys_id_map)
+static void summit_ioapic_phys_id_map(physid_mask_t *phys_id_map, physid_mask_t *retmap)
 {
         /* For clustered we don't have a good way to do this yet - hack */
-        return physids_promote(0x0F);
+        physids_promote(0x0FL, retmap);
 }
 
-static physid_mask_t summit_apicid_to_cpu_present(int apicid)
+static void summit_apicid_to_cpu_present(int apicid, physid_mask_t *retmap)
 {
-        return physid_mask_of_physid(0);
+        physid_set_mask_of_physid(0, retmap);
 }
 
 static int summit_check_phys_apicid_present(int physical_apicid)
diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c
index a5371ec36776..cf69c59f4910 100644
--- a/arch/x86/kernel/apic/x2apic_cluster.c
+++ b/arch/x86/kernel/apic/x2apic_cluster.c
@@ -148,10 +148,7 @@ x2apic_cpu_mask_to_apicid_and(const struct cpumask *cpumask,
                         break;
         }
 
-        if (cpu < nr_cpu_ids)
-                return per_cpu(x86_cpu_to_logical_apicid, cpu);
-
-        return BAD_APICID;
+        return per_cpu(x86_cpu_to_logical_apicid, cpu);
 }
 
 static unsigned int x2apic_cluster_phys_get_apic_id(unsigned long x)
diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c
index a8989aadc99a..8972f38c5ced 100644
--- a/arch/x86/kernel/apic/x2apic_phys.c
+++ b/arch/x86/kernel/apic/x2apic_phys.c
@@ -146,10 +146,7 @@ x2apic_cpu_mask_to_apicid_and(const struct cpumask *cpumask,
                         break;
         }
 
-        if (cpu < nr_cpu_ids)
-                return per_cpu(x86_cpu_to_apicid, cpu);
-
-        return BAD_APICID;
+        return per_cpu(x86_cpu_to_apicid, cpu);
 }
 
 static unsigned int x2apic_phys_get_apic_id(unsigned long x)
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index f5f5886a6b53..5f92494dab61 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -30,10 +30,22 @@
 #include <asm/apic.h>
 #include <asm/ipi.h>
 #include <asm/smp.h>
+#include <asm/x86_init.h>
 
 DEFINE_PER_CPU(int, x2apic_extra_bits);
 
 static enum uv_system_type uv_system_type;
+static u64 gru_start_paddr, gru_end_paddr;
+
+static inline bool is_GRU_range(u64 start, u64 end)
+{
+        return start >= gru_start_paddr && end <= gru_end_paddr;
+}
+
+static bool uv_is_untracked_pat_range(u64 start, u64 end)
+{
+        return is_ISA_range(start, end) || is_GRU_range(start, end);
+}
 
 static int early_get_nodeid(void)
 {
@@ -49,6 +61,7 @@ static int early_get_nodeid(void)
 static int __init uv_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
 {
         if (!strcmp(oem_id, "SGI")) {
+                x86_platform.is_untracked_pat_range =  uv_is_untracked_pat_range;
                 if (!strcmp(oem_table_id, "UVL"))
                         uv_system_type = UV_LEGACY_APIC;
                 else if (!strcmp(oem_table_id, "UVX"))
@@ -212,10 +225,7 @@ uv_cpu_mask_to_apicid_and(const struct cpumask *cpumask,
                 if (cpumask_test_cpu(cpu, cpu_online_mask))
                         break;
         }
-        if (cpu < nr_cpu_ids)
-                return per_cpu(x86_cpu_to_apicid, cpu);
-
-        return BAD_APICID;
+        return per_cpu(x86_cpu_to_apicid, cpu);
 }
 
 static unsigned int x2apic_get_apic_id(unsigned long x)
@@ -352,14 +362,14 @@ static __init void get_lowmem_redirect(unsigned long *base, unsigned long *size)
 
         for (i = 0; i < ARRAY_SIZE(redir_addrs); i++) {
                 alias.v = uv_read_local_mmr(redir_addrs[i].alias);
-                if (alias.s.base == 0) {
+                if (alias.s.enable && alias.s.base == 0) {
                         *size = (1UL << alias.s.m_alias);
                         redirect.v = uv_read_local_mmr(redir_addrs[i].redirect);
                         *base = (unsigned long)redirect.s.dest_base << DEST_SHIFT;
                         return;
                 }
         }
-        BUG();
+        *base = *size = 0;
 }
 
 enum map_type {map_wb, map_uc};
@@ -385,8 +395,12 @@ static __init void map_gru_high(int max_pnode)
         int shift = UVH_RH_GAM_GRU_OVERLAY_CONFIG_MMR_BASE_SHFT;
 
         gru.v = uv_read_local_mmr(UVH_RH_GAM_GRU_OVERLAY_CONFIG_MMR);
-        if (gru.s.enable)
+        if (gru.s.enable) {
                 map_high("GRU", gru.s.base, shift, max_pnode, map_wb);
+                gru_start_paddr = ((u64)gru.s.base << shift);
+                gru_end_paddr = gru_start_paddr + (1UL << shift) * (max_pnode + 1);
+
+        }
 }
 
 static __init void map_mmr_high(int max_pnode)
@@ -409,6 +423,12 @@ static __init void map_mmioh_high(int max_pnode)
                 map_high("MMIOH", mmioh.s.base, shift, max_pnode, map_uc);
 }
 
+static __init void map_low_mmrs(void)
+{
+        init_extra_mapping_uc(UV_GLOBAL_MMR32_BASE, UV_GLOBAL_MMR32_SIZE);
+        init_extra_mapping_uc(UV_LOCAL_MMR_BASE, UV_LOCAL_MMR_SIZE);
+}
+
 static __init void uv_rtc_init(void)
 {
         long status;
@@ -550,6 +570,8 @@ void __init uv_system_init(void)
         unsigned long mmr_base, present, paddr;
         unsigned short pnode_mask;
 
+        map_low_mmrs();
+
         m_n_config.v = uv_read_local_mmr(UVH_SI_ADDR_MAP_CONFIG);
         m_val = m_n_config.s.m_skt;
         n_val = m_n_config.s.n_skt;
@@ -607,8 +629,10 @@ void __init uv_system_init(void)
         uv_rtc_init();
 
         for_each_present_cpu(cpu) {
+                int apicid = per_cpu(x86_cpu_to_apicid, cpu);
+
                 nid = cpu_to_node(cpu);
-                pnode = uv_apicid_to_pnode(per_cpu(x86_cpu_to_apicid, cpu));
+                pnode = uv_apicid_to_pnode(apicid);
                 blade = boot_pnode_to_blade(pnode);
                 lcpu = uv_blade_info[blade].nr_possible_cpus;
                 uv_blade_info[blade].nr_possible_cpus++;
@@ -619,25 +643,23 @@ void __init uv_system_init(void)
                 uv_cpu_hub_info(cpu)->lowmem_remap_base = lowmem_redir_base;
                 uv_cpu_hub_info(cpu)->lowmem_remap_top = lowmem_redir_size;
                 uv_cpu_hub_info(cpu)->m_val = m_val;
-                uv_cpu_hub_info(cpu)->n_val = m_val;
+                uv_cpu_hub_info(cpu)->n_val = n_val;
                 uv_cpu_hub_info(cpu)->numa_blade_id = blade;
                 uv_cpu_hub_info(cpu)->blade_processor_id = lcpu;
                 uv_cpu_hub_info(cpu)->pnode = pnode;
                 uv_cpu_hub_info(cpu)->pnode_mask = pnode_mask;
-                uv_cpu_hub_info(cpu)->gpa_mask = (1 << (m_val + n_val)) - 1;
+                uv_cpu_hub_info(cpu)->gpa_mask = (1UL << (m_val + n_val)) - 1;
                 uv_cpu_hub_info(cpu)->gnode_upper = gnode_upper;
                 uv_cpu_hub_info(cpu)->gnode_extra = gnode_extra;
                 uv_cpu_hub_info(cpu)->global_mmr_base = mmr_base;
                 uv_cpu_hub_info(cpu)->coherency_domain_number = sn_coherency_id;
-                uv_cpu_hub_info(cpu)->scir.offset = SCIR_LOCAL_MMR_BASE + lcpu;
+                uv_cpu_hub_info(cpu)->scir.offset = uv_scir_offset(apicid);
                 uv_node_to_blade[nid] = blade;
                 uv_cpu_to_blade[cpu] = blade;
                 max_pnode = max(pnode, max_pnode);
 
-                printk(KERN_DEBUG "UV: cpu %d, apicid 0x%x, pnode %d, nid %d, "
-                        "lcpu %d, blade %d\n",
-                        cpu, per_cpu(x86_cpu_to_apicid, cpu), pnode, nid,
-                        lcpu, blade);
+                printk(KERN_DEBUG "UV: cpu %d, apicid 0x%x, pnode %d, nid %d, lcpu %d, blade %d\n",
+                        cpu, apicid, pnode, nid, lcpu, blade);
         }
 
         /* Add blade/pnode info for nodes without cpus */
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
index 151ace69a5aa..b5b6b23bce53 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -204,7 +204,6 @@
 #include <linux/module.h>
 
 #include <linux/poll.h>
-#include <linux/smp_lock.h>
 #include <linux/types.h>
 #include <linux/stddef.h>
 #include <linux/timer.h>
@@ -403,6 +402,7 @@ static DECLARE_WAIT_QUEUE_HEAD(apm_waitqueue);
 static DECLARE_WAIT_QUEUE_HEAD(apm_suspend_waitqueue);
 static struct apm_user *user_list;
 static DEFINE_SPINLOCK(user_list_lock);
+static DEFINE_MUTEX(apm_mutex);
 
 /*
  * Set up a segment that references the real mode segment 0x40
@@ -1531,7 +1531,7 @@ static long do_ioctl(struct file *filp, u_int cmd, u_long arg)
                 return -EPERM;
         switch (cmd) {
         case APM_IOC_STANDBY:
-                lock_kernel();
+                mutex_lock(&apm_mutex);
                 if (as->standbys_read > 0) {
                         as->standbys_read--;
                         as->standbys_pending--;
@@ -1540,10 +1540,10 @@ static long do_ioctl(struct file *filp, u_int cmd, u_long arg)
                         queue_event(APM_USER_STANDBY, as);
                 if (standbys_pending <= 0)
                         standby();
-                unlock_kernel();
+                mutex_unlock(&apm_mutex);
                 break;
         case APM_IOC_SUSPEND:
-                lock_kernel();
+                mutex_lock(&apm_mutex);
                 if (as->suspends_read > 0) {
                         as->suspends_read--;
                         as->suspends_pending--;
@@ -1552,13 +1552,14 @@ static long do_ioctl(struct file *filp, u_int cmd, u_long arg)
                         queue_event(APM_USER_SUSPEND, as);
                 if (suspends_pending <= 0) {
                         ret = suspend(1);
+                        mutex_unlock(&apm_mutex);
                 } else {
                         as->suspend_wait = 1;
+                        mutex_unlock(&apm_mutex);
                         wait_event_interruptible(apm_suspend_waitqueue,
                                         as->suspend_wait == 0);
                         ret = as->suspend_result;
                 }
-                unlock_kernel();
                 return ret;
         default:
                 return -ENOTTY;
@@ -1608,12 +1609,10 @@ static int do_open(struct inode *inode, struct file *filp)
 {
         struct apm_user *as;
 
-        lock_kernel();
         as = kmalloc(sizeof(*as), GFP_KERNEL);
         if (as == NULL) {
                 printk(KERN_ERR "apm: cannot allocate struct of size %d bytes\n",
                        sizeof(*as));
-                       unlock_kernel();
                 return -ENOMEM;
         }
         as->magic = APM_BIOS_MAGIC;
@@ -1635,7 +1634,6 @@ static int do_open(struct inode *inode, struct file *filp)
         user_list = as;
         spin_unlock(&user_list_lock);
         filp->private_data = as;
-        unlock_kernel();
         return 0;
 }
 
diff --git a/arch/x86/kernel/bios_uv.c b/arch/x86/kernel/bios_uv.c
index 63a88e1f987d..b0206a211b09 100644
--- a/arch/x86/kernel/bios_uv.c
+++ b/arch/x86/kernel/bios_uv.c
@@ -101,21 +101,17 @@ s64 uv_bios_get_sn_info(int fc, int *uvtype, long *partid, long *coher,
 }
 
 int
-uv_bios_mq_watchlist_alloc(int blade, unsigned long addr, unsigned int mq_size,
+uv_bios_mq_watchlist_alloc(unsigned long addr, unsigned int mq_size,
                            unsigned long *intr_mmr_offset)
 {
-        union uv_watchlist_u size_blade;
         u64 watchlist;
         s64 ret;
 
-        size_blade.size = mq_size;
-        size_blade.blade = blade;
-
         /*
          * bios returns watchlist number or negative error number.
          */
         ret = (int)uv_bios_call_irqsave(UV_BIOS_WATCHLIST_ALLOC, addr,
-                        size_blade.val, (u64)intr_mmr_offset,
+                        mq_size, (u64)intr_mmr_offset,
                         (u64)&watchlist, 0);
         if (ret < BIOS_STATUS_SUCCESS)
                 return ret;
diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
index 68537e957a9b..1d2cb383410e 100644
--- a/arch/x86/kernel/cpu/Makefile
+++ b/arch/x86/kernel/cpu/Makefile
@@ -5,6 +5,7 @@
 # Don't trace early stages of a secondary CPU boot
 ifdef CONFIG_FUNCTION_TRACER
 CFLAGS_REMOVE_common.o = -pg
+CFLAGS_REMOVE_perf_event.o = -pg
 endif
 
 # Make sure load_percpu_segment has no stackprotector
diff --git a/arch/x86/kernel/cpu/addon_cpuid_features.c b/arch/x86/kernel/cpu/addon_cpuid_features.c
index c965e5212714..468489b57aae 100644
--- a/arch/x86/kernel/cpu/addon_cpuid_features.c
+++ b/arch/x86/kernel/cpu/addon_cpuid_features.c
@@ -74,6 +74,7 @@ void __cpuinit detect_extended_topology(struct cpuinfo_x86 *c)
         unsigned int eax, ebx, ecx, edx, sub_index;
         unsigned int ht_mask_width, core_plus_mask_width;
         unsigned int core_select_mask, core_level_siblings;
+        static bool printed;
 
         if (c->cpuid_level < 0xb)
                 return;
@@ -127,12 +128,14 @@ void __cpuinit detect_extended_topology(struct cpuinfo_x86 *c)
 
         c->x86_max_cores = (core_level_siblings / smp_num_siblings);
 
-
-        printk(KERN_INFO  "CPU: Physical Processor ID: %d\n",
-               c->phys_proc_id);
-        if (c->x86_max_cores > 1)
-                printk(KERN_INFO  "CPU: Processor Core ID: %d\n",
-                       c->cpu_core_id);
+        if (!printed) {
+                printk(KERN_INFO  "CPU: Physical Processor ID: %d\n",
+                       c->phys_proc_id);
+                if (c->x86_max_cores > 1)
+                        printk(KERN_INFO  "CPU: Processor Core ID: %d\n",
+                               c->cpu_core_id);
+                printed = 1;
+        }
         return;
 #endif
 }
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index c910a716a71c..e485825130d2 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -254,59 +254,36 @@ static int __cpuinit nearby_node(int apicid)
 
 /*
  * Fixup core topology information for AMD multi-node processors.
- * Assumption 1: Number of cores in each internal node is the same.
- * Assumption 2: Mixed systems with both single-node and dual-node
- *               processors are not supported.
+ * Assumption: Number of cores in each internal node is the same.
  */
 #ifdef CONFIG_X86_HT
 static void __cpuinit amd_fixup_dcm(struct cpuinfo_x86 *c)
 {
-#ifdef CONFIG_PCI
-        u32 t, cpn;
-        u8 n, n_id;
+        unsigned long long value;
+        u32 nodes, cores_per_node;
         int cpu = smp_processor_id();
 
+        if (!cpu_has(c, X86_FEATURE_NODEID_MSR))
+                return;
+
         /* fixup topology information only once for a core */
         if (cpu_has(c, X86_FEATURE_AMD_DCM))
                 return;
 
-        /* check for multi-node processor on boot cpu */
-        t = read_pci_config(0, 24, 3, 0xe8);
-        if (!(t & (1 << 29)))
+        rdmsrl(MSR_FAM10H_NODE_ID, value);
+
+        nodes = ((value >> 3) & 7) + 1;
+        if (nodes == 1)
                 return;
 
         set_cpu_cap(c, X86_FEATURE_AMD_DCM);
+        cores_per_node = c->x86_max_cores / nodes;
 
-        /* cores per node: each internal node has half the number of cores */
-        cpn = c->x86_max_cores >> 1;
-
-        /* even-numbered NB_id of this dual-node processor */
-        n = c->phys_proc_id << 1;
-
-        /*
-         * determine internal node id and assign cores fifty-fifty to
-         * each node of the dual-node processor
-         */
-        t = read_pci_config(0, 24 + n, 3, 0xe8);
-        n = (t>>30) & 0x3;
-        if (n == 0) {
-                if (c->cpu_core_id < cpn)
-                        n_id = 0;
-                else
-                        n_id = 1;
-        } else {
-                if (c->cpu_core_id < cpn)
-                        n_id = 1;
-                else
-                        n_id = 0;
-        }
-
-        /* compute entire NodeID, use llc_shared_map to store sibling info */
-        per_cpu(cpu_llc_id, cpu) = (c->phys_proc_id << 1) + n_id;
+        /* store NodeID, use llc_shared_map to store sibling info */
+        per_cpu(cpu_llc_id, cpu) = value & 7;
 
-        /* fixup core id to be in range from 0 to cpn */
-        c->cpu_core_id = c->cpu_core_id % cpn;
-#endif
+        /* fixup core id to be in range from 0 to (cores_per_node - 1) */
+        c->cpu_core_id = c->cpu_core_id % cores_per_node;
 }
 #endif
 
@@ -375,8 +352,6 @@ static void __cpuinit srat_detect_node(struct cpuinfo_x86 *c)
                         node = nearby_node(apicid);
         }
         numa_set_node(cpu, node);
-
-        printk(KERN_INFO "CPU %d/0x%x -> Node %d\n", cpu, apicid, node);
 #endif
 }
 
@@ -535,7 +510,7 @@ static void __cpuinit init_amd(struct cpuinfo_x86 *c)
                 }
         }
 
-        display_cacheinfo(c);
+        cpu_detect_cache_sizes(c);
 
         /* Multi core CPU? */
         if (c->extended_cpuid_level >= 0x80000008) {
diff --git a/arch/x86/kernel/cpu/centaur.c b/arch/x86/kernel/cpu/centaur.c
index c95e831bb095..e58d978e0758 100644
--- a/arch/x86/kernel/cpu/centaur.c
+++ b/arch/x86/kernel/cpu/centaur.c
@@ -294,7 +294,7 @@ static void __cpuinit init_c3(struct cpuinfo_x86 *c)
                 set_cpu_cap(c, X86_FEATURE_REP_GOOD);
         }
 
-        display_cacheinfo(c);
+        cpu_detect_cache_sizes(c);
 }
 
 enum {
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 3192f22f2fdd..4868e4a951ee 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -61,7 +61,7 @@ void __init setup_cpu_local_masks(void)
 static void __cpuinit default_init(struct cpuinfo_x86 *c)
 {
 #ifdef CONFIG_X86_64
-        display_cacheinfo(c);
+        cpu_detect_cache_sizes(c);
 #else
         /* Not much we can do here... */
         /* Check if at least it has cpuid */
@@ -383,7 +383,7 @@ static void __cpuinit get_model_name(struct cpuinfo_x86 *c)
         }
 }
 
-void __cpuinit display_cacheinfo(struct cpuinfo_x86 *c)
+void __cpuinit cpu_detect_cache_sizes(struct cpuinfo_x86 *c)
 {
         unsigned int n, dummy, ebx, ecx, edx, l2size;
 
@@ -391,8 +391,6 @@ void __cpuinit display_cacheinfo(struct cpuinfo_x86 *c)
 
         if (n >= 0x80000005) {
                 cpuid(0x80000005, &dummy, &ebx, &ecx, &edx);
-                printk(KERN_INFO "CPU: L1 I Cache: %dK (%d bytes/line), D cache %dK (%d bytes/line)\n",
-                                edx>>24, edx&0xFF, ecx>>24, ecx&0xFF);
                 c->x86_cache_size = (ecx>>24) + (edx>>24);
 #ifdef CONFIG_X86_64
                 /* On K8 L1 TLB is inclusive, so don't count it */
@@ -422,9 +420,6 @@ void __cpuinit display_cacheinfo(struct cpuinfo_x86 *c)
 #endif
 
         c->x86_cache_size = l2size;
-
-        printk(KERN_INFO "CPU: L2 Cache: %dK (%d bytes/line)\n",
-                        l2size, ecx & 0xFF);
 }
 
 void __cpuinit detect_ht(struct cpuinfo_x86 *c)
@@ -432,6 +427,7 @@ void __cpuinit detect_ht(struct cpuinfo_x86 *c)
 #ifdef CONFIG_X86_HT
         u32 eax, ebx, ecx, edx;
         int index_msb, core_bits;
+        static bool printed;
 
         if (!cpu_has(c, X86_FEATURE_HT))
                 return;
@@ -447,7 +443,7 @@ void __cpuinit detect_ht(struct cpuinfo_x86 *c)
         smp_num_siblings = (ebx & 0xff0000) >> 16;
 
         if (smp_num_siblings == 1) {
-                printk(KERN_INFO  "CPU: Hyper-Threading is disabled\n");
+                printk_once(KERN_INFO "CPU0: Hyper-Threading is disabled\n");
                 goto out;
         }
 
@@ -474,11 +470,12 @@ void __cpuinit detect_ht(struct cpuinfo_x86 *c)
                                        ((1 << core_bits) - 1);
 
 out:
-        if ((c->x86_max_cores * smp_num_siblings) > 1) {
+        if (!printed && (c->x86_max_cores * smp_num_siblings) > 1) {
                 printk(KERN_INFO  "CPU: Physical Processor ID: %d\n",
                        c->phys_proc_id);
                 printk(KERN_INFO  "CPU: Processor Core ID: %d\n",
                        c->cpu_core_id);
+                printed = 1;
         }
 #endif
 }
@@ -659,24 +656,31 @@ void __init early_cpu_init(void)
         const struct cpu_dev *const *cdev;
         int count = 0;
 
+#ifdef PROCESSOR_SELECT
         printk(KERN_INFO "KERNEL supported cpus:\n");
+#endif
+
         for (cdev = __x86_cpu_dev_start; cdev < __x86_cpu_dev_end; cdev++) {
                 const struct cpu_dev *cpudev = *cdev;
-                unsigned int j;
 
                 if (count >= X86_VENDOR_NUM)
                         break;
                 cpu_devs[count] = cpudev;
                 count++;
 
-                for (j = 0; j < 2; j++) {
-                        if (!cpudev->c_ident[j])
-                                continue;
-                        printk(KERN_INFO "  %s %s\n", cpudev->c_vendor,
-                                cpudev->c_ident[j]);
+#ifdef PROCESSOR_SELECT
+                {
+                        unsigned int j;
+
+                        for (j = 0; j < 2; j++) {
+                                if (!cpudev->c_ident[j])
+                                        continue;
+                                printk(KERN_INFO "  %s %s\n", cpudev->c_vendor,
+                                        cpudev->c_ident[j]);
+                        }
                 }
+#endif
         }
-
         early_identify_cpu(&boot_cpu_data);
 }
 
@@ -837,10 +841,8 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
                         boot_cpu_data.x86_capability[i] &= c->x86_capability[i];
         }
 
-#ifdef CONFIG_X86_MCE
         /* Init Machine Check Exception if available. */
-        mcheck_init(c);
-#endif
+        mcheck_cpu_init(c);
 
         select_idle_routine(c);
 
@@ -1115,7 +1117,7 @@ void __cpuinit cpu_init(void)
         if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask))
                 panic("CPU#%d already initialized!\n", cpu);
 
-        printk(KERN_INFO "Initializing CPU#%d\n", cpu);
+        pr_debug("Initializing CPU#%d\n", cpu);
 
         clear_in_cr4(X86_CR4_VME|X86_CR4_PVI|X86_CR4_TSD|X86_CR4_DE);
 
@@ -1136,7 +1138,7 @@ void __cpuinit cpu_init(void)
         wrmsrl(MSR_KERNEL_GS_BASE, 0);
         barrier();
 
-        check_efer();
+        x86_configure_nx();
         if (cpu != 0)
                 enable_x2apic();
 
diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
index 6de9a908e400..3624e8a0f71b 100644
--- a/arch/x86/kernel/cpu/cpu.h
+++ b/arch/x86/kernel/cpu/cpu.h
@@ -32,6 +32,6 @@ struct cpu_dev {
 extern const struct cpu_dev *const __x86_cpu_dev_start[],
                             *const __x86_cpu_dev_end[];
 
-extern void display_cacheinfo(struct cpuinfo_x86 *c);
+extern void cpu_detect_cache_sizes(struct cpuinfo_x86 *c);
 
 #endif
diff --git a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
index 43eb3465dda7..1b1920fa7c80 100644
--- a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
+++ b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
@@ -190,9 +190,11 @@ static void do_drv_write(void *_cmd)
 
 static void drv_read(struct drv_cmd *cmd)
 {
+        int err;
         cmd->val = 0;
 
-        smp_call_function_single(cpumask_any(cmd->mask), do_drv_read, cmd, 1);
+        err = smp_call_function_any(cmd->mask, do_drv_read, cmd, 1);
+        WARN_ON_ONCE(err);      /* smp_call_function_any() was buggy? */
 }
 
 static void drv_write(struct drv_cmd *cmd)
@@ -526,15 +528,21 @@ static const struct dmi_system_id sw_any_bug_dmi_table[] = {
 
 static int acpi_cpufreq_blacklist(struct cpuinfo_x86 *c)
 {
-        /* http://www.intel.com/Assets/PDF/specupdate/314554.pdf
+        /* Intel Xeon Processor 7100 Series Specification Update
+         * http://www.intel.com/Assets/PDF/specupdate/314554.pdf
          * AL30: A Machine Check Exception (MCE) Occurring during an
          * Enhanced Intel SpeedStep Technology Ratio Change May Cause
-         * Both Processor Cores to Lock Up when HT is enabled*/
+         * Both Processor Cores to Lock Up. */
         if (c->x86_vendor == X86_VENDOR_INTEL) {
                 if ((c->x86 == 15) &&
                     (c->x86_model == 6) &&
-                    (c->x86_mask == 8) && smt_capable())
+                    (c->x86_mask == 8)) {
+                        printk(KERN_INFO "acpi-cpufreq: Intel(R) "
+                            "Xeon(R) 7100 Errata AL30, processors may "
+                            "lock up on frequency changes: disabling "
+                            "acpi-cpufreq.\n");
                         return -ENODEV;
+                    }
                 }
         return 0;
 }
@@ -549,13 +557,18 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
         unsigned int result = 0;
         struct cpuinfo_x86 *c = &cpu_data(policy->cpu);
         struct acpi_processor_performance *perf;
+#ifdef CONFIG_SMP
+        static int blacklisted;
+#endif
 
         dprintk("acpi_cpufreq_cpu_init\n");
 
 #ifdef CONFIG_SMP
-        result = acpi_cpufreq_blacklist(c);
-        if (result)
-                return result;
+        if (blacklisted)
+                return blacklisted;
+        blacklisted = acpi_cpufreq_blacklist(c);
+        if (blacklisted)
+                return blacklisted;
 #endif
 
         data = kzalloc(sizeof(struct acpi_cpufreq_data), GFP_KERNEL);
@@ -753,14 +766,15 @@ static struct freq_attr *acpi_cpufreq_attr[] = {
 };
 
 static struct cpufreq_driver acpi_cpufreq_driver = {
-        .verify = acpi_cpufreq_verify,
-        .target = acpi_cpufreq_target,
-        .init = acpi_cpufreq_cpu_init,
-        .exit = acpi_cpufreq_cpu_exit,
-        .resume = acpi_cpufreq_resume,
-        .name = "acpi-cpufreq",
-        .owner = THIS_MODULE,
-        .attr = acpi_cpufreq_attr,
+        .verify         = acpi_cpufreq_verify,
+        .target         = acpi_cpufreq_target,
+        .bios_limit     = acpi_processor_get_bios_limit,
+        .init           = acpi_cpufreq_cpu_init,
+        .exit           = acpi_cpufreq_cpu_exit,
+        .resume         = acpi_cpufreq_resume,
+        .name           = "acpi-cpufreq",
+        .owner          = THIS_MODULE,
+        .attr           = acpi_cpufreq_attr,
 };
 
 static int __init acpi_cpufreq_init(void)
diff --git a/arch/x86/kernel/cpu/cpufreq/longhaul.c b/arch/x86/kernel/cpu/cpufreq/longhaul.c
index ce2ed3e4aad9..7e7eea4f8261 100644
--- a/arch/x86/kernel/cpu/cpufreq/longhaul.c
+++ b/arch/x86/kernel/cpu/cpufreq/longhaul.c
@@ -813,7 +813,7 @@ static int __init longhaul_cpu_init(struct cpufreq_policy *policy)
                         memcpy(eblcr, samuel2_eblcr, sizeof(samuel2_eblcr));
                         break;
                 case 1 ... 15:
-                        longhaul_version = TYPE_LONGHAUL_V1;
+                        longhaul_version = TYPE_LONGHAUL_V2;
                         if (c->x86_mask < 8) {
                                 cpu_model = CPU_SAMUEL2;
                                 cpuname = "C3 'Samuel 2' [C5B]";
@@ -885,7 +885,7 @@ static int __init longhaul_cpu_init(struct cpufreq_policy *policy)
 
         /* Find ACPI data for processor */
         acpi_walk_namespace(ACPI_TYPE_PROCESSOR, ACPI_ROOT_OBJECT,
-                                ACPI_UINT32_MAX, &longhaul_walk_callback,
+                                ACPI_UINT32_MAX, &longhaul_walk_callback, NULL,
                                 NULL, (void *)&pr);
 
         /* Check ACPI support for C3 state */
diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k6.c b/arch/x86/kernel/cpu/cpufreq/powernow-k6.c
index f10dea409f40..cb01dac267d3 100644
--- a/arch/x86/kernel/cpu/cpufreq/powernow-k6.c
+++ b/arch/x86/kernel/cpu/cpufreq/powernow-k6.c
@@ -164,7 +164,7 @@ static int powernow_k6_cpu_init(struct cpufreq_policy *policy)
         }
 
         /* cpuinfo and default policy values */
-        policy->cpuinfo.transition_latency = CPUFREQ_ETERNAL;
+        policy->cpuinfo.transition_latency = 200000;
         policy->cur = busfreq * max_multiplier;
 
         result = cpufreq_frequency_table_cpuinfo(policy, clock_ratio);
diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k7.c b/arch/x86/kernel/cpu/cpufreq/powernow-k7.c
index d47c775eb0ab..9a97116f89e5 100644
--- a/arch/x86/kernel/cpu/cpufreq/powernow-k7.c
+++ b/arch/x86/kernel/cpu/cpufreq/powernow-k7.c
@@ -714,14 +714,17 @@ static struct freq_attr *powernow_table_attr[] = {
 };
 
 static struct cpufreq_driver powernow_driver = {
-        .verify = powernow_verify,
-        .target = powernow_target,
-        .get    = powernow_get,
-        .init   = powernow_cpu_init,
-        .exit   = powernow_cpu_exit,
-        .name   = "powernow-k7",
-        .owner  = THIS_MODULE,
-        .attr   = powernow_table_attr,
+        .verify         = powernow_verify,
+        .target         = powernow_target,
+        .get            = powernow_get,
+#ifdef CONFIG_X86_POWERNOW_K7_ACPI
+        .bios_limit     = acpi_processor_get_bios_limit,
+#endif
+        .init           = powernow_cpu_init,
+        .exit           = powernow_cpu_exit,
+        .name           = "powernow-k7",
+        .owner          = THIS_MODULE,
+        .attr           = powernow_table_attr,
 };
 
 static int __init powernow_init(void)
diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
index 6394aa5c7985..f125e5c551c0 100644
--- a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
+++ b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
@@ -1022,7 +1022,7 @@ static int get_transition_latency(struct powernow_k8_data *data)
                  * set it to 1 to avoid problems in the future.
                  * For all others it's a BIOS bug.
                  */
-                if (!boot_cpu_data.x86 == 0x11)
+                if (boot_cpu_data.x86 != 0x11)
                         printk(KERN_ERR FW_WARN PFX "Invalid zero transition "
                                 "latency\n");
                 max_latency = 1;
@@ -1118,7 +1118,7 @@ static int transition_frequency_pstate(struct powernow_k8_data *data,
 static int powernowk8_target(struct cpufreq_policy *pol,
                 unsigned targfreq, unsigned relation)
 {
-        cpumask_t oldmask;
+        cpumask_var_t oldmask;
         struct powernow_k8_data *data = per_cpu(powernow_data, pol->cpu);
         u32 checkfid;
         u32 checkvid;
@@ -1131,9 +1131,13 @@ static int powernowk8_target(struct cpufreq_policy *pol,
         checkfid = data->currfid;
         checkvid = data->currvid;
 
-        /* only run on specific CPU from here on */
-        oldmask = current->cpus_allowed;
-        set_cpus_allowed_ptr(current, &cpumask_of_cpu(pol->cpu));
+        /* only run on specific CPU from here on. */
+        /* This is poor form: use a workqueue or smp_call_function_single */
+        if (!alloc_cpumask_var(&oldmask, GFP_KERNEL))
+                return -ENOMEM;
+
+        cpumask_copy(oldmask, tsk_cpus_allowed(current));
+        set_cpus_allowed_ptr(current, cpumask_of(pol->cpu));
 
         if (smp_processor_id() != pol->cpu) {
                 printk(KERN_ERR PFX "limiting to cpu %u failed\n", pol->cpu);
@@ -1193,7 +1197,8 @@ static int powernowk8_target(struct cpufreq_policy *pol,
         ret = 0;
 
 err_out:
-        set_cpus_allowed_ptr(current, &oldmask);
+        set_cpus_allowed_ptr(current, oldmask);
+        free_cpumask_var(oldmask);
         return ret;
 }
 
@@ -1393,14 +1398,15 @@ static struct freq_attr *powernow_k8_attr[] = {
 };
 
 static struct cpufreq_driver cpufreq_amd64_driver = {
-        .verify = powernowk8_verify,
-        .target = powernowk8_target,
-        .init = powernowk8_cpu_init,
-        .exit = __devexit_p(powernowk8_cpu_exit),
-        .get = powernowk8_get,
-        .name = "powernow-k8",
-        .owner = THIS_MODULE,
-        .attr = powernow_k8_attr,
+        .verify         = powernowk8_verify,
+        .target         = powernowk8_target,
+        .bios_limit     = acpi_processor_get_bios_limit,
+        .init           = powernowk8_cpu_init,
+        .exit           = __devexit_p(powernowk8_cpu_exit),
+        .get            = powernowk8_get,
+        .name           = "powernow-k8",
+        .owner          = THIS_MODULE,
+        .attr           = powernow_k8_attr,
 };
 
 /* driver entry point for init */
diff --git a/arch/x86/kernel/cpu/cpufreq/speedstep-ich.c b/arch/x86/kernel/cpu/cpufreq/speedstep-ich.c
index 6911e91fb4f6..2ce8e0b5cc54 100644
--- a/arch/x86/kernel/cpu/cpufreq/speedstep-ich.c
+++ b/arch/x86/kernel/cpu/cpufreq/speedstep-ich.c
@@ -39,7 +39,7 @@ static struct pci_dev *speedstep_chipset_dev;
 
 /* speedstep_processor
  */
-static unsigned int speedstep_processor;
+static enum speedstep_processor speedstep_processor;
 
 static u32 pmbase;
 
@@ -232,28 +232,23 @@ static unsigned int speedstep_detect_chipset(void)
         return 0;
 }
 
-struct get_freq_data {
-        unsigned int speed;
-        unsigned int processor;
-};
-
-static void get_freq_data(void *_data)
+static void get_freq_data(void *_speed)
 {
-        struct get_freq_data *data = _data;
+        unsigned int *speed = _speed;
 
-        data->speed = speedstep_get_frequency(data->processor);
+        *speed = speedstep_get_frequency(speedstep_processor);
 }
 
 static unsigned int speedstep_get(unsigned int cpu)
 {
-        struct get_freq_data data = { .processor = cpu };
+        unsigned int speed;
 
         /* You're supposed to ensure CPU is online. */
-        if (smp_call_function_single(cpu, get_freq_data, &data, 1) != 0)
+        if (smp_call_function_single(cpu, get_freq_data, &speed, 1) != 0)
                 BUG();
 
-        dprintk("detected %u kHz as current frequency\n", data.speed);
-        return data.speed;
+        dprintk("detected %u kHz as current frequency\n", speed);
+        return speed;
 }
 
 /**
diff --git a/arch/x86/kernel/cpu/cpufreq/speedstep-lib.c b/arch/x86/kernel/cpu/cpufreq/speedstep-lib.c
index f4c290b8482f..ad0083abfa23 100644
--- a/arch/x86/kernel/cpu/cpufreq/speedstep-lib.c
+++ b/arch/x86/kernel/cpu/cpufreq/speedstep-lib.c
@@ -34,7 +34,7 @@ static int relaxed_check;
  *                   GET PROCESSOR CORE SPEED IN KHZ                 *
  *********************************************************************/
 
-static unsigned int pentium3_get_frequency(unsigned int processor)
+static unsigned int pentium3_get_frequency(enum speedstep_processor processor)
 {
         /* See table 14 of p3_ds.pdf and table 22 of 29834003.pdf */
         struct {
@@ -227,7 +227,7 @@ static unsigned int pentium4_get_frequency(void)
 
 
 /* Warning: may get called from smp_call_function_single. */
-unsigned int speedstep_get_frequency(unsigned int processor)
+unsigned int speedstep_get_frequency(enum speedstep_processor processor)
 {
         switch (processor) {
         case SPEEDSTEP_CPU_PCORE:
@@ -380,7 +380,7 @@ EXPORT_SYMBOL_GPL(speedstep_detect_processor);
  *                     DETECT SPEEDSTEP SPEEDS                       *
  *********************************************************************/
 
-unsigned int speedstep_get_freqs(unsigned int processor,
+unsigned int speedstep_get_freqs(enum speedstep_processor processor,
                                   unsigned int *low_speed,
                                   unsigned int *high_speed,
                                   unsigned int *transition_latency,
diff --git a/arch/x86/kernel/cpu/cpufreq/speedstep-lib.h b/arch/x86/kernel/cpu/cpufreq/speedstep-lib.h
index 2b6c04e5a304..70d9cea1219d 100644
--- a/arch/x86/kernel/cpu/cpufreq/speedstep-lib.h
+++ b/arch/x86/kernel/cpu/cpufreq/speedstep-lib.h
@@ -11,18 +11,18 @@
 
 
 /* processors */
-
-#define SPEEDSTEP_CPU_PIII_C_EARLY      0x00000001  /* Coppermine core */
-#define SPEEDSTEP_CPU_PIII_C            0x00000002  /* Coppermine core */
-#define SPEEDSTEP_CPU_PIII_T            0x00000003  /* Tualatin core */
-#define SPEEDSTEP_CPU_P4M               0x00000004  /* P4-M  */
-
+enum speedstep_processor {
+        SPEEDSTEP_CPU_PIII_C_EARLY = 0x00000001,  /* Coppermine core */
+        SPEEDSTEP_CPU_PIII_C       = 0x00000002,  /* Coppermine core */
+        SPEEDSTEP_CPU_PIII_T       = 0x00000003,  /* Tualatin core */
+        SPEEDSTEP_CPU_P4M          = 0x00000004,  /* P4-M  */
 /* the following processors are not speedstep-capable and are not auto-detected
  * in speedstep_detect_processor(). However, their speed can be detected using
  * the speedstep_get_frequency() call. */
-#define SPEEDSTEP_CPU_PM                0xFFFFFF03  /* Pentium M  */
-#define SPEEDSTEP_CPU_P4D               0xFFFFFF04  /* desktop P4  */
-#define SPEEDSTEP_CPU_PCORE             0xFFFFFF05  /* Core */
+        SPEEDSTEP_CPU_PM           = 0xFFFFFF03,  /* Pentium M  */
+        SPEEDSTEP_CPU_P4D          = 0xFFFFFF04,  /* desktop P4  */
+        SPEEDSTEP_CPU_PCORE        = 0xFFFFFF05,  /* Core */
+};
 
 /* speedstep states -- only two of them */
 
@@ -31,10 +31,10 @@
 
 
 /* detect a speedstep-capable processor */
-extern unsigned int speedstep_detect_processor (void);
+extern enum speedstep_processor speedstep_detect_processor(void);
 
 /* detect the current speed (in khz) of the processor */
-extern unsigned int speedstep_get_frequency(unsigned int processor);
+extern unsigned int speedstep_get_frequency(enum speedstep_processor processor);
 
 
 /* detect the low and high speeds of the processor. The callback
@@ -42,7 +42,7 @@ extern unsigned int speedstep_get_frequency(unsigned int processor);
  * SPEEDSTEP_LOW; the second argument is zero so that no
  * cpufreq_notify_transition calls are initiated.
  */
-extern unsigned int speedstep_get_freqs(unsigned int processor,
+extern unsigned int speedstep_get_freqs(enum speedstep_processor processor,
         unsigned int *low_speed,
         unsigned int *high_speed,
         unsigned int *transition_latency,
diff --git a/arch/x86/kernel/cpu/cpufreq/speedstep-smi.c b/arch/x86/kernel/cpu/cpufreq/speedstep-smi.c
index befea088e4f5..04d73c114e49 100644
--- a/arch/x86/kernel/cpu/cpufreq/speedstep-smi.c
+++ b/arch/x86/kernel/cpu/cpufreq/speedstep-smi.c
@@ -35,7 +35,7 @@ static int smi_cmd;
 static unsigned int smi_sig;
 
 /* info about the processor */
-static unsigned int speedstep_processor;
+static enum speedstep_processor speedstep_processor;
 
 /*
  * There are only two frequency states for each processor. Values
diff --git a/arch/x86/kernel/cpu/cyrix.c b/arch/x86/kernel/cpu/cyrix.c
index 19807b89f058..4fbd384fb645 100644
--- a/arch/x86/kernel/cpu/cyrix.c
+++ b/arch/x86/kernel/cpu/cyrix.c
@@ -373,7 +373,7 @@ static void __cpuinit init_nsc(struct cpuinfo_x86 *c)
         /* Handle the GX (Formally known as the GX2) */
 
         if (c->x86 == 5 && c->x86_model == 5)
-                display_cacheinfo(c);
+                cpu_detect_cache_sizes(c);
         else
                 init_cyrix(c);
 }
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 40e1835b35e8..879666f4d871 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -70,7 +70,6 @@ static void __cpuinit early_init_intel(struct cpuinfo_x86 *c)
         if (c->x86_power & (1 << 8)) {
                 set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
                 set_cpu_cap(c, X86_FEATURE_NONSTOP_TSC);
-                set_cpu_cap(c, X86_FEATURE_TSC_RELIABLE);
                 sched_clock_stable = 1;
         }
 
@@ -263,11 +262,13 @@ static void __cpuinit srat_detect_node(struct cpuinfo_x86 *c)
         /* Don't do the funky fallback heuristics the AMD version employs
            for now. */
         node = apicid_to_node[apicid];
-        if (node == NUMA_NO_NODE || !node_online(node))
+        if (node == NUMA_NO_NODE)
                 node = first_node(node_online_map);
+        else if (!node_online(node)) {
+                /* reuse the value from init_cpu_to_node() */
+                node = cpu_to_node(cpu);
+        }
         numa_set_node(cpu, node);
-
-        printk(KERN_INFO "CPU %d/0x%x -> Node %d\n", cpu, apicid, node);
 #endif
 }
 
diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c
index f5ccb4fa5a5d..fc6c8ef92dcc 100644
--- a/arch/x86/kernel/cpu/intel_cacheinfo.c
+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c
@@ -94,7 +94,7 @@ static const struct _cache_table __cpuinitconst cache_table[] =
         { 0xd1, LVL_3,    1024 },       /* 4-way set assoc, 64 byte line size */
         { 0xd2, LVL_3,    2048 },       /* 4-way set assoc, 64 byte line size */
         { 0xd6, LVL_3,    1024 },       /* 8-way set assoc, 64 byte line size */
-        { 0xd7, LVL_3,    2038 },       /* 8-way set assoc, 64 byte line size */
+        { 0xd7, LVL_3,    2048 },       /* 8-way set assoc, 64 byte line size */
         { 0xd8, LVL_3,    4096 },       /* 12-way set assoc, 64 byte line size */
         { 0xdc, LVL_3,    2048 },       /* 12-way set assoc, 64 byte line size */
         { 0xdd, LVL_3,    4096 },       /* 12-way set assoc, 64 byte line size */
@@ -102,6 +102,9 @@ static const struct _cache_table __cpuinitconst cache_table[] =
         { 0xe2, LVL_3,    2048 },       /* 16-way set assoc, 64 byte line size */
         { 0xe3, LVL_3,    4096 },       /* 16-way set assoc, 64 byte line size */
         { 0xe4, LVL_3,    8192 },       /* 16-way set assoc, 64 byte line size */
+        { 0xea, LVL_3,    12288 },      /* 24-way set assoc, 64 byte line size */
+        { 0xeb, LVL_3,    18432 },      /* 24-way set assoc, 64 byte line size */
+        { 0xec, LVL_3,    24576 },      /* 24-way set assoc, 64 byte line size */
         { 0x00, 0, 0}
 };
 
@@ -488,22 +491,6 @@ unsigned int __cpuinit init_intel_cacheinfo(struct cpuinfo_x86 *c)
 #endif
         }
 
-        if (trace)
-                printk(KERN_INFO "CPU: Trace cache: %dK uops", trace);
-        else if (l1i)
-                printk(KERN_INFO "CPU: L1 I cache: %dK", l1i);
-
-        if (l1d)
-                printk(KERN_CONT ", L1 D cache: %dK\n", l1d);
-        else
-                printk(KERN_CONT "\n");
-
-        if (l2)
-                printk(KERN_INFO "CPU: L2 cache: %dK\n", l2);
-
-        if (l3)
-                printk(KERN_INFO "CPU: L3 cache: %dK\n", l3);
-
         c->x86_cache_size = l3 ? l3 : (l2 ? l2 : (l1i+l1d));
 
         return l2;
@@ -520,18 +507,19 @@ static void __cpuinit cache_shared_cpu_map_setup(unsigned int cpu, int index)
 {
         struct _cpuid4_info     *this_leaf, *sibling_leaf;
         unsigned long num_threads_sharing;
-        int index_msb, i;
+        int index_msb, i, sibling;
         struct cpuinfo_x86 *c = &cpu_data(cpu);
 
         if ((index == 3) && (c->x86_vendor == X86_VENDOR_AMD)) {
-                struct cpuinfo_x86 *d;
-                for_each_online_cpu(i) {
+                for_each_cpu(i, c->llc_shared_map) {
                         if (!per_cpu(ici_cpuid4_info, i))
                                 continue;
-                        d = &cpu_data(i);
                         this_leaf = CPUID4_INFO_IDX(i, index);
-                        cpumask_copy(to_cpumask(this_leaf->shared_cpu_map),
-                                     d->llc_shared_map);
+                        for_each_cpu(sibling, c->llc_shared_map) {
+                                if (!cpu_online(sibling))
+                                        continue;
+                                set_bit(sibling, this_leaf->shared_cpu_map);
+                        }
                 }
                 return;
         }
diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c
index 472763d92098..73734baa50f2 100644
--- a/arch/x86/kernel/cpu/mcheck/mce-inject.c
+++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c
@@ -74,7 +74,7 @@ static void raise_exception(struct mce *m, struct pt_regs *pregs)
         m->finished = 0;
 }
 
-static cpumask_t mce_inject_cpumask;
+static cpumask_var_t mce_inject_cpumask;
 
 static int mce_raise_notify(struct notifier_block *self,
                             unsigned long val, void *data)
@@ -82,9 +82,9 @@ static int mce_raise_notify(struct notifier_block *self,
         struct die_args *args = (struct die_args *)data;
         int cpu = smp_processor_id();
         struct mce *m = &__get_cpu_var(injectm);
-        if (val != DIE_NMI_IPI || !cpu_isset(cpu, mce_inject_cpumask))
+        if (val != DIE_NMI_IPI || !cpumask_test_cpu(cpu, mce_inject_cpumask))
                 return NOTIFY_DONE;
-        cpu_clear(cpu, mce_inject_cpumask);
+        cpumask_clear_cpu(cpu, mce_inject_cpumask);
         if (m->inject_flags & MCJ_EXCEPTION)
                 raise_exception(m, args->regs);
         else if (m->status)
@@ -148,22 +148,22 @@ static void raise_mce(struct mce *m)
                 unsigned long start;
                 int cpu;
                 get_online_cpus();
-                mce_inject_cpumask = cpu_online_map;
-                cpu_clear(get_cpu(), mce_inject_cpumask);
+                cpumask_copy(mce_inject_cpumask, cpu_online_mask);
+                cpumask_clear_cpu(get_cpu(), mce_inject_cpumask);
                 for_each_online_cpu(cpu) {
                         struct mce *mcpu = &per_cpu(injectm, cpu);
                         if (!mcpu->finished ||
                             MCJ_CTX(mcpu->inject_flags) != MCJ_CTX_RANDOM)
-                                cpu_clear(cpu, mce_inject_cpumask);
+                                cpumask_clear_cpu(cpu, mce_inject_cpumask);
                 }
-                if (!cpus_empty(mce_inject_cpumask))
-                        apic->send_IPI_mask(&mce_inject_cpumask, NMI_VECTOR);
+                if (!cpumask_empty(mce_inject_cpumask))
+                        apic->send_IPI_mask(mce_inject_cpumask, NMI_VECTOR);
                 start = jiffies;
-                while (!cpus_empty(mce_inject_cpumask)) {
+                while (!cpumask_empty(mce_inject_cpumask)) {
                         if (!time_before(jiffies, start + 2*HZ)) {
                                 printk(KERN_ERR
                                 "Timeout waiting for mce inject NMI %lx\n",
-                                        *cpus_addr(mce_inject_cpumask));
+                                        *cpumask_bits(mce_inject_cpumask));
                                 break;
                         }
                         cpu_relax();
@@ -210,6 +210,8 @@ static ssize_t mce_write(struct file *filp, const char __user *ubuf,
 
 static int inject_init(void)
 {
+        if (!alloc_cpumask_var(&mce_inject_cpumask, GFP_KERNEL))
+                return -ENOMEM;
         printk(KERN_INFO "Machine check injector initialized\n");
         mce_chrdev_ops.write = mce_write;
         register_die_notifier(&mce_raise_nb);
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
index 183c3457d2f4..a8aacd4b513c 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -46,6 +46,9 @@
 
 #include "mce-internal.h"
 
+#define CREATE_TRACE_POINTS
+#include <trace/events/mce.h>
+
 int mce_disabled __read_mostly;
 
 #define MISC_MCELOG_MINOR       227
@@ -85,6 +88,26 @@ static DECLARE_WAIT_QUEUE_HEAD(mce_wait);
 static DEFINE_PER_CPU(struct mce, mces_seen);
 static int                      cpu_missing;
 
+/*
+ * CPU/chipset specific EDAC code can register a notifier call here to print
+ * MCE errors in a human-readable form.
+ */
+ATOMIC_NOTIFIER_HEAD(x86_mce_decoder_chain);
+EXPORT_SYMBOL_GPL(x86_mce_decoder_chain);
+
+static int default_decode_mce(struct notifier_block *nb, unsigned long val,
+                               void *data)
+{
+        pr_emerg("No human readable MCE decoding support on this CPU type.\n");
+        pr_emerg("Run the message through 'mcelog --ascii' to decode.\n");
+
+        return NOTIFY_STOP;
+}
+
+static struct notifier_block mce_dec_nb = {
+        .notifier_call = default_decode_mce,
+        .priority      = -1,
+};
 
 /* MCA banks polled by the period polling timer for corrected events */
 DEFINE_PER_CPU(mce_banks_t, mce_poll_banks) = {
@@ -129,6 +152,9 @@ void mce_log(struct mce *mce)
 {
         unsigned next, entry;
 
+        /* Emit the trace record: */
+        trace_mce_record(mce);
+
         mce->finished = 0;
         wmb();
         for (;;) {
@@ -165,46 +191,46 @@ void mce_log(struct mce *mce)
         set_bit(0, &mce_need_notify);
 }
 
-void __weak decode_mce(struct mce *m)
-{
-        return;
-}
-
 static void print_mce(struct mce *m)
 {
-        printk(KERN_EMERG
-               "CPU %d: Machine Check Exception: %16Lx Bank %d: %016Lx\n",
+        pr_emerg("CPU %d: Machine Check Exception: %16Lx Bank %d: %016Lx\n",
                m->extcpu, m->mcgstatus, m->bank, m->status);
+
         if (m->ip) {
-                printk(KERN_EMERG "RIP%s %02x:<%016Lx> ",
-                       !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
-                       m->cs, m->ip);
+                pr_emerg("RIP%s %02x:<%016Lx> ",
+                        !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
+                                m->cs, m->ip);
+
                 if (m->cs == __KERNEL_CS)
                         print_symbol("{%s}", m->ip);
-                printk(KERN_CONT "\n");
+                pr_cont("\n");
         }
-        printk(KERN_EMERG "TSC %llx ", m->tsc);
+
+        pr_emerg("TSC %llx ", m->tsc);
         if (m->addr)
-                printk(KERN_CONT "ADDR %llx ", m->addr);
+                pr_cont("ADDR %llx ", m->addr);
         if (m->misc)
-                printk(KERN_CONT "MISC %llx ", m->misc);
-        printk(KERN_CONT "\n");
-        printk(KERN_EMERG "PROCESSOR %u:%x TIME %llu SOCKET %u APIC %x\n",
-                        m->cpuvendor, m->cpuid, m->time, m->socketid,
-                        m->apicid);
+                pr_cont("MISC %llx ", m->misc);
+
+        pr_cont("\n");
+        pr_emerg("PROCESSOR %u:%x TIME %llu SOCKET %u APIC %x\n",
+                m->cpuvendor, m->cpuid, m->time, m->socketid, m->apicid);
 
-        decode_mce(m);
+        /*
+         * Print out human-readable details about the MCE error,
+         * (if the CPU has an implementation for that)
+         */
+        atomic_notifier_call_chain(&x86_mce_decoder_chain, 0, m);
 }
 
 static void print_mce_head(void)
 {
-        printk(KERN_EMERG "\nHARDWARE ERROR\n");
+        pr_emerg("\nHARDWARE ERROR\n");
 }
 
 static void print_mce_tail(void)
 {
-        printk(KERN_EMERG "This is not a software problem!\n"
-               "Run through mcelog --ascii to decode and contact your hardware vendor\n");
+        pr_emerg("This is not a software problem!\n");
 }
 
 #define PANIC_TIMEOUT 5 /* 5 seconds */
@@ -218,6 +244,7 @@ static atomic_t mce_fake_paniced;
 static void wait_for_panic(void)
 {
         long timeout = PANIC_TIMEOUT*USEC_PER_SEC;
+
         preempt_disable();
         local_irq_enable();
         while (timeout-- > 0)
@@ -285,6 +312,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
 static int msr_to_offset(u32 msr)
 {
         unsigned bank = __get_cpu_var(injectm.bank);
+
         if (msr == rip_msr)
                 return offsetof(struct mce, ip);
         if (msr == MSR_IA32_MCx_STATUS(bank))
@@ -1108,7 +1136,7 @@ static int check_interval = 5 * 60; /* 5 minutes */
 static DEFINE_PER_CPU(int, mce_next_interval); /* in jiffies */
 static DEFINE_PER_CPU(struct timer_list, mce_timer);
 
-static void mcheck_timer(unsigned long data)
+static void mce_start_timer(unsigned long data)
 {
         struct timer_list *t = &per_cpu(mce_timer, data);
         int *n;
@@ -1173,7 +1201,7 @@ int mce_notify_irq(void)
 }
 EXPORT_SYMBOL_GPL(mce_notify_irq);
 
-static int mce_banks_init(void)
+static int __cpuinit __mcheck_cpu_mce_banks_init(void)
 {
         int i;
 
@@ -1192,7 +1220,7 @@ static int mce_banks_init(void)
 /*
  * Initialize Machine Checks for a CPU.
  */
-static int __cpuinit mce_cap_init(void)
+static int __cpuinit __mcheck_cpu_cap_init(void)
 {
         unsigned b;
         u64 cap;
@@ -1200,7 +1228,8 @@ static int __cpuinit mce_cap_init(void)
         rdmsrl(MSR_IA32_MCG_CAP, cap);
 
         b = cap & MCG_BANKCNT_MASK;
-        printk(KERN_INFO "mce: CPU supports %d MCE banks\n", b);
+        if (!banks)
+                printk(KERN_INFO "mce: CPU supports %d MCE banks\n", b);
 
         if (b > MAX_NR_BANKS) {
                 printk(KERN_WARNING
@@ -1213,7 +1242,7 @@ static int __cpuinit mce_cap_init(void)
         WARN_ON(banks != 0 && b != banks);
         banks = b;
         if (!mce_banks) {
-                int err = mce_banks_init();
+                int err = __mcheck_cpu_mce_banks_init();
 
                 if (err)
                         return err;
@@ -1229,7 +1258,7 @@ static int __cpuinit mce_cap_init(void)
         return 0;
 }
 
-static void mce_init(void)
+static void __mcheck_cpu_init_generic(void)
 {
         mce_banks_t all_banks;
         u64 cap;
@@ -1258,7 +1287,7 @@ static void mce_init(void)
 }
 
 /* Add per CPU specific workarounds here */
-static int __cpuinit mce_cpu_quirks(struct cpuinfo_x86 *c)
+static int __cpuinit __mcheck_cpu_apply_quirks(struct cpuinfo_x86 *c)
 {
         if (c->x86_vendor == X86_VENDOR_UNKNOWN) {
                 pr_info("MCE: unknown CPU type - not enabling MCE support.\n");
@@ -1326,7 +1355,7 @@ static int __cpuinit mce_cpu_quirks(struct cpuinfo_x86 *c)
         return 0;
 }
 
-static void __cpuinit mce_ancient_init(struct cpuinfo_x86 *c)
+static void __cpuinit __mcheck_cpu_ancient_init(struct cpuinfo_x86 *c)
 {
         if (c->x86 != 5)
                 return;
@@ -1340,7 +1369,7 @@ static void __cpuinit mce_ancient_init(struct cpuinfo_x86 *c)
         }
 }
 
-static void mce_cpu_features(struct cpuinfo_x86 *c)
+static void __mcheck_cpu_init_vendor(struct cpuinfo_x86 *c)
 {
         switch (c->x86_vendor) {
         case X86_VENDOR_INTEL:
@@ -1354,18 +1383,19 @@ static void mce_cpu_features(struct cpuinfo_x86 *c)
         }
 }
 
-static void mce_init_timer(void)
+static void __mcheck_cpu_init_timer(void)
 {
         struct timer_list *t = &__get_cpu_var(mce_timer);
         int *n = &__get_cpu_var(mce_next_interval);
 
+        setup_timer(t, mce_start_timer, smp_processor_id());
+
         if (mce_ignore_ce)
                 return;
 
         *n = check_interval * HZ;
         if (!*n)
                 return;
-        setup_timer(t, mcheck_timer, smp_processor_id());
         t->expires = round_jiffies(jiffies + *n);
         add_timer_on(t, smp_processor_id());
 }
@@ -1385,27 +1415,28 @@ void (*machine_check_vector)(struct pt_regs *, long error_code) =
  * Called for each booted CPU to set up machine checks.
  * Must be called with preempt off:
  */
-void __cpuinit mcheck_init(struct cpuinfo_x86 *c)
+void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
 {
         if (mce_disabled)
                 return;
 
-        mce_ancient_init(c);
+        __mcheck_cpu_ancient_init(c);
 
         if (!mce_available(c))
                 return;
 
-        if (mce_cap_init() < 0 || mce_cpu_quirks(c) < 0) {
+        if (__mcheck_cpu_cap_init() < 0 || __mcheck_cpu_apply_quirks(c) < 0) {
                 mce_disabled = 1;
                 return;
         }
 
         machine_check_vector = do_machine_check;
 
-        mce_init();
-        mce_cpu_features(c);
-        mce_init_timer();
+        __mcheck_cpu_init_generic();
+        __mcheck_cpu_init_vendor(c);
+        __mcheck_cpu_init_timer();
         INIT_WORK(&__get_cpu_var(mce_work), mce_process_work);
+
 }
 
 /*
@@ -1625,6 +1656,15 @@ static int __init mcheck_enable(char *str)
 }
 __setup("mce", mcheck_enable);
 
+int __init mcheck_init(void)
+{
+        atomic_notifier_chain_register(&x86_mce_decoder_chain, &mce_dec_nb);
+
+        mcheck_intel_therm_init();
+
+        return 0;
+}
+
 /*
  * Sysfs support
  */
@@ -1633,7 +1673,7 @@ __setup("mce", mcheck_enable);
  * Disable machine checks on suspend and shutdown. We can't really handle
  * them later.
  */
-static int mce_disable(void)
+static int mce_disable_error_reporting(void)
 {
         int i;
 
@@ -1648,12 +1688,12 @@ static int mce_disable(void)
 
 static int mce_suspend(struct sys_device *dev, pm_message_t state)
 {
-        return mce_disable();
+        return mce_disable_error_reporting();
 }
 
 static int mce_shutdown(struct sys_device *dev)
 {
-        return mce_disable();
+        return mce_disable_error_reporting();
 }
 
 /*
@@ -1663,8 +1703,8 @@ static int mce_shutdown(struct sys_device *dev)
  */
 static int mce_resume(struct sys_device *dev)
 {
-        mce_init();
-        mce_cpu_features(&current_cpu_data);
+        __mcheck_cpu_init_generic();
+        __mcheck_cpu_init_vendor(&current_cpu_data);
 
         return 0;
 }
@@ -1674,8 +1714,8 @@ static void mce_cpu_restart(void *data)
         del_timer_sync(&__get_cpu_var(mce_timer));
         if (!mce_available(&current_cpu_data))
                 return;
-        mce_init();
-        mce_init_timer();
+        __mcheck_cpu_init_generic();
+        __mcheck_cpu_init_timer();
 }
 
 /* Reinit MCEs after user configuration changes */
@@ -1701,7 +1741,7 @@ static void mce_enable_ce(void *all)
         cmci_reenable();
         cmci_recheck();
         if (all)
-                mce_init_timer();
+                __mcheck_cpu_init_timer();
 }
 
 static struct sysdev_class mce_sysclass = {
@@ -1889,7 +1929,7 @@ error2:
                 sysdev_remove_file(&per_cpu(mce_dev, cpu), &mce_banks[j].attr);
 error:
         while (--i >= 0)
-                sysdev_remove_file(&per_cpu(mce_dev, cpu), &mce_banks[i].attr);
+                sysdev_remove_file(&per_cpu(mce_dev, cpu), mce_attrs[i]);
 
         sysdev_unregister(&per_cpu(mce_dev, cpu));
 
@@ -1914,13 +1954,14 @@ static __cpuinit void mce_remove_device(unsigned int cpu)
 }
 
 /* Make sure there are no machine checks on offlined CPUs. */
-static void mce_disable_cpu(void *h)
+static void __cpuinit mce_disable_cpu(void *h)
 {
         unsigned long action = *(unsigned long *)h;
         int i;
 
         if (!mce_available(&current_cpu_data))
                 return;
+
         if (!(action & CPU_TASKS_FROZEN))
                 cmci_clear();
         for (i = 0; i < banks; i++) {
@@ -1931,7 +1972,7 @@ static void mce_disable_cpu(void *h)
         }
 }
 
-static void mce_reenable_cpu(void *h)
+static void __cpuinit mce_reenable_cpu(void *h)
 {
         unsigned long action = *(unsigned long *)h;
         int i;
@@ -1976,9 +2017,11 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu)
                 break;
         case CPU_DOWN_FAILED:
         case CPU_DOWN_FAILED_FROZEN:
-                t->expires = round_jiffies(jiffies +
+                if (!mce_ignore_ce && check_interval) {
+                        t->expires = round_jiffies(jiffies +
                                            __get_cpu_var(mce_next_interval));
-                add_timer_on(t, cpu);
+                        add_timer_on(t, cpu);
+                }
                 smp_call_function_single(cpu, mce_reenable_cpu, &action, 1);
                 break;
         case CPU_POST_DEAD:
@@ -2010,7 +2053,7 @@ static __init void mce_init_banks(void)
         }
 }
 
-static __init int mce_init_device(void)
+static __init int mcheck_init_device(void)
 {
         int err;
         int i = 0;
@@ -2038,7 +2081,7 @@ static __init int mce_init_device(void)
         return err;
 }
 
-device_initcall(mce_init_device);
+device_initcall(mcheck_init_device);
 
 /*
  * Old style boot options parsing. Only for compatibility.
@@ -2086,7 +2129,7 @@ static int fake_panic_set(void *data, u64 val)
 DEFINE_SIMPLE_ATTRIBUTE(fake_panic_fops, fake_panic_get,
                         fake_panic_set, "%llu\n");
 
-static int __init mce_debugfs_init(void)
+static int __init mcheck_debugfs_init(void)
 {
         struct dentry *dmce, *ffake_panic;
 
@@ -2100,5 +2143,5 @@ static int __init mce_debugfs_init(void)
 
         return 0;
 }
-late_initcall(mce_debugfs_init);
+late_initcall(mcheck_debugfs_init);
 #endif
diff --git a/arch/x86/kernel/cpu/mcheck/mce_intel.c b/arch/x86/kernel/cpu/mcheck/mce_intel.c
index 889f665fe93d..7c785634af2b 100644
--- a/arch/x86/kernel/cpu/mcheck/mce_intel.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_intel.c
@@ -8,6 +8,7 @@
 #include <linux/init.h>
 #include <linux/interrupt.h>
 #include <linux/percpu.h>
+#include <linux/sched.h>
 #include <asm/apic.h>
 #include <asm/processor.h>
 #include <asm/msr.h>
diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c
index b3a1dba75330..81c499eceb21 100644
--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c
+++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c
@@ -49,6 +49,8 @@ static DEFINE_PER_CPU(struct thermal_state, thermal_state);
 
 static atomic_t therm_throt_en  = ATOMIC_INIT(0);
 
+static u32 lvtthmr_init __read_mostly;
+
 #ifdef CONFIG_SYSFS
 #define define_therm_throt_sysdev_one_ro(_name)                         \
         static SYSDEV_ATTR(_name, 0444, therm_throt_sysdev_show_##_name, NULL)
@@ -254,14 +256,34 @@ asmlinkage void smp_thermal_interrupt(struct pt_regs *regs)
         ack_APIC_irq();
 }
 
+/* Thermal monitoring depends on APIC, ACPI and clock modulation */
+static int intel_thermal_supported(struct cpuinfo_x86 *c)
+{
+        if (!cpu_has_apic)
+                return 0;
+        if (!cpu_has(c, X86_FEATURE_ACPI) || !cpu_has(c, X86_FEATURE_ACC))
+                return 0;
+        return 1;
+}
+
+void __init mcheck_intel_therm_init(void)
+{
+        /*
+         * This function is only called on boot CPU. Save the init thermal
+         * LVT value on BSP and use that value to restore APs' thermal LVT
+         * entry BIOS programmed later
+         */
+        if (intel_thermal_supported(&boot_cpu_data))
+                lvtthmr_init = apic_read(APIC_LVTTHMR);
+}
+
 void intel_init_thermal(struct cpuinfo_x86 *c)
 {
         unsigned int cpu = smp_processor_id();
         int tm2 = 0;
         u32 l, h;
 
-        /* Thermal monitoring depends on ACPI and clock modulation*/
-        if (!cpu_has(c, X86_FEATURE_ACPI) || !cpu_has(c, X86_FEATURE_ACC))
+        if (!intel_thermal_supported(c))
                 return;
 
         /*
@@ -270,7 +292,20 @@ void intel_init_thermal(struct cpuinfo_x86 *c)
          * since it might be delivered via SMI already:
          */
         rdmsr(MSR_IA32_MISC_ENABLE, l, h);
-        h = apic_read(APIC_LVTTHMR);
+
+        /*
+         * The initial value of thermal LVT entries on all APs always reads
+         * 0x10000 because APs are woken up by BSP issuing INIT-SIPI-SIPI
+         * sequence to them and LVT registers are reset to 0s except for
+         * the mask bits which are set to 1s when APs receive INIT IPI.
+         * Always restore the value that BIOS has programmed on AP based on
+         * BSP's info we saved since BIOS is always setting the same value
+         * for all threads/cores
+         */
+        apic_write(APIC_LVTTHMR, lvtthmr_init);
+
+        h = lvtthmr_init;
+
         if ((l & MSR_IA32_MISC_ENABLE_TM1) && (h & APIC_DM_SMI)) {
                 printk(KERN_DEBUG
                        "CPU%d: Thermal monitoring handled by SMI\n", cpu);
@@ -312,8 +347,8 @@ void intel_init_thermal(struct cpuinfo_x86 *c)
         l = apic_read(APIC_LVTTHMR);
         apic_write(APIC_LVTTHMR, l & ~APIC_LVT_MASKED);
 
-        printk(KERN_INFO "CPU%d: Thermal monitoring enabled (%s)\n",
-               cpu, tm2 ? "TM2" : "TM1");
+        printk_once(KERN_INFO "CPU0: Thermal monitoring enabled (%s)\n",
+                       tm2 ? "TM2" : "TM1");
 
         /* enable thermal throttle processing */
         atomic_set(&therm_throt_en, 1);
diff --git a/arch/x86/kernel/cpu/mtrr/cleanup.c b/arch/x86/kernel/cpu/mtrr/cleanup.c
index 315738c74aad..09b1698e0466 100644
--- a/arch/x86/kernel/cpu/mtrr/cleanup.c
+++ b/arch/x86/kernel/cpu/mtrr/cleanup.c
@@ -170,6 +170,41 @@ static int __init cmp_range(const void *x1, const void *x2)
         return start1 - start2;
 }
 
+static int __init clean_sort_range(struct res_range *range, int az)
+{
+        int i, j, k = az - 1, nr_range = 0;
+
+        for (i = 0; i < k; i++) {
+                if (range[i].end)
+                        continue;
+                for (j = k; j > i; j--) {
+                        if (range[j].end) {
+                                k = j;
+                                break;
+                        }
+                }
+                if (j == i)
+                        break;
+                range[i].start = range[k].start;
+                range[i].end   = range[k].end;
+                range[k].start = 0;
+                range[k].end   = 0;
+                k--;
+        }
+        /* count it */
+        for (i = 0; i < az; i++) {
+                if (!range[i].end) {
+                        nr_range = i;
+                        break;
+                }
+        }
+
+        /* sort them */
+        sort(range, nr_range, sizeof(struct res_range), cmp_range, NULL);
+
+        return nr_range;
+}
+
 #define BIOS_BUG_MSG KERN_WARNING \
         "WARNING: BIOS bug: VAR MTRR %d contains strange UC entry under 1M, check with your system vendor!\n"
 
@@ -223,22 +258,18 @@ x86_get_mtrr_mem_range(struct res_range *range, int nr_range,
                 subtract_range(range, extra_remove_base,
                                  extra_remove_base + extra_remove_size  - 1);
 
-        /* get new range num */
-        nr_range = 0;
-        for (i = 0; i < RANGE_NUM; i++) {
-                if (!range[i].end)
-                        continue;
-                nr_range++;
-        }
         if  (debug_print) {
                 printk(KERN_DEBUG "After UC checking\n");
-                for (i = 0; i < nr_range; i++)
+                for (i = 0; i < RANGE_NUM; i++) {
+                        if (!range[i].end)
+                                continue;
                         printk(KERN_DEBUG "MTRR MAP PFN: %016lx - %016lx\n",
                                  range[i].start, range[i].end + 1);
+                }
         }
 
         /* sort the ranges */
-        sort(range, nr_range, sizeof(struct res_range), cmp_range, NULL);
+        nr_range = clean_sort_range(range, RANGE_NUM);
         if  (debug_print) {
                 printk(KERN_DEBUG "After sorting\n");
                 for (i = 0; i < nr_range; i++)
@@ -689,8 +720,6 @@ static int __init mtrr_need_cleanup(void)
                         continue;
                 if (!size)
                         type = MTRR_NUM_TYPES;
-                if (type == MTRR_TYPE_WRPROT)
-                        type = MTRR_TYPE_UNCACHABLE;
                 num[type]++;
         }
 
@@ -846,7 +875,7 @@ int __init mtrr_cleanup(unsigned address_bits)
         sort(range, nr_range, sizeof(struct res_range), cmp_range, NULL);
 
         range_sums = sum_ranges(range, nr_range);
-        printk(KERN_INFO "total RAM coverred: %ldM\n",
+        printk(KERN_INFO "total RAM covered: %ldM\n",
                range_sums >> (20 - PAGE_SHIFT));
 
         if (mtrr_chunk_size && mtrr_gran_size) {
diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if.c
index f04e72527604..e006e56f699c 100644
--- a/arch/x86/kernel/cpu/mtrr/if.c
+++ b/arch/x86/kernel/cpu/mtrr/if.c
@@ -4,6 +4,7 @@
 #include <linux/proc_fs.h>
 #include <linux/module.h>
 #include <linux/ctype.h>
+#include <linux/string.h>
 #include <linux/init.h>
 
 #define LINE_SIZE 80
@@ -96,17 +97,24 @@ mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos)
         unsigned long long base, size;
         char *ptr;
         char line[LINE_SIZE];
+        int length;
         size_t linelen;
 
         if (!capable(CAP_SYS_ADMIN))
                 return -EPERM;
-        if (!len)
-                return -EINVAL;
 
         memset(line, 0, LINE_SIZE);
-        if (len > LINE_SIZE)
-                len = LINE_SIZE;
-        if (copy_from_user(line, buf, len - 1))
+
+        length = len;
+        length--;
+
+        if (length > LINE_SIZE - 1)
+                length = LINE_SIZE - 1;
+
+        if (length < 0)
+                return -EINVAL;
+
+        if (copy_from_user(line, buf, length))
                 return -EFAULT;
 
         linelen = strlen(line);
@@ -126,8 +134,7 @@ mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos)
                 return -EINVAL;
 
         base = simple_strtoull(line + 5, &ptr, 0);
-        while (isspace(*ptr))
-                ptr++;
+        ptr = skip_spaces(ptr);
 
         if (strncmp(ptr, "size=", 5))
                 return -EINVAL;
@@ -135,14 +142,11 @@ mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos)
         size = simple_strtoull(ptr + 5, &ptr, 0);
         if ((base & 0xfff) || (size & 0xfff))
                 return -EINVAL;
-        while (isspace(*ptr))
-                ptr++;
+        ptr = skip_spaces(ptr);
 
         if (strncmp(ptr, "type=", 5))
                 return -EINVAL;
-        ptr += 5;
-        while (isspace(*ptr))
-                ptr++;
+        ptr = skip_spaces(ptr + 5);
 
         for (i = 0; i < MTRR_NUM_TYPES; ++i) {
                 if (strcmp(ptr, mtrr_strings[i]))
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
index b5801c311846..d616c06e99b4 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
@@ -77,6 +77,18 @@ struct cpu_hw_events {
         struct debug_store      *ds;
 };
 
+struct event_constraint {
+        unsigned long   idxmsk[BITS_TO_LONGS(X86_PMC_IDX_MAX)];
+        int             code;
+};
+
+#define EVENT_CONSTRAINT(c, m) { .code = (c), .idxmsk[0] = (m) }
+#define EVENT_CONSTRAINT_END  { .code = 0, .idxmsk[0] = 0 }
+
+#define for_each_event_constraint(e, c) \
+        for ((e) = (c); (e)->idxmsk[0]; (e)++)
+
+
 /*
  * struct x86_pmu - generic x86 pmu
  */
@@ -102,6 +114,8 @@ struct x86_pmu {
         u64             intel_ctrl;
         void            (*enable_bts)(u64 config);
         void            (*disable_bts)(void);
+        int             (*get_event_idx)(struct cpu_hw_events *cpuc,
+                                         struct hw_perf_event *hwc);
 };
 
 static struct x86_pmu x86_pmu __read_mostly;
@@ -110,6 +124,8 @@ static DEFINE_PER_CPU(struct cpu_hw_events, cpu_hw_events) = {
         .enabled = 1,
 };
 
+static const struct event_constraint *event_constraints;
+
 /*
  * Not sure about some of these
  */
@@ -155,6 +171,16 @@ static u64 p6_pmu_raw_event(u64 hw_event)
         return hw_event & P6_EVNTSEL_MASK;
 }
 
+static const struct event_constraint intel_p6_event_constraints[] =
+{
+        EVENT_CONSTRAINT(0xc1, 0x1),    /* FLOPS */
+        EVENT_CONSTRAINT(0x10, 0x1),    /* FP_COMP_OPS_EXE */
+        EVENT_CONSTRAINT(0x11, 0x1),    /* FP_ASSIST */
+        EVENT_CONSTRAINT(0x12, 0x2),    /* MUL */
+        EVENT_CONSTRAINT(0x13, 0x2),    /* DIV */
+        EVENT_CONSTRAINT(0x14, 0x1),    /* CYCLES_DIV_BUSY */
+        EVENT_CONSTRAINT_END
+};
 
 /*
  * Intel PerfMon v3. Used on Core2 and later.
@@ -170,6 +196,35 @@ static const u64 intel_perfmon_event_map[] =
   [PERF_COUNT_HW_BUS_CYCLES]            = 0x013c,
 };
 
+static const struct event_constraint intel_core_event_constraints[] =
+{
+        EVENT_CONSTRAINT(0x10, 0x1),    /* FP_COMP_OPS_EXE */
+        EVENT_CONSTRAINT(0x11, 0x2),    /* FP_ASSIST */
+        EVENT_CONSTRAINT(0x12, 0x2),    /* MUL */
+        EVENT_CONSTRAINT(0x13, 0x2),    /* DIV */
+        EVENT_CONSTRAINT(0x14, 0x1),    /* CYCLES_DIV_BUSY */
+        EVENT_CONSTRAINT(0x18, 0x1),    /* IDLE_DURING_DIV */
+        EVENT_CONSTRAINT(0x19, 0x2),    /* DELAYED_BYPASS */
+        EVENT_CONSTRAINT(0xa1, 0x1),    /* RS_UOPS_DISPATCH_CYCLES */
+        EVENT_CONSTRAINT(0xcb, 0x1),    /* MEM_LOAD_RETIRED */
+        EVENT_CONSTRAINT_END
+};
+
+static const struct event_constraint intel_nehalem_event_constraints[] =
+{
+        EVENT_CONSTRAINT(0x40, 0x3),    /* L1D_CACHE_LD */
+        EVENT_CONSTRAINT(0x41, 0x3),    /* L1D_CACHE_ST */
+        EVENT_CONSTRAINT(0x42, 0x3),    /* L1D_CACHE_LOCK */
+        EVENT_CONSTRAINT(0x43, 0x3),    /* L1D_ALL_REF */
+        EVENT_CONSTRAINT(0x4e, 0x3),    /* L1D_PREFETCH */
+        EVENT_CONSTRAINT(0x4c, 0x3),    /* LOAD_HIT_PRE */
+        EVENT_CONSTRAINT(0x51, 0x3),    /* L1D */
+        EVENT_CONSTRAINT(0x52, 0x3),    /* L1D_CACHE_PREFETCH_LOCK_FB_HIT */
+        EVENT_CONSTRAINT(0x53, 0x3),    /* L1D_CACHE_LOCK_FB_HIT */
+        EVENT_CONSTRAINT(0xc5, 0x3),    /* CACHE_LOCK_CYCLES */
+        EVENT_CONSTRAINT_END
+};
+
 static u64 intel_pmu_event_map(int hw_event)
 {
         return intel_perfmon_event_map[hw_event];
@@ -190,7 +245,7 @@ static u64 __read_mostly hw_cache_event_ids
                                 [PERF_COUNT_HW_CACHE_OP_MAX]
                                 [PERF_COUNT_HW_CACHE_RESULT_MAX];
 
-static const u64 nehalem_hw_cache_event_ids
+static __initconst u64 nehalem_hw_cache_event_ids
                                 [PERF_COUNT_HW_CACHE_MAX]
                                 [PERF_COUNT_HW_CACHE_OP_MAX]
                                 [PERF_COUNT_HW_CACHE_RESULT_MAX] =
@@ -281,7 +336,7 @@ static const u64 nehalem_hw_cache_event_ids
  },
 };
 
-static const u64 core2_hw_cache_event_ids
+static __initconst u64 core2_hw_cache_event_ids
                                 [PERF_COUNT_HW_CACHE_MAX]
                                 [PERF_COUNT_HW_CACHE_OP_MAX]
                                 [PERF_COUNT_HW_CACHE_RESULT_MAX] =
@@ -372,7 +427,7 @@ static const u64 core2_hw_cache_event_ids
  },
 };
 
-static const u64 atom_hw_cache_event_ids
+static __initconst u64 atom_hw_cache_event_ids
                                 [PERF_COUNT_HW_CACHE_MAX]
                                 [PERF_COUNT_HW_CACHE_OP_MAX]
                                 [PERF_COUNT_HW_CACHE_RESULT_MAX] =
@@ -469,7 +524,7 @@ static u64 intel_pmu_raw_event(u64 hw_event)
 #define CORE_EVNTSEL_UNIT_MASK          0x0000FF00ULL
 #define CORE_EVNTSEL_EDGE_MASK          0x00040000ULL
 #define CORE_EVNTSEL_INV_MASK           0x00800000ULL
-#define CORE_EVNTSEL_REG_MASK   0xFF000000ULL
+#define CORE_EVNTSEL_REG_MASK           0xFF000000ULL
 
 #define CORE_EVNTSEL_MASK               \
         (CORE_EVNTSEL_EVENT_MASK |      \
@@ -481,7 +536,7 @@ static u64 intel_pmu_raw_event(u64 hw_event)
         return hw_event & CORE_EVNTSEL_MASK;
 }
 
-static const u64 amd_hw_cache_event_ids
+static __initconst u64 amd_hw_cache_event_ids
                                 [PERF_COUNT_HW_CACHE_MAX]
                                 [PERF_COUNT_HW_CACHE_OP_MAX]
                                 [PERF_COUNT_HW_CACHE_RESULT_MAX] =
@@ -932,6 +987,8 @@ static int __hw_perf_event_init(struct perf_event *event)
          */
         hwc->config = ARCH_PERFMON_EVENTSEL_INT;
 
+        hwc->idx = -1;
+
         /*
          * Count user and OS events unless requested not to.
          */
@@ -1229,7 +1286,7 @@ x86_perf_event_set_period(struct perf_event *event,
                 return 0;
 
         /*
-         * If we are way outside a reasoable range then just skip forward:
+         * If we are way outside a reasonable range then just skip forward:
          */
         if (unlikely(left <= -period)) {
                 left = period;
@@ -1334,8 +1391,7 @@ static void amd_pmu_enable_event(struct hw_perf_event *hwc, int idx)
                 x86_pmu_enable_event(hwc, idx);
 }
 
-static int
-fixed_mode_idx(struct perf_event *event, struct hw_perf_event *hwc)
+static int fixed_mode_idx(struct hw_perf_event *hwc)
 {
         unsigned int hw_event;
 
@@ -1349,6 +1405,12 @@ fixed_mode_idx(struct perf_event *event, struct hw_perf_event *hwc)
         if (!x86_pmu.num_events_fixed)
                 return -1;
 
+        /*
+         * fixed counters do not take all possible filters
+         */
+        if (hwc->config & ARCH_PERFMON_EVENT_FILTER_MASK)
+                return -1;
+
         if (unlikely(hw_event == x86_pmu.event_map(PERF_COUNT_HW_INSTRUCTIONS)))
                 return X86_PMC_IDX_FIXED_INSTRUCTIONS;
         if (unlikely(hw_event == x86_pmu.event_map(PERF_COUNT_HW_CPU_CYCLES)))
@@ -1360,22 +1422,57 @@ fixed_mode_idx(struct perf_event *event, struct hw_perf_event *hwc)
 }
 
 /*
- * Find a PMC slot for the freshly enabled / scheduled in event:
+ * generic counter allocator: get next free counter
  */
-static int x86_pmu_enable(struct perf_event *event)
+static int
+gen_get_event_idx(struct cpu_hw_events *cpuc, struct hw_perf_event *hwc)
+{
+        int idx;
+
+        idx = find_first_zero_bit(cpuc->used_mask, x86_pmu.num_events);
+        return idx == x86_pmu.num_events ? -1 : idx;
+}
+
+/*
+ * intel-specific counter allocator: check event constraints
+ */
+static int
+intel_get_event_idx(struct cpu_hw_events *cpuc, struct hw_perf_event *hwc)
+{
+        const struct event_constraint *event_constraint;
+        int i, code;
+
+        if (!event_constraints)
+                goto skip;
+
+        code = hwc->config & CORE_EVNTSEL_EVENT_MASK;
+
+        for_each_event_constraint(event_constraint, event_constraints) {
+                if (code == event_constraint->code) {
+                        for_each_bit(i, event_constraint->idxmsk, X86_PMC_IDX_MAX) {
+                                if (!test_and_set_bit(i, cpuc->used_mask))
+                                        return i;
+                        }
+                        return -1;
+                }
+        }
+skip:
+        return gen_get_event_idx(cpuc, hwc);
+}
+
+static int
+x86_schedule_event(struct cpu_hw_events *cpuc, struct hw_perf_event *hwc)
 {
-        struct cpu_hw_events *cpuc = &__get_cpu_var(cpu_hw_events);
-        struct hw_perf_event *hwc = &event->hw;
         int idx;
 
-        idx = fixed_mode_idx(event, hwc);
+        idx = fixed_mode_idx(hwc);
         if (idx == X86_PMC_IDX_FIXED_BTS) {
                 /* BTS is already occupied. */
                 if (test_and_set_bit(idx, cpuc->used_mask))
                         return -EAGAIN;
 
                 hwc->config_base        = 0;
-                hwc->event_base = 0;
+                hwc->event_base         = 0;
                 hwc->idx                = idx;
         } else if (idx >= 0) {
                 /*
@@ -1396,20 +1493,35 @@ static int x86_pmu_enable(struct perf_event *event)
         } else {
                 idx = hwc->idx;
                 /* Try to get the previous generic event again */
-                if (test_and_set_bit(idx, cpuc->used_mask)) {
+                if (idx == -1 || test_and_set_bit(idx, cpuc->used_mask)) {
 try_generic:
-                        idx = find_first_zero_bit(cpuc->used_mask,
-                                                  x86_pmu.num_events);
-                        if (idx == x86_pmu.num_events)
+                        idx = x86_pmu.get_event_idx(cpuc, hwc);
+                        if (idx == -1)
                                 return -EAGAIN;
 
                         set_bit(idx, cpuc->used_mask);
                         hwc->idx = idx;
                 }
-                hwc->config_base  = x86_pmu.eventsel;
-                hwc->event_base = x86_pmu.perfctr;
+                hwc->config_base = x86_pmu.eventsel;
+                hwc->event_base  = x86_pmu.perfctr;
         }
 
+        return idx;
+}
+
+/*
+ * Find a PMC slot for the freshly enabled / scheduled in event:
+ */
+static int x86_pmu_enable(struct perf_event *event)
+{
+        struct cpu_hw_events *cpuc = &__get_cpu_var(cpu_hw_events);
+        struct hw_perf_event *hwc = &event->hw;
+        int idx;
+
+        idx = x86_schedule_event(cpuc, hwc);
+        if (idx < 0)
+                return idx;
+
         perf_events_lapic_init();
 
         x86_pmu.disable(hwc, idx);
@@ -1520,6 +1632,7 @@ static void intel_pmu_drain_bts_buffer(struct cpu_hw_events *cpuc)
 
         data.period     = event->hw.last_period;
         data.addr       = 0;
+        data.raw        = NULL;
         regs.ip         = 0;
 
         /*
@@ -1637,6 +1750,7 @@ static int p6_pmu_handle_irq(struct pt_regs *regs)
         u64 val;
 
         data.addr = 0;
+        data.raw = NULL;
 
         cpuc = &__get_cpu_var(cpu_hw_events);
 
@@ -1682,6 +1796,7 @@ static int intel_pmu_handle_irq(struct pt_regs *regs)
         u64 ack, status;
 
         data.addr = 0;
+        data.raw = NULL;
 
         cpuc = &__get_cpu_var(cpu_hw_events);
 
@@ -1745,6 +1860,7 @@ static int amd_pmu_handle_irq(struct pt_regs *regs)
         u64 val;
 
         data.addr = 0;
+        data.raw = NULL;
 
         cpuc = &__get_cpu_var(cpu_hw_events);
 
@@ -1852,7 +1968,7 @@ static __read_mostly struct notifier_block perf_event_nmi_notifier = {
         .priority               = 1
 };
 
-static struct x86_pmu p6_pmu = {
+static __initconst struct x86_pmu p6_pmu = {
         .name                   = "p6",
         .handle_irq             = p6_pmu_handle_irq,
         .disable_all            = p6_pmu_disable_all,
@@ -1877,9 +1993,10 @@ static struct x86_pmu p6_pmu = {
          */
         .event_bits             = 32,
         .event_mask             = (1ULL << 32) - 1,
+        .get_event_idx          = intel_get_event_idx,
 };
 
-static struct x86_pmu intel_pmu = {
+static __initconst struct x86_pmu intel_pmu = {
         .name                   = "Intel",
         .handle_irq             = intel_pmu_handle_irq,
         .disable_all            = intel_pmu_disable_all,
@@ -1900,9 +2017,10 @@ static struct x86_pmu intel_pmu = {
         .max_period             = (1ULL << 31) - 1,
         .enable_bts             = intel_pmu_enable_bts,
         .disable_bts            = intel_pmu_disable_bts,
+        .get_event_idx          = intel_get_event_idx,
 };
 
-static struct x86_pmu amd_pmu = {
+static __initconst struct x86_pmu amd_pmu = {
         .name                   = "AMD",
         .handle_irq             = amd_pmu_handle_irq,
         .disable_all            = amd_pmu_disable_all,
@@ -1920,9 +2038,10 @@ static struct x86_pmu amd_pmu = {
         .apic                   = 1,
         /* use highest bit to detect overflow */
         .max_period             = (1ULL << 47) - 1,
+        .get_event_idx          = gen_get_event_idx,
 };
 
-static int p6_pmu_init(void)
+static __init int p6_pmu_init(void)
 {
         switch (boot_cpu_data.x86_model) {
         case 1:
@@ -1932,10 +2051,12 @@ static int p6_pmu_init(void)
         case 7:
         case 8:
         case 11: /* Pentium III */
+                event_constraints = intel_p6_event_constraints;
                 break;
         case 9:
         case 13:
                 /* Pentium M */
+                event_constraints = intel_p6_event_constraints;
                 break;
         default:
                 pr_cont("unsupported p6 CPU model %d ",
@@ -1945,16 +2066,10 @@ static int p6_pmu_init(void)
 
         x86_pmu = p6_pmu;
 
-        if (!cpu_has_apic) {
-                pr_info("no APIC, boot with the \"lapic\" boot parameter to force-enable it.\n");
-                pr_info("no hardware sampling interrupt available.\n");
-                x86_pmu.apic = 0;
-        }
-
         return 0;
 }
 
-static int intel_pmu_init(void)
+static __init int intel_pmu_init(void)
 {
         union cpuid10_edx edx;
         union cpuid10_eax eax;
@@ -2007,12 +2122,14 @@ static int intel_pmu_init(void)
                        sizeof(hw_cache_event_ids));
 
                 pr_cont("Core2 events, ");
+                event_constraints = intel_core_event_constraints;
                 break;
         default:
         case 26:
                 memcpy(hw_cache_event_ids, nehalem_hw_cache_event_ids,
                        sizeof(hw_cache_event_ids));
 
+                event_constraints = intel_nehalem_event_constraints;
                 pr_cont("Nehalem/Corei7 events, ");
                 break;
         case 28:
@@ -2025,7 +2142,7 @@ static int intel_pmu_init(void)
         return 0;
 }
 
-static int amd_pmu_init(void)
+static __init int amd_pmu_init(void)
 {
         /* Performance-monitoring supported from K7 and later: */
         if (boot_cpu_data.x86 < 6)
@@ -2040,6 +2157,16 @@ static int amd_pmu_init(void)
         return 0;
 }
 
+static void __init pmu_check_apic(void)
+{
+        if (cpu_has_apic)
+                return;
+
+        x86_pmu.apic = 0;
+        pr_info("no APIC, boot with the \"lapic\" boot parameter to force-enable it.\n");
+        pr_info("no hardware sampling interrupt available.\n");
+}
+
 void __init init_hw_perf_events(void)
 {
         int err;
@@ -2061,6 +2188,8 @@ void __init init_hw_perf_events(void)
                 return;
         }
 
+        pmu_check_apic();
+
         pr_cont("%s PMU driver.\n", x86_pmu.name);
 
         if (x86_pmu.num_events > X86_PMC_MAX_GENERIC) {
@@ -2105,11 +2234,47 @@ static const struct pmu pmu = {
         .unthrottle     = x86_pmu_unthrottle,
 };
 
+static int
+validate_event(struct cpu_hw_events *cpuc, struct perf_event *event)
+{
+        struct hw_perf_event fake_event = event->hw;
+
+        if (event->pmu && event->pmu != &pmu)
+                return 0;
+
+        return x86_schedule_event(cpuc, &fake_event) >= 0;
+}
+
+static int validate_group(struct perf_event *event)
+{
+        struct perf_event *sibling, *leader = event->group_leader;
+        struct cpu_hw_events fake_pmu;
+
+        memset(&fake_pmu, 0, sizeof(fake_pmu));
+
+        if (!validate_event(&fake_pmu, leader))
+                return -ENOSPC;
+
+        list_for_each_entry(sibling, &leader->sibling_list, group_entry) {
+                if (!validate_event(&fake_pmu, sibling))
+                        return -ENOSPC;
+        }
+
+        if (!validate_event(&fake_pmu, event))
+                return -ENOSPC;
+
+        return 0;
+}
+
 const struct pmu *hw_perf_event_init(struct perf_event *event)
 {
         int err;
 
         err = __hw_perf_event_init(event);
+        if (!err) {
+                if (event->group_leader != event)
+                        err = validate_group(event);
+        }
         if (err) {
                 if (event->destroy)
                         event->destroy(event);
@@ -2132,7 +2297,7 @@ void callchain_store(struct perf_callchain_entry *entry, u64 ip)
 
 static DEFINE_PER_CPU(struct perf_callchain_entry, pmc_irq_entry);
 static DEFINE_PER_CPU(struct perf_callchain_entry, pmc_nmi_entry);
-static DEFINE_PER_CPU(int, in_nmi_frame);
+static DEFINE_PER_CPU(int, in_ignored_frame);
 
 
 static void
@@ -2148,8 +2313,9 @@ static void backtrace_warning(void *data, char *msg)
 
 static int backtrace_stack(void *data, char *name)
 {
-        per_cpu(in_nmi_frame, smp_processor_id()) =
-                        x86_is_stack_id(NMI_STACK, name);
+        per_cpu(in_ignored_frame, smp_processor_id()) =
+                        x86_is_stack_id(NMI_STACK, name) ||
+                        x86_is_stack_id(DEBUG_STACK, name);
 
         return 0;
 }
@@ -2158,7 +2324,7 @@ static void backtrace_address(void *data, unsigned long addr, int reliable)
 {
         struct perf_callchain_entry *entry = data;
 
-        if (per_cpu(in_nmi_frame, smp_processor_id()))
+        if (per_cpu(in_ignored_frame, smp_processor_id()))
                 return;
 
         if (reliable)
@@ -2170,6 +2336,7 @@ static const struct stacktrace_ops backtrace_ops = {
         .warning_symbol         = backtrace_warning_symbol,
         .stack                  = backtrace_stack,
         .address                = backtrace_address,
+        .walk_stack             = print_context_stack_bp,
 };
 
 #include "../dumpstack.h"
@@ -2180,7 +2347,7 @@ perf_callchain_kernel(struct pt_regs *regs, struct perf_callchain_entry *entry)
         callchain_store(entry, PERF_CONTEXT_KERNEL);
         callchain_store(entry, regs->ip);
 
-        dump_trace(NULL, regs, NULL, 0, &backtrace_ops, entry);
+        dump_trace(NULL, regs, NULL, regs->bp, &backtrace_ops, entry);
 }
 
 /*
diff --git a/arch/x86/kernel/cpu/perfctr-watchdog.c b/arch/x86/kernel/cpu/perfctr-watchdog.c
index fab786f60ed6..898df9719afb 100644
--- a/arch/x86/kernel/cpu/perfctr-watchdog.c
+++ b/arch/x86/kernel/cpu/perfctr-watchdog.c
@@ -712,7 +712,7 @@ static void probe_nmi_watchdog(void)
         switch (boot_cpu_data.x86_vendor) {
         case X86_VENDOR_AMD:
                 if (boot_cpu_data.x86 != 6 && boot_cpu_data.x86 != 15 &&
-                    boot_cpu_data.x86 != 16)
+                    boot_cpu_data.x86 != 16 && boot_cpu_data.x86 != 17)
                         return;
                 wd_ops = &k7_wd_ops;
                 break;
diff --git a/arch/x86/kernel/cpu/transmeta.c b/arch/x86/kernel/cpu/transmeta.c
index bb62b3e5caad..28000743bbb0 100644
--- a/arch/x86/kernel/cpu/transmeta.c
+++ b/arch/x86/kernel/cpu/transmeta.c
@@ -26,7 +26,7 @@ static void __cpuinit init_transmeta(struct cpuinfo_x86 *c)
 
         early_init_transmeta(c);
 
-        display_cacheinfo(c);
+        cpu_detect_cache_sizes(c);
 
         /* Print CMS and CPU revision */
         max = cpuid_eax(0x80860000);
diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c
index 6a52d4b36a30..cb27fd6136c9 100644
--- a/arch/x86/kernel/cpuid.c
+++ b/arch/x86/kernel/cpuid.c
@@ -116,21 +116,16 @@ static int cpuid_open(struct inode *inode, struct file *file)
 {
         unsigned int cpu;
         struct cpuinfo_x86 *c;
-        int ret = 0;
-
-        lock_kernel();
 
         cpu = iminor(file->f_path.dentry->d_inode);
-        if (cpu >= nr_cpu_ids || !cpu_online(cpu)) {
-                ret = -ENXIO;   /* No such CPU */
-                goto out;
-        }
+        if (cpu >= nr_cpu_ids || !cpu_online(cpu))
+                return -ENXIO;  /* No such CPU */
+
         c = &cpu_data(cpu);
         if (c->cpuid_level < 0)
-                ret = -EIO;     /* CPUID not supported */
-out:
-        unlock_kernel();
-        return ret;
+                return -EIO;    /* CPUID not supported */
+
+        return 0;
 }
 
 /*
@@ -192,7 +187,8 @@ static int __init cpuid_init(void)
         int i, err = 0;
         i = 0;
 
-        if (register_chrdev(CPUID_MAJOR, "cpu/cpuid", &cpuid_fops)) {
+        if (__register_chrdev(CPUID_MAJOR, 0, NR_CPUS,
+                              "cpu/cpuid", &cpuid_fops)) {
                 printk(KERN_ERR "cpuid: unable to get major %d for cpuid\n",
                        CPUID_MAJOR);
                 err = -EBUSY;
@@ -221,7 +217,7 @@ out_class:
         }
         class_destroy(cpuid_class);
 out_chrdev:
-        unregister_chrdev(CPUID_MAJOR, "cpu/cpuid");
+        __unregister_chrdev(CPUID_MAJOR, 0, NR_CPUS, "cpu/cpuid");
 out:
         return err;
 }
diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
index 5e409dc298a4..a4849c10a77e 100644
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
@@ -27,8 +27,7 @@
 #include <asm/cpu.h>
 #include <asm/reboot.h>
 #include <asm/virtext.h>
-#include <asm/iommu.h>
-
+#include <asm/x86_init.h>
 
 #if defined(CONFIG_SMP) && defined(CONFIG_X86_LOCAL_APIC)
 
@@ -106,7 +105,7 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
 #endif
 
 #ifdef CONFIG_X86_64
-        pci_iommu_shutdown();
+        x86_platform.iommu_shutdown();
 #endif
 
         crash_save_cpu(regs, safe_smp_processor_id());
diff --git a/arch/x86/kernel/crash_dump_32.c b/arch/x86/kernel/crash_dump_32.c
index f7cdb3b457aa..cd97ce18c29d 100644
--- a/arch/x86/kernel/crash_dump_32.c
+++ b/arch/x86/kernel/crash_dump_32.c
@@ -16,6 +16,22 @@ static void *kdump_buf_page;
 /* Stores the physical address of elf header of crash image. */
 unsigned long long elfcorehdr_addr = ELFCORE_ADDR_MAX;
 
+static inline bool is_crashed_pfn_valid(unsigned long pfn)
+{
+#ifndef CONFIG_X86_PAE
+        /*
+         * non-PAE kdump kernel executed from a PAE one will crop high pte
+         * bits and poke unwanted space counting again from address 0, we
+         * don't want that. pte must fit into unsigned long. In fact the
+         * test checks high 12 bits for being zero (pfn will be shifted left
+         * by PAGE_SHIFT).
+         */
+        return pte_pfn(pfn_pte(pfn, __pgprot(0))) == pfn;
+#else
+        return true;
+#endif
+}
+
 /**
  * copy_oldmem_page - copy one page from "oldmem"
  * @pfn: page frame number to be copied
@@ -41,6 +57,9 @@ ssize_t copy_oldmem_page(unsigned long pfn, char *buf,
         if (!csize)
                 return 0;
 
+        if (!is_crashed_pfn_valid(pfn))
+                return -EFAULT;
+
         vaddr = kmap_atomic_pfn(pfn, KM_PTE0);
 
         if (!userbuf) {
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
index 2d8a371d4339..c56bc2873030 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -109,6 +109,30 @@ print_context_stack(struct thread_info *tinfo,
         }
         return bp;
 }
+EXPORT_SYMBOL_GPL(print_context_stack);
+
+unsigned long
+print_context_stack_bp(struct thread_info *tinfo,
+                       unsigned long *stack, unsigned long bp,
+                       const struct stacktrace_ops *ops, void *data,
+                       unsigned long *end, int *graph)
+{
+        struct stack_frame *frame = (struct stack_frame *)bp;
+        unsigned long *ret_addr = &frame->return_address;
+
+        while (valid_stack_ptr(tinfo, ret_addr, sizeof(*ret_addr), end)) {
+                unsigned long addr = *ret_addr;
+
+                if (__kernel_text_address(addr)) {
+                        ops->address(data, addr, 1);
+                        frame = frame->next_frame;
+                        ret_addr = &frame->return_address;
+                        print_ftrace_graph_addr(addr, data, ops, tinfo, graph);
+                }
+        }
+        return (unsigned long)frame;
+}
+EXPORT_SYMBOL_GPL(print_context_stack_bp);
 
 
 static void
@@ -141,10 +165,11 @@ static void print_trace_address(void *data, unsigned long addr, int reliable)
 }
 
 static const struct stacktrace_ops print_trace_ops = {
-        .warning = print_trace_warning,
-        .warning_symbol = print_trace_warning_symbol,
-        .stack = print_trace_stack,
-        .address = print_trace_address,
+        .warning                = print_trace_warning,
+        .warning_symbol         = print_trace_warning_symbol,
+        .stack                  = print_trace_stack,
+        .address                = print_trace_address,
+        .walk_stack             = print_context_stack,
 };
 
 void
@@ -188,7 +213,7 @@ void dump_stack(void)
 }
 EXPORT_SYMBOL(dump_stack);
 
-static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
+static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED;
 static int die_owner = -1;
 static unsigned int die_nest_count;
 
@@ -207,11 +232,11 @@ unsigned __kprobes long oops_begin(void)
         /* racy, but better than risking deadlock. */
         raw_local_irq_save(flags);
         cpu = smp_processor_id();
-        if (!__raw_spin_trylock(&die_lock)) {
+        if (!arch_spin_trylock(&die_lock)) {
                 if (cpu == die_owner)
                         /* nested oops. should stop eventually */;
                 else
-                        __raw_spin_lock(&die_lock);
+                        arch_spin_lock(&die_lock);
         }
         die_nest_count++;
         die_owner = cpu;
@@ -231,7 +256,7 @@ void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
         die_nest_count--;
         if (!die_nest_count)
                 /* Nest count reaches zero, release the lock. */
-                __raw_spin_unlock(&die_lock);
+                arch_spin_unlock(&die_lock);
         raw_local_irq_restore(flags);
         oops_exit();
 
@@ -268,11 +293,12 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err)
 
         show_registers(regs);
 #ifdef CONFIG_X86_32
-        sp = (unsigned long) (&regs->sp);
-        savesegment(ss, ss);
-        if (user_mode(regs)) {
+        if (user_mode_vm(regs)) {
                 sp = regs->sp;
                 ss = regs->ss & 0xffff;
+        } else {
+                sp = kernel_stack_pointer(regs);
+                savesegment(ss, ss);
         }
         printk(KERN_EMERG "EIP: [<%08lx>] ", regs->ip);
         print_symbol("%s", regs->ip);
diff --git a/arch/x86/kernel/dumpstack.h b/arch/x86/kernel/dumpstack.h
index 81086c227ab7..4fd1420faffa 100644
--- a/arch/x86/kernel/dumpstack.h
+++ b/arch/x86/kernel/dumpstack.h
@@ -14,12 +14,6 @@
 #define get_bp(bp) asm("movq %%rbp, %0" : "=r" (bp) :)
 #endif
 
-extern unsigned long
-print_context_stack(struct thread_info *tinfo,
-                unsigned long *stack, unsigned long bp,
-                const struct stacktrace_ops *ops, void *data,
-                unsigned long *end, int *graph);
-
 extern void
 show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
                 unsigned long *stack, unsigned long bp, char *log_lvl);
diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c
index f7dd2a7c3bf4..ae775ca47b25 100644
--- a/arch/x86/kernel/dumpstack_32.c
+++ b/arch/x86/kernel/dumpstack_32.c
@@ -10,9 +10,9 @@
 #include <linux/module.h>
 #include <linux/ptrace.h>
 #include <linux/kexec.h>
+#include <linux/sysfs.h>
 #include <linux/bug.h>
 #include <linux/nmi.h>
-#include <linux/sysfs.h>
 
 #include <asm/stacktrace.h>
 
@@ -35,6 +35,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
 
         if (!stack) {
                 unsigned long dummy;
+
                 stack = &dummy;
                 if (task && task != current)
                         stack = (unsigned long *)task->thread.sp;
@@ -57,8 +58,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
 
                 context = (struct thread_info *)
                         ((unsigned long)stack & (~(THREAD_SIZE - 1)));
-                bp = print_context_stack(context, stack, bp, ops,
-                                         data, NULL, &graph);
+                bp = ops->walk_stack(context, stack, bp, ops, data, NULL, &graph);
 
                 stack = (unsigned long *)context->previous_esp;
                 if (!stack)
@@ -72,7 +72,7 @@ EXPORT_SYMBOL(dump_trace);
 
 void
 show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *sp, unsigned long bp, char *log_lvl)
+                   unsigned long *sp, unsigned long bp, char *log_lvl)
 {
         unsigned long *stack;
         int i;
@@ -156,4 +156,3 @@ int is_valid_bugaddr(unsigned long ip)
 
         return ud2 == 0x0b0f;
 }
-
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
index a071e6be177e..0ad9597073f5 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -10,26 +10,28 @@
 #include <linux/module.h>
 #include <linux/ptrace.h>
 #include <linux/kexec.h>
+#include <linux/sysfs.h>
 #include <linux/bug.h>
 #include <linux/nmi.h>
-#include <linux/sysfs.h>
 
 #include <asm/stacktrace.h>
 
 #include "dumpstack.h"
 
+#define N_EXCEPTION_STACKS_END \
+                (N_EXCEPTION_STACKS + DEBUG_STKSZ/EXCEPTION_STKSZ - 2)
 
 static char x86_stack_ids[][8] = {
-                [DEBUG_STACK - 1] = "#DB",
-                [NMI_STACK - 1] = "NMI",
-                [DOUBLEFAULT_STACK - 1] = "#DF",
-                [STACKFAULT_STACK - 1] = "#SS",
-                [MCE_STACK - 1] = "#MC",
+                [ DEBUG_STACK-1                 ]       = "#DB",
+                [ NMI_STACK-1                   ]       = "NMI",
+                [ DOUBLEFAULT_STACK-1           ]       = "#DF",
+                [ STACKFAULT_STACK-1            ]       = "#SS",
+                [ MCE_STACK-1                   ]       = "#MC",
 #if DEBUG_STKSZ > EXCEPTION_STKSZ
-                [N_EXCEPTION_STACKS ...
-                        N_EXCEPTION_STACKS + DEBUG_STKSZ / EXCEPTION_STKSZ - 2] = "#DB[?]"
+                [ N_EXCEPTION_STACKS ...
+                  N_EXCEPTION_STACKS_END        ]       = "#DB[?]"
 #endif
-        };
+};
 
 int x86_is_stack_id(int id, char *name)
 {
@@ -37,7 +39,7 @@ int x86_is_stack_id(int id, char *name)
 }
 
 static unsigned long *in_exception_stack(unsigned cpu, unsigned long stack,
-                                        unsigned *usedp, char **idp)
+                                         unsigned *usedp, char **idp)
 {
         unsigned k;
 
@@ -101,6 +103,35 @@ static unsigned long *in_exception_stack(unsigned cpu, unsigned long stack,
         return NULL;
 }
 
+static inline int
+in_irq_stack(unsigned long *stack, unsigned long *irq_stack,
+             unsigned long *irq_stack_end)
+{
+        return (stack >= irq_stack && stack < irq_stack_end);
+}
+
+/*
+ * We are returning from the irq stack and go to the previous one.
+ * If the previous stack is also in the irq stack, then bp in the first
+ * frame of the irq stack points to the previous, interrupted one.
+ * Otherwise we have another level of indirection: We first save
+ * the bp of the previous stack, then we switch the stack to the irq one
+ * and save a new bp that links to the previous one.
+ * (See save_args())
+ */
+static inline unsigned long
+fixup_bp_irq_link(unsigned long bp, unsigned long *stack,
+                  unsigned long *irq_stack, unsigned long *irq_stack_end)
+{
+#ifdef CONFIG_FRAME_POINTER
+        struct stack_frame *frame = (struct stack_frame *)bp;
+
+        if (!in_irq_stack(stack, irq_stack, irq_stack_end))
+                return (unsigned long)frame->next_frame;
+#endif
+        return bp;
+}
+
 /*
  * x86-64 can have up to three kernel stacks:
  * process stack
@@ -157,8 +188,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                         if (ops->stack(data, id) < 0)
                                 break;
 
-                        bp = print_context_stack(tinfo, stack, bp, ops,
-                                                 data, estack_end, &graph);
+                        bp = ops->walk_stack(tinfo, stack, bp, ops,
+                                             data, estack_end, &graph);
                         ops->stack(data, "<EOE>");
                         /*
                          * We link to the next stack via the
@@ -173,7 +204,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                         irq_stack = irq_stack_end -
                                 (IRQ_STACK_SIZE - 64) / sizeof(*irq_stack);
 
-                        if (stack >= irq_stack && stack < irq_stack_end) {
+                        if (in_irq_stack(stack, irq_stack, irq_stack_end)) {
                                 if (ops->stack(data, "IRQ") < 0)
                                         break;
                                 bp = print_context_stack(tinfo, stack, bp,
@@ -184,6 +215,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                                  * pointer (index -1 to end) in the IRQ stack:
                                  */
                                 stack = (unsigned long *) (irq_stack_end[-1]);
+                                bp = fixup_bp_irq_link(bp, stack, irq_stack,
+                                                       irq_stack_end);
                                 irq_stack_end = NULL;
                                 ops->stack(data, "EOI");
                                 continue;
@@ -202,21 +235,24 @@ EXPORT_SYMBOL(dump_trace);
 
 void
 show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *sp, unsigned long bp, char *log_lvl)
+                   unsigned long *sp, unsigned long bp, char *log_lvl)
 {
+        unsigned long *irq_stack_end;
+        unsigned long *irq_stack;
         unsigned long *stack;
+        int cpu;
         int i;
-        const int cpu = smp_processor_id();
-        unsigned long *irq_stack_end =
-                (unsigned long *)(per_cpu(irq_stack_ptr, cpu));
-        unsigned long *irq_stack =
-                (unsigned long *)(per_cpu(irq_stack_ptr, cpu) - IRQ_STACK_SIZE);
+
+        preempt_disable();
+        cpu = smp_processor_id();
+
+        irq_stack_end   = (unsigned long *)(per_cpu(irq_stack_ptr, cpu));
+        irq_stack       = (unsigned long *)(per_cpu(irq_stack_ptr, cpu) - IRQ_STACK_SIZE);
 
         /*
-         * debugging aid: "show_stack(NULL, NULL);" prints the
-         * back trace for this cpu.
+         * Debugging aid: "show_stack(NULL, NULL);" prints the
+         * back trace for this cpu:
          */
-
         if (sp == NULL) {
                 if (task)
                         sp = (unsigned long *)task->thread.sp;
@@ -240,6 +276,8 @@ show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
                 printk(" %016lx", *stack++);
                 touch_nmi_watchdog();
         }
+        preempt_enable();
+
         printk("\n");
         show_trace_log_lvl(task, regs, sp, bp, log_lvl);
 }
@@ -303,4 +341,3 @@ int is_valid_bugaddr(unsigned long ip)
 
         return ud2 == 0x0b0f;
 }
-
diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
index 85419bb7d4ab..05ed7ab2ca48 100644
--- a/arch/x86/kernel/e820.c
+++ b/arch/x86/kernel/e820.c
@@ -724,7 +724,7 @@ core_initcall(e820_mark_nvs_memory);
 /*
  * Early reserved memory areas.
  */
-#define MAX_EARLY_RES 20
+#define MAX_EARLY_RES 32
 
 struct early_res {
         u64 start, end;
@@ -732,7 +732,16 @@ struct early_res {
         char overlap_ok;
 };
 static struct early_res early_res[MAX_EARLY_RES] __initdata = {
-        { 0, PAGE_SIZE, "BIOS data page" },     /* BIOS data page */
+        { 0, PAGE_SIZE, "BIOS data page", 1 },  /* BIOS data page */
+#ifdef CONFIG_X86_32
+        /*
+         * But first pinch a few for the stack/trampoline stuff
+         * FIXME: Don't need the extra page at 4K, but need to fix
+         * trampoline before removing it. (see the GDT stuff)
+         */
+        { PAGE_SIZE, PAGE_SIZE, "EX TRAMPOLINE", 1 },
+#endif
+
         {}
 };
 
@@ -1378,8 +1387,8 @@ static unsigned long ram_alignment(resource_size_t pos)
         if (mb < 16)
                 return 1024*1024;
 
-        /* To 32MB for anything above that */
-        return 32*1024*1024;
+        /* To 64MB for anything above that */
+        return 64*1024*1024;
 }
 
 #define MAX_RESOURCE_SIZE ((resource_size_t)-1)
diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
index 41fd965c80c6..b9c830c12b4a 100644
--- a/arch/x86/kernel/early_printk.c
+++ b/arch/x86/kernel/early_printk.c
@@ -206,8 +206,11 @@ static int __init setup_early_printk(char *buf)
 
         while (*buf != '\0') {
                 if (!strncmp(buf, "serial", 6)) {
-                        early_serial_init(buf + 6);
+                        buf += 6;
+                        early_serial_init(buf);
                         early_console_register(&early_serial_console, keep);
+                        if (!strncmp(buf, ",ttyS", 5))
+                                buf += 5;
                 }
                 if (!strncmp(buf, "ttyS", 4)) {
                         early_serial_init(buf + 4);
diff --git a/arch/x86/kernel/efi.c b/arch/x86/kernel/efi.c
index ad5bd988fb79..cdcfb122f256 100644
--- a/arch/x86/kernel/efi.c
+++ b/arch/x86/kernel/efi.c
@@ -454,8 +454,10 @@ void __init efi_init(void)
         if (add_efi_memmap)
                 do_add_efi_memmap();
 
+#ifdef CONFIG_X86_32
         x86_platform.get_wallclock = efi_get_time;
         x86_platform.set_wallclock = efi_set_rtc_mmss;
+#endif
 
         /* Setup for EFI runtime service */
         reboot_type = BOOT_EFI;
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index c097e7d607c6..44a8e0dc6737 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -334,6 +334,10 @@ ENTRY(ret_from_fork)
 END(ret_from_fork)
 
 /*
+ * Interrupt exit functions should be protected against kprobes
+ */
+        .pushsection .kprobes.text, "ax"
+/*
  * Return to user mode is not as complex as all this looks,
  * but we want the default path for a system call return to
  * go as quickly as possible which is why some of this is
@@ -383,6 +387,10 @@ need_resched:
 END(resume_kernel)
 #endif
         CFI_ENDPROC
+/*
+ * End of kprobes section
+ */
+        .popsection
 
 /* SYSENTER_RETURN points to after the "sysenter" instruction in
    the vsyscall page.  See vsyscall-sysentry.S, which defines the symbol.  */
@@ -513,6 +521,10 @@ sysexit_audit:
         PTGS_TO_GS_EX
 ENDPROC(ia32_sysenter_target)
 
+/*
+ * syscall stub including irq exit should be protected against kprobes
+ */
+        .pushsection .kprobes.text, "ax"
         # system call handler stub
 ENTRY(system_call)
         RING0_INT_FRAME                 # can't unwind into user space anyway
@@ -705,26 +717,69 @@ syscall_badsys:
         jmp resume_userspace
 END(syscall_badsys)
         CFI_ENDPROC
+/*
+ * End of kprobes section
+ */
+        .popsection
 
 /*
  * System calls that need a pt_regs pointer.
  */
-#define PTREGSCALL(name) \
+#define PTREGSCALL0(name) \
         ALIGN; \
 ptregs_##name: \
         leal 4(%esp),%eax; \
         jmp sys_##name;
 
-PTREGSCALL(iopl)
-PTREGSCALL(fork)
-PTREGSCALL(clone)
-PTREGSCALL(vfork)
-PTREGSCALL(execve)
-PTREGSCALL(sigaltstack)
-PTREGSCALL(sigreturn)
-PTREGSCALL(rt_sigreturn)
-PTREGSCALL(vm86)
-PTREGSCALL(vm86old)
+#define PTREGSCALL1(name) \
+        ALIGN; \
+ptregs_##name: \
+        leal 4(%esp),%edx; \
+        movl (PT_EBX+4)(%esp),%eax; \
+        jmp sys_##name;
+
+#define PTREGSCALL2(name) \
+        ALIGN; \
+ptregs_##name: \
+        leal 4(%esp),%ecx; \
+        movl (PT_ECX+4)(%esp),%edx; \
+        movl (PT_EBX+4)(%esp),%eax; \
+        jmp sys_##name;
+
+#define PTREGSCALL3(name) \
+        ALIGN; \
+ptregs_##name: \
+        leal 4(%esp),%eax; \
+        pushl %eax; \
+        movl PT_EDX(%eax),%ecx; \
+        movl PT_ECX(%eax),%edx; \
+        movl PT_EBX(%eax),%eax; \
+        call sys_##name; \
+        addl $4,%esp; \
+        ret
+
+PTREGSCALL1(iopl)
+PTREGSCALL0(fork)
+PTREGSCALL0(vfork)
+PTREGSCALL3(execve)
+PTREGSCALL2(sigaltstack)
+PTREGSCALL0(sigreturn)
+PTREGSCALL0(rt_sigreturn)
+PTREGSCALL2(vm86)
+PTREGSCALL1(vm86old)
+
+/* Clone is an oddball.  The 4th arg is in %edi */
+        ALIGN;
+ptregs_clone:
+        leal 4(%esp),%eax
+        pushl %eax
+        pushl PT_EDI(%eax)
+        movl PT_EDX(%eax),%ecx
+        movl PT_ECX(%eax),%edx
+        movl PT_EBX(%eax),%eax
+        call sys_clone
+        addl $8,%esp
+        ret
 
 .macro FIXUP_ESPFIX_STACK
 /*
@@ -814,6 +869,10 @@ common_interrupt:
 ENDPROC(common_interrupt)
         CFI_ENDPROC
 
+/*
+ *  Irq entries should be protected against kprobes
+ */
+        .pushsection .kprobes.text, "ax"
 #define BUILD_INTERRUPT3(name, nr, fn)  \
 ENTRY(name)                             \
         RING0_INT_FRAME;                \
@@ -980,16 +1039,16 @@ ENTRY(spurious_interrupt_bug)
         jmp error_code
         CFI_ENDPROC
 END(spurious_interrupt_bug)
+/*
+ * End of kprobes section
+ */
+        .popsection
 
 ENTRY(kernel_thread_helper)
         pushl $0                # fake return address for unwinder
         CFI_STARTPROC
-        movl %edx,%eax
-        push %edx
-        CFI_ADJUST_CFA_OFFSET 4
-        call *%ebx
-        push %eax
-        CFI_ADJUST_CFA_OFFSET 4
+        movl %edi,%eax
+        call *%esi
         call do_exit
         ud2                     # padding for call trace
         CFI_ENDPROC
@@ -1185,17 +1244,14 @@ END(ftrace_graph_caller)
 
 .globl return_to_handler
 return_to_handler:
-        pushl $0
         pushl %eax
-        pushl %ecx
         pushl %edx
         movl %ebp, %eax
         call ftrace_return_to_handler
-        movl %eax, 0xc(%esp)
+        movl %eax, %ecx
         popl %edx
-        popl %ecx
         popl %eax
-        ret
+        jmp *%ecx
 #endif
 
 .section .rodata,"a"
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index b5c061f8f358..0697ff139837 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -155,11 +155,11 @@ GLOBAL(return_to_handler)
 
         call ftrace_return_to_handler
 
-        movq %rax, 16(%rsp)
+        movq %rax, %rdi
         movq 8(%rsp), %rdx
         movq (%rsp), %rax
-        addq $16, %rsp
-        retq
+        addq $24, %rsp
+        jmp *%rdi
 #endif
 
 
@@ -803,6 +803,10 @@ END(interrupt)
         call \func
         .endm
 
+/*
+ * Interrupt entry/exit should be protected against kprobes
+ */
+        .pushsection .kprobes.text, "ax"
         /*
          * The interrupt stubs push (~vector+0x80) onto the stack and
          * then jump to common_interrupt.
@@ -941,6 +945,10 @@ ENTRY(retint_kernel)
 
         CFI_ENDPROC
 END(common_interrupt)
+/*
+ * End of kprobes section
+ */
+       .popsection
 
 /*
  * APIC interrupts.
@@ -969,8 +977,8 @@ apicinterrupt UV_BAU_MESSAGE \
 #endif
 apicinterrupt LOCAL_TIMER_VECTOR \
         apic_timer_interrupt smp_apic_timer_interrupt
-apicinterrupt GENERIC_INTERRUPT_VECTOR \
-        generic_interrupt smp_generic_interrupt
+apicinterrupt X86_PLATFORM_IPI_VECTOR \
+        x86_platform_ipi smp_x86_platform_ipi
 
 #ifdef CONFIG_SMP
 apicinterrupt INVALIDATE_TLB_VECTOR_START+0 \
@@ -1068,10 +1076,10 @@ ENTRY(\sym)
         TRACE_IRQS_OFF
         movq %rsp,%rdi          /* pt_regs pointer */
         xorl %esi,%esi          /* no error code */
-        PER_CPU(init_tss, %rbp)
-        subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
+        PER_CPU(init_tss, %r12)
+        subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%r12)
         call \do_sym
-        addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
+        addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%r12)
         jmp paranoid_exit       /* %ebx: no swapgs flag */
         CFI_ENDPROC
 END(\sym)
@@ -1158,63 +1166,20 @@ bad_gs:
         jmp  2b
         .previous
 
-/*
- * Create a kernel thread.
- *
- * C extern interface:
- *      extern long kernel_thread(int (*fn)(void *), void * arg, unsigned long flags)
- *
- * asm input arguments:
- *      rdi: fn, rsi: arg, rdx: flags
- */
-ENTRY(kernel_thread)
-        CFI_STARTPROC
-        FAKE_STACK_FRAME $child_rip
-        SAVE_ALL
-
-        # rdi: flags, rsi: usp, rdx: will be &pt_regs
-        movq %rdx,%rdi
-        orq  kernel_thread_flags(%rip),%rdi
-        movq $-1, %rsi
-        movq %rsp, %rdx
-
-        xorl %r8d,%r8d
-        xorl %r9d,%r9d
-
-        # clone now
-        call do_fork
-        movq %rax,RAX(%rsp)
-        xorl %edi,%edi
-
-        /*
-         * It isn't worth to check for reschedule here,
-         * so internally to the x86_64 port you can rely on kernel_thread()
-         * not to reschedule the child before returning, this avoids the need
-         * of hacks for example to fork off the per-CPU idle tasks.
-         * [Hopefully no generic code relies on the reschedule -AK]
-         */
-        RESTORE_ALL
-        UNFAKE_STACK_FRAME
-        ret
-        CFI_ENDPROC
-END(kernel_thread)
-
-ENTRY(child_rip)
+ENTRY(kernel_thread_helper)
         pushq $0                # fake return address
         CFI_STARTPROC
         /*
          * Here we are in the child and the registers are set as they were
          * at kernel_thread() invocation in the parent.
          */
-        movq %rdi, %rax
-        movq %rsi, %rdi
-        call *%rax
+        call *%rsi
         # exit
         mov %eax, %edi
         call do_exit
         ud2                     # padding for call trace
         CFI_ENDPROC
-END(child_rip)
+END(kernel_thread_helper)
 
 /*
  * execve(). This function needs to use IRET, not SYSRET, to set up all state properly.
@@ -1491,12 +1456,17 @@ error_kernelspace:
         leaq irq_return(%rip),%rcx
         cmpq %rcx,RIP+8(%rsp)
         je error_swapgs
-        movl %ecx,%ecx  /* zero extend */
-        cmpq %rcx,RIP+8(%rsp)
-        je error_swapgs
+        movl %ecx,%eax  /* zero extend */
+        cmpq %rax,RIP+8(%rsp)
+        je bstep_iret
         cmpq $gs_change,RIP+8(%rsp)
         je error_swapgs
         jmp error_sti
+
+bstep_iret:
+        /* Fix truncated RIP */
+        movq %rcx,RIP+8(%rsp)
+        jmp error_swapgs
 END(error_entry)
 
 
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 9dbb527e1652..309689245431 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -9,6 +9,8 @@
  * the dangers of modifying code on the run.
  */
 
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/spinlock.h>
 #include <linux/hardirq.h>
 #include <linux/uaccess.h>
@@ -187,9 +189,26 @@ static void wait_for_nmi(void)
         nmi_wait_count++;
 }
 
+static inline int
+within(unsigned long addr, unsigned long start, unsigned long end)
+{
+        return addr >= start && addr < end;
+}
+
 static int
 do_ftrace_mod_code(unsigned long ip, void *new_code)
 {
+        /*
+         * On x86_64, kernel text mappings are mapped read-only with
+         * CONFIG_DEBUG_RODATA. So we use the kernel identity mapping instead
+         * of the kernel text mapping to modify the kernel text.
+         *
+         * For 32bit kernels, these mappings are same and we can use
+         * kernel identity mapping to modify code.
+         */
+        if (within(ip, (unsigned long)_text, (unsigned long)_etext))
+                ip = (unsigned long)__va(__pa(ip));
+
         mod_code_ip = (void *)ip;
         mod_code_newcode = new_code;
 
@@ -336,15 +355,15 @@ int __init ftrace_dyn_arch_init(void *data)
 
         switch (faulted) {
         case 0:
-                pr_info("ftrace: converting mcount calls to 0f 1f 44 00 00\n");
+                pr_info("converting mcount calls to 0f 1f 44 00 00\n");
                 memcpy(ftrace_nop, ftrace_test_p6nop, MCOUNT_INSN_SIZE);
                 break;
         case 1:
-                pr_info("ftrace: converting mcount calls to 66 66 66 66 90\n");
+                pr_info("converting mcount calls to 66 66 66 66 90\n");
                 memcpy(ftrace_nop, ftrace_test_nop5, MCOUNT_INSN_SIZE);
                 break;
         case 2:
-                pr_info("ftrace: converting mcount calls to jmp . + 5\n");
+                pr_info("converting mcount calls to jmp . + 5\n");
                 memcpy(ftrace_nop, ftrace_test_jmp, MCOUNT_INSN_SIZE);
                 break;
         }
@@ -468,82 +487,10 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr,
 
 #ifdef CONFIG_FTRACE_SYSCALLS
 
-extern unsigned long __start_syscalls_metadata[];
-extern unsigned long __stop_syscalls_metadata[];
 extern unsigned long *sys_call_table;
 
-static struct syscall_metadata **syscalls_metadata;
-
-static struct syscall_metadata *find_syscall_meta(unsigned long *syscall)
-{
-        struct syscall_metadata *start;
-        struct syscall_metadata *stop;
-        char str[KSYM_SYMBOL_LEN];
-
-
-        start = (struct syscall_metadata *)__start_syscalls_metadata;
-        stop = (struct syscall_metadata *)__stop_syscalls_metadata;
-        kallsyms_lookup((unsigned long) syscall, NULL, NULL, NULL, str);
-
-        for ( ; start < stop; start++) {
-                if (start->name && !strcmp(start->name, str))
-                        return start;
-        }
-        return NULL;
-}
-
-struct syscall_metadata *syscall_nr_to_meta(int nr)
-{
-        if (!syscalls_metadata || nr >= NR_syscalls || nr < 0)
-                return NULL;
-
-        return syscalls_metadata[nr];
-}
-
-int syscall_name_to_nr(char *name)
-{
-        int i;
-
-        if (!syscalls_metadata)
-                return -1;
-
-        for (i = 0; i < NR_syscalls; i++) {
-                if (syscalls_metadata[i]) {
-                        if (!strcmp(syscalls_metadata[i]->name, name))
-                                return i;
-                }
-        }
-        return -1;
-}
-
-void set_syscall_enter_id(int num, int id)
-{
-        syscalls_metadata[num]->enter_id = id;
-}
-
-void set_syscall_exit_id(int num, int id)
+unsigned long __init arch_syscall_addr(int nr)
 {
-        syscalls_metadata[num]->exit_id = id;
-}
-
-static int __init arch_init_ftrace_syscalls(void)
-{
-        int i;
-        struct syscall_metadata *meta;
-        unsigned long **psys_syscall_table = &sys_call_table;
-
-        syscalls_metadata = kzalloc(sizeof(*syscalls_metadata) *
-                                        NR_syscalls, GFP_KERNEL);
-        if (!syscalls_metadata) {
-                WARN_ON(1);
-                return -ENOMEM;
-        }
-
-        for (i = 0; i < NR_syscalls; i++) {
-                meta = find_syscall_meta(psys_syscall_table[i]);
-                syscalls_metadata[i] = meta;
-        }
-        return 0;
+        return (unsigned long)(&sys_call_table)[nr];
 }
-arch_initcall(arch_init_ftrace_syscalls);
 #endif
diff --git a/arch/x86/kernel/geode_32.c b/arch/x86/kernel/geode_32.c
deleted file mode 100644
index 9b08e852fd1a..000000000000
--- a/arch/x86/kernel/geode_32.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- * AMD Geode southbridge support code
- * Copyright (C) 2006, Advanced Micro Devices, Inc.
- * Copyright (C) 2007, Andres Salomon <dilinger@debian.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public License
- * as published by the Free Software Foundation.
- */
-
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/ioport.h>
-#include <linux/io.h>
-#include <asm/msr.h>
-#include <asm/geode.h>
-
-static struct {
-        char *name;
-        u32 msr;
-        int size;
-        u32 base;
-} lbars[] = {
-        { "geode-pms",   MSR_LBAR_PMS, LBAR_PMS_SIZE, 0 },
-        { "geode-acpi",  MSR_LBAR_ACPI, LBAR_ACPI_SIZE, 0 },
-        { "geode-gpio",  MSR_LBAR_GPIO, LBAR_GPIO_SIZE, 0 },
-        { "geode-mfgpt", MSR_LBAR_MFGPT, LBAR_MFGPT_SIZE, 0 }
-};
-
-static void __init init_lbars(void)
-{
-        u32 lo, hi;
-        int i;
-
-        for (i = 0; i < ARRAY_SIZE(lbars); i++) {
-                rdmsr(lbars[i].msr, lo, hi);
-                if (hi & 0x01)
-                        lbars[i].base = lo & 0x0000ffff;
-
-                if (lbars[i].base == 0)
-                        printk(KERN_ERR "geode:  Couldn't initialize '%s'\n",
-                                        lbars[i].name);
-        }
-}
-
-int geode_get_dev_base(unsigned int dev)
-{
-        BUG_ON(dev >= ARRAY_SIZE(lbars));
-        return lbars[dev].base;
-}
-EXPORT_SYMBOL_GPL(geode_get_dev_base);
-
-/* === GPIO API === */
-
-void geode_gpio_set(u32 gpio, unsigned int reg)
-{
-        u32 base = geode_get_dev_base(GEODE_DEV_GPIO);
-
-        if (!base)
-                return;
-
-        /* low bank register */
-        if (gpio & 0xFFFF)
-                outl(gpio & 0xFFFF, base + reg);
-        /* high bank register */
-        gpio >>= 16;
-        if (gpio)
-                outl(gpio, base + 0x80 + reg);
-}
-EXPORT_SYMBOL_GPL(geode_gpio_set);
-
-void geode_gpio_clear(u32 gpio, unsigned int reg)
-{
-        u32 base = geode_get_dev_base(GEODE_DEV_GPIO);
-
-        if (!base)
-                return;
-
-        /* low bank register */
-        if (gpio & 0xFFFF)
-                outl((gpio & 0xFFFF) << 16, base + reg);
-        /* high bank register */
-        gpio &= (0xFFFF << 16);
-        if (gpio)
-                outl(gpio, base + 0x80 + reg);
-}
-EXPORT_SYMBOL_GPL(geode_gpio_clear);
-
-int geode_gpio_isset(u32 gpio, unsigned int reg)
-{
-        u32 base = geode_get_dev_base(GEODE_DEV_GPIO);
-        u32 val;
-
-        if (!base)
-                return 0;
-
-        /* low bank register */
-        if (gpio & 0xFFFF) {
-                val = inl(base + reg) & (gpio & 0xFFFF);
-                if ((gpio & 0xFFFF) == val)
-                        return 1;
-        }
-        /* high bank register */
-        gpio >>= 16;
-        if (gpio) {
-                val = inl(base + 0x80 + reg) & gpio;
-                if (gpio == val)
-                        return 1;
-        }
-        return 0;
-}
-EXPORT_SYMBOL_GPL(geode_gpio_isset);
-
-void geode_gpio_set_irq(unsigned int group, unsigned int irq)
-{
-        u32 lo, hi;
-
-        if (group > 7 || irq > 15)
-                return;
-
-        rdmsr(MSR_PIC_ZSEL_HIGH, lo, hi);
-
-        lo &= ~(0xF << (group * 4));
-        lo |= (irq & 0xF) << (group * 4);
-
-        wrmsr(MSR_PIC_ZSEL_HIGH, lo, hi);
-}
-EXPORT_SYMBOL_GPL(geode_gpio_set_irq);
-
-void geode_gpio_setup_event(unsigned int gpio, int pair, int pme)
-{
-        u32 base = geode_get_dev_base(GEODE_DEV_GPIO);
-        u32 offset, shift, val;
-
-        if (gpio >= 24)
-                offset = GPIO_MAP_W;
-        else if (gpio >= 16)
-                offset = GPIO_MAP_Z;
-        else if (gpio >= 8)
-                offset = GPIO_MAP_Y;
-        else
-                offset = GPIO_MAP_X;
-
-        shift = (gpio % 8) * 4;
-
-        val = inl(base + offset);
-
-        /* Clear whatever was there before */
-        val &= ~(0xF << shift);
-
-        /* And set the new value */
-
-        val |= ((pair & 7) << shift);
-
-        /* Set the PME bit if this is a PME event */
-
-        if (pme)
-                val |= (1 << (shift + 3));
-
-        outl(val, base + offset);
-}
-EXPORT_SYMBOL_GPL(geode_gpio_setup_event);
-
-int geode_has_vsa2(void)
-{
-        static int has_vsa2 = -1;
-
-        if (has_vsa2 == -1) {
-                u16 val;
-
-                /*
-                 * The VSA has virtual registers that we can query for a
-                 * signature.
-                 */
-                outw(VSA_VR_UNLOCK, VSA_VRC_INDEX);
-                outw(VSA_VR_SIGNATURE, VSA_VRC_INDEX);
-
-                val = inw(VSA_VRC_DATA);
-                has_vsa2 = (val == AMD_VSA_SIG || val == GSW_VSA_SIG);
-        }
-
-        return has_vsa2;
-}
-EXPORT_SYMBOL_GPL(geode_has_vsa2);
-
-static int __init geode_southbridge_init(void)
-{
-        if (!is_geode())
-                return -ENODEV;
-
-        init_lbars();
-        (void) mfgpt_timer_setup();
-        return 0;
-}
-
-postcore_initcall(geode_southbridge_init);
diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c
index 4f8e2507e8f3..5051b94c9069 100644
--- a/arch/x86/kernel/head32.c
+++ b/arch/x86/kernel/head32.c
@@ -29,8 +29,6 @@ static void __init i386_default_early_setup(void)
 
 void __init i386_start_kernel(void)
 {
-        reserve_trampoline_memory();
-
         reserve_early(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS");
 
 #ifdef CONFIG_BLK_DEV_INITRD
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 0b06cd778fd9..b5a9896ca1e7 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -98,8 +98,6 @@ void __init x86_64_start_reservations(char *real_mode_data)
 {
         copy_bootdata(__va(real_mode_data));
 
-        reserve_trampoline_memory();
-
         reserve_early(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS");
 
 #ifdef CONFIG_BLK_DEV_INITRD
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index fd39eaf83b84..37c3d4b17d85 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -18,6 +18,8 @@
 #include <asm/asm-offsets.h>
 #include <asm/setup.h>
 #include <asm/processor-flags.h>
+#include <asm/msr-index.h>
+#include <asm/cpufeature.h>
 #include <asm/percpu.h>
 
 /* Physical address */
@@ -297,25 +299,27 @@ ENTRY(startup_32_smp)
         orl %edx,%eax
         movl %eax,%cr4
 
-        btl $5, %eax            # check if PAE is enabled
-        jnc 6f
+        testb $X86_CR4_PAE, %al         # check if PAE is enabled
+        jz 6f
 
         /* Check if extended functions are implemented */
         movl $0x80000000, %eax
         cpuid
-        cmpl $0x80000000, %eax
-        jbe 6f
+        /* Value must be in the range 0x80000001 to 0x8000ffff */
+        subl $0x80000001, %eax
+        cmpl $(0x8000ffff-0x80000001), %eax
+        ja 6f
         mov $0x80000001, %eax
         cpuid
         /* Execute Disable bit supported? */
-        btl $20, %edx
+        btl $(X86_FEATURE_NX & 31), %edx
         jnc 6f
 
         /* Setup EFER (Extended Feature Enable Register) */
-        movl $0xc0000080, %ecx
+        movl $MSR_EFER, %ecx
         rdmsr
 
-        btsl $11, %eax
+        btsl $_EFER_NX, %eax
         /* Make changes effective */
         wrmsr
 
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 780cd928fcd5..2d8b5035371c 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -212,8 +212,8 @@ ENTRY(secondary_startup_64)
          */
         lgdt    early_gdt_descr(%rip)
 
-        /* set up data segments. actually 0 would do too */
-        movl $__KERNEL_DS,%eax
+        /* set up data segments */
+        xorl %eax,%eax
         movl %eax,%ds
         movl %eax,%ss
         movl %eax,%es
@@ -262,11 +262,11 @@ ENTRY(secondary_startup_64)
         .quad   x86_64_start_kernel
         ENTRY(initial_gs)
         .quad   INIT_PER_CPU_VAR(irq_stack_union)
-        __FINITDATA
 
         ENTRY(stack_start)
         .quad  init_thread_union+THREAD_SIZE-8
         .word  0
+        __FINITDATA
 
 bad_address:
         jmp bad_address
@@ -340,6 +340,7 @@ ENTRY(name)
         i = i + 1 ;                                     \
         .endr
 
+        .data
         /*
          * This default setting generates an ident mapping at address 0x100000
          * and a mapping for the kernel that precisely maps virtual address
diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
index dedc2bddf7a5..ba6e65884603 100644
--- a/arch/x86/kernel/hpet.c
+++ b/arch/x86/kernel/hpet.c
@@ -33,6 +33,7 @@
  * HPET address is set in acpi/boot.c, when an ACPI entry exists
  */
 unsigned long                           hpet_address;
+u8                                      hpet_blockid; /* OS timer block num */
 #ifdef CONFIG_PCI_MSI
 static unsigned long                    hpet_num_timers;
 #endif
@@ -47,12 +48,12 @@ struct hpet_dev {
         char                            name[10];
 };
 
-unsigned long hpet_readl(unsigned long a)
+inline unsigned int hpet_readl(unsigned int a)
 {
         return readl(hpet_virt_address + a);
 }
 
-static inline void hpet_writel(unsigned long d, unsigned long a)
+static inline void hpet_writel(unsigned int d, unsigned int a)
 {
         writel(d, hpet_virt_address + a);
 }
@@ -167,7 +168,7 @@ do {								\
 
 static void hpet_reserve_msi_timers(struct hpet_data *hd);
 
-static void hpet_reserve_platform_timers(unsigned long id)
+static void hpet_reserve_platform_timers(unsigned int id)
 {
         struct hpet __iomem *hpet = hpet_virt_address;
         struct hpet_timer __iomem *timer = &hpet->hpet_timers[2];
@@ -205,7 +206,7 @@ static void hpet_reserve_platform_timers(unsigned long id)
 
 }
 #else
-static void hpet_reserve_platform_timers(unsigned long id) { }
+static void hpet_reserve_platform_timers(unsigned int id) { }
 #endif
 
 /*
@@ -246,7 +247,7 @@ static void hpet_reset_counter(void)
 
 static void hpet_start_counter(void)
 {
-        unsigned long cfg = hpet_readl(HPET_CFG);
+        unsigned int cfg = hpet_readl(HPET_CFG);
         cfg |= HPET_CFG_ENABLE;
         hpet_writel(cfg, HPET_CFG);
 }
@@ -271,7 +272,7 @@ static void hpet_resume_counter(void)
 
 static void hpet_enable_legacy_int(void)
 {
-        unsigned long cfg = hpet_readl(HPET_CFG);
+        unsigned int cfg = hpet_readl(HPET_CFG);
 
         cfg |= HPET_CFG_LEGACY;
         hpet_writel(cfg, HPET_CFG);
@@ -314,7 +315,7 @@ static int hpet_setup_msi_irq(unsigned int irq);
 static void hpet_set_mode(enum clock_event_mode mode,
                           struct clock_event_device *evt, int timer)
 {
-        unsigned long cfg, cmp, now;
+        unsigned int cfg, cmp, now;
         uint64_t delta;
 
         switch (mode) {
@@ -323,7 +324,7 @@ static void hpet_set_mode(enum clock_event_mode mode,
                 delta = ((uint64_t)(NSEC_PER_SEC/HZ)) * evt->mult;
                 delta >>= evt->shift;
                 now = hpet_readl(HPET_COUNTER);
-                cmp = now + (unsigned long) delta;
+                cmp = now + (unsigned int) delta;
                 cfg = hpet_readl(HPET_Tn_CFG(timer));
                 /* Make sure we use edge triggered interrupts */
                 cfg &= ~HPET_TN_LEVEL;
@@ -339,7 +340,7 @@ static void hpet_set_mode(enum clock_event_mode mode,
                  * (See AMD-8111 HyperTransport I/O Hub Data Sheet,
                  * Publication # 24674)
                  */
-                hpet_writel((unsigned long) delta, HPET_Tn_CMP(timer));
+                hpet_writel((unsigned int) delta, HPET_Tn_CMP(timer));
                 hpet_start_counter();
                 hpet_print_config();
                 break;
@@ -383,13 +384,24 @@ static int hpet_next_event(unsigned long delta,
         hpet_writel(cnt, HPET_Tn_CMP(timer));
 
         /*
-         * We need to read back the CMP register to make sure that
-         * what we wrote hit the chip before we compare it to the
-         * counter.
+         * We need to read back the CMP register on certain HPET
+         * implementations (ATI chipsets) which seem to delay the
+         * transfer of the compare register into the internal compare
+         * logic. With small deltas this might actually be too late as
+         * the counter could already be higher than the compare value
+         * at that point and we would wait for the next hpet interrupt
+         * forever. We found out that reading the CMP register back
+         * forces the transfer so we can rely on the comparison with
+         * the counter register below. If the read back from the
+         * compare register does not match the value we programmed
+         * then we might have a real hardware problem. We can not do
+         * much about it here, but at least alert the user/admin with
+         * a prominent warning.
          */
-        WARN_ON_ONCE((u32)hpet_readl(HPET_Tn_CMP(timer)) != cnt);
+        WARN_ONCE(hpet_readl(HPET_Tn_CMP(timer)) != cnt,
+                  KERN_WARNING "hpet: compare register read back failed.\n");
 
-        return (s32)((u32)hpet_readl(HPET_COUNTER) - cnt) >= 0 ? -ETIME : 0;
+        return (s32)(hpet_readl(HPET_COUNTER) - cnt) >= 0 ? -ETIME : 0;
 }
 
 static void hpet_legacy_set_mode(enum clock_event_mode mode,
@@ -415,7 +427,7 @@ static struct hpet_dev	*hpet_devs;
 void hpet_msi_unmask(unsigned int irq)
 {
         struct hpet_dev *hdev = get_irq_data(irq);
-        unsigned long cfg;
+        unsigned int cfg;
 
         /* unmask it */
         cfg = hpet_readl(HPET_Tn_CFG(hdev->num));
@@ -425,7 +437,7 @@ void hpet_msi_unmask(unsigned int irq)
 
 void hpet_msi_mask(unsigned int irq)
 {
-        unsigned long cfg;
+        unsigned int cfg;
         struct hpet_dev *hdev = get_irq_data(irq);
 
         /* mask it */
@@ -467,7 +479,7 @@ static int hpet_msi_next_event(unsigned long delta,
 
 static int hpet_setup_msi_irq(unsigned int irq)
 {
-        if (arch_setup_hpet_msi(irq)) {
+        if (arch_setup_hpet_msi(irq, hpet_blockid)) {
                 destroy_irq(irq);
                 return -EINVAL;
         }
@@ -584,6 +596,8 @@ static void hpet_msi_capability_lookup(unsigned int start_timer)
         unsigned int num_timers_used = 0;
         int i;
 
+        if (boot_cpu_has(X86_FEATURE_ARAT))
+                return;
         id = hpet_readl(HPET_ID);
 
         num_timers = ((id & HPET_ID_NUMBER) >> HPET_ID_NUMBER_SHIFT);
@@ -598,7 +612,7 @@ static void hpet_msi_capability_lookup(unsigned int start_timer)
 
         for (i = start_timer; i < num_timers - RESERVE_TIMERS; i++) {
                 struct hpet_dev *hdev = &hpet_devs[num_timers_used];
-                unsigned long cfg = hpet_readl(HPET_Tn_CFG(i));
+                unsigned int cfg = hpet_readl(HPET_Tn_CFG(i));
 
                 /* Only consider HPET timer with MSI support */
                 if (!(cfg & HPET_TN_FSB_CAP))
@@ -813,7 +827,7 @@ static int hpet_clocksource_register(void)
  */
 int __init hpet_enable(void)
 {
-        unsigned long id;
+        unsigned int id;
         int i;
 
         if (!is_hpet_capable())
@@ -872,10 +886,8 @@ int __init hpet_enable(void)
 
         if (id & HPET_ID_LEGSUP) {
                 hpet_legacy_clockevent_register();
-                hpet_msi_capability_lookup(2);
                 return 1;
         }
-        hpet_msi_capability_lookup(0);
         return 0;
 
 out_nohpet:
@@ -908,9 +920,17 @@ static __init int hpet_late_init(void)
         if (!hpet_virt_address)
                 return -ENODEV;
 
+        if (hpet_readl(HPET_ID) & HPET_ID_LEGSUP)
+                hpet_msi_capability_lookup(2);
+        else
+                hpet_msi_capability_lookup(0);
+
         hpet_reserve_platform_timers(hpet_readl(HPET_ID));
         hpet_print_config();
 
+        if (boot_cpu_has(X86_FEATURE_ARAT))
+                return 0;
+
         for_each_online_cpu(cpu) {
                 hpet_cpuhp_notify(NULL, CPU_ONLINE, (void *)(long)cpu);
         }
@@ -925,7 +945,7 @@ fs_initcall(hpet_late_init);
 void hpet_disable(void)
 {
         if (is_hpet_capable()) {
-                unsigned long cfg = hpet_readl(HPET_CFG);
+                unsigned int cfg = hpet_readl(HPET_CFG);
 
                 if (hpet_legacy_int_enabled) {
                         cfg &= ~HPET_CFG_LEGACY;
@@ -965,8 +985,8 @@ static int hpet_prev_update_sec;
 static struct rtc_time hpet_alarm_time;
 static unsigned long hpet_pie_count;
 static u32 hpet_t1_cmp;
-static unsigned long hpet_default_delta;
-static unsigned long hpet_pie_delta;
+static u32 hpet_default_delta;
+static u32 hpet_pie_delta;
 static unsigned long hpet_pie_limit;
 
 static rtc_irq_handler irq_handler;
@@ -1017,7 +1037,8 @@ EXPORT_SYMBOL_GPL(hpet_unregister_irq_handler);
  */
 int hpet_rtc_timer_init(void)
 {
-        unsigned long cfg, cnt, delta, flags;
+        unsigned int cfg, cnt, delta;
+        unsigned long flags;
 
         if (!is_hpet_enabled())
                 return 0;
@@ -1027,7 +1048,7 @@ int hpet_rtc_timer_init(void)
 
                 clc = (uint64_t) hpet_clockevent.mult * NSEC_PER_SEC;
                 clc >>= hpet_clockevent.shift + DEFAULT_RTC_SHIFT;
-                hpet_default_delta = (unsigned long) clc;
+                hpet_default_delta = clc;
         }
 
         if (!(hpet_rtc_flags & RTC_PIE) || hpet_pie_limit)
@@ -1113,7 +1134,7 @@ int hpet_set_periodic_freq(unsigned long freq)
                 clc = (uint64_t) hpet_clockevent.mult * NSEC_PER_SEC;
                 do_div(clc, freq);
                 clc >>= hpet_clockevent.shift;
-                hpet_pie_delta = (unsigned long) clc;
+                hpet_pie_delta = clc;
         }
         return 1;
 }
@@ -1127,7 +1148,7 @@ EXPORT_SYMBOL_GPL(hpet_rtc_dropped_irq);
 
 static void hpet_rtc_timer_reinit(void)
 {
-        unsigned long cfg, delta;
+        unsigned int cfg, delta;
         int lost_ints = -1;
 
         if (unlikely(!hpet_rtc_flags)) {
diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c
new file mode 100644
index 000000000000..05d5fec64a94
--- /dev/null
+++ b/arch/x86/kernel/hw_breakpoint.c
@@ -0,0 +1,554 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Copyright (C) 2007 Alan Stern
+ * Copyright (C) 2009 IBM Corporation
+ * Copyright (C) 2009 Frederic Weisbecker <fweisbec@gmail.com>
+ *
+ * Authors: Alan Stern <stern@rowland.harvard.edu>
+ *          K.Prasad <prasad@linux.vnet.ibm.com>
+ *          Frederic Weisbecker <fweisbec@gmail.com>
+ */
+
+/*
+ * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility,
+ * using the CPU's debug registers.
+ */
+
+#include <linux/perf_event.h>
+#include <linux/hw_breakpoint.h>
+#include <linux/irqflags.h>
+#include <linux/notifier.h>
+#include <linux/kallsyms.h>
+#include <linux/kprobes.h>
+#include <linux/percpu.h>
+#include <linux/kdebug.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/init.h>
+#include <linux/smp.h>
+
+#include <asm/hw_breakpoint.h>
+#include <asm/processor.h>
+#include <asm/debugreg.h>
+
+/* Per cpu debug control register value */
+DEFINE_PER_CPU(unsigned long, cpu_dr7);
+EXPORT_PER_CPU_SYMBOL(cpu_dr7);
+
+/* Per cpu debug address registers values */
+static DEFINE_PER_CPU(unsigned long, cpu_debugreg[HBP_NUM]);
+
+/*
+ * Stores the breakpoints currently in use on each breakpoint address
+ * register for each cpus
+ */
+static DEFINE_PER_CPU(struct perf_event *, bp_per_reg[HBP_NUM]);
+
+
+static inline unsigned long
+__encode_dr7(int drnum, unsigned int len, unsigned int type)
+{
+        unsigned long bp_info;
+
+        bp_info = (len | type) & 0xf;
+        bp_info <<= (DR_CONTROL_SHIFT + drnum * DR_CONTROL_SIZE);
+        bp_info |= (DR_GLOBAL_ENABLE << (drnum * DR_ENABLE_SIZE));
+
+        return bp_info;
+}
+
+/*
+ * Encode the length, type, Exact, and Enable bits for a particular breakpoint
+ * as stored in debug register 7.
+ */
+unsigned long encode_dr7(int drnum, unsigned int len, unsigned int type)
+{
+        return __encode_dr7(drnum, len, type) | DR_GLOBAL_SLOWDOWN;
+}
+
+/*
+ * Decode the length and type bits for a particular breakpoint as
+ * stored in debug register 7.  Return the "enabled" status.
+ */
+int decode_dr7(unsigned long dr7, int bpnum, unsigned *len, unsigned *type)
+{
+        int bp_info = dr7 >> (DR_CONTROL_SHIFT + bpnum * DR_CONTROL_SIZE);
+
+        *len = (bp_info & 0xc) | 0x40;
+        *type = (bp_info & 0x3) | 0x80;
+
+        return (dr7 >> (bpnum * DR_ENABLE_SIZE)) & 0x3;
+}
+
+/*
+ * Install a perf counter breakpoint.
+ *
+ * We seek a free debug address register and use it for this
+ * breakpoint. Eventually we enable it in the debug control register.
+ *
+ * Atomic: we hold the counter->ctx->lock and we only handle variables
+ * and registers local to this cpu.
+ */
+int arch_install_hw_breakpoint(struct perf_event *bp)
+{
+        struct arch_hw_breakpoint *info = counter_arch_bp(bp);
+        unsigned long *dr7;
+        int i;
+
+        for (i = 0; i < HBP_NUM; i++) {
+                struct perf_event **slot = &__get_cpu_var(bp_per_reg[i]);
+
+                if (!*slot) {
+                        *slot = bp;
+                        break;
+                }
+        }
+
+        if (WARN_ONCE(i == HBP_NUM, "Can't find any breakpoint slot"))
+                return -EBUSY;
+
+        set_debugreg(info->address, i);
+        __get_cpu_var(cpu_debugreg[i]) = info->address;
+
+        dr7 = &__get_cpu_var(cpu_dr7);
+        *dr7 |= encode_dr7(i, info->len, info->type);
+
+        set_debugreg(*dr7, 7);
+
+        return 0;
+}
+
+/*
+ * Uninstall the breakpoint contained in the given counter.
+ *
+ * First we search the debug address register it uses and then we disable
+ * it.
+ *
+ * Atomic: we hold the counter->ctx->lock and we only handle variables
+ * and registers local to this cpu.
+ */
+void arch_uninstall_hw_breakpoint(struct perf_event *bp)
+{
+        struct arch_hw_breakpoint *info = counter_arch_bp(bp);
+        unsigned long *dr7;
+        int i;
+
+        for (i = 0; i < HBP_NUM; i++) {
+                struct perf_event **slot = &__get_cpu_var(bp_per_reg[i]);
+
+                if (*slot == bp) {
+                        *slot = NULL;
+                        break;
+                }
+        }
+
+        if (WARN_ONCE(i == HBP_NUM, "Can't find any breakpoint slot"))
+                return;
+
+        dr7 = &__get_cpu_var(cpu_dr7);
+        *dr7 &= ~__encode_dr7(i, info->len, info->type);
+
+        set_debugreg(*dr7, 7);
+}
+
+static int get_hbp_len(u8 hbp_len)
+{
+        unsigned int len_in_bytes = 0;
+
+        switch (hbp_len) {
+        case X86_BREAKPOINT_LEN_1:
+                len_in_bytes = 1;
+                break;
+        case X86_BREAKPOINT_LEN_2:
+                len_in_bytes = 2;
+                break;
+        case X86_BREAKPOINT_LEN_4:
+                len_in_bytes = 4;
+                break;
+#ifdef CONFIG_X86_64
+        case X86_BREAKPOINT_LEN_8:
+                len_in_bytes = 8;
+                break;
+#endif
+        }
+        return len_in_bytes;
+}
+
+/*
+ * Check for virtual address in user space.
+ */
+int arch_check_va_in_userspace(unsigned long va, u8 hbp_len)
+{
+        unsigned int len;
+
+        len = get_hbp_len(hbp_len);
+
+        return (va <= TASK_SIZE - len);
+}
+
+/*
+ * Check for virtual address in kernel space.
+ */
+static int arch_check_va_in_kernelspace(unsigned long va, u8 hbp_len)
+{
+        unsigned int len;
+
+        len = get_hbp_len(hbp_len);
+
+        return (va >= TASK_SIZE) && ((va + len - 1) >= TASK_SIZE);
+}
+
+/*
+ * Store a breakpoint's encoded address, length, and type.
+ */
+static int arch_store_info(struct perf_event *bp)
+{
+        struct arch_hw_breakpoint *info = counter_arch_bp(bp);
+        /*
+         * For kernel-addresses, either the address or symbol name can be
+         * specified.
+         */
+        if (info->name)
+                info->address = (unsigned long)
+                                kallsyms_lookup_name(info->name);
+        if (info->address)
+                return 0;
+
+        return -EINVAL;
+}
+
+int arch_bp_generic_fields(int x86_len, int x86_type,
+                           int *gen_len, int *gen_type)
+{
+        /* Len */
+        switch (x86_len) {
+        case X86_BREAKPOINT_LEN_1:
+                *gen_len = HW_BREAKPOINT_LEN_1;
+                break;
+        case X86_BREAKPOINT_LEN_2:
+                *gen_len = HW_BREAKPOINT_LEN_2;
+                break;
+        case X86_BREAKPOINT_LEN_4:
+                *gen_len = HW_BREAKPOINT_LEN_4;
+                break;
+#ifdef CONFIG_X86_64
+        case X86_BREAKPOINT_LEN_8:
+                *gen_len = HW_BREAKPOINT_LEN_8;
+                break;
+#endif
+        default:
+                return -EINVAL;
+        }
+
+        /* Type */
+        switch (x86_type) {
+        case X86_BREAKPOINT_EXECUTE:
+                *gen_type = HW_BREAKPOINT_X;
+                break;
+        case X86_BREAKPOINT_WRITE:
+                *gen_type = HW_BREAKPOINT_W;
+                break;
+        case X86_BREAKPOINT_RW:
+                *gen_type = HW_BREAKPOINT_W | HW_BREAKPOINT_R;
+                break;
+        default:
+                return -EINVAL;
+        }
+
+        return 0;
+}
+
+
+static int arch_build_bp_info(struct perf_event *bp)
+{
+        struct arch_hw_breakpoint *info = counter_arch_bp(bp);
+
+        info->address = bp->attr.bp_addr;
+
+        /* Len */
+        switch (bp->attr.bp_len) {
+        case HW_BREAKPOINT_LEN_1:
+                info->len = X86_BREAKPOINT_LEN_1;
+                break;
+        case HW_BREAKPOINT_LEN_2:
+                info->len = X86_BREAKPOINT_LEN_2;
+                break;
+        case HW_BREAKPOINT_LEN_4:
+                info->len = X86_BREAKPOINT_LEN_4;
+                break;
+#ifdef CONFIG_X86_64
+        case HW_BREAKPOINT_LEN_8:
+                info->len = X86_BREAKPOINT_LEN_8;
+                break;
+#endif
+        default:
+                return -EINVAL;
+        }
+
+        /* Type */
+        switch (bp->attr.bp_type) {
+        case HW_BREAKPOINT_W:
+                info->type = X86_BREAKPOINT_WRITE;
+                break;
+        case HW_BREAKPOINT_W | HW_BREAKPOINT_R:
+                info->type = X86_BREAKPOINT_RW;
+                break;
+        case HW_BREAKPOINT_X:
+                info->type = X86_BREAKPOINT_EXECUTE;
+                break;
+        default:
+                return -EINVAL;
+        }
+
+        return 0;
+}
+/*
+ * Validate the arch-specific HW Breakpoint register settings
+ */
+int arch_validate_hwbkpt_settings(struct perf_event *bp,
+                                  struct task_struct *tsk)
+{
+        struct arch_hw_breakpoint *info = counter_arch_bp(bp);
+        unsigned int align;
+        int ret;
+
+
+        ret = arch_build_bp_info(bp);
+        if (ret)
+                return ret;
+
+        ret = -EINVAL;
+
+        if (info->type == X86_BREAKPOINT_EXECUTE)
+                /*
+                 * Ptrace-refactoring code
+                 * For now, we'll allow instruction breakpoint only for user-space
+                 * addresses
+                 */
+                if ((!arch_check_va_in_userspace(info->address, info->len)) &&
+                        info->len != X86_BREAKPOINT_EXECUTE)
+                        return ret;
+
+        switch (info->len) {
+        case X86_BREAKPOINT_LEN_1:
+                align = 0;
+                break;
+        case X86_BREAKPOINT_LEN_2:
+                align = 1;
+                break;
+        case X86_BREAKPOINT_LEN_4:
+                align = 3;
+                break;
+#ifdef CONFIG_X86_64
+        case X86_BREAKPOINT_LEN_8:
+                align = 7;
+                break;
+#endif
+        default:
+                return ret;
+        }
+
+        ret = arch_store_info(bp);
+
+        if (ret < 0)
+                return ret;
+        /*
+         * Check that the low-order bits of the address are appropriate
+         * for the alignment implied by len.
+         */
+        if (info->address & align)
+                return -EINVAL;
+
+        /* Check that the virtual address is in the proper range */
+        if (tsk) {
+                if (!arch_check_va_in_userspace(info->address, info->len))
+                        return -EFAULT;
+        } else {
+                if (!arch_check_va_in_kernelspace(info->address, info->len))
+                        return -EFAULT;
+        }
+
+        return 0;
+}
+
+/*
+ * Dump the debug register contents to the user.
+ * We can't dump our per cpu values because it
+ * may contain cpu wide breakpoint, something that
+ * doesn't belong to the current task.
+ *
+ * TODO: include non-ptrace user breakpoints (perf)
+ */
+void aout_dump_debugregs(struct user *dump)
+{
+        int i;
+        int dr7 = 0;
+        struct perf_event *bp;
+        struct arch_hw_breakpoint *info;
+        struct thread_struct *thread = &current->thread;
+
+        for (i = 0; i < HBP_NUM; i++) {
+                bp = thread->ptrace_bps[i];
+
+                if (bp && !bp->attr.disabled) {
+                        dump->u_debugreg[i] = bp->attr.bp_addr;
+                        info = counter_arch_bp(bp);
+                        dr7 |= encode_dr7(i, info->len, info->type);
+                } else {
+                        dump->u_debugreg[i] = 0;
+                }
+        }
+
+        dump->u_debugreg[4] = 0;
+        dump->u_debugreg[5] = 0;
+        dump->u_debugreg[6] = current->thread.debugreg6;
+
+        dump->u_debugreg[7] = dr7;
+}
+EXPORT_SYMBOL_GPL(aout_dump_debugregs);
+
+/*
+ * Release the user breakpoints used by ptrace
+ */
+void flush_ptrace_hw_breakpoint(struct task_struct *tsk)
+{
+        int i;
+        struct thread_struct *t = &tsk->thread;
+
+        for (i = 0; i < HBP_NUM; i++) {
+                unregister_hw_breakpoint(t->ptrace_bps[i]);
+                t->ptrace_bps[i] = NULL;
+        }
+}
+
+void hw_breakpoint_restore(void)
+{
+        set_debugreg(__get_cpu_var(cpu_debugreg[0]), 0);
+        set_debugreg(__get_cpu_var(cpu_debugreg[1]), 1);
+        set_debugreg(__get_cpu_var(cpu_debugreg[2]), 2);
+        set_debugreg(__get_cpu_var(cpu_debugreg[3]), 3);
+        set_debugreg(current->thread.debugreg6, 6);
+        set_debugreg(__get_cpu_var(cpu_dr7), 7);
+}
+EXPORT_SYMBOL_GPL(hw_breakpoint_restore);
+
+/*
+ * Handle debug exception notifications.
+ *
+ * Return value is either NOTIFY_STOP or NOTIFY_DONE as explained below.
+ *
+ * NOTIFY_DONE returned if one of the following conditions is true.
+ * i) When the causative address is from user-space and the exception
+ * is a valid one, i.e. not triggered as a result of lazy debug register
+ * switching
+ * ii) When there are more bits than trap<n> set in DR6 register (such
+ * as BD, BS or BT) indicating that more than one debug condition is
+ * met and requires some more action in do_debug().
+ *
+ * NOTIFY_STOP returned for all other cases
+ *
+ */
+static int __kprobes hw_breakpoint_handler(struct die_args *args)
+{
+        int i, cpu, rc = NOTIFY_STOP;
+        struct perf_event *bp;
+        unsigned long dr7, dr6;
+        unsigned long *dr6_p;
+
+        /* The DR6 value is pointed by args->err */
+        dr6_p = (unsigned long *)ERR_PTR(args->err);
+        dr6 = *dr6_p;
+
+        /* Do an early return if no trap bits are set in DR6 */
+        if ((dr6 & DR_TRAP_BITS) == 0)
+                return NOTIFY_DONE;
+
+        get_debugreg(dr7, 7);
+        /* Disable breakpoints during exception handling */
+        set_debugreg(0UL, 7);
+        /*
+         * Assert that local interrupts are disabled
+         * Reset the DRn bits in the virtualized register value.
+         * The ptrace trigger routine will add in whatever is needed.
+         */
+        current->thread.debugreg6 &= ~DR_TRAP_BITS;
+        cpu = get_cpu();
+
+        /* Handle all the breakpoints that were triggered */
+        for (i = 0; i < HBP_NUM; ++i) {
+                if (likely(!(dr6 & (DR_TRAP0 << i))))
+                        continue;
+
+                /*
+                 * The counter may be concurrently released but that can only
+                 * occur from a call_rcu() path. We can then safely fetch
+                 * the breakpoint, use its callback, touch its counter
+                 * while we are in an rcu_read_lock() path.
+                 */
+                rcu_read_lock();
+
+                bp = per_cpu(bp_per_reg[i], cpu);
+                if (bp)
+                        rc = NOTIFY_DONE;
+                /*
+                 * Reset the 'i'th TRAP bit in dr6 to denote completion of
+                 * exception handling
+                 */
+                (*dr6_p) &= ~(DR_TRAP0 << i);
+                /*
+                 * bp can be NULL due to lazy debug register switching
+                 * or due to concurrent perf counter removing.
+                 */
+                if (!bp) {
+                        rcu_read_unlock();
+                        break;
+                }
+
+                perf_bp_event(bp, args->regs);
+
+                rcu_read_unlock();
+        }
+        if (dr6 & (~DR_TRAP_BITS))
+                rc = NOTIFY_DONE;
+
+        set_debugreg(dr7, 7);
+        put_cpu();
+
+        return rc;
+}
+
+/*
+ * Handle debug exception notifications.
+ */
+int __kprobes hw_breakpoint_exceptions_notify(
+                struct notifier_block *unused, unsigned long val, void *data)
+{
+        if (val != DIE_DEBUG)
+                return NOTIFY_DONE;
+
+        return hw_breakpoint_handler(data);
+}
+
+void hw_breakpoint_pmu_read(struct perf_event *bp)
+{
+        /* TODO */
+}
+
+void hw_breakpoint_pmu_unthrottle(struct perf_event *bp)
+{
+        /* TODO */
+}
diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c
index 1736c5a725aa..9c3bd4a2050e 100644
--- a/arch/x86/kernel/i386_ksyms_32.c
+++ b/arch/x86/kernel/i386_ksyms_32.c
@@ -15,8 +15,10 @@ EXPORT_SYMBOL(mcount);
  * the export, but dont use it from C code, it is used
  * by assembly code and is not using C calling convention!
  */
+#ifndef CONFIG_X86_CMPXCHG64
 extern void cmpxchg8b_emu(void);
 EXPORT_SYMBOL(cmpxchg8b_emu);
+#endif
 
 /* Networking helper routines. */
 EXPORT_SYMBOL(csum_partial_copy_generic);
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 99c4d308f16b..8eec0ec59af2 100644
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -103,9 +103,10 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
  * on system-call entry - see also fork() and the signal handling
  * code.
  */
-static int do_iopl(unsigned int level, struct pt_regs *regs)
+long sys_iopl(unsigned int level, struct pt_regs *regs)
 {
         unsigned int old = (regs->flags >> 12) & 3;
+        struct thread_struct *t = &current->thread;
 
         if (level > 3)
                 return -EINVAL;
@@ -115,29 +116,8 @@ static int do_iopl(unsigned int level, struct pt_regs *regs)
                         return -EPERM;
         }
         regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
-
-        return 0;
-}
-
-#ifdef CONFIG_X86_32
-long sys_iopl(struct pt_regs *regs)
-{
-        unsigned int level = regs->bx;
-        struct thread_struct *t = &current->thread;
-        int rc;
-
-        rc = do_iopl(level, regs);
-        if (rc < 0)
-                goto out;
-
         t->iopl = level << 12;
         set_iopl_mask(t->iopl);
-out:
-        return rc;
-}
-#else
-asmlinkage long sys_iopl(unsigned int level, struct pt_regs *regs)
-{
-        return do_iopl(level, regs);
+
+        return 0;
 }
-#endif
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index 74656d1d4e30..91fd0c70a18a 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -18,7 +18,7 @@
 atomic_t irq_err_count;
 
 /* Function pointer for generic interrupt vector handling */
-void (*generic_interrupt_extension)(void) = NULL;
+void (*x86_platform_ipi_callback)(void) = NULL;
 
 /*
  * 'what should we do if we get a hw irq event on an illegal vector'.
@@ -63,19 +63,19 @@ static int show_other_interrupts(struct seq_file *p, int prec)
         for_each_online_cpu(j)
                 seq_printf(p, "%10u ", irq_stats(j)->irq_spurious_count);
         seq_printf(p, "  Spurious interrupts\n");
-        seq_printf(p, "%*s: ", prec, "CNT");
+        seq_printf(p, "%*s: ", prec, "PMI");
         for_each_online_cpu(j)
                 seq_printf(p, "%10u ", irq_stats(j)->apic_perf_irqs);
-        seq_printf(p, "  Performance counter interrupts\n");
+        seq_printf(p, "  Performance monitoring interrupts\n");
         seq_printf(p, "%*s: ", prec, "PND");
         for_each_online_cpu(j)
                 seq_printf(p, "%10u ", irq_stats(j)->apic_pending_irqs);
         seq_printf(p, "  Performance pending work\n");
 #endif
-        if (generic_interrupt_extension) {
+        if (x86_platform_ipi_callback) {
                 seq_printf(p, "%*s: ", prec, "PLT");
                 for_each_online_cpu(j)
-                        seq_printf(p, "%10u ", irq_stats(j)->generic_irqs);
+                        seq_printf(p, "%10u ", irq_stats(j)->x86_platform_ipis);
                 seq_printf(p, "  Platform interrupts\n");
         }
 #ifdef CONFIG_SMP
@@ -92,17 +92,17 @@ static int show_other_interrupts(struct seq_file *p, int prec)
                 seq_printf(p, "%10u ", irq_stats(j)->irq_tlb_count);
         seq_printf(p, "  TLB shootdowns\n");
 #endif
-#ifdef CONFIG_X86_MCE
+#ifdef CONFIG_X86_THERMAL_VECTOR
         seq_printf(p, "%*s: ", prec, "TRM");
         for_each_online_cpu(j)
                 seq_printf(p, "%10u ", irq_stats(j)->irq_thermal_count);
         seq_printf(p, "  Thermal event interrupts\n");
-# ifdef CONFIG_X86_MCE_THRESHOLD
+#endif
+#ifdef CONFIG_X86_MCE_THRESHOLD
         seq_printf(p, "%*s: ", prec, "THR");
         for_each_online_cpu(j)
                 seq_printf(p, "%10u ", irq_stats(j)->irq_threshold_count);
         seq_printf(p, "  Threshold APIC interrupts\n");
-# endif
 #endif
 #ifdef CONFIG_X86_MCE
         seq_printf(p, "%*s: ", prec, "MCE");
@@ -149,7 +149,7 @@ int show_interrupts(struct seq_file *p, void *v)
         if (!desc)
                 return 0;
 
-        spin_lock_irqsave(&desc->lock, flags);
+        raw_spin_lock_irqsave(&desc->lock, flags);
         for_each_online_cpu(j)
                 any_count |= kstat_irqs_cpu(i, j);
         action = desc->action;
@@ -170,7 +170,7 @@ int show_interrupts(struct seq_file *p, void *v)
 
         seq_putc(p, '\n');
 out:
-        spin_unlock_irqrestore(&desc->lock, flags);
+        raw_spin_unlock_irqrestore(&desc->lock, flags);
         return 0;
 }
 
@@ -187,18 +187,18 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
         sum += irq_stats(cpu)->apic_perf_irqs;
         sum += irq_stats(cpu)->apic_pending_irqs;
 #endif
-        if (generic_interrupt_extension)
-                sum += irq_stats(cpu)->generic_irqs;
+        if (x86_platform_ipi_callback)
+                sum += irq_stats(cpu)->x86_platform_ipis;
 #ifdef CONFIG_SMP
         sum += irq_stats(cpu)->irq_resched_count;
         sum += irq_stats(cpu)->irq_call_count;
         sum += irq_stats(cpu)->irq_tlb_count;
 #endif
-#ifdef CONFIG_X86_MCE
+#ifdef CONFIG_X86_THERMAL_VECTOR
         sum += irq_stats(cpu)->irq_thermal_count;
-# ifdef CONFIG_X86_MCE_THRESHOLD
+#endif
+#ifdef CONFIG_X86_MCE_THRESHOLD
         sum += irq_stats(cpu)->irq_threshold_count;
-# endif
 #endif
 #ifdef CONFIG_X86_MCE
         sum += per_cpu(mce_exception_count, cpu);
@@ -251,9 +251,9 @@ unsigned int __irq_entry do_IRQ(struct pt_regs *regs)
 }
 
 /*
- * Handler for GENERIC_INTERRUPT_VECTOR.
+ * Handler for X86_PLATFORM_IPI_VECTOR.
  */
-void smp_generic_interrupt(struct pt_regs *regs)
+void smp_x86_platform_ipi(struct pt_regs *regs)
 {
         struct pt_regs *old_regs = set_irq_regs(regs);
 
@@ -263,10 +263,10 @@ void smp_generic_interrupt(struct pt_regs *regs)
 
         irq_enter();
 
-        inc_irq_stat(generic_irqs);
+        inc_irq_stat(x86_platform_ipis);
 
-        if (generic_interrupt_extension)
-                generic_interrupt_extension();
+        if (x86_platform_ipi_callback)
+                x86_platform_ipi_callback();
 
         irq_exit();
 
@@ -274,3 +274,93 @@ void smp_generic_interrupt(struct pt_regs *regs)
 }
 
 EXPORT_SYMBOL_GPL(vector_used_by_percpu_irq);
+
+#ifdef CONFIG_HOTPLUG_CPU
+/* A cpu has been removed from cpu_online_mask.  Reset irq affinities. */
+void fixup_irqs(void)
+{
+        unsigned int irq, vector;
+        static int warned;
+        struct irq_desc *desc;
+
+        for_each_irq_desc(irq, desc) {
+                int break_affinity = 0;
+                int set_affinity = 1;
+                const struct cpumask *affinity;
+
+                if (!desc)
+                        continue;
+                if (irq == 2)
+                        continue;
+
+                /* interrupt's are disabled at this point */
+                raw_spin_lock(&desc->lock);
+
+                affinity = desc->affinity;
+                if (!irq_has_action(irq) ||
+                    cpumask_equal(affinity, cpu_online_mask)) {
+                        raw_spin_unlock(&desc->lock);
+                        continue;
+                }
+
+                /*
+                 * Complete the irq move. This cpu is going down and for
+                 * non intr-remapping case, we can't wait till this interrupt
+                 * arrives at this cpu before completing the irq move.
+                 */
+                irq_force_complete_move(irq);
+
+                if (cpumask_any_and(affinity, cpu_online_mask) >= nr_cpu_ids) {
+                        break_affinity = 1;
+                        affinity = cpu_all_mask;
+                }
+
+                if (!(desc->status & IRQ_MOVE_PCNTXT) && desc->chip->mask)
+                        desc->chip->mask(irq);
+
+                if (desc->chip->set_affinity)
+                        desc->chip->set_affinity(irq, affinity);
+                else if (!(warned++))
+                        set_affinity = 0;
+
+                if (!(desc->status & IRQ_MOVE_PCNTXT) && desc->chip->unmask)
+                        desc->chip->unmask(irq);
+
+                raw_spin_unlock(&desc->lock);
+
+                if (break_affinity && set_affinity)
+                        printk("Broke affinity for irq %i\n", irq);
+                else if (!set_affinity)
+                        printk("Cannot set affinity for irq %i\n", irq);
+        }
+
+        /*
+         * We can remove mdelay() and then send spuriuous interrupts to
+         * new cpu targets for all the irqs that were handled previously by
+         * this cpu. While it works, I have seen spurious interrupt messages
+         * (nothing wrong but still...).
+         *
+         * So for now, retain mdelay(1) and check the IRR and then send those
+         * interrupts to new targets as this cpu is already offlined...
+         */
+        mdelay(1);
+
+        for (vector = FIRST_EXTERNAL_VECTOR; vector < NR_VECTORS; vector++) {
+                unsigned int irr;
+
+                if (__get_cpu_var(vector_irq)[vector] < 0)
+                        continue;
+
+                irr = apic_read(APIC_IRR + (vector / 32 * 0x10));
+                if (irr  & (1 << (vector % 32))) {
+                        irq = __get_cpu_var(vector_irq)[vector];
+
+                        desc = irq_to_desc(irq);
+                        raw_spin_lock(&desc->lock);
+                        if (desc->chip->retrigger)
+                                desc->chip->retrigger(irq);
+                        raw_spin_unlock(&desc->lock);
+                }
+        }
+}
+#endif
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
index 7d35d0fe2329..10709f29d166 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -211,48 +211,3 @@ bool handle_irq(unsigned irq, struct pt_regs *regs)
 
         return true;
 }
-
-#ifdef CONFIG_HOTPLUG_CPU
-
-/* A cpu has been removed from cpu_online_mask.  Reset irq affinities. */
-void fixup_irqs(void)
-{
-        unsigned int irq;
-        struct irq_desc *desc;
-
-        for_each_irq_desc(irq, desc) {
-                const struct cpumask *affinity;
-
-                if (!desc)
-                        continue;
-                if (irq == 2)
-                        continue;
-
-                affinity = desc->affinity;
-                if (cpumask_any_and(affinity, cpu_online_mask) >= nr_cpu_ids) {
-                        printk("Breaking affinity for irq %i\n", irq);
-                        affinity = cpu_all_mask;
-                }
-                if (desc->chip->set_affinity)
-                        desc->chip->set_affinity(irq, affinity);
-                else if (desc->action)
-                        printk_once("Cannot set affinity for irq %i\n", irq);
-        }
-
-#if 0
-        barrier();
-        /* Ingo Molnar says: "after the IO-APIC masks have been redirected
-           [note the nop - the interrupt-enable boundary on x86 is two
-           instructions from sti] - to flush out pending hardirqs and
-           IPIs. After this point nothing is supposed to reach this CPU." */
-        __asm__ __volatile__("sti; nop; cli");
-        barrier();
-#else
-        /* That doesn't seem sufficient.  Give it 1ms. */
-        local_irq_enable();
-        mdelay(1);
-        local_irq_disable();
-#endif
-}
-#endif
-
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 977d8b43a0dd..acf8fbf8fbda 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -62,64 +62,6 @@ bool handle_irq(unsigned irq, struct pt_regs *regs)
         return true;
 }
 
-#ifdef CONFIG_HOTPLUG_CPU
-/* A cpu has been removed from cpu_online_mask.  Reset irq affinities. */
-void fixup_irqs(void)
-{
-        unsigned int irq;
-        static int warned;
-        struct irq_desc *desc;
-
-        for_each_irq_desc(irq, desc) {
-                int break_affinity = 0;
-                int set_affinity = 1;
-                const struct cpumask *affinity;
-
-                if (!desc)
-                        continue;
-                if (irq == 2)
-                        continue;
-
-                /* interrupt's are disabled at this point */
-                spin_lock(&desc->lock);
-
-                affinity = desc->affinity;
-                if (!irq_has_action(irq) ||
-                    cpumask_equal(affinity, cpu_online_mask)) {
-                        spin_unlock(&desc->lock);
-                        continue;
-                }
-
-                if (cpumask_any_and(affinity, cpu_online_mask) >= nr_cpu_ids) {
-                        break_affinity = 1;
-                        affinity = cpu_all_mask;
-                }
-
-                if (desc->chip->mask)
-                        desc->chip->mask(irq);
-
-                if (desc->chip->set_affinity)
-                        desc->chip->set_affinity(irq, affinity);
-                else if (!(warned++))
-                        set_affinity = 0;
-
-                if (desc->chip->unmask)
-                        desc->chip->unmask(irq);
-
-                spin_unlock(&desc->lock);
-
-                if (break_affinity && set_affinity)
-                        printk("Broke affinity for irq %i\n", irq);
-                else if (!set_affinity)
-                        printk("Cannot set affinity for irq %i\n", irq);
-        }
-
-        /* That doesn't seem sufficient.  Give it 1ms. */
-        local_irq_enable();
-        mdelay(1);
-        local_irq_disable();
-}
-#endif
 
 extern void call_softirq(void);
 
diff --git a/arch/x86/kernel/irqinit.c b/arch/x86/kernel/irqinit.c
index 40f30773fb29..d5932226614f 100644
--- a/arch/x86/kernel/irqinit.c
+++ b/arch/x86/kernel/irqinit.c
@@ -200,8 +200,8 @@ static void __init apic_intr_init(void)
         /* self generated IPI for local APIC timer */
         alloc_intr_gate(LOCAL_TIMER_VECTOR, apic_timer_interrupt);
 
-        /* generic IPI for platform specific use */
-        alloc_intr_gate(GENERIC_INTERRUPT_VECTOR, generic_interrupt);
+        /* IPI for X86 platform specific use */
+        alloc_intr_gate(X86_PLATFORM_IPI_VECTOR, x86_platform_ipi);
 
         /* IPI vectors for APIC spurious and error interrupts */
         alloc_intr_gate(SPURIOUS_APIC_VECTOR, spurious_interrupt);
diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
index 8d82a77a3f3b..dd74fe7273b1 100644
--- a/arch/x86/kernel/kgdb.c
+++ b/arch/x86/kernel/kgdb.c
@@ -43,6 +43,7 @@
 #include <linux/smp.h>
 #include <linux/nmi.h>
 
+#include <asm/debugreg.h>
 #include <asm/apicdef.h>
 #include <asm/system.h>
 
@@ -85,10 +86,15 @@ void pt_regs_to_gdb_regs(unsigned long *gdb_regs, struct pt_regs *regs)
         gdb_regs[GDB_DS]        = regs->ds;
         gdb_regs[GDB_ES]        = regs->es;
         gdb_regs[GDB_CS]        = regs->cs;
-        gdb_regs[GDB_SS]        = __KERNEL_DS;
         gdb_regs[GDB_FS]        = 0xFFFF;
         gdb_regs[GDB_GS]        = 0xFFFF;
-        gdb_regs[GDB_SP]        = (int)&regs->sp;
+        if (user_mode_vm(regs)) {
+                gdb_regs[GDB_SS] = regs->ss;
+                gdb_regs[GDB_SP] = regs->sp;
+        } else {
+                gdb_regs[GDB_SS] = __KERNEL_DS;
+                gdb_regs[GDB_SP] = kernel_stack_pointer(regs);
+        }
 #else
         gdb_regs[GDB_R8]        = regs->r8;
         gdb_regs[GDB_R9]        = regs->r9;
@@ -101,7 +107,7 @@ void pt_regs_to_gdb_regs(unsigned long *gdb_regs, struct pt_regs *regs)
         gdb_regs32[GDB_PS]      = regs->flags;
         gdb_regs32[GDB_CS]      = regs->cs;
         gdb_regs32[GDB_SS]      = regs->ss;
-        gdb_regs[GDB_SP]        = regs->sp;
+        gdb_regs[GDB_SP]        = kernel_stack_pointer(regs);
 #endif
 }
 
@@ -220,8 +226,7 @@ static void kgdb_correct_hw_break(void)
                         dr7 |= ((breakinfo[breakno].len << 2) |
                                  breakinfo[breakno].type) <<
                                ((breakno << 2) + 16);
-                        if (breakno >= 0 && breakno <= 3)
-                                set_debugreg(breakinfo[breakno].addr, breakno);
+                        set_debugreg(breakinfo[breakno].addr, breakno);
 
                 } else {
                         if ((dr7 & breakbit) && !breakinfo[breakno].enabled) {
@@ -395,7 +400,6 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
                 /* set the trace bit if we're stepping */
                 if (remcomInBuffer[0] == 's') {
                         linux_regs->flags |= X86_EFLAGS_TF;
-                        kgdb_single_step = 1;
                         atomic_set(&kgdb_cpu_doing_single_step,
                                    raw_smp_processor_id());
                 }
@@ -434,6 +438,11 @@ single_step_cont(struct pt_regs *regs, struct die_args *args)
                         "resuming...\n");
         kgdb_arch_handle_exception(args->trapnr, args->signr,
                                    args->err, "c", "", regs);
+        /*
+         * Reset the BS bit in dr6 (pointed by args->err) to
+         * denote completion of processing
+         */
+        (*(unsigned long *)ERR_PTR(args->err)) &= ~DR_STEP;
 
         return NOTIFY_STOP;
 }
diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c
index 7b5169d2b000..5b8c7505b3bc 100644
--- a/arch/x86/kernel/kprobes.c
+++ b/arch/x86/kernel/kprobes.c
@@ -48,31 +48,22 @@
 #include <linux/preempt.h>
 #include <linux/module.h>
 #include <linux/kdebug.h>
+#include <linux/kallsyms.h>
 
 #include <asm/cacheflush.h>
 #include <asm/desc.h>
 #include <asm/pgtable.h>
 #include <asm/uaccess.h>
 #include <asm/alternative.h>
+#include <asm/insn.h>
+#include <asm/debugreg.h>
 
 void jprobe_return_end(void);
 
 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
 
-#ifdef CONFIG_X86_64
-#define stack_addr(regs) ((unsigned long *)regs->sp)
-#else
-/*
- * "&regs->sp" looks wrong, but it's correct for x86_32.  x86_32 CPUs
- * don't save the ss and esp registers if the CPU is already in kernel
- * mode when it traps.  So for kprobes, regs->sp and regs->ss are not
- * the [nonexistent] saved stack pointer and ss register, but rather
- * the top 8 bytes of the pre-int3 stack.  So &regs->sp happens to
- * point to the top of the pre-int3 stack.
- */
-#define stack_addr(regs) ((unsigned long *)&regs->sp)
-#endif
+#define stack_addr(regs) ((unsigned long *)kernel_stack_pointer(regs))
 
 #define W(row, b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, ba, bb, bc, bd, be, bf)\
         (((b0##UL << 0x0)|(b1##UL << 0x1)|(b2##UL << 0x2)|(b3##UL << 0x3) |   \
@@ -106,50 +97,6 @@ static const u32 twobyte_is_boostable[256 / 32] = {
         /*      -----------------------------------------------         */
         /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f          */
 };
-static const u32 onebyte_has_modrm[256 / 32] = {
-        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f          */
-        /*      -----------------------------------------------         */
-        W(0x00, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0) | /* 00 */
-        W(0x10, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0) , /* 10 */
-        W(0x20, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0) | /* 20 */
-        W(0x30, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0) , /* 30 */
-        W(0x40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) | /* 40 */
-        W(0x50, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) , /* 50 */
-        W(0x60, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0) | /* 60 */
-        W(0x70, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) , /* 70 */
-        W(0x80, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 80 */
-        W(0x90, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) , /* 90 */
-        W(0xa0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) | /* a0 */
-        W(0xb0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) , /* b0 */
-        W(0xc0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0) | /* c0 */
-        W(0xd0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1) , /* d0 */
-        W(0xe0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) | /* e0 */
-        W(0xf0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1)   /* f0 */
-        /*      -----------------------------------------------         */
-        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f          */
-};
-static const u32 twobyte_has_modrm[256 / 32] = {
-        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f          */
-        /*      -----------------------------------------------         */
-        W(0x00, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1) | /* 0f */
-        W(0x10, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0) , /* 1f */
-        W(0x20, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1) | /* 2f */
-        W(0x30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) , /* 3f */
-        W(0x40, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 4f */
-        W(0x50, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 5f */
-        W(0x60, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 6f */
-        W(0x70, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1) , /* 7f */
-        W(0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) | /* 8f */
-        W(0x90, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 9f */
-        W(0xa0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1) | /* af */
-        W(0xb0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1) , /* bf */
-        W(0xc0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0) | /* cf */
-        W(0xd0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* df */
-        W(0xe0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* ef */
-        W(0xf0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0)   /* ff */
-        /*      -----------------------------------------------         */
-        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f          */
-};
 #undef W
 
 struct kretprobe_blackpoint kretprobe_blacklist[] = {
@@ -244,6 +191,75 @@ retry:
         }
 }
 
+/* Recover the probed instruction at addr for further analysis. */
+static int recover_probed_instruction(kprobe_opcode_t *buf, unsigned long addr)
+{
+        struct kprobe *kp;
+        kp = get_kprobe((void *)addr);
+        if (!kp)
+                return -EINVAL;
+
+        /*
+         *  Basically, kp->ainsn.insn has an original instruction.
+         *  However, RIP-relative instruction can not do single-stepping
+         *  at different place, fix_riprel() tweaks the displacement of
+         *  that instruction. In that case, we can't recover the instruction
+         *  from the kp->ainsn.insn.
+         *
+         *  On the other hand, kp->opcode has a copy of the first byte of
+         *  the probed instruction, which is overwritten by int3. And
+         *  the instruction at kp->addr is not modified by kprobes except
+         *  for the first byte, we can recover the original instruction
+         *  from it and kp->opcode.
+         */
+        memcpy(buf, kp->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
+        buf[0] = kp->opcode;
+        return 0;
+}
+
+/* Dummy buffers for kallsyms_lookup */
+static char __dummy_buf[KSYM_NAME_LEN];
+
+/* Check if paddr is at an instruction boundary */
+static int __kprobes can_probe(unsigned long paddr)
+{
+        int ret;
+        unsigned long addr, offset = 0;
+        struct insn insn;
+        kprobe_opcode_t buf[MAX_INSN_SIZE];
+
+        if (!kallsyms_lookup(paddr, NULL, &offset, NULL, __dummy_buf))
+                return 0;
+
+        /* Decode instructions */
+        addr = paddr - offset;
+        while (addr < paddr) {
+                kernel_insn_init(&insn, (void *)addr);
+                insn_get_opcode(&insn);
+
+                /*
+                 * Check if the instruction has been modified by another
+                 * kprobe, in which case we replace the breakpoint by the
+                 * original instruction in our buffer.
+                 */
+                if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) {
+                        ret = recover_probed_instruction(buf, addr);
+                        if (ret)
+                                /*
+                                 * Another debugging subsystem might insert
+                                 * this breakpoint. In that case, we can't
+                                 * recover it.
+                                 */
+                                return 0;
+                        kernel_insn_init(&insn, buf);
+                }
+                insn_get_length(&insn);
+                addr += insn.length;
+        }
+
+        return (addr == paddr);
+}
+
 /*
  * Returns non-zero if opcode modifies the interrupt flag.
  */
@@ -277,68 +293,30 @@ static int __kprobes is_IF_modifier(kprobe_opcode_t *insn)
 static void __kprobes fix_riprel(struct kprobe *p)
 {
 #ifdef CONFIG_X86_64
-        u8 *insn = p->ainsn.insn;
-        s64 disp;
-        int need_modrm;
-
-        /* Skip legacy instruction prefixes.  */
-        while (1) {
-                switch (*insn) {
-                case 0x66:
-                case 0x67:
-                case 0x2e:
-                case 0x3e:
-                case 0x26:
-                case 0x64:
-                case 0x65:
-                case 0x36:
-                case 0xf0:
-                case 0xf3:
-                case 0xf2:
-                        ++insn;
-                        continue;
-                }
-                break;
-        }
+        struct insn insn;
+        kernel_insn_init(&insn, p->ainsn.insn);
 
-        /* Skip REX instruction prefix.  */
-        if (is_REX_prefix(insn))
-                ++insn;
-
-        if (*insn == 0x0f) {
-                /* Two-byte opcode.  */
-                ++insn;
-                need_modrm = test_bit(*insn,
-                                      (unsigned long *)twobyte_has_modrm);
-        } else
-                /* One-byte opcode.  */
-                need_modrm = test_bit(*insn,
-                                      (unsigned long *)onebyte_has_modrm);
-
-        if (need_modrm) {
-                u8 modrm = *++insn;
-                if ((modrm & 0xc7) == 0x05) {
-                        /* %rip+disp32 addressing mode */
-                        /* Displacement follows ModRM byte.  */
-                        ++insn;
-                        /*
-                         * The copied instruction uses the %rip-relative
-                         * addressing mode.  Adjust the displacement for the
-                         * difference between the original location of this
-                         * instruction and the location of the copy that will
-                         * actually be run.  The tricky bit here is making sure
-                         * that the sign extension happens correctly in this
-                         * calculation, since we need a signed 32-bit result to
-                         * be sign-extended to 64 bits when it's added to the
-                         * %rip value and yield the same 64-bit result that the
-                         * sign-extension of the original signed 32-bit
-                         * displacement would have given.
-                         */
-                        disp = (u8 *) p->addr + *((s32 *) insn) -
-                               (u8 *) p->ainsn.insn;
-                        BUG_ON((s64) (s32) disp != disp); /* Sanity check.  */
-                        *(s32 *)insn = (s32) disp;
-                }
+        if (insn_rip_relative(&insn)) {
+                s64 newdisp;
+                u8 *disp;
+                insn_get_displacement(&insn);
+                /*
+                 * The copied instruction uses the %rip-relative addressing
+                 * mode.  Adjust the displacement for the difference between
+                 * the original location of this instruction and the location
+                 * of the copy that will actually be run.  The tricky bit here
+                 * is making sure that the sign extension happens correctly in
+                 * this calculation, since we need a signed 32-bit result to
+                 * be sign-extended to 64 bits when it's added to the %rip
+                 * value and yield the same 64-bit result that the sign-
+                 * extension of the original signed 32-bit displacement would
+                 * have given.
+                 */
+                newdisp = (u8 *) p->addr + (s64) insn.displacement.value -
+                          (u8 *) p->ainsn.insn;
+                BUG_ON((s64) (s32) newdisp != newdisp); /* Sanity check.  */
+                disp = (u8 *) p->ainsn.insn + insn_offset_displacement(&insn);
+                *(s32 *) disp = (s32) newdisp;
         }
 #endif
 }
@@ -359,6 +337,8 @@ static void __kprobes arch_copy_kprobe(struct kprobe *p)
 
 int __kprobes arch_prepare_kprobe(struct kprobe *p)
 {
+        if (!can_probe((unsigned long)p->addr))
+                return -EILSEQ;
         /* insn: must be on special executable page on x86. */
         p->ainsn.insn = get_insn_slot();
         if (!p->ainsn.insn)
@@ -472,17 +452,6 @@ static int __kprobes reenter_kprobe(struct kprobe *p, struct pt_regs *regs,
 {
         switch (kcb->kprobe_status) {
         case KPROBE_HIT_SSDONE:
-#ifdef CONFIG_X86_64
-                /* TODO: Provide re-entrancy from post_kprobes_handler() and
-                 * avoid exception stack corruption while single-stepping on
-                 * the instruction of the new probe.
-                 */
-                arch_disarm_kprobe(p);
-                regs->ip = (unsigned long)p->addr;
-                reset_current_kprobe();
-                preempt_enable_no_resched();
-                break;
-#endif
         case KPROBE_HIT_ACTIVE:
                 save_previous_kprobe(kcb);
                 set_current_kprobe(p, regs, kcb);
@@ -491,18 +460,16 @@ static int __kprobes reenter_kprobe(struct kprobe *p, struct pt_regs *regs,
                 kcb->kprobe_status = KPROBE_REENTER;
                 break;
         case KPROBE_HIT_SS:
-                if (p == kprobe_running()) {
-                        regs->flags &= ~X86_EFLAGS_TF;
-                        regs->flags |= kcb->kprobe_saved_flags;
-                        return 0;
-                } else {
-                        /* A probe has been hit in the codepath leading up
-                         * to, or just after, single-stepping of a probed
-                         * instruction. This entire codepath should strictly
-                         * reside in .kprobes.text section. Raise a warning
-                         * to highlight this peculiar case.
-                         */
-                }
+                /* A probe has been hit in the codepath leading up to, or just
+                 * after, single-stepping of a probed instruction. This entire
+                 * codepath should strictly reside in .kprobes.text section.
+                 * Raise a BUG or we'll continue in an endless reentering loop
+                 * and eventually a stack overflow.
+                 */
+                printk(KERN_WARNING "Unrecoverable kprobe detected at %p.\n",
+                       p->addr);
+                dump_kprobe(p);
+                BUG();
         default:
                 /* impossible cases */
                 WARN_ON(1);
@@ -514,7 +481,7 @@ static int __kprobes reenter_kprobe(struct kprobe *p, struct pt_regs *regs,
 
 /*
  * Interrupts are disabled on entry as trap3 is an interrupt gate and they
- * remain disabled thorough out this function.
+ * remain disabled throughout this function.
  */
 static int __kprobes kprobe_handler(struct pt_regs *regs)
 {
@@ -851,7 +818,7 @@ no_change:
 
 /*
  * Interrupts are disabled on entry as trap1 is an interrupt gate and they
- * remain disabled thoroughout this function.
+ * remain disabled throughout this function.
  */
 static int __kprobes post_kprobe_handler(struct pt_regs *regs)
 {
@@ -967,8 +934,14 @@ int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
                         ret = NOTIFY_STOP;
                 break;
         case DIE_DEBUG:
-                if (post_kprobe_handler(args->regs))
+                if (post_kprobe_handler(args->regs)) {
+                        /*
+                         * Reset the BS bit in dr6 (pointed by args->err) to
+                         * denote completion of processing
+                         */
+                        (*(unsigned long *)ERR_PTR(args->err)) &= ~DR_STEP;
                         ret = NOTIFY_STOP;
+                }
                 break;
         case DIE_GPF:
                 /*
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index c1c429d00130..a3fa43ba5d3b 100644
--- a/arch/x86/kernel/machine_kexec_32.c
+++ b/arch/x86/kernel/machine_kexec_32.c
@@ -25,6 +25,7 @@
 #include <asm/desc.h>
 #include <asm/system.h>
 #include <asm/cacheflush.h>
+#include <asm/debugreg.h>
 
 static void set_idt(void *newidt, __u16 limit)
 {
@@ -157,8 +158,7 @@ int machine_kexec_prepare(struct kimage *image)
 {
         int error;
 
-        if (nx_enabled)
-                set_pages_x(image->control_code_page, 1);
+        set_pages_x(image->control_code_page, 1);
         error = machine_kexec_alloc_page_tables(image);
         if (error)
                 return error;
@@ -172,8 +172,7 @@ int machine_kexec_prepare(struct kimage *image)
  */
 void machine_kexec_cleanup(struct kimage *image)
 {
-        if (nx_enabled)
-                set_pages_nx(image->control_code_page, 1);
+        set_pages_nx(image->control_code_page, 1);
         machine_kexec_free_page_tables(image);
 }
 
@@ -202,6 +201,7 @@ void machine_kexec(struct kimage *image)
 
         /* Interrupts aren't acceptable while we reboot */
         local_irq_disable();
+        hw_breakpoint_disable();
 
         if (image->preserve_context) {
 #ifdef CONFIG_X86_IO_APIC
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 84c3bf209e98..4a8bb82248ae 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -18,6 +18,7 @@
 #include <asm/pgtable.h>
 #include <asm/tlbflush.h>
 #include <asm/mmu_context.h>
+#include <asm/debugreg.h>
 
 static int init_one_level2_page(struct kimage *image, pgd_t *pgd,
                                 unsigned long addr)
@@ -282,6 +283,7 @@ void machine_kexec(struct kimage *image)
 
         /* Interrupts aren't acceptable while we reboot */
         local_irq_disable();
+        hw_breakpoint_disable();
 
         if (image->preserve_context) {
 #ifdef CONFIG_X86_IO_APIC
diff --git a/arch/x86/kernel/mfgpt_32.c b/arch/x86/kernel/mfgpt_32.c
deleted file mode 100644
index 2a62d843f015..000000000000
--- a/arch/x86/kernel/mfgpt_32.c
+++ /dev/null
@@ -1,410 +0,0 @@
-/*
- * Driver/API for AMD Geode Multi-Function General Purpose Timers (MFGPT)
- *
- * Copyright (C) 2006, Advanced Micro Devices, Inc.
- * Copyright (C) 2007, Andres Salomon <dilinger@debian.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public License
- * as published by the Free Software Foundation.
- *
- * The MFGPTs are documented in AMD Geode CS5536 Companion Device Data Book.
- */
-
-/*
- * We are using the 32.768kHz input clock - it's the only one that has the
- * ranges we find desirable.  The following table lists the suitable
- * divisors and the associated Hz, minimum interval and the maximum interval:
- *
- *  Divisor   Hz      Min Delta (s)  Max Delta (s)
- *   1        32768   .00048828125      2.000
- *   2        16384   .0009765625       4.000
- *   4         8192   .001953125        8.000
- *   8         4096   .00390625        16.000
- *   16        2048   .0078125         32.000
- *   32        1024   .015625          64.000
- *   64         512   .03125          128.000
- *  128         256   .0625           256.000
- *  256         128   .125            512.000
- */
-
-#include <linux/kernel.h>
-#include <linux/interrupt.h>
-#include <linux/module.h>
-#include <asm/geode.h>
-
-#define MFGPT_DEFAULT_IRQ       7
-
-static struct mfgpt_timer_t {
-        unsigned int avail:1;
-} mfgpt_timers[MFGPT_MAX_TIMERS];
-
-/* Selected from the table above */
-
-#define MFGPT_DIVISOR 16
-#define MFGPT_SCALE  4     /* divisor = 2^(scale) */
-#define MFGPT_HZ  (32768 / MFGPT_DIVISOR)
-#define MFGPT_PERIODIC (MFGPT_HZ / HZ)
-
-/* Allow for disabling of MFGPTs */
-static int disable;
-static int __init mfgpt_disable(char *s)
-{
-        disable = 1;
-        return 1;
-}
-__setup("nomfgpt", mfgpt_disable);
-
-/* Reset the MFGPT timers. This is required by some broken BIOSes which already
- * do the same and leave the system in an unstable state. TinyBIOS 0.98 is
- * affected at least (0.99 is OK with MFGPT workaround left to off).
- */
-static int __init mfgpt_fix(char *s)
-{
-        u32 val, dummy;
-
-        /* The following udocumented bit resets the MFGPT timers */
-        val = 0xFF; dummy = 0;
-        wrmsr(MSR_MFGPT_SETUP, val, dummy);
-        return 1;
-}
-__setup("mfgptfix", mfgpt_fix);
-
-/*
- * Check whether any MFGPTs are available for the kernel to use.  In most
- * cases, firmware that uses AMD's VSA code will claim all timers during
- * bootup; we certainly don't want to take them if they're already in use.
- * In other cases (such as with VSAless OpenFirmware), the system firmware
- * leaves timers available for us to use.
- */
-
-
-static int timers = -1;
-
-static void geode_mfgpt_detect(void)
-{
-        int i;
-        u16 val;
-
-        timers = 0;
-
-        if (disable) {
-                printk(KERN_INFO "geode-mfgpt:  MFGPT support is disabled\n");
-                goto done;
-        }
-
-        if (!geode_get_dev_base(GEODE_DEV_MFGPT)) {
-                printk(KERN_INFO "geode-mfgpt:  MFGPT LBAR is not set up\n");
-                goto done;
-        }
-
-        for (i = 0; i < MFGPT_MAX_TIMERS; i++) {
-                val = geode_mfgpt_read(i, MFGPT_REG_SETUP);
-                if (!(val & MFGPT_SETUP_SETUP)) {
-                        mfgpt_timers[i].avail = 1;
-                        timers++;
-                }
-        }
-
-done:
-        printk(KERN_INFO "geode-mfgpt:  %d MFGPT timers available.\n", timers);
-}
-
-int geode_mfgpt_toggle_event(int timer, int cmp, int event, int enable)
-{
-        u32 msr, mask, value, dummy;
-        int shift = (cmp == MFGPT_CMP1) ? 0 : 8;
-
-        if (timer < 0 || timer >= MFGPT_MAX_TIMERS)
-                return -EIO;
-
-        /*
-         * The register maps for these are described in sections 6.17.1.x of
-         * the AMD Geode CS5536 Companion Device Data Book.
-         */
-        switch (event) {
-        case MFGPT_EVENT_RESET:
-                /*
-                 * XXX: According to the docs, we cannot reset timers above
-                 * 6; that is, resets for 7 and 8 will be ignored.  Is this
-                 * a problem?   -dilinger
-                 */
-                msr = MSR_MFGPT_NR;
-                mask = 1 << (timer + 24);
-                break;
-
-        case MFGPT_EVENT_NMI:
-                msr = MSR_MFGPT_NR;
-                mask = 1 << (timer + shift);
-                break;
-
-        case MFGPT_EVENT_IRQ:
-                msr = MSR_MFGPT_IRQ;
-                mask = 1 << (timer + shift);
-                break;
-
-        default:
-                return -EIO;
-        }
-
-        rdmsr(msr, value, dummy);
-
-        if (enable)
-                value |= mask;
-        else
-                value &= ~mask;
-
-        wrmsr(msr, value, dummy);
-        return 0;
-}
-EXPORT_SYMBOL_GPL(geode_mfgpt_toggle_event);
-
-int geode_mfgpt_set_irq(int timer, int cmp, int *irq, int enable)
-{
-        u32 zsel, lpc, dummy;
-        int shift;
-
-        if (timer < 0 || timer >= MFGPT_MAX_TIMERS)
-                return -EIO;
-
-        /*
-         * Unfortunately, MFGPTs come in pairs sharing their IRQ lines. If VSA
-         * is using the same CMP of the timer's Siamese twin, the IRQ is set to
-         * 2, and we mustn't use nor change it.
-         * XXX: Likewise, 2 Linux drivers might clash if the 2nd overwrites the
-         * IRQ of the 1st. This can only happen if forcing an IRQ, calling this
-         * with *irq==0 is safe. Currently there _are_ no 2 drivers.
-         */
-        rdmsr(MSR_PIC_ZSEL_LOW, zsel, dummy);
-        shift = ((cmp == MFGPT_CMP1 ? 0 : 4) + timer % 4) * 4;
-        if (((zsel >> shift) & 0xF) == 2)
-                return -EIO;
-
-        /* Choose IRQ: if none supplied, keep IRQ already set or use default */
-        if (!*irq)
-                *irq = (zsel >> shift) & 0xF;
-        if (!*irq)
-                *irq = MFGPT_DEFAULT_IRQ;
-
-        /* Can't use IRQ if it's 0 (=disabled), 2, or routed to LPC */
-        if (*irq < 1 || *irq == 2 || *irq > 15)
-                return -EIO;
-        rdmsr(MSR_PIC_IRQM_LPC, lpc, dummy);
-        if (lpc & (1 << *irq))
-                return -EIO;
-
-        /* All chosen and checked - go for it */
-        if (geode_mfgpt_toggle_event(timer, cmp, MFGPT_EVENT_IRQ, enable))
-                return -EIO;
-        if (enable) {
-                zsel = (zsel & ~(0xF << shift)) | (*irq << shift);
-                wrmsr(MSR_PIC_ZSEL_LOW, zsel, dummy);
-        }
-
-        return 0;
-}
-
-static int mfgpt_get(int timer)
-{
-        mfgpt_timers[timer].avail = 0;
-        printk(KERN_INFO "geode-mfgpt:  Registered timer %d\n", timer);
-        return timer;
-}
-
-int geode_mfgpt_alloc_timer(int timer, int domain)
-{
-        int i;
-
-        if (timers == -1) {
-                /* timers haven't been detected yet */
-                geode_mfgpt_detect();
-        }
-
-        if (!timers)
-                return -1;
-
-        if (timer >= MFGPT_MAX_TIMERS)
-                return -1;
-
-        if (timer < 0) {
-                /* Try to find an available timer */
-                for (i = 0; i < MFGPT_MAX_TIMERS; i++) {
-                        if (mfgpt_timers[i].avail)
-                                return mfgpt_get(i);
-
-                        if (i == 5 && domain == MFGPT_DOMAIN_WORKING)
-                                break;
-                }
-        } else {
-                /* If they requested a specific timer, try to honor that */
-                if (mfgpt_timers[timer].avail)
-                        return mfgpt_get(timer);
-        }
-
-        /* No timers available - too bad */
-        return -1;
-}
-EXPORT_SYMBOL_GPL(geode_mfgpt_alloc_timer);
-
-
-#ifdef CONFIG_GEODE_MFGPT_TIMER
-
-/*
- * The MFPGT timers on the CS5536 provide us with suitable timers to use
- * as clock event sources - not as good as a HPET or APIC, but certainly
- * better than the PIT.  This isn't a general purpose MFGPT driver, but
- * a simplified one designed specifically to act as a clock event source.
- * For full details about the MFGPT, please consult the CS5536 data sheet.
- */
-
-#include <linux/clocksource.h>
-#include <linux/clockchips.h>
-
-static unsigned int mfgpt_tick_mode = CLOCK_EVT_MODE_SHUTDOWN;
-static u16 mfgpt_event_clock;
-
-static int irq;
-static int __init mfgpt_setup(char *str)
-{
-        get_option(&str, &irq);
-        return 1;
-}
-__setup("mfgpt_irq=", mfgpt_setup);
-
-static void mfgpt_disable_timer(u16 clock)
-{
-        /* avoid races by clearing CMP1 and CMP2 unconditionally */
-        geode_mfgpt_write(clock, MFGPT_REG_SETUP, (u16) ~MFGPT_SETUP_CNTEN |
-                        MFGPT_SETUP_CMP1 | MFGPT_SETUP_CMP2);
-}
-
-static int mfgpt_next_event(unsigned long, struct clock_event_device *);
-static void mfgpt_set_mode(enum clock_event_mode, struct clock_event_device *);
-
-static struct clock_event_device mfgpt_clockevent = {
-        .name = "mfgpt-timer",
-        .features = CLOCK_EVT_FEAT_PERIODIC | CLOCK_EVT_FEAT_ONESHOT,
-        .set_mode = mfgpt_set_mode,
-        .set_next_event = mfgpt_next_event,
-        .rating = 250,
-        .cpumask = cpu_all_mask,
-        .shift = 32
-};
-
-static void mfgpt_start_timer(u16 delta)
-{
-        geode_mfgpt_write(mfgpt_event_clock, MFGPT_REG_CMP2, (u16) delta);
-        geode_mfgpt_write(mfgpt_event_clock, MFGPT_REG_COUNTER, 0);
-
-        geode_mfgpt_write(mfgpt_event_clock, MFGPT_REG_SETUP,
-                          MFGPT_SETUP_CNTEN | MFGPT_SETUP_CMP2);
-}
-
-static void mfgpt_set_mode(enum clock_event_mode mode,
-                           struct clock_event_device *evt)
-{
-        mfgpt_disable_timer(mfgpt_event_clock);
-
-        if (mode == CLOCK_EVT_MODE_PERIODIC)
-                mfgpt_start_timer(MFGPT_PERIODIC);
-
-        mfgpt_tick_mode = mode;
-}
-
-static int mfgpt_next_event(unsigned long delta, struct clock_event_device *evt)
-{
-        mfgpt_start_timer(delta);
-        return 0;
-}
-
-static irqreturn_t mfgpt_tick(int irq, void *dev_id)
-{
-        u16 val = geode_mfgpt_read(mfgpt_event_clock, MFGPT_REG_SETUP);
-
-        /* See if the interrupt was for us */
-        if (!(val & (MFGPT_SETUP_SETUP  | MFGPT_SETUP_CMP2 | MFGPT_SETUP_CMP1)))
-                return IRQ_NONE;
-
-        /* Turn off the clock (and clear the event) */
-        mfgpt_disable_timer(mfgpt_event_clock);
-
-        if (mfgpt_tick_mode == CLOCK_EVT_MODE_SHUTDOWN)
-                return IRQ_HANDLED;
-
-        /* Clear the counter */
-        geode_mfgpt_write(mfgpt_event_clock, MFGPT_REG_COUNTER, 0);
-
-        /* Restart the clock in periodic mode */
-
-        if (mfgpt_tick_mode == CLOCK_EVT_MODE_PERIODIC) {
-                geode_mfgpt_write(mfgpt_event_clock, MFGPT_REG_SETUP,
-                                  MFGPT_SETUP_CNTEN | MFGPT_SETUP_CMP2);
-        }
-
-        mfgpt_clockevent.event_handler(&mfgpt_clockevent);
-        return IRQ_HANDLED;
-}
-
-static struct irqaction mfgptirq  = {
-        .handler = mfgpt_tick,
-        .flags = IRQF_DISABLED | IRQF_NOBALANCING | IRQF_TIMER,
-        .name = "mfgpt-timer"
-};
-
-int __init mfgpt_timer_setup(void)
-{
-        int timer, ret;
-        u16 val;
-
-        timer = geode_mfgpt_alloc_timer(MFGPT_TIMER_ANY, MFGPT_DOMAIN_WORKING);
-        if (timer < 0) {
-                printk(KERN_ERR
-                       "mfgpt-timer:  Could not allocate a MFPGT timer\n");
-                return -ENODEV;
-        }
-
-        mfgpt_event_clock = timer;
-
-        /* Set up the IRQ on the MFGPT side */
-        if (geode_mfgpt_setup_irq(mfgpt_event_clock, MFGPT_CMP2, &irq)) {
-                printk(KERN_ERR "mfgpt-timer:  Could not set up IRQ %d\n", irq);
-                return -EIO;
-        }
-
-        /* And register it with the kernel */
-        ret = setup_irq(irq, &mfgptirq);
-
-        if (ret) {
-                printk(KERN_ERR
-                       "mfgpt-timer:  Unable to set up the interrupt.\n");
-                goto err;
-        }
-
-        /* Set the clock scale and enable the event mode for CMP2 */
-        val = MFGPT_SCALE | (3 << 8);
-
-        geode_mfgpt_write(mfgpt_event_clock, MFGPT_REG_SETUP, val);
-
-        /* Set up the clock event */
-        mfgpt_clockevent.mult = div_sc(MFGPT_HZ, NSEC_PER_SEC,
-                                       mfgpt_clockevent.shift);
-        mfgpt_clockevent.min_delta_ns = clockevent_delta2ns(0xF,
-                        &mfgpt_clockevent);
-        mfgpt_clockevent.max_delta_ns = clockevent_delta2ns(0xFFFE,
-                        &mfgpt_clockevent);
-
-        printk(KERN_INFO
-               "mfgpt-timer:  Registering MFGPT timer %d as a clock event, using IRQ %d\n",
-               timer, irq);
-        clockevents_register_device(&mfgpt_clockevent);
-
-        return 0;
-
-err:
-        geode_mfgpt_release_irq(mfgpt_event_clock, MFGPT_CMP2, &irq);
-        printk(KERN_ERR
-               "mfgpt-timer:  Unable to set up the MFGPT clock source\n");
-        return -EIO;
-}
-
-#endif
diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/microcode_amd.c
index 366baa179913..37542b67c57e 100644
--- a/arch/x86/kernel/microcode_amd.c
+++ b/arch/x86/kernel/microcode_amd.c
@@ -13,6 +13,9 @@
  *  Licensed under the terms of the GNU General Public
  *  License version 2. See file COPYING for details.
  */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/firmware.h>
 #include <linux/pci_ids.h>
 #include <linux/uaccess.h>
@@ -33,6 +36,9 @@ MODULE_LICENSE("GPL v2");
 #define UCODE_EQUIV_CPU_TABLE_TYPE 0x00000000
 #define UCODE_UCODE_TYPE           0x00000001
 
+const struct firmware *firmware;
+static int supported_cpu;
+
 struct equiv_cpu_entry {
         u32     installed_cpu;
         u32     fixed_errata_mask;
@@ -71,17 +77,14 @@ static struct equiv_cpu_entry *equiv_cpu_table;
 
 static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig)
 {
-        struct cpuinfo_x86 *c = &cpu_data(cpu);
         u32 dummy;
 
-        memset(csig, 0, sizeof(*csig));
-        if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) {
-                printk(KERN_WARNING "microcode: CPU%d: AMD CPU family 0x%x not "
-                       "supported\n", cpu, c->x86);
+        if (!supported_cpu)
                 return -1;
-        }
+
+        memset(csig, 0, sizeof(*csig));
         rdmsr(MSR_AMD64_PATCH_LEVEL, csig->rev, dummy);
-        printk(KERN_INFO "microcode: CPU%d: patch_level=0x%x\n", cpu, csig->rev);
+        pr_info("CPU%d: patch_level=0x%x\n", cpu, csig->rev);
         return 0;
 }
 
@@ -103,23 +106,16 @@ static int get_matching_microcode(int cpu, void *mc, int rev)
                 i++;
         }
 
-        if (!equiv_cpu_id) {
-                printk(KERN_WARNING "microcode: CPU%d: cpu revision "
-                       "not listed in equivalent cpu table\n", cpu);
+        if (!equiv_cpu_id)
                 return 0;
-        }
 
-        if (mc_header->processor_rev_id != equiv_cpu_id) {
-                printk(KERN_ERR "microcode: CPU%d: patch mismatch "
-                       "(processor_rev_id: %x, equiv_cpu_id: %x)\n",
-                       cpu, mc_header->processor_rev_id, equiv_cpu_id);
+        if (mc_header->processor_rev_id != equiv_cpu_id)
                 return 0;
-        }
 
         /* ucode might be chipset specific -- currently we don't support this */
         if (mc_header->nb_dev_id || mc_header->sb_dev_id) {
-                printk(KERN_ERR "microcode: CPU%d: loading of chipset "
-                       "specific code not yet supported\n", cpu);
+                pr_err("CPU%d: loading of chipset specific code not yet supported\n",
+                       cpu);
                 return 0;
         }
 
@@ -148,14 +144,12 @@ static int apply_microcode_amd(int cpu)
 
         /* check current patch id and patch's id for match */
         if (rev != mc_amd->hdr.patch_id) {
-                printk(KERN_ERR "microcode: CPU%d: update failed "
-                       "(for patch_level=0x%x)\n", cpu, mc_amd->hdr.patch_id);
+                pr_err("CPU%d: update failed (for patch_level=0x%x)\n",
+                       cpu, mc_amd->hdr.patch_id);
                 return -1;
         }
 
-        printk(KERN_INFO "microcode: CPU%d: updated (new patch_level=0x%x)\n",
-               cpu, rev);
-
+        pr_info("CPU%d: updated (new patch_level=0x%x)\n", cpu, rev);
         uci->cpu_sig.rev = rev;
 
         return 0;
@@ -178,18 +172,14 @@ get_next_ucode(const u8 *buf, unsigned int size, unsigned int *mc_size)
                 return NULL;
 
         if (section_hdr[0] != UCODE_UCODE_TYPE) {
-                printk(KERN_ERR "microcode: error: invalid type field in "
-                       "container file section header\n");
+                pr_err("error: invalid type field in container file section header\n");
                 return NULL;
         }
 
         total_size = (unsigned long) (section_hdr[4] + (section_hdr[5] << 8));
 
-        printk(KERN_DEBUG "microcode: size %u, total_size %u\n",
-               size, total_size);
-
         if (total_size > size || total_size > UCODE_MAX_SIZE) {
-                printk(KERN_ERR "microcode: error: size mismatch\n");
+                pr_err("error: size mismatch\n");
                 return NULL;
         }
 
@@ -218,15 +208,13 @@ static int install_equiv_cpu_table(const u8 *buf)
         size = buf_pos[2];
 
         if (buf_pos[1] != UCODE_EQUIV_CPU_TABLE_TYPE || !size) {
-                printk(KERN_ERR "microcode: error: invalid type field in "
-                       "container file section header\n");
+                pr_err("error: invalid type field in container file section header\n");
                 return 0;
         }
 
         equiv_cpu_table = (struct equiv_cpu_entry *) vmalloc(size);
         if (!equiv_cpu_table) {
-                printk(KERN_ERR "microcode: failed to allocate "
-                       "equivalent CPU table\n");
+                pr_err("failed to allocate equivalent CPU table\n");
                 return 0;
         }
 
@@ -259,8 +247,7 @@ generic_load_microcode(int cpu, const u8 *data, size_t size)
 
         offset = install_equiv_cpu_table(ucode_ptr);
         if (!offset) {
-                printk(KERN_ERR "microcode: failed to create "
-                       "equivalent cpu table\n");
+                pr_err("failed to create equivalent cpu table\n");
                 return UCODE_ERROR;
         }
 
@@ -291,8 +278,7 @@ generic_load_microcode(int cpu, const u8 *data, size_t size)
                 if (!leftover) {
                         vfree(uci->mc);
                         uci->mc = new_mc;
-                        pr_debug("microcode: CPU%d found a matching microcode "
-                                 "update with version 0x%x (current=0x%x)\n",
+                        pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n",
                                  cpu, new_rev, uci->cpu_sig.rev);
                 } else {
                         vfree(new_mc);
@@ -308,27 +294,26 @@ generic_load_microcode(int cpu, const u8 *data, size_t size)
 
 static enum ucode_state request_microcode_fw(int cpu, struct device *device)
 {
-        const char *fw_name = "amd-ucode/microcode_amd.bin";
-        const struct firmware *firmware;
         enum ucode_state ret;
 
-        if (request_firmware(&firmware, fw_name, device)) {
-                printk(KERN_ERR "microcode: failed to load file %s\n", fw_name);
+        if (firmware == NULL)
                 return UCODE_NFOUND;
+
+        if (*(u32 *)firmware->data != UCODE_MAGIC) {
+                pr_err("invalid UCODE_MAGIC (0x%08x)\n",
+                       *(u32 *)firmware->data);
+                return UCODE_ERROR;
         }
 
         ret = generic_load_microcode(cpu, firmware->data, firmware->size);
 
-        release_firmware(firmware);
-
         return ret;
 }
 
 static enum ucode_state
 request_microcode_user(int cpu, const void __user *buf, size_t size)
 {
-        printk(KERN_INFO "microcode: AMD microcode update via "
-               "/dev/cpu/microcode not supported\n");
+        pr_info("AMD microcode update via /dev/cpu/microcode not supported\n");
         return UCODE_ERROR;
 }
 
@@ -340,7 +325,31 @@ static void microcode_fini_cpu_amd(int cpu)
         uci->mc = NULL;
 }
 
+void init_microcode_amd(struct device *device)
+{
+        const char *fw_name = "amd-ucode/microcode_amd.bin";
+        struct cpuinfo_x86 *c = &boot_cpu_data;
+
+        WARN_ON(c->x86_vendor != X86_VENDOR_AMD);
+
+        if (c->x86 < 0x10) {
+                pr_warning("AMD CPU family 0x%x not supported\n", c->x86);
+                return;
+        }
+        supported_cpu = 1;
+
+        if (request_firmware(&firmware, fw_name, device))
+                pr_err("failed to load file %s\n", fw_name);
+}
+
+void fini_microcode_amd(void)
+{
+        release_firmware(firmware);
+}
+
 static struct microcode_ops microcode_amd_ops = {
+        .init                             = init_microcode_amd,
+        .fini                             = fini_microcode_amd,
         .request_microcode_user           = request_microcode_user,
         .request_microcode_fw             = request_microcode_fw,
         .collect_cpu_info                 = collect_cpu_info_amd,
diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c
index 378e9a8f1bf8..0c8632433090 100644
--- a/arch/x86/kernel/microcode_core.c
+++ b/arch/x86/kernel/microcode_core.c
@@ -70,10 +70,12 @@
  *              Fix sigmatch() macro to handle old CPUs with pf == 0.
  *              Thanks to Stuart Swales for pointing out this bug.
  */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/platform_device.h>
 #include <linux/miscdevice.h>
 #include <linux/capability.h>
-#include <linux/smp_lock.h>
 #include <linux/kernel.h>
 #include <linux/module.h>
 #include <linux/mutex.h>
@@ -201,7 +203,6 @@ static int do_microcode_update(const void __user *buf, size_t size)
 
 static int microcode_open(struct inode *unused1, struct file *unused2)
 {
-        cycle_kernel_lock();
         return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
 }
 
@@ -211,7 +212,7 @@ static ssize_t microcode_write(struct file *file, const char __user *buf,
         ssize_t ret = -EINVAL;
 
         if ((len >> PAGE_SHIFT) > totalram_pages) {
-                pr_err("microcode: too much data (max %ld pages)\n", totalram_pages);
+                pr_err("too much data (max %ld pages)\n", totalram_pages);
                 return ret;
         }
 
@@ -246,7 +247,7 @@ static int __init microcode_dev_init(void)
 
         error = misc_register(&microcode_dev);
         if (error) {
-                pr_err("microcode: can't misc_register on minor=%d\n", MICROCODE_MINOR);
+                pr_err("can't misc_register on minor=%d\n", MICROCODE_MINOR);
                 return error;
         }
 
@@ -361,7 +362,7 @@ static enum ucode_state microcode_resume_cpu(int cpu)
         if (!uci->mc)
                 return UCODE_NFOUND;
 
-        pr_debug("microcode: CPU%d updated upon resume\n", cpu);
+        pr_debug("CPU%d updated upon resume\n", cpu);
         apply_microcode_on_target(cpu);
 
         return UCODE_OK;
@@ -381,7 +382,7 @@ static enum ucode_state microcode_init_cpu(int cpu)
         ustate = microcode_ops->request_microcode_fw(cpu, &microcode_pdev->dev);
 
         if (ustate == UCODE_OK) {
-                pr_debug("microcode: CPU%d updated upon init\n", cpu);
+                pr_debug("CPU%d updated upon init\n", cpu);
                 apply_microcode_on_target(cpu);
         }
 
@@ -408,7 +409,7 @@ static int mc_sysdev_add(struct sys_device *sys_dev)
         if (!cpu_online(cpu))
                 return 0;
 
-        pr_debug("microcode: CPU%d added\n", cpu);
+        pr_debug("CPU%d added\n", cpu);
 
         err = sysfs_create_group(&sys_dev->kobj, &mc_attr_group);
         if (err)
@@ -427,7 +428,7 @@ static int mc_sysdev_remove(struct sys_device *sys_dev)
         if (!cpu_online(cpu))
                 return 0;
 
-        pr_debug("microcode: CPU%d removed\n", cpu);
+        pr_debug("CPU%d removed\n", cpu);
         microcode_fini_cpu(cpu);
         sysfs_remove_group(&sys_dev->kobj, &mc_attr_group);
         return 0;
@@ -475,15 +476,15 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu)
                 microcode_update_cpu(cpu);
         case CPU_DOWN_FAILED:
         case CPU_DOWN_FAILED_FROZEN:
-                pr_debug("microcode: CPU%d added\n", cpu);
+                pr_debug("CPU%d added\n", cpu);
                 if (sysfs_create_group(&sys_dev->kobj, &mc_attr_group))
-                        pr_err("microcode: Failed to create group for CPU%d\n", cpu);
+                        pr_err("Failed to create group for CPU%d\n", cpu);
                 break;
         case CPU_DOWN_PREPARE:
         case CPU_DOWN_PREPARE_FROZEN:
                 /* Suspend is in progress, only remove the interface */
                 sysfs_remove_group(&sys_dev->kobj, &mc_attr_group);
-                pr_debug("microcode: CPU%d removed\n", cpu);
+                pr_debug("CPU%d removed\n", cpu);
                 break;
         case CPU_DEAD:
         case CPU_UP_CANCELED_FROZEN:
@@ -509,7 +510,7 @@ static int __init microcode_init(void)
                 microcode_ops = init_amd_microcode();
 
         if (!microcode_ops) {
-                pr_err("microcode: no support for this CPU vendor\n");
+                pr_err("no support for this CPU vendor\n");
                 return -ENODEV;
         }
 
@@ -520,6 +521,9 @@ static int __init microcode_init(void)
                 return PTR_ERR(microcode_pdev);
         }
 
+        if (microcode_ops->init)
+                microcode_ops->init(&microcode_pdev->dev);
+
         get_online_cpus();
         mutex_lock(&microcode_mutex);
 
@@ -540,8 +544,7 @@ static int __init microcode_init(void)
         register_hotcpu_notifier(&mc_cpu_notifier);
 
         pr_info("Microcode Update Driver: v" MICROCODE_VERSION
-               " <tigran@aivazian.fsnet.co.uk>,"
-               " Peter Oruba\n");
+                " <tigran@aivazian.fsnet.co.uk>, Peter Oruba\n");
 
         return 0;
 }
@@ -563,6 +566,9 @@ static void __exit microcode_exit(void)
 
         platform_device_unregister(microcode_pdev);
 
+        if (microcode_ops->fini)
+                microcode_ops->fini();
+
         microcode_ops = NULL;
 
         pr_info("Microcode Update Driver: v" MICROCODE_VERSION " removed.\n");
diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c
index 0d334ddd0a96..ebd193e476ca 100644
--- a/arch/x86/kernel/microcode_intel.c
+++ b/arch/x86/kernel/microcode_intel.c
@@ -70,6 +70,9 @@
  *              Fix sigmatch() macro to handle old CPUs with pf == 0.
  *              Thanks to Stuart Swales for pointing out this bug.
  */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/firmware.h>
 #include <linux/uaccess.h>
 #include <linux/kernel.h>
@@ -146,8 +149,7 @@ static int collect_cpu_info(int cpu_num, struct cpu_signature *csig)
 
         if (c->x86_vendor != X86_VENDOR_INTEL || c->x86 < 6 ||
             cpu_has(c, X86_FEATURE_IA64)) {
-                printk(KERN_ERR "microcode: CPU%d not a capable Intel "
-                        "processor\n", cpu_num);
+                pr_err("CPU%d not a capable Intel processor\n", cpu_num);
                 return -1;
         }
 
@@ -165,8 +167,8 @@ static int collect_cpu_info(int cpu_num, struct cpu_signature *csig)
         /* get the current revision from MSR 0x8B */
         rdmsr(MSR_IA32_UCODE_REV, val[0], csig->rev);
 
-        printk(KERN_INFO "microcode: CPU%d sig=0x%x, pf=0x%x, revision=0x%x\n",
-                        cpu_num, csig->sig, csig->pf, csig->rev);
+        pr_info("CPU%d sig=0x%x, pf=0x%x, revision=0x%x\n",
+                cpu_num, csig->sig, csig->pf, csig->rev);
 
         return 0;
 }
@@ -194,28 +196,24 @@ static int microcode_sanity_check(void *mc)
         data_size = get_datasize(mc_header);
 
         if (data_size + MC_HEADER_SIZE > total_size) {
-                printk(KERN_ERR "microcode: error! "
-                                "Bad data size in microcode data file\n");
+                pr_err("error! Bad data size in microcode data file\n");
                 return -EINVAL;
         }
 
         if (mc_header->ldrver != 1 || mc_header->hdrver != 1) {
-                printk(KERN_ERR "microcode: error! "
-                                "Unknown microcode update format\n");
+                pr_err("error! Unknown microcode update format\n");
                 return -EINVAL;
         }
         ext_table_size = total_size - (MC_HEADER_SIZE + data_size);
         if (ext_table_size) {
                 if ((ext_table_size < EXT_HEADER_SIZE)
                  || ((ext_table_size - EXT_HEADER_SIZE) % EXT_SIGNATURE_SIZE)) {
-                        printk(KERN_ERR "microcode: error! "
-                                "Small exttable size in microcode data file\n");
+                        pr_err("error! Small exttable size in microcode data file\n");
                         return -EINVAL;
                 }
                 ext_header = mc + MC_HEADER_SIZE + data_size;
                 if (ext_table_size != exttable_size(ext_header)) {
-                        printk(KERN_ERR "microcode: error! "
-                                "Bad exttable size in microcode data file\n");
+                        pr_err("error! Bad exttable size in microcode data file\n");
                         return -EFAULT;
                 }
                 ext_sigcount = ext_header->count;
@@ -230,8 +228,7 @@ static int microcode_sanity_check(void *mc)
                 while (i--)
                         ext_table_sum += ext_tablep[i];
                 if (ext_table_sum) {
-                        printk(KERN_WARNING "microcode: aborting, "
-                                "bad extended signature table checksum\n");
+                        pr_warning("aborting, bad extended signature table checksum\n");
                         return -EINVAL;
                 }
         }
@@ -242,7 +239,7 @@ static int microcode_sanity_check(void *mc)
         while (i--)
                 orig_sum += ((int *)mc)[i];
         if (orig_sum) {
-                printk(KERN_ERR "microcode: aborting, bad checksum\n");
+                pr_err("aborting, bad checksum\n");
                 return -EINVAL;
         }
         if (!ext_table_size)
@@ -255,7 +252,7 @@ static int microcode_sanity_check(void *mc)
                         - (mc_header->sig + mc_header->pf + mc_header->cksum)
                         + (ext_sig->sig + ext_sig->pf + ext_sig->cksum);
                 if (sum) {
-                        printk(KERN_ERR "microcode: aborting, bad checksum\n");
+                        pr_err("aborting, bad checksum\n");
                         return -EINVAL;
                 }
         }
@@ -327,13 +324,11 @@ static int apply_microcode(int cpu)
         rdmsr(MSR_IA32_UCODE_REV, val[0], val[1]);
 
         if (val[1] != mc_intel->hdr.rev) {
-                printk(KERN_ERR "microcode: CPU%d update "
-                                "to revision 0x%x failed\n",
-                        cpu_num, mc_intel->hdr.rev);
+                pr_err("CPU%d update to revision 0x%x failed\n",
+                       cpu_num, mc_intel->hdr.rev);
                 return -1;
         }
-        printk(KERN_INFO "microcode: CPU%d updated to revision "
-                         "0x%x, date = %04x-%02x-%02x \n",
+        pr_info("CPU%d updated to revision 0x%x, date = %04x-%02x-%02x \n",
                 cpu_num, val[1],
                 mc_intel->hdr.date & 0xffff,
                 mc_intel->hdr.date >> 24,
@@ -362,8 +357,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
 
                 mc_size = get_totalsize(&mc_header);
                 if (!mc_size || mc_size > leftover) {
-                        printk(KERN_ERR "microcode: error!"
-                                        "Bad data in microcode data file\n");
+                        pr_err("error! Bad data in microcode data file\n");
                         break;
                 }
 
@@ -405,9 +399,8 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
                 vfree(uci->mc);
         uci->mc = (struct microcode_intel *)new_mc;
 
-        pr_debug("microcode: CPU%d found a matching microcode update with"
-                 " version 0x%x (current=0x%x)\n",
-                        cpu, new_rev, uci->cpu_sig.rev);
+        pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n",
+                 cpu, new_rev, uci->cpu_sig.rev);
 out:
         return state;
 }
@@ -429,7 +422,7 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device)
                 c->x86, c->x86_model, c->x86_mask);
 
         if (request_firmware(&firmware, name, device)) {
-                pr_debug("microcode: data file %s load failed\n", name);
+                pr_debug("data file %s load failed\n", name);
                 return UCODE_NFOUND;
         }
 
diff --git a/arch/x86/kernel/mpparse.c b/arch/x86/kernel/mpparse.c
index 5be95ef4ffec..40b54ceb68b5 100644
--- a/arch/x86/kernel/mpparse.c
+++ b/arch/x86/kernel/mpparse.c
@@ -667,36 +667,18 @@ void __init default_get_smp_config(unsigned int early)
          */
 }
 
-static void __init smp_reserve_bootmem(struct mpf_intel *mpf)
+static void __init smp_reserve_memory(struct mpf_intel *mpf)
 {
         unsigned long size = get_mpc_size(mpf->physptr);
-#ifdef CONFIG_X86_32
-        /*
-         * We cannot access to MPC table to compute table size yet,
-         * as only few megabytes from the bottom is mapped now.
-         * PC-9800's MPC table places on the very last of physical
-         * memory; so that simply reserving PAGE_SIZE from mpf->physptr
-         * yields BUG() in reserve_bootmem.
-         * also need to make sure physptr is below than max_low_pfn
-         * we don't need reserve the area above max_low_pfn
-         */
-        unsigned long end = max_low_pfn * PAGE_SIZE;
 
-        if (mpf->physptr < end) {
-                if (mpf->physptr + size > end)
-                        size = end - mpf->physptr;
-                reserve_bootmem_generic(mpf->physptr, size, BOOTMEM_DEFAULT);
-        }
-#else
-        reserve_bootmem_generic(mpf->physptr, size, BOOTMEM_DEFAULT);
-#endif
+        reserve_early(mpf->physptr, mpf->physptr+size, "MP-table mpc");
 }
 
-static int __init smp_scan_config(unsigned long base, unsigned long length,
-                                  unsigned reserve)
+static int __init smp_scan_config(unsigned long base, unsigned long length)
 {
         unsigned int *bp = phys_to_virt(base);
         struct mpf_intel *mpf;
+        unsigned long mem;
 
         apic_printk(APIC_VERBOSE, "Scan SMP from %p for %ld bytes.\n",
                         bp, length);
@@ -717,12 +699,10 @@ static int __init smp_scan_config(unsigned long base, unsigned long length,
                         printk(KERN_INFO "found SMP MP-table at [%p] %llx\n",
                                mpf, (u64)virt_to_phys(mpf));
 
-                        if (!reserve)
-                                return 1;
-                        reserve_bootmem_generic(virt_to_phys(mpf), sizeof(*mpf),
-                                                BOOTMEM_DEFAULT);
+                        mem = virt_to_phys(mpf);
+                        reserve_early(mem, mem + sizeof(*mpf), "MP-table mpf");
                         if (mpf->physptr)
-                                smp_reserve_bootmem(mpf);
+                                smp_reserve_memory(mpf);
 
                         return 1;
                 }
@@ -732,7 +712,7 @@ static int __init smp_scan_config(unsigned long base, unsigned long length,
         return 0;
 }
 
-void __init default_find_smp_config(unsigned int reserve)
+void __init default_find_smp_config(void)
 {
         unsigned int address;
 
@@ -744,9 +724,9 @@ void __init default_find_smp_config(unsigned int reserve)
          * 2) Scan the top 1K of base RAM
          * 3) Scan the 64K of bios
          */
-        if (smp_scan_config(0x0, 0x400, reserve) ||
-            smp_scan_config(639 * 0x400, 0x400, reserve) ||
-            smp_scan_config(0xF0000, 0x10000, reserve))
+        if (smp_scan_config(0x0, 0x400) ||
+            smp_scan_config(639 * 0x400, 0x400) ||
+            smp_scan_config(0xF0000, 0x10000))
                 return;
         /*
          * If it is an SMP machine we should know now, unless the
@@ -767,7 +747,7 @@ void __init default_find_smp_config(unsigned int reserve)
 
         address = get_bios_ebda();
         if (address)
-                smp_scan_config(address, 0x400, reserve);
+                smp_scan_config(address, 0x400);
 }
 
 #ifdef CONFIG_X86_IO_APIC
@@ -965,9 +945,6 @@ void __init early_reserve_e820_mpc_new(void)
 {
         if (enable_update_mptable && alloc_mptable) {
                 u64 startt = 0;
-#ifdef CONFIG_X86_TRAMPOLINE
-                startt = TRAMPOLINE_BASE;
-#endif
                 mpc_new_phys = early_reserve_e820(startt, mpc_new_length, 4);
         }
 }
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index 6a3cefc7dda1..4bd93c9b2b27 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -172,23 +172,18 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
 
 static int msr_open(struct inode *inode, struct file *file)
 {
-        unsigned int cpu = iminor(file->f_path.dentry->d_inode);
-        struct cpuinfo_x86 *c = &cpu_data(cpu);
-        int ret = 0;
+        unsigned int cpu;
+        struct cpuinfo_x86 *c;
 
-        lock_kernel();
         cpu = iminor(file->f_path.dentry->d_inode);
+        if (cpu >= nr_cpu_ids || !cpu_online(cpu))
+                return -ENXIO;  /* No such CPU */
 
-        if (cpu >= nr_cpu_ids || !cpu_online(cpu)) {
-                ret = -ENXIO;   /* No such CPU */
-                goto out;
-        }
         c = &cpu_data(cpu);
         if (!cpu_has(c, X86_FEATURE_MSR))
-                ret = -EIO;     /* MSR not supported */
-out:
-        unlock_kernel();
-        return ret;
+                return -EIO;    /* MSR not supported */
+
+        return 0;
 }
 
 /*
@@ -251,7 +246,7 @@ static int __init msr_init(void)
         int i, err = 0;
         i = 0;
 
-        if (register_chrdev(MSR_MAJOR, "cpu/msr", &msr_fops)) {
+        if (__register_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr", &msr_fops)) {
                 printk(KERN_ERR "msr: unable to get major %d for msr\n",
                        MSR_MAJOR);
                 err = -EBUSY;
@@ -279,7 +274,7 @@ out_class:
                 msr_device_destroy(i);
         class_destroy(msr_class);
 out_chrdev:
-        unregister_chrdev(MSR_MAJOR, "cpu/msr");
+        __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr");
 out:
         return err;
 }
diff --git a/arch/x86/kernel/olpc.c b/arch/x86/kernel/olpc.c
index 4006c522adc7..9d1d263f786f 100644
--- a/arch/x86/kernel/olpc.c
+++ b/arch/x86/kernel/olpc.c
@@ -212,7 +212,7 @@ static int __init olpc_init(void)
         unsigned char *romsig;
 
         /* The ioremap check is dangerous; limit what we run it on */
-        if (!is_geode() || geode_has_vsa2())
+        if (!is_geode() || cs5535_has_vsa2())
                 return 0;
 
         spin_lock_init(&ec_lock);
@@ -244,7 +244,7 @@ static int __init olpc_init(void)
                         (unsigned char *) &olpc_platform_info.ecver, 1);
 
         /* check to see if the VSA exists */
-        if (geode_has_vsa2())
+        if (cs5535_has_vsa2())
                 olpc_platform_info.flags |= OLPC_F_VSA;
 
         printk(KERN_INFO "OLPC board revision %s%X (EC=%x)\n",
diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c
index 3a7c5a44082e..676b8c77a976 100644
--- a/arch/x86/kernel/paravirt-spinlocks.c
+++ b/arch/x86/kernel/paravirt-spinlocks.c
@@ -8,9 +8,9 @@
 #include <asm/paravirt.h>
 
 static inline void
-default_spin_lock_flags(raw_spinlock_t *lock, unsigned long flags)
+default_spin_lock_flags(arch_spinlock_t *lock, unsigned long flags)
 {
-        __raw_spin_lock(lock);
+        arch_spin_lock(lock);
 }
 
 struct pv_lock_ops pv_lock_ops = {
diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c
index 971a3bec47a8..2bbde6078143 100644
--- a/arch/x86/kernel/pci-calgary_64.c
+++ b/arch/x86/kernel/pci-calgary_64.c
@@ -31,7 +31,7 @@
 #include <linux/string.h>
 #include <linux/crash_dump.h>
 #include <linux/dma-mapping.h>
-#include <linux/bitops.h>
+#include <linux/bitmap.h>
 #include <linux/pci_ids.h>
 #include <linux/pci.h>
 #include <linux/delay.h>
@@ -46,6 +46,7 @@
 #include <asm/dma.h>
 #include <asm/rio.h>
 #include <asm/bios_ebda.h>
+#include <asm/x86_init.h>
 
 #ifdef CONFIG_CALGARY_IOMMU_ENABLED_BY_DEFAULT
 int use_calgary __read_mostly = 1;
@@ -211,7 +212,7 @@ static void iommu_range_reserve(struct iommu_table *tbl,
 
         spin_lock_irqsave(&tbl->it_lock, flags);
 
-        iommu_area_reserve(tbl->it_map, index, npages);
+        bitmap_set(tbl->it_map, index, npages);
 
         spin_unlock_irqrestore(&tbl->it_lock, flags);
 }
@@ -244,7 +245,7 @@ static unsigned long iommu_range_alloc(struct device *dev,
                         if (panic_on_overflow)
                                 panic("Calgary: fix the allocator.\n");
                         else
-                                return bad_dma_address;
+                                return DMA_ERROR_CODE;
                 }
         }
 
@@ -260,12 +261,15 @@ static dma_addr_t iommu_alloc(struct device *dev, struct iommu_table *tbl,
                               void *vaddr, unsigned int npages, int direction)
 {
         unsigned long entry;
-        dma_addr_t ret = bad_dma_address;
+        dma_addr_t ret;
 
         entry = iommu_range_alloc(dev, tbl, npages);
 
-        if (unlikely(entry == bad_dma_address))
-                goto error;
+        if (unlikely(entry == DMA_ERROR_CODE)) {
+                printk(KERN_WARNING "Calgary: failed to allocate %u pages in "
+                       "iommu %p\n", npages, tbl);
+                return DMA_ERROR_CODE;
+        }
 
         /* set the return dma address */
         ret = (entry << PAGE_SHIFT) | ((unsigned long)vaddr & ~PAGE_MASK);
@@ -273,13 +277,7 @@ static dma_addr_t iommu_alloc(struct device *dev, struct iommu_table *tbl,
         /* put the TCEs in the HW table */
         tce_build(tbl, entry, npages, (unsigned long)vaddr & PAGE_MASK,
                   direction);
-
         return ret;
-
-error:
-        printk(KERN_WARNING "Calgary: failed to allocate %u pages in "
-               "iommu %p\n", npages, tbl);
-        return bad_dma_address;
 }
 
 static void iommu_free(struct iommu_table *tbl, dma_addr_t dma_addr,
@@ -290,8 +288,8 @@ static void iommu_free(struct iommu_table *tbl, dma_addr_t dma_addr,
         unsigned long flags;
 
         /* were we called with bad_dma_address? */
-        badend = bad_dma_address + (EMERGENCY_PAGES * PAGE_SIZE);
-        if (unlikely((dma_addr >= bad_dma_address) && (dma_addr < badend))) {
+        badend = DMA_ERROR_CODE + (EMERGENCY_PAGES * PAGE_SIZE);
+        if (unlikely((dma_addr >= DMA_ERROR_CODE) && (dma_addr < badend))) {
                 WARN(1, KERN_ERR "Calgary: driver tried unmapping bad DMA "
                        "address 0x%Lx\n", dma_addr);
                 return;
@@ -305,7 +303,7 @@ static void iommu_free(struct iommu_table *tbl, dma_addr_t dma_addr,
 
         spin_lock_irqsave(&tbl->it_lock, flags);
 
-        iommu_area_free(tbl->it_map, entry, npages);
+        bitmap_clear(tbl->it_map, entry, npages);
 
         spin_unlock_irqrestore(&tbl->it_lock, flags);
 }
@@ -318,13 +316,15 @@ static inline struct iommu_table *find_iommu_table(struct device *dev)
 
         pdev = to_pci_dev(dev);
 
+        /* search up the device tree for an iommu */
         pbus = pdev->bus;
-
-        /* is the device behind a bridge? Look for the root bus */
-        while (pbus->parent)
+        do {
+                tbl = pci_iommu(pbus);
+                if (tbl && tbl->it_busno == pbus->number)
+                        break;
+                tbl = NULL;
                 pbus = pbus->parent;
-
-        tbl = pci_iommu(pbus);
+        } while (pbus);
 
         BUG_ON(tbl && (tbl->it_busno != pbus->number));
 
@@ -373,7 +373,7 @@ static int calgary_map_sg(struct device *dev, struct scatterlist *sg,
                 npages = iommu_num_pages(vaddr, s->length, PAGE_SIZE);
 
                 entry = iommu_range_alloc(dev, tbl, npages);
-                if (entry == bad_dma_address) {
+                if (entry == DMA_ERROR_CODE) {
                         /* makes sure unmap knows to stop */
                         s->dma_length = 0;
                         goto error;
@@ -391,7 +391,7 @@ static int calgary_map_sg(struct device *dev, struct scatterlist *sg,
 error:
         calgary_unmap_sg(dev, sg, nelems, dir, NULL);
         for_each_sg(sg, s, nelems, i) {
-                sg->dma_address = bad_dma_address;
+                sg->dma_address = DMA_ERROR_CODE;
                 sg->dma_length = 0;
         }
         return 0;
@@ -446,7 +446,7 @@ static void* calgary_alloc_coherent(struct device *dev, size_t size,
 
         /* set up tces to cover the allocated range */
         mapping = iommu_alloc(dev, tbl, ret, npages, DMA_BIDIRECTIONAL);
-        if (mapping == bad_dma_address)
+        if (mapping == DMA_ERROR_CODE)
                 goto free;
         *dma_handle = mapping;
         return ret;
@@ -727,7 +727,7 @@ static void __init calgary_reserve_regions(struct pci_dev *dev)
         struct iommu_table *tbl = pci_iommu(dev->bus);
 
         /* reserve EMERGENCY_PAGES from bad_dma_address and up */
-        iommu_range_reserve(tbl, bad_dma_address, EMERGENCY_PAGES);
+        iommu_range_reserve(tbl, DMA_ERROR_CODE, EMERGENCY_PAGES);
 
         /* avoid the BIOS/VGA first 640KB-1MB region */
         /* for CalIOC2 - avoid the entire first MB */
@@ -1344,6 +1344,23 @@ static void __init get_tce_space_from_tar(void)
         return;
 }
 
+static int __init calgary_iommu_init(void)
+{
+        int ret;
+
+        /* ok, we're trying to use Calgary - let's roll */
+        printk(KERN_INFO "PCI-DMA: Using Calgary IOMMU\n");
+
+        ret = calgary_init();
+        if (ret) {
+                printk(KERN_ERR "PCI-DMA: Calgary init failed %d, "
+                       "falling back to no_iommu\n", ret);
+                return ret;
+        }
+
+        return 0;
+}
+
 void __init detect_calgary(void)
 {
         int bus;
@@ -1357,7 +1374,7 @@ void __init detect_calgary(void)
          * if the user specified iommu=off or iommu=soft or we found
          * another HW IOMMU already, bail out.
          */
-        if (swiotlb || no_iommu || iommu_detected)
+        if (no_iommu || iommu_detected)
                 return;
 
         if (!use_calgary)
@@ -1442,9 +1459,7 @@ void __init detect_calgary(void)
                 printk(KERN_INFO "PCI-DMA: Calgary TCE table spec is %d\n",
                        specified_table_size);
 
-                /* swiotlb for devices that aren't behind the Calgary. */
-                if (max_pfn > MAX_DMA32_PFN)
-                        swiotlb = 1;
+                x86_init.iommu.iommu_init = calgary_iommu_init;
         }
         return;
 
@@ -1457,35 +1472,6 @@ cleanup:
         }
 }
 
-int __init calgary_iommu_init(void)
-{
-        int ret;
-
-        if (no_iommu || (swiotlb && !calgary_detected))
-                return -ENODEV;
-
-        if (!calgary_detected)
-                return -ENODEV;
-
-        /* ok, we're trying to use Calgary - let's roll */
-        printk(KERN_INFO "PCI-DMA: Using Calgary IOMMU\n");
-
-        ret = calgary_init();
-        if (ret) {
-                printk(KERN_ERR "PCI-DMA: Calgary init failed %d, "
-                       "falling back to no_iommu\n", ret);
-                return ret;
-        }
-
-        force_iommu = 1;
-        bad_dma_address = 0x0;
-        /* dma_ops is set to swiotlb or nommu */
-        if (!dma_ops)
-                dma_ops = &nommu_dma_ops;
-
-        return 0;
-}
-
 static int __init calgary_parse_options(char *p)
 {
         unsigned int bridge;
diff --git a/arch/x86/kernel/pci-dma.c b/arch/x86/kernel/pci-dma.c
index 64b838eac18c..75e14e21f61a 100644
--- a/arch/x86/kernel/pci-dma.c
+++ b/arch/x86/kernel/pci-dma.c
@@ -11,10 +11,11 @@
 #include <asm/gart.h>
 #include <asm/calgary.h>
 #include <asm/amd_iommu.h>
+#include <asm/x86_init.h>
 
 static int forbid_dac __read_mostly;
 
-struct dma_map_ops *dma_ops;
+struct dma_map_ops *dma_ops = &nommu_dma_ops;
 EXPORT_SYMBOL(dma_ops);
 
 static int iommu_sac_force __read_mostly;
@@ -35,22 +36,17 @@ int iommu_detected __read_mostly = 0;
 
 /*
  * This variable becomes 1 if iommu=pt is passed on the kernel command line.
- * If this variable is 1, IOMMU implementations do no DMA ranslation for
+ * If this variable is 1, IOMMU implementations do no DMA translation for
  * devices and allow every device to access to whole physical memory. This is
  * useful if a user want to use an IOMMU only for KVM device assignment to
  * guests and not for driver dma translation.
  */
 int iommu_pass_through __read_mostly;
 
-dma_addr_t bad_dma_address __read_mostly = 0;
-EXPORT_SYMBOL(bad_dma_address);
-
-/* Dummy device used for NULL arguments (normally ISA). Better would
-   be probably a smaller DMA mask, but this is bug-to-bug compatible
-   to older i386. */
+/* Dummy device used for NULL arguments (normally ISA). */
 struct device x86_dma_fallback_dev = {
         .init_name = "fallback device",
-        .coherent_dma_mask = DMA_BIT_MASK(32),
+        .coherent_dma_mask = ISA_DMA_BIT_MASK,
         .dma_mask = &x86_dma_fallback_dev.coherent_dma_mask,
 };
 EXPORT_SYMBOL(x86_dma_fallback_dev);
@@ -128,19 +124,18 @@ void __init pci_iommu_alloc(void)
         /* free the range so iommu could get some range less than 4G */
         dma32_free_bootmem();
 #endif
+        if (pci_swiotlb_detect())
+                goto out;
 
-        /*
-         * The order of these functions is important for
-         * fall-back/fail-over reasons
-         */
         gart_iommu_hole_init();
 
         detect_calgary();
 
         detect_intel_iommu();
 
+        /* needs to be called after gart_iommu_hole_init */
         amd_iommu_detect();
-
+out:
         pci_swiotlb_init();
 }
 
@@ -216,7 +211,7 @@ static __init int iommu_setup(char *p)
                 if (!strncmp(p, "allowdac", 8))
                         forbid_dac = 0;
                 if (!strncmp(p, "nodac", 5))
-                        forbid_dac = -1;
+                        forbid_dac = 1;
                 if (!strncmp(p, "usedac", 6)) {
                         forbid_dac = -1;
                         return 1;
@@ -291,27 +286,19 @@ static int __init pci_iommu_init(void)
 #ifdef CONFIG_PCI
         dma_debug_add_bus(&pci_bus_type);
 #endif
+        x86_init.iommu.iommu_init();
 
-        calgary_iommu_init();
-
-        intel_iommu_init();
+        if (swiotlb) {
+                printk(KERN_INFO "PCI-DMA: "
+                       "Using software bounce buffering for IO (SWIOTLB)\n");
+                swiotlb_print_info();
+        } else
+                swiotlb_free();
 
-        amd_iommu_init();
-
-        gart_iommu_init();
-
-        no_iommu_init();
         return 0;
 }
-
-void pci_iommu_shutdown(void)
-{
-        gart_iommu_shutdown();
-
-        amd_iommu_shutdown();
-}
 /* Must execute after PCI subsystem */
-fs_initcall(pci_iommu_init);
+rootfs_initcall(pci_iommu_init);
 
 #ifdef CONFIG_PCI
 /* Many VIA bridges seem to corrupt data for DAC. Disable it here */
diff --git a/arch/x86/kernel/pci-gart_64.c b/arch/x86/kernel/pci-gart_64.c
index 98a827ee9ed7..34de53b46f87 100644
--- a/arch/x86/kernel/pci-gart_64.c
+++ b/arch/x86/kernel/pci-gart_64.c
@@ -16,13 +16,14 @@
 #include <linux/agp_backend.h>
 #include <linux/init.h>
 #include <linux/mm.h>
+#include <linux/sched.h>
 #include <linux/string.h>
 #include <linux/spinlock.h>
 #include <linux/pci.h>
 #include <linux/module.h>
 #include <linux/topology.h>
 #include <linux/interrupt.h>
-#include <linux/bitops.h>
+#include <linux/bitmap.h>
 #include <linux/kdebug.h>
 #include <linux/scatterlist.h>
 #include <linux/iommu-helper.h>
@@ -38,6 +39,7 @@
 #include <asm/swiotlb.h>
 #include <asm/dma.h>
 #include <asm/k8.h>
+#include <asm/x86_init.h>
 
 static unsigned long iommu_bus_base;    /* GART remapping area (physical) */
 static unsigned long iommu_size;        /* size of remapping area bytes */
@@ -45,6 +47,8 @@ static unsigned long iommu_pages;	/* .. and in pages */
 
 static u32 *iommu_gatt_base;            /* Remapping table */
 
+static dma_addr_t bad_dma_addr;
+
 /*
  * If this is disabled the IOMMU will use an optimized flushing strategy
  * of only flushing when an mapping is reused. With it true the GART is
@@ -91,7 +95,7 @@ static unsigned long alloc_iommu(struct device *dev, int size,
 
         base_index = ALIGN(iommu_bus_base & dma_get_seg_boundary(dev),
                            PAGE_SIZE) >> PAGE_SHIFT;
-        boundary_size = ALIGN((unsigned long long)dma_get_seg_boundary(dev) + 1,
+        boundary_size = ALIGN((u64)dma_get_seg_boundary(dev) + 1,
                               PAGE_SIZE) >> PAGE_SHIFT;
 
         spin_lock_irqsave(&iommu_bitmap_lock, flags);
@@ -122,7 +126,7 @@ static void free_iommu(unsigned long offset, int size)
         unsigned long flags;
 
         spin_lock_irqsave(&iommu_bitmap_lock, flags);
-        iommu_area_free(iommu_gart_bitmap, offset, size);
+        bitmap_clear(iommu_gart_bitmap, offset, size);
         if (offset >= next_bit)
                 next_bit = offset + size;
         spin_unlock_irqrestore(&iommu_bitmap_lock, flags);
@@ -215,7 +219,7 @@ static dma_addr_t dma_map_area(struct device *dev, dma_addr_t phys_mem,
                 if (panic_on_overflow)
                         panic("dma_map_area overflow %lu bytes\n", size);
                 iommu_full(dev, size, dir);
-                return bad_dma_address;
+                return bad_dma_addr;
         }
 
         for (i = 0; i < npages; i++) {
@@ -293,7 +297,7 @@ static int dma_map_sg_nonforce(struct device *dev, struct scatterlist *sg,
         int i;
 
 #ifdef CONFIG_IOMMU_DEBUG
-        printk(KERN_DEBUG "dma_map_sg overflow\n");
+        pr_debug("dma_map_sg overflow\n");
 #endif
 
         for_each_sg(sg, s, nents, i) {
@@ -301,7 +305,7 @@ static int dma_map_sg_nonforce(struct device *dev, struct scatterlist *sg,
 
                 if (nonforced_iommu(dev, addr, s->length)) {
                         addr = dma_map_area(dev, addr, s->length, dir, 0);
-                        if (addr == bad_dma_address) {
+                        if (addr == bad_dma_addr) {
                                 if (i > 0)
                                         gart_unmap_sg(dev, sg, i, dir, NULL);
                                 nents = 0;
@@ -388,12 +392,14 @@ static int gart_map_sg(struct device *dev, struct scatterlist *sg, int nents,
         if (!dev)
                 dev = &x86_dma_fallback_dev;
 
-        out = 0;
-        start = 0;
-        start_sg = sgmap = sg;
-        seg_size = 0;
-        max_seg_size = dma_get_max_seg_size(dev);
-        ps = NULL; /* shut up gcc */
+        out             = 0;
+        start           = 0;
+        start_sg        = sg;
+        sgmap           = sg;
+        seg_size        = 0;
+        max_seg_size    = dma_get_max_seg_size(dev);
+        ps              = NULL; /* shut up gcc */
+
         for_each_sg(sg, s, nents, i) {
                 dma_addr_t addr = sg_phys(s);
 
@@ -416,11 +422,12 @@ static int gart_map_sg(struct device *dev, struct scatterlist *sg, int nents,
                                                  sgmap, pages, need) < 0)
                                         goto error;
                                 out++;
-                                seg_size = 0;
-                                sgmap = sg_next(sgmap);
-                                pages = 0;
-                                start = i;
-                                start_sg = s;
+
+                                seg_size        = 0;
+                                sgmap           = sg_next(sgmap);
+                                pages           = 0;
+                                start           = i;
+                                start_sg        = s;
                         }
                 }
 
@@ -454,7 +461,7 @@ error:
 
         iommu_full(dev, pages << PAGE_SHIFT, dir);
         for_each_sg(sg, s, nents, i)
-                s->dma_address = bad_dma_address;
+                s->dma_address = bad_dma_addr;
         return 0;
 }
 
@@ -478,7 +485,7 @@ gart_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_addr,
                                      DMA_BIDIRECTIONAL, align_mask);
 
                 flush_gart();
-                if (paddr != bad_dma_address) {
+                if (paddr != bad_dma_addr) {
                         *dma_addr = paddr;
                         return page_address(page);
                 }
@@ -498,6 +505,11 @@ gart_free_coherent(struct device *dev, size_t size, void *vaddr,
         free_pages((unsigned long)vaddr, get_order(size));
 }
 
+static int gart_mapping_error(struct device *dev, dma_addr_t dma_addr)
+{
+        return (dma_addr == bad_dma_addr);
+}
+
 static int no_agp;
 
 static __init unsigned long check_iommu_size(unsigned long aper, u64 aper_size)
@@ -514,7 +526,7 @@ static __init unsigned long check_iommu_size(unsigned long aper, u64 aper_size)
         iommu_size -= round_up(a, PMD_PAGE_SIZE) - a;
 
         if (iommu_size < 64*1024*1024) {
-                printk(KERN_WARNING
+                pr_warning(
                         "PCI-DMA: Warning: Small IOMMU %luMB."
                         " Consider increasing the AGP aperture in BIOS\n",
                                 iommu_size >> 20);
@@ -569,28 +581,32 @@ void set_up_gart_resume(u32 aper_order, u32 aper_alloc)
         aperture_alloc = aper_alloc;
 }
 
-static int gart_resume(struct sys_device *dev)
+static void gart_fixup_northbridges(struct sys_device *dev)
 {
-        printk(KERN_INFO "PCI-DMA: Resuming GART IOMMU\n");
+        int i;
 
-        if (fix_up_north_bridges) {
-                int i;
+        if (!fix_up_north_bridges)
+                return;
 
-                printk(KERN_INFO "PCI-DMA: Restoring GART aperture settings\n");
+        pr_info("PCI-DMA: Restoring GART aperture settings\n");
 
-                for (i = 0; i < num_k8_northbridges; i++) {
-                        struct pci_dev *dev = k8_northbridges[i];
+        for (i = 0; i < num_k8_northbridges; i++) {
+                struct pci_dev *dev = k8_northbridges[i];
 
-                        /*
-                         * Don't enable translations just yet.  That is the next
-                         * step.  Restore the pre-suspend aperture settings.
-                         */
-                        pci_write_config_dword(dev, AMD64_GARTAPERTURECTL,
-                                                aperture_order << 1);
-                        pci_write_config_dword(dev, AMD64_GARTAPERTUREBASE,
-                                                aperture_alloc >> 25);
-                }
+                /*
+                 * Don't enable translations just yet.  That is the next
+                 * step.  Restore the pre-suspend aperture settings.
+                 */
+                pci_write_config_dword(dev, AMD64_GARTAPERTURECTL, aperture_order << 1);
+                pci_write_config_dword(dev, AMD64_GARTAPERTUREBASE, aperture_alloc >> 25);
         }
+}
+
+static int gart_resume(struct sys_device *dev)
+{
+        pr_info("PCI-DMA: Resuming GART IOMMU\n");
+
+        gart_fixup_northbridges(dev);
 
         enable_gart_translations();
 
@@ -603,15 +619,14 @@ static int gart_suspend(struct sys_device *dev, pm_message_t state)
 }
 
 static struct sysdev_class gart_sysdev_class = {
-        .name = "gart",
-        .suspend = gart_suspend,
-        .resume = gart_resume,
+        .name           = "gart",
+        .suspend        = gart_suspend,
+        .resume         = gart_resume,
 
 };
 
 static struct sys_device device_gart = {
-        .id     = 0,
-        .cls    = &gart_sysdev_class,
+        .cls            = &gart_sysdev_class,
 };
 
 /*
@@ -626,7 +641,8 @@ static __init int init_k8_gatt(struct agp_kern_info *info)
         void *gatt;
         int i, error;
 
-        printk(KERN_INFO "PCI-DMA: Disabling AGP.\n");
+        pr_info("PCI-DMA: Disabling AGP.\n");
+
         aper_size = aper_base = info->aper_size = 0;
         dev = NULL;
         for (i = 0; i < num_k8_northbridges; i++) {
@@ -644,6 +660,7 @@ static __init int init_k8_gatt(struct agp_kern_info *info)
         }
         if (!aper_base)
                 goto nommu;
+
         info->aper_base = aper_base;
         info->aper_size = aper_size >> 20;
 
@@ -666,14 +683,14 @@ static __init int init_k8_gatt(struct agp_kern_info *info)
 
         flush_gart();
 
-        printk(KERN_INFO "PCI-DMA: aperture base @ %x size %u KB\n",
+        pr_info("PCI-DMA: aperture base @ %x size %u KB\n",
                aper_base, aper_size>>10);
 
         return 0;
 
  nommu:
         /* Should not happen anymore */
-        printk(KERN_WARNING "PCI-DMA: More than 4GB of RAM and no IOMMU\n"
+        pr_warning("PCI-DMA: More than 4GB of RAM and no IOMMU\n"
                "falling back to iommu=soft.\n");
         return -1;
 }
@@ -685,14 +702,16 @@ static struct dma_map_ops gart_dma_ops = {
         .unmap_page                     = gart_unmap_page,
         .alloc_coherent                 = gart_alloc_coherent,
         .free_coherent                  = gart_free_coherent,
+        .mapping_error                  = gart_mapping_error,
 };
 
-void gart_iommu_shutdown(void)
+static void gart_iommu_shutdown(void)
 {
         struct pci_dev *dev;
         int i;
 
-        if (no_agp && (dma_ops != &gart_dma_ops))
+        /* don't shutdown it if there is AGP installed */
+        if (!no_agp)
                 return;
 
         for (i = 0; i < num_k8_northbridges; i++) {
@@ -707,7 +726,7 @@ void gart_iommu_shutdown(void)
         }
 }
 
-void __init gart_iommu_init(void)
+int __init gart_iommu_init(void)
 {
         struct agp_kern_info info;
         unsigned long iommu_start;
@@ -717,7 +736,7 @@ void __init gart_iommu_init(void)
         long i;
 
         if (cache_k8_northbridges() < 0 || num_k8_northbridges == 0)
-                return;
+                return 0;
 
 #ifndef CONFIG_AGP_AMD64
         no_agp = 1;
@@ -729,35 +748,28 @@ void __init gart_iommu_init(void)
                 (agp_copy_info(agp_bridge, &info) < 0);
 #endif
 
-        if (swiotlb)
-                return;
-
-        /* Did we detect a different HW IOMMU? */
-        if (iommu_detected && !gart_iommu_aperture)
-                return;
-
         if (no_iommu ||
             (!force_iommu && max_pfn <= MAX_DMA32_PFN) ||
             !gart_iommu_aperture ||
             (no_agp && init_k8_gatt(&info) < 0)) {
                 if (max_pfn > MAX_DMA32_PFN) {
-                        printk(KERN_WARNING "More than 4GB of memory "
-                               "but GART IOMMU not available.\n");
-                        printk(KERN_WARNING "falling back to iommu=soft.\n");
+                        pr_warning("More than 4GB of memory but GART IOMMU not available.\n");
+                        pr_warning("falling back to iommu=soft.\n");
                 }
-                return;
+                return 0;
         }
 
         /* need to map that range */
-        aper_size = info.aper_size << 20;
-        aper_base = info.aper_base;
-        end_pfn = (aper_base>>PAGE_SHIFT) + (aper_size>>PAGE_SHIFT);
+        aper_size       = info.aper_size << 20;
+        aper_base       = info.aper_base;
+        end_pfn         = (aper_base>>PAGE_SHIFT) + (aper_size>>PAGE_SHIFT);
+
         if (end_pfn > max_low_pfn_mapped) {
                 start_pfn = (aper_base>>PAGE_SHIFT);
                 init_memory_mapping(start_pfn<<PAGE_SHIFT, end_pfn<<PAGE_SHIFT);
         }
 
-        printk(KERN_INFO "PCI-DMA: using GART IOMMU.\n");
+        pr_info("PCI-DMA: using GART IOMMU.\n");
         iommu_size = check_iommu_size(info.aper_base, aper_size);
         iommu_pages = iommu_size >> PAGE_SHIFT;
 
@@ -772,8 +784,7 @@ void __init gart_iommu_init(void)
 
                 ret = dma_debug_resize_entries(iommu_pages);
                 if (ret)
-                        printk(KERN_DEBUG
-                               "PCI-DMA: Cannot trace all the entries\n");
+                        pr_debug("PCI-DMA: Cannot trace all the entries\n");
         }
 #endif
 
@@ -781,17 +792,16 @@ void __init gart_iommu_init(void)
          * Out of IOMMU space handling.
          * Reserve some invalid pages at the beginning of the GART.
          */
-        iommu_area_reserve(iommu_gart_bitmap, 0, EMERGENCY_PAGES);
+        bitmap_set(iommu_gart_bitmap, 0, EMERGENCY_PAGES);
 
-        agp_memory_reserved = iommu_size;
-        printk(KERN_INFO
-               "PCI-DMA: Reserving %luMB of IOMMU area in the AGP aperture\n",
+        pr_info("PCI-DMA: Reserving %luMB of IOMMU area in the AGP aperture\n",
                iommu_size >> 20);
 
-        iommu_start = aper_size - iommu_size;
-        iommu_bus_base = info.aper_base + iommu_start;
-        bad_dma_address = iommu_bus_base;
-        iommu_gatt_base = agp_gatt_table + (iommu_start>>PAGE_SHIFT);
+        agp_memory_reserved     = iommu_size;
+        iommu_start             = aper_size - iommu_size;
+        iommu_bus_base          = info.aper_base + iommu_start;
+        bad_dma_addr            = iommu_bus_base;
+        iommu_gatt_base         = agp_gatt_table + (iommu_start>>PAGE_SHIFT);
 
         /*
          * Unmap the IOMMU part of the GART. The alias of the page is
@@ -813,7 +823,7 @@ void __init gart_iommu_init(void)
          * the pages as Not-Present:
          */
         wbinvd();
-        
+
         /*
          * Now all caches are flushed and we can safely enable
          * GART hardware.  Doing it early leaves the possibility
@@ -837,6 +847,10 @@ void __init gart_iommu_init(void)
 
         flush_gart();
         dma_ops = &gart_dma_ops;
+        x86_platform.iommu_shutdown = gart_iommu_shutdown;
+        swiotlb = 0;
+
+        return 0;
 }
 
 void __init gart_parse_options(char *p)
@@ -855,7 +869,7 @@ void __init gart_parse_options(char *p)
 #endif
         if (isdigit(*p) && get_option(&p, &arg))
                 iommu_size = arg;
-        if (!strncmp(p, "fullflush", 8))
+        if (!strncmp(p, "fullflush", 9))
                 iommu_fullflush = 1;
         if (!strncmp(p, "nofullflush", 11))
                 iommu_fullflush = 0;
diff --git a/arch/x86/kernel/pci-nommu.c b/arch/x86/kernel/pci-nommu.c
index a3933d4330cd..22be12b60a8f 100644
--- a/arch/x86/kernel/pci-nommu.c
+++ b/arch/x86/kernel/pci-nommu.c
@@ -33,7 +33,7 @@ static dma_addr_t nommu_map_page(struct device *dev, struct page *page,
         dma_addr_t bus = page_to_phys(page) + offset;
         WARN_ON(size == 0);
         if (!check_addr("map_single", dev, bus, size))
-                return bad_dma_address;
+                return DMA_ERROR_CODE;
         flush_write_buffers();
         return bus;
 }
@@ -103,12 +103,3 @@ struct dma_map_ops nommu_dma_ops = {
         .sync_sg_for_device     = nommu_sync_sg_for_device,
         .is_phys                = 1,
 };
-
-void __init no_iommu_init(void)
-{
-        if (dma_ops)
-                return;
-
-        force_iommu = 0; /* no HW IOMMU */
-        dma_ops = &nommu_dma_ops;
-}
diff --git a/arch/x86/kernel/pci-swiotlb.c b/arch/x86/kernel/pci-swiotlb.c
index aaa6b7839f1e..7d2829dde20e 100644
--- a/arch/x86/kernel/pci-swiotlb.c
+++ b/arch/x86/kernel/pci-swiotlb.c
@@ -42,18 +42,31 @@ static struct dma_map_ops swiotlb_dma_ops = {
         .dma_supported = NULL,
 };
 
-void __init pci_swiotlb_init(void)
+/*
+ * pci_swiotlb_detect - set swiotlb to 1 if necessary
+ *
+ * This returns non-zero if we are forced to use swiotlb (by the boot
+ * option).
+ */
+int __init pci_swiotlb_detect(void)
 {
+        int use_swiotlb = swiotlb | swiotlb_force;
+
         /* don't initialize swiotlb if iommu=off (no_iommu=1) */
 #ifdef CONFIG_X86_64
-        if ((!iommu_detected && !no_iommu && max_pfn > MAX_DMA32_PFN))
+        if (!no_iommu && max_pfn > MAX_DMA32_PFN)
                 swiotlb = 1;
 #endif
         if (swiotlb_force)
                 swiotlb = 1;
+
+        return use_swiotlb;
+}
+
+void __init pci_swiotlb_init(void)
+{
         if (swiotlb) {
-                printk(KERN_INFO "PCI-DMA: Using software bounce buffering for IO (SWIOTLB)\n");
-                swiotlb_init();
+                swiotlb_init(0);
                 dma_ops = &swiotlb_dma_ops;
         }
 }
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 5284cd2b5776..c6ee241c8a98 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -9,7 +9,11 @@
 #include <linux/pm.h>
 #include <linux/clockchips.h>
 #include <linux/random.h>
+#include <linux/user-return-notifier.h>
+#include <linux/dmi.h>
+#include <linux/utsname.h>
 #include <trace/events/power.h>
+#include <linux/hw_breakpoint.h>
 #include <asm/system.h>
 #include <asm/apic.h>
 #include <asm/syscalls.h>
@@ -17,6 +21,7 @@
 #include <asm/uaccess.h>
 #include <asm/i387.h>
 #include <asm/ds.h>
+#include <asm/debugreg.h>
 
 unsigned long idle_halt;
 EXPORT_SYMBOL(idle_halt);
@@ -87,6 +92,25 @@ void exit_thread(void)
         }
 }
 
+void show_regs_common(void)
+{
+        const char *board, *product;
+
+        board = dmi_get_system_info(DMI_BOARD_NAME);
+        if (!board)
+                board = "";
+        product = dmi_get_system_info(DMI_PRODUCT_NAME);
+        if (!product)
+                product = "";
+
+        printk(KERN_CONT "\n");
+        printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s %s/%s\n",
+                current->pid, current->comm, print_tainted(),
+                init_utsname()->release,
+                (int)strcspn(init_utsname()->version, " "),
+                init_utsname()->version, board, product);
+}
+
 void flush_thread(void)
 {
         struct task_struct *tsk = current;
@@ -103,14 +127,7 @@ void flush_thread(void)
         }
 #endif
 
-        clear_tsk_thread_flag(tsk, TIF_DEBUG);
-
-        tsk->thread.debugreg0 = 0;
-        tsk->thread.debugreg1 = 0;
-        tsk->thread.debugreg2 = 0;
-        tsk->thread.debugreg3 = 0;
-        tsk->thread.debugreg6 = 0;
-        tsk->thread.debugreg7 = 0;
+        flush_ptrace_hw_breakpoint(tsk);
         memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
         /*
          * Forget coprocessor state..
@@ -192,16 +209,6 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
         else if (next->debugctlmsr != prev->debugctlmsr)
                 update_debugctlmsr(next->debugctlmsr);
 
-        if (test_tsk_thread_flag(next_p, TIF_DEBUG)) {
-                set_debugreg(next->debugreg0, 0);
-                set_debugreg(next->debugreg1, 1);
-                set_debugreg(next->debugreg2, 2);
-                set_debugreg(next->debugreg3, 3);
-                /* no 4 and 5 */
-                set_debugreg(next->debugreg6, 6);
-                set_debugreg(next->debugreg7, 7);
-        }
-
         if (test_tsk_thread_flag(prev_p, TIF_NOTSC) ^
             test_tsk_thread_flag(next_p, TIF_NOTSC)) {
                 /* prev and next are different */
@@ -224,6 +231,7 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
                  */
                 memset(tss->io_bitmap, 0xff, prev->io_bitmap_max);
         }
+        propagate_user_return_notify(prev_p, next_p);
 }
 
 int sys_fork(struct pt_regs *regs)
@@ -247,6 +255,76 @@ int sys_vfork(struct pt_regs *regs)
                        NULL, NULL);
 }
 
+long
+sys_clone(unsigned long clone_flags, unsigned long newsp,
+          void __user *parent_tid, void __user *child_tid, struct pt_regs *regs)
+{
+        if (!newsp)
+                newsp = regs->sp;
+        return do_fork(clone_flags, newsp, regs, 0, parent_tid, child_tid);
+}
+
+/*
+ * This gets run with %si containing the
+ * function to call, and %di containing
+ * the "args".
+ */
+extern void kernel_thread_helper(void);
+
+/*
+ * Create a kernel thread
+ */
+int kernel_thread(int (*fn)(void *), void *arg, unsigned long flags)
+{
+        struct pt_regs regs;
+
+        memset(&regs, 0, sizeof(regs));
+
+        regs.si = (unsigned long) fn;
+        regs.di = (unsigned long) arg;
+
+#ifdef CONFIG_X86_32
+        regs.ds = __USER_DS;
+        regs.es = __USER_DS;
+        regs.fs = __KERNEL_PERCPU;
+        regs.gs = __KERNEL_STACK_CANARY;
+#endif
+
+        regs.orig_ax = -1;
+        regs.ip = (unsigned long) kernel_thread_helper;
+        regs.cs = __KERNEL_CS | get_kernel_rpl();
+        regs.flags = X86_EFLAGS_IF | 0x2;
+
+        /* Ok, create the new process.. */
+        return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0, &regs, 0, NULL, NULL);
+}
+EXPORT_SYMBOL(kernel_thread);
+
+/*
+ * sys_execve() executes a new program.
+ */
+long sys_execve(char __user *name, char __user * __user *argv,
+                char __user * __user *envp, struct pt_regs *regs)
+{
+        long error;
+        char *filename;
+
+        filename = getname(name);
+        error = PTR_ERR(filename);
+        if (IS_ERR(filename))
+                return error;
+        error = do_execve(filename, argv, envp, regs);
+
+#ifdef CONFIG_X86_32
+        if (error == 0) {
+                /* Make sure we don't return using sysenter.. */
+                set_thread_flag(TIF_IRET);
+        }
+#endif
+
+        putname(filename);
+        return error;
+}
 
 /*
  * Idle related variables and functions
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index 4cf79567cdab..37ad1e046aae 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -23,7 +23,6 @@
 #include <linux/vmalloc.h>
 #include <linux/user.h>
 #include <linux/interrupt.h>
-#include <linux/utsname.h>
 #include <linux/delay.h>
 #include <linux/reboot.h>
 #include <linux/init.h>
@@ -35,7 +34,6 @@
 #include <linux/tick.h>
 #include <linux/percpu.h>
 #include <linux/prctl.h>
-#include <linux/dmi.h>
 #include <linux/ftrace.h>
 #include <linux/uaccess.h>
 #include <linux/io.h>
@@ -58,6 +56,7 @@
 #include <asm/idle.h>
 #include <asm/syscalls.h>
 #include <asm/ds.h>
+#include <asm/debugreg.h>
 
 asmlinkage void ret_from_fork(void) __asm__("ret_from_fork");
 
@@ -127,39 +126,29 @@ void __show_regs(struct pt_regs *regs, int all)
         unsigned long d0, d1, d2, d3, d6, d7;
         unsigned long sp;
         unsigned short ss, gs;
-        const char *board;
 
         if (user_mode_vm(regs)) {
                 sp = regs->sp;
                 ss = regs->ss & 0xffff;
                 gs = get_user_gs(regs);
         } else {
-                sp = (unsigned long) (&regs->sp);
+                sp = kernel_stack_pointer(regs);
                 savesegment(ss, ss);
                 savesegment(gs, gs);
         }
 
-        printk("\n");
+        show_regs_common();
 
-        board = dmi_get_system_info(DMI_PRODUCT_NAME);
-        if (!board)
-                board = "";
-        printk("Pid: %d, comm: %s %s (%s %.*s) %s\n",
-                        task_pid_nr(current), current->comm,
-                        print_tainted(), init_utsname()->release,
-                        (int)strcspn(init_utsname()->version, " "),
-                        init_utsname()->version, board);
-
-        printk("EIP: %04x:[<%08lx>] EFLAGS: %08lx CPU: %d\n",
+        printk(KERN_DEFAULT "EIP: %04x:[<%08lx>] EFLAGS: %08lx CPU: %d\n",
                         (u16)regs->cs, regs->ip, regs->flags,
                         smp_processor_id());
         print_symbol("EIP is at %s\n", regs->ip);
 
-        printk("EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n",
+        printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n",
                 regs->ax, regs->bx, regs->cx, regs->dx);
-        printk("ESI: %08lx EDI: %08lx EBP: %08lx ESP: %08lx\n",
+        printk(KERN_DEFAULT "ESI: %08lx EDI: %08lx EBP: %08lx ESP: %08lx\n",
                 regs->si, regs->di, regs->bp, sp);
-        printk(" DS: %04x ES: %04x FS: %04x GS: %04x SS: %04x\n",
+        printk(KERN_DEFAULT " DS: %04x ES: %04x FS: %04x GS: %04x SS: %04x\n",
                (u16)regs->ds, (u16)regs->es, (u16)regs->fs, gs, ss);
 
         if (!all)
@@ -169,61 +158,28 @@ void __show_regs(struct pt_regs *regs, int all)
         cr2 = read_cr2();
         cr3 = read_cr3();
         cr4 = read_cr4_safe();
-        printk("CR0: %08lx CR2: %08lx CR3: %08lx CR4: %08lx\n",
+        printk(KERN_DEFAULT "CR0: %08lx CR2: %08lx CR3: %08lx CR4: %08lx\n",
                         cr0, cr2, cr3, cr4);
 
         get_debugreg(d0, 0);
         get_debugreg(d1, 1);
         get_debugreg(d2, 2);
         get_debugreg(d3, 3);
-        printk("DR0: %08lx DR1: %08lx DR2: %08lx DR3: %08lx\n",
+        printk(KERN_DEFAULT "DR0: %08lx DR1: %08lx DR2: %08lx DR3: %08lx\n",
                         d0, d1, d2, d3);
 
         get_debugreg(d6, 6);
         get_debugreg(d7, 7);
-        printk("DR6: %08lx DR7: %08lx\n",
+        printk(KERN_DEFAULT "DR6: %08lx DR7: %08lx\n",
                         d6, d7);
 }
 
 void show_regs(struct pt_regs *regs)
 {
-        __show_regs(regs, 1);
+        show_registers(regs);
         show_trace(NULL, regs, &regs->sp, regs->bp);
 }
 
-/*
- * This gets run with %bx containing the
- * function to call, and %dx containing
- * the "args".
- */
-extern void kernel_thread_helper(void);
-
-/*
- * Create a kernel thread
- */
-int kernel_thread(int (*fn)(void *), void *arg, unsigned long flags)
-{
-        struct pt_regs regs;
-
-        memset(&regs, 0, sizeof(regs));
-
-        regs.bx = (unsigned long) fn;
-        regs.dx = (unsigned long) arg;
-
-        regs.ds = __USER_DS;
-        regs.es = __USER_DS;
-        regs.fs = __KERNEL_PERCPU;
-        regs.gs = __KERNEL_STACK_CANARY;
-        regs.orig_ax = -1;
-        regs.ip = (unsigned long) kernel_thread_helper;
-        regs.cs = __KERNEL_CS | get_kernel_rpl();
-        regs.flags = X86_EFLAGS_IF | X86_EFLAGS_SF | X86_EFLAGS_PF | 0x2;
-
-        /* Ok, create the new process.. */
-        return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0, &regs, 0, NULL, NULL);
-}
-EXPORT_SYMBOL(kernel_thread);
-
 void release_thread(struct task_struct *dead_task)
 {
         BUG_ON(dead_task->mm);
@@ -259,7 +215,12 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
 
         task_user_gs(p) = get_user_gs(regs);
 
+        p->thread.io_bitmap_ptr = NULL;
         tsk = current;
+        err = -ENOMEM;
+
+        memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
+
         if (unlikely(test_tsk_thread_flag(tsk, TIF_IO_BITMAP))) {
                 p->thread.io_bitmap_ptr = kmemdup(tsk->thread.io_bitmap_ptr,
                                                 IO_BITMAP_BYTES, GFP_KERNEL);
@@ -430,46 +391,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
         return prev_p;
 }
 
-int sys_clone(struct pt_regs *regs)
-{
-        unsigned long clone_flags;
-        unsigned long newsp;
-        int __user *parent_tidptr, *child_tidptr;
-
-        clone_flags = regs->bx;
-        newsp = regs->cx;
-        parent_tidptr = (int __user *)regs->dx;
-        child_tidptr = (int __user *)regs->di;
-        if (!newsp)
-                newsp = regs->sp;
-        return do_fork(clone_flags, newsp, regs, 0, parent_tidptr, child_tidptr);
-}
-
-/*
- * sys_execve() executes a new program.
- */
-int sys_execve(struct pt_regs *regs)
-{
-        int error;
-        char *filename;
-
-        filename = getname((char __user *) regs->bx);
-        error = PTR_ERR(filename);
-        if (IS_ERR(filename))
-                goto out;
-        error = do_execve(filename,
-                        (char __user * __user *) regs->cx,
-                        (char __user * __user *) regs->dx,
-                        regs);
-        if (error == 0) {
-                /* Make sure we don't return using sysenter.. */
-                set_thread_flag(TIF_IRET);
-        }
-        putname(filename);
-out:
-        return error;
-}
-
 #define top_esp                (THREAD_SIZE - sizeof(unsigned long))
 #define top_ebp                (THREAD_SIZE - 2*sizeof(unsigned long))
 
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index ad535b683170..f9e033150cdf 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -26,7 +26,6 @@
 #include <linux/slab.h>
 #include <linux/user.h>
 #include <linux/interrupt.h>
-#include <linux/utsname.h>
 #include <linux/delay.h>
 #include <linux/module.h>
 #include <linux/ptrace.h>
@@ -38,7 +37,6 @@
 #include <linux/uaccess.h>
 #include <linux/io.h>
 #include <linux/ftrace.h>
-#include <linux/dmi.h>
 
 #include <asm/pgtable.h>
 #include <asm/system.h>
@@ -52,14 +50,13 @@
 #include <asm/idle.h>
 #include <asm/syscalls.h>
 #include <asm/ds.h>
+#include <asm/debugreg.h>
 
 asmlinkage extern void ret_from_fork(void);
 
 DEFINE_PER_CPU(unsigned long, old_rsp);
 static DEFINE_PER_CPU(unsigned char, is_idle);
 
-unsigned long kernel_thread_flags = CLONE_VM | CLONE_UNTRACED;
-
 static ATOMIC_NOTIFIER_HEAD(idle_notifier);
 
 void idle_notifier_register(struct notifier_block *n)
@@ -162,31 +159,21 @@ void __show_regs(struct pt_regs *regs, int all)
         unsigned long d0, d1, d2, d3, d6, d7;
         unsigned int fsindex, gsindex;
         unsigned int ds, cs, es;
-        const char *board;
-
-        printk("\n");
-        print_modules();
-        board = dmi_get_system_info(DMI_PRODUCT_NAME);
-        if (!board)
-                board = "";
-        printk(KERN_INFO "Pid: %d, comm: %.20s %s %s %.*s %s\n",
-                current->pid, current->comm, print_tainted(),
-                init_utsname()->release,
-                (int)strcspn(init_utsname()->version, " "),
-                init_utsname()->version, board);
-        printk(KERN_INFO "RIP: %04lx:[<%016lx>] ", regs->cs & 0xffff, regs->ip);
+
+        show_regs_common();
+        printk(KERN_DEFAULT "RIP: %04lx:[<%016lx>] ", regs->cs & 0xffff, regs->ip);
         printk_address(regs->ip, 1);
-        printk(KERN_INFO "RSP: %04lx:%016lx  EFLAGS: %08lx\n", regs->ss,
+        printk(KERN_DEFAULT "RSP: %04lx:%016lx  EFLAGS: %08lx\n", regs->ss,
                         regs->sp, regs->flags);
-        printk(KERN_INFO "RAX: %016lx RBX: %016lx RCX: %016lx\n",
+        printk(KERN_DEFAULT "RAX: %016lx RBX: %016lx RCX: %016lx\n",
                regs->ax, regs->bx, regs->cx);
-        printk(KERN_INFO "RDX: %016lx RSI: %016lx RDI: %016lx\n",
+        printk(KERN_DEFAULT "RDX: %016lx RSI: %016lx RDI: %016lx\n",
                regs->dx, regs->si, regs->di);
-        printk(KERN_INFO "RBP: %016lx R08: %016lx R09: %016lx\n",
+        printk(KERN_DEFAULT "RBP: %016lx R08: %016lx R09: %016lx\n",
                regs->bp, regs->r8, regs->r9);
-        printk(KERN_INFO "R10: %016lx R11: %016lx R12: %016lx\n",
+        printk(KERN_DEFAULT "R10: %016lx R11: %016lx R12: %016lx\n",
                regs->r10, regs->r11, regs->r12);
-        printk(KERN_INFO "R13: %016lx R14: %016lx R15: %016lx\n",
+        printk(KERN_DEFAULT "R13: %016lx R14: %016lx R15: %016lx\n",
                regs->r13, regs->r14, regs->r15);
 
         asm("movl %%ds,%0" : "=r" (ds));
@@ -207,27 +194,26 @@ void __show_regs(struct pt_regs *regs, int all)
         cr3 = read_cr3();
         cr4 = read_cr4();
 
-        printk(KERN_INFO "FS:  %016lx(%04x) GS:%016lx(%04x) knlGS:%016lx\n",
+        printk(KERN_DEFAULT "FS:  %016lx(%04x) GS:%016lx(%04x) knlGS:%016lx\n",
                fs, fsindex, gs, gsindex, shadowgs);
-        printk(KERN_INFO "CS:  %04x DS: %04x ES: %04x CR0: %016lx\n", cs, ds,
+        printk(KERN_DEFAULT "CS:  %04x DS: %04x ES: %04x CR0: %016lx\n", cs, ds,
                         es, cr0);
-        printk(KERN_INFO "CR2: %016lx CR3: %016lx CR4: %016lx\n", cr2, cr3,
+        printk(KERN_DEFAULT "CR2: %016lx CR3: %016lx CR4: %016lx\n", cr2, cr3,
                         cr4);
 
         get_debugreg(d0, 0);
         get_debugreg(d1, 1);
         get_debugreg(d2, 2);
-        printk(KERN_INFO "DR0: %016lx DR1: %016lx DR2: %016lx\n", d0, d1, d2);
+        printk(KERN_DEFAULT "DR0: %016lx DR1: %016lx DR2: %016lx\n", d0, d1, d2);
         get_debugreg(d3, 3);
         get_debugreg(d6, 6);
         get_debugreg(d7, 7);
-        printk(KERN_INFO "DR3: %016lx DR6: %016lx DR7: %016lx\n", d3, d6, d7);
+        printk(KERN_DEFAULT "DR3: %016lx DR6: %016lx DR7: %016lx\n", d3, d6, d7);
 }
 
 void show_regs(struct pt_regs *regs)
 {
-        printk(KERN_INFO "CPU %d:", smp_processor_id());
-        __show_regs(regs, 1);
+        show_registers(regs);
         show_trace(NULL, regs, (void *)(regs + 1), regs->bp);
 }
 
@@ -285,8 +271,9 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
         *childregs = *regs;
 
         childregs->ax = 0;
-        childregs->sp = sp;
-        if (sp == ~0UL)
+        if (user_mode(regs))
+                childregs->sp = sp;
+        else
                 childregs->sp = (unsigned long)childregs;
 
         p->thread.sp = (unsigned long) childregs;
@@ -297,12 +284,16 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
 
         p->thread.fs = me->thread.fs;
         p->thread.gs = me->thread.gs;
+        p->thread.io_bitmap_ptr = NULL;
 
         savesegment(gs, p->thread.gsindex);
         savesegment(fs, p->thread.fsindex);
         savesegment(es, p->thread.es);
         savesegment(ds, p->thread.ds);
 
+        err = -ENOMEM;
+        memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
+
         if (unlikely(test_tsk_thread_flag(me, TIF_IO_BITMAP))) {
                 p->thread.io_bitmap_ptr = kmalloc(IO_BITMAP_BYTES, GFP_KERNEL);
                 if (!p->thread.io_bitmap_ptr) {
@@ -341,29 +332,46 @@ out:
                 kfree(p->thread.io_bitmap_ptr);
                 p->thread.io_bitmap_max = 0;
         }
+
         return err;
 }
 
-void
-start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
+static void
+start_thread_common(struct pt_regs *regs, unsigned long new_ip,
+                    unsigned long new_sp,
+                    unsigned int _cs, unsigned int _ss, unsigned int _ds)
 {
         loadsegment(fs, 0);
-        loadsegment(es, 0);
-        loadsegment(ds, 0);
+        loadsegment(es, _ds);
+        loadsegment(ds, _ds);
         load_gs_index(0);
         regs->ip                = new_ip;
         regs->sp                = new_sp;
         percpu_write(old_rsp, new_sp);
-        regs->cs                = __USER_CS;
-        regs->ss                = __USER_DS;
-        regs->flags             = 0x200;
+        regs->cs                = _cs;
+        regs->ss                = _ss;
+        regs->flags             = X86_EFLAGS_IF;
         set_fs(USER_DS);
         /*
          * Free the old FP and other extended state
          */
         free_thread_xstate(current);
 }
-EXPORT_SYMBOL_GPL(start_thread);
+
+void
+start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
+{
+        start_thread_common(regs, new_ip, new_sp,
+                            __USER_CS, __USER_DS, 0);
+}
+
+#ifdef CONFIG_IA32_EMULATION
+void start_thread_ia32(struct pt_regs *regs, u32 new_ip, u32 new_sp)
+{
+        start_thread_common(regs, new_ip, new_sp,
+                            __USER32_CS, __USER32_DS, __USER32_DS);
+}
+#endif
 
 /*
  *      switch_to(x,y) should switch tasks from x to y.
@@ -495,26 +503,8 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
          */
         if (preload_fpu)
                 __math_state_restore();
-        return prev_p;
-}
 
-/*
- * sys_execve() executes a new program.
- */
-asmlinkage
-long sys_execve(char __user *name, char __user * __user *argv,
-                char __user * __user *envp, struct pt_regs *regs)
-{
-        long error;
-        char *filename;
-
-        filename = getname(name);
-        error = PTR_ERR(filename);
-        if (IS_ERR(filename))
-                return error;
-        error = do_execve(filename, argv, envp, regs);
-        putname(filename);
-        return error;
+        return prev_p;
 }
 
 void set_personality_64bit(void)
@@ -531,15 +521,6 @@ void set_personality_64bit(void)
         current->personality &= ~READ_IMPLIES_EXEC;
 }
 
-asmlinkage long
-sys_clone(unsigned long clone_flags, unsigned long newsp,
-          void __user *parent_tid, void __user *child_tid, struct pt_regs *regs)
-{
-        if (!newsp)
-                newsp = regs->sp;
-        return do_fork(clone_flags, newsp, regs, 0, parent_tid, child_tid);
-}
-
 unsigned long get_wchan(struct task_struct *p)
 {
         unsigned long stack;
@@ -664,3 +645,8 @@ long sys_arch_prctl(int code, unsigned long addr)
         return do_arch_prctl(current, code, addr);
 }
 
+unsigned long KSTK_ESP(struct task_struct *task)
+{
+        return (test_tsk_thread_flag(task, TIF_IA32)) ?
+                        (task_pt_regs(task)->sp) : ((task)->thread.usersp);
+}
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 7b058a2dc66a..017d937639fe 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -22,6 +22,8 @@
 #include <linux/seccomp.h>
 #include <linux/signal.h>
 #include <linux/workqueue.h>
+#include <linux/perf_event.h>
+#include <linux/hw_breakpoint.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -34,6 +36,7 @@
 #include <asm/prctl.h>
 #include <asm/proto.h>
 #include <asm/ds.h>
+#include <asm/hw_breakpoint.h>
 
 #include "tls.h"
 
@@ -49,6 +52,118 @@ enum x86_regset {
         REGSET_IOPERM32,
 };
 
+struct pt_regs_offset {
+        const char *name;
+        int offset;
+};
+
+#define REG_OFFSET_NAME(r) {.name = #r, .offset = offsetof(struct pt_regs, r)}
+#define REG_OFFSET_END {.name = NULL, .offset = 0}
+
+static const struct pt_regs_offset regoffset_table[] = {
+#ifdef CONFIG_X86_64
+        REG_OFFSET_NAME(r15),
+        REG_OFFSET_NAME(r14),
+        REG_OFFSET_NAME(r13),
+        REG_OFFSET_NAME(r12),
+        REG_OFFSET_NAME(r11),
+        REG_OFFSET_NAME(r10),
+        REG_OFFSET_NAME(r9),
+        REG_OFFSET_NAME(r8),
+#endif
+        REG_OFFSET_NAME(bx),
+        REG_OFFSET_NAME(cx),
+        REG_OFFSET_NAME(dx),
+        REG_OFFSET_NAME(si),
+        REG_OFFSET_NAME(di),
+        REG_OFFSET_NAME(bp),
+        REG_OFFSET_NAME(ax),
+#ifdef CONFIG_X86_32
+        REG_OFFSET_NAME(ds),
+        REG_OFFSET_NAME(es),
+        REG_OFFSET_NAME(fs),
+        REG_OFFSET_NAME(gs),
+#endif
+        REG_OFFSET_NAME(orig_ax),
+        REG_OFFSET_NAME(ip),
+        REG_OFFSET_NAME(cs),
+        REG_OFFSET_NAME(flags),
+        REG_OFFSET_NAME(sp),
+        REG_OFFSET_NAME(ss),
+        REG_OFFSET_END,
+};
+
+/**
+ * regs_query_register_offset() - query register offset from its name
+ * @name:       the name of a register
+ *
+ * regs_query_register_offset() returns the offset of a register in struct
+ * pt_regs from its name. If the name is invalid, this returns -EINVAL;
+ */
+int regs_query_register_offset(const char *name)
+{
+        const struct pt_regs_offset *roff;
+        for (roff = regoffset_table; roff->name != NULL; roff++)
+                if (!strcmp(roff->name, name))
+                        return roff->offset;
+        return -EINVAL;
+}
+
+/**
+ * regs_query_register_name() - query register name from its offset
+ * @offset:     the offset of a register in struct pt_regs.
+ *
+ * regs_query_register_name() returns the name of a register from its
+ * offset in struct pt_regs. If the @offset is invalid, this returns NULL;
+ */
+const char *regs_query_register_name(unsigned int offset)
+{
+        const struct pt_regs_offset *roff;
+        for (roff = regoffset_table; roff->name != NULL; roff++)
+                if (roff->offset == offset)
+                        return roff->name;
+        return NULL;
+}
+
+static const int arg_offs_table[] = {
+#ifdef CONFIG_X86_32
+        [0] = offsetof(struct pt_regs, ax),
+        [1] = offsetof(struct pt_regs, dx),
+        [2] = offsetof(struct pt_regs, cx)
+#else /* CONFIG_X86_64 */
+        [0] = offsetof(struct pt_regs, di),
+        [1] = offsetof(struct pt_regs, si),
+        [2] = offsetof(struct pt_regs, dx),
+        [3] = offsetof(struct pt_regs, cx),
+        [4] = offsetof(struct pt_regs, r8),
+        [5] = offsetof(struct pt_regs, r9)
+#endif
+};
+
+/**
+ * regs_get_argument_nth() - get Nth argument at function call
+ * @regs:       pt_regs which contains registers at function entry.
+ * @n:          argument number.
+ *
+ * regs_get_argument_nth() returns @n th argument of a function call.
+ * Since usually the kernel stack will be changed right after function entry,
+ * you must use this at function entry. If the @n th entry is NOT in the
+ * kernel stack or pt_regs, this returns 0.
+ */
+unsigned long regs_get_argument_nth(struct pt_regs *regs, unsigned int n)
+{
+        if (n < ARRAY_SIZE(arg_offs_table))
+                return *(unsigned long *)((char *)regs + arg_offs_table[n]);
+        else {
+                /*
+                 * The typical case: arg n is on the stack.
+                 * (Note: stack[0] = return address, so skip it)
+                 */
+                n -= ARRAY_SIZE(arg_offs_table);
+                return regs_get_kernel_stack_nth(regs, 1 + n);
+        }
+}
+
 /*
  * does not yet catch signals sent when the child dies.
  * in exit.c or in signal.c.
@@ -137,11 +252,6 @@ static int set_segment_reg(struct task_struct *task,
         return 0;
 }
 
-static unsigned long debugreg_addr_limit(struct task_struct *task)
-{
-        return TASK_SIZE - 3;
-}
-
 #else  /* CONFIG_X86_64 */
 
 #define FLAG_MASK               (FLAG_MASK_32 | X86_EFLAGS_NT)
@@ -266,15 +376,6 @@ static int set_segment_reg(struct task_struct *task,
         return 0;
 }
 
-static unsigned long debugreg_addr_limit(struct task_struct *task)
-{
-#ifdef CONFIG_IA32_EMULATION
-        if (test_tsk_thread_flag(task, TIF_IA32))
-                return IA32_PAGE_OFFSET - 3;
-#endif
-        return TASK_SIZE_MAX - 7;
-}
-
 #endif  /* CONFIG_X86_32 */
 
 static unsigned long get_flags(struct task_struct *task)
@@ -408,14 +509,14 @@ static int genregs_get(struct task_struct *target,
 {
         if (kbuf) {
                 unsigned long *k = kbuf;
-                while (count > 0) {
+                while (count >= sizeof(*k)) {
                         *k++ = getreg(target, pos);
                         count -= sizeof(*k);
                         pos += sizeof(*k);
                 }
         } else {
                 unsigned long __user *u = ubuf;
-                while (count > 0) {
+                while (count >= sizeof(*u)) {
                         if (__put_user(getreg(target, pos), u++))
                                 return -EFAULT;
                         count -= sizeof(*u);
@@ -434,14 +535,14 @@ static int genregs_set(struct task_struct *target,
         int ret = 0;
         if (kbuf) {
                 const unsigned long *k = kbuf;
-                while (count > 0 && !ret) {
+                while (count >= sizeof(*k) && !ret) {
                         ret = putreg(target, pos, *k++);
                         count -= sizeof(*k);
                         pos += sizeof(*k);
                 }
         } else {
                 const unsigned long  __user *u = ubuf;
-                while (count > 0 && !ret) {
+                while (count >= sizeof(*u) && !ret) {
                         unsigned long word;
                         ret = __get_user(word, u++);
                         if (ret)
@@ -454,99 +555,237 @@ static int genregs_set(struct task_struct *target,
         return ret;
 }
 
+static void ptrace_triggered(struct perf_event *bp, int nmi,
+                             struct perf_sample_data *data,
+                             struct pt_regs *regs)
+{
+        int i;
+        struct thread_struct *thread = &(current->thread);
+
+        /*
+         * Store in the virtual DR6 register the fact that the breakpoint
+         * was hit so the thread's debugger will see it.
+         */
+        for (i = 0; i < HBP_NUM; i++) {
+                if (thread->ptrace_bps[i] == bp)
+                        break;
+        }
+
+        thread->debugreg6 |= (DR_TRAP0 << i);
+}
+
 /*
- * This function is trivial and will be inlined by the compiler.
- * Having it separates the implementation details of debug
- * registers from the interface details of ptrace.
+ * Walk through every ptrace breakpoints for this thread and
+ * build the dr7 value on top of their attributes.
+ *
  */
-static unsigned long ptrace_get_debugreg(struct task_struct *child, int n)
+static unsigned long ptrace_get_dr7(struct perf_event *bp[])
 {
-        switch (n) {
-        case 0:         return child->thread.debugreg0;
-        case 1:         return child->thread.debugreg1;
-        case 2:         return child->thread.debugreg2;
-        case 3:         return child->thread.debugreg3;
-        case 6:         return child->thread.debugreg6;
-        case 7:         return child->thread.debugreg7;
+        int i;
+        int dr7 = 0;
+        struct arch_hw_breakpoint *info;
+
+        for (i = 0; i < HBP_NUM; i++) {
+                if (bp[i] && !bp[i]->attr.disabled) {
+                        info = counter_arch_bp(bp[i]);
+                        dr7 |= encode_dr7(i, info->len, info->type);
+                }
         }
-        return 0;
+
+        return dr7;
 }
 
-static int ptrace_set_debugreg(struct task_struct *child,
-                               int n, unsigned long data)
+static int
+ptrace_modify_breakpoint(struct perf_event *bp, int len, int type,
+                         struct task_struct *tsk, int disabled)
 {
-        int i;
+        int err;
+        int gen_len, gen_type;
+        struct perf_event_attr attr;
 
-        if (unlikely(n == 4 || n == 5))
-                return -EIO;
+        /*
+         * We shoud have at least an inactive breakpoint at this
+         * slot. It means the user is writing dr7 without having
+         * written the address register first
+         */
+        if (!bp)
+                return -EINVAL;
 
-        if (n < 4 && unlikely(data >= debugreg_addr_limit(child)))
-                return -EIO;
+        err = arch_bp_generic_fields(len, type, &gen_len, &gen_type);
+        if (err)
+                return err;
 
-        switch (n) {
-        case 0:         child->thread.debugreg0 = data; break;
-        case 1:         child->thread.debugreg1 = data; break;
-        case 2:         child->thread.debugreg2 = data; break;
-        case 3:         child->thread.debugreg3 = data; break;
+        attr = bp->attr;
+        attr.bp_len = gen_len;
+        attr.bp_type = gen_type;
+        attr.disabled = disabled;
 
-        case 6:
-                if ((data & ~0xffffffffUL) != 0)
-                        return -EIO;
-                child->thread.debugreg6 = data;
-                break;
+        return modify_user_hw_breakpoint(bp, &attr);
+}
 
-        case 7:
+/*
+ * Handle ptrace writes to debug register 7.
+ */
+static int ptrace_write_dr7(struct task_struct *tsk, unsigned long data)
+{
+        struct thread_struct *thread = &(tsk->thread);
+        unsigned long old_dr7;
+        int i, orig_ret = 0, rc = 0;
+        int enabled, second_pass = 0;
+        unsigned len, type;
+        struct perf_event *bp;
+
+        data &= ~DR_CONTROL_RESERVED;
+        old_dr7 = ptrace_get_dr7(thread->ptrace_bps);
+restore:
+        /*
+         * Loop through all the hardware breakpoints, making the
+         * appropriate changes to each.
+         */
+        for (i = 0; i < HBP_NUM; i++) {
+                enabled = decode_dr7(data, i, &len, &type);
+                bp = thread->ptrace_bps[i];
+
+                if (!enabled) {
+                        if (bp) {
+                                /*
+                                 * Don't unregister the breakpoints right-away,
+                                 * unless all register_user_hw_breakpoint()
+                                 * requests have succeeded. This prevents
+                                 * any window of opportunity for debug
+                                 * register grabbing by other users.
+                                 */
+                                if (!second_pass)
+                                        continue;
+
+                                rc = ptrace_modify_breakpoint(bp, len, type,
+                                                              tsk, 1);
+                                if (rc)
+                                        break;
+                        }
+                        continue;
+                }
+
+                rc = ptrace_modify_breakpoint(bp, len, type, tsk, 0);
+                if (rc)
+                        break;
+        }
+        /*
+         * Make a second pass to free the remaining unused breakpoints
+         * or to restore the original breakpoints if an error occurred.
+         */
+        if (!second_pass) {
+                second_pass = 1;
+                if (rc < 0) {
+                        orig_ret = rc;
+                        data = old_dr7;
+                }
+                goto restore;
+        }
+        return ((orig_ret < 0) ? orig_ret : rc);
+}
+
+/*
+ * Handle PTRACE_PEEKUSR calls for the debug register area.
+ */
+static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n)
+{
+        struct thread_struct *thread = &(tsk->thread);
+        unsigned long val = 0;
+
+        if (n < HBP_NUM) {
+                struct perf_event *bp;
+                bp = thread->ptrace_bps[n];
+                if (!bp)
+                        return 0;
+                val = bp->hw.info.address;
+        } else if (n == 6) {
+                val = thread->debugreg6;
+         } else if (n == 7) {
+                val = ptrace_get_dr7(thread->ptrace_bps);
+        }
+        return val;
+}
+
+static int ptrace_set_breakpoint_addr(struct task_struct *tsk, int nr,
+                                      unsigned long addr)
+{
+        struct perf_event *bp;
+        struct thread_struct *t = &tsk->thread;
+        struct perf_event_attr attr;
+
+        if (!t->ptrace_bps[nr]) {
+                hw_breakpoint_init(&attr);
                 /*
-                 * Sanity-check data. Take one half-byte at once with
-                 * check = (val >> (16 + 4*i)) & 0xf. It contains the
-                 * R/Wi and LENi bits; bits 0 and 1 are R/Wi, and bits
-                 * 2 and 3 are LENi. Given a list of invalid values,
-                 * we do mask |= 1 << invalid_value, so that
-                 * (mask >> check) & 1 is a correct test for invalid
-                 * values.
-                 *
-                 * R/Wi contains the type of the breakpoint /
-                 * watchpoint, LENi contains the length of the watched
-                 * data in the watchpoint case.
-                 *
-                 * The invalid values are:
-                 * - LENi == 0x10 (undefined), so mask |= 0x0f00.       [32-bit]
-                 * - R/Wi == 0x10 (break on I/O reads or writes), so
-                 *   mask |= 0x4444.
-                 * - R/Wi == 0x00 && LENi != 0x00, so we have mask |=
-                 *   0x1110.
-                 *
-                 * Finally, mask = 0x0f00 | 0x4444 | 0x1110 == 0x5f54.
-                 *
-                 * See the Intel Manual "System Programming Guide",
-                 * 15.2.4
-                 *
-                 * Note that LENi == 0x10 is defined on x86_64 in long
-                 * mode (i.e. even for 32-bit userspace software, but
-                 * 64-bit kernel), so the x86_64 mask value is 0x5454.
-                 * See the AMD manual no. 24593 (AMD64 System Programming)
+                 * Put stub len and type to register (reserve) an inactive but
+                 * correct bp
                  */
-#ifdef CONFIG_X86_32
-#define DR7_MASK        0x5f54
-#else
-#define DR7_MASK        0x5554
-#endif
-                data &= ~DR_CONTROL_RESERVED;
-                for (i = 0; i < 4; i++)
-                        if ((DR7_MASK >> ((data >> (16 + 4*i)) & 0xf)) & 1)
-                                return -EIO;
-                child->thread.debugreg7 = data;
-                if (data)
-                        set_tsk_thread_flag(child, TIF_DEBUG);
-                else
-                        clear_tsk_thread_flag(child, TIF_DEBUG);
-                break;
+                attr.bp_addr = addr;
+                attr.bp_len = HW_BREAKPOINT_LEN_1;
+                attr.bp_type = HW_BREAKPOINT_W;
+                attr.disabled = 1;
+
+                bp = register_user_hw_breakpoint(&attr, ptrace_triggered, tsk);
+
+                /*
+                 * CHECKME: the previous code returned -EIO if the addr wasn't
+                 * a valid task virtual addr. The new one will return -EINVAL in
+                 *  this case.
+                 * -EINVAL may be what we want for in-kernel breakpoints users,
+                 * but -EIO looks better for ptrace, since we refuse a register
+                 * writing for the user. And anyway this is the previous
+                 * behaviour.
+                 */
+                if (IS_ERR(bp))
+                        return PTR_ERR(bp);
+
+                t->ptrace_bps[nr] = bp;
+        } else {
+                int err;
+
+                bp = t->ptrace_bps[nr];
+
+                attr = bp->attr;
+                attr.bp_addr = addr;
+                err = modify_user_hw_breakpoint(bp, &attr);
+                if (err)
+                        return err;
         }
 
+
         return 0;
 }
 
 /*
+ * Handle PTRACE_POKEUSR calls for the debug register area.
+ */
+int ptrace_set_debugreg(struct task_struct *tsk, int n, unsigned long val)
+{
+        struct thread_struct *thread = &(tsk->thread);
+        int rc = 0;
+
+        /* There are no DR4 or DR5 registers */
+        if (n == 4 || n == 5)
+                return -EIO;
+
+        if (n == 6) {
+                thread->debugreg6 = val;
+                goto ret_path;
+        }
+        if (n < HBP_NUM) {
+                rc = ptrace_set_breakpoint_addr(tsk, n, val);
+                if (rc)
+                        return rc;
+        }
+        /* All that's left is DR7 */
+        if (n == 7)
+                rc = ptrace_write_dr7(tsk, val);
+
+ret_path:
+        return rc;
+}
+
+/*
  * These access the current or another (stopped) task's io permission
  * bitmap for debugging or core dump.
  */
@@ -1219,14 +1458,14 @@ static int genregs32_get(struct task_struct *target,
 {
         if (kbuf) {
                 compat_ulong_t *k = kbuf;
-                while (count > 0) {
+                while (count >= sizeof(*k)) {
                         getreg32(target, pos, k++);
                         count -= sizeof(*k);
                         pos += sizeof(*k);
                 }
         } else {
                 compat_ulong_t __user *u = ubuf;
-                while (count > 0) {
+                while (count >= sizeof(*u)) {
                         compat_ulong_t word;
                         getreg32(target, pos, &word);
                         if (__put_user(word, u++))
@@ -1247,14 +1486,14 @@ static int genregs32_set(struct task_struct *target,
         int ret = 0;
         if (kbuf) {
                 const compat_ulong_t *k = kbuf;
-                while (count > 0 && !ret) {
+                while (count >= sizeof(*k) && !ret) {
                         ret = putreg32(target, pos, *k++);
                         count -= sizeof(*k);
                         pos += sizeof(*k);
                 }
         } else {
                 const compat_ulong_t __user *u = ubuf;
-                while (count > 0 && !ret) {
+                while (count >= sizeof(*u) && !ret) {
                         compat_ulong_t word;
                         ret = __get_user(word, u++);
                         if (ret)
@@ -1437,21 +1676,33 @@ const struct user_regset_view *task_user_regset_view(struct task_struct *task)
 #endif
 }
 
-void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
-                                         int error_code, int si_code)
+static void fill_sigtrap_info(struct task_struct *tsk,
+                                struct pt_regs *regs,
+                                int error_code, int si_code,
+                                struct siginfo *info)
 {
-        struct siginfo info;
-
         tsk->thread.trap_no = 1;
         tsk->thread.error_code = error_code;
 
-        memset(&info, 0, sizeof(info));
-        info.si_signo = SIGTRAP;
-        info.si_code = si_code;
+        memset(info, 0, sizeof(*info));
+        info->si_signo = SIGTRAP;
+        info->si_code = si_code;
+        info->si_addr = user_mode_vm(regs) ? (void __user *)regs->ip : NULL;
+}
 
-        /* User-mode ip? */
-        info.si_addr = user_mode_vm(regs) ? (void __user *) regs->ip : NULL;
+void user_single_step_siginfo(struct task_struct *tsk,
+                                struct pt_regs *regs,
+                                struct siginfo *info)
+{
+        fill_sigtrap_info(tsk, regs, 0, TRAP_BRKPT, info);
+}
 
+void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
+                                         int error_code, int si_code)
+{
+        struct siginfo info;
+
+        fill_sigtrap_info(tsk, regs, error_code, si_code, &info);
         /* Send us the fake SIGTRAP */
         force_sig_info(SIGTRAP, &info, tsk);
 }
@@ -1516,29 +1767,22 @@ asmregparm long syscall_trace_enter(struct pt_regs *regs)
 
 asmregparm void syscall_trace_leave(struct pt_regs *regs)
 {
+        bool step;
+
         if (unlikely(current->audit_context))
                 audit_syscall_exit(AUDITSC_RESULT(regs->ax), regs->ax);
 
         if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
                 trace_sys_exit(regs, regs->ax);
 
-        if (test_thread_flag(TIF_SYSCALL_TRACE))
-                tracehook_report_syscall_exit(regs, 0);
-
         /*
          * If TIF_SYSCALL_EMU is set, we only get here because of
          * TIF_SINGLESTEP (i.e. this is PTRACE_SYSEMU_SINGLESTEP).
          * We already reported this syscall instruction in
-         * syscall_trace_enter(), so don't do any more now.
-         */
-        if (unlikely(test_thread_flag(TIF_SYSCALL_EMU)))
-                return;
-
-        /*
-         * If we are single-stepping, synthesize a trap to follow the
-         * system call instruction.
+         * syscall_trace_enter().
          */
-        if (test_thread_flag(TIF_SINGLESTEP) &&
-            tracehook_consider_fatal_signal(current, SIGTRAP))
-                send_sigtrap(current, regs, 0, TRAP_BRKPT);
+        step = unlikely(test_thread_flag(TIF_SINGLESTEP)) &&
+                        !test_thread_flag(TIF_SYSCALL_EMU);
+        if (step || test_thread_flag(TIF_SYSCALL_TRACE))
+                tracehook_report_syscall_exit(regs, step);
 }
diff --git a/arch/x86/kernel/quirks.c b/arch/x86/kernel/quirks.c
index 6c3b2c6fd772..18093d7498f0 100644
--- a/arch/x86/kernel/quirks.c
+++ b/arch/x86/kernel/quirks.c
@@ -499,6 +499,7 @@ static void __init quirk_amd_nb_node(struct pci_dev *dev)
 {
         struct pci_dev *nb_ht;
         unsigned int devfn;
+        u32 node;
         u32 val;
 
         devfn = PCI_DEVFN(PCI_SLOT(dev->devfn), 0);
@@ -507,7 +508,13 @@ static void __init quirk_amd_nb_node(struct pci_dev *dev)
                 return;
 
         pci_read_config_dword(nb_ht, 0x60, &val);
-        set_dev_node(&dev->dev, val & 7);
+        node = val & 7;
+        /*
+         * Some hardware may return an invalid node ID,
+         * so check it first:
+         */
+        if (node_online(node))
+                set_dev_node(&dev->dev, node);
         pci_dev_put(nb_ht);
 }
 
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index 27349f92a6d7..1545bc0c9845 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -4,6 +4,7 @@
 #include <linux/pm.h>
 #include <linux/efi.h>
 #include <linux/dmi.h>
+#include <linux/sched.h>
 #include <linux/tboot.h>
 #include <acpi/reboot.h>
 #include <asm/io.h>
@@ -22,7 +23,7 @@
 # include <linux/ctype.h>
 # include <linux/mc146818rtc.h>
 #else
-# include <asm/iommu.h>
+# include <asm/x86_init.h>
 #endif
 
 /*
@@ -258,6 +259,14 @@ static struct dmi_system_id __initdata reboot_dmi_table[] = {
                         DMI_MATCH(DMI_PRODUCT_NAME, "SBC-FITPC2"),
                 },
         },
+        {       /* Handle problems with rebooting on ASUS P4S800 */
+                .callback = set_bios_reboot,
+                .ident = "ASUS P4S800",
+                .matches = {
+                        DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."),
+                        DMI_MATCH(DMI_BOARD_NAME, "P4S800"),
+                },
+        },
         { }
 };
 
@@ -435,6 +444,14 @@ static struct dmi_system_id __initdata pci_reboot_dmi_table[] = {
                         DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro5"),
                 },
         },
+        {       /* Handle problems with rebooting on Apple Macmini3,1 */
+                .callback = set_pci_reboot,
+                .ident = "Apple Macmini3,1",
+                .matches = {
+                        DMI_MATCH(DMI_SYS_VENDOR, "Apple Inc."),
+                        DMI_MATCH(DMI_PRODUCT_NAME, "Macmini3,1"),
+                },
+        },
         { }
 };
 
@@ -613,7 +630,7 @@ void native_machine_shutdown(void)
 #endif
 
 #ifdef CONFIG_X86_64
-        pci_iommu_shutdown();
+        x86_platform.iommu_shutdown();
 #endif
 }
 
diff --git a/arch/x86/kernel/reboot_fixups_32.c b/arch/x86/kernel/reboot_fixups_32.c
index 61a837743fe5..fda313ebbb03 100644
--- a/arch/x86/kernel/reboot_fixups_32.c
+++ b/arch/x86/kernel/reboot_fixups_32.c
@@ -12,7 +12,7 @@
 #include <linux/interrupt.h>
 #include <asm/reboot_fixups.h>
 #include <asm/msr.h>
-#include <asm/geode.h>
+#include <linux/cs5535.h>
 
 static void cs5530a_warm_reset(struct pci_dev *dev)
 {
@@ -80,6 +80,7 @@ void mach_reboot_fixups(void)
                         continue;
 
                 cur->reboot_fixup(dev);
+                pci_dev_put(dev);
         }
 }
 
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index e09f0e2c14b5..f7b8b9894b22 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -73,6 +73,7 @@
 
 #include <asm/mtrr.h>
 #include <asm/apic.h>
+#include <asm/trampoline.h>
 #include <asm/e820.h>
 #include <asm/mpspec.h>
 #include <asm/setup.h>
@@ -106,9 +107,11 @@
 #include <asm/percpu.h>
 #include <asm/topology.h>
 #include <asm/apicdef.h>
+#include <asm/k8.h>
 #ifdef CONFIG_X86_64
 #include <asm/numa_64.h>
 #endif
+#include <asm/mce.h>
 
 /*
  * end_pfn only includes RAM, while max_pfn_mapped includes all e820 entries.
@@ -247,7 +250,7 @@ EXPORT_SYMBOL(edd);
  *              from boot_params into a safe place.
  *
  */
-static inline void copy_edd(void)
+static inline void __init copy_edd(void)
 {
      memcpy(edd.mbr_signature, boot_params.edd_mbr_sig_buffer,
             sizeof(edd.mbr_signature));
@@ -256,7 +259,7 @@ static inline void copy_edd(void)
      edd.edd_info_nr = boot_params.eddbuf_entries;
 }
 #else
-static inline void copy_edd(void)
+static inline void __init copy_edd(void)
 {
 }
 #endif
@@ -486,42 +489,11 @@ static void __init reserve_early_setup_data(void)
 
 #ifdef CONFIG_KEXEC
 
-/**
- * Reserve @size bytes of crashkernel memory at any suitable offset.
- *
- * @size: Size of the crashkernel memory to reserve.
- * Returns the base address on success, and -1ULL on failure.
- */
-static
-unsigned long long __init find_and_reserve_crashkernel(unsigned long long size)
-{
-        const unsigned long long alignment = 16<<20;    /* 16M */
-        unsigned long long start = 0LL;
-
-        while (1) {
-                int ret;
-
-                start = find_e820_area(start, ULONG_MAX, size, alignment);
-                if (start == -1ULL)
-                        return start;
-
-                /* try to reserve it */
-                ret = reserve_bootmem_generic(start, size, BOOTMEM_EXCLUSIVE);
-                if (ret >= 0)
-                        return start;
-
-                start += alignment;
-        }
-}
-
 static inline unsigned long long get_total_mem(void)
 {
         unsigned long long total;
 
-        total = max_low_pfn - min_low_pfn;
-#ifdef CONFIG_HIGHMEM
-        total += highend_pfn - highstart_pfn;
-#endif
+        total = max_pfn - min_low_pfn;
 
         return total << PAGE_SHIFT;
 }
@@ -541,21 +513,25 @@ static void __init reserve_crashkernel(void)
 
         /* 0 means: find the address automatically */
         if (crash_base <= 0) {
-                crash_base = find_and_reserve_crashkernel(crash_size);
+                const unsigned long long alignment = 16<<20;    /* 16M */
+
+                crash_base = find_e820_area(alignment, ULONG_MAX, crash_size,
+                                 alignment);
                 if (crash_base == -1ULL) {
-                        pr_info("crashkernel reservation failed. "
-                                "No suitable area found.\n");
+                        pr_info("crashkernel reservation failed - No suitable area found.\n");
                         return;
                 }
         } else {
-                ret = reserve_bootmem_generic(crash_base, crash_size,
-                                        BOOTMEM_EXCLUSIVE);
-                if (ret < 0) {
-                        pr_info("crashkernel reservation failed - "
-                                "memory is in use\n");
+                unsigned long long start;
+
+                start = find_e820_area(crash_base, ULONG_MAX, crash_size,
+                                 1<<20);
+                if (start != crash_base) {
+                        pr_info("crashkernel reservation failed - memory is in use.\n");
                         return;
                 }
         }
+        reserve_early(crash_base, crash_base + crash_size, "CRASH KERNEL");
 
         printk(KERN_INFO "Reserving %ldMB of memory at %ldMB "
                         "for crashkernel (System RAM: %ldMB)\n",
@@ -660,6 +636,13 @@ static struct dmi_system_id __initdata bad_bios_dmi_table[] = {
                 },
         },
         {
+                .callback = dmi_low_memory_corruption,
+                .ident = "Phoenix/MSC BIOS",
+                .matches = {
+                        DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix/MSC"),
+                },
+        },
+        {
         /*
          * AMI BIOS with low memory corruption was found on Intel DG45ID board.
          * It hase different DMI_BIOS_VENDOR = "Intel Corp.", for now we will
@@ -691,6 +674,9 @@ static struct dmi_system_id __initdata bad_bios_dmi_table[] = {
 
 void __init setup_arch(char **cmdline_p)
 {
+        int acpi = 0;
+        int k8 = 0;
+
 #ifdef CONFIG_X86_32
         memcpy(&boot_cpu_data, &new_cpu_data, sizeof(new_cpu_data));
         visws_early_detect();
@@ -783,21 +769,18 @@ void __init setup_arch(char **cmdline_p)
         strlcpy(command_line, boot_command_line, COMMAND_LINE_SIZE);
         *cmdline_p = command_line;
 
-#ifdef CONFIG_X86_64
         /*
-         * Must call this twice: Once just to detect whether hardware doesn't
-         * support NX (so that the early EHCI debug console setup can safely
-         * call set_fixmap(), and then again after parsing early parameters to
-         * honor the respective command line option.
+         * x86_configure_nx() is called before parse_early_param() to detect
+         * whether hardware doesn't support NX (so that the early EHCI debug
+         * console setup can safely call set_fixmap()). It may then be called
+         * again from within noexec_setup() during parsing early parameters
+         * to honor the respective command line option.
          */
-        check_efer();
-#endif
+        x86_configure_nx();
 
         parse_early_param();
 
-#ifdef CONFIG_X86_64
-        check_efer();
-#endif
+        x86_report_nx();
 
         /* Must be before kernel pagetables are setup */
         vmi_activate();
@@ -893,6 +876,20 @@ void __init setup_arch(char **cmdline_p)
 
         reserve_brk();
 
+        /*
+         * Find and reserve possible boot-time SMP configuration:
+         */
+        find_smp_config();
+
+        reserve_trampoline_memory();
+
+#ifdef CONFIG_ACPI_SLEEP
+        /*
+         * Reserve low memory region for sleep support.
+         * even before init_memory_mapping
+         */
+        acpi_reserve_wakeup_memory();
+#endif
         init_gbpages();
 
         /* max_pfn_mapped is updated here */
@@ -919,6 +916,8 @@ void __init setup_arch(char **cmdline_p)
 
         reserve_initrd();
 
+        reserve_crashkernel();
+
         vsmp_init();
 
         io_delay_init();
@@ -934,23 +933,15 @@ void __init setup_arch(char **cmdline_p)
         /*
          * Parse SRAT to discover nodes.
          */
-        acpi_numa_init();
+        acpi = acpi_numa_init();
 #endif
 
-        initmem_init(0, max_pfn);
-
-#ifdef CONFIG_ACPI_SLEEP
-        /*
-         * Reserve low memory region for sleep support.
-         */
-        acpi_reserve_bootmem();
+#ifdef CONFIG_K8_NUMA
+        if (!acpi)
+                k8 = !k8_numa_init(0, max_pfn);
 #endif
-        /*
-         * Find and reserve possible boot-time SMP configuration:
-         */
-        find_smp_config();
 
-        reserve_crashkernel();
+        initmem_init(0, max_pfn, acpi, k8);
 
 #ifdef CONFIG_X86_64
         /*
@@ -1024,6 +1015,8 @@ void __init setup_arch(char **cmdline_p)
 #endif
 #endif
         x86_init.oem.banner();
+
+        mcheck_init();
 }
 
 #ifdef CONFIG_X86_32
diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c
index d559af913e1f..35abcb8b00e9 100644
--- a/arch/x86/kernel/setup_percpu.c
+++ b/arch/x86/kernel/setup_percpu.c
@@ -1,3 +1,5 @@
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/kernel.h>
 #include <linux/module.h>
 #include <linux/init.h>
@@ -20,9 +22,9 @@
 #include <asm/stackprotector.h>
 
 #ifdef CONFIG_DEBUG_PER_CPU_MAPS
-# define DBG(x...) printk(KERN_DEBUG x)
+# define DBG(fmt, ...) pr_dbg(fmt, ##__VA_ARGS__)
 #else
-# define DBG(x...)
+# define DBG(fmt, ...) do { if (0) pr_dbg(fmt, ##__VA_ARGS__); } while (0)
 #endif
 
 DEFINE_PER_CPU(int, cpu_number);
@@ -116,8 +118,8 @@ static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size,
         } else {
                 ptr = __alloc_bootmem_node_nopanic(NODE_DATA(node),
                                                    size, align, goal);
-                pr_debug("per cpu data for cpu%d %lu bytes on node%d at "
-                         "%016lx\n", cpu, size, node, __pa(ptr));
+                pr_debug("per cpu data for cpu%d %lu bytes on node%d at %016lx\n",
+                         cpu, size, node, __pa(ptr));
         }
         return ptr;
 #else
@@ -198,8 +200,7 @@ void __init setup_per_cpu_areas(void)
                                             pcpu_cpu_distance,
                                             pcpu_fc_alloc, pcpu_fc_free);
                 if (rc < 0)
-                        pr_warning("PERCPU: %s allocator failed (%d), "
-                                   "falling back to page size\n",
+                        pr_warning("%s allocator failed (%d), falling back to page size\n",
                                    pcpu_fc_names[pcpu_chosen_fc], rc);
         }
         if (rc < 0)
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 6a44a76055ad..4fd173cd8e57 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -19,6 +19,7 @@
 #include <linux/stddef.h>
 #include <linux/personality.h>
 #include <linux/uaccess.h>
+#include <linux/user-return-notifier.h>
 
 #include <asm/processor.h>
 #include <asm/ucontext.h>
@@ -544,22 +545,12 @@ sys_sigaction(int sig, const struct old_sigaction __user *act,
 }
 #endif /* CONFIG_X86_32 */
 
-#ifdef CONFIG_X86_32
-int sys_sigaltstack(struct pt_regs *regs)
-{
-        const stack_t __user *uss = (const stack_t __user *)regs->bx;
-        stack_t __user *uoss = (stack_t __user *)regs->cx;
-
-        return do_sigaltstack(uss, uoss, regs->sp);
-}
-#else /* !CONFIG_X86_32 */
-asmlinkage long
+long
 sys_sigaltstack(const stack_t __user *uss, stack_t __user *uoss,
                 struct pt_regs *regs)
 {
         return do_sigaltstack(uss, uoss, regs->sp);
 }
-#endif /* CONFIG_X86_32 */
 
 /*
  * Do a signal return; undo the signal stack.
@@ -799,15 +790,6 @@ static void do_signal(struct pt_regs *regs)
 
         signr = get_signal_to_deliver(&info, &ka, regs, NULL);
         if (signr > 0) {
-                /*
-                 * Re-enable any watchpoints before delivering the
-                 * signal to user space. The processor register will
-                 * have been cleared if the watchpoint triggered
-                 * inside the kernel.
-                 */
-                if (current->thread.debugreg7)
-                        set_debugreg(current->thread.debugreg7, 7);
-
                 /* Whee! Actually deliver the signal.  */
                 if (handle_signal(signr, &info, &ka, oldset, regs) == 0) {
                         /*
@@ -872,6 +854,8 @@ do_notify_resume(struct pt_regs *regs, void *unused, __u32 thread_info_flags)
                 if (current->replacement_session_keyring)
                         key_replace_session_keyring();
         }
+        if (thread_info_flags & _TIF_USER_RETURN_NOTIFY)
+                fire_user_return_notifiers();
 
 #ifdef CONFIG_X86_32
         clear_thread_flag(TIF_IRET);
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 565ebc65920e..678d0b8c26f3 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -671,6 +671,26 @@ static void __cpuinit do_fork_idle(struct work_struct *work)
         complete(&c_idle->done);
 }
 
+/* reduce the number of lines printed when booting a large cpu count system */
+static void __cpuinit announce_cpu(int cpu, int apicid)
+{
+        static int current_node = -1;
+        int node = cpu_to_node(cpu);
+
+        if (system_state == SYSTEM_BOOTING) {
+                if (node != current_node) {
+                        if (current_node > (-1))
+                                pr_cont(" Ok.\n");
+                        current_node = node;
+                        pr_info("Booting Node %3d, Processors ", node);
+                }
+                pr_cont(" #%d%s", cpu, cpu == (nr_cpu_ids - 1) ? " Ok.\n" : "");
+                return;
+        } else
+                pr_info("Booting Node %d Processor %d APIC 0x%x\n",
+                        node, cpu, apicid);
+}
+
 /*
  * NOTE - on most systems this is a PHYSICAL apic ID, but on multiquad
  * (ie clustered apic addressing mode), this is a LOGICAL apic ID.
@@ -687,7 +707,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu)
                 .done   = COMPLETION_INITIALIZER_ONSTACK(c_idle.done),
         };
 
-        INIT_WORK(&c_idle.work, do_fork_idle);
+        INIT_WORK_ON_STACK(&c_idle.work, do_fork_idle);
 
         alternatives_smp_switch(1);
 
@@ -713,6 +733,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu)
 
         if (IS_ERR(c_idle.idle)) {
                 printk("failed fork for CPU %d\n", cpu);
+                destroy_work_on_stack(&c_idle.work);
                 return PTR_ERR(c_idle.idle);
         }
 
@@ -736,9 +757,8 @@ do_rest:
         /* start_ip had better be page-aligned! */
         start_ip = setup_trampoline();
 
-        /* So we see what's up   */
-        printk(KERN_INFO "Booting processor %d APIC 0x%x ip 0x%lx\n",
-                          cpu, apicid, start_ip);
+        /* So we see what's up */
+        announce_cpu(cpu, apicid);
 
         /*
          * This grunge runs the startup process for
@@ -787,21 +807,17 @@ do_rest:
                         udelay(100);
                 }
 
-                if (cpumask_test_cpu(cpu, cpu_callin_mask)) {
-                        /* number CPUs logically, starting from 1 (BSP is 0) */
-                        pr_debug("OK.\n");
-                        printk(KERN_INFO "CPU%d: ", cpu);
-                        print_cpu_info(&cpu_data(cpu));
-                        pr_debug("CPU has booted.\n");
-                } else {
+                if (cpumask_test_cpu(cpu, cpu_callin_mask))
+                        pr_debug("CPU%d: has booted.\n", cpu);
+                else {
                         boot_error = 1;
                         if (*((volatile unsigned char *)trampoline_base)
                                         == 0xA5)
                                 /* trampoline started but...? */
-                                printk(KERN_ERR "Stuck ??\n");
+                                pr_err("CPU%d: Stuck ??\n", cpu);
                         else
                                 /* trampoline code not run */
-                                printk(KERN_ERR "Not responding.\n");
+                                pr_err("CPU%d: Not responding.\n", cpu);
                         if (apic->inquire_remote_apic)
                                 apic->inquire_remote_apic(apicid);
                 }
@@ -831,6 +847,7 @@ do_rest:
                 smpboot_restore_warm_reset_vector();
         }
 
+        destroy_work_on_stack(&c_idle.work);
         return boot_error;
 }
 
@@ -1250,16 +1267,7 @@ static void __ref remove_cpu_from_maps(int cpu)
 void cpu_disable_common(void)
 {
         int cpu = smp_processor_id();
-        /*
-         * HACK:
-         * Allow any queued timer interrupts to get serviced
-         * This is only a temporary solution until we cleanup
-         * fixup_irqs as we do for IA64.
-         */
-        local_irq_enable();
-        mdelay(1);
 
-        local_irq_disable();
         remove_siblinginfo(cpu);
 
         /* It's now safe to remove this processor from the online map */
@@ -1300,14 +1308,16 @@ void native_cpu_die(unsigned int cpu)
         for (i = 0; i < 10; i++) {
                 /* They ack this in play_dead by setting CPU_DEAD */
                 if (per_cpu(cpu_state, cpu) == CPU_DEAD) {
-                        printk(KERN_INFO "CPU %d is now offline\n", cpu);
+                        if (system_state == SYSTEM_RUNNING)
+                                pr_info("CPU %u is now offline\n", cpu);
+
                         if (1 == num_online_cpus())
                                 alternatives_smp_switch(0);
                         return;
                 }
                 msleep(100);
         }
-        printk(KERN_ERR "CPU %u didn't die...\n", cpu);
+        pr_err("CPU %u didn't die...\n", cpu);
 }
 
 void play_dead_common(void)
diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c
index c3eb207181fe..922eefbb3f6c 100644
--- a/arch/x86/kernel/stacktrace.c
+++ b/arch/x86/kernel/stacktrace.c
@@ -53,17 +53,19 @@ save_stack_address_nosched(void *data, unsigned long addr, int reliable)
 }
 
 static const struct stacktrace_ops save_stack_ops = {
-        .warning = save_stack_warning,
-        .warning_symbol = save_stack_warning_symbol,
-        .stack = save_stack_stack,
-        .address = save_stack_address,
+        .warning        = save_stack_warning,
+        .warning_symbol = save_stack_warning_symbol,
+        .stack          = save_stack_stack,
+        .address        = save_stack_address,
+        .walk_stack     = print_context_stack,
 };
 
 static const struct stacktrace_ops save_stack_ops_nosched = {
-        .warning = save_stack_warning,
-        .warning_symbol = save_stack_warning_symbol,
-        .stack = save_stack_stack,
-        .address = save_stack_address_nosched,
+        .warning        = save_stack_warning,
+        .warning_symbol = save_stack_warning_symbol,
+        .stack          = save_stack_stack,
+        .address        = save_stack_address_nosched,
+        .walk_stack     = print_context_stack,
 };
 
 /*
diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c
index 1884a8d12bfa..dee1ff7cba58 100644
--- a/arch/x86/kernel/sys_i386_32.c
+++ b/arch/x86/kernel/sys_i386_32.c
@@ -24,31 +24,6 @@
 
 #include <asm/syscalls.h>
 
-asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
-                          unsigned long prot, unsigned long flags,
-                          unsigned long fd, unsigned long pgoff)
-{
-        int error = -EBADF;
-        struct file *file = NULL;
-        struct mm_struct *mm = current->mm;
-
-        flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
-        if (!(flags & MAP_ANONYMOUS)) {
-                file = fget(fd);
-                if (!file)
-                        goto out;
-        }
-
-        down_write(&mm->mmap_sem);
-        error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
-        up_write(&mm->mmap_sem);
-
-        if (file)
-                fput(file);
-out:
-        return error;
-}
-
 /*
  * Perform the select(nd, in, out, ex, tv) and mmap() system
  * calls. Linux/i386 didn't use to be able to handle more than
@@ -77,7 +52,7 @@ asmlinkage int old_mmap(struct mmap_arg_struct __user *arg)
         if (a.offset & ~PAGE_MASK)
                 goto out;
 
-        err = sys_mmap2(a.addr, a.len, a.prot, a.flags,
+        err = sys_mmap_pgoff(a.addr, a.len, a.prot, a.flags,
                         a.fd, a.offset >> PAGE_SHIFT);
 out:
         return err;
diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
index 45e00eb09c3a..8aa2057efd12 100644
--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
@@ -23,26 +23,11 @@ SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len,
                 unsigned long, fd, unsigned long, off)
 {
         long error;
-        struct file *file;
-
         error = -EINVAL;
         if (off & ~PAGE_MASK)
                 goto out;
 
-        error = -EBADF;
-        file = NULL;
-        flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
-        if (!(flags & MAP_ANONYMOUS)) {
-                file = fget(fd);
-                if (!file)
-                        goto out;
-        }
-        down_write(&current->mm->mmap_sem);
-        error = do_mmap_pgoff(file, addr, len, prot, flags, off >> PAGE_SHIFT);
-        up_write(&current->mm->mmap_sem);
-
-        if (file)
-                fput(file);
+        error = sys_mmap_pgoff(addr, len, prot, flags, fd, off >> PAGE_SHIFT);
 out:
         return error;
 }
diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S
index 0157cd26d7cc..15228b5d3eb7 100644
--- a/arch/x86/kernel/syscall_table_32.S
+++ b/arch/x86/kernel/syscall_table_32.S
@@ -191,7 +191,7 @@ ENTRY(sys_call_table)
         .long sys_ni_syscall    /* reserved for streams2 */
         .long ptregs_vfork      /* 190 */
         .long sys_getrlimit
-        .long sys_mmap2
+        .long sys_mmap_pgoff
         .long sys_truncate64
         .long sys_ftruncate64
         .long sys_stat64        /* 195 */
@@ -336,3 +336,4 @@ ENTRY(sys_call_table)
         .long sys_pwritev
         .long sys_rt_tgsigqueueinfo     /* 335 */
         .long sys_perf_event_open
+        .long sys_recvmmsg
diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c
index dcb00d278512..be2573448ed9 100644
--- a/arch/x86/kernel/time.c
+++ b/arch/x86/kernel/time.c
@@ -38,7 +38,8 @@ unsigned long profile_pc(struct pt_regs *regs)
 #ifdef CONFIG_FRAME_POINTER
                 return *(unsigned long *)(regs->bp + sizeof(long));
 #else
-                unsigned long *sp = (unsigned long *)regs->sp;
+                unsigned long *sp =
+                        (unsigned long *)kernel_stack_pointer(regs);
                 /*
                  * Return address is either directly at stack pointer
                  * or above a saved flags. Eflags has bits 22-31 zero,
diff --git a/arch/x86/kernel/tlb_uv.c b/arch/x86/kernel/tlb_uv.c
index 503c1f2e8835..364d015efebc 100644
--- a/arch/x86/kernel/tlb_uv.c
+++ b/arch/x86/kernel/tlb_uv.c
@@ -23,8 +23,6 @@
 static struct bau_control       **uv_bau_table_bases __read_mostly;
 static int                      uv_bau_retry_limit __read_mostly;
 
-/* position of pnode (which is nasid>>1): */
-static int                      uv_nshift __read_mostly;
 /* base pnode in this partition */
 static int                      uv_partition_base_pnode __read_mostly;
 
@@ -723,7 +721,7 @@ uv_activation_descriptor_init(int node, int pnode)
         BUG_ON(!adp);
 
         pa = uv_gpa(adp); /* need the real nasid*/
-        n = pa >> uv_nshift;
+        n = uv_gpa_to_pnode(pa);
         m = pa & uv_mmask;
 
         uv_write_global_mmr64(pnode, UVH_LB_BAU_SB_DESCRIPTOR_BASE,
@@ -778,7 +776,7 @@ uv_payload_queue_init(int node, int pnode, struct bau_control *bau_tablesp)
          * need the pnode of where the memory was really allocated
          */
         pa = uv_gpa(pqp);
-        pn = pa >> uv_nshift;
+        pn = uv_gpa_to_pnode(pa);
         uv_write_global_mmr64(pnode,
                               UVH_LB_BAU_INTD_PAYLOAD_QUEUE_FIRST,
                               ((unsigned long)pn << UV_PAYLOADQ_PNODE_SHIFT) |
@@ -819,10 +817,8 @@ static int __init uv_init_blade(int blade)
          */
         apicid = blade_to_first_apicid(blade);
         pa = uv_read_global_mmr64(pnode, UVH_BAU_DATA_CONFIG);
-        if ((pa & 0xff) != UV_BAU_MESSAGE) {
-                uv_write_global_mmr64(pnode, UVH_BAU_DATA_CONFIG,
+        uv_write_global_mmr64(pnode, UVH_BAU_DATA_CONFIG,
                                       ((apicid << 32) | UV_BAU_MESSAGE));
-        }
         return 0;
 }
 
@@ -843,8 +839,7 @@ static int __init uv_bau_init(void)
                                        GFP_KERNEL, cpu_to_node(cur_cpu));
 
         uv_bau_retry_limit = 1;
-        uv_nshift = uv_hub_info->n_val;
-        uv_mmask = (1UL << uv_hub_info->n_val) - 1;
+        uv_mmask = (1UL << uv_hub_info->m_val) - 1;
         nblades = uv_num_possible_blades();
 
         uv_bau_table_bases = (struct bau_control **)
diff --git a/arch/x86/kernel/trampoline.c b/arch/x86/kernel/trampoline.c
index 699f7eeb896a..c652ef62742d 100644
--- a/arch/x86/kernel/trampoline.c
+++ b/arch/x86/kernel/trampoline.c
@@ -3,22 +3,28 @@
 #include <asm/trampoline.h>
 #include <asm/e820.h>
 
+#if defined(CONFIG_X86_64) && defined(CONFIG_ACPI_SLEEP)
+#define __trampinit
+#define __trampinitdata
+#else
+#define __trampinit __cpuinit
+#define __trampinitdata __cpuinitdata
+#endif
+
 /* ready for x86_64 and x86 */
-unsigned char *__cpuinitdata trampoline_base = __va(TRAMPOLINE_BASE);
+unsigned char *__trampinitdata trampoline_base;
 
 void __init reserve_trampoline_memory(void)
 {
-#ifdef CONFIG_X86_32
-        /*
-         * But first pinch a few for the stack/trampoline stuff
-         * FIXME: Don't need the extra page at 4K, but need to fix
-         * trampoline before removing it. (see the GDT stuff)
-         */
-        reserve_early(PAGE_SIZE, PAGE_SIZE + PAGE_SIZE, "EX TRAMPOLINE");
-#endif
+        unsigned long mem;
+
         /* Has to be in very low memory so we can execute real-mode AP code. */
-        reserve_early(TRAMPOLINE_BASE, TRAMPOLINE_BASE + TRAMPOLINE_SIZE,
-                        "TRAMPOLINE");
+        mem = find_e820_area(0, 1<<20, TRAMPOLINE_SIZE, PAGE_SIZE);
+        if (mem == -1L)
+                panic("Cannot allocate trampoline\n");
+
+        trampoline_base = __va(mem);
+        reserve_early(mem, mem + TRAMPOLINE_SIZE, "TRAMPOLINE");
 }
 
 /*
@@ -26,7 +32,7 @@ void __init reserve_trampoline_memory(void)
  * bootstrap into the page concerned. The caller
  * has made sure it's suitably aligned.
  */
-unsigned long __cpuinit setup_trampoline(void)
+unsigned long __trampinit setup_trampoline(void)
 {
         memcpy(trampoline_base, trampoline_data, TRAMPOLINE_SIZE);
         return virt_to_phys(trampoline_base);
diff --git a/arch/x86/kernel/trampoline_64.S b/arch/x86/kernel/trampoline_64.S
index 596d54c660a5..3af2dff58b21 100644
--- a/arch/x86/kernel/trampoline_64.S
+++ b/arch/x86/kernel/trampoline_64.S
@@ -32,8 +32,12 @@
 #include <asm/segment.h>
 #include <asm/processor-flags.h>
 
+#ifdef CONFIG_ACPI_SLEEP
+.section .rodata, "a", @progbits
+#else
 /* We can free up the trampoline after bootup if cpu hotplug is not supported. */
 __CPUINITRODATA
+#endif
 .code16
 
 ENTRY(trampoline_data)
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 7e37dcee0cc3..33399176512a 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -529,77 +529,56 @@ asmlinkage __kprobes struct pt_regs *sync_regs(struct pt_regs *eregs)
 dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
 {
         struct task_struct *tsk = current;
-        unsigned long condition;
+        unsigned long dr6;
         int si_code;
 
-        get_debugreg(condition, 6);
+        get_debugreg(dr6, 6);
 
         /* Catch kmemcheck conditions first of all! */
-        if (condition & DR_STEP && kmemcheck_trap(regs))
+        if ((dr6 & DR_STEP) && kmemcheck_trap(regs))
                 return;
 
+        /* DR6 may or may not be cleared by the CPU */
+        set_debugreg(0, 6);
         /*
          * The processor cleared BTF, so don't mark that we need it set.
          */
         clear_tsk_thread_flag(tsk, TIF_DEBUGCTLMSR);
         tsk->thread.debugctlmsr = 0;
 
-        if (notify_die(DIE_DEBUG, "debug", regs, condition, error_code,
-                                                SIGTRAP) == NOTIFY_STOP)
+        /* Store the virtualized DR6 value */
+        tsk->thread.debugreg6 = dr6;
+
+        if (notify_die(DIE_DEBUG, "debug", regs, PTR_ERR(&dr6), error_code,
+                                                        SIGTRAP) == NOTIFY_STOP)
                 return;
 
         /* It's safe to allow irq's after DR6 has been saved */
         preempt_conditional_sti(regs);
 
-        /* Mask out spurious debug traps due to lazy DR7 setting */
-        if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
-                if (!tsk->thread.debugreg7)
-                        goto clear_dr7;
+        if (regs->flags & X86_VM_MASK) {
+                handle_vm86_trap((struct kernel_vm86_regs *) regs,
+                                error_code, 1);
+                return;
         }
 
-#ifdef CONFIG_X86_32
-        if (regs->flags & X86_VM_MASK)
-                goto debug_vm86;
-#endif
-
-        /* Save debug status register where ptrace can see it */
-        tsk->thread.debugreg6 = condition;
-
         /*
-         * Single-stepping through TF: make sure we ignore any events in
-         * kernel space (but re-enable TF when returning to user mode).
+         * Single-stepping through system calls: ignore any exceptions in
+         * kernel space, but re-enable TF when returning to user mode.
+         *
+         * We already checked v86 mode above, so we can check for kernel mode
+         * by just checking the CPL of CS.
          */
-        if (condition & DR_STEP) {
-                if (!user_mode(regs))
-                        goto clear_TF_reenable;
+        if ((dr6 & DR_STEP) && !user_mode(regs)) {
+                tsk->thread.debugreg6 &= ~DR_STEP;
+                set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
+                regs->flags &= ~X86_EFLAGS_TF;
         }
-
-        si_code = get_si_code(condition);
-        /* Ok, finally something we can handle */
-        send_sigtrap(tsk, regs, error_code, si_code);
-
-        /*
-         * Disable additional traps. They'll be re-enabled when
-         * the signal is delivered.
-         */
-clear_dr7:
-        set_debugreg(0, 7);
+        si_code = get_si_code(tsk->thread.debugreg6);
+        if (tsk->thread.debugreg6 & (DR_STEP | DR_TRAP_BITS))
+                send_sigtrap(tsk, regs, error_code, si_code);
         preempt_conditional_cli(regs);
-        return;
 
-#ifdef CONFIG_X86_32
-debug_vm86:
-        /* reenable preemption: handle_vm86_trap() might sleep */
-        dec_preempt_count();
-        handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, 1);
-        conditional_cli(regs);
-        return;
-#endif
-
-clear_TF_reenable:
-        set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
-        regs->flags &= ~X86_EFLAGS_TF;
-        preempt_conditional_cli(regs);
         return;
 }
 
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index cd982f48e23e..597683aa5ba0 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -763,6 +763,7 @@ void mark_tsc_unstable(char *reason)
 {
         if (!tsc_unstable) {
                 tsc_unstable = 1;
+                sched_clock_stable = 0;
                 printk(KERN_INFO "Marking TSC unstable due to %s\n", reason);
                 /* Change only the rating, when not registered */
                 if (clocksource_tsc.mult)
diff --git a/arch/x86/kernel/tsc_sync.c b/arch/x86/kernel/tsc_sync.c
index f37930954d15..0aa5fed8b9e6 100644
--- a/arch/x86/kernel/tsc_sync.c
+++ b/arch/x86/kernel/tsc_sync.c
@@ -33,7 +33,7 @@ static __cpuinitdata atomic_t stop_count;
  * we want to have the fastest, inlined, non-debug version
  * of a critical section, to be able to prove TSC time-warps:
  */
-static __cpuinitdata raw_spinlock_t sync_lock = __RAW_SPIN_LOCK_UNLOCKED;
+static __cpuinitdata arch_spinlock_t sync_lock = __ARCH_SPIN_LOCK_UNLOCKED;
 
 static __cpuinitdata cycles_t last_tsc;
 static __cpuinitdata cycles_t max_warp;
@@ -62,13 +62,13 @@ static __cpuinit void check_tsc_warp(void)
                  * previous TSC that was measured (possibly on
                  * another CPU) and update the previous TSC timestamp.
                  */
-                __raw_spin_lock(&sync_lock);
+                arch_spin_lock(&sync_lock);
                 prev = last_tsc;
                 rdtsc_barrier();
                 now = get_cycles();
                 rdtsc_barrier();
                 last_tsc = now;
-                __raw_spin_unlock(&sync_lock);
+                arch_spin_unlock(&sync_lock);
 
                 /*
                  * Be nice every now and then (and also check whether
@@ -87,10 +87,10 @@ static __cpuinit void check_tsc_warp(void)
                  * we saw a time-warp of the TSC going backwards:
                  */
                 if (unlikely(prev > now)) {
-                        __raw_spin_lock(&sync_lock);
+                        arch_spin_lock(&sync_lock);
                         max_warp = max(max_warp, prev - now);
                         nr_warps++;
-                        __raw_spin_unlock(&sync_lock);
+                        arch_spin_unlock(&sync_lock);
                 }
         }
         WARN(!(now-start),
@@ -114,13 +114,12 @@ void __cpuinit check_tsc_sync_source(int cpu)
                 return;
 
         if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE)) {
-                printk_once(KERN_INFO "Skipping synchronization checks as TSC is reliable.\n");
+                if (cpu == (nr_cpu_ids-1) || system_state != SYSTEM_BOOTING)
+                        pr_info(
+                        "Skipped synchronization checks as TSC is reliable.\n");
                 return;
         }
 
-        pr_info("checking TSC synchronization [CPU#%d -> CPU#%d]:",
-                smp_processor_id(), cpu);
-
         /*
          * Reset it - in case this is a second bootup:
          */
@@ -142,12 +141,14 @@ void __cpuinit check_tsc_sync_source(int cpu)
                 cpu_relax();
 
         if (nr_warps) {
-                printk("\n");
+                pr_warning("TSC synchronization [CPU#%d -> CPU#%d]:\n",
+                        smp_processor_id(), cpu);
                 pr_warning("Measured %Ld cycles TSC warp between CPUs, "
                            "turning off TSC clock.\n", max_warp);
                 mark_tsc_unstable("check_tsc_sync_source failed");
         } else {
-                printk(" passed.\n");
+                pr_debug("TSC synchronization [CPU#%d -> CPU#%d]: passed\n",
+                        smp_processor_id(), cpu);
         }
 
         /*
diff --git a/arch/x86/kernel/uv_irq.c b/arch/x86/kernel/uv_irq.c
index aeef529917e4..ece73d8e3240 100644
--- a/arch/x86/kernel/uv_irq.c
+++ b/arch/x86/kernel/uv_irq.c
@@ -9,10 +9,25 @@
  */
 
 #include <linux/module.h>
+#include <linux/rbtree.h>
 #include <linux/irq.h>
 
 #include <asm/apic.h>
 #include <asm/uv/uv_irq.h>
+#include <asm/uv/uv_hub.h>
+
+/* MMR offset and pnode of hub sourcing interrupts for a given irq */
+struct uv_irq_2_mmr_pnode{
+        struct rb_node          list;
+        unsigned long           offset;
+        int                     pnode;
+        int                     irq;
+};
+
+static spinlock_t               uv_irq_lock;
+static struct rb_root           uv_irq_root;
+
+static int uv_set_irq_affinity(unsigned int, const struct cpumask *);
 
 static void uv_noop(unsigned int irq)
 {
@@ -39,25 +54,213 @@ struct irq_chip uv_irq_chip = {
         .unmask         = uv_noop,
         .eoi            = uv_ack_apic,
         .end            = uv_noop,
+        .set_affinity   = uv_set_irq_affinity,
 };
 
 /*
+ * Add offset and pnode information of the hub sourcing interrupts to the
+ * rb tree for a specific irq.
+ */
+static int uv_set_irq_2_mmr_info(int irq, unsigned long offset, unsigned blade)
+{
+        struct rb_node **link = &uv_irq_root.rb_node;
+        struct rb_node *parent = NULL;
+        struct uv_irq_2_mmr_pnode *n;
+        struct uv_irq_2_mmr_pnode *e;
+        unsigned long irqflags;
+
+        n = kmalloc_node(sizeof(struct uv_irq_2_mmr_pnode), GFP_KERNEL,
+                                uv_blade_to_memory_nid(blade));
+        if (!n)
+                return -ENOMEM;
+
+        n->irq = irq;
+        n->offset = offset;
+        n->pnode = uv_blade_to_pnode(blade);
+        spin_lock_irqsave(&uv_irq_lock, irqflags);
+        /* Find the right place in the rbtree: */
+        while (*link) {
+                parent = *link;
+                e = rb_entry(parent, struct uv_irq_2_mmr_pnode, list);
+
+                if (unlikely(irq == e->irq)) {
+                        /* irq entry exists */
+                        e->pnode = uv_blade_to_pnode(blade);
+                        e->offset = offset;
+                        spin_unlock_irqrestore(&uv_irq_lock, irqflags);
+                        kfree(n);
+                        return 0;
+                }
+
+                if (irq < e->irq)
+                        link = &(*link)->rb_left;
+                else
+                        link = &(*link)->rb_right;
+        }
+
+        /* Insert the node into the rbtree. */
+        rb_link_node(&n->list, parent, link);
+        rb_insert_color(&n->list, &uv_irq_root);
+
+        spin_unlock_irqrestore(&uv_irq_lock, irqflags);
+        return 0;
+}
+
+/* Retrieve offset and pnode information from the rb tree for a specific irq */
+int uv_irq_2_mmr_info(int irq, unsigned long *offset, int *pnode)
+{
+        struct uv_irq_2_mmr_pnode *e;
+        struct rb_node *n;
+        unsigned long irqflags;
+
+        spin_lock_irqsave(&uv_irq_lock, irqflags);
+        n = uv_irq_root.rb_node;
+        while (n) {
+                e = rb_entry(n, struct uv_irq_2_mmr_pnode, list);
+
+                if (e->irq == irq) {
+                        *offset = e->offset;
+                        *pnode = e->pnode;
+                        spin_unlock_irqrestore(&uv_irq_lock, irqflags);
+                        return 0;
+                }
+
+                if (irq < e->irq)
+                        n = n->rb_left;
+                else
+                        n = n->rb_right;
+        }
+        spin_unlock_irqrestore(&uv_irq_lock, irqflags);
+        return -1;
+}
+
+/*
+ * Re-target the irq to the specified CPU and enable the specified MMR located
+ * on the specified blade to allow the sending of MSIs to the specified CPU.
+ */
+static int
+arch_enable_uv_irq(char *irq_name, unsigned int irq, int cpu, int mmr_blade,
+                       unsigned long mmr_offset, int restrict)
+{
+        const struct cpumask *eligible_cpu = cpumask_of(cpu);
+        struct irq_desc *desc = irq_to_desc(irq);
+        struct irq_cfg *cfg;
+        int mmr_pnode;
+        unsigned long mmr_value;
+        struct uv_IO_APIC_route_entry *entry;
+        int err;
+
+        BUILD_BUG_ON(sizeof(struct uv_IO_APIC_route_entry) !=
+                        sizeof(unsigned long));
+
+        cfg = irq_cfg(irq);
+
+        err = assign_irq_vector(irq, cfg, eligible_cpu);
+        if (err != 0)
+                return err;
+
+        if (restrict == UV_AFFINITY_CPU)
+                desc->status |= IRQ_NO_BALANCING;
+        else
+                desc->status |= IRQ_MOVE_PCNTXT;
+
+        set_irq_chip_and_handler_name(irq, &uv_irq_chip, handle_percpu_irq,
+                                      irq_name);
+
+        mmr_value = 0;
+        entry = (struct uv_IO_APIC_route_entry *)&mmr_value;
+        entry->vector           = cfg->vector;
+        entry->delivery_mode    = apic->irq_delivery_mode;
+        entry->dest_mode        = apic->irq_dest_mode;
+        entry->polarity         = 0;
+        entry->trigger          = 0;
+        entry->mask             = 0;
+        entry->dest             = apic->cpu_mask_to_apicid(eligible_cpu);
+
+        mmr_pnode = uv_blade_to_pnode(mmr_blade);
+        uv_write_global_mmr64(mmr_pnode, mmr_offset, mmr_value);
+
+        if (cfg->move_in_progress)
+                send_cleanup_vector(cfg);
+
+        return irq;
+}
+
+/*
+ * Disable the specified MMR located on the specified blade so that MSIs are
+ * longer allowed to be sent.
+ */
+static void arch_disable_uv_irq(int mmr_pnode, unsigned long mmr_offset)
+{
+        unsigned long mmr_value;
+        struct uv_IO_APIC_route_entry *entry;
+
+        BUILD_BUG_ON(sizeof(struct uv_IO_APIC_route_entry) !=
+                        sizeof(unsigned long));
+
+        mmr_value = 0;
+        entry = (struct uv_IO_APIC_route_entry *)&mmr_value;
+        entry->mask = 1;
+
+        uv_write_global_mmr64(mmr_pnode, mmr_offset, mmr_value);
+}
+
+static int uv_set_irq_affinity(unsigned int irq, const struct cpumask *mask)
+{
+        struct irq_desc *desc = irq_to_desc(irq);
+        struct irq_cfg *cfg = desc->chip_data;
+        unsigned int dest;
+        unsigned long mmr_value;
+        struct uv_IO_APIC_route_entry *entry;
+        unsigned long mmr_offset;
+        unsigned mmr_pnode;
+
+        if (set_desc_affinity(desc, mask, &dest))
+                return -1;
+
+        mmr_value = 0;
+        entry = (struct uv_IO_APIC_route_entry *)&mmr_value;
+
+        entry->vector           = cfg->vector;
+        entry->delivery_mode    = apic->irq_delivery_mode;
+        entry->dest_mode        = apic->irq_dest_mode;
+        entry->polarity         = 0;
+        entry->trigger          = 0;
+        entry->mask             = 0;
+        entry->dest             = dest;
+
+        /* Get previously stored MMR and pnode of hub sourcing interrupts */
+        if (uv_irq_2_mmr_info(irq, &mmr_offset, &mmr_pnode))
+                return -1;
+
+        uv_write_global_mmr64(mmr_pnode, mmr_offset, mmr_value);
+
+        if (cfg->move_in_progress)
+                send_cleanup_vector(cfg);
+
+        return 0;
+}
+
+/*
  * Set up a mapping of an available irq and vector, and enable the specified
  * MMR that defines the MSI that is to be sent to the specified CPU when an
  * interrupt is raised.
  */
 int uv_setup_irq(char *irq_name, int cpu, int mmr_blade,
-                 unsigned long mmr_offset)
+                 unsigned long mmr_offset, int restrict)
 {
-        int irq;
-        int ret;
+        int irq, ret;
+
+        irq = create_irq_nr(NR_IRQS_LEGACY, uv_blade_to_memory_nid(mmr_blade));
 
-        irq = create_irq();
         if (irq <= 0)
                 return -EBUSY;
 
-        ret = arch_enable_uv_irq(irq_name, irq, cpu, mmr_blade, mmr_offset);
-        if (ret != irq)
+        ret = arch_enable_uv_irq(irq_name, irq, cpu, mmr_blade, mmr_offset,
+                restrict);
+        if (ret == irq)
+                uv_set_irq_2_mmr_info(irq, mmr_offset, mmr_blade);
+        else
                 destroy_irq(irq);
 
         return ret;
@@ -71,9 +274,28 @@ EXPORT_SYMBOL_GPL(uv_setup_irq);
  *
  * Set mmr_blade and mmr_offset to what was passed in on uv_setup_irq().
  */
-void uv_teardown_irq(unsigned int irq, int mmr_blade, unsigned long mmr_offset)
+void uv_teardown_irq(unsigned int irq)
 {
-        arch_disable_uv_irq(mmr_blade, mmr_offset);
+        struct uv_irq_2_mmr_pnode *e;
+        struct rb_node *n;
+        unsigned long irqflags;
+
+        spin_lock_irqsave(&uv_irq_lock, irqflags);
+        n = uv_irq_root.rb_node;
+        while (n) {
+                e = rb_entry(n, struct uv_irq_2_mmr_pnode, list);
+                if (e->irq == irq) {
+                        arch_disable_uv_irq(e->pnode, e->offset);
+                        rb_erase(n, &uv_irq_root);
+                        kfree(e);
+                        break;
+                }
+                if (irq < e->irq)
+                        n = n->rb_left;
+                else
+                        n = n->rb_right;
+        }
+        spin_unlock_irqrestore(&uv_irq_lock, irqflags);
         destroy_irq(irq);
 }
 EXPORT_SYMBOL_GPL(uv_teardown_irq);
diff --git a/arch/x86/kernel/uv_time.c b/arch/x86/kernel/uv_time.c
index 583f11d5c480..3c84aa001c11 100644
--- a/arch/x86/kernel/uv_time.c
+++ b/arch/x86/kernel/uv_time.c
@@ -74,7 +74,7 @@ struct uv_rtc_timer_head {
  */
 static struct uv_rtc_timer_head         **blade_info __read_mostly;
 
-static int                              uv_rtc_enable;
+static int                              uv_rtc_evt_enable;
 
 /*
  * Hardware interface routines
@@ -90,7 +90,7 @@ static void uv_rtc_send_IPI(int cpu)
         pnode = uv_apicid_to_pnode(apicid);
         val = (1UL << UVH_IPI_INT_SEND_SHFT) |
               (apicid << UVH_IPI_INT_APIC_ID_SHFT) |
-              (GENERIC_INTERRUPT_VECTOR << UVH_IPI_INT_VECTOR_SHFT);
+              (X86_PLATFORM_IPI_VECTOR << UVH_IPI_INT_VECTOR_SHFT);
 
         uv_write_global_mmr64(pnode, UVH_IPI_INT, val);
 }
@@ -115,7 +115,7 @@ static int uv_setup_intr(int cpu, u64 expires)
         uv_write_global_mmr64(pnode, UVH_EVENT_OCCURRED0_ALIAS,
                 UVH_EVENT_OCCURRED0_RTC1_MASK);
 
-        val = (GENERIC_INTERRUPT_VECTOR << UVH_RTC1_INT_CONFIG_VECTOR_SHFT) |
+        val = (X86_PLATFORM_IPI_VECTOR << UVH_RTC1_INT_CONFIG_VECTOR_SHFT) |
                 ((u64)cpu_physical_id(cpu) << UVH_RTC1_INT_CONFIG_APIC_ID_SHFT);
 
         /* Set configuration */
@@ -123,7 +123,10 @@ static int uv_setup_intr(int cpu, u64 expires)
         /* Initialize comparator value */
         uv_write_global_mmr64(pnode, UVH_INT_CMPB, expires);
 
-        return (expires < uv_read_rtc(NULL) && !uv_intr_pending(pnode));
+        if (uv_read_rtc(NULL) <= expires)
+                return 0;
+
+        return !uv_intr_pending(pnode);
 }
 
 /*
@@ -223,6 +226,7 @@ static int uv_rtc_set_timer(int cpu, u64 expires)
 
         next_cpu = head->next_cpu;
         *t = expires;
+
         /* Will this one be next to go off? */
         if (next_cpu < 0 || bcpu == next_cpu ||
                         expires < head->cpu[next_cpu].expires) {
@@ -231,7 +235,7 @@ static int uv_rtc_set_timer(int cpu, u64 expires)
                         *t = ULLONG_MAX;
                         uv_rtc_find_next_timer(head, pnode);
                         spin_unlock_irqrestore(&head->lock, flags);
-                        return 1;
+                        return -ETIME;
                 }
         }
 
@@ -244,7 +248,7 @@ static int uv_rtc_set_timer(int cpu, u64 expires)
  *
  * Returns 1 if this timer was pending.
  */
-static int uv_rtc_unset_timer(int cpu)
+static int uv_rtc_unset_timer(int cpu, int force)
 {
         int pnode = uv_cpu_to_pnode(cpu);
         int bid = uv_cpu_to_blade_id(cpu);
@@ -256,14 +260,15 @@ static int uv_rtc_unset_timer(int cpu)
 
         spin_lock_irqsave(&head->lock, flags);
 
-        if (head->next_cpu == bcpu && uv_read_rtc(NULL) >= *t)
+        if ((head->next_cpu == bcpu && uv_read_rtc(NULL) >= *t) || force)
                 rc = 1;
 
-        *t = ULLONG_MAX;
-
-        /* Was the hardware setup for this timer? */
-        if (head->next_cpu == bcpu)
-                uv_rtc_find_next_timer(head, pnode);
+        if (rc) {
+                *t = ULLONG_MAX;
+                /* Was the hardware setup for this timer? */
+                if (head->next_cpu == bcpu)
+                        uv_rtc_find_next_timer(head, pnode);
+        }
 
         spin_unlock_irqrestore(&head->lock, flags);
 
@@ -310,32 +315,32 @@ static void uv_rtc_timer_setup(enum clock_event_mode mode,
                 break;
         case CLOCK_EVT_MODE_UNUSED:
         case CLOCK_EVT_MODE_SHUTDOWN:
-                uv_rtc_unset_timer(ced_cpu);
+                uv_rtc_unset_timer(ced_cpu, 1);
                 break;
         }
 }
 
 static void uv_rtc_interrupt(void)
 {
-        struct clock_event_device *ced = &__get_cpu_var(cpu_ced);
         int cpu = smp_processor_id();
+        struct clock_event_device *ced = &per_cpu(cpu_ced, cpu);
 
         if (!ced || !ced->event_handler)
                 return;
 
-        if (uv_rtc_unset_timer(cpu) != 1)
+        if (uv_rtc_unset_timer(cpu, 0) != 1)
                 return;
 
         ced->event_handler(ced);
 }
 
-static int __init uv_enable_rtc(char *str)
+static int __init uv_enable_evt_rtc(char *str)
 {
-        uv_rtc_enable = 1;
+        uv_rtc_evt_enable = 1;
 
         return 1;
 }
-__setup("uvrtc", uv_enable_rtc);
+__setup("uvrtcevt", uv_enable_evt_rtc);
 
 static __init void uv_rtc_register_clockevents(struct work_struct *dummy)
 {
@@ -350,27 +355,32 @@ static __init int uv_rtc_setup_clock(void)
 {
         int rc;
 
-        if (!uv_rtc_enable || !is_uv_system() || generic_interrupt_extension)
+        if (!is_uv_system())
                 return -ENODEV;
 
-        generic_interrupt_extension = uv_rtc_interrupt;
-
         clocksource_uv.mult = clocksource_hz2mult(sn_rtc_cycles_per_second,
                                 clocksource_uv.shift);
 
+        /* If single blade, prefer tsc */
+        if (uv_num_possible_blades() == 1)
+                clocksource_uv.rating = 250;
+
         rc = clocksource_register(&clocksource_uv);
-        if (rc) {
-                generic_interrupt_extension = NULL;
+        if (rc)
+                printk(KERN_INFO "UV RTC clocksource failed rc %d\n", rc);
+        else
+                printk(KERN_INFO "UV RTC clocksource registered freq %lu MHz\n",
+                        sn_rtc_cycles_per_second/(unsigned long)1E6);
+
+        if (rc || !uv_rtc_evt_enable || x86_platform_ipi_callback)
                 return rc;
-        }
 
         /* Setup and register clockevents */
         rc = uv_rtc_allocate_timers();
-        if (rc) {
-                clocksource_unregister(&clocksource_uv);
-                generic_interrupt_extension = NULL;
-                return rc;
-        }
+        if (rc)
+                goto error;
+
+        x86_platform_ipi_callback = uv_rtc_interrupt;
 
         clock_event_device_uv.mult = div_sc(sn_rtc_cycles_per_second,
                                 NSEC_PER_SEC, clock_event_device_uv.shift);
@@ -383,11 +393,19 @@ static __init int uv_rtc_setup_clock(void)
 
         rc = schedule_on_each_cpu(uv_rtc_register_clockevents);
         if (rc) {
-                clocksource_unregister(&clocksource_uv);
-                generic_interrupt_extension = NULL;
+                x86_platform_ipi_callback = NULL;
                 uv_rtc_deallocate_timers();
+                goto error;
         }
 
+        printk(KERN_INFO "UV RTC clockevents registered\n");
+
+        return 0;
+
+error:
+        clocksource_unregister(&clocksource_uv);
+        printk(KERN_INFO "UV RTC clockevents failed rc %d\n", rc);
+
         return rc;
 }
 arch_initcall(uv_rtc_setup_clock);
diff --git a/arch/x86/kernel/visws_quirks.c b/arch/x86/kernel/visws_quirks.c
index f068553a1b17..34a279a7471d 100644
--- a/arch/x86/kernel/visws_quirks.c
+++ b/arch/x86/kernel/visws_quirks.c
@@ -183,7 +183,7 @@ static void __init MP_processor_info(struct mpc_cpu *m)
                 return;
         }
 
-        apic_cpus = apic->apicid_to_cpu_present(m->apicid);
+        apic->apicid_to_cpu_present(m->apicid, &apic_cpus);
         physids_or(phys_cpu_present_map, phys_cpu_present_map, apic_cpus);
         /*
          * Validate version
@@ -197,7 +197,7 @@ static void __init MP_processor_info(struct mpc_cpu *m)
         apic_version[m->apicid] = ver;
 }
 
-static void __init visws_find_smp_config(unsigned int reserve)
+static void __init visws_find_smp_config(void)
 {
         struct mpc_cpu *mp = phys_to_virt(CO_CPU_TAB_PHYS);
         unsigned short ncpus = readw(phys_to_virt(CO_CPU_NUM_PHYS));
@@ -486,7 +486,7 @@ static void end_cobalt_irq(unsigned int irq)
 }
 
 static struct irq_chip cobalt_irq_type = {
-        .typename =     "Cobalt-APIC",
+        .name =         "Cobalt-APIC",
         .startup =      startup_cobalt_irq,
         .shutdown =     disable_cobalt_irq,
         .enable =       enable_cobalt_irq,
@@ -523,7 +523,7 @@ static void end_piix4_master_irq(unsigned int irq)
 }
 
 static struct irq_chip piix4_master_irq_type = {
-        .typename =     "PIIX4-master",
+        .name =         "PIIX4-master",
         .startup =      startup_piix4_master_irq,
         .ack =          ack_cobalt_irq,
         .end =          end_piix4_master_irq,
@@ -531,7 +531,7 @@ static struct irq_chip piix4_master_irq_type = {
 
 
 static struct irq_chip piix4_virtual_irq_type = {
-        .typename =     "PIIX4-virtual",
+        .name =         "PIIX4-virtual",
         .shutdown =     disable_8259A_irq,
         .enable =       enable_8259A_irq,
         .disable =      disable_8259A_irq,
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
index 9c4e62539058..5ffb5622f793 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -197,9 +197,8 @@ out:
 static int do_vm86_irq_handling(int subfunction, int irqnumber);
 static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk);
 
-int sys_vm86old(struct pt_regs *regs)
+int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs)
 {
-        struct vm86_struct __user *v86 = (struct vm86_struct __user *)regs->bx;
         struct kernel_vm86_struct info; /* declare this _on top_,
                                          * this avoids wasting of stack space.
                                          * This remains on the stack until we
@@ -227,7 +226,7 @@ out:
 }
 
 
-int sys_vm86(struct pt_regs *regs)
+int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs)
 {
         struct kernel_vm86_struct info; /* declare this _on top_,
                                          * this avoids wasting of stack space.
@@ -239,12 +238,12 @@ int sys_vm86(struct pt_regs *regs)
         struct vm86plus_struct __user *v86;
 
         tsk = current;
-        switch (regs->bx) {
+        switch (cmd) {
         case VM86_REQUEST_IRQ:
         case VM86_FREE_IRQ:
         case VM86_GET_IRQ_BITS:
         case VM86_GET_AND_RESET_IRQ:
-                ret = do_vm86_irq_handling(regs->bx, (int)regs->cx);
+                ret = do_vm86_irq_handling(cmd, (int)arg);
                 goto out;
         case VM86_PLUS_INSTALL_CHECK:
                 /*
@@ -261,7 +260,7 @@ int sys_vm86(struct pt_regs *regs)
         ret = -EPERM;
         if (tsk->thread.saved_sp0)
                 goto out;
-        v86 = (struct vm86plus_struct __user *)regs->cx;
+        v86 = (struct vm86plus_struct __user *)arg;
         tmp = copy_vm86_regs_from_user(&info.regs, &v86->regs,
                                        offsetof(struct kernel_vm86_struct, regs32) -
                                        sizeof(info.regs));
diff --git a/arch/x86/kernel/vmi_32.c b/arch/x86/kernel/vmi_32.c
index 31e6f6cfe53e..d430e4c30193 100644
--- a/arch/x86/kernel/vmi_32.c
+++ b/arch/x86/kernel/vmi_32.c
@@ -648,7 +648,7 @@ static inline int __init activate_vmi(void)
 
         pv_info.paravirt_enabled = 1;
         pv_info.kernel_rpl = kernel_cs & SEGMENT_RPL_MASK;
-        pv_info.name = "vmi";
+        pv_info.name = "vmi [deprecated]";
 
         pv_init_ops.patch = vmi_patch;
 
diff --git a/arch/x86/kernel/vmiclock_32.c b/arch/x86/kernel/vmiclock_32.c
index 611b9e2360d3..74c92bb194df 100644
--- a/arch/x86/kernel/vmiclock_32.c
+++ b/arch/x86/kernel/vmiclock_32.c
@@ -226,7 +226,7 @@ static void __devinit vmi_time_init_clockevent(void)
         evt->min_delta_ns = clockevent_delta2ns(1, evt);
         evt->cpumask = cpumask_of(cpu);
 
-        printk(KERN_WARNING "vmi: registering clock event %s. mult=%lu shift=%u\n",
+        printk(KERN_WARNING "vmi: registering clock event %s. mult=%u shift=%u\n",
                evt->name, evt->mult, evt->shift);
         clockevents_register_device(evt);
 }
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index ecb92717c412..44879df55696 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -41,6 +41,32 @@ ENTRY(phys_startup_64)
 jiffies_64 = jiffies;
 #endif
 
+#if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
+/*
+ * On 64-bit, align RODATA to 2MB so that even with CONFIG_DEBUG_RODATA
+ * we retain large page mappings for boundaries spanning kernel text, rodata
+ * and data sections.
+ *
+ * However, kernel identity mappings will have different RWX permissions
+ * to the pages mapping to text and to the pages padding (which are freed) the
+ * text section. Hence kernel identity mappings will be broken to smaller
+ * pages. For 64-bit, kernel text and kernel identity mappings are different,
+ * so we can enable protection checks that come with CONFIG_DEBUG_RODATA,
+ * as well as retain 2MB large page mappings for kernel text.
+ */
+#define X64_ALIGN_DEBUG_RODATA_BEGIN    . = ALIGN(HPAGE_SIZE);
+
+#define X64_ALIGN_DEBUG_RODATA_END                              \
+                . = ALIGN(HPAGE_SIZE);                          \
+                __end_rodata_hpage_align = .;
+
+#else
+
+#define X64_ALIGN_DEBUG_RODATA_BEGIN
+#define X64_ALIGN_DEBUG_RODATA_END
+
+#endif
+
 PHDRS {
         text PT_LOAD FLAGS(5);          /* R_E */
         data PT_LOAD FLAGS(7);          /* RWE */
@@ -90,7 +116,9 @@ SECTIONS
 
         EXCEPTION_TABLE(16) :text = 0x9090
 
+        X64_ALIGN_DEBUG_RODATA_BEGIN
         RO_DATA(PAGE_SIZE)
+        X64_ALIGN_DEBUG_RODATA_END
 
         /* Data */
         .data : AT(ADDR(.data) - LOAD_OFFSET) {
@@ -107,13 +135,13 @@ SECTIONS
 
                 PAGE_ALIGNED_DATA(PAGE_SIZE)
 
-                CACHELINE_ALIGNED_DATA(CONFIG_X86_L1_CACHE_BYTES)
+                CACHELINE_ALIGNED_DATA(L1_CACHE_BYTES)
 
                 DATA_DATA
                 CONSTRUCTORS
 
                 /* rarely changed data like cpu maps */
-                READ_MOSTLY_DATA(CONFIG_X86_INTERNODE_CACHE_BYTES)
+                READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES)
 
                 /* End of data section */
                 _edata = .;
@@ -137,12 +165,12 @@ SECTIONS
                 *(.vsyscall_0)
         } :user
 
-        . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+        . = ALIGN(L1_CACHE_BYTES);
         .vsyscall_fn : AT(VLOAD(.vsyscall_fn)) {
                 *(.vsyscall_fn)
         }
 
-        . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+        . = ALIGN(L1_CACHE_BYTES);
         .vsyscall_gtod_data : AT(VLOAD(.vsyscall_gtod_data)) {
                 *(.vsyscall_gtod_data)
         }
@@ -166,7 +194,7 @@ SECTIONS
         }
         vgetcpu_mode = VVIRT(.vgetcpu_mode);
 
-        . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+        . = ALIGN(L1_CACHE_BYTES);
         .jiffies : AT(VLOAD(.jiffies)) {
                 *(.jiffies)
         }
@@ -291,9 +319,7 @@ SECTIONS
                 __brk_limit = .;
         }
 
-        .end : AT(ADDR(.end) - LOAD_OFFSET) {
-                _end = .;
-        }
+        _end = .;
 
         STABS_DEBUG
         DWARF_DEBUG
@@ -305,6 +331,9 @@ SECTIONS
 
 
 #ifdef CONFIG_X86_32
+/*
+ * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility:
+ */
 . = ASSERT((_end - LOAD_OFFSET <= KERNEL_IMAGE_SIZE),
            "kernel image bigger than KERNEL_IMAGE_SIZE");
 #else
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 8cb4974ff599..9055e5872ff0 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -73,7 +73,8 @@ void update_vsyscall_tz(void)
         write_sequnlock_irqrestore(&vsyscall_gtod_data.lock, flags);
 }
 
-void update_vsyscall(struct timespec *wall_time, struct clocksource *clock)
+void update_vsyscall(struct timespec *wall_time, struct clocksource *clock,
+                     u32 mult)
 {
         unsigned long flags;
 
@@ -82,7 +83,7 @@ void update_vsyscall(struct timespec *wall_time, struct clocksource *clock)
         vsyscall_gtod_data.clock.vread = clock->vread;
         vsyscall_gtod_data.clock.cycle_last = clock->cycle_last;
         vsyscall_gtod_data.clock.mask = clock->mask;
-        vsyscall_gtod_data.clock.mult = clock->mult;
+        vsyscall_gtod_data.clock.mult = mult;
         vsyscall_gtod_data.clock.shift = clock->shift;
         vsyscall_gtod_data.wall_time_sec = wall_time->tv_sec;
         vsyscall_gtod_data.wall_time_nsec = wall_time->tv_nsec;
@@ -237,7 +238,7 @@ static ctl_table kernel_table2[] = {
 };
 
 static ctl_table kernel_root_table2[] = {
-        { .ctl_name = CTL_KERN, .procname = "kernel", .mode = 0555,
+        { .procname = "kernel", .mode = 0555,
           .child = kernel_table2 },
         {}
 };
diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c
index 3909e3ba5ce3..619f7f88b8cc 100644
--- a/arch/x86/kernel/x8664_ksyms_64.c
+++ b/arch/x86/kernel/x8664_ksyms_64.c
@@ -17,8 +17,6 @@
 EXPORT_SYMBOL(mcount);
 #endif
 
-EXPORT_SYMBOL(kernel_thread);
-
 EXPORT_SYMBOL(__get_user_1);
 EXPORT_SYMBOL(__get_user_2);
 EXPORT_SYMBOL(__get_user_4);
@@ -30,9 +28,8 @@ EXPORT_SYMBOL(__put_user_8);
 
 EXPORT_SYMBOL(copy_user_generic);
 EXPORT_SYMBOL(__copy_user_nocache);
-EXPORT_SYMBOL(copy_from_user);
-EXPORT_SYMBOL(copy_to_user);
-EXPORT_SYMBOL(__copy_from_user_inatomic);
+EXPORT_SYMBOL(_copy_from_user);
+EXPORT_SYMBOL(_copy_to_user);
 
 EXPORT_SYMBOL(copy_page);
 EXPORT_SYMBOL(clear_page);
@@ -57,4 +54,6 @@ EXPORT_SYMBOL(__memcpy);
 
 EXPORT_SYMBOL(empty_zero_page);
 EXPORT_SYMBOL(init_level4_pgt);
-EXPORT_SYMBOL(load_gs_index);
+#ifndef CONFIG_PARAVIRT
+EXPORT_SYMBOL(native_load_gs_index);
+#endif
diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
index 4449a4a2c2ed..ccd179dec36e 100644
--- a/arch/x86/kernel/x86_init.c
+++ b/arch/x86/kernel/x86_init.c
@@ -13,11 +13,15 @@
 #include <asm/e820.h>
 #include <asm/time.h>
 #include <asm/irq.h>
+#include <asm/pat.h>
 #include <asm/tsc.h>
+#include <asm/iommu.h>
 
 void __cpuinit x86_init_noop(void) { }
 void __init x86_init_uint_noop(unsigned int unused) { }
 void __init x86_init_pgd_noop(pgd_t *unused) { }
+int __init iommu_init_noop(void) { return 0; }
+void iommu_shutdown_noop(void) { }
 
 /*
  * The platform setup functions are preset with the default functions
@@ -62,6 +66,10 @@ struct x86_init_ops x86_init __initdata = {
                 .tsc_pre_init           = x86_init_noop,
                 .timer_init             = hpet_time_init,
         },
+
+        .iommu = {
+                .iommu_init             = iommu_init_noop,
+        },
 };
 
 struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = {
@@ -72,4 +80,6 @@ struct x86_platform_ops x86_platform = {
         .calibrate_tsc                  = native_calibrate_tsc,
         .get_wallclock                  = mach_get_cmos_time,
         .set_wallclock                  = mach_set_rtc_mmss,
+        .iommu_shutdown                 = iommu_shutdown_noop,
+        .is_untracked_pat_range         = is_ISA_range,
 };
diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index b84e571f4175..4cd498332466 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -28,6 +28,7 @@ config KVM
         select HAVE_KVM_IRQCHIP
         select HAVE_KVM_EVENTFD
         select KVM_APIC_ARCHITECTURE
+        select USER_RETURN_NOTIFIER
         ---help---
           Support hosting fully virtualized guest machines using hardware
           virtualization extensions.  You will need a fairly recent
diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
index 0e7fe78d0f74..31a7035c4bd9 100644
--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -6,7 +6,8 @@ CFLAGS_svm.o := -I.
 CFLAGS_vmx.o := -I.
 
 kvm-y                   += $(addprefix ../../../virt/kvm/, kvm_main.o ioapic.o \
-                                coalesced_mmio.o irq_comm.o eventfd.o)
+                                coalesced_mmio.o irq_comm.o eventfd.o \
+                                assigned-dev.o)
 kvm-$(CONFIG_IOMMU_API) += $(addprefix ../../../virt/kvm/, iommu.o)
 
 kvm-y                   += x86.o mmu.o emulate.o i8259.o irq.o lapic.o \
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 1be5cd640e93..7e8faea4651e 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -75,6 +75,8 @@
 #define Group       (1<<14)     /* Bits 3:5 of modrm byte extend opcode */
 #define GroupDual   (1<<15)     /* Alternate decoding of mod == 3 */
 #define GroupMask   0xff        /* Group number stored in bits 0:7 */
+/* Misc flags */
+#define No64        (1<<28)
 /* Source 2 operand type */
 #define Src2None    (0<<29)
 #define Src2CL      (1<<29)
@@ -92,19 +94,23 @@ static u32 opcode_table[256] = {
         /* 0x00 - 0x07 */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
+        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
+        ImplicitOps | Stack | No64, ImplicitOps | Stack | No64,
         /* 0x08 - 0x0F */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        0, 0, 0, 0,
+        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
+        ImplicitOps | Stack | No64, 0,
         /* 0x10 - 0x17 */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
+        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
+        ImplicitOps | Stack | No64, ImplicitOps | Stack | No64,
         /* 0x18 - 0x1F */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
+        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
+        ImplicitOps | Stack | No64, ImplicitOps | Stack | No64,
         /* 0x20 - 0x27 */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
@@ -133,7 +139,8 @@ static u32 opcode_table[256] = {
         DstReg | Stack, DstReg | Stack, DstReg | Stack, DstReg | Stack,
         DstReg | Stack, DstReg | Stack, DstReg | Stack, DstReg | Stack,
         /* 0x60 - 0x67 */
-        0, 0, 0, DstReg | SrcMem32 | ModRM | Mov /* movsxd (x86/64) */ ,
+        ImplicitOps | Stack | No64, ImplicitOps | Stack | No64,
+        0, DstReg | SrcMem32 | ModRM | Mov /* movsxd (x86/64) */ ,
         0, 0, 0, 0,
         /* 0x68 - 0x6F */
         SrcImm | Mov | Stack, 0, SrcImmByte | Mov | Stack, 0,
@@ -158,7 +165,7 @@ static u32 opcode_table[256] = {
         /* 0x90 - 0x97 */
         DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
         /* 0x98 - 0x9F */
-        0, 0, SrcImm | Src2Imm16, 0,
+        0, 0, SrcImm | Src2Imm16 | No64, 0,
         ImplicitOps | Stack, ImplicitOps | Stack, 0, 0,
         /* 0xA0 - 0xA7 */
         ByteOp | DstReg | SrcMem | Mov | MemAbs, DstReg | SrcMem | Mov | MemAbs,
@@ -185,7 +192,7 @@ static u32 opcode_table[256] = {
         ByteOp | DstMem | SrcImm | ModRM | Mov, DstMem | SrcImm | ModRM | Mov,
         /* 0xC8 - 0xCF */
         0, 0, 0, ImplicitOps | Stack,
-        ImplicitOps, SrcImmByte, ImplicitOps, ImplicitOps,
+        ImplicitOps, SrcImmByte, ImplicitOps | No64, ImplicitOps,
         /* 0xD0 - 0xD7 */
         ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
         ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
@@ -198,7 +205,7 @@ static u32 opcode_table[256] = {
         ByteOp | SrcImmUByte, SrcImmUByte,
         /* 0xE8 - 0xEF */
         SrcImm | Stack, SrcImm | ImplicitOps,
-        SrcImmU | Src2Imm16, SrcImmByte | ImplicitOps,
+        SrcImmU | Src2Imm16 | No64, SrcImmByte | ImplicitOps,
         SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
         SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
         /* 0xF0 - 0xF7 */
@@ -244,11 +251,13 @@ static u32 twobyte_table[256] = {
         /* 0x90 - 0x9F */
         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
         /* 0xA0 - 0xA7 */
-        0, 0, 0, DstMem | SrcReg | ModRM | BitOp,
+        ImplicitOps | Stack, ImplicitOps | Stack,
+        0, DstMem | SrcReg | ModRM | BitOp,
         DstMem | SrcReg | Src2ImmByte | ModRM,
         DstMem | SrcReg | Src2CL | ModRM, 0, 0,
         /* 0xA8 - 0xAF */
-        0, 0, 0, DstMem | SrcReg | ModRM | BitOp,
+        ImplicitOps | Stack, ImplicitOps | Stack,
+        0, DstMem | SrcReg | ModRM | BitOp,
         DstMem | SrcReg | Src2ImmByte | ModRM,
         DstMem | SrcReg | Src2CL | ModRM,
         ModRM, 0,
@@ -613,6 +622,9 @@ static int do_insn_fetch(struct x86_emulate_ctxt *ctxt,
 {
         int rc = 0;
 
+        /* x86 instructions are limited to 15 bytes. */
+        if (eip + size - ctxt->decode.eip_orig > 15)
+                return X86EMUL_UNHANDLEABLE;
         eip += ctxt->cs_base;
         while (size--) {
                 rc = do_fetch_insn_byte(ctxt, ops, eip++, dest++);
@@ -871,7 +883,7 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
         /* Shadow copy of register state. Committed on successful emulation. */
 
         memset(c, 0, sizeof(struct decode_cache));
-        c->eip = kvm_rip_read(ctxt->vcpu);
+        c->eip = c->eip_orig = kvm_rip_read(ctxt->vcpu);
         ctxt->cs_base = seg_base(ctxt, VCPU_SREG_CS);
         memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);
 
@@ -962,6 +974,11 @@ done_prefixes:
                 }
         }
 
+        if (mode == X86EMUL_MODE_PROT64 && (c->d & No64)) {
+                kvm_report_emulation_failure(ctxt->vcpu, "invalid x86/64 instruction");;
+                return -1;
+        }
+
         if (c->d & Group) {
                 group = c->d & GroupMask;
                 c->modrm = insn_fetch(u8, 1, c->eip);
@@ -1186,6 +1203,69 @@ static int emulate_pop(struct x86_emulate_ctxt *ctxt,
         return rc;
 }
 
+static void emulate_push_sreg(struct x86_emulate_ctxt *ctxt, int seg)
+{
+        struct decode_cache *c = &ctxt->decode;
+        struct kvm_segment segment;
+
+        kvm_x86_ops->get_segment(ctxt->vcpu, &segment, seg);
+
+        c->src.val = segment.selector;
+        emulate_push(ctxt);
+}
+
+static int emulate_pop_sreg(struct x86_emulate_ctxt *ctxt,
+                             struct x86_emulate_ops *ops, int seg)
+{
+        struct decode_cache *c = &ctxt->decode;
+        unsigned long selector;
+        int rc;
+
+        rc = emulate_pop(ctxt, ops, &selector, c->op_bytes);
+        if (rc != 0)
+                return rc;
+
+        rc = kvm_load_segment_descriptor(ctxt->vcpu, (u16)selector, 1, seg);
+        return rc;
+}
+
+static void emulate_pusha(struct x86_emulate_ctxt *ctxt)
+{
+        struct decode_cache *c = &ctxt->decode;
+        unsigned long old_esp = c->regs[VCPU_REGS_RSP];
+        int reg = VCPU_REGS_RAX;
+
+        while (reg <= VCPU_REGS_RDI) {
+                (reg == VCPU_REGS_RSP) ?
+                (c->src.val = old_esp) : (c->src.val = c->regs[reg]);
+
+                emulate_push(ctxt);
+                ++reg;
+        }
+}
+
+static int emulate_popa(struct x86_emulate_ctxt *ctxt,
+                        struct x86_emulate_ops *ops)
+{
+        struct decode_cache *c = &ctxt->decode;
+        int rc = 0;
+        int reg = VCPU_REGS_RDI;
+
+        while (reg >= VCPU_REGS_RAX) {
+                if (reg == VCPU_REGS_RSP) {
+                        register_address_increment(c, &c->regs[VCPU_REGS_RSP],
+                                                        c->op_bytes);
+                        --reg;
+                }
+
+                rc = emulate_pop(ctxt, ops, &c->regs[reg], c->op_bytes);
+                if (rc != 0)
+                        break;
+                --reg;
+        }
+        return rc;
+}
+
 static inline int emulate_grp1a(struct x86_emulate_ctxt *ctxt,
                                 struct x86_emulate_ops *ops)
 {
@@ -1707,18 +1787,45 @@ special_insn:
               add:              /* add */
                 emulate_2op_SrcV("add", c->src, c->dst, ctxt->eflags);
                 break;
+        case 0x06:              /* push es */
+                emulate_push_sreg(ctxt, VCPU_SREG_ES);
+                break;
+        case 0x07:              /* pop es */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_ES);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0x08 ... 0x0d:
               or:               /* or */
                 emulate_2op_SrcV("or", c->src, c->dst, ctxt->eflags);
                 break;
+        case 0x0e:              /* push cs */
+                emulate_push_sreg(ctxt, VCPU_SREG_CS);
+                break;
         case 0x10 ... 0x15:
               adc:              /* adc */
                 emulate_2op_SrcV("adc", c->src, c->dst, ctxt->eflags);
                 break;
+        case 0x16:              /* push ss */
+                emulate_push_sreg(ctxt, VCPU_SREG_SS);
+                break;
+        case 0x17:              /* pop ss */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_SS);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0x18 ... 0x1d:
               sbb:              /* sbb */
                 emulate_2op_SrcV("sbb", c->src, c->dst, ctxt->eflags);
                 break;
+        case 0x1e:              /* push ds */
+                emulate_push_sreg(ctxt, VCPU_SREG_DS);
+                break;
+        case 0x1f:              /* pop ds */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_DS);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0x20 ... 0x25:
               and:              /* and */
                 emulate_2op_SrcV("and", c->src, c->dst, ctxt->eflags);
@@ -1750,6 +1857,14 @@ special_insn:
                 if (rc != 0)
                         goto done;
                 break;
+        case 0x60:      /* pusha */
+                emulate_pusha(ctxt);
+                break;
+        case 0x61:      /* popa */
+                rc = emulate_popa(ctxt, ops);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0x63:              /* movsxd */
                 if (ctxt->mode != X86EMUL_MODE_PROT64)
                         goto cannot_emulate;
@@ -1761,7 +1876,7 @@ special_insn:
                 break;
         case 0x6c:              /* insb */
         case 0x6d:              /* insw/insd */
-                 if (kvm_emulate_pio_string(ctxt->vcpu, NULL,
+                 if (kvm_emulate_pio_string(ctxt->vcpu,
                                 1,
                                 (c->d & ByteOp) ? 1 : c->op_bytes,
                                 c->rep_prefix ?
@@ -1777,7 +1892,7 @@ special_insn:
                 return 0;
         case 0x6e:              /* outsb */
         case 0x6f:              /* outsw/outsd */
-                if (kvm_emulate_pio_string(ctxt->vcpu, NULL,
+                if (kvm_emulate_pio_string(ctxt->vcpu,
                                 0,
                                 (c->d & ByteOp) ? 1 : c->op_bytes,
                                 c->rep_prefix ?
@@ -2070,7 +2185,7 @@ special_insn:
         case 0xef: /* out (e/r)ax,dx */
                 port = c->regs[VCPU_REGS_RDX];
                 io_dir_in = 0;
-        do_io:  if (kvm_emulate_pio(ctxt->vcpu, NULL, io_dir_in,
+        do_io:  if (kvm_emulate_pio(ctxt->vcpu, io_dir_in,
                                    (c->d & ByteOp) ? 1 : c->op_bytes,
                                    port) != 0) {
                         c->eip = saved_eip;
@@ -2297,6 +2412,14 @@ twobyte_insn:
                         jmp_rel(c, c->src.val);
                 c->dst.type = OP_NONE;
                 break;
+        case 0xa0:        /* push fs */
+                emulate_push_sreg(ctxt, VCPU_SREG_FS);
+                break;
+        case 0xa1:       /* pop fs */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_FS);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0xa3:
               bt:               /* bt */
                 c->dst.type = OP_NONE;
@@ -2308,6 +2431,14 @@ twobyte_insn:
         case 0xa5: /* shld cl, r, r/m */
                 emulate_2op_cl("shld", c->src2, c->src, c->dst, ctxt->eflags);
                 break;
+        case 0xa8:      /* push gs */
+                emulate_push_sreg(ctxt, VCPU_SREG_GS);
+                break;
+        case 0xa9:      /* pop gs */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_GS);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0xab:
               bts:              /* bts */
                 /* only subword offset */
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index 82ad523b4901..296aba49472a 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -29,6 +29,8 @@
  *   Based on QEMU and Xen.
  */
 
+#define pr_fmt(fmt) "pit: " fmt
+
 #include <linux/kvm_host.h>
 
 #include "irq.h"
@@ -116,7 +118,7 @@ static s64 __kpit_elapsed(struct kvm *kvm)
          * itself with the initial count and continues counting
          * from there.
          */
-        remaining = hrtimer_expires_remaining(&ps->pit_timer.timer);
+        remaining = hrtimer_get_remaining(&ps->pit_timer.timer);
         elapsed = ps->pit_timer.period - ktime_to_ns(remaining);
         elapsed = mod_64(elapsed, ps->pit_timer.period);
 
@@ -262,7 +264,7 @@ void __kvm_migrate_pit_timer(struct kvm_vcpu *vcpu)
 
 static void destroy_pit_timer(struct kvm_timer *pt)
 {
-        pr_debug("pit: execute del timer!\n");
+        pr_debug("execute del timer!\n");
         hrtimer_cancel(&pt->timer);
 }
 
@@ -284,7 +286,7 @@ static void create_pit_timer(struct kvm_kpit_state *ps, u32 val, int is_period)
 
         interval = muldiv64(val, NSEC_PER_SEC, KVM_PIT_FREQ);
 
-        pr_debug("pit: create pit timer, interval is %llu nsec\n", interval);
+        pr_debug("create pit timer, interval is %llu nsec\n", interval);
 
         /* TODO The new value only affected after the retriggered */
         hrtimer_cancel(&pt->timer);
@@ -309,7 +311,7 @@ static void pit_load_count(struct kvm *kvm, int channel, u32 val)
 
         WARN_ON(!mutex_is_locked(&ps->lock));
 
-        pr_debug("pit: load_count val is %d, channel is %d\n", val, channel);
+        pr_debug("load_count val is %d, channel is %d\n", val, channel);
 
         /*
          * The largest possible initial count is 0; this is equivalent
@@ -395,8 +397,8 @@ static int pit_ioport_write(struct kvm_io_device *this,
         mutex_lock(&pit_state->lock);
 
         if (val != 0)
-                pr_debug("pit: write addr is 0x%x, len is %d, val is 0x%x\n",
-                          (unsigned int)addr, len, val);
+                pr_debug("write addr is 0x%x, len is %d, val is 0x%x\n",
+                         (unsigned int)addr, len, val);
 
         if (addr == 3) {
                 channel = val >> 6;
@@ -688,10 +690,8 @@ static void __inject_pit_timer_intr(struct kvm *kvm)
         struct kvm_vcpu *vcpu;
         int i;
 
-        mutex_lock(&kvm->irq_lock);
         kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 1);
         kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 0);
-        mutex_unlock(&kvm->irq_lock);
 
         /*
          * Provides NMI watchdog support via Virtual Wire mode.
diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
index 01f151682802..d057c0cbd245 100644
--- a/arch/x86/kvm/i8259.c
+++ b/arch/x86/kvm/i8259.c
@@ -38,7 +38,15 @@ static void pic_clear_isr(struct kvm_kpic_state *s, int irq)
         s->isr_ack |= (1 << irq);
         if (s != &s->pics_state->pics[0])
                 irq += 8;
+        /*
+         * We are dropping lock while calling ack notifiers since ack
+         * notifier callbacks for assigned devices call into PIC recursively.
+         * Other interrupt may be delivered to PIC while lock is dropped but
+         * it should be safe since PIC state is already updated at this stage.
+         */
+        spin_unlock(&s->pics_state->lock);
         kvm_notify_acked_irq(s->pics_state->kvm, SELECT_PIC(irq), irq);
+        spin_lock(&s->pics_state->lock);
 }
 
 void kvm_pic_clear_isr_ack(struct kvm *kvm)
@@ -176,16 +184,18 @@ int kvm_pic_set_irq(void *opaque, int irq, int level)
 static inline void pic_intack(struct kvm_kpic_state *s, int irq)
 {
         s->isr |= 1 << irq;
-        if (s->auto_eoi) {
-                if (s->rotate_on_auto_eoi)
-                        s->priority_add = (irq + 1) & 7;
-                pic_clear_isr(s, irq);
-        }
         /*
          * We don't clear a level sensitive interrupt here
          */
         if (!(s->elcr & (1 << irq)))
                 s->irr &= ~(1 << irq);
+
+        if (s->auto_eoi) {
+                if (s->rotate_on_auto_eoi)
+                        s->priority_add = (irq + 1) & 7;
+                pic_clear_isr(s, irq);
+        }
+
 }
 
 int kvm_pic_read_irq(struct kvm *kvm)
@@ -225,22 +235,11 @@ int kvm_pic_read_irq(struct kvm *kvm)
 
 void kvm_pic_reset(struct kvm_kpic_state *s)
 {
-        int irq, irqbase, n;
+        int irq;
         struct kvm *kvm = s->pics_state->irq_request_opaque;
         struct kvm_vcpu *vcpu0 = kvm->bsp_vcpu;
+        u8 irr = s->irr, isr = s->imr;
 
-        if (s == &s->pics_state->pics[0])
-                irqbase = 0;
-        else
-                irqbase = 8;
-
-        for (irq = 0; irq < PIC_NUM_PINS/2; irq++) {
-                if (vcpu0 && kvm_apic_accept_pic_intr(vcpu0))
-                        if (s->irr & (1 << irq) || s->isr & (1 << irq)) {
-                                n = irq + irqbase;
-                                kvm_notify_acked_irq(kvm, SELECT_PIC(n), n);
-                        }
-        }
         s->last_irr = 0;
         s->irr = 0;
         s->imr = 0;
@@ -256,6 +255,13 @@ void kvm_pic_reset(struct kvm_kpic_state *s)
         s->rotate_on_auto_eoi = 0;
         s->special_fully_nested_mode = 0;
         s->init4 = 0;
+
+        for (irq = 0; irq < PIC_NUM_PINS/2; irq++) {
+                if (vcpu0 && kvm_apic_accept_pic_intr(vcpu0))
+                        if (irr & (1 << irq) || isr & (1 << irq)) {
+                                pic_clear_isr(s, irq);
+                        }
+        }
 }
 
 static void pic_ioport_write(void *opaque, u32 addr, u32 val)
@@ -298,9 +304,9 @@ static void pic_ioport_write(void *opaque, u32 addr, u32 val)
                                 priority = get_priority(s, s->isr);
                                 if (priority != 8) {
                                         irq = (priority + s->priority_add) & 7;
-                                        pic_clear_isr(s, irq);
                                         if (cmd == 5)
                                                 s->priority_add = (irq + 1) & 7;
+                                        pic_clear_isr(s, irq);
                                         pic_update_irq(s->pics_state);
                                 }
                                 break;
diff --git a/arch/x86/kvm/irq.h b/arch/x86/kvm/irq.h
index 7d6058a2fd38..be399e207d57 100644
--- a/arch/x86/kvm/irq.h
+++ b/arch/x86/kvm/irq.h
@@ -71,6 +71,7 @@ struct kvm_pic {
         int output;             /* intr from master PIC */
         struct kvm_io_device dev;
         void (*ack_notifier)(void *opaque, int irq);
+        unsigned long irq_states[16];
 };
 
 struct kvm_pic *kvm_create_pic(struct kvm *kvm);
@@ -85,7 +86,11 @@ static inline struct kvm_pic *pic_irqchip(struct kvm *kvm)
 
 static inline int irqchip_in_kernel(struct kvm *kvm)
 {
-        return pic_irqchip(kvm) != NULL;
+        int ret;
+
+        ret = (pic_irqchip(kvm) != NULL);
+        smp_rmb();
+        return ret;
 }
 
 void kvm_pic_reset(struct kvm_kpic_state *s);
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 1ae5ceba7eb2..3063a0c4858b 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -32,7 +32,6 @@
 #include <asm/current.h>
 #include <asm/apicdef.h>
 #include <asm/atomic.h>
-#include <asm/apicdef.h>
 #include "kvm_cache_regs.h"
 #include "irq.h"
 #include "trace.h"
@@ -471,11 +470,8 @@ static void apic_set_eoi(struct kvm_lapic *apic)
                 trigger_mode = IOAPIC_LEVEL_TRIG;
         else
                 trigger_mode = IOAPIC_EDGE_TRIG;
-        if (!(apic_get_reg(apic, APIC_SPIV) & APIC_SPIV_DIRECTED_EOI)) {
-                mutex_lock(&apic->vcpu->kvm->irq_lock);
+        if (!(apic_get_reg(apic, APIC_SPIV) & APIC_SPIV_DIRECTED_EOI))
                 kvm_ioapic_update_eoi(apic->vcpu->kvm, vector, trigger_mode);
-                mutex_unlock(&apic->vcpu->kvm->irq_lock);
-        }
 }
 
 static void apic_send_ipi(struct kvm_lapic *apic)
@@ -504,9 +500,7 @@ static void apic_send_ipi(struct kvm_lapic *apic)
                    irq.trig_mode, irq.level, irq.dest_mode, irq.delivery_mode,
                    irq.vector);
 
-        mutex_lock(&apic->vcpu->kvm->irq_lock);
         kvm_irq_delivery_to_apic(apic->vcpu->kvm, apic, &irq);
-        mutex_unlock(&apic->vcpu->kvm->irq_lock);
 }
 
 static u32 apic_get_tmcct(struct kvm_lapic *apic)
@@ -521,7 +515,7 @@ static u32 apic_get_tmcct(struct kvm_lapic *apic)
         if (apic_get_reg(apic, APIC_TMICT) == 0)
                 return 0;
 
-        remaining = hrtimer_expires_remaining(&apic->lapic_timer.timer);
+        remaining = hrtimer_get_remaining(&apic->lapic_timer.timer);
         if (ktime_to_ns(remaining) < 0)
                 remaining = ktime_set(0, 0);
 
@@ -664,7 +658,7 @@ static void start_apic_timer(struct kvm_lapic *apic)
 {
         ktime_t now = apic->lapic_timer.timer.base->get_time();
 
-        apic->lapic_timer.period = apic_get_reg(apic, APIC_TMICT) *
+        apic->lapic_timer.period = (u64)apic_get_reg(apic, APIC_TMICT) *
                     APIC_BUS_CYCLE_NS * apic->divide_count;
         atomic_set(&apic->lapic_timer.pending, 0);
 
@@ -1156,6 +1150,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu)
         hrtimer_cancel(&apic->lapic_timer.timer);
         update_divide_count(apic);
         start_apic_timer(apic);
+        apic->irr_pending = true;
 }
 
 void __kvm_migrate_apic_timer(struct kvm_vcpu *vcpu)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index eca41ae9f453..4c3e5b2314cb 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -156,6 +156,8 @@ module_param(oos_shadow, bool, 0644);
 #define CREATE_TRACE_POINTS
 #include "mmutrace.h"
 
+#define SPTE_HOST_WRITEABLE (1ULL << PT_FIRST_AVAIL_BITS_SHIFT)
+
 #define SHADOW_PT_INDEX(addr, level) PT64_INDEX(addr, level)
 
 struct kvm_rmap_desc {
@@ -634,9 +636,7 @@ static void rmap_remove(struct kvm *kvm, u64 *spte)
         if (*spte & shadow_accessed_mask)
                 kvm_set_pfn_accessed(pfn);
         if (is_writeble_pte(*spte))
-                kvm_release_pfn_dirty(pfn);
-        else
-                kvm_release_pfn_clean(pfn);
+                kvm_set_pfn_dirty(pfn);
         rmapp = gfn_to_rmap(kvm, sp->gfns[spte - sp->spt], sp->role.level);
         if (!*rmapp) {
                 printk(KERN_ERR "rmap_remove: %p %llx 0->BUG\n", spte, *spte);
@@ -748,7 +748,8 @@ static int rmap_write_protect(struct kvm *kvm, u64 gfn)
         return write_protected;
 }
 
-static int kvm_unmap_rmapp(struct kvm *kvm, unsigned long *rmapp)
+static int kvm_unmap_rmapp(struct kvm *kvm, unsigned long *rmapp,
+                           unsigned long data)
 {
         u64 *spte;
         int need_tlb_flush = 0;
@@ -763,8 +764,47 @@ static int kvm_unmap_rmapp(struct kvm *kvm, unsigned long *rmapp)
         return need_tlb_flush;
 }
 
+static int kvm_set_pte_rmapp(struct kvm *kvm, unsigned long *rmapp,
+                             unsigned long data)
+{
+        int need_flush = 0;
+        u64 *spte, new_spte;
+        pte_t *ptep = (pte_t *)data;
+        pfn_t new_pfn;
+
+        WARN_ON(pte_huge(*ptep));
+        new_pfn = pte_pfn(*ptep);
+        spte = rmap_next(kvm, rmapp, NULL);
+        while (spte) {
+                BUG_ON(!is_shadow_present_pte(*spte));
+                rmap_printk("kvm_set_pte_rmapp: spte %p %llx\n", spte, *spte);
+                need_flush = 1;
+                if (pte_write(*ptep)) {
+                        rmap_remove(kvm, spte);
+                        __set_spte(spte, shadow_trap_nonpresent_pte);
+                        spte = rmap_next(kvm, rmapp, NULL);
+                } else {
+                        new_spte = *spte &~ (PT64_BASE_ADDR_MASK);
+                        new_spte |= (u64)new_pfn << PAGE_SHIFT;
+
+                        new_spte &= ~PT_WRITABLE_MASK;
+                        new_spte &= ~SPTE_HOST_WRITEABLE;
+                        if (is_writeble_pte(*spte))
+                                kvm_set_pfn_dirty(spte_to_pfn(*spte));
+                        __set_spte(spte, new_spte);
+                        spte = rmap_next(kvm, rmapp, spte);
+                }
+        }
+        if (need_flush)
+                kvm_flush_remote_tlbs(kvm);
+
+        return 0;
+}
+
 static int kvm_handle_hva(struct kvm *kvm, unsigned long hva,
-                          int (*handler)(struct kvm *kvm, unsigned long *rmapp))
+                          unsigned long data,
+                          int (*handler)(struct kvm *kvm, unsigned long *rmapp,
+                                         unsigned long data))
 {
         int i, j;
         int retval = 0;
@@ -786,13 +826,15 @@ static int kvm_handle_hva(struct kvm *kvm, unsigned long hva,
                 if (hva >= start && hva < end) {
                         gfn_t gfn_offset = (hva - start) >> PAGE_SHIFT;
 
-                        retval |= handler(kvm, &memslot->rmap[gfn_offset]);
+                        retval |= handler(kvm, &memslot->rmap[gfn_offset],
+                                          data);
 
                         for (j = 0; j < KVM_NR_PAGE_SIZES - 1; ++j) {
                                 int idx = gfn_offset;
                                 idx /= KVM_PAGES_PER_HPAGE(PT_DIRECTORY_LEVEL + j);
                                 retval |= handler(kvm,
-                                        &memslot->lpage_info[j][idx].rmap_pde);
+                                        &memslot->lpage_info[j][idx].rmap_pde,
+                                        data);
                         }
                 }
         }
@@ -802,10 +844,16 @@ static int kvm_handle_hva(struct kvm *kvm, unsigned long hva,
 
 int kvm_unmap_hva(struct kvm *kvm, unsigned long hva)
 {
-        return kvm_handle_hva(kvm, hva, kvm_unmap_rmapp);
+        return kvm_handle_hva(kvm, hva, 0, kvm_unmap_rmapp);
 }
 
-static int kvm_age_rmapp(struct kvm *kvm, unsigned long *rmapp)
+void kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte)
+{
+        kvm_handle_hva(kvm, hva, (unsigned long)&pte, kvm_set_pte_rmapp);
+}
+
+static int kvm_age_rmapp(struct kvm *kvm, unsigned long *rmapp,
+                         unsigned long data)
 {
         u64 *spte;
         int young = 0;
@@ -841,13 +889,13 @@ static void rmap_recycle(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn)
         gfn = unalias_gfn(vcpu->kvm, gfn);
         rmapp = gfn_to_rmap(vcpu->kvm, gfn, sp->role.level);
 
-        kvm_unmap_rmapp(vcpu->kvm, rmapp);
+        kvm_unmap_rmapp(vcpu->kvm, rmapp, 0);
         kvm_flush_remote_tlbs(vcpu->kvm);
 }
 
 int kvm_age_hva(struct kvm *kvm, unsigned long hva)
 {
-        return kvm_handle_hva(kvm, hva, kvm_age_rmapp);
+        return kvm_handle_hva(kvm, hva, 0, kvm_age_rmapp);
 }
 
 #ifdef MMU_DEBUG
@@ -1756,7 +1804,7 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
                     unsigned pte_access, int user_fault,
                     int write_fault, int dirty, int level,
                     gfn_t gfn, pfn_t pfn, bool speculative,
-                    bool can_unsync)
+                    bool can_unsync, bool reset_host_protection)
 {
         u64 spte;
         int ret = 0;
@@ -1783,6 +1831,9 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
                 spte |= kvm_x86_ops->get_mt_mask(vcpu, gfn,
                         kvm_is_mmio_pfn(pfn));
 
+        if (reset_host_protection)
+                spte |= SPTE_HOST_WRITEABLE;
+
         spte |= (u64)pfn << PAGE_SHIFT;
 
         if ((pte_access & ACC_WRITE_MASK)
@@ -1828,7 +1879,8 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
                          unsigned pt_access, unsigned pte_access,
                          int user_fault, int write_fault, int dirty,
                          int *ptwrite, int level, gfn_t gfn,
-                         pfn_t pfn, bool speculative)
+                         pfn_t pfn, bool speculative,
+                         bool reset_host_protection)
 {
         int was_rmapped = 0;
         int was_writeble = is_writeble_pte(*sptep);
@@ -1860,7 +1912,8 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
         }
 
         if (set_spte(vcpu, sptep, pte_access, user_fault, write_fault,
-                      dirty, level, gfn, pfn, speculative, true)) {
+                      dirty, level, gfn, pfn, speculative, true,
+                      reset_host_protection)) {
                 if (write_fault)
                         *ptwrite = 1;
                 kvm_x86_ops->tlb_flush(vcpu);
@@ -1877,8 +1930,7 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
         page_header_update_slot(vcpu->kvm, sptep, gfn);
         if (!was_rmapped) {
                 rmap_count = rmap_add(vcpu, sptep, gfn);
-                if (!is_rmap_spte(*sptep))
-                        kvm_release_pfn_clean(pfn);
+                kvm_release_pfn_clean(pfn);
                 if (rmap_count > RMAP_RECYCLE_THRESHOLD)
                         rmap_recycle(vcpu, sptep, gfn);
         } else {
@@ -1909,7 +1961,7 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
                 if (iterator.level == level) {
                         mmu_set_spte(vcpu, iterator.sptep, ACC_ALL, ACC_ALL,
                                      0, write, 1, &pt_write,
-                                     level, gfn, pfn, false);
+                                     level, gfn, pfn, false, true);
                         ++vcpu->stat.pf_fixed;
                         break;
                 }
@@ -2737,7 +2789,7 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u32 error_code)
         if (r)
                 goto out;
 
-        er = emulate_instruction(vcpu, vcpu->run, cr2, error_code, 0);
+        er = emulate_instruction(vcpu, cr2, error_code, 0);
 
         switch (er) {
         case EMULATE_DONE:
@@ -2748,6 +2800,7 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u32 error_code)
         case EMULATE_FAIL:
                 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
                 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
+                vcpu->run->internal.ndata = 0;
                 return 0;
         default:
                 BUG();
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index d2fec9c12d22..58a0f1e88596 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -273,9 +273,13 @@ static void FNAME(update_pte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *page,
         if (mmu_notifier_retry(vcpu, vcpu->arch.update_pte.mmu_seq))
                 return;
         kvm_get_pfn(pfn);
+        /*
+         * we call mmu_set_spte() with reset_host_protection = true beacuse that
+         * vcpu->arch.update_pte.pfn was fetched from get_user_pages(write = 1).
+         */
         mmu_set_spte(vcpu, spte, page->role.access, pte_access, 0, 0,
                      gpte & PT_DIRTY_MASK, NULL, PT_PAGE_TABLE_LEVEL,
-                     gpte_to_gfn(gpte), pfn, true);
+                     gpte_to_gfn(gpte), pfn, true, true);
 }
 
 /*
@@ -308,7 +312,7 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
                                      user_fault, write_fault,
                                      gw->ptes[gw->level-1] & PT_DIRTY_MASK,
                                      ptwrite, level,
-                                     gw->gfn, pfn, false);
+                                     gw->gfn, pfn, false, true);
                         break;
                 }
 
@@ -451,8 +455,6 @@ out_unlock:
 static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
 {
         struct kvm_shadow_walk_iterator iterator;
-        pt_element_t gpte;
-        gpa_t pte_gpa = -1;
         int level;
         u64 *sptep;
         int need_flush = 0;
@@ -463,14 +465,9 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
                 level = iterator.level;
                 sptep = iterator.sptep;
 
-                /* FIXME: properly handle invlpg on large guest pages */
                 if (level == PT_PAGE_TABLE_LEVEL  ||
                     ((level == PT_DIRECTORY_LEVEL && is_large_pte(*sptep))) ||
                     ((level == PT_PDPE_LEVEL && is_large_pte(*sptep)))) {
-                        struct kvm_mmu_page *sp = page_header(__pa(sptep));
-
-                        pte_gpa = (sp->gfn << PAGE_SHIFT);
-                        pte_gpa += (sptep - sp->spt) * sizeof(pt_element_t);
 
                         if (is_shadow_present_pte(*sptep)) {
                                 rmap_remove(vcpu->kvm, sptep);
@@ -489,18 +486,6 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
         if (need_flush)
                 kvm_flush_remote_tlbs(vcpu->kvm);
         spin_unlock(&vcpu->kvm->mmu_lock);
-
-        if (pte_gpa == -1)
-                return;
-        if (kvm_read_guest_atomic(vcpu->kvm, pte_gpa, &gpte,
-                                  sizeof(pt_element_t)))
-                return;
-        if (is_present_gpte(gpte) && (gpte & PT_ACCESSED_MASK)) {
-                if (mmu_topup_memory_caches(vcpu))
-                        return;
-                kvm_mmu_pte_write(vcpu, pte_gpa, (const u8 *)&gpte,
-                                  sizeof(pt_element_t), 0);
-        }
 }
 
 static gpa_t FNAME(gva_to_gpa)(struct kvm_vcpu *vcpu, gva_t vaddr)
@@ -558,6 +543,7 @@ static void FNAME(prefetch_page)(struct kvm_vcpu *vcpu,
 static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
 {
         int i, offset, nr_present;
+        bool reset_host_protection;
 
         offset = nr_present = 0;
 
@@ -595,9 +581,16 @@ static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
 
                 nr_present++;
                 pte_access = sp->role.access & FNAME(gpte_access)(vcpu, gpte);
+                if (!(sp->spt[i] & SPTE_HOST_WRITEABLE)) {
+                        pte_access &= ~ACC_WRITE_MASK;
+                        reset_host_protection = 0;
+                } else {
+                        reset_host_protection = 1;
+                }
                 set_spte(vcpu, &sp->spt[i], pte_access, 0, 0,
                          is_dirty_gpte(gpte), PT_PAGE_TABLE_LEVEL, gfn,
-                         spte_to_pfn(sp->spt[i]), true, false);
+                         spte_to_pfn(sp->spt[i]), true, false,
+                         reset_host_protection);
         }
 
         return !nr_present;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 6c79a14a3b6f..1d9b33843c80 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -46,6 +46,7 @@ MODULE_LICENSE("GPL");
 #define SVM_FEATURE_NPT  (1 << 0)
 #define SVM_FEATURE_LBRV (1 << 1)
 #define SVM_FEATURE_SVML (1 << 2)
+#define SVM_FEATURE_PAUSE_FILTER (1 << 10)
 
 #define NESTED_EXIT_HOST        0       /* Exit handled on host level */
 #define NESTED_EXIT_DONE        1       /* Exit caused nested vmexit  */
@@ -53,15 +54,6 @@ MODULE_LICENSE("GPL");
 
 #define DEBUGCTL_RESERVED_BITS (~(0x3fULL))
 
-/* Turn on to get debugging output*/
-/* #define NESTED_DEBUG */
-
-#ifdef NESTED_DEBUG
-#define nsvm_printk(fmt, args...) printk(KERN_INFO fmt, ## args)
-#else
-#define nsvm_printk(fmt, args...) do {} while(0)
-#endif
-
 static const u32 host_save_user_msrs[] = {
 #ifdef CONFIG_X86_64
         MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE,
@@ -85,6 +77,9 @@ struct nested_state {
         /* gpa pointers to the real vectors */
         u64 vmcb_msrpm;
 
+        /* A VMEXIT is required but not yet emulated */
+        bool exit_required;
+
         /* cache for intercepts of the guest */
         u16 intercept_cr_read;
         u16 intercept_cr_write;
@@ -112,6 +107,8 @@ struct vcpu_svm {
         u32 *msrpm;
 
         struct nested_state nested;
+
+        bool nmi_singlestep;
 };
 
 /* enable NPT for AMD64 and X86 with PAE */
@@ -286,7 +283,7 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
         struct vcpu_svm *svm = to_svm(vcpu);
 
         if (!svm->next_rip) {
-                if (emulate_instruction(vcpu, vcpu->run, 0, 0, EMULTYPE_SKIP) !=
+                if (emulate_instruction(vcpu, 0, 0, EMULTYPE_SKIP) !=
                                 EMULATE_DONE)
                         printk(KERN_DEBUG "%s: NOP\n", __func__);
                 return;
@@ -316,7 +313,7 @@ static void svm_hardware_disable(void *garbage)
         cpu_svm_disable();
 }
 
-static void svm_hardware_enable(void *garbage)
+static int svm_hardware_enable(void *garbage)
 {
 
         struct svm_cpu_data *sd;
@@ -325,16 +322,21 @@ static void svm_hardware_enable(void *garbage)
         struct desc_struct *gdt;
         int me = raw_smp_processor_id();
 
+        rdmsrl(MSR_EFER, efer);
+        if (efer & EFER_SVME)
+                return -EBUSY;
+
         if (!has_svm()) {
-                printk(KERN_ERR "svm_cpu_init: err EOPNOTSUPP on %d\n", me);
-                return;
+                printk(KERN_ERR "svm_hardware_enable: err EOPNOTSUPP on %d\n",
+                       me);
+                return -EINVAL;
         }
         sd = per_cpu(svm_data, me);
 
         if (!sd) {
-                printk(KERN_ERR "svm_cpu_init: svm_data is NULL on %d\n",
+                printk(KERN_ERR "svm_hardware_enable: svm_data is NULL on %d\n",
                        me);
-                return;
+                return -EINVAL;
         }
 
         sd->asid_generation = 1;
@@ -345,11 +347,11 @@ static void svm_hardware_enable(void *garbage)
         gdt = (struct desc_struct *)gdt_descr.base;
         sd->tss_desc = (struct kvm_ldttss_desc *)(gdt + GDT_ENTRY_TSS);
 
-        rdmsrl(MSR_EFER, efer);
         wrmsrl(MSR_EFER, efer | EFER_SVME);
 
-        wrmsrl(MSR_VM_HSAVE_PA,
-               page_to_pfn(sd->save_area) << PAGE_SHIFT);
+        wrmsrl(MSR_VM_HSAVE_PA, page_to_pfn(sd->save_area) << PAGE_SHIFT);
+
+        return 0;
 }
 
 static void svm_cpu_uninit(int cpu)
@@ -475,7 +477,7 @@ static __init int svm_hardware_setup(void)
                 kvm_enable_efer_bits(EFER_SVME);
         }
 
-        for_each_online_cpu(cpu) {
+        for_each_possible_cpu(cpu) {
                 r = svm_cpu_init(cpu);
                 if (r)
                         goto err;
@@ -509,7 +511,7 @@ static __exit void svm_hardware_unsetup(void)
 {
         int cpu;
 
-        for_each_online_cpu(cpu)
+        for_each_possible_cpu(cpu)
                 svm_cpu_uninit(cpu);
 
         __free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT), IOPM_ALLOC_ORDER);
@@ -624,11 +626,12 @@ static void init_vmcb(struct vcpu_svm *svm)
         save->rip = 0x0000fff0;
         svm->vcpu.arch.regs[VCPU_REGS_RIP] = save->rip;
 
-        /*
-         * cr0 val on cpu init should be 0x60000010, we enable cpu
-         * cache by default. the orderly way is to enable cache in bios.
+        /* This is the guest-visible cr0 value.
+         * svm_set_cr0() sets PG and WP and clears NW and CD on save->cr0.
          */
-        save->cr0 = 0x00000010 | X86_CR0_PG | X86_CR0_WP;
+        svm->vcpu.arch.cr0 = X86_CR0_NW | X86_CR0_CD | X86_CR0_ET;
+        kvm_set_cr0(&svm->vcpu, svm->vcpu.arch.cr0);
+
         save->cr4 = X86_CR4_PAE;
         /* rdx = ?? */
 
@@ -643,8 +646,6 @@ static void init_vmcb(struct vcpu_svm *svm)
                 control->intercept_cr_write &= ~(INTERCEPT_CR0_MASK|
                                                  INTERCEPT_CR3_MASK);
                 save->g_pat = 0x0007040600070406ULL;
-                /* enable caching because the QEMU Bios doesn't enable it */
-                save->cr0 = X86_CR0_ET;
                 save->cr3 = 0;
                 save->cr4 = 0;
         }
@@ -653,6 +654,11 @@ static void init_vmcb(struct vcpu_svm *svm)
         svm->nested.vmcb = 0;
         svm->vcpu.arch.hflags = 0;
 
+        if (svm_has(SVM_FEATURE_PAUSE_FILTER)) {
+                control->pause_filter_count = 3000;
+                control->intercept |= (1ULL << INTERCEPT_PAUSE);
+        }
+
         enable_gif(svm);
 }
 
@@ -757,15 +763,16 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
         int i;
 
         if (unlikely(cpu != vcpu->cpu)) {
-                u64 tsc_this, delta;
+                u64 delta;
 
                 /*
                  * Make sure that the guest sees a monotonically
                  * increasing TSC.
                  */
-                rdtscll(tsc_this);
-                delta = vcpu->arch.host_tsc - tsc_this;
+                delta = vcpu->arch.host_tsc - native_read_tsc();
                 svm->vmcb->control.tsc_offset += delta;
+                if (is_nested(svm))
+                        svm->nested.hsave->control.tsc_offset += delta;
                 vcpu->cpu = cpu;
                 kvm_migrate_timers(vcpu);
                 svm->asid_generation = 0;
@@ -784,7 +791,7 @@ static void svm_vcpu_put(struct kvm_vcpu *vcpu)
         for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
                 wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]);
 
-        rdtscll(vcpu->arch.host_tsc);
+        vcpu->arch.host_tsc = native_read_tsc();
 }
 
 static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
@@ -1042,7 +1049,7 @@ static void update_db_intercept(struct kvm_vcpu *vcpu)
         svm->vmcb->control.intercept_exceptions &=
                 ~((1 << DB_VECTOR) | (1 << BP_VECTOR));
 
-        if (vcpu->arch.singlestep)
+        if (svm->nmi_singlestep)
                 svm->vmcb->control.intercept_exceptions |= (1 << DB_VECTOR);
 
         if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
@@ -1057,26 +1064,16 @@ static void update_db_intercept(struct kvm_vcpu *vcpu)
                 vcpu->guest_debug = 0;
 }
 
-static int svm_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
+static void svm_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
 {
-        int old_debug = vcpu->guest_debug;
         struct vcpu_svm *svm = to_svm(vcpu);
 
-        vcpu->guest_debug = dbg->control;
-
-        update_db_intercept(vcpu);
-
         if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)
                 svm->vmcb->save.dr7 = dbg->arch.debugreg[7];
         else
                 svm->vmcb->save.dr7 = vcpu->arch.dr7;
 
-        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
-                svm->vmcb->save.rflags |= X86_EFLAGS_TF | X86_EFLAGS_RF;
-        else if (old_debug & KVM_GUESTDBG_SINGLESTEP)
-                svm->vmcb->save.rflags &= ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
-
-        return 0;
+        update_db_intercept(vcpu);
 }
 
 static void load_host_msrs(struct kvm_vcpu *vcpu)
@@ -1177,7 +1174,7 @@ static void svm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long value,
         }
 }
 
-static int pf_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int pf_interception(struct vcpu_svm *svm)
 {
         u64 fault_address;
         u32 error_code;
@@ -1191,17 +1188,19 @@ static int pf_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code);
 }
 
-static int db_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int db_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         if (!(svm->vcpu.guest_debug &
               (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) &&
-                !svm->vcpu.arch.singlestep) {
+                !svm->nmi_singlestep) {
                 kvm_queue_exception(&svm->vcpu, DB_VECTOR);
                 return 1;
         }
 
-        if (svm->vcpu.arch.singlestep) {
-                svm->vcpu.arch.singlestep = false;
+        if (svm->nmi_singlestep) {
+                svm->nmi_singlestep = false;
                 if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
                         svm->vmcb->save.rflags &=
                                 ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
@@ -1220,25 +1219,27 @@ static int db_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int bp_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int bp_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         kvm_run->exit_reason = KVM_EXIT_DEBUG;
         kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
         kvm_run->debug.arch.exception = BP_VECTOR;
         return 0;
 }
 
-static int ud_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int ud_interception(struct vcpu_svm *svm)
 {
         int er;
 
-        er = emulate_instruction(&svm->vcpu, kvm_run, 0, 0, EMULTYPE_TRAP_UD);
+        er = emulate_instruction(&svm->vcpu, 0, 0, EMULTYPE_TRAP_UD);
         if (er != EMULATE_DONE)
                 kvm_queue_exception(&svm->vcpu, UD_VECTOR);
         return 1;
 }
 
-static int nm_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int nm_interception(struct vcpu_svm *svm)
 {
         svm->vmcb->control.intercept_exceptions &= ~(1 << NM_VECTOR);
         if (!(svm->vcpu.arch.cr0 & X86_CR0_TS))
@@ -1248,7 +1249,7 @@ static int nm_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int mc_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int mc_interception(struct vcpu_svm *svm)
 {
         /*
          * On an #MC intercept the MCE handler is not called automatically in
@@ -1261,8 +1262,10 @@ static int mc_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int shutdown_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int shutdown_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         /*
          * VMCB is undefined after a SHUTDOWN intercept
          * so reinitialize it.
@@ -1274,7 +1277,7 @@ static int shutdown_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 0;
 }
 
-static int io_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int io_interception(struct vcpu_svm *svm)
 {
         u32 io_info = svm->vmcb->control.exit_info_1; /* address size bug? */
         int size, in, string;
@@ -1288,7 +1291,7 @@ static int io_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 
         if (string) {
                 if (emulate_instruction(&svm->vcpu,
-                                        kvm_run, 0, 0, 0) == EMULATE_DO_MMIO)
+                                        0, 0, 0) == EMULATE_DO_MMIO)
                         return 0;
                 return 1;
         }
@@ -1298,33 +1301,33 @@ static int io_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT;
 
         skip_emulated_instruction(&svm->vcpu);
-        return kvm_emulate_pio(&svm->vcpu, kvm_run, in, size, port);
+        return kvm_emulate_pio(&svm->vcpu, in, size, port);
 }
 
-static int nmi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int nmi_interception(struct vcpu_svm *svm)
 {
         return 1;
 }
 
-static int intr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int intr_interception(struct vcpu_svm *svm)
 {
         ++svm->vcpu.stat.irq_exits;
         return 1;
 }
 
-static int nop_on_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int nop_on_interception(struct vcpu_svm *svm)
 {
         return 1;
 }
 
-static int halt_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int halt_interception(struct vcpu_svm *svm)
 {
         svm->next_rip = kvm_rip_read(&svm->vcpu) + 1;
         skip_emulated_instruction(&svm->vcpu);
         return kvm_emulate_halt(&svm->vcpu);
 }
 
-static int vmmcall_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int vmmcall_interception(struct vcpu_svm *svm)
 {
         svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
         skip_emulated_instruction(&svm->vcpu);
@@ -1375,8 +1378,15 @@ static inline int nested_svm_intr(struct vcpu_svm *svm)
 
         svm->vmcb->control.exit_code = SVM_EXIT_INTR;
 
-        if (nested_svm_exit_handled(svm)) {
-                nsvm_printk("VMexit -> INTR\n");
+        if (svm->nested.intercept & 1ULL) {
+                /*
+                 * The #vmexit can't be emulated here directly because this
+                 * code path runs with irqs and preemtion disabled. A
+                 * #vmexit emulation might sleep. Only signal request for
+                 * the #vmexit here.
+                 */
+                svm->nested.exit_required = true;
+                trace_kvm_nested_intr_vmexit(svm->vmcb->save.rip);
                 return 1;
         }
 
@@ -1387,10 +1397,7 @@ static void *nested_svm_map(struct vcpu_svm *svm, u64 gpa, enum km_type idx)
 {
         struct page *page;
 
-        down_read(&current->mm->mmap_sem);
         page = gfn_to_page(svm->vcpu.kvm, gpa >> PAGE_SHIFT);
-        up_read(&current->mm->mmap_sem);
-
         if (is_error_page(page))
                 goto error;
 
@@ -1529,14 +1536,12 @@ static int nested_svm_exit_handled(struct vcpu_svm *svm)
         }
         default: {
                 u64 exit_bits = 1ULL << (exit_code - SVM_EXIT_INTR);
-                nsvm_printk("exit code: 0x%x\n", exit_code);
                 if (svm->nested.intercept & exit_bits)
                         vmexit = NESTED_EXIT_DONE;
         }
         }
 
         if (vmexit == NESTED_EXIT_DONE) {
-                nsvm_printk("#VMEXIT reason=%04x\n", exit_code);
                 nested_svm_vmexit(svm);
         }
 
@@ -1581,6 +1586,12 @@ static int nested_svm_vmexit(struct vcpu_svm *svm)
         struct vmcb *hsave = svm->nested.hsave;
         struct vmcb *vmcb = svm->vmcb;
 
+        trace_kvm_nested_vmexit_inject(vmcb->control.exit_code,
+                                       vmcb->control.exit_info_1,
+                                       vmcb->control.exit_info_2,
+                                       vmcb->control.exit_int_info,
+                                       vmcb->control.exit_int_info_err);
+
         nested_vmcb = nested_svm_map(svm, svm->nested.vmcb, KM_USER0);
         if (!nested_vmcb)
                 return 1;
@@ -1614,6 +1625,22 @@ static int nested_svm_vmexit(struct vcpu_svm *svm)
         nested_vmcb->control.exit_info_2       = vmcb->control.exit_info_2;
         nested_vmcb->control.exit_int_info     = vmcb->control.exit_int_info;
         nested_vmcb->control.exit_int_info_err = vmcb->control.exit_int_info_err;
+
+        /*
+         * If we emulate a VMRUN/#VMEXIT in the same host #vmexit cycle we have
+         * to make sure that we do not lose injected events. So check event_inj
+         * here and copy it to exit_int_info if it is valid.
+         * Exit_int_info and event_inj can't be both valid because the case
+         * below only happens on a VMRUN instruction intercept which has
+         * no valid exit_int_info set.
+         */
+        if (vmcb->control.event_inj & SVM_EVTINJ_VALID) {
+                struct vmcb_control_area *nc = &nested_vmcb->control;
+
+                nc->exit_int_info     = vmcb->control.event_inj;
+                nc->exit_int_info_err = vmcb->control.event_inj_err;
+        }
+
         nested_vmcb->control.tlb_ctl           = 0;
         nested_vmcb->control.event_inj         = 0;
         nested_vmcb->control.event_inj_err     = 0;
@@ -1625,10 +1652,6 @@ static int nested_svm_vmexit(struct vcpu_svm *svm)
         /* Restore the original control entries */
         copy_vmcb_control_area(vmcb, hsave);
 
-        /* Kill any pending exceptions */
-        if (svm->vcpu.arch.exception.pending == true)
-                nsvm_printk("WARNING: Pending Exception\n");
-
         kvm_clear_exception_queue(&svm->vcpu);
         kvm_clear_interrupt_queue(&svm->vcpu);
 
@@ -1699,6 +1722,12 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
         /* nested_vmcb is our indicator if nested SVM is activated */
         svm->nested.vmcb = svm->vmcb->save.rax;
 
+        trace_kvm_nested_vmrun(svm->vmcb->save.rip - 3, svm->nested.vmcb,
+                               nested_vmcb->save.rip,
+                               nested_vmcb->control.int_ctl,
+                               nested_vmcb->control.event_inj,
+                               nested_vmcb->control.nested_ctl);
+
         /* Clear internal status */
         kvm_clear_exception_queue(&svm->vcpu);
         kvm_clear_interrupt_queue(&svm->vcpu);
@@ -1786,28 +1815,15 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
         svm->nested.intercept            = nested_vmcb->control.intercept;
 
         force_new_asid(&svm->vcpu);
-        svm->vmcb->control.exit_int_info = nested_vmcb->control.exit_int_info;
-        svm->vmcb->control.exit_int_info_err = nested_vmcb->control.exit_int_info_err;
         svm->vmcb->control.int_ctl = nested_vmcb->control.int_ctl | V_INTR_MASKING_MASK;
-        if (nested_vmcb->control.int_ctl & V_IRQ_MASK) {
-                nsvm_printk("nSVM Injecting Interrupt: 0x%x\n",
-                                nested_vmcb->control.int_ctl);
-        }
         if (nested_vmcb->control.int_ctl & V_INTR_MASKING_MASK)
                 svm->vcpu.arch.hflags |= HF_VINTR_MASK;
         else
                 svm->vcpu.arch.hflags &= ~HF_VINTR_MASK;
 
-        nsvm_printk("nSVM exit_int_info: 0x%x | int_state: 0x%x\n",
-                        nested_vmcb->control.exit_int_info,
-                        nested_vmcb->control.int_state);
-
         svm->vmcb->control.int_vector = nested_vmcb->control.int_vector;
         svm->vmcb->control.int_state = nested_vmcb->control.int_state;
         svm->vmcb->control.tsc_offset += nested_vmcb->control.tsc_offset;
-        if (nested_vmcb->control.event_inj & SVM_EVTINJ_VALID)
-                nsvm_printk("Injecting Event: 0x%x\n",
-                                nested_vmcb->control.event_inj);
         svm->vmcb->control.event_inj = nested_vmcb->control.event_inj;
         svm->vmcb->control.event_inj_err = nested_vmcb->control.event_inj_err;
 
@@ -1834,7 +1850,7 @@ static void nested_svm_vmloadsave(struct vmcb *from_vmcb, struct vmcb *to_vmcb)
         to_vmcb->save.sysenter_eip = from_vmcb->save.sysenter_eip;
 }
 
-static int vmload_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int vmload_interception(struct vcpu_svm *svm)
 {
         struct vmcb *nested_vmcb;
 
@@ -1854,7 +1870,7 @@ static int vmload_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int vmsave_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int vmsave_interception(struct vcpu_svm *svm)
 {
         struct vmcb *nested_vmcb;
 
@@ -1874,10 +1890,8 @@ static int vmsave_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int vmrun_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int vmrun_interception(struct vcpu_svm *svm)
 {
-        nsvm_printk("VMrun\n");
-
         if (nested_svm_check_permissions(svm))
                 return 1;
 
@@ -1904,7 +1918,7 @@ failed:
         return 1;
 }
 
-static int stgi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int stgi_interception(struct vcpu_svm *svm)
 {
         if (nested_svm_check_permissions(svm))
                 return 1;
@@ -1917,7 +1931,7 @@ static int stgi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int clgi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int clgi_interception(struct vcpu_svm *svm)
 {
         if (nested_svm_check_permissions(svm))
                 return 1;
@@ -1934,10 +1948,12 @@ static int clgi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int invlpga_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int invlpga_interception(struct vcpu_svm *svm)
 {
         struct kvm_vcpu *vcpu = &svm->vcpu;
-        nsvm_printk("INVLPGA\n");
+
+        trace_kvm_invlpga(svm->vmcb->save.rip, vcpu->arch.regs[VCPU_REGS_RCX],
+                          vcpu->arch.regs[VCPU_REGS_RAX]);
 
         /* Let's treat INVLPGA the same as INVLPG (can be optimized!) */
         kvm_mmu_invlpg(vcpu, vcpu->arch.regs[VCPU_REGS_RAX]);
@@ -1947,15 +1963,21 @@ static int invlpga_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int invalid_op_interception(struct vcpu_svm *svm,
-                                   struct kvm_run *kvm_run)
+static int skinit_interception(struct vcpu_svm *svm)
 {
+        trace_kvm_skinit(svm->vmcb->save.rip, svm->vcpu.arch.regs[VCPU_REGS_RAX]);
+
         kvm_queue_exception(&svm->vcpu, UD_VECTOR);
         return 1;
 }
 
-static int task_switch_interception(struct vcpu_svm *svm,
-                                    struct kvm_run *kvm_run)
+static int invalid_op_interception(struct vcpu_svm *svm)
+{
+        kvm_queue_exception(&svm->vcpu, UD_VECTOR);
+        return 1;
+}
+
+static int task_switch_interception(struct vcpu_svm *svm)
 {
         u16 tss_selector;
         int reason;
@@ -2005,14 +2027,14 @@ static int task_switch_interception(struct vcpu_svm *svm,
         return kvm_task_switch(&svm->vcpu, tss_selector, reason);
 }
 
-static int cpuid_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int cpuid_interception(struct vcpu_svm *svm)
 {
         svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
         kvm_emulate_cpuid(&svm->vcpu);
         return 1;
 }
 
-static int iret_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int iret_interception(struct vcpu_svm *svm)
 {
         ++svm->vcpu.stat.nmi_window_exits;
         svm->vmcb->control.intercept &= ~(1UL << INTERCEPT_IRET);
@@ -2020,26 +2042,27 @@ static int iret_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int invlpg_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int invlpg_interception(struct vcpu_svm *svm)
 {
-        if (emulate_instruction(&svm->vcpu, kvm_run, 0, 0, 0) != EMULATE_DONE)
+        if (emulate_instruction(&svm->vcpu, 0, 0, 0) != EMULATE_DONE)
                 pr_unimpl(&svm->vcpu, "%s: failed\n", __func__);
         return 1;
 }
 
-static int emulate_on_interception(struct vcpu_svm *svm,
-                                   struct kvm_run *kvm_run)
+static int emulate_on_interception(struct vcpu_svm *svm)
 {
-        if (emulate_instruction(&svm->vcpu, NULL, 0, 0, 0) != EMULATE_DONE)
+        if (emulate_instruction(&svm->vcpu, 0, 0, 0) != EMULATE_DONE)
                 pr_unimpl(&svm->vcpu, "%s: failed\n", __func__);
         return 1;
 }
 
-static int cr8_write_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int cr8_write_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         u8 cr8_prev = kvm_get_cr8(&svm->vcpu);
         /* instruction emulation calls kvm_set_cr8() */
-        emulate_instruction(&svm->vcpu, NULL, 0, 0, 0);
+        emulate_instruction(&svm->vcpu, 0, 0, 0);
         if (irqchip_in_kernel(svm->vcpu.kvm)) {
                 svm->vmcb->control.intercept_cr_write &= ~INTERCEPT_CR8_MASK;
                 return 1;
@@ -2056,10 +2079,14 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 *data)
 
         switch (ecx) {
         case MSR_IA32_TSC: {
-                u64 tsc;
+                u64 tsc_offset;
 
-                rdtscll(tsc);
-                *data = svm->vmcb->control.tsc_offset + tsc;
+                if (is_nested(svm))
+                        tsc_offset = svm->nested.hsave->control.tsc_offset;
+                else
+                        tsc_offset = svm->vmcb->control.tsc_offset;
+
+                *data = tsc_offset + native_read_tsc();
                 break;
         }
         case MSR_K6_STAR:
@@ -2121,7 +2148,7 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 *data)
         return 0;
 }
 
-static int rdmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int rdmsr_interception(struct vcpu_svm *svm)
 {
         u32 ecx = svm->vcpu.arch.regs[VCPU_REGS_RCX];
         u64 data;
@@ -2145,10 +2172,17 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data)
 
         switch (ecx) {
         case MSR_IA32_TSC: {
-                u64 tsc;
+                u64 tsc_offset = data - native_read_tsc();
+                u64 g_tsc_offset = 0;
+
+                if (is_nested(svm)) {
+                        g_tsc_offset = svm->vmcb->control.tsc_offset -
+                                       svm->nested.hsave->control.tsc_offset;
+                        svm->nested.hsave->control.tsc_offset = tsc_offset;
+                }
+
+                svm->vmcb->control.tsc_offset = tsc_offset + g_tsc_offset;
 
-                rdtscll(tsc);
-                svm->vmcb->control.tsc_offset = data - tsc;
                 break;
         }
         case MSR_K6_STAR:
@@ -2207,7 +2241,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data)
         return 0;
 }
 
-static int wrmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int wrmsr_interception(struct vcpu_svm *svm)
 {
         u32 ecx = svm->vcpu.arch.regs[VCPU_REGS_RCX];
         u64 data = (svm->vcpu.arch.regs[VCPU_REGS_RAX] & -1u)
@@ -2223,17 +2257,18 @@ static int wrmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int msr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int msr_interception(struct vcpu_svm *svm)
 {
         if (svm->vmcb->control.exit_info_1)
-                return wrmsr_interception(svm, kvm_run);
+                return wrmsr_interception(svm);
         else
-                return rdmsr_interception(svm, kvm_run);
+                return rdmsr_interception(svm);
 }
 
-static int interrupt_window_interception(struct vcpu_svm *svm,
-                                   struct kvm_run *kvm_run)
+static int interrupt_window_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         svm_clear_vintr(svm);
         svm->vmcb->control.int_ctl &= ~V_IRQ_MASK;
         /*
@@ -2251,8 +2286,13 @@ static int interrupt_window_interception(struct vcpu_svm *svm,
         return 1;
 }
 
-static int (*svm_exit_handlers[])(struct vcpu_svm *svm,
-                                      struct kvm_run *kvm_run) = {
+static int pause_interception(struct vcpu_svm *svm)
+{
+        kvm_vcpu_on_spin(&(svm->vcpu));
+        return 1;
+}
+
+static int (*svm_exit_handlers[])(struct vcpu_svm *svm) = {
         [SVM_EXIT_READ_CR0]                     = emulate_on_interception,
         [SVM_EXIT_READ_CR3]                     = emulate_on_interception,
         [SVM_EXIT_READ_CR4]                     = emulate_on_interception,
@@ -2287,6 +2327,7 @@ static int (*svm_exit_handlers[])(struct vcpu_svm *svm,
         [SVM_EXIT_CPUID]                        = cpuid_interception,
         [SVM_EXIT_IRET]                         = iret_interception,
         [SVM_EXIT_INVD]                         = emulate_on_interception,
+        [SVM_EXIT_PAUSE]                        = pause_interception,
         [SVM_EXIT_HLT]                          = halt_interception,
         [SVM_EXIT_INVLPG]                       = invlpg_interception,
         [SVM_EXIT_INVLPGA]                      = invlpga_interception,
@@ -2300,26 +2341,36 @@ static int (*svm_exit_handlers[])(struct vcpu_svm *svm,
         [SVM_EXIT_VMSAVE]                       = vmsave_interception,
         [SVM_EXIT_STGI]                         = stgi_interception,
         [SVM_EXIT_CLGI]                         = clgi_interception,
-        [SVM_EXIT_SKINIT]                       = invalid_op_interception,
+        [SVM_EXIT_SKINIT]                       = skinit_interception,
         [SVM_EXIT_WBINVD]                       = emulate_on_interception,
         [SVM_EXIT_MONITOR]                      = invalid_op_interception,
         [SVM_EXIT_MWAIT]                        = invalid_op_interception,
         [SVM_EXIT_NPF]                          = pf_interception,
 };
 
-static int handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
+static int handle_exit(struct kvm_vcpu *vcpu)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
+        struct kvm_run *kvm_run = vcpu->run;
         u32 exit_code = svm->vmcb->control.exit_code;
 
         trace_kvm_exit(exit_code, svm->vmcb->save.rip);
 
+        if (unlikely(svm->nested.exit_required)) {
+                nested_svm_vmexit(svm);
+                svm->nested.exit_required = false;
+
+                return 1;
+        }
+
         if (is_nested(svm)) {
                 int vmexit;
 
-                nsvm_printk("nested handle_exit: 0x%x | 0x%lx | 0x%lx | 0x%lx\n",
-                            exit_code, svm->vmcb->control.exit_info_1,
-                            svm->vmcb->control.exit_info_2, svm->vmcb->save.rip);
+                trace_kvm_nested_vmexit(svm->vmcb->save.rip, exit_code,
+                                        svm->vmcb->control.exit_info_1,
+                                        svm->vmcb->control.exit_info_2,
+                                        svm->vmcb->control.exit_int_info,
+                                        svm->vmcb->control.exit_int_info_err);
 
                 vmexit = nested_svm_exit_special(svm);
 
@@ -2369,7 +2420,7 @@ static int handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
                 return 0;
         }
 
-        return svm_exit_handlers[exit_code](svm, kvm_run);
+        return svm_exit_handlers[exit_code](svm);
 }
 
 static void reload_tss(struct kvm_vcpu *vcpu)
@@ -2446,20 +2497,47 @@ static int svm_nmi_allowed(struct kvm_vcpu *vcpu)
                 !(svm->vcpu.arch.hflags & HF_NMI_MASK);
 }
 
+static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu)
+{
+        struct vcpu_svm *svm = to_svm(vcpu);
+
+        return !!(svm->vcpu.arch.hflags & HF_NMI_MASK);
+}
+
+static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
+{
+        struct vcpu_svm *svm = to_svm(vcpu);
+
+        if (masked) {
+                svm->vcpu.arch.hflags |= HF_NMI_MASK;
+                svm->vmcb->control.intercept |= (1UL << INTERCEPT_IRET);
+        } else {
+                svm->vcpu.arch.hflags &= ~HF_NMI_MASK;
+                svm->vmcb->control.intercept &= ~(1UL << INTERCEPT_IRET);
+        }
+}
+
 static int svm_interrupt_allowed(struct kvm_vcpu *vcpu)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
         struct vmcb *vmcb = svm->vmcb;
-        return (vmcb->save.rflags & X86_EFLAGS_IF) &&
-                !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
-                gif_set(svm) &&
-                !(is_nested(svm) && (svm->vcpu.arch.hflags & HF_VINTR_MASK));
+        int ret;
+
+        if (!gif_set(svm) ||
+             (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK))
+                return 0;
+
+        ret = !!(vmcb->save.rflags & X86_EFLAGS_IF);
+
+        if (is_nested(svm))
+                return ret && !(svm->vcpu.arch.hflags & HF_VINTR_MASK);
+
+        return ret;
 }
 
 static void enable_irq_window(struct kvm_vcpu *vcpu)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
-        nsvm_printk("Trying to open IRQ window\n");
 
         nested_svm_intr(svm);
 
@@ -2484,7 +2562,7 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
         /* Something prevents NMI from been injected. Single step over
            possible problem (IRET or exception injection or interrupt
            shadow) */
-        vcpu->arch.singlestep = true;
+        svm->nmi_singlestep = true;
         svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
         update_db_intercept(vcpu);
 }
@@ -2574,13 +2652,20 @@ static void svm_complete_interrupts(struct vcpu_svm *svm)
 #define R "e"
 #endif
 
-static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static void svm_vcpu_run(struct kvm_vcpu *vcpu)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
         u16 fs_selector;
         u16 gs_selector;
         u16 ldt_selector;
 
+        /*
+         * A vmexit emulation is required before the vcpu can be executed
+         * again.
+         */
+        if (unlikely(svm->nested.exit_required))
+                return;
+
         svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
         svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
         svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
@@ -2879,6 +2964,8 @@ static struct kvm_x86_ops svm_x86_ops = {
         .queue_exception = svm_queue_exception,
         .interrupt_allowed = svm_interrupt_allowed,
         .nmi_allowed = svm_nmi_allowed,
+        .get_nmi_mask = svm_get_nmi_mask,
+        .set_nmi_mask = svm_set_nmi_mask,
         .enable_nmi_window = enable_nmi_window,
         .enable_irq_window = enable_irq_window,
         .update_cr8_intercept = update_cr8_intercept,
diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h
index 0d480e77eacf..816e0449db0b 100644
--- a/arch/x86/kvm/trace.h
+++ b/arch/x86/kvm/trace.h
@@ -349,6 +349,171 @@ TRACE_EVENT(kvm_apic_accept_irq,
                   __entry->coalesced ? " (coalesced)" : "")
 );
 
+/*
+ * Tracepoint for nested VMRUN
+ */
+TRACE_EVENT(kvm_nested_vmrun,
+            TP_PROTO(__u64 rip, __u64 vmcb, __u64 nested_rip, __u32 int_ctl,
+                     __u32 event_inj, bool npt),
+            TP_ARGS(rip, vmcb, nested_rip, int_ctl, event_inj, npt),
+
+        TP_STRUCT__entry(
+                __field(        __u64,          rip             )
+                __field(        __u64,          vmcb            )
+                __field(        __u64,          nested_rip      )
+                __field(        __u32,          int_ctl         )
+                __field(        __u32,          event_inj       )
+                __field(        bool,           npt             )
+        ),
+
+        TP_fast_assign(
+                __entry->rip            = rip;
+                __entry->vmcb           = vmcb;
+                __entry->nested_rip     = nested_rip;
+                __entry->int_ctl        = int_ctl;
+                __entry->event_inj      = event_inj;
+                __entry->npt            = npt;
+        ),
+
+        TP_printk("rip: 0x%016llx vmcb: 0x%016llx nrip: 0x%016llx int_ctl: 0x%08x "
+                  "event_inj: 0x%08x npt: %s\n",
+                __entry->rip, __entry->vmcb, __entry->nested_rip,
+                __entry->int_ctl, __entry->event_inj,
+                __entry->npt ? "on" : "off")
+);
+
+/*
+ * Tracepoint for #VMEXIT while nested
+ */
+TRACE_EVENT(kvm_nested_vmexit,
+            TP_PROTO(__u64 rip, __u32 exit_code,
+                     __u64 exit_info1, __u64 exit_info2,
+                     __u32 exit_int_info, __u32 exit_int_info_err),
+            TP_ARGS(rip, exit_code, exit_info1, exit_info2,
+                    exit_int_info, exit_int_info_err),
+
+        TP_STRUCT__entry(
+                __field(        __u64,          rip                     )
+                __field(        __u32,          exit_code               )
+                __field(        __u64,          exit_info1              )
+                __field(        __u64,          exit_info2              )
+                __field(        __u32,          exit_int_info           )
+                __field(        __u32,          exit_int_info_err       )
+        ),
+
+        TP_fast_assign(
+                __entry->rip                    = rip;
+                __entry->exit_code              = exit_code;
+                __entry->exit_info1             = exit_info1;
+                __entry->exit_info2             = exit_info2;
+                __entry->exit_int_info          = exit_int_info;
+                __entry->exit_int_info_err      = exit_int_info_err;
+        ),
+        TP_printk("rip: 0x%016llx reason: %s ext_inf1: 0x%016llx "
+                  "ext_inf2: 0x%016llx ext_int: 0x%08x ext_int_err: 0x%08x\n",
+                  __entry->rip,
+                  ftrace_print_symbols_seq(p, __entry->exit_code,
+                                           kvm_x86_ops->exit_reasons_str),
+                  __entry->exit_info1, __entry->exit_info2,
+                  __entry->exit_int_info, __entry->exit_int_info_err)
+);
+
+/*
+ * Tracepoint for #VMEXIT reinjected to the guest
+ */
+TRACE_EVENT(kvm_nested_vmexit_inject,
+            TP_PROTO(__u32 exit_code,
+                     __u64 exit_info1, __u64 exit_info2,
+                     __u32 exit_int_info, __u32 exit_int_info_err),
+            TP_ARGS(exit_code, exit_info1, exit_info2,
+                    exit_int_info, exit_int_info_err),
+
+        TP_STRUCT__entry(
+                __field(        __u32,          exit_code               )
+                __field(        __u64,          exit_info1              )
+                __field(        __u64,          exit_info2              )
+                __field(        __u32,          exit_int_info           )
+                __field(        __u32,          exit_int_info_err       )
+        ),
+
+        TP_fast_assign(
+                __entry->exit_code              = exit_code;
+                __entry->exit_info1             = exit_info1;
+                __entry->exit_info2             = exit_info2;
+                __entry->exit_int_info          = exit_int_info;
+                __entry->exit_int_info_err      = exit_int_info_err;
+        ),
+
+        TP_printk("reason: %s ext_inf1: 0x%016llx "
+                  "ext_inf2: 0x%016llx ext_int: 0x%08x ext_int_err: 0x%08x\n",
+                  ftrace_print_symbols_seq(p, __entry->exit_code,
+                                           kvm_x86_ops->exit_reasons_str),
+                __entry->exit_info1, __entry->exit_info2,
+                __entry->exit_int_info, __entry->exit_int_info_err)
+);
+
+/*
+ * Tracepoint for nested #vmexit because of interrupt pending
+ */
+TRACE_EVENT(kvm_nested_intr_vmexit,
+            TP_PROTO(__u64 rip),
+            TP_ARGS(rip),
+
+        TP_STRUCT__entry(
+                __field(        __u64,  rip     )
+        ),
+
+        TP_fast_assign(
+                __entry->rip    =       rip
+        ),
+
+        TP_printk("rip: 0x%016llx\n", __entry->rip)
+);
+
+/*
+ * Tracepoint for nested #vmexit because of interrupt pending
+ */
+TRACE_EVENT(kvm_invlpga,
+            TP_PROTO(__u64 rip, int asid, u64 address),
+            TP_ARGS(rip, asid, address),
+
+        TP_STRUCT__entry(
+                __field(        __u64,  rip     )
+                __field(        int,    asid    )
+                __field(        __u64,  address )
+        ),
+
+        TP_fast_assign(
+                __entry->rip            =       rip;
+                __entry->asid           =       asid;
+                __entry->address        =       address;
+        ),
+
+        TP_printk("rip: 0x%016llx asid: %d address: 0x%016llx\n",
+                  __entry->rip, __entry->asid, __entry->address)
+);
+
+/*
+ * Tracepoint for nested #vmexit because of interrupt pending
+ */
+TRACE_EVENT(kvm_skinit,
+            TP_PROTO(__u64 rip, __u32 slb),
+            TP_ARGS(rip, slb),
+
+        TP_STRUCT__entry(
+                __field(        __u64,  rip     )
+                __field(        __u32,  slb     )
+        ),
+
+        TP_fast_assign(
+                __entry->rip            =       rip;
+                __entry->slb            =       slb;
+        ),
+
+        TP_printk("rip: 0x%016llx slb: 0x%08x\n",
+                  __entry->rip, __entry->slb)
+);
+
 #endif /* _TRACE_KVM_H */
 
 /* This part must be outside protection */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index f3812014bd0b..d4918d6fc924 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -61,12 +61,37 @@ module_param_named(unrestricted_guest,
 static int __read_mostly emulate_invalid_guest_state = 0;
 module_param(emulate_invalid_guest_state, bool, S_IRUGO);
 
+/*
+ * These 2 parameters are used to config the controls for Pause-Loop Exiting:
+ * ple_gap:    upper bound on the amount of time between two successive
+ *             executions of PAUSE in a loop. Also indicate if ple enabled.
+ *             According to test, this time is usually small than 41 cycles.
+ * ple_window: upper bound on the amount of time a guest is allowed to execute
+ *             in a PAUSE loop. Tests indicate that most spinlocks are held for
+ *             less than 2^12 cycles
+ * Time is measured based on a counter that runs at the same rate as the TSC,
+ * refer SDM volume 3b section 21.6.13 & 22.1.3.
+ */
+#define KVM_VMX_DEFAULT_PLE_GAP    41
+#define KVM_VMX_DEFAULT_PLE_WINDOW 4096
+static int ple_gap = KVM_VMX_DEFAULT_PLE_GAP;
+module_param(ple_gap, int, S_IRUGO);
+
+static int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW;
+module_param(ple_window, int, S_IRUGO);
+
 struct vmcs {
         u32 revision_id;
         u32 abort;
         char data[0];
 };
 
+struct shared_msr_entry {
+        unsigned index;
+        u64 data;
+        u64 mask;
+};
+
 struct vcpu_vmx {
         struct kvm_vcpu       vcpu;
         struct list_head      local_vcpus_link;
@@ -74,13 +99,12 @@ struct vcpu_vmx {
         int                   launched;
         u8                    fail;
         u32                   idt_vectoring_info;
-        struct kvm_msr_entry *guest_msrs;
-        struct kvm_msr_entry *host_msrs;
+        struct shared_msr_entry *guest_msrs;
         int                   nmsrs;
         int                   save_nmsrs;
-        int                   msr_offset_efer;
 #ifdef CONFIG_X86_64
-        int                   msr_offset_kernel_gs_base;
+        u64                   msr_host_kernel_gs_base;
+        u64                   msr_guest_kernel_gs_base;
 #endif
         struct vmcs          *vmcs;
         struct {
@@ -88,7 +112,6 @@ struct vcpu_vmx {
                 u16           fs_sel, gs_sel, ldt_sel;
                 int           gs_ldt_reload_needed;
                 int           fs_reload_needed;
-                int           guest_efer_loaded;
         } host_state;
         struct {
                 int vm86_active;
@@ -107,7 +130,6 @@ struct vcpu_vmx {
         } rmode;
         int vpid;
         bool emulation_required;
-        enum emulation_result invalid_state_emulation_result;
 
         /* Support for vnmi-less CPUs */
         int soft_vnmi_blocked;
@@ -176,6 +198,8 @@ static struct kvm_vmx_segment_field {
         VMX_SEGMENT_FIELD(LDTR),
 };
 
+static u64 host_efer;
+
 static void ept_save_pdptrs(struct kvm_vcpu *vcpu);
 
 /*
@@ -184,28 +208,12 @@ static void ept_save_pdptrs(struct kvm_vcpu *vcpu);
  */
 static const u32 vmx_msr_index[] = {
 #ifdef CONFIG_X86_64
-        MSR_SYSCALL_MASK, MSR_LSTAR, MSR_CSTAR, MSR_KERNEL_GS_BASE,
+        MSR_SYSCALL_MASK, MSR_LSTAR, MSR_CSTAR,
 #endif
         MSR_EFER, MSR_K6_STAR,
 };
 #define NR_VMX_MSR ARRAY_SIZE(vmx_msr_index)
 
-static void load_msrs(struct kvm_msr_entry *e, int n)
-{
-        int i;
-
-        for (i = 0; i < n; ++i)
-                wrmsrl(e[i].index, e[i].data);
-}
-
-static void save_msrs(struct kvm_msr_entry *e, int n)
-{
-        int i;
-
-        for (i = 0; i < n; ++i)
-                rdmsrl(e[i].index, e[i].data);
-}
-
 static inline int is_page_fault(u32 intr_info)
 {
         return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VECTOR_MASK |
@@ -320,6 +328,12 @@ static inline int cpu_has_vmx_unrestricted_guest(void)
                 SECONDARY_EXEC_UNRESTRICTED_GUEST;
 }
 
+static inline int cpu_has_vmx_ple(void)
+{
+        return vmcs_config.cpu_based_2nd_exec_ctrl &
+                SECONDARY_EXEC_PAUSE_LOOP_EXITING;
+}
+
 static inline int vm_need_virtualize_apic_accesses(struct kvm *kvm)
 {
         return flexpriority_enabled &&
@@ -348,7 +362,7 @@ static int __find_msr_index(struct vcpu_vmx *vmx, u32 msr)
         int i;
 
         for (i = 0; i < vmx->nmsrs; ++i)
-                if (vmx->guest_msrs[i].index == msr)
+                if (vmx_msr_index[vmx->guest_msrs[i].index] == msr)
                         return i;
         return -1;
 }
@@ -379,7 +393,7 @@ static inline void __invept(int ext, u64 eptp, gpa_t gpa)
                         : : "a" (&operand), "c" (ext) : "cc", "memory");
 }
 
-static struct kvm_msr_entry *find_msr_entry(struct vcpu_vmx *vmx, u32 msr)
+static struct shared_msr_entry *find_msr_entry(struct vcpu_vmx *vmx, u32 msr)
 {
         int i;
 
@@ -570,17 +584,12 @@ static void reload_tss(void)
         load_TR_desc();
 }
 
-static void load_transition_efer(struct vcpu_vmx *vmx)
+static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset)
 {
-        int efer_offset = vmx->msr_offset_efer;
-        u64 host_efer;
         u64 guest_efer;
         u64 ignore_bits;
 
-        if (efer_offset < 0)
-                return;
-        host_efer = vmx->host_msrs[efer_offset].data;
-        guest_efer = vmx->guest_msrs[efer_offset].data;
+        guest_efer = vmx->vcpu.arch.shadow_efer;
 
         /*
          * NX is emulated; LMA and LME handled by hardware; SCE meaninless
@@ -593,27 +602,17 @@ static void load_transition_efer(struct vcpu_vmx *vmx)
         if (guest_efer & EFER_LMA)
                 ignore_bits &= ~(u64)EFER_SCE;
 #endif
-        if ((guest_efer & ~ignore_bits) == (host_efer & ~ignore_bits))
-                return;
-
-        vmx->host_state.guest_efer_loaded = 1;
         guest_efer &= ~ignore_bits;
         guest_efer |= host_efer & ignore_bits;
-        wrmsrl(MSR_EFER, guest_efer);
-        vmx->vcpu.stat.efer_reload++;
-}
-
-static void reload_host_efer(struct vcpu_vmx *vmx)
-{
-        if (vmx->host_state.guest_efer_loaded) {
-                vmx->host_state.guest_efer_loaded = 0;
-                load_msrs(vmx->host_msrs + vmx->msr_offset_efer, 1);
-        }
+        vmx->guest_msrs[efer_offset].data = guest_efer;
+        vmx->guest_msrs[efer_offset].mask = ~ignore_bits;
+        return true;
 }
 
 static void vmx_save_host_state(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
+        int i;
 
         if (vmx->host_state.loaded)
                 return;
@@ -650,13 +649,15 @@ static void vmx_save_host_state(struct kvm_vcpu *vcpu)
 #endif
 
 #ifdef CONFIG_X86_64
-        if (is_long_mode(&vmx->vcpu))
-                save_msrs(vmx->host_msrs +
-                          vmx->msr_offset_kernel_gs_base, 1);
-
+        if (is_long_mode(&vmx->vcpu)) {
+                rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
+                wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
+        }
 #endif
-        load_msrs(vmx->guest_msrs, vmx->save_nmsrs);
-        load_transition_efer(vmx);
+        for (i = 0; i < vmx->save_nmsrs; ++i)
+                kvm_set_shared_msr(vmx->guest_msrs[i].index,
+                                   vmx->guest_msrs[i].data,
+                                   vmx->guest_msrs[i].mask);
 }
 
 static void __vmx_load_host_state(struct vcpu_vmx *vmx)
@@ -684,9 +685,12 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx)
                 local_irq_restore(flags);
         }
         reload_tss();
-        save_msrs(vmx->guest_msrs, vmx->save_nmsrs);
-        load_msrs(vmx->host_msrs, vmx->save_nmsrs);
-        reload_host_efer(vmx);
+#ifdef CONFIG_X86_64
+        if (is_long_mode(&vmx->vcpu)) {
+                rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
+                wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
+        }
+#endif
 }
 
 static void vmx_load_host_state(struct vcpu_vmx *vmx)
@@ -709,7 +713,7 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
         if (vcpu->cpu != cpu) {
                 vcpu_clear(vmx);
                 kvm_migrate_timers(vcpu);
-                vpid_sync_vcpu_all(vmx);
+                set_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests);
                 local_irq_disable();
                 list_add(&vmx->local_vcpus_link,
                          &per_cpu(vcpus_on_cpu, cpu));
@@ -877,19 +881,14 @@ static void vmx_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
 /*
  * Swap MSR entry in host/guest MSR entry array.
  */
-#ifdef CONFIG_X86_64
 static void move_msr_up(struct vcpu_vmx *vmx, int from, int to)
 {
-        struct kvm_msr_entry tmp;
+        struct shared_msr_entry tmp;
 
         tmp = vmx->guest_msrs[to];
         vmx->guest_msrs[to] = vmx->guest_msrs[from];
         vmx->guest_msrs[from] = tmp;
-        tmp = vmx->host_msrs[to];
-        vmx->host_msrs[to] = vmx->host_msrs[from];
-        vmx->host_msrs[from] = tmp;
 }
-#endif
 
 /*
  * Set up the vmcs to automatically save and restore system
@@ -898,15 +897,13 @@ static void move_msr_up(struct vcpu_vmx *vmx, int from, int to)
  */
 static void setup_msrs(struct vcpu_vmx *vmx)
 {
-        int save_nmsrs;
+        int save_nmsrs, index;
         unsigned long *msr_bitmap;
 
         vmx_load_host_state(vmx);
         save_nmsrs = 0;
 #ifdef CONFIG_X86_64
         if (is_long_mode(&vmx->vcpu)) {
-                int index;
-
                 index = __find_msr_index(vmx, MSR_SYSCALL_MASK);
                 if (index >= 0)
                         move_msr_up(vmx, index, save_nmsrs++);
@@ -916,9 +913,6 @@ static void setup_msrs(struct vcpu_vmx *vmx)
                 index = __find_msr_index(vmx, MSR_CSTAR);
                 if (index >= 0)
                         move_msr_up(vmx, index, save_nmsrs++);
-                index = __find_msr_index(vmx, MSR_KERNEL_GS_BASE);
-                if (index >= 0)
-                        move_msr_up(vmx, index, save_nmsrs++);
                 /*
                  * MSR_K6_STAR is only needed on long mode guests, and only
                  * if efer.sce is enabled.
@@ -928,13 +922,11 @@ static void setup_msrs(struct vcpu_vmx *vmx)
                         move_msr_up(vmx, index, save_nmsrs++);
         }
 #endif
-        vmx->save_nmsrs = save_nmsrs;
+        index = __find_msr_index(vmx, MSR_EFER);
+        if (index >= 0 && update_transition_efer(vmx, index))
+                move_msr_up(vmx, index, save_nmsrs++);
 
-#ifdef CONFIG_X86_64
-        vmx->msr_offset_kernel_gs_base =
-                __find_msr_index(vmx, MSR_KERNEL_GS_BASE);
-#endif
-        vmx->msr_offset_efer = __find_msr_index(vmx, MSR_EFER);
+        vmx->save_nmsrs = save_nmsrs;
 
         if (cpu_has_vmx_msr_bitmap()) {
                 if (is_long_mode(&vmx->vcpu))
@@ -976,7 +968,7 @@ static void guest_write_tsc(u64 guest_tsc, u64 host_tsc)
 static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
 {
         u64 data;
-        struct kvm_msr_entry *msr;
+        struct shared_msr_entry *msr;
 
         if (!pdata) {
                 printk(KERN_ERR "BUG: get_msr called with NULL pdata\n");
@@ -991,9 +983,13 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
         case MSR_GS_BASE:
                 data = vmcs_readl(GUEST_GS_BASE);
                 break;
+        case MSR_KERNEL_GS_BASE:
+                vmx_load_host_state(to_vmx(vcpu));
+                data = to_vmx(vcpu)->msr_guest_kernel_gs_base;
+                break;
+#endif
         case MSR_EFER:
                 return kvm_get_msr_common(vcpu, msr_index, pdata);
-#endif
         case MSR_IA32_TSC:
                 data = guest_read_tsc();
                 break;
@@ -1007,6 +1003,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
                 data = vmcs_readl(GUEST_SYSENTER_ESP);
                 break;
         default:
+                vmx_load_host_state(to_vmx(vcpu));
                 msr = find_msr_entry(to_vmx(vcpu), msr_index);
                 if (msr) {
                         vmx_load_host_state(to_vmx(vcpu));
@@ -1028,7 +1025,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
 static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
-        struct kvm_msr_entry *msr;
+        struct shared_msr_entry *msr;
         u64 host_tsc;
         int ret = 0;
 
@@ -1044,6 +1041,10 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
         case MSR_GS_BASE:
                 vmcs_writel(GUEST_GS_BASE, data);
                 break;
+        case MSR_KERNEL_GS_BASE:
+                vmx_load_host_state(vmx);
+                vmx->msr_guest_kernel_gs_base = data;
+                break;
 #endif
         case MSR_IA32_SYSENTER_CS:
                 vmcs_write32(GUEST_SYSENTER_CS, data);
@@ -1097,30 +1098,14 @@ static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
         }
 }
 
-static int set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
+static void set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
 {
-        int old_debug = vcpu->guest_debug;
-        unsigned long flags;
-
-        vcpu->guest_debug = dbg->control;
-        if (!(vcpu->guest_debug & KVM_GUESTDBG_ENABLE))
-                vcpu->guest_debug = 0;
-
         if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)
                 vmcs_writel(GUEST_DR7, dbg->arch.debugreg[7]);
         else
                 vmcs_writel(GUEST_DR7, vcpu->arch.dr7);
 
-        flags = vmcs_readl(GUEST_RFLAGS);
-        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
-                flags |= X86_EFLAGS_TF | X86_EFLAGS_RF;
-        else if (old_debug & KVM_GUESTDBG_SINGLESTEP)
-                flags &= ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
-        vmcs_writel(GUEST_RFLAGS, flags);
-
         update_exception_bitmap(vcpu);
-
-        return 0;
 }
 
 static __init int cpu_has_kvm_support(void)
@@ -1139,12 +1124,15 @@ static __init int vmx_disabled_by_bios(void)
         /* locked but not enabled */
 }
 
-static void hardware_enable(void *garbage)
+static int hardware_enable(void *garbage)
 {
         int cpu = raw_smp_processor_id();
         u64 phys_addr = __pa(per_cpu(vmxarea, cpu));
         u64 old;
 
+        if (read_cr4() & X86_CR4_VMXE)
+                return -EBUSY;
+
         INIT_LIST_HEAD(&per_cpu(vcpus_on_cpu, cpu));
         rdmsrl(MSR_IA32_FEATURE_CONTROL, old);
         if ((old & (FEATURE_CONTROL_LOCKED |
@@ -1159,6 +1147,10 @@ static void hardware_enable(void *garbage)
         asm volatile (ASM_VMX_VMXON_RAX
                       : : "a"(&phys_addr), "m"(phys_addr)
                       : "memory", "cc");
+
+        ept_sync_global();
+
+        return 0;
 }
 
 static void vmclear_local_vcpus(void)
@@ -1250,7 +1242,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
                         SECONDARY_EXEC_WBINVD_EXITING |
                         SECONDARY_EXEC_ENABLE_VPID |
                         SECONDARY_EXEC_ENABLE_EPT |
-                        SECONDARY_EXEC_UNRESTRICTED_GUEST;
+                        SECONDARY_EXEC_UNRESTRICTED_GUEST |
+                        SECONDARY_EXEC_PAUSE_LOOP_EXITING;
                 if (adjust_vmx_controls(min2, opt2,
                                         MSR_IA32_VMX_PROCBASED_CTLS2,
                                         &_cpu_based_2nd_exec_control) < 0)
@@ -1344,15 +1337,17 @@ static void free_kvm_area(void)
 {
         int cpu;
 
-        for_each_online_cpu(cpu)
+        for_each_possible_cpu(cpu) {
                 free_vmcs(per_cpu(vmxarea, cpu));
+                per_cpu(vmxarea, cpu) = NULL;
+        }
 }
 
 static __init int alloc_kvm_area(void)
 {
         int cpu;
 
-        for_each_online_cpu(cpu) {
+        for_each_possible_cpu(cpu) {
                 struct vmcs *vmcs;
 
                 vmcs = alloc_vmcs_cpu(cpu);
@@ -1394,6 +1389,9 @@ static __init int hardware_setup(void)
         if (enable_ept && !cpu_has_vmx_ept_2m_page())
                 kvm_disable_largepages();
 
+        if (!cpu_has_vmx_ple())
+                ple_gap = 0;
+
         return alloc_kvm_area();
 }
 
@@ -1536,8 +1534,16 @@ continue_rmode:
 static void vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
-        struct kvm_msr_entry *msr = find_msr_entry(vmx, MSR_EFER);
+        struct shared_msr_entry *msr = find_msr_entry(vmx, MSR_EFER);
+
+        if (!msr)
+                return;
 
+        /*
+         * Force kernel_gs_base reloading before EFER changes, as control
+         * of this msr depends on is_long_mode().
+         */
+        vmx_load_host_state(to_vmx(vcpu));
         vcpu->arch.shadow_efer = efer;
         if (!msr)
                 return;
@@ -1727,6 +1733,7 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
                 vmcs_write64(EPT_POINTER, eptp);
                 guest_cr3 = is_paging(vcpu) ? vcpu->arch.cr3 :
                         vcpu->kvm->arch.ept_identity_map_addr;
+                ept_load_pdptrs(vcpu);
         }
 
         vmx_flush_tlb(vcpu);
@@ -2302,13 +2309,22 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
                                 ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
                 if (vmx->vpid == 0)
                         exec_control &= ~SECONDARY_EXEC_ENABLE_VPID;
-                if (!enable_ept)
+                if (!enable_ept) {
                         exec_control &= ~SECONDARY_EXEC_ENABLE_EPT;
+                        enable_unrestricted_guest = 0;
+                }
                 if (!enable_unrestricted_guest)
                         exec_control &= ~SECONDARY_EXEC_UNRESTRICTED_GUEST;
+                if (!ple_gap)
+                        exec_control &= ~SECONDARY_EXEC_PAUSE_LOOP_EXITING;
                 vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
         }
 
+        if (ple_gap) {
+                vmcs_write32(PLE_GAP, ple_gap);
+                vmcs_write32(PLE_WINDOW, ple_window);
+        }
+
         vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, !!bypass_guest_pf);
         vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, !!bypass_guest_pf);
         vmcs_write32(CR3_TARGET_COUNT, 0);           /* 22.2.1 */
@@ -2376,10 +2392,9 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
                 if (wrmsr_safe(index, data_low, data_high) < 0)
                         continue;
                 data = data_low | ((u64)data_high << 32);
-                vmx->host_msrs[j].index = index;
-                vmx->host_msrs[j].reserved = 0;
-                vmx->host_msrs[j].data = data;
-                vmx->guest_msrs[j] = vmx->host_msrs[j];
+                vmx->guest_msrs[j].index = i;
+                vmx->guest_msrs[j].data = 0;
+                vmx->guest_msrs[j].mask = -1ull;
                 ++vmx->nmsrs;
         }
 
@@ -2510,7 +2525,7 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
         if (vmx->vpid != 0)
                 vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->vpid);
 
-        vmx->vcpu.arch.cr0 = 0x60000010;
+        vmx->vcpu.arch.cr0 = X86_CR0_NW | X86_CR0_CD | X86_CR0_ET;
         vmx_set_cr0(&vmx->vcpu, vmx->vcpu.arch.cr0); /* enter rmode */
         vmx_set_cr4(&vmx->vcpu, 0);
         vmx_set_efer(&vmx->vcpu, 0);
@@ -2627,6 +2642,34 @@ static int vmx_nmi_allowed(struct kvm_vcpu *vcpu)
                                 GUEST_INTR_STATE_NMI));
 }
 
+static bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu)
+{
+        if (!cpu_has_virtual_nmis())
+                return to_vmx(vcpu)->soft_vnmi_blocked;
+        else
+                return !!(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
+                          GUEST_INTR_STATE_NMI);
+}
+
+static void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
+{
+        struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+        if (!cpu_has_virtual_nmis()) {
+                if (vmx->soft_vnmi_blocked != masked) {
+                        vmx->soft_vnmi_blocked = masked;
+                        vmx->vnmi_blocked_time = 0;
+                }
+        } else {
+                if (masked)
+                        vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
+                                      GUEST_INTR_STATE_NMI);
+                else
+                        vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
+                                        GUEST_INTR_STATE_NMI);
+        }
+}
+
 static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu)
 {
         return (vmcs_readl(GUEST_RFLAGS) & X86_EFLAGS_IF) &&
@@ -2659,7 +2702,7 @@ static int handle_rmode_exception(struct kvm_vcpu *vcpu,
          * Cause the #SS fault with 0 error code in VM86 mode.
          */
         if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0)
-                if (emulate_instruction(vcpu, NULL, 0, 0, 0) == EMULATE_DONE)
+                if (emulate_instruction(vcpu, 0, 0, 0) == EMULATE_DONE)
                         return 1;
         /*
          * Forward all other exceptions that are valid in real mode.
@@ -2710,15 +2753,16 @@ static void kvm_machine_check(void)
 #endif
 }
 
-static int handle_machine_check(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_machine_check(struct kvm_vcpu *vcpu)
 {
         /* already handled by vcpu_run */
         return 1;
 }
 
-static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_exception(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
+        struct kvm_run *kvm_run = vcpu->run;
         u32 intr_info, ex_no, error_code;
         unsigned long cr2, rip, dr6;
         u32 vect_info;
@@ -2728,12 +2772,17 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
 
         if (is_machine_check(intr_info))
-                return handle_machine_check(vcpu, kvm_run);
+                return handle_machine_check(vcpu);
 
         if ((vect_info & VECTORING_INFO_VALID_MASK) &&
-                                                !is_page_fault(intr_info))
-                printk(KERN_ERR "%s: unexpected, vectoring info 0x%x "
-                       "intr info 0x%x\n", __func__, vect_info, intr_info);
+            !is_page_fault(intr_info)) {
+                vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+                vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_SIMUL_EX;
+                vcpu->run->internal.ndata = 2;
+                vcpu->run->internal.data[0] = vect_info;
+                vcpu->run->internal.data[1] = intr_info;
+                return 0;
+        }
 
         if ((intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR)
                 return 1;  /* already handled by vmx_vcpu_run() */
@@ -2744,7 +2793,7 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         }
 
         if (is_invalid_opcode(intr_info)) {
-                er = emulate_instruction(vcpu, kvm_run, 0, 0, EMULTYPE_TRAP_UD);
+                er = emulate_instruction(vcpu, 0, 0, EMULTYPE_TRAP_UD);
                 if (er != EMULATE_DONE)
                         kvm_queue_exception(vcpu, UD_VECTOR);
                 return 1;
@@ -2803,20 +2852,19 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 0;
 }
 
-static int handle_external_interrupt(struct kvm_vcpu *vcpu,
-                                     struct kvm_run *kvm_run)
+static int handle_external_interrupt(struct kvm_vcpu *vcpu)
 {
         ++vcpu->stat.irq_exits;
         return 1;
 }
 
-static int handle_triple_fault(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_triple_fault(struct kvm_vcpu *vcpu)
 {
-        kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
+        vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
         return 0;
 }
 
-static int handle_io(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_io(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification;
         int size, in, string;
@@ -2827,8 +2875,7 @@ static int handle_io(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         string = (exit_qualification & 16) != 0;
 
         if (string) {
-                if (emulate_instruction(vcpu,
-                                        kvm_run, 0, 0, 0) == EMULATE_DO_MMIO)
+                if (emulate_instruction(vcpu, 0, 0, 0) == EMULATE_DO_MMIO)
                         return 0;
                 return 1;
         }
@@ -2838,7 +2885,7 @@ static int handle_io(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         port = exit_qualification >> 16;
 
         skip_emulated_instruction(vcpu);
-        return kvm_emulate_pio(vcpu, kvm_run, in, size, port);
+        return kvm_emulate_pio(vcpu, in, size, port);
 }
 
 static void
@@ -2852,7 +2899,7 @@ vmx_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
         hypercall[2] = 0xc1;
 }
 
-static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_cr(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification, val;
         int cr;
@@ -2887,7 +2934,7 @@ static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                                         return 1;
                                 if (cr8_prev <= cr8)
                                         return 1;
-                                kvm_run->exit_reason = KVM_EXIT_SET_TPR;
+                                vcpu->run->exit_reason = KVM_EXIT_SET_TPR;
                                 return 0;
                         }
                 };
@@ -2922,13 +2969,13 @@ static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         default:
                 break;
         }
-        kvm_run->exit_reason = 0;
+        vcpu->run->exit_reason = 0;
         pr_unimpl(vcpu, "unhandled control register: op %d cr %d\n",
                (int)(exit_qualification >> 4) & 3, cr);
         return 0;
 }
 
-static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_dr(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification;
         unsigned long val;
@@ -2944,13 +2991,13 @@ static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                  * guest debugging itself.
                  */
                 if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
-                        kvm_run->debug.arch.dr6 = vcpu->arch.dr6;
-                        kvm_run->debug.arch.dr7 = dr;
-                        kvm_run->debug.arch.pc =
+                        vcpu->run->debug.arch.dr6 = vcpu->arch.dr6;
+                        vcpu->run->debug.arch.dr7 = dr;
+                        vcpu->run->debug.arch.pc =
                                 vmcs_readl(GUEST_CS_BASE) +
                                 vmcs_readl(GUEST_RIP);
-                        kvm_run->debug.arch.exception = DB_VECTOR;
-                        kvm_run->exit_reason = KVM_EXIT_DEBUG;
+                        vcpu->run->debug.arch.exception = DB_VECTOR;
+                        vcpu->run->exit_reason = KVM_EXIT_DEBUG;
                         return 0;
                 } else {
                         vcpu->arch.dr7 &= ~DR7_GD;
@@ -3016,13 +3063,13 @@ static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_cpuid(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_cpuid(struct kvm_vcpu *vcpu)
 {
         kvm_emulate_cpuid(vcpu);
         return 1;
 }
 
-static int handle_rdmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_rdmsr(struct kvm_vcpu *vcpu)
 {
         u32 ecx = vcpu->arch.regs[VCPU_REGS_RCX];
         u64 data;
@@ -3041,7 +3088,7 @@ static int handle_rdmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_wrmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_wrmsr(struct kvm_vcpu *vcpu)
 {
         u32 ecx = vcpu->arch.regs[VCPU_REGS_RCX];
         u64 data = (vcpu->arch.regs[VCPU_REGS_RAX] & -1u)
@@ -3058,14 +3105,12 @@ static int handle_wrmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_tpr_below_threshold(struct kvm_vcpu *vcpu,
-                                      struct kvm_run *kvm_run)
+static int handle_tpr_below_threshold(struct kvm_vcpu *vcpu)
 {
         return 1;
 }
 
-static int handle_interrupt_window(struct kvm_vcpu *vcpu,
-                                   struct kvm_run *kvm_run)
+static int handle_interrupt_window(struct kvm_vcpu *vcpu)
 {
         u32 cpu_based_vm_exec_control;
 
@@ -3081,34 +3126,34 @@ static int handle_interrupt_window(struct kvm_vcpu *vcpu,
          * possible
          */
         if (!irqchip_in_kernel(vcpu->kvm) &&
-            kvm_run->request_interrupt_window &&
+            vcpu->run->request_interrupt_window &&
             !kvm_cpu_has_interrupt(vcpu)) {
-                kvm_run->exit_reason = KVM_EXIT_IRQ_WINDOW_OPEN;
+                vcpu->run->exit_reason = KVM_EXIT_IRQ_WINDOW_OPEN;
                 return 0;
         }
         return 1;
 }
 
-static int handle_halt(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_halt(struct kvm_vcpu *vcpu)
 {
         skip_emulated_instruction(vcpu);
         return kvm_emulate_halt(vcpu);
 }
 
-static int handle_vmcall(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_vmcall(struct kvm_vcpu *vcpu)
 {
         skip_emulated_instruction(vcpu);
         kvm_emulate_hypercall(vcpu);
         return 1;
 }
 
-static int handle_vmx_insn(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_vmx_insn(struct kvm_vcpu *vcpu)
 {
         kvm_queue_exception(vcpu, UD_VECTOR);
         return 1;
 }
 
-static int handle_invlpg(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_invlpg(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
 
@@ -3117,14 +3162,14 @@ static int handle_invlpg(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_wbinvd(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_wbinvd(struct kvm_vcpu *vcpu)
 {
         skip_emulated_instruction(vcpu);
         /* TODO: Add support for VT-d/pass-through device */
         return 1;
 }
 
-static int handle_apic_access(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_apic_access(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification;
         enum emulation_result er;
@@ -3133,7 +3178,7 @@ static int handle_apic_access(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
         offset = exit_qualification & 0xffful;
 
-        er = emulate_instruction(vcpu, kvm_run, 0, 0, 0);
+        er = emulate_instruction(vcpu, 0, 0, 0);
 
         if (er !=  EMULATE_DONE) {
                 printk(KERN_ERR
@@ -3144,7 +3189,7 @@ static int handle_apic_access(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_task_switch(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_task_switch(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
         unsigned long exit_qualification;
@@ -3198,7 +3243,7 @@ static int handle_task_switch(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_ept_violation(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification;
         gpa_t gpa;
@@ -3219,8 +3264,8 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                         vmcs_readl(GUEST_LINEAR_ADDRESS));
                 printk(KERN_ERR "EPT: Exit qualification is 0x%lx\n",
                         (long unsigned int)exit_qualification);
-                kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
-                kvm_run->hw.hardware_exit_reason = EXIT_REASON_EPT_VIOLATION;
+                vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;
+                vcpu->run->hw.hardware_exit_reason = EXIT_REASON_EPT_VIOLATION;
                 return 0;
         }
 
@@ -3290,7 +3335,7 @@ static void ept_misconfig_inspect_spte(struct kvm_vcpu *vcpu, u64 spte,
         }
 }
 
-static int handle_ept_misconfig(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_ept_misconfig(struct kvm_vcpu *vcpu)
 {
         u64 sptes[4];
         int nr_sptes, i;
@@ -3306,13 +3351,13 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         for (i = PT64_ROOT_LEVEL; i > PT64_ROOT_LEVEL - nr_sptes; --i)
                 ept_misconfig_inspect_spte(vcpu, sptes[i-1], i);
 
-        kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
-        kvm_run->hw.hardware_exit_reason = EXIT_REASON_EPT_MISCONFIG;
+        vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;
+        vcpu->run->hw.hardware_exit_reason = EXIT_REASON_EPT_MISCONFIG;
 
         return 0;
 }
 
-static int handle_nmi_window(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_nmi_window(struct kvm_vcpu *vcpu)
 {
         u32 cpu_based_vm_exec_control;
 
@@ -3325,36 +3370,50 @@ static int handle_nmi_window(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
-                                struct kvm_run *kvm_run)
+static int handle_invalid_guest_state(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
         enum emulation_result err = EMULATE_DONE;
-
-        local_irq_enable();
-        preempt_enable();
+        int ret = 1;
 
         while (!guest_state_valid(vcpu)) {
-                err = emulate_instruction(vcpu, kvm_run, 0, 0, 0);
+                err = emulate_instruction(vcpu, 0, 0, 0);
 
-                if (err == EMULATE_DO_MMIO)
-                        break;
+                if (err == EMULATE_DO_MMIO) {
+                        ret = 0;
+                        goto out;
+                }
 
                 if (err != EMULATE_DONE) {
                         kvm_report_emulation_failure(vcpu, "emulation failure");
-                        break;
+                        vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+                        vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
+                        vcpu->run->internal.ndata = 0;
+                        ret = 0;
+                        goto out;
                 }
 
                 if (signal_pending(current))
-                        break;
+                        goto out;
                 if (need_resched())
                         schedule();
         }
 
-        preempt_disable();
-        local_irq_disable();
+        vmx->emulation_required = 0;
+out:
+        return ret;
+}
 
-        vmx->invalid_state_emulation_result = err;
+/*
+ * Indicate a busy-waiting vcpu in spinlock. We do not enable the PAUSE
+ * exiting, so only get here on cpu with PAUSE-Loop-Exiting.
+ */
+static int handle_pause(struct kvm_vcpu *vcpu)
+{
+        skip_emulated_instruction(vcpu);
+        kvm_vcpu_on_spin(vcpu);
+
+        return 1;
 }
 
 /*
@@ -3362,8 +3421,7 @@ static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
  * may resume.  Otherwise they set the kvm_run parameter to indicate what needs
  * to be done to userspace and return 0.
  */
-static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu,
-                                      struct kvm_run *kvm_run) = {
+static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
         [EXIT_REASON_EXCEPTION_NMI]           = handle_exception,
         [EXIT_REASON_EXTERNAL_INTERRUPT]      = handle_external_interrupt,
         [EXIT_REASON_TRIPLE_FAULT]            = handle_triple_fault,
@@ -3394,6 +3452,7 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu,
         [EXIT_REASON_MCE_DURING_VMENTRY]      = handle_machine_check,
         [EXIT_REASON_EPT_VIOLATION]           = handle_ept_violation,
         [EXIT_REASON_EPT_MISCONFIG]           = handle_ept_misconfig,
+        [EXIT_REASON_PAUSE_INSTRUCTION]       = handle_pause,
 };
 
 static const int kvm_vmx_max_exit_handlers =
@@ -3403,7 +3462,7 @@ static const int kvm_vmx_max_exit_handlers =
  * The guest has exited.  See if we can fix it or if we need userspace
  * assistance.
  */
-static int vmx_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
+static int vmx_handle_exit(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
         u32 exit_reason = vmx->exit_reason;
@@ -3411,13 +3470,9 @@ static int vmx_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
 
         trace_kvm_exit(exit_reason, kvm_rip_read(vcpu));
 
-        /* If we need to emulate an MMIO from handle_invalid_guest_state
-         * we just return 0 */
-        if (vmx->emulation_required && emulate_invalid_guest_state) {
-                if (guest_state_valid(vcpu))
-                        vmx->emulation_required = 0;
-                return vmx->invalid_state_emulation_result != EMULATE_DO_MMIO;
-        }
+        /* If guest state is invalid, start emulating */
+        if (vmx->emulation_required && emulate_invalid_guest_state)
+                return handle_invalid_guest_state(vcpu);
 
         /* Access CR3 don't cause VMExit in paging mode, so we need
          * to sync with guest real CR3. */
@@ -3425,8 +3480,8 @@ static int vmx_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
                 vcpu->arch.cr3 = vmcs_readl(GUEST_CR3);
 
         if (unlikely(vmx->fail)) {
-                kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY;
-                kvm_run->fail_entry.hardware_entry_failure_reason
+                vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY;
+                vcpu->run->fail_entry.hardware_entry_failure_reason
                         = vmcs_read32(VM_INSTRUCTION_ERROR);
                 return 0;
         }
@@ -3459,10 +3514,10 @@ static int vmx_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
 
         if (exit_reason < kvm_vmx_max_exit_handlers
             && kvm_vmx_exit_handlers[exit_reason])
-                return kvm_vmx_exit_handlers[exit_reason](vcpu, kvm_run);
+                return kvm_vmx_exit_handlers[exit_reason](vcpu);
         else {
-                kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
-                kvm_run->hw.hardware_exit_reason = exit_reason;
+                vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;
+                vcpu->run->hw.hardware_exit_reason = exit_reason;
         }
         return 0;
 }
@@ -3600,23 +3655,18 @@ static void fixup_rmode_irq(struct vcpu_vmx *vmx)
 #define Q "l"
 #endif
 
-static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
 
-        if (enable_ept && is_paging(vcpu)) {
-                vmcs_writel(GUEST_CR3, vcpu->arch.cr3);
-                ept_load_pdptrs(vcpu);
-        }
         /* Record the guest's net vcpu time for enforced NMI injections. */
         if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked))
                 vmx->entry_time = ktime_get();
 
-        /* Handle invalid guest state instead of entering VMX */
-        if (vmx->emulation_required && emulate_invalid_guest_state) {
-                handle_invalid_guest_state(vcpu, kvm_run);
+        /* Don't enter VMX if guest state is invalid, let the exit handler
+           start emulation until we arrive back to a valid state */
+        if (vmx->emulation_required && emulate_invalid_guest_state)
                 return;
-        }
 
         if (test_bit(VCPU_REGS_RSP, (unsigned long *)&vcpu->arch.regs_dirty))
                 vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]);
@@ -3775,7 +3825,6 @@ static void vmx_free_vcpu(struct kvm_vcpu *vcpu)
                 __clear_bit(vmx->vpid, vmx_vpid_bitmap);
         spin_unlock(&vmx_vpid_lock);
         vmx_free_vmcs(vcpu);
-        kfree(vmx->host_msrs);
         kfree(vmx->guest_msrs);
         kvm_vcpu_uninit(vcpu);
         kmem_cache_free(kvm_vcpu_cache, vmx);
@@ -3802,10 +3851,6 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
                 goto uninit_vcpu;
         }
 
-        vmx->host_msrs = kmalloc(PAGE_SIZE, GFP_KERNEL);
-        if (!vmx->host_msrs)
-                goto free_guest_msrs;
-
         vmx->vmcs = alloc_vmcs();
         if (!vmx->vmcs)
                 goto free_msrs;
@@ -3836,8 +3881,6 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
 free_vmcs:
         free_vmcs(vmx->vmcs);
 free_msrs:
-        kfree(vmx->host_msrs);
-free_guest_msrs:
         kfree(vmx->guest_msrs);
 uninit_vcpu:
         kvm_vcpu_uninit(&vmx->vcpu);
@@ -3973,6 +4016,8 @@ static struct kvm_x86_ops vmx_x86_ops = {
         .queue_exception = vmx_queue_exception,
         .interrupt_allowed = vmx_interrupt_allowed,
         .nmi_allowed = vmx_nmi_allowed,
+        .get_nmi_mask = vmx_get_nmi_mask,
+        .set_nmi_mask = vmx_set_nmi_mask,
         .enable_nmi_window = enable_nmi_window,
         .enable_irq_window = enable_irq_window,
         .update_cr8_intercept = update_cr8_intercept,
@@ -3987,7 +4032,12 @@ static struct kvm_x86_ops vmx_x86_ops = {
 
 static int __init vmx_init(void)
 {
-        int r;
+        int r, i;
+
+        rdmsrl_safe(MSR_EFER, &host_efer);
+
+        for (i = 0; i < NR_VMX_MSR; ++i)
+                kvm_define_shared_msr(i, vmx_msr_index[i]);
 
         vmx_io_bitmap_a = (unsigned long *)__get_free_page(GFP_KERNEL);
         if (!vmx_io_bitmap_a)
@@ -4049,8 +4099,6 @@ static int __init vmx_init(void)
         if (bypass_guest_pf)
                 kvm_mmu_set_nonpresent_ptes(~0xffeull, 0ull);
 
-        ept_sync_global();
-
         return 0;
 
 out3:
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index be451ee44249..6651dbf58675 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -37,11 +37,13 @@
 #include <linux/iommu.h>
 #include <linux/intel-iommu.h>
 #include <linux/cpufreq.h>
+#include <linux/user-return-notifier.h>
 #include <trace/events/kvm.h>
 #undef TRACE_INCLUDE_FILE
 #define CREATE_TRACE_POINTS
 #include "trace.h"
 
+#include <asm/debugreg.h>
 #include <asm/uaccess.h>
 #include <asm/msr.h>
 #include <asm/desc.h>
@@ -87,6 +89,25 @@ EXPORT_SYMBOL_GPL(kvm_x86_ops);
 int ignore_msrs = 0;
 module_param_named(ignore_msrs, ignore_msrs, bool, S_IRUGO | S_IWUSR);
 
+#define KVM_NR_SHARED_MSRS 16
+
+struct kvm_shared_msrs_global {
+        int nr;
+        struct kvm_shared_msr {
+                u32 msr;
+                u64 value;
+        } msrs[KVM_NR_SHARED_MSRS];
+};
+
+struct kvm_shared_msrs {
+        struct user_return_notifier urn;
+        bool registered;
+        u64 current_value[KVM_NR_SHARED_MSRS];
+};
+
+static struct kvm_shared_msrs_global __read_mostly shared_msrs_global;
+static DEFINE_PER_CPU(struct kvm_shared_msrs, shared_msrs);
+
 struct kvm_stats_debugfs_item debugfs_entries[] = {
         { "pf_fixed", VCPU_STAT(pf_fixed) },
         { "pf_guest", VCPU_STAT(pf_guest) },
@@ -123,6 +144,72 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
         { NULL }
 };
 
+static void kvm_on_user_return(struct user_return_notifier *urn)
+{
+        unsigned slot;
+        struct kvm_shared_msr *global;
+        struct kvm_shared_msrs *locals
+                = container_of(urn, struct kvm_shared_msrs, urn);
+
+        for (slot = 0; slot < shared_msrs_global.nr; ++slot) {
+                global = &shared_msrs_global.msrs[slot];
+                if (global->value != locals->current_value[slot]) {
+                        wrmsrl(global->msr, global->value);
+                        locals->current_value[slot] = global->value;
+                }
+        }
+        locals->registered = false;
+        user_return_notifier_unregister(urn);
+}
+
+void kvm_define_shared_msr(unsigned slot, u32 msr)
+{
+        int cpu;
+        u64 value;
+
+        if (slot >= shared_msrs_global.nr)
+                shared_msrs_global.nr = slot + 1;
+        shared_msrs_global.msrs[slot].msr = msr;
+        rdmsrl_safe(msr, &value);
+        shared_msrs_global.msrs[slot].value = value;
+        for_each_online_cpu(cpu)
+                per_cpu(shared_msrs, cpu).current_value[slot] = value;
+}
+EXPORT_SYMBOL_GPL(kvm_define_shared_msr);
+
+static void kvm_shared_msr_cpu_online(void)
+{
+        unsigned i;
+        struct kvm_shared_msrs *locals = &__get_cpu_var(shared_msrs);
+
+        for (i = 0; i < shared_msrs_global.nr; ++i)
+                locals->current_value[i] = shared_msrs_global.msrs[i].value;
+}
+
+void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
+{
+        struct kvm_shared_msrs *smsr = &__get_cpu_var(shared_msrs);
+
+        if (((value ^ smsr->current_value[slot]) & mask) == 0)
+                return;
+        smsr->current_value[slot] = value;
+        wrmsrl(shared_msrs_global.msrs[slot].msr, value);
+        if (!smsr->registered) {
+                smsr->urn.on_user_return = kvm_on_user_return;
+                user_return_notifier_register(&smsr->urn);
+                smsr->registered = true;
+        }
+}
+EXPORT_SYMBOL_GPL(kvm_set_shared_msr);
+
+static void drop_user_return_notifiers(void *ignore)
+{
+        struct kvm_shared_msrs *smsr = &__get_cpu_var(shared_msrs);
+
+        if (smsr->registered)
+                kvm_on_user_return(&smsr->urn);
+}
+
 unsigned long segment_base(u16 selector)
 {
         struct descriptor_table gdt;
@@ -484,16 +571,19 @@ static inline u32 bit(int bitno)
  * and KVM_SET_MSRS, and KVM_GET_MSR_INDEX_LIST.
  *
  * This list is modified at module load time to reflect the
- * capabilities of the host cpu.
+ * capabilities of the host cpu. This capabilities test skips MSRs that are
+ * kvm-specific. Those are put in the beginning of the list.
  */
+
+#define KVM_SAVE_MSRS_BEGIN     2
 static u32 msrs_to_save[] = {
+        MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
         MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
         MSR_K6_STAR,
 #ifdef CONFIG_X86_64
         MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR,
 #endif
-        MSR_IA32_TSC, MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
-        MSR_IA32_PERF_STATUS, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA
+        MSR_IA32_TSC, MSR_IA32_PERF_STATUS, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA
 };
 
 static unsigned num_msrs_to_save;
@@ -677,7 +767,8 @@ static void kvm_write_guest_time(struct kvm_vcpu *v)
         /* With all the info we got, fill in the values */
 
         vcpu->hv_clock.system_time = ts.tv_nsec +
-                                     (NSEC_PER_SEC * (u64)ts.tv_sec);
+                                     (NSEC_PER_SEC * (u64)ts.tv_sec) + v->kvm->arch.kvmclock_offset;
+
         /*
          * The interface expects us to write an even number signaling that the
          * update is finished. Since the guest won't see the intermediate
@@ -835,6 +926,38 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data)
         return 0;
 }
 
+static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+{
+        struct kvm *kvm = vcpu->kvm;
+        int lm = is_long_mode(vcpu);
+        u8 *blob_addr = lm ? (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_64
+                : (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_32;
+        u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
+                : kvm->arch.xen_hvm_config.blob_size_32;
+        u32 page_num = data & ~PAGE_MASK;
+        u64 page_addr = data & PAGE_MASK;
+        u8 *page;
+        int r;
+
+        r = -E2BIG;
+        if (page_num >= blob_size)
+                goto out;
+        r = -ENOMEM;
+        page = kzalloc(PAGE_SIZE, GFP_KERNEL);
+        if (!page)
+                goto out;
+        r = -EFAULT;
+        if (copy_from_user(page, blob_addr + (page_num * PAGE_SIZE), PAGE_SIZE))
+                goto out_free;
+        if (kvm_write_guest(kvm, page_addr, page, PAGE_SIZE))
+                goto out_free;
+        r = 0;
+out_free:
+        kfree(page);
+out:
+        return r;
+}
+
 int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
 {
         switch (msr) {
@@ -950,6 +1073,8 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
                         "0x%x data 0x%llx\n", msr, data);
                 break;
         default:
+                if (msr && (msr == vcpu->kvm->arch.xen_hvm_config.msr))
+                        return xen_hvm_config(vcpu, data);
                 if (!ignore_msrs) {
                         pr_unimpl(vcpu, "unhandled wrmsr: 0x%x data %llx\n",
                                 msr, data);
@@ -1224,6 +1349,9 @@ int kvm_dev_ioctl_check_extension(long ext)
         case KVM_CAP_PIT2:
         case KVM_CAP_PIT_STATE2:
         case KVM_CAP_SET_IDENTITY_MAP_ADDR:
+        case KVM_CAP_XEN_HVM:
+        case KVM_CAP_ADJUST_CLOCK:
+        case KVM_CAP_VCPU_EVENTS:
                 r = 1;
                 break;
         case KVM_CAP_COALESCED_MMIO:
@@ -1238,8 +1366,8 @@ int kvm_dev_ioctl_check_extension(long ext)
         case KVM_CAP_NR_MEMSLOTS:
                 r = KVM_MEMORY_SLOTS;
                 break;
-        case KVM_CAP_PV_MMU:
-                r = !tdp_enabled;
+        case KVM_CAP_PV_MMU:    /* obsolete */
+                r = 0;
                 break;
         case KVM_CAP_IOMMU:
                 r = iommu_found();
@@ -1326,6 +1454,12 @@ out:
 void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
 {
         kvm_x86_ops->vcpu_load(vcpu, cpu);
+        if (unlikely(per_cpu(cpu_tsc_khz, cpu) == 0)) {
+                unsigned long khz = cpufreq_quick_get(cpu);
+                if (!khz)
+                        khz = tsc_khz;
+                per_cpu(cpu_tsc_khz, cpu) = khz;
+        }
         kvm_request_guest_time_update(vcpu);
 }
 
@@ -1591,6 +1725,8 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
 
         if (cpuid->nent < 1)
                 goto out;
+        if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
+                cpuid->nent = KVM_MAX_CPUID_ENTRIES;
         r = -ENOMEM;
         cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry2) * cpuid->nent);
         if (!cpuid_entries)
@@ -1690,7 +1826,7 @@ static int kvm_vcpu_ioctl_x86_setup_mce(struct kvm_vcpu *vcpu,
         unsigned bank_num = mcg_cap & 0xff, bank;
 
         r = -EINVAL;
-        if (!bank_num)
+        if (!bank_num || bank_num >= KVM_MAX_MCE_BANKS)
                 goto out;
         if (mcg_cap & ~(KVM_MCE_CAP_SUPPORTED | 0xff | 0xff0000))
                 goto out;
@@ -1757,6 +1893,65 @@ static int kvm_vcpu_ioctl_x86_set_mce(struct kvm_vcpu *vcpu,
         return 0;
 }
 
+static void kvm_vcpu_ioctl_x86_get_vcpu_events(struct kvm_vcpu *vcpu,
+                                               struct kvm_vcpu_events *events)
+{
+        vcpu_load(vcpu);
+
+        events->exception.injected = vcpu->arch.exception.pending;
+        events->exception.nr = vcpu->arch.exception.nr;
+        events->exception.has_error_code = vcpu->arch.exception.has_error_code;
+        events->exception.error_code = vcpu->arch.exception.error_code;
+
+        events->interrupt.injected = vcpu->arch.interrupt.pending;
+        events->interrupt.nr = vcpu->arch.interrupt.nr;
+        events->interrupt.soft = vcpu->arch.interrupt.soft;
+
+        events->nmi.injected = vcpu->arch.nmi_injected;
+        events->nmi.pending = vcpu->arch.nmi_pending;
+        events->nmi.masked = kvm_x86_ops->get_nmi_mask(vcpu);
+
+        events->sipi_vector = vcpu->arch.sipi_vector;
+
+        events->flags = (KVM_VCPUEVENT_VALID_NMI_PENDING
+                         | KVM_VCPUEVENT_VALID_SIPI_VECTOR);
+
+        vcpu_put(vcpu);
+}
+
+static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
+                                              struct kvm_vcpu_events *events)
+{
+        if (events->flags & ~(KVM_VCPUEVENT_VALID_NMI_PENDING
+                              | KVM_VCPUEVENT_VALID_SIPI_VECTOR))
+                return -EINVAL;
+
+        vcpu_load(vcpu);
+
+        vcpu->arch.exception.pending = events->exception.injected;
+        vcpu->arch.exception.nr = events->exception.nr;
+        vcpu->arch.exception.has_error_code = events->exception.has_error_code;
+        vcpu->arch.exception.error_code = events->exception.error_code;
+
+        vcpu->arch.interrupt.pending = events->interrupt.injected;
+        vcpu->arch.interrupt.nr = events->interrupt.nr;
+        vcpu->arch.interrupt.soft = events->interrupt.soft;
+        if (vcpu->arch.interrupt.pending && irqchip_in_kernel(vcpu->kvm))
+                kvm_pic_clear_isr_ack(vcpu->kvm);
+
+        vcpu->arch.nmi_injected = events->nmi.injected;
+        if (events->flags & KVM_VCPUEVENT_VALID_NMI_PENDING)
+                vcpu->arch.nmi_pending = events->nmi.pending;
+        kvm_x86_ops->set_nmi_mask(vcpu, events->nmi.masked);
+
+        if (events->flags & KVM_VCPUEVENT_VALID_SIPI_VECTOR)
+                vcpu->arch.sipi_vector = events->sipi_vector;
+
+        vcpu_put(vcpu);
+
+        return 0;
+}
+
 long kvm_arch_vcpu_ioctl(struct file *filp,
                          unsigned int ioctl, unsigned long arg)
 {
@@ -1767,6 +1962,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
 
         switch (ioctl) {
         case KVM_GET_LAPIC: {
+                r = -EINVAL;
+                if (!vcpu->arch.apic)
+                        goto out;
                 lapic = kzalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
 
                 r = -ENOMEM;
@@ -1782,6 +1980,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
                 break;
         }
         case KVM_SET_LAPIC: {
+                r = -EINVAL;
+                if (!vcpu->arch.apic)
+                        goto out;
                 lapic = kmalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
                 r = -ENOMEM;
                 if (!lapic)
@@ -1908,6 +2109,27 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
                 r = kvm_vcpu_ioctl_x86_set_mce(vcpu, &mce);
                 break;
         }
+        case KVM_GET_VCPU_EVENTS: {
+                struct kvm_vcpu_events events;
+
+                kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events);
+
+                r = -EFAULT;
+                if (copy_to_user(argp, &events, sizeof(struct kvm_vcpu_events)))
+                        break;
+                r = 0;
+                break;
+        }
+        case KVM_SET_VCPU_EVENTS: {
+                struct kvm_vcpu_events events;
+
+                r = -EFAULT;
+                if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events)))
+                        break;
+
+                r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events);
+                break;
+        }
         default:
                 r = -EINVAL;
         }
@@ -2036,9 +2258,7 @@ static int kvm_vm_ioctl_get_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
                         sizeof(struct kvm_pic_state));
                 break;
         case KVM_IRQCHIP_IOAPIC:
-                memcpy(&chip->chip.ioapic,
-                        ioapic_irqchip(kvm),
-                        sizeof(struct kvm_ioapic_state));
+                r = kvm_get_ioapic(kvm, &chip->chip.ioapic);
                 break;
         default:
                 r = -EINVAL;
@@ -2068,11 +2288,7 @@ static int kvm_vm_ioctl_set_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
                 spin_unlock(&pic_irqchip(kvm)->lock);
                 break;
         case KVM_IRQCHIP_IOAPIC:
-                mutex_lock(&kvm->irq_lock);
-                memcpy(ioapic_irqchip(kvm),
-                        &chip->chip.ioapic,
-                        sizeof(struct kvm_ioapic_state));
-                mutex_unlock(&kvm->irq_lock);
+                r = kvm_set_ioapic(kvm, &chip->chip.ioapic);
                 break;
         default:
                 r = -EINVAL;
@@ -2180,7 +2396,7 @@ long kvm_arch_vm_ioctl(struct file *filp,
 {
         struct kvm *kvm = filp->private_data;
         void __user *argp = (void __user *)arg;
-        int r = -EINVAL;
+        int r = -ENOTTY;
         /*
          * This union makes it completely explicit to gcc-3.x
          * that these two variables' stack usage should be
@@ -2242,25 +2458,39 @@ long kvm_arch_vm_ioctl(struct file *filp,
                 if (r)
                         goto out;
                 break;
-        case KVM_CREATE_IRQCHIP:
+        case KVM_CREATE_IRQCHIP: {
+                struct kvm_pic *vpic;
+
+                mutex_lock(&kvm->lock);
+                r = -EEXIST;
+                if (kvm->arch.vpic)
+                        goto create_irqchip_unlock;
                 r = -ENOMEM;
-                kvm->arch.vpic = kvm_create_pic(kvm);
-                if (kvm->arch.vpic) {
+                vpic = kvm_create_pic(kvm);
+                if (vpic) {
                         r = kvm_ioapic_init(kvm);
                         if (r) {
-                                kfree(kvm->arch.vpic);
-                                kvm->arch.vpic = NULL;
-                                goto out;
+                                kfree(vpic);
+                                goto create_irqchip_unlock;
                         }
                 } else
-                        goto out;
+                        goto create_irqchip_unlock;
+                smp_wmb();
+                kvm->arch.vpic = vpic;
+                smp_wmb();
                 r = kvm_setup_default_irq_routing(kvm);
                 if (r) {
+                        mutex_lock(&kvm->irq_lock);
                         kfree(kvm->arch.vpic);
                         kfree(kvm->arch.vioapic);
-                        goto out;
+                        kvm->arch.vpic = NULL;
+                        kvm->arch.vioapic = NULL;
+                        mutex_unlock(&kvm->irq_lock);
                 }
+        create_irqchip_unlock:
+                mutex_unlock(&kvm->lock);
                 break;
+        }
         case KVM_CREATE_PIT:
                 u.pit_config.flags = KVM_PIT_SPEAKER_DUMMY;
                 goto create_pit;
@@ -2290,10 +2520,8 @@ long kvm_arch_vm_ioctl(struct file *filp,
                         goto out;
                 if (irqchip_in_kernel(kvm)) {
                         __s32 status;
-                        mutex_lock(&kvm->irq_lock);
                         status = kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID,
                                         irq_event.irq, irq_event.level);
-                        mutex_unlock(&kvm->irq_lock);
                         if (ioctl == KVM_IRQ_LINE_STATUS) {
                                 irq_event.status = status;
                                 if (copy_to_user(argp, &irq_event,
@@ -2419,6 +2647,55 @@ long kvm_arch_vm_ioctl(struct file *filp,
                 r = 0;
                 break;
         }
+        case KVM_XEN_HVM_CONFIG: {
+                r = -EFAULT;
+                if (copy_from_user(&kvm->arch.xen_hvm_config, argp,
+                                   sizeof(struct kvm_xen_hvm_config)))
+                        goto out;
+                r = -EINVAL;
+                if (kvm->arch.xen_hvm_config.flags)
+                        goto out;
+                r = 0;
+                break;
+        }
+        case KVM_SET_CLOCK: {
+                struct timespec now;
+                struct kvm_clock_data user_ns;
+                u64 now_ns;
+                s64 delta;
+
+                r = -EFAULT;
+                if (copy_from_user(&user_ns, argp, sizeof(user_ns)))
+                        goto out;
+
+                r = -EINVAL;
+                if (user_ns.flags)
+                        goto out;
+
+                r = 0;
+                ktime_get_ts(&now);
+                now_ns = timespec_to_ns(&now);
+                delta = user_ns.clock - now_ns;
+                kvm->arch.kvmclock_offset = delta;
+                break;
+        }
+        case KVM_GET_CLOCK: {
+                struct timespec now;
+                struct kvm_clock_data user_ns;
+                u64 now_ns;
+
+                ktime_get_ts(&now);
+                now_ns = timespec_to_ns(&now);
+                user_ns.clock = kvm->arch.kvmclock_offset + now_ns;
+                user_ns.flags = 0;
+
+                r = -EFAULT;
+                if (copy_to_user(argp, &user_ns, sizeof(user_ns)))
+                        goto out;
+                r = 0;
+                break;
+        }
+
         default:
                 ;
         }
@@ -2431,7 +2708,8 @@ static void kvm_init_msr_list(void)
         u32 dummy[2];
         unsigned i, j;
 
-        for (i = j = 0; i < ARRAY_SIZE(msrs_to_save); i++) {
+        /* skip the first msrs in the list. KVM-specific */
+        for (i = j = KVM_SAVE_MSRS_BEGIN; i < ARRAY_SIZE(msrs_to_save); i++) {
                 if (rdmsr_safe(msrs_to_save[i], &dummy[0], &dummy[1]) < 0)
                         continue;
                 if (j < i)
@@ -2755,13 +3033,13 @@ static void cache_all_regs(struct kvm_vcpu *vcpu)
 }
 
 int emulate_instruction(struct kvm_vcpu *vcpu,
-                        struct kvm_run *run,
                         unsigned long cr2,
                         u16 error_code,
                         int emulation_type)
 {
         int r, shadow_mask;
         struct decode_cache *c;
+        struct kvm_run *run = vcpu->run;
 
         kvm_clear_exception_queue(vcpu);
         vcpu->arch.mmio_fault_cr2 = cr2;
@@ -2781,7 +3059,7 @@ int emulate_instruction(struct kvm_vcpu *vcpu,
                 kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
 
                 vcpu->arch.emulate_ctxt.vcpu = vcpu;
-                vcpu->arch.emulate_ctxt.eflags = kvm_x86_ops->get_rflags(vcpu);
+                vcpu->arch.emulate_ctxt.eflags = kvm_get_rflags(vcpu);
                 vcpu->arch.emulate_ctxt.mode =
                         (vcpu->arch.emulate_ctxt.eflags & X86_EFLAGS_VM)
                         ? X86EMUL_MODE_REAL : cs_l
@@ -2859,7 +3137,7 @@ int emulate_instruction(struct kvm_vcpu *vcpu,
                 return EMULATE_DO_MMIO;
         }
 
-        kvm_x86_ops->set_rflags(vcpu, vcpu->arch.emulate_ctxt.eflags);
+        kvm_set_rflags(vcpu, vcpu->arch.emulate_ctxt.eflags);
 
         if (vcpu->mmio_is_write) {
                 vcpu->mmio_needed = 0;
@@ -2967,8 +3245,7 @@ static int pio_string_write(struct kvm_vcpu *vcpu)
         return r;
 }
 
-int kvm_emulate_pio(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
-                  int size, unsigned port)
+int kvm_emulate_pio(struct kvm_vcpu *vcpu, int in, int size, unsigned port)
 {
         unsigned long val;
 
@@ -2997,7 +3274,7 @@ int kvm_emulate_pio(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
 }
 EXPORT_SYMBOL_GPL(kvm_emulate_pio);
 
-int kvm_emulate_pio_string(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
+int kvm_emulate_pio_string(struct kvm_vcpu *vcpu, int in,
                   int size, unsigned long count, int down,
                   gva_t address, int rep, unsigned port)
 {
@@ -3070,9 +3347,6 @@ static void bounce_off(void *info)
         /* nothing */
 }
 
-static unsigned int  ref_freq;
-static unsigned long tsc_khz_ref;
-
 static int kvmclock_cpufreq_notifier(struct notifier_block *nb, unsigned long val,
                                      void *data)
 {
@@ -3081,14 +3355,11 @@ static int kvmclock_cpufreq_notifier(struct notifier_block *nb, unsigned long va
         struct kvm_vcpu *vcpu;
         int i, send_ipi = 0;
 
-        if (!ref_freq)
-                ref_freq = freq->old;
-
         if (val == CPUFREQ_PRECHANGE && freq->old > freq->new)
                 return 0;
         if (val == CPUFREQ_POSTCHANGE && freq->old < freq->new)
                 return 0;
-        per_cpu(cpu_tsc_khz, freq->cpu) = cpufreq_scale(tsc_khz_ref, ref_freq, freq->new);
+        per_cpu(cpu_tsc_khz, freq->cpu) = freq->new;
 
         spin_lock(&kvm_lock);
         list_for_each_entry(kvm, &vm_list, vm_list) {
@@ -3125,9 +3396,28 @@ static struct notifier_block kvmclock_cpufreq_notifier_block = {
         .notifier_call  = kvmclock_cpufreq_notifier
 };
 
+static void kvm_timer_init(void)
+{
+        int cpu;
+
+        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
+                cpufreq_register_notifier(&kvmclock_cpufreq_notifier_block,
+                                          CPUFREQ_TRANSITION_NOTIFIER);
+                for_each_online_cpu(cpu) {
+                        unsigned long khz = cpufreq_get(cpu);
+                        if (!khz)
+                                khz = tsc_khz;
+                        per_cpu(cpu_tsc_khz, cpu) = khz;
+                }
+        } else {
+                for_each_possible_cpu(cpu)
+                        per_cpu(cpu_tsc_khz, cpu) = tsc_khz;
+        }
+}
+
 int kvm_arch_init(void *opaque)
 {
-        int r, cpu;
+        int r;
         struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
 
         if (kvm_x86_ops) {
@@ -3159,13 +3449,7 @@ int kvm_arch_init(void *opaque)
         kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK,
                         PT_DIRTY_MASK, PT64_NX_MASK, 0);
 
-        for_each_possible_cpu(cpu)
-                per_cpu(cpu_tsc_khz, cpu) = tsc_khz;
-        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
-                tsc_khz_ref = tsc_khz;
-                cpufreq_register_notifier(&kvmclock_cpufreq_notifier_block,
-                                          CPUFREQ_TRANSITION_NOTIFIER);
-        }
+        kvm_timer_init();
 
         return 0;
 
@@ -3293,7 +3577,7 @@ void realmode_lmsw(struct kvm_vcpu *vcpu, unsigned long msw,
                    unsigned long *rflags)
 {
         kvm_lmsw(vcpu, msw);
-        *rflags = kvm_x86_ops->get_rflags(vcpu);
+        *rflags = kvm_get_rflags(vcpu);
 }
 
 unsigned long realmode_get_cr(struct kvm_vcpu *vcpu, int cr)
@@ -3331,7 +3615,7 @@ void realmode_set_cr(struct kvm_vcpu *vcpu, int cr, unsigned long val,
         switch (cr) {
         case 0:
                 kvm_set_cr0(vcpu, mk_cr_64(vcpu->arch.cr0, val));
-                *rflags = kvm_x86_ops->get_rflags(vcpu);
+                *rflags = kvm_get_rflags(vcpu);
                 break;
         case 2:
                 vcpu->arch.cr2 = val;
@@ -3451,18 +3735,18 @@ EXPORT_SYMBOL_GPL(kvm_emulate_cpuid);
  *
  * No need to exit to userspace if we already have an interrupt queued.
  */
-static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu,
-                                          struct kvm_run *kvm_run)
+static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu)
 {
         return (!irqchip_in_kernel(vcpu->kvm) && !kvm_cpu_has_interrupt(vcpu) &&
-                kvm_run->request_interrupt_window &&
+                vcpu->run->request_interrupt_window &&
                 kvm_arch_interrupt_allowed(vcpu));
 }
 
-static void post_kvm_run_save(struct kvm_vcpu *vcpu,
-                              struct kvm_run *kvm_run)
+static void post_kvm_run_save(struct kvm_vcpu *vcpu)
 {
-        kvm_run->if_flag = (kvm_x86_ops->get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
+        struct kvm_run *kvm_run = vcpu->run;
+
+        kvm_run->if_flag = (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
         kvm_run->cr8 = kvm_get_cr8(vcpu);
         kvm_run->apic_base = kvm_get_apic_base(vcpu);
         if (irqchip_in_kernel(vcpu->kvm))
@@ -3523,7 +3807,7 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu)
         kvm_x86_ops->update_cr8_intercept(vcpu, tpr, max_irr);
 }
 
-static void inject_pending_event(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static void inject_pending_event(struct kvm_vcpu *vcpu)
 {
         /* try to reinject previous events if any */
         if (vcpu->arch.exception.pending) {
@@ -3559,11 +3843,11 @@ static void inject_pending_event(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         }
 }
 
-static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 {
         int r;
         bool req_int_win = !irqchip_in_kernel(vcpu->kvm) &&
-                kvm_run->request_interrupt_window;
+                vcpu->run->request_interrupt_window;
 
         if (vcpu->requests)
                 if (test_and_clear_bit(KVM_REQ_MMU_RELOAD, &vcpu->requests))
@@ -3584,12 +3868,12 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                         kvm_x86_ops->tlb_flush(vcpu);
                 if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS,
                                        &vcpu->requests)) {
-                        kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS;
+                        vcpu->run->exit_reason = KVM_EXIT_TPR_ACCESS;
                         r = 0;
                         goto out;
                 }
                 if (test_and_clear_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests)) {
-                        kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
+                        vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
                         r = 0;
                         goto out;
                 }
@@ -3613,7 +3897,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 goto out;
         }
 
-        inject_pending_event(vcpu, kvm_run);
+        inject_pending_event(vcpu);
 
         /* enable NMI/IRQ window open exits if needed */
         if (vcpu->arch.nmi_pending)
@@ -3639,16 +3923,17 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         }
 
         trace_kvm_entry(vcpu->vcpu_id);
-        kvm_x86_ops->run(vcpu, kvm_run);
+        kvm_x86_ops->run(vcpu);
 
-        if (unlikely(vcpu->arch.switch_db_regs || test_thread_flag(TIF_DEBUG))) {
-                set_debugreg(current->thread.debugreg0, 0);
-                set_debugreg(current->thread.debugreg1, 1);
-                set_debugreg(current->thread.debugreg2, 2);
-                set_debugreg(current->thread.debugreg3, 3);
-                set_debugreg(current->thread.debugreg6, 6);
-                set_debugreg(current->thread.debugreg7, 7);
-        }
+        /*
+         * If the guest has used debug registers, at least dr7
+         * will be disabled while returning to the host.
+         * If we don't have active breakpoints in the host, we don't
+         * care about the messed up debug address registers. But if
+         * we have some of them active, restore the old state.
+         */
+        if (hw_breakpoint_active())
+                hw_breakpoint_restore();
 
         set_bit(KVM_REQ_KICK, &vcpu->requests);
         local_irq_enable();
@@ -3680,13 +3965,13 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 
         kvm_lapic_sync_from_vapic(vcpu);
 
-        r = kvm_x86_ops->handle_exit(kvm_run, vcpu);
+        r = kvm_x86_ops->handle_exit(vcpu);
 out:
         return r;
 }
 
 
-static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int __vcpu_run(struct kvm_vcpu *vcpu)
 {
         int r;
 
@@ -3706,7 +3991,7 @@ static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         r = 1;
         while (r > 0) {
                 if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE)
-                        r = vcpu_enter_guest(vcpu, kvm_run);
+                        r = vcpu_enter_guest(vcpu);
                 else {
                         up_read(&vcpu->kvm->slots_lock);
                         kvm_vcpu_block(vcpu);
@@ -3734,14 +4019,14 @@ static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 if (kvm_cpu_has_pending_timer(vcpu))
                         kvm_inject_pending_timer_irqs(vcpu);
 
-                if (dm_request_for_irq_injection(vcpu, kvm_run)) {
+                if (dm_request_for_irq_injection(vcpu)) {
                         r = -EINTR;
-                        kvm_run->exit_reason = KVM_EXIT_INTR;
+                        vcpu->run->exit_reason = KVM_EXIT_INTR;
                         ++vcpu->stat.request_irq_exits;
                 }
                 if (signal_pending(current)) {
                         r = -EINTR;
-                        kvm_run->exit_reason = KVM_EXIT_INTR;
+                        vcpu->run->exit_reason = KVM_EXIT_INTR;
                         ++vcpu->stat.signal_exits;
                 }
                 if (need_resched()) {
@@ -3752,7 +4037,7 @@ static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         }
 
         up_read(&vcpu->kvm->slots_lock);
-        post_kvm_run_save(vcpu, kvm_run);
+        post_kvm_run_save(vcpu);
 
         vapic_exit(vcpu);
 
@@ -3785,15 +4070,13 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 if (r)
                         goto out;
         }
-#if CONFIG_HAS_IOMEM
         if (vcpu->mmio_needed) {
                 memcpy(vcpu->mmio_data, kvm_run->mmio.data, 8);
                 vcpu->mmio_read_completed = 1;
                 vcpu->mmio_needed = 0;
 
                 down_read(&vcpu->kvm->slots_lock);
-                r = emulate_instruction(vcpu, kvm_run,
-                                        vcpu->arch.mmio_fault_cr2, 0,
+                r = emulate_instruction(vcpu, vcpu->arch.mmio_fault_cr2, 0,
                                         EMULTYPE_NO_DECODE);
                 up_read(&vcpu->kvm->slots_lock);
                 if (r == EMULATE_DO_MMIO) {
@@ -3804,12 +4087,11 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                         goto out;
                 }
         }
-#endif
         if (kvm_run->exit_reason == KVM_EXIT_HYPERCALL)
                 kvm_register_write(vcpu, VCPU_REGS_RAX,
                                      kvm_run->hypercall.ret);
 
-        r = __vcpu_run(vcpu, kvm_run);
+        r = __vcpu_run(vcpu);
 
 out:
         if (vcpu->sigset_active)
@@ -3843,13 +4125,7 @@ int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
 #endif
 
         regs->rip = kvm_rip_read(vcpu);
-        regs->rflags = kvm_x86_ops->get_rflags(vcpu);
-
-        /*
-         * Don't leak debug flags in case they were set for guest debugging
-         */
-        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
-                regs->rflags &= ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
+        regs->rflags = kvm_get_rflags(vcpu);
 
         vcpu_put(vcpu);
 
@@ -3877,12 +4153,10 @@ int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
         kvm_register_write(vcpu, VCPU_REGS_R13, regs->r13);
         kvm_register_write(vcpu, VCPU_REGS_R14, regs->r14);
         kvm_register_write(vcpu, VCPU_REGS_R15, regs->r15);
-
 #endif
 
         kvm_rip_write(vcpu, regs->rip);
-        kvm_x86_ops->set_rflags(vcpu, regs->rflags);
-
+        kvm_set_rflags(vcpu, regs->rflags);
 
         vcpu->arch.exception.pending = false;
 
@@ -4049,7 +4323,7 @@ static int save_guest_segment_descriptor(struct kvm_vcpu *vcpu, u16 selector,
         return kvm_write_guest_virt(dtable.base + index*8, seg_desc, sizeof(*seg_desc), vcpu);
 }
 
-static u32 get_tss_base_addr(struct kvm_vcpu *vcpu,
+static gpa_t get_tss_base_addr(struct kvm_vcpu *vcpu,
                              struct desc_struct *seg_desc)
 {
         u32 base_addr = get_desc_base(seg_desc);
@@ -4101,7 +4375,7 @@ static int is_vm86_segment(struct kvm_vcpu *vcpu, int seg)
 {
         return (seg != VCPU_SREG_LDTR) &&
                 (seg != VCPU_SREG_TR) &&
-                (kvm_x86_ops->get_rflags(vcpu) & X86_EFLAGS_VM);
+                (kvm_get_rflags(vcpu) & X86_EFLAGS_VM);
 }
 
 int kvm_load_segment_descriptor(struct kvm_vcpu *vcpu, u16 selector,
@@ -4129,7 +4403,7 @@ static void save_state_to_tss32(struct kvm_vcpu *vcpu,
 {
         tss->cr3 = vcpu->arch.cr3;
         tss->eip = kvm_rip_read(vcpu);
-        tss->eflags = kvm_x86_ops->get_rflags(vcpu);
+        tss->eflags = kvm_get_rflags(vcpu);
         tss->eax = kvm_register_read(vcpu, VCPU_REGS_RAX);
         tss->ecx = kvm_register_read(vcpu, VCPU_REGS_RCX);
         tss->edx = kvm_register_read(vcpu, VCPU_REGS_RDX);
@@ -4153,7 +4427,7 @@ static int load_state_from_tss32(struct kvm_vcpu *vcpu,
         kvm_set_cr3(vcpu, tss->cr3);
 
         kvm_rip_write(vcpu, tss->eip);
-        kvm_x86_ops->set_rflags(vcpu, tss->eflags | 2);
+        kvm_set_rflags(vcpu, tss->eflags | 2);
 
         kvm_register_write(vcpu, VCPU_REGS_RAX, tss->eax);
         kvm_register_write(vcpu, VCPU_REGS_RCX, tss->ecx);
@@ -4191,7 +4465,7 @@ static void save_state_to_tss16(struct kvm_vcpu *vcpu,
                                 struct tss_segment_16 *tss)
 {
         tss->ip = kvm_rip_read(vcpu);
-        tss->flag = kvm_x86_ops->get_rflags(vcpu);
+        tss->flag = kvm_get_rflags(vcpu);
         tss->ax = kvm_register_read(vcpu, VCPU_REGS_RAX);
         tss->cx = kvm_register_read(vcpu, VCPU_REGS_RCX);
         tss->dx = kvm_register_read(vcpu, VCPU_REGS_RDX);
@@ -4206,14 +4480,13 @@ static void save_state_to_tss16(struct kvm_vcpu *vcpu,
         tss->ss = get_segment_selector(vcpu, VCPU_SREG_SS);
         tss->ds = get_segment_selector(vcpu, VCPU_SREG_DS);
         tss->ldt = get_segment_selector(vcpu, VCPU_SREG_LDTR);
-        tss->prev_task_link = get_segment_selector(vcpu, VCPU_SREG_TR);
 }
 
 static int load_state_from_tss16(struct kvm_vcpu *vcpu,
                                  struct tss_segment_16 *tss)
 {
         kvm_rip_write(vcpu, tss->ip);
-        kvm_x86_ops->set_rflags(vcpu, tss->flag | 2);
+        kvm_set_rflags(vcpu, tss->flag | 2);
         kvm_register_write(vcpu, VCPU_REGS_RAX, tss->ax);
         kvm_register_write(vcpu, VCPU_REGS_RCX, tss->cx);
         kvm_register_write(vcpu, VCPU_REGS_RDX, tss->dx);
@@ -4359,8 +4632,8 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
         }
 
         if (reason == TASK_SWITCH_IRET) {
-                u32 eflags = kvm_x86_ops->get_rflags(vcpu);
-                kvm_x86_ops->set_rflags(vcpu, eflags & ~X86_EFLAGS_NT);
+                u32 eflags = kvm_get_rflags(vcpu);
+                kvm_set_rflags(vcpu, eflags & ~X86_EFLAGS_NT);
         }
 
         /* set back link to prev task only if NT bit is set in eflags
@@ -4368,11 +4641,6 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
         if (reason != TASK_SWITCH_CALL && reason != TASK_SWITCH_GATE)
                 old_tss_sel = 0xffff;
 
-        /* set back link to prev task only if NT bit is set in eflags
-           note that old_tss_sel is not used afetr this point */
-        if (reason != TASK_SWITCH_CALL && reason != TASK_SWITCH_GATE)
-                old_tss_sel = 0xffff;
-
         if (nseg_desc.type & 8)
                 ret = kvm_task_switch_32(vcpu, tss_selector, old_tss_sel,
                                          old_tss_base, &nseg_desc);
@@ -4381,8 +4649,8 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
                                          old_tss_base, &nseg_desc);
 
         if (reason == TASK_SWITCH_CALL || reason == TASK_SWITCH_GATE) {
-                u32 eflags = kvm_x86_ops->get_rflags(vcpu);
-                kvm_x86_ops->set_rflags(vcpu, eflags | X86_EFLAGS_NT);
+                u32 eflags = kvm_get_rflags(vcpu);
+                kvm_set_rflags(vcpu, eflags | X86_EFLAGS_NT);
         }
 
         if (reason != TASK_SWITCH_IRET) {
@@ -4434,8 +4702,10 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
 
         mmu_reset_needed |= vcpu->arch.cr4 != sregs->cr4;
         kvm_x86_ops->set_cr4(vcpu, sregs->cr4);
-        if (!is_long_mode(vcpu) && is_pae(vcpu))
+        if (!is_long_mode(vcpu) && is_pae(vcpu)) {
                 load_pdptrs(vcpu, vcpu->arch.cr3);
+                mmu_reset_needed = 1;
+        }
 
         if (mmu_reset_needed)
                 kvm_mmu_reset_context(vcpu);
@@ -4476,12 +4746,32 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
 int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
                                         struct kvm_guest_debug *dbg)
 {
+        unsigned long rflags;
         int i, r;
 
         vcpu_load(vcpu);
 
-        if ((dbg->control & (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP)) ==
-            (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP)) {
+        if (dbg->control & (KVM_GUESTDBG_INJECT_DB | KVM_GUESTDBG_INJECT_BP)) {
+                r = -EBUSY;
+                if (vcpu->arch.exception.pending)
+                        goto unlock_out;
+                if (dbg->control & KVM_GUESTDBG_INJECT_DB)
+                        kvm_queue_exception(vcpu, DB_VECTOR);
+                else
+                        kvm_queue_exception(vcpu, BP_VECTOR);
+        }
+
+        /*
+         * Read rflags as long as potentially injected trace flags are still
+         * filtered out.
+         */
+        rflags = kvm_get_rflags(vcpu);
+
+        vcpu->guest_debug = dbg->control;
+        if (!(vcpu->guest_debug & KVM_GUESTDBG_ENABLE))
+                vcpu->guest_debug = 0;
+
+        if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
                 for (i = 0; i < KVM_NR_DB_REGS; ++i)
                         vcpu->arch.eff_db[i] = dbg->arch.debugreg[i];
                 vcpu->arch.switch_db_regs =
@@ -4492,13 +4782,23 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
                 vcpu->arch.switch_db_regs = (vcpu->arch.dr7 & DR7_BP_EN_MASK);
         }
 
-        r = kvm_x86_ops->set_guest_debug(vcpu, dbg);
+        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) {
+                vcpu->arch.singlestep_cs =
+                        get_segment_selector(vcpu, VCPU_SREG_CS);
+                vcpu->arch.singlestep_rip = kvm_rip_read(vcpu);
+        }
+
+        /*
+         * Trigger an rflags update that will inject or remove the trace
+         * flags.
+         */
+        kvm_set_rflags(vcpu, rflags);
+
+        kvm_x86_ops->set_guest_debug(vcpu, dbg);
 
-        if (dbg->control & KVM_GUESTDBG_INJECT_DB)
-                kvm_queue_exception(vcpu, DB_VECTOR);
-        else if (dbg->control & KVM_GUESTDBG_INJECT_BP)
-                kvm_queue_exception(vcpu, BP_VECTOR);
+        r = 0;
 
+unlock_out:
         vcpu_put(vcpu);
 
         return r;
@@ -4699,14 +4999,26 @@ int kvm_arch_vcpu_reset(struct kvm_vcpu *vcpu)
         return kvm_x86_ops->vcpu_reset(vcpu);
 }
 
-void kvm_arch_hardware_enable(void *garbage)
+int kvm_arch_hardware_enable(void *garbage)
 {
-        kvm_x86_ops->hardware_enable(garbage);
+        /*
+         * Since this may be called from a hotplug notifcation,
+         * we can't get the CPU frequency directly.
+         */
+        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
+                int cpu = raw_smp_processor_id();
+                per_cpu(cpu_tsc_khz, cpu) = 0;
+        }
+
+        kvm_shared_msr_cpu_online();
+
+        return kvm_x86_ops->hardware_enable(garbage);
 }
 
 void kvm_arch_hardware_disable(void *garbage)
 {
         kvm_x86_ops->hardware_disable(garbage);
+        drop_user_return_notifiers(garbage);
 }
 
 int kvm_arch_hardware_setup(void)
@@ -4944,8 +5256,36 @@ int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu)
         return kvm_x86_ops->interrupt_allowed(vcpu);
 }
 
+unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu)
+{
+        unsigned long rflags;
+
+        rflags = kvm_x86_ops->get_rflags(vcpu);
+        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
+                rflags &= ~(unsigned long)(X86_EFLAGS_TF | X86_EFLAGS_RF);
+        return rflags;
+}
+EXPORT_SYMBOL_GPL(kvm_get_rflags);
+
+void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
+{
+        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP &&
+            vcpu->arch.singlestep_cs ==
+                        get_segment_selector(vcpu, VCPU_SREG_CS) &&
+            vcpu->arch.singlestep_rip == kvm_rip_read(vcpu))
+                rflags |= X86_EFLAGS_TF | X86_EFLAGS_RF;
+        kvm_x86_ops->set_rflags(vcpu, rflags);
+}
+EXPORT_SYMBOL_GPL(kvm_set_rflags);
+
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_inj_virq);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_page_fault);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_msr);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_cr);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmrun);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmexit);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmexit_inject);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_intr_vmexit);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_invlpga);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_skinit);
diff --git a/arch/x86/lib/.gitignore b/arch/x86/lib/.gitignore
new file mode 100644
index 000000000000..8df89f0a3fe6
--- /dev/null
+++ b/arch/x86/lib/.gitignore
@@ -0,0 +1 @@
+inat-tables.c
diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
index 3e549b8ec8c9..cffd754f3039 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -2,21 +2,36 @@
 # Makefile for x86 specific library files.
 #
 
-obj-$(CONFIG_SMP) := msr.o
+inat_tables_script = $(srctree)/arch/x86/tools/gen-insn-attr-x86.awk
+inat_tables_maps = $(srctree)/arch/x86/lib/x86-opcode-map.txt
+quiet_cmd_inat_tables = GEN     $@
+      cmd_inat_tables = $(AWK) -f $(inat_tables_script) $(inat_tables_maps) > $@ || rm -f $@
+
+$(obj)/inat-tables.c: $(inat_tables_script) $(inat_tables_maps)
+        $(call cmd,inat_tables)
+
+$(obj)/inat.o: $(obj)/inat-tables.c
+
+clean-files := inat-tables.c
+
+obj-$(CONFIG_SMP) += msr-smp.o
 
 lib-y := delay.o
 lib-y += thunk_$(BITS).o
 lib-y += usercopy_$(BITS).o getuser.o putuser.o
 lib-y += memcpy_$(BITS).o
+lib-$(CONFIG_KPROBES) += insn.o inat.o
 
-obj-y += msr-reg.o msr-reg-export.o
+obj-y += msr.o msr-reg.o msr-reg-export.o
 
 ifeq ($(CONFIG_X86_32),y)
         obj-y += atomic64_32.o
         lib-y += checksum_32.o
         lib-y += strstr_32.o
-        lib-y += semaphore_32.o string_32.o cmpxchg8b_emu.o
-
+        lib-y += semaphore_32.o string_32.o
+ifneq ($(CONFIG_X86_CMPXCHG64),y)
+        lib-y += cmpxchg8b_emu.o
+endif
         lib-$(CONFIG_X86_USE_3DNOW) += mmx_32.o
 else
         obj-y += io_64.o iomap_copy_64.o
diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S
index 6ba0f7bb85ea..cf889d4e076a 100644
--- a/arch/x86/lib/copy_user_64.S
+++ b/arch/x86/lib/copy_user_64.S
@@ -65,7 +65,7 @@
         .endm
 
 /* Standard copy_to_user with segment limit checking */
-ENTRY(copy_to_user)
+ENTRY(_copy_to_user)
         CFI_STARTPROC
         GET_THREAD_INFO(%rax)
         movq %rdi,%rcx
@@ -75,10 +75,10 @@ ENTRY(copy_to_user)
         jae bad_to_user
         ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
         CFI_ENDPROC
-ENDPROC(copy_to_user)
+ENDPROC(_copy_to_user)
 
 /* Standard copy_from_user with segment limit checking */
-ENTRY(copy_from_user)
+ENTRY(_copy_from_user)
         CFI_STARTPROC
         GET_THREAD_INFO(%rax)
         movq %rsi,%rcx
@@ -88,7 +88,7 @@ ENTRY(copy_from_user)
         jae bad_from_user
         ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
         CFI_ENDPROC
-ENDPROC(copy_from_user)
+ENDPROC(_copy_from_user)
 
 ENTRY(copy_user_generic)
         CFI_STARTPROC
@@ -96,12 +96,6 @@ ENTRY(copy_user_generic)
         CFI_ENDPROC
 ENDPROC(copy_user_generic)
 
-ENTRY(__copy_from_user_inatomic)
-        CFI_STARTPROC
-        ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
-        CFI_ENDPROC
-ENDPROC(__copy_from_user_inatomic)
-
         .section .fixup,"ax"
         /* must zero dest */
 ENTRY(bad_from_user)
diff --git a/arch/x86/lib/inat.c b/arch/x86/lib/inat.c
new file mode 100644
index 000000000000..46fc4ee09fc4
--- /dev/null
+++ b/arch/x86/lib/inat.c
@@ -0,0 +1,90 @@
+/*
+ * x86 instruction attribute tables
+ *
+ * Written by Masami Hiramatsu <mhiramat@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+#include <asm/insn.h>
+
+/* Attribute tables are generated from opcode map */
+#include "inat-tables.c"
+
+/* Attribute search APIs */
+insn_attr_t inat_get_opcode_attribute(insn_byte_t opcode)
+{
+        return inat_primary_table[opcode];
+}
+
+insn_attr_t inat_get_escape_attribute(insn_byte_t opcode, insn_byte_t last_pfx,
+                                      insn_attr_t esc_attr)
+{
+        const insn_attr_t *table;
+        insn_attr_t lpfx_attr;
+        int n, m = 0;
+
+        n = inat_escape_id(esc_attr);
+        if (last_pfx) {
+                lpfx_attr = inat_get_opcode_attribute(last_pfx);
+                m = inat_last_prefix_id(lpfx_attr);
+        }
+        table = inat_escape_tables[n][0];
+        if (!table)
+                return 0;
+        if (inat_has_variant(table[opcode]) && m) {
+                table = inat_escape_tables[n][m];
+                if (!table)
+                        return 0;
+        }
+        return table[opcode];
+}
+
+insn_attr_t inat_get_group_attribute(insn_byte_t modrm, insn_byte_t last_pfx,
+                                     insn_attr_t grp_attr)
+{
+        const insn_attr_t *table;
+        insn_attr_t lpfx_attr;
+        int n, m = 0;
+
+        n = inat_group_id(grp_attr);
+        if (last_pfx) {
+                lpfx_attr = inat_get_opcode_attribute(last_pfx);
+                m = inat_last_prefix_id(lpfx_attr);
+        }
+        table = inat_group_tables[n][0];
+        if (!table)
+                return inat_group_common_attribute(grp_attr);
+        if (inat_has_variant(table[X86_MODRM_REG(modrm)]) && m) {
+                table = inat_group_tables[n][m];
+                if (!table)
+                        return inat_group_common_attribute(grp_attr);
+        }
+        return table[X86_MODRM_REG(modrm)] |
+               inat_group_common_attribute(grp_attr);
+}
+
+insn_attr_t inat_get_avx_attribute(insn_byte_t opcode, insn_byte_t vex_m,
+                                   insn_byte_t vex_p)
+{
+        const insn_attr_t *table;
+        if (vex_m > X86_VEX_M_MAX || vex_p > INAT_LSTPFX_MAX)
+                return 0;
+        table = inat_avx_tables[vex_m][vex_p];
+        if (!table)
+                return 0;
+        return table[opcode];
+}
+
diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c
new file mode 100644
index 000000000000..9f33b984d0ef
--- /dev/null
+++ b/arch/x86/lib/insn.c
@@ -0,0 +1,516 @@
+/*
+ * x86 instruction analysis
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Copyright (C) IBM Corporation, 2002, 2004, 2009
+ */
+
+#include <linux/string.h>
+#include <asm/inat.h>
+#include <asm/insn.h>
+
+#define get_next(t, insn)       \
+        ({t r; r = *(t*)insn->next_byte; insn->next_byte += sizeof(t); r; })
+
+#define peek_next(t, insn)      \
+        ({t r; r = *(t*)insn->next_byte; r; })
+
+#define peek_nbyte_next(t, insn, n)     \
+        ({t r; r = *(t*)((insn)->next_byte + n); r; })
+
+/**
+ * insn_init() - initialize struct insn
+ * @insn:       &struct insn to be initialized
+ * @kaddr:      address (in kernel memory) of instruction (or copy thereof)
+ * @x86_64:     !0 for 64-bit kernel or 64-bit app
+ */
+void insn_init(struct insn *insn, const void *kaddr, int x86_64)
+{
+        memset(insn, 0, sizeof(*insn));
+        insn->kaddr = kaddr;
+        insn->next_byte = kaddr;
+        insn->x86_64 = x86_64 ? 1 : 0;
+        insn->opnd_bytes = 4;
+        if (x86_64)
+                insn->addr_bytes = 8;
+        else
+                insn->addr_bytes = 4;
+}
+
+/**
+ * insn_get_prefixes - scan x86 instruction prefix bytes
+ * @insn:       &struct insn containing instruction
+ *
+ * Populates the @insn->prefixes bitmap, and updates @insn->next_byte
+ * to point to the (first) opcode.  No effect if @insn->prefixes.got
+ * is already set.
+ */
+void insn_get_prefixes(struct insn *insn)
+{
+        struct insn_field *prefixes = &insn->prefixes;
+        insn_attr_t attr;
+        insn_byte_t b, lb;
+        int i, nb;
+
+        if (prefixes->got)
+                return;
+
+        nb = 0;
+        lb = 0;
+        b = peek_next(insn_byte_t, insn);
+        attr = inat_get_opcode_attribute(b);
+        while (inat_is_legacy_prefix(attr)) {
+                /* Skip if same prefix */
+                for (i = 0; i < nb; i++)
+                        if (prefixes->bytes[i] == b)
+                                goto found;
+                if (nb == 4)
+                        /* Invalid instruction */
+                        break;
+                prefixes->bytes[nb++] = b;
+                if (inat_is_address_size_prefix(attr)) {
+                        /* address size switches 2/4 or 4/8 */
+                        if (insn->x86_64)
+                                insn->addr_bytes ^= 12;
+                        else
+                                insn->addr_bytes ^= 6;
+                } else if (inat_is_operand_size_prefix(attr)) {
+                        /* oprand size switches 2/4 */
+                        insn->opnd_bytes ^= 6;
+                }
+found:
+                prefixes->nbytes++;
+                insn->next_byte++;
+                lb = b;
+                b = peek_next(insn_byte_t, insn);
+                attr = inat_get_opcode_attribute(b);
+        }
+        /* Set the last prefix */
+        if (lb && lb != insn->prefixes.bytes[3]) {
+                if (unlikely(insn->prefixes.bytes[3])) {
+                        /* Swap the last prefix */
+                        b = insn->prefixes.bytes[3];
+                        for (i = 0; i < nb; i++)
+                                if (prefixes->bytes[i] == lb)
+                                        prefixes->bytes[i] = b;
+                }
+                insn->prefixes.bytes[3] = lb;
+        }
+
+        /* Decode REX prefix */
+        if (insn->x86_64) {
+                b = peek_next(insn_byte_t, insn);
+                attr = inat_get_opcode_attribute(b);
+                if (inat_is_rex_prefix(attr)) {
+                        insn->rex_prefix.value = b;
+                        insn->rex_prefix.nbytes = 1;
+                        insn->next_byte++;
+                        if (X86_REX_W(b))
+                                /* REX.W overrides opnd_size */
+                                insn->opnd_bytes = 8;
+                }
+        }
+        insn->rex_prefix.got = 1;
+
+        /* Decode VEX prefix */
+        b = peek_next(insn_byte_t, insn);
+        attr = inat_get_opcode_attribute(b);
+        if (inat_is_vex_prefix(attr)) {
+                insn_byte_t b2 = peek_nbyte_next(insn_byte_t, insn, 1);
+                if (!insn->x86_64) {
+                        /*
+                         * In 32-bits mode, if the [7:6] bits (mod bits of
+                         * ModRM) on the second byte are not 11b, it is
+                         * LDS or LES.
+                         */
+                        if (X86_MODRM_MOD(b2) != 3)
+                                goto vex_end;
+                }
+                insn->vex_prefix.bytes[0] = b;
+                insn->vex_prefix.bytes[1] = b2;
+                if (inat_is_vex3_prefix(attr)) {
+                        b2 = peek_nbyte_next(insn_byte_t, insn, 2);
+                        insn->vex_prefix.bytes[2] = b2;
+                        insn->vex_prefix.nbytes = 3;
+                        insn->next_byte += 3;
+                        if (insn->x86_64 && X86_VEX_W(b2))
+                                /* VEX.W overrides opnd_size */
+                                insn->opnd_bytes = 8;
+                } else {
+                        insn->vex_prefix.nbytes = 2;
+                        insn->next_byte += 2;
+                }
+        }
+vex_end:
+        insn->vex_prefix.got = 1;
+
+        prefixes->got = 1;
+        return;
+}
+
+/**
+ * insn_get_opcode - collect opcode(s)
+ * @insn:       &struct insn containing instruction
+ *
+ * Populates @insn->opcode, updates @insn->next_byte to point past the
+ * opcode byte(s), and set @insn->attr (except for groups).
+ * If necessary, first collects any preceding (prefix) bytes.
+ * Sets @insn->opcode.value = opcode1.  No effect if @insn->opcode.got
+ * is already 1.
+ */
+void insn_get_opcode(struct insn *insn)
+{
+        struct insn_field *opcode = &insn->opcode;
+        insn_byte_t op, pfx;
+        if (opcode->got)
+                return;
+        if (!insn->prefixes.got)
+                insn_get_prefixes(insn);
+
+        /* Get first opcode */
+        op = get_next(insn_byte_t, insn);
+        opcode->bytes[0] = op;
+        opcode->nbytes = 1;
+
+        /* Check if there is VEX prefix or not */
+        if (insn_is_avx(insn)) {
+                insn_byte_t m, p;
+                m = insn_vex_m_bits(insn);
+                p = insn_vex_p_bits(insn);
+                insn->attr = inat_get_avx_attribute(op, m, p);
+                if (!inat_accept_vex(insn->attr))
+                        insn->attr = 0; /* This instruction is bad */
+                goto end;       /* VEX has only 1 byte for opcode */
+        }
+
+        insn->attr = inat_get_opcode_attribute(op);
+        while (inat_is_escape(insn->attr)) {
+                /* Get escaped opcode */
+                op = get_next(insn_byte_t, insn);
+                opcode->bytes[opcode->nbytes++] = op;
+                pfx = insn_last_prefix(insn);
+                insn->attr = inat_get_escape_attribute(op, pfx, insn->attr);
+        }
+        if (inat_must_vex(insn->attr))
+                insn->attr = 0; /* This instruction is bad */
+end:
+        opcode->got = 1;
+}
+
+/**
+ * insn_get_modrm - collect ModRM byte, if any
+ * @insn:       &struct insn containing instruction
+ *
+ * Populates @insn->modrm and updates @insn->next_byte to point past the
+ * ModRM byte, if any.  If necessary, first collects the preceding bytes
+ * (prefixes and opcode(s)).  No effect if @insn->modrm.got is already 1.
+ */
+void insn_get_modrm(struct insn *insn)
+{
+        struct insn_field *modrm = &insn->modrm;
+        insn_byte_t pfx, mod;
+        if (modrm->got)
+                return;
+        if (!insn->opcode.got)
+                insn_get_opcode(insn);
+
+        if (inat_has_modrm(insn->attr)) {
+                mod = get_next(insn_byte_t, insn);
+                modrm->value = mod;
+                modrm->nbytes = 1;
+                if (inat_is_group(insn->attr)) {
+                        pfx = insn_last_prefix(insn);
+                        insn->attr = inat_get_group_attribute(mod, pfx,
+                                                              insn->attr);
+                }
+        }
+
+        if (insn->x86_64 && inat_is_force64(insn->attr))
+                insn->opnd_bytes = 8;
+        modrm->got = 1;
+}
+
+
+/**
+ * insn_rip_relative() - Does instruction use RIP-relative addressing mode?
+ * @insn:       &struct insn containing instruction
+ *
+ * If necessary, first collects the instruction up to and including the
+ * ModRM byte.  No effect if @insn->x86_64 is 0.
+ */
+int insn_rip_relative(struct insn *insn)
+{
+        struct insn_field *modrm = &insn->modrm;
+
+        if (!insn->x86_64)
+                return 0;
+        if (!modrm->got)
+                insn_get_modrm(insn);
+        /*
+         * For rip-relative instructions, the mod field (top 2 bits)
+         * is zero and the r/m field (bottom 3 bits) is 0x5.
+         */
+        return (modrm->nbytes && (modrm->value & 0xc7) == 0x5);
+}
+
+/**
+ * insn_get_sib() - Get the SIB byte of instruction
+ * @insn:       &struct insn containing instruction
+ *
+ * If necessary, first collects the instruction up to and including the
+ * ModRM byte.
+ */
+void insn_get_sib(struct insn *insn)
+{
+        insn_byte_t modrm;
+
+        if (insn->sib.got)
+                return;
+        if (!insn->modrm.got)
+                insn_get_modrm(insn);
+        if (insn->modrm.nbytes) {
+                modrm = (insn_byte_t)insn->modrm.value;
+                if (insn->addr_bytes != 2 &&
+                    X86_MODRM_MOD(modrm) != 3 && X86_MODRM_RM(modrm) == 4) {
+                        insn->sib.value = get_next(insn_byte_t, insn);
+                        insn->sib.nbytes = 1;
+                }
+        }
+        insn->sib.got = 1;
+}
+
+
+/**
+ * insn_get_displacement() - Get the displacement of instruction
+ * @insn:       &struct insn containing instruction
+ *
+ * If necessary, first collects the instruction up to and including the
+ * SIB byte.
+ * Displacement value is sign-expanded.
+ */
+void insn_get_displacement(struct insn *insn)
+{
+        insn_byte_t mod, rm, base;
+
+        if (insn->displacement.got)
+                return;
+        if (!insn->sib.got)
+                insn_get_sib(insn);
+        if (insn->modrm.nbytes) {
+                /*
+                 * Interpreting the modrm byte:
+                 * mod = 00 - no displacement fields (exceptions below)
+                 * mod = 01 - 1-byte displacement field
+                 * mod = 10 - displacement field is 4 bytes, or 2 bytes if
+                 *      address size = 2 (0x67 prefix in 32-bit mode)
+                 * mod = 11 - no memory operand
+                 *
+                 * If address size = 2...
+                 * mod = 00, r/m = 110 - displacement field is 2 bytes
+                 *
+                 * If address size != 2...
+                 * mod != 11, r/m = 100 - SIB byte exists
+                 * mod = 00, SIB base = 101 - displacement field is 4 bytes
+                 * mod = 00, r/m = 101 - rip-relative addressing, displacement
+                 *      field is 4 bytes
+                 */
+                mod = X86_MODRM_MOD(insn->modrm.value);
+                rm = X86_MODRM_RM(insn->modrm.value);
+                base = X86_SIB_BASE(insn->sib.value);
+                if (mod == 3)
+                        goto out;
+                if (mod == 1) {
+                        insn->displacement.value = get_next(char, insn);
+                        insn->displacement.nbytes = 1;
+                } else if (insn->addr_bytes == 2) {
+                        if ((mod == 0 && rm == 6) || mod == 2) {
+                                insn->displacement.value =
+                                         get_next(short, insn);
+                                insn->displacement.nbytes = 2;
+                        }
+                } else {
+                        if ((mod == 0 && rm == 5) || mod == 2 ||
+                            (mod == 0 && base == 5)) {
+                                insn->displacement.value = get_next(int, insn);
+                                insn->displacement.nbytes = 4;
+                        }
+                }
+        }
+out:
+        insn->displacement.got = 1;
+}
+
+/* Decode moffset16/32/64 */
+static void __get_moffset(struct insn *insn)
+{
+        switch (insn->addr_bytes) {
+        case 2:
+                insn->moffset1.value = get_next(short, insn);
+                insn->moffset1.nbytes = 2;
+                break;
+        case 4:
+                insn->moffset1.value = get_next(int, insn);
+                insn->moffset1.nbytes = 4;
+                break;
+        case 8:
+                insn->moffset1.value = get_next(int, insn);
+                insn->moffset1.nbytes = 4;
+                insn->moffset2.value = get_next(int, insn);
+                insn->moffset2.nbytes = 4;
+                break;
+        }
+        insn->moffset1.got = insn->moffset2.got = 1;
+}
+
+/* Decode imm v32(Iz) */
+static void __get_immv32(struct insn *insn)
+{
+        switch (insn->opnd_bytes) {
+        case 2:
+                insn->immediate.value = get_next(short, insn);
+                insn->immediate.nbytes = 2;
+                break;
+        case 4:
+        case 8:
+                insn->immediate.value = get_next(int, insn);
+                insn->immediate.nbytes = 4;
+                break;
+        }
+}
+
+/* Decode imm v64(Iv/Ov) */
+static void __get_immv(struct insn *insn)
+{
+        switch (insn->opnd_bytes) {
+        case 2:
+                insn->immediate1.value = get_next(short, insn);
+                insn->immediate1.nbytes = 2;
+                break;
+        case 4:
+                insn->immediate1.value = get_next(int, insn);
+                insn->immediate1.nbytes = 4;
+                break;
+        case 8:
+                insn->immediate1.value = get_next(int, insn);
+                insn->immediate1.nbytes = 4;
+                insn->immediate2.value = get_next(int, insn);
+                insn->immediate2.nbytes = 4;
+                break;
+        }
+        insn->immediate1.got = insn->immediate2.got = 1;
+}
+
+/* Decode ptr16:16/32(Ap) */
+static void __get_immptr(struct insn *insn)
+{
+        switch (insn->opnd_bytes) {
+        case 2:
+                insn->immediate1.value = get_next(short, insn);
+                insn->immediate1.nbytes = 2;
+                break;
+        case 4:
+                insn->immediate1.value = get_next(int, insn);
+                insn->immediate1.nbytes = 4;
+                break;
+        case 8:
+                /* ptr16:64 is not exist (no segment) */
+                return;
+        }
+        insn->immediate2.value = get_next(unsigned short, insn);
+        insn->immediate2.nbytes = 2;
+        insn->immediate1.got = insn->immediate2.got = 1;
+}
+
+/**
+ * insn_get_immediate() - Get the immediates of instruction
+ * @insn:       &struct insn containing instruction
+ *
+ * If necessary, first collects the instruction up to and including the
+ * displacement bytes.
+ * Basically, most of immediates are sign-expanded. Unsigned-value can be
+ * get by bit masking with ((1 << (nbytes * 8)) - 1)
+ */
+void insn_get_immediate(struct insn *insn)
+{
+        if (insn->immediate.got)
+                return;
+        if (!insn->displacement.got)
+                insn_get_displacement(insn);
+
+        if (inat_has_moffset(insn->attr)) {
+                __get_moffset(insn);
+                goto done;
+        }
+
+        if (!inat_has_immediate(insn->attr))
+                /* no immediates */
+                goto done;
+
+        switch (inat_immediate_size(insn->attr)) {
+        case INAT_IMM_BYTE:
+                insn->immediate.value = get_next(char, insn);
+                insn->immediate.nbytes = 1;
+                break;
+        case INAT_IMM_WORD:
+                insn->immediate.value = get_next(short, insn);
+                insn->immediate.nbytes = 2;
+                break;
+        case INAT_IMM_DWORD:
+                insn->immediate.value = get_next(int, insn);
+                insn->immediate.nbytes = 4;
+                break;
+        case INAT_IMM_QWORD:
+                insn->immediate1.value = get_next(int, insn);
+                insn->immediate1.nbytes = 4;
+                insn->immediate2.value = get_next(int, insn);
+                insn->immediate2.nbytes = 4;
+                break;
+        case INAT_IMM_PTR:
+                __get_immptr(insn);
+                break;
+        case INAT_IMM_VWORD32:
+                __get_immv32(insn);
+                break;
+        case INAT_IMM_VWORD:
+                __get_immv(insn);
+                break;
+        default:
+                break;
+        }
+        if (inat_has_second_immediate(insn->attr)) {
+                insn->immediate2.value = get_next(char, insn);
+                insn->immediate2.nbytes = 1;
+        }
+done:
+        insn->immediate.got = 1;
+}
+
+/**
+ * insn_get_length() - Get the length of instruction
+ * @insn:       &struct insn containing instruction
+ *
+ * If necessary, first collects the instruction up to and including the
+ * immediates bytes.
+ */
+void insn_get_length(struct insn *insn)
+{
+        if (insn->length)
+                return;
+        if (!insn->immediate.got)
+                insn_get_immediate(insn);
+        insn->length = (unsigned char)((unsigned long)insn->next_byte
+                                     - (unsigned long)insn->kaddr);
+}
diff --git a/arch/x86/lib/msr-smp.c b/arch/x86/lib/msr-smp.c
new file mode 100644
index 000000000000..a6b1b86d2253
--- /dev/null
+++ b/arch/x86/lib/msr-smp.c
@@ -0,0 +1,204 @@
+#include <linux/module.h>
+#include <linux/preempt.h>
+#include <linux/smp.h>
+#include <asm/msr.h>
+
+static void __rdmsr_on_cpu(void *info)
+{
+        struct msr_info *rv = info;
+        struct msr *reg;
+        int this_cpu = raw_smp_processor_id();
+
+        if (rv->msrs)
+                reg = per_cpu_ptr(rv->msrs, this_cpu);
+        else
+                reg = &rv->reg;
+
+        rdmsr(rv->msr_no, reg->l, reg->h);
+}
+
+static void __wrmsr_on_cpu(void *info)
+{
+        struct msr_info *rv = info;
+        struct msr *reg;
+        int this_cpu = raw_smp_processor_id();
+
+        if (rv->msrs)
+                reg = per_cpu_ptr(rv->msrs, this_cpu);
+        else
+                reg = &rv->reg;
+
+        wrmsr(rv->msr_no, reg->l, reg->h);
+}
+
+int rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
+{
+        int err;
+        struct msr_info rv;
+
+        memset(&rv, 0, sizeof(rv));
+
+        rv.msr_no = msr_no;
+        err = smp_call_function_single(cpu, __rdmsr_on_cpu, &rv, 1);
+        *l = rv.reg.l;
+        *h = rv.reg.h;
+
+        return err;
+}
+EXPORT_SYMBOL(rdmsr_on_cpu);
+
+int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
+{
+        int err;
+        struct msr_info rv;
+
+        memset(&rv, 0, sizeof(rv));
+
+        rv.msr_no = msr_no;
+        rv.reg.l = l;
+        rv.reg.h = h;
+        err = smp_call_function_single(cpu, __wrmsr_on_cpu, &rv, 1);
+
+        return err;
+}
+EXPORT_SYMBOL(wrmsr_on_cpu);
+
+static void __rwmsr_on_cpus(const struct cpumask *mask, u32 msr_no,
+                            struct msr *msrs,
+                            void (*msr_func) (void *info))
+{
+        struct msr_info rv;
+        int this_cpu;
+
+        memset(&rv, 0, sizeof(rv));
+
+        rv.msrs   = msrs;
+        rv.msr_no = msr_no;
+
+        this_cpu = get_cpu();
+
+        if (cpumask_test_cpu(this_cpu, mask))
+                msr_func(&rv);
+
+        smp_call_function_many(mask, msr_func, &rv, 1);
+        put_cpu();
+}
+
+/* rdmsr on a bunch of CPUs
+ *
+ * @mask:       which CPUs
+ * @msr_no:     which MSR
+ * @msrs:       array of MSR values
+ *
+ */
+void rdmsr_on_cpus(const struct cpumask *mask, u32 msr_no, struct msr *msrs)
+{
+        __rwmsr_on_cpus(mask, msr_no, msrs, __rdmsr_on_cpu);
+}
+EXPORT_SYMBOL(rdmsr_on_cpus);
+
+/*
+ * wrmsr on a bunch of CPUs
+ *
+ * @mask:       which CPUs
+ * @msr_no:     which MSR
+ * @msrs:       array of MSR values
+ *
+ */
+void wrmsr_on_cpus(const struct cpumask *mask, u32 msr_no, struct msr *msrs)
+{
+        __rwmsr_on_cpus(mask, msr_no, msrs, __wrmsr_on_cpu);
+}
+EXPORT_SYMBOL(wrmsr_on_cpus);
+
+/* These "safe" variants are slower and should be used when the target MSR
+   may not actually exist. */
+static void __rdmsr_safe_on_cpu(void *info)
+{
+        struct msr_info *rv = info;
+
+        rv->err = rdmsr_safe(rv->msr_no, &rv->reg.l, &rv->reg.h);
+}
+
+static void __wrmsr_safe_on_cpu(void *info)
+{
+        struct msr_info *rv = info;
+
+        rv->err = wrmsr_safe(rv->msr_no, rv->reg.l, rv->reg.h);
+}
+
+int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
+{
+        int err;
+        struct msr_info rv;
+
+        memset(&rv, 0, sizeof(rv));
+
+        rv.msr_no = msr_no;
+        err = smp_call_function_single(cpu, __rdmsr_safe_on_cpu, &rv, 1);
+        *l = rv.reg.l;
+        *h = rv.reg.h;
+
+        return err ? err : rv.err;
+}
+EXPORT_SYMBOL(rdmsr_safe_on_cpu);
+
+int wrmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
+{
+        int err;
+        struct msr_info rv;
+
+        memset(&rv, 0, sizeof(rv));
+
+        rv.msr_no = msr_no;
+        rv.reg.l = l;
+        rv.reg.h = h;
+        err = smp_call_function_single(cpu, __wrmsr_safe_on_cpu, &rv, 1);
+
+        return err ? err : rv.err;
+}
+EXPORT_SYMBOL(wrmsr_safe_on_cpu);
+
+/*
+ * These variants are significantly slower, but allows control over
+ * the entire 32-bit GPR set.
+ */
+static void __rdmsr_safe_regs_on_cpu(void *info)
+{
+        struct msr_regs_info *rv = info;
+
+        rv->err = rdmsr_safe_regs(rv->regs);
+}
+
+static void __wrmsr_safe_regs_on_cpu(void *info)
+{
+        struct msr_regs_info *rv = info;
+
+        rv->err = wrmsr_safe_regs(rv->regs);
+}
+
+int rdmsr_safe_regs_on_cpu(unsigned int cpu, u32 *regs)
+{
+        int err;
+        struct msr_regs_info rv;
+
+        rv.regs   = regs;
+        rv.err    = -EIO;
+        err = smp_call_function_single(cpu, __rdmsr_safe_regs_on_cpu, &rv, 1);
+
+        return err ? err : rv.err;
+}
+EXPORT_SYMBOL(rdmsr_safe_regs_on_cpu);
+
+int wrmsr_safe_regs_on_cpu(unsigned int cpu, u32 *regs)
+{
+        int err;
+        struct msr_regs_info rv;
+
+        rv.regs = regs;
+        rv.err  = -EIO;
+        err = smp_call_function_single(cpu, __wrmsr_safe_regs_on_cpu, &rv, 1);
+
+        return err ? err : rv.err;
+}
+EXPORT_SYMBOL(wrmsr_safe_regs_on_cpu);
diff --git a/arch/x86/lib/msr.c b/arch/x86/lib/msr.c
index 33a1e3ca22d8..8f8eebdca7d4 100644
--- a/arch/x86/lib/msr.c
+++ b/arch/x86/lib/msr.c
@@ -1,226 +1,23 @@
 #include <linux/module.h>
 #include <linux/preempt.h>
-#include <linux/smp.h>
 #include <asm/msr.h>
 
-struct msr_info {
-        u32 msr_no;
-        struct msr reg;
-        struct msr *msrs;
-        int off;
-        int err;
-};
-
-static void __rdmsr_on_cpu(void *info)
-{
-        struct msr_info *rv = info;
-        struct msr *reg;
-        int this_cpu = raw_smp_processor_id();
-
-        if (rv->msrs)
-                reg = &rv->msrs[this_cpu - rv->off];
-        else
-                reg = &rv->reg;
-
-        rdmsr(rv->msr_no, reg->l, reg->h);
-}
-
-static void __wrmsr_on_cpu(void *info)
-{
-        struct msr_info *rv = info;
-        struct msr *reg;
-        int this_cpu = raw_smp_processor_id();
-
-        if (rv->msrs)
-                reg = &rv->msrs[this_cpu - rv->off];
-        else
-                reg = &rv->reg;
-
-        wrmsr(rv->msr_no, reg->l, reg->h);
-}
-
-int rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
-{
-        int err;
-        struct msr_info rv;
-
-        memset(&rv, 0, sizeof(rv));
-
-        rv.msr_no = msr_no;
-        err = smp_call_function_single(cpu, __rdmsr_on_cpu, &rv, 1);
-        *l = rv.reg.l;
-        *h = rv.reg.h;
-
-        return err;
-}
-EXPORT_SYMBOL(rdmsr_on_cpu);
-
-int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
-{
-        int err;
-        struct msr_info rv;
-
-        memset(&rv, 0, sizeof(rv));
-
-        rv.msr_no = msr_no;
-        rv.reg.l = l;
-        rv.reg.h = h;
-        err = smp_call_function_single(cpu, __wrmsr_on_cpu, &rv, 1);
-
-        return err;
-}
-EXPORT_SYMBOL(wrmsr_on_cpu);
-
-/* rdmsr on a bunch of CPUs
- *
- * @mask:       which CPUs
- * @msr_no:     which MSR
- * @msrs:       array of MSR values
- *
- */
-void rdmsr_on_cpus(const cpumask_t *mask, u32 msr_no, struct msr *msrs)
-{
-        struct msr_info rv;
-        int this_cpu;
-
-        memset(&rv, 0, sizeof(rv));
-
-        rv.off    = cpumask_first(mask);
-        rv.msrs   = msrs;
-        rv.msr_no = msr_no;
-
-        this_cpu = get_cpu();
-
-        if (cpumask_test_cpu(this_cpu, mask))
-                __rdmsr_on_cpu(&rv);
-
-        smp_call_function_many(mask, __rdmsr_on_cpu, &rv, 1);
-        put_cpu();
-}
-EXPORT_SYMBOL(rdmsr_on_cpus);
-
-/*
- * wrmsr on a bunch of CPUs
- *
- * @mask:       which CPUs
- * @msr_no:     which MSR
- * @msrs:       array of MSR values
- *
- */
-void wrmsr_on_cpus(const cpumask_t *mask, u32 msr_no, struct msr *msrs)
-{
-        struct msr_info rv;
-        int this_cpu;
-
-        memset(&rv, 0, sizeof(rv));
-
-        rv.off    = cpumask_first(mask);
-        rv.msrs   = msrs;
-        rv.msr_no = msr_no;
-
-        this_cpu = get_cpu();
-
-        if (cpumask_test_cpu(this_cpu, mask))
-                __wrmsr_on_cpu(&rv);
-
-        smp_call_function_many(mask, __wrmsr_on_cpu, &rv, 1);
-        put_cpu();
-}
-EXPORT_SYMBOL(wrmsr_on_cpus);
-
-/* These "safe" variants are slower and should be used when the target MSR
-   may not actually exist. */
-static void __rdmsr_safe_on_cpu(void *info)
-{
-        struct msr_info *rv = info;
-
-        rv->err = rdmsr_safe(rv->msr_no, &rv->reg.l, &rv->reg.h);
-}
-
-static void __wrmsr_safe_on_cpu(void *info)
-{
-        struct msr_info *rv = info;
-
-        rv->err = wrmsr_safe(rv->msr_no, rv->reg.l, rv->reg.h);
-}
-
-int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
+struct msr *msrs_alloc(void)
 {
-        int err;
-        struct msr_info rv;
+        struct msr *msrs = NULL;
 
-        memset(&rv, 0, sizeof(rv));
+        msrs = alloc_percpu(struct msr);
+        if (!msrs) {
+                pr_warning("%s: error allocating msrs\n", __func__);
+                return NULL;
+        }
 
-        rv.msr_no = msr_no;
-        err = smp_call_function_single(cpu, __rdmsr_safe_on_cpu, &rv, 1);
-        *l = rv.reg.l;
-        *h = rv.reg.h;
-
-        return err ? err : rv.err;
+        return msrs;
 }
-EXPORT_SYMBOL(rdmsr_safe_on_cpu);
+EXPORT_SYMBOL(msrs_alloc);
 
-int wrmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
+void msrs_free(struct msr *msrs)
 {
-        int err;
-        struct msr_info rv;
-
-        memset(&rv, 0, sizeof(rv));
-
-        rv.msr_no = msr_no;
-        rv.reg.l = l;
-        rv.reg.h = h;
-        err = smp_call_function_single(cpu, __wrmsr_safe_on_cpu, &rv, 1);
-
-        return err ? err : rv.err;
-}
-EXPORT_SYMBOL(wrmsr_safe_on_cpu);
-
-/*
- * These variants are significantly slower, but allows control over
- * the entire 32-bit GPR set.
- */
-struct msr_regs_info {
-        u32 *regs;
-        int err;
-};
-
-static void __rdmsr_safe_regs_on_cpu(void *info)
-{
-        struct msr_regs_info *rv = info;
-
-        rv->err = rdmsr_safe_regs(rv->regs);
-}
-
-static void __wrmsr_safe_regs_on_cpu(void *info)
-{
-        struct msr_regs_info *rv = info;
-
-        rv->err = wrmsr_safe_regs(rv->regs);
-}
-
-int rdmsr_safe_regs_on_cpu(unsigned int cpu, u32 *regs)
-{
-        int err;
-        struct msr_regs_info rv;
-
-        rv.regs   = regs;
-        rv.err    = -EIO;
-        err = smp_call_function_single(cpu, __rdmsr_safe_regs_on_cpu, &rv, 1);
-
-        return err ? err : rv.err;
-}
-EXPORT_SYMBOL(rdmsr_safe_regs_on_cpu);
-
-int wrmsr_safe_regs_on_cpu(unsigned int cpu, u32 *regs)
-{
-        int err;
-        struct msr_regs_info rv;
-
-        rv.regs = regs;
-        rv.err  = -EIO;
-        err = smp_call_function_single(cpu, __wrmsr_safe_regs_on_cpu, &rv, 1);
-
-        return err ? err : rv.err;
+        free_percpu(msrs);
 }
-EXPORT_SYMBOL(wrmsr_safe_regs_on_cpu);
+EXPORT_SYMBOL(msrs_free);
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
index 1f118d462acc..e218d5df85ff 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -874,7 +874,7 @@ EXPORT_SYMBOL(copy_to_user);
  * data to the requested size using zero bytes.
  */
 unsigned long
-copy_from_user(void *to, const void __user *from, unsigned long n)
+_copy_from_user(void *to, const void __user *from, unsigned long n)
 {
         if (access_ok(VERIFY_READ, from, n))
                 n = __copy_from_user(to, from, n);
@@ -882,4 +882,10 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
                 memset(to, 0, n);
         return n;
 }
-EXPORT_SYMBOL(copy_from_user);
+EXPORT_SYMBOL(_copy_from_user);
+
+void copy_from_user_overflow(void)
+{
+        WARN(1, "Buffer overflow detected!\n");
+}
+EXPORT_SYMBOL(copy_from_user_overflow);
diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt
new file mode 100644
index 000000000000..a793da5e560e
--- /dev/null
+++ b/arch/x86/lib/x86-opcode-map.txt
@@ -0,0 +1,893 @@
+# x86 Opcode Maps
+#
+#<Opcode maps>
+# Table: table-name
+# Referrer: escaped-name
+# AVXcode: avx-code
+# opcode: mnemonic|GrpXXX [operand1[,operand2...]] [(extra1)[,(extra2)...] [| 2nd-mnemonic ...]
+# (or)
+# opcode: escape # escaped-name
+# EndTable
+#
+#<group maps>
+# GrpTable: GrpXXX
+# reg:  mnemonic [operand1[,operand2...]] [(extra1)[,(extra2)...] [| 2nd-mnemonic ...]
+# EndTable
+#
+# AVX Superscripts
+#  (VEX): this opcode can accept VEX prefix.
+#  (oVEX): this opcode requires VEX prefix.
+#  (o128): this opcode only supports 128bit VEX.
+#  (o256): this opcode only supports 256bit VEX.
+#
+
+Table: one byte opcode
+Referrer:
+AVXcode:
+# 0x00 - 0x0f
+00: ADD Eb,Gb
+01: ADD Ev,Gv
+02: ADD Gb,Eb
+03: ADD Gv,Ev
+04: ADD AL,Ib
+05: ADD rAX,Iz
+06: PUSH ES (i64)
+07: POP ES (i64)
+08: OR Eb,Gb
+09: OR Ev,Gv
+0a: OR Gb,Eb
+0b: OR Gv,Ev
+0c: OR AL,Ib
+0d: OR rAX,Iz
+0e: PUSH CS (i64)
+0f: escape # 2-byte escape
+# 0x10 - 0x1f
+10: ADC Eb,Gb
+11: ADC Ev,Gv
+12: ADC Gb,Eb
+13: ADC Gv,Ev
+14: ADC AL,Ib
+15: ADC rAX,Iz
+16: PUSH SS (i64)
+17: POP SS (i64)
+18: SBB Eb,Gb
+19: SBB Ev,Gv
+1a: SBB Gb,Eb
+1b: SBB Gv,Ev
+1c: SBB AL,Ib
+1d: SBB rAX,Iz
+1e: PUSH DS (i64)
+1f: POP DS (i64)
+# 0x20 - 0x2f
+20: AND Eb,Gb
+21: AND Ev,Gv
+22: AND Gb,Eb
+23: AND Gv,Ev
+24: AND AL,Ib
+25: AND rAx,Iz
+26: SEG=ES (Prefix)
+27: DAA (i64)
+28: SUB Eb,Gb
+29: SUB Ev,Gv
+2a: SUB Gb,Eb
+2b: SUB Gv,Ev
+2c: SUB AL,Ib
+2d: SUB rAX,Iz
+2e: SEG=CS (Prefix)
+2f: DAS (i64)
+# 0x30 - 0x3f
+30: XOR Eb,Gb
+31: XOR Ev,Gv
+32: XOR Gb,Eb
+33: XOR Gv,Ev
+34: XOR AL,Ib
+35: XOR rAX,Iz
+36: SEG=SS (Prefix)
+37: AAA (i64)
+38: CMP Eb,Gb
+39: CMP Ev,Gv
+3a: CMP Gb,Eb
+3b: CMP Gv,Ev
+3c: CMP AL,Ib
+3d: CMP rAX,Iz
+3e: SEG=DS (Prefix)
+3f: AAS (i64)
+# 0x40 - 0x4f
+40: INC eAX (i64) | REX (o64)
+41: INC eCX (i64) | REX.B (o64)
+42: INC eDX (i64) | REX.X (o64)
+43: INC eBX (i64) | REX.XB (o64)
+44: INC eSP (i64) | REX.R (o64)
+45: INC eBP (i64) | REX.RB (o64)
+46: INC eSI (i64) | REX.RX (o64)
+47: INC eDI (i64) | REX.RXB (o64)
+48: DEC eAX (i64) | REX.W (o64)
+49: DEC eCX (i64) | REX.WB (o64)
+4a: DEC eDX (i64) | REX.WX (o64)
+4b: DEC eBX (i64) | REX.WXB (o64)
+4c: DEC eSP (i64) | REX.WR (o64)
+4d: DEC eBP (i64) | REX.WRB (o64)
+4e: DEC eSI (i64) | REX.WRX (o64)
+4f: DEC eDI (i64) | REX.WRXB (o64)
+# 0x50 - 0x5f
+50: PUSH rAX/r8 (d64)
+51: PUSH rCX/r9 (d64)
+52: PUSH rDX/r10 (d64)
+53: PUSH rBX/r11 (d64)
+54: PUSH rSP/r12 (d64)
+55: PUSH rBP/r13 (d64)
+56: PUSH rSI/r14 (d64)
+57: PUSH rDI/r15 (d64)
+58: POP rAX/r8 (d64)
+59: POP rCX/r9 (d64)
+5a: POP rDX/r10 (d64)
+5b: POP rBX/r11 (d64)
+5c: POP rSP/r12 (d64)
+5d: POP rBP/r13 (d64)
+5e: POP rSI/r14 (d64)
+5f: POP rDI/r15 (d64)
+# 0x60 - 0x6f
+60: PUSHA/PUSHAD (i64)
+61: POPA/POPAD (i64)
+62: BOUND Gv,Ma (i64)
+63: ARPL Ew,Gw (i64) | MOVSXD Gv,Ev (o64)
+64: SEG=FS (Prefix)
+65: SEG=GS (Prefix)
+66: Operand-Size (Prefix)
+67: Address-Size (Prefix)
+68: PUSH Iz (d64)
+69: IMUL Gv,Ev,Iz
+6a: PUSH Ib (d64)
+6b: IMUL Gv,Ev,Ib
+6c: INS/INSB Yb,DX
+6d: INS/INSW/INSD Yz,DX
+6e: OUTS/OUTSB DX,Xb
+6f: OUTS/OUTSW/OUTSD DX,Xz
+# 0x70 - 0x7f
+70: JO Jb
+71: JNO Jb
+72: JB/JNAE/JC Jb
+73: JNB/JAE/JNC Jb
+74: JZ/JE Jb
+75: JNZ/JNE Jb
+76: JBE/JNA Jb
+77: JNBE/JA Jb
+78: JS Jb
+79: JNS Jb
+7a: JP/JPE Jb
+7b: JNP/JPO Jb
+7c: JL/JNGE Jb
+7d: JNL/JGE Jb
+7e: JLE/JNG Jb
+7f: JNLE/JG Jb
+# 0x80 - 0x8f
+80: Grp1 Eb,Ib (1A)
+81: Grp1 Ev,Iz (1A)
+82: Grp1 Eb,Ib (1A),(i64)
+83: Grp1 Ev,Ib (1A)
+84: TEST Eb,Gb
+85: TEST Ev,Gv
+86: XCHG Eb,Gb
+87: XCHG Ev,Gv
+88: MOV Eb,Gb
+89: MOV Ev,Gv
+8a: MOV Gb,Eb
+8b: MOV Gv,Ev
+8c: MOV Ev,Sw
+8d: LEA Gv,M
+8e: MOV Sw,Ew
+8f: Grp1A (1A) | POP Ev (d64)
+# 0x90 - 0x9f
+90: NOP | PAUSE (F3) | XCHG r8,rAX
+91: XCHG rCX/r9,rAX
+92: XCHG rDX/r10,rAX
+93: XCHG rBX/r11,rAX
+94: XCHG rSP/r12,rAX
+95: XCHG rBP/r13,rAX
+96: XCHG rSI/r14,rAX
+97: XCHG rDI/r15,rAX
+98: CBW/CWDE/CDQE
+99: CWD/CDQ/CQO
+9a: CALLF Ap (i64)
+9b: FWAIT/WAIT
+9c: PUSHF/D/Q Fv (d64)
+9d: POPF/D/Q Fv (d64)
+9e: SAHF
+9f: LAHF
+# 0xa0 - 0xaf
+a0: MOV AL,Ob
+a1: MOV rAX,Ov
+a2: MOV Ob,AL
+a3: MOV Ov,rAX
+a4: MOVS/B Xb,Yb
+a5: MOVS/W/D/Q Xv,Yv
+a6: CMPS/B Xb,Yb
+a7: CMPS/W/D Xv,Yv
+a8: TEST AL,Ib
+a9: TEST rAX,Iz
+aa: STOS/B Yb,AL
+ab: STOS/W/D/Q Yv,rAX
+ac: LODS/B AL,Xb
+ad: LODS/W/D/Q rAX,Xv
+ae: SCAS/B AL,Yb
+af: SCAS/W/D/Q rAX,Xv
+# 0xb0 - 0xbf
+b0: MOV AL/R8L,Ib
+b1: MOV CL/R9L,Ib
+b2: MOV DL/R10L,Ib
+b3: MOV BL/R11L,Ib
+b4: MOV AH/R12L,Ib
+b5: MOV CH/R13L,Ib
+b6: MOV DH/R14L,Ib
+b7: MOV BH/R15L,Ib
+b8: MOV rAX/r8,Iv
+b9: MOV rCX/r9,Iv
+ba: MOV rDX/r10,Iv
+bb: MOV rBX/r11,Iv
+bc: MOV rSP/r12,Iv
+bd: MOV rBP/r13,Iv
+be: MOV rSI/r14,Iv
+bf: MOV rDI/r15,Iv
+# 0xc0 - 0xcf
+c0: Grp2 Eb,Ib (1A)
+c1: Grp2 Ev,Ib (1A)
+c2: RETN Iw (f64)
+c3: RETN
+c4: LES Gz,Mp (i64) | 3bytes-VEX (Prefix)
+c5: LDS Gz,Mp (i64) | 2bytes-VEX (Prefix)
+c6: Grp11 Eb,Ib (1A)
+c7: Grp11 Ev,Iz (1A)
+c8: ENTER Iw,Ib
+c9: LEAVE (d64)
+ca: RETF Iw
+cb: RETF
+cc: INT3
+cd: INT Ib
+ce: INTO (i64)
+cf: IRET/D/Q
+# 0xd0 - 0xdf
+d0: Grp2 Eb,1 (1A)
+d1: Grp2 Ev,1 (1A)
+d2: Grp2 Eb,CL (1A)
+d3: Grp2 Ev,CL (1A)
+d4: AAM Ib (i64)
+d5: AAD Ib (i64)
+d6:
+d7: XLAT/XLATB
+d8: ESC
+d9: ESC
+da: ESC
+db: ESC
+dc: ESC
+dd: ESC
+de: ESC
+df: ESC
+# 0xe0 - 0xef
+e0: LOOPNE/LOOPNZ Jb (f64)
+e1: LOOPE/LOOPZ Jb (f64)
+e2: LOOP Jb (f64)
+e3: JrCXZ Jb (f64)
+e4: IN AL,Ib
+e5: IN eAX,Ib
+e6: OUT Ib,AL
+e7: OUT Ib,eAX
+e8: CALL Jz (f64)
+e9: JMP-near Jz (f64)
+ea: JMP-far Ap (i64)
+eb: JMP-short Jb (f64)
+ec: IN AL,DX
+ed: IN eAX,DX
+ee: OUT DX,AL
+ef: OUT DX,eAX
+# 0xf0 - 0xff
+f0: LOCK (Prefix)
+f1:
+f2: REPNE (Prefix)
+f3: REP/REPE (Prefix)
+f4: HLT
+f5: CMC
+f6: Grp3_1 Eb (1A)
+f7: Grp3_2 Ev (1A)
+f8: CLC
+f9: STC
+fa: CLI
+fb: STI
+fc: CLD
+fd: STD
+fe: Grp4 (1A)
+ff: Grp5 (1A)
+EndTable
+
+Table: 2-byte opcode (0x0f)
+Referrer: 2-byte escape
+AVXcode: 1
+# 0x0f 0x00-0x0f
+00: Grp6 (1A)
+01: Grp7 (1A)
+02: LAR Gv,Ew
+03: LSL Gv,Ew
+04:
+05: SYSCALL (o64)
+06: CLTS
+07: SYSRET (o64)
+08: INVD
+09: WBINVD
+0a:
+0b: UD2 (1B)
+0c:
+0d: NOP Ev | GrpP
+0e: FEMMS
+# 3DNow! uses the last imm byte as opcode extension.
+0f: 3DNow! Pq,Qq,Ib
+# 0x0f 0x10-0x1f
+10: movups Vps,Wps (VEX) | movss Vss,Wss (F3),(VEX),(o128) | movupd Vpd,Wpd (66),(VEX) | movsd Vsd,Wsd (F2),(VEX),(o128)
+11: movups Wps,Vps (VEX) | movss Wss,Vss (F3),(VEX),(o128) | movupd Wpd,Vpd (66),(VEX) | movsd Wsd,Vsd (F2),(VEX),(o128)
+12: movlps Vq,Mq (VEX),(o128) | movlpd Vq,Mq (66),(VEX),(o128) | movhlps Vq,Uq (VEX),(o128) | movddup Vq,Wq (F2),(VEX) | movsldup Vq,Wq (F3),(VEX)
+13: mpvlps Mq,Vq (VEX),(o128) | movlpd Mq,Vq (66),(VEX),(o128)
+14: unpcklps Vps,Wq (VEX) | unpcklpd Vpd,Wq (66),(VEX)
+15: unpckhps Vps,Wq (VEX) | unpckhpd Vpd,Wq (66),(VEX)
+16: movhps Vq,Mq (VEX),(o128) | movhpd Vq,Mq (66),(VEX),(o128) | movlsps Vq,Uq (VEX),(o128) | movshdup Vq,Wq (F3),(VEX)
+17: movhps Mq,Vq (VEX),(o128) | movhpd Mq,Vq (66),(VEX),(o128)
+18: Grp16 (1A)
+19:
+1a:
+1b:
+1c:
+1d:
+1e:
+1f: NOP Ev
+# 0x0f 0x20-0x2f
+20: MOV Rd,Cd
+21: MOV Rd,Dd
+22: MOV Cd,Rd
+23: MOV Dd,Rd
+24:
+25:
+26:
+27:
+28: movaps Vps,Wps (VEX) | movapd Vpd,Wpd (66),(VEX)
+29: movaps Wps,Vps (VEX) | movapd Wpd,Vpd (66),(VEX)
+2a: cvtpi2ps Vps,Qpi | cvtsi2ss Vss,Ed/q (F3),(VEX),(o128) | cvtpi2pd Vpd,Qpi (66) | cvtsi2sd Vsd,Ed/q (F2),(VEX),(o128)
+2b: movntps Mps,Vps (VEX) | movntpd Mpd,Vpd (66),(VEX)
+2c: cvttps2pi Ppi,Wps | cvttss2si  Gd/q,Wss (F3),(VEX),(o128) | cvttpd2pi Ppi,Wpd (66) | cvttsd2si Gd/q,Wsd (F2),(VEX),(o128)
+2d: cvtps2pi Ppi,Wps | cvtss2si Gd/q,Wss (F3),(VEX),(o128) | cvtpd2pi Qpi,Wpd (66) | cvtsd2si Gd/q,Wsd (F2),(VEX),(o128)
+2e: ucomiss Vss,Wss (VEX),(o128) | ucomisd  Vsd,Wsd (66),(VEX),(o128)
+2f: comiss Vss,Wss (VEX),(o128) | comisd  Vsd,Wsd (66),(VEX),(o128)
+# 0x0f 0x30-0x3f
+30: WRMSR
+31: RDTSC
+32: RDMSR
+33: RDPMC
+34: SYSENTER
+35: SYSEXIT
+36:
+37: GETSEC
+38: escape # 3-byte escape 1
+39:
+3a: escape # 3-byte escape 2
+3b:
+3c:
+3d:
+3e:
+3f:
+# 0x0f 0x40-0x4f
+40: CMOVO Gv,Ev
+41: CMOVNO Gv,Ev
+42: CMOVB/C/NAE Gv,Ev
+43: CMOVAE/NB/NC Gv,Ev
+44: CMOVE/Z Gv,Ev
+45: CMOVNE/NZ Gv,Ev
+46: CMOVBE/NA Gv,Ev
+47: CMOVA/NBE Gv,Ev
+48: CMOVS Gv,Ev
+49: CMOVNS Gv,Ev
+4a: CMOVP/PE Gv,Ev
+4b: CMOVNP/PO Gv,Ev
+4c: CMOVL/NGE Gv,Ev
+4d: CMOVNL/GE Gv,Ev
+4e: CMOVLE/NG Gv,Ev
+4f: CMOVNLE/G Gv,Ev
+# 0x0f 0x50-0x5f
+50: movmskps Gd/q,Ups (VEX) | movmskpd Gd/q,Upd (66),(VEX)
+51: sqrtps Vps,Wps (VEX) | sqrtss Vss,Wss (F3),(VEX),(o128) | sqrtpd Vpd,Wpd (66),(VEX) | sqrtsd Vsd,Wsd (F2),(VEX),(o128)
+52: rsqrtps Vps,Wps (VEX) | rsqrtss Vss,Wss (F3),(VEX),(o128)
+53: rcpps Vps,Wps (VEX) | rcpss Vss,Wss (F3),(VEX),(o128)
+54: andps Vps,Wps (VEX) | andpd Vpd,Wpd (66),(VEX)
+55: andnps Vps,Wps (VEX) | andnpd Vpd,Wpd (66),(VEX)
+56: orps Vps,Wps (VEX) | orpd Vpd,Wpd (66),(VEX)
+57: xorps Vps,Wps (VEX) | xorpd Vpd,Wpd (66),(VEX)
+58: addps Vps,Wps (VEX) | addss Vss,Wss (F3),(VEX),(o128) | addpd Vpd,Wpd (66),(VEX) | addsd Vsd,Wsd (F2),(VEX),(o128)
+59: mulps Vps,Wps (VEX) | mulss Vss,Wss (F3),(VEX),(o128) | mulpd Vpd,Wpd (66),(VEX) | mulsd Vsd,Wsd (F2),(VEX),(o128)
+5a: cvtps2pd Vpd,Wps (VEX) | cvtss2sd Vsd,Wss (F3),(VEX),(o128) | cvtpd2ps Vps,Wpd (66),(VEX) | cvtsd2ss Vsd,Wsd (F2),(VEX),(o128)
+5b: cvtdq2ps Vps,Wdq (VEX) | cvtps2dq Vdq,Wps (66),(VEX) | cvttps2dq Vdq,Wps (F3),(VEX)
+5c: subps Vps,Wps (VEX) | subss Vss,Wss (F3),(VEX),(o128) | subpd Vpd,Wpd (66),(VEX) | subsd Vsd,Wsd (F2),(VEX),(o128)
+5d: minps Vps,Wps (VEX) | minss Vss,Wss (F3),(VEX),(o128) | minpd Vpd,Wpd (66),(VEX) | minsd Vsd,Wsd (F2),(VEX),(o128)
+5e: divps Vps,Wps (VEX) | divss Vss,Wss (F3),(VEX),(o128) | divpd Vpd,Wpd (66),(VEX) | divsd Vsd,Wsd (F2),(VEX),(o128)
+5f: maxps Vps,Wps (VEX) | maxss Vss,Wss (F3),(VEX),(o128) | maxpd Vpd,Wpd (66),(VEX) | maxsd Vsd,Wsd (F2),(VEX),(o128)
+# 0x0f 0x60-0x6f
+60: punpcklbw Pq,Qd | punpcklbw Vdq,Wdq (66),(VEX),(o128)
+61: punpcklwd Pq,Qd | punpcklwd Vdq,Wdq (66),(VEX),(o128)
+62: punpckldq Pq,Qd | punpckldq Vdq,Wdq (66),(VEX),(o128)
+63: packsswb Pq,Qq | packsswb Vdq,Wdq (66),(VEX),(o128)
+64: pcmpgtb Pq,Qq | pcmpgtb Vdq,Wdq (66),(VEX),(o128)
+65: pcmpgtw Pq,Qq | pcmpgtw Vdq,Wdq (66),(VEX),(o128)
+66: pcmpgtd Pq,Qq | pcmpgtd Vdq,Wdq (66),(VEX),(o128)
+67: packuswb Pq,Qq | packuswb Vdq,Wdq (66),(VEX),(o128)
+68: punpckhbw Pq,Qd | punpckhbw Vdq,Wdq (66),(VEX),(o128)
+69: punpckhwd Pq,Qd | punpckhwd Vdq,Wdq (66),(VEX),(o128)
+6a: punpckhdq Pq,Qd | punpckhdq Vdq,Wdq (66),(VEX),(o128)
+6b: packssdw Pq,Qd | packssdw Vdq,Wdq (66),(VEX),(o128)
+6c: punpcklqdq Vdq,Wdq (66),(VEX),(o128)
+6d: punpckhqdq Vdq,Wdq (66),(VEX),(o128)
+6e: movd/q/ Pd,Ed/q | movd/q Vdq,Ed/q (66),(VEX),(o128)
+6f: movq Pq,Qq | movdqa Vdq,Wdq (66),(VEX) | movdqu Vdq,Wdq (F3),(VEX)
+# 0x0f 0x70-0x7f
+70: pshufw Pq,Qq,Ib | pshufd Vdq,Wdq,Ib (66),(VEX),(o128) | pshufhw Vdq,Wdq,Ib (F3),(VEX),(o128) | pshuflw VdqWdq,Ib (F2),(VEX),(o128)
+71: Grp12 (1A)
+72: Grp13 (1A)
+73: Grp14 (1A)
+74: pcmpeqb Pq,Qq | pcmpeqb Vdq,Wdq (66),(VEX),(o128)
+75: pcmpeqw Pq,Qq | pcmpeqw Vdq,Wdq (66),(VEX),(o128)
+76: pcmpeqd Pq,Qq | pcmpeqd Vdq,Wdq (66),(VEX),(o128)
+77: emms/vzeroupper/vzeroall (VEX)
+78: VMREAD Ed/q,Gd/q
+79: VMWRITE Gd/q,Ed/q
+7a:
+7b:
+7c: haddps Vps,Wps (F2),(VEX) | haddpd Vpd,Wpd (66),(VEX)
+7d: hsubps Vps,Wps (F2),(VEX) | hsubpd Vpd,Wpd (66),(VEX)
+7e: movd/q Ed/q,Pd | movd/q Ed/q,Vdq (66),(VEX),(o128) | movq Vq,Wq (F3),(VEX),(o128)
+7f: movq Qq,Pq | movdqa Wdq,Vdq (66),(VEX) | movdqu Wdq,Vdq (F3),(VEX)
+# 0x0f 0x80-0x8f
+80: JO Jz (f64)
+81: JNO Jz (f64)
+82: JB/JNAE/JC Jz (f64)
+83: JNB/JAE/JNC Jz (f64)
+84: JZ/JE Jz (f64)
+85: JNZ/JNE Jz (f64)
+86: JBE/JNA Jz (f64)
+87: JNBE/JA Jz (f64)
+88: JS Jz (f64)
+89: JNS Jz (f64)
+8a: JP/JPE Jz (f64)
+8b: JNP/JPO Jz (f64)
+8c: JL/JNGE Jz (f64)
+8d: JNL/JGE Jz (f64)
+8e: JLE/JNG Jz (f64)
+8f: JNLE/JG Jz (f64)
+# 0x0f 0x90-0x9f
+90: SETO Eb
+91: SETNO Eb
+92: SETB/C/NAE Eb
+93: SETAE/NB/NC Eb
+94: SETE/Z Eb
+95: SETNE/NZ Eb
+96: SETBE/NA Eb
+97: SETA/NBE Eb
+98: SETS Eb
+99: SETNS Eb
+9a: SETP/PE Eb
+9b: SETNP/PO Eb
+9c: SETL/NGE Eb
+9d: SETNL/GE Eb
+9e: SETLE/NG Eb
+9f: SETNLE/G Eb
+# 0x0f 0xa0-0xaf
+a0: PUSH FS (d64)
+a1: POP FS (d64)
+a2: CPUID
+a3: BT Ev,Gv
+a4: SHLD Ev,Gv,Ib
+a5: SHLD Ev,Gv,CL
+a6: GrpPDLK
+a7: GrpRNG
+a8: PUSH GS (d64)
+a9: POP GS (d64)
+aa: RSM
+ab: BTS Ev,Gv
+ac: SHRD Ev,Gv,Ib
+ad: SHRD Ev,Gv,CL
+ae: Grp15 (1A),(1C)
+af: IMUL Gv,Ev
+# 0x0f 0xb0-0xbf
+b0: CMPXCHG Eb,Gb
+b1: CMPXCHG Ev,Gv
+b2: LSS Gv,Mp
+b3: BTR Ev,Gv
+b4: LFS Gv,Mp
+b5: LGS Gv,Mp
+b6: MOVZX Gv,Eb
+b7: MOVZX Gv,Ew
+b8: JMPE | POPCNT Gv,Ev (F3)
+b9: Grp10 (1A)
+ba: Grp8 Ev,Ib (1A)
+bb: BTC Ev,Gv
+bc: BSF Gv,Ev
+bd: BSR Gv,Ev
+be: MOVSX Gv,Eb
+bf: MOVSX Gv,Ew
+# 0x0f 0xc0-0xcf
+c0: XADD Eb,Gb
+c1: XADD Ev,Gv
+c2: cmpps Vps,Wps,Ib (VEX) | cmpss Vss,Wss,Ib (F3),(VEX),(o128) | cmppd Vpd,Wpd,Ib (66),(VEX) | cmpsd Vsd,Wsd,Ib (F2),(VEX)
+c3: movnti Md/q,Gd/q
+c4: pinsrw Pq,Rd/q/Mw,Ib | pinsrw Vdq,Rd/q/Mw,Ib (66),(VEX),(o128)
+c5: pextrw Gd,Nq,Ib | pextrw Gd,Udq,Ib (66),(VEX),(o128)
+c6: shufps Vps,Wps,Ib (VEX) | shufpd Vpd,Wpd,Ib (66),(VEX)
+c7: Grp9 (1A)
+c8: BSWAP RAX/EAX/R8/R8D
+c9: BSWAP RCX/ECX/R9/R9D
+ca: BSWAP RDX/EDX/R10/R10D
+cb: BSWAP RBX/EBX/R11/R11D
+cc: BSWAP RSP/ESP/R12/R12D
+cd: BSWAP RBP/EBP/R13/R13D
+ce: BSWAP RSI/ESI/R14/R14D
+cf: BSWAP RDI/EDI/R15/R15D
+# 0x0f 0xd0-0xdf
+d0: addsubps Vps,Wps (F2),(VEX) | addsubpd Vpd,Wpd (66),(VEX)
+d1: psrlw Pq,Qq | psrlw Vdq,Wdq (66),(VEX),(o128)
+d2: psrld Pq,Qq | psrld Vdq,Wdq (66),(VEX),(o128)
+d3: psrlq Pq,Qq | psrlq Vdq,Wdq (66),(VEX),(o128)
+d4: paddq Pq,Qq | paddq Vdq,Wdq (66),(VEX),(o128)
+d5: pmullw Pq,Qq | pmullw Vdq,Wdq (66),(VEX),(o128)
+d6: movq Wq,Vq (66),(VEX),(o128) | movq2dq Vdq,Nq (F3) | movdq2q Pq,Uq (F2)
+d7: pmovmskb Gd,Nq | pmovmskb Gd,Udq (66),(VEX),(o128)
+d8: psubusb Pq,Qq | psubusb Vdq,Wdq (66),(VEX),(o128)
+d9: psubusw Pq,Qq | psubusw Vdq,Wdq (66),(VEX),(o128)
+da: pminub Pq,Qq | pminub Vdq,Wdq (66),(VEX),(o128)
+db: pand Pq,Qq | pand Vdq,Wdq (66),(VEX),(o128)
+dc: paddusb Pq,Qq | paddusb Vdq,Wdq (66),(VEX),(o128)
+dd: paddusw Pq,Qq | paddusw Vdq,Wdq (66),(VEX),(o128)
+de: pmaxub Pq,Qq | pmaxub Vdq,Wdq (66),(VEX),(o128)
+df: pandn Pq,Qq | pandn Vdq,Wdq (66),(VEX),(o128)
+# 0x0f 0xe0-0xef
+e0: pavgb Pq,Qq | pavgb Vdq,Wdq (66),(VEX),(o128)
+e1: psraw Pq,Qq | psraw Vdq,Wdq (66),(VEX),(o128)
+e2: psrad Pq,Qq | psrad Vdq,Wdq (66),(VEX),(o128)
+e3: pavgw Pq,Qq | pavgw Vdq,Wdq (66),(VEX),(o128)
+e4: pmulhuw Pq,Qq | pmulhuw Vdq,Wdq (66),(VEX),(o128)
+e5: pmulhw Pq,Qq | pmulhw Vdq,Wdq (66),(VEX),(o128)
+e6: cvtpd2dq Vdq,Wpd (F2),(VEX) | cvttpd2dq Vdq,Wpd (66),(VEX) | cvtdq2pd Vpd,Wdq (F3),(VEX)
+e7: movntq Mq,Pq | movntdq Mdq,Vdq (66),(VEX)
+e8: psubsb Pq,Qq | psubsb Vdq,Wdq (66),(VEX),(o128)
+e9: psubsw Pq,Qq | psubsw Vdq,Wdq (66),(VEX),(o128)
+ea: pminsw Pq,Qq | pminsw Vdq,Wdq (66),(VEX),(o128)
+eb: por Pq,Qq | por Vdq,Wdq (66),(VEX),(o128)
+ec: paddsb Pq,Qq | paddsb Vdq,Wdq (66),(VEX),(o128)
+ed: paddsw Pq,Qq | paddsw Vdq,Wdq (66),(VEX),(o128)
+ee: pmaxsw Pq,Qq | pmaxsw Vdq,Wdq (66),(VEX),(o128)
+ef: pxor Pq,Qq | pxor Vdq,Wdq (66),(VEX),(o128)
+# 0x0f 0xf0-0xff
+f0: lddqu Vdq,Mdq (F2),(VEX)
+f1: psllw Pq,Qq | psllw Vdq,Wdq (66),(VEX),(o128)
+f2: pslld Pq,Qq | pslld Vdq,Wdq (66),(VEX),(o128)
+f3: psllq Pq,Qq | psllq Vdq,Wdq (66),(VEX),(o128)
+f4: pmuludq Pq,Qq | pmuludq Vdq,Wdq (66),(VEX),(o128)
+f5: pmaddwd Pq,Qq | pmaddwd Vdq,Wdq (66),(VEX),(o128)
+f6: psadbw Pq,Qq | psadbw Vdq,Wdq (66),(VEX),(o128)
+f7: maskmovq Pq,Nq | maskmovdqu Vdq,Udq (66),(VEX),(o128)
+f8: psubb Pq,Qq | psubb Vdq,Wdq (66),(VEX),(o128)
+f9: psubw Pq,Qq | psubw Vdq,Wdq (66),(VEX),(o128)
+fa: psubd Pq,Qq | psubd Vdq,Wdq (66),(VEX),(o128)
+fb: psubq Pq,Qq | psubq Vdq,Wdq (66),(VEX),(o128)
+fc: paddb Pq,Qq | paddb Vdq,Wdq (66),(VEX),(o128)
+fd: paddw Pq,Qq | paddw Vdq,Wdq (66),(VEX),(o128)
+fe: paddd Pq,Qq | paddd Vdq,Wdq (66),(VEX),(o128)
+ff:
+EndTable
+
+Table: 3-byte opcode 1 (0x0f 0x38)
+Referrer: 3-byte escape 1
+AVXcode: 2
+# 0x0f 0x38 0x00-0x0f
+00: pshufb Pq,Qq | pshufb Vdq,Wdq (66),(VEX),(o128)
+01: phaddw Pq,Qq | phaddw Vdq,Wdq (66),(VEX),(o128)
+02: phaddd Pq,Qq | phaddd Vdq,Wdq (66),(VEX),(o128)
+03: phaddsw Pq,Qq | phaddsw Vdq,Wdq (66),(VEX),(o128)
+04: pmaddubsw Pq,Qq | pmaddubsw Vdq,Wdq (66),(VEX),(o128)
+05: phsubw Pq,Qq | phsubw Vdq,Wdq (66),(VEX),(o128)
+06: phsubd Pq,Qq | phsubd Vdq,Wdq (66),(VEX),(o128)
+07: phsubsw Pq,Qq | phsubsw Vdq,Wdq (66),(VEX),(o128)
+08: psignb Pq,Qq | psignb Vdq,Wdq (66),(VEX),(o128)
+09: psignw Pq,Qq | psignw Vdq,Wdq (66),(VEX),(o128)
+0a: psignd Pq,Qq | psignd Vdq,Wdq (66),(VEX),(o128)
+0b: pmulhrsw Pq,Qq | pmulhrsw Vdq,Wdq (66),(VEX),(o128)
+0c: Vpermilps /r (66),(oVEX)
+0d: Vpermilpd /r (66),(oVEX)
+0e: vtestps /r (66),(oVEX)
+0f: vtestpd /r (66),(oVEX)
+# 0x0f 0x38 0x10-0x1f
+10: pblendvb Vdq,Wdq (66)
+11:
+12:
+13:
+14: blendvps Vdq,Wdq (66)
+15: blendvpd Vdq,Wdq (66)
+16:
+17: ptest Vdq,Wdq (66),(VEX)
+18: vbroadcastss /r (66),(oVEX)
+19: vbroadcastsd /r (66),(oVEX),(o256)
+1a: vbroadcastf128 /r (66),(oVEX),(o256)
+1b:
+1c: pabsb Pq,Qq | pabsb Vdq,Wdq (66),(VEX),(o128)
+1d: pabsw Pq,Qq | pabsw Vdq,Wdq (66),(VEX),(o128)
+1e: pabsd Pq,Qq | pabsd Vdq,Wdq (66),(VEX),(o128)
+1f:
+# 0x0f 0x38 0x20-0x2f
+20: pmovsxbw Vdq,Udq/Mq (66),(VEX),(o128)
+21: pmovsxbd Vdq,Udq/Md (66),(VEX),(o128)
+22: pmovsxbq Vdq,Udq/Mw (66),(VEX),(o128)
+23: pmovsxwd Vdq,Udq/Mq (66),(VEX),(o128)
+24: pmovsxwq Vdq,Udq/Md (66),(VEX),(o128)
+25: pmovsxdq Vdq,Udq/Mq (66),(VEX),(o128)
+26:
+27:
+28: pmuldq Vdq,Wdq (66),(VEX),(o128)
+29: pcmpeqq Vdq,Wdq (66),(VEX),(o128)
+2a: movntdqa Vdq,Mdq (66),(VEX),(o128)
+2b: packusdw Vdq,Wdq (66),(VEX),(o128)
+2c: vmaskmovps(ld) /r (66),(oVEX)
+2d: vmaskmovpd(ld) /r (66),(oVEX)
+2e: vmaskmovps(st) /r (66),(oVEX)
+2f: vmaskmovpd(st) /r (66),(oVEX)
+# 0x0f 0x38 0x30-0x3f
+30: pmovzxbw Vdq,Udq/Mq (66),(VEX),(o128)
+31: pmovzxbd Vdq,Udq/Md (66),(VEX),(o128)
+32: pmovzxbq Vdq,Udq/Mw (66),(VEX),(o128)
+33: pmovzxwd Vdq,Udq/Mq (66),(VEX),(o128)
+34: pmovzxwq Vdq,Udq/Md (66),(VEX),(o128)
+35: pmovzxdq Vdq,Udq/Mq (66),(VEX),(o128)
+36:
+37: pcmpgtq Vdq,Wdq (66),(VEX),(o128)
+38: pminsb Vdq,Wdq (66),(VEX),(o128)
+39: pminsd Vdq,Wdq (66),(VEX),(o128)
+3a: pminuw Vdq,Wdq (66),(VEX),(o128)
+3b: pminud Vdq,Wdq (66),(VEX),(o128)
+3c: pmaxsb Vdq,Wdq (66),(VEX),(o128)
+3d: pmaxsd Vdq,Wdq (66),(VEX),(o128)
+3e: pmaxuw Vdq,Wdq (66),(VEX),(o128)
+3f: pmaxud Vdq,Wdq (66),(VEX),(o128)
+# 0x0f 0x38 0x40-0x8f
+40: pmulld Vdq,Wdq (66),(VEX),(o128)
+41: phminposuw Vdq,Wdq (66),(VEX),(o128)
+80: INVEPT Gd/q,Mdq (66)
+81: INVPID Gd/q,Mdq (66)
+# 0x0f 0x38 0x90-0xbf (FMA)
+96: vfmaddsub132pd/ps /r (66),(VEX)
+97: vfmsubadd132pd/ps /r (66),(VEX)
+98: vfmadd132pd/ps /r (66),(VEX)
+99: vfmadd132sd/ss /r (66),(VEX),(o128)
+9a: vfmsub132pd/ps /r (66),(VEX)
+9b: vfmsub132sd/ss /r (66),(VEX),(o128)
+9c: vfnmadd132pd/ps /r (66),(VEX)
+9d: vfnmadd132sd/ss /r (66),(VEX),(o128)
+9e: vfnmsub132pd/ps /r (66),(VEX)
+9f: vfnmsub132sd/ss /r (66),(VEX),(o128)
+a6: vfmaddsub213pd/ps /r (66),(VEX)
+a7: vfmsubadd213pd/ps /r (66),(VEX)
+a8: vfmadd213pd/ps /r (66),(VEX)
+a9: vfmadd213sd/ss /r (66),(VEX),(o128)
+aa: vfmsub213pd/ps /r (66),(VEX)
+ab: vfmsub213sd/ss /r (66),(VEX),(o128)
+ac: vfnmadd213pd/ps /r (66),(VEX)
+ad: vfnmadd213sd/ss /r (66),(VEX),(o128)
+ae: vfnmsub213pd/ps /r (66),(VEX)
+af: vfnmsub213sd/ss /r (66),(VEX),(o128)
+b6: vfmaddsub231pd/ps /r (66),(VEX)
+b7: vfmsubadd231pd/ps /r (66),(VEX)
+b8: vfmadd231pd/ps /r (66),(VEX)
+b9: vfmadd231sd/ss /r (66),(VEX),(o128)
+ba: vfmsub231pd/ps /r (66),(VEX)
+bb: vfmsub231sd/ss /r (66),(VEX),(o128)
+bc: vfnmadd231pd/ps /r (66),(VEX)
+bd: vfnmadd231sd/ss /r (66),(VEX),(o128)
+be: vfnmsub231pd/ps /r (66),(VEX)
+bf: vfnmsub231sd/ss /r (66),(VEX),(o128)
+# 0x0f 0x38 0xc0-0xff
+db: aesimc Vdq,Wdq (66),(VEX),(o128)
+dc: aesenc Vdq,Wdq (66),(VEX),(o128)
+dd: aesenclast Vdq,Wdq (66),(VEX),(o128)
+de: aesdec Vdq,Wdq (66),(VEX),(o128)
+df: aesdeclast Vdq,Wdq (66),(VEX),(o128)
+f0: MOVBE Gv,Mv | CRC32 Gd,Eb (F2)
+f1: MOVBE Mv,Gv | CRC32 Gd,Ev (F2)
+EndTable
+
+Table: 3-byte opcode 2 (0x0f 0x3a)
+Referrer: 3-byte escape 2
+AVXcode: 3
+# 0x0f 0x3a 0x00-0xff
+04: vpermilps /r,Ib (66),(oVEX)
+05: vpermilpd /r,Ib (66),(oVEX)
+06: vperm2f128 /r,Ib (66),(oVEX),(o256)
+08: roundps Vdq,Wdq,Ib (66),(VEX)
+09: roundpd Vdq,Wdq,Ib (66),(VEX)
+0a: roundss Vss,Wss,Ib (66),(VEX),(o128)
+0b: roundsd Vsd,Wsd,Ib (66),(VEX),(o128)
+0c: blendps Vdq,Wdq,Ib (66),(VEX)
+0d: blendpd Vdq,Wdq,Ib (66),(VEX)
+0e: pblendw Vdq,Wdq,Ib (66),(VEX),(o128)
+0f: palignr Pq,Qq,Ib | palignr Vdq,Wdq,Ib (66),(VEX),(o128)
+14: pextrb Rd/Mb,Vdq,Ib (66),(VEX),(o128)
+15: pextrw Rd/Mw,Vdq,Ib (66),(VEX),(o128)
+16: pextrd/pextrq Ed/q,Vdq,Ib (66),(VEX),(o128)
+17: extractps Ed,Vdq,Ib (66),(VEX),(o128)
+18: vinsertf128 /r,Ib (66),(oVEX),(o256)
+19: vextractf128 /r,Ib (66),(oVEX),(o256)
+20: pinsrb Vdq,Rd/q/Mb,Ib (66),(VEX),(o128)
+21: insertps Vdq,Udq/Md,Ib (66),(VEX),(o128)
+22: pinsrd/pinsrq Vdq,Ed/q,Ib (66),(VEX),(o128)
+40: dpps Vdq,Wdq,Ib (66),(VEX)
+41: dppd Vdq,Wdq,Ib (66),(VEX),(o128)
+42: mpsadbw Vdq,Wdq,Ib (66),(VEX),(o128)
+44: pclmulq Vdq,Wdq,Ib (66),(VEX),(o128)
+4a: vblendvps /r,Ib (66),(oVEX)
+4b: vblendvpd /r,Ib (66),(oVEX)
+4c: vpblendvb /r,Ib (66),(oVEX),(o128)
+60: pcmpestrm Vdq,Wdq,Ib (66),(VEX),(o128)
+61: pcmpestri Vdq,Wdq,Ib (66),(VEX),(o128)
+62: pcmpistrm Vdq,Wdq,Ib (66),(VEX),(o128)
+63: pcmpistri Vdq,Wdq,Ib (66),(VEX),(o128)
+df: aeskeygenassist Vdq,Wdq,Ib (66),(VEX),(o128)
+EndTable
+
+GrpTable: Grp1
+0: ADD
+1: OR
+2: ADC
+3: SBB
+4: AND
+5: SUB
+6: XOR
+7: CMP
+EndTable
+
+GrpTable: Grp1A
+0: POP
+EndTable
+
+GrpTable: Grp2
+0: ROL
+1: ROR
+2: RCL
+3: RCR
+4: SHL/SAL
+5: SHR
+6:
+7: SAR
+EndTable
+
+GrpTable: Grp3_1
+0: TEST Eb,Ib
+1:
+2: NOT Eb
+3: NEG Eb
+4: MUL AL,Eb
+5: IMUL AL,Eb
+6: DIV AL,Eb
+7: IDIV AL,Eb
+EndTable
+
+GrpTable: Grp3_2
+0: TEST Ev,Iz
+1:
+2: NOT Ev
+3: NEG Ev
+4: MUL rAX,Ev
+5: IMUL rAX,Ev
+6: DIV rAX,Ev
+7: IDIV rAX,Ev
+EndTable
+
+GrpTable: Grp4
+0: INC Eb
+1: DEC Eb
+EndTable
+
+GrpTable: Grp5
+0: INC Ev
+1: DEC Ev
+2: CALLN Ev (f64)
+3: CALLF Ep
+4: JMPN Ev (f64)
+5: JMPF Ep
+6: PUSH Ev (d64)
+7:
+EndTable
+
+GrpTable: Grp6
+0: SLDT Rv/Mw
+1: STR Rv/Mw
+2: LLDT Ew
+3: LTR Ew
+4: VERR Ew
+5: VERW Ew
+EndTable
+
+GrpTable: Grp7
+0: SGDT Ms | VMCALL (001),(11B) | VMLAUNCH (010),(11B) | VMRESUME (011),(11B) | VMXOFF (100),(11B)
+1: SIDT Ms | MONITOR (000),(11B) | MWAIT (001)
+2: LGDT Ms | XGETBV (000),(11B) | XSETBV (001),(11B)
+3: LIDT Ms
+4: SMSW Mw/Rv
+5:
+6: LMSW Ew
+7: INVLPG Mb | SWAPGS (o64),(000),(11B) | RDTSCP (001),(11B)
+EndTable
+
+GrpTable: Grp8
+4: BT
+5: BTS
+6: BTR
+7: BTC
+EndTable
+
+GrpTable: Grp9
+1: CMPXCHG8B/16B Mq/Mdq
+6: VMPTRLD Mq | VMCLEAR Mq (66) | VMXON Mq (F3)
+7: VMPTRST Mq
+EndTable
+
+GrpTable: Grp10
+EndTable
+
+GrpTable: Grp11
+0: MOV
+EndTable
+
+GrpTable: Grp12
+2: psrlw Nq,Ib (11B) | psrlw Udq,Ib (66),(11B),(VEX),(o128)
+4: psraw Nq,Ib (11B) | psraw Udq,Ib (66),(11B),(VEX),(o128)
+6: psllw Nq,Ib (11B) | psllw Udq,Ib (66),(11B),(VEX),(o128)
+EndTable
+
+GrpTable: Grp13
+2: psrld Nq,Ib (11B) | psrld Udq,Ib (66),(11B),(VEX),(o128)
+4: psrad Nq,Ib (11B) | psrad Udq,Ib (66),(11B),(VEX),(o128)
+6: pslld Nq,Ib (11B) | pslld Udq,Ib (66),(11B),(VEX),(o128)
+EndTable
+
+GrpTable: Grp14
+2: psrlq Nq,Ib (11B) | psrlq Udq,Ib (66),(11B),(VEX),(o128)
+3: psrldq Udq,Ib (66),(11B),(VEX),(o128)
+6: psllq Nq,Ib (11B) | psllq Udq,Ib (66),(11B),(VEX),(o128)
+7: pslldq Udq,Ib (66),(11B),(VEX),(o128)
+EndTable
+
+GrpTable: Grp15
+0: fxsave
+1: fxstor
+2: ldmxcsr (VEX)
+3: stmxcsr (VEX)
+4: XSAVE
+5: XRSTOR | lfence (11B)
+6: mfence (11B)
+7: clflush | sfence (11B)
+EndTable
+
+GrpTable: Grp16
+0: prefetch NTA
+1: prefetch T0
+2: prefetch T1
+3: prefetch T2
+EndTable
+
+# AMD's Prefetch Group
+GrpTable: GrpP
+0: PREFETCH
+1: PREFETCHW
+EndTable
+
+GrpTable: GrpPDLK
+0: MONTMUL
+1: XSHA1
+2: XSHA2
+EndTable
+
+GrpTable: GrpRNG
+0: xstore-rng
+1: xcrypt-ecb
+2: xcrypt-cbc
+4: xcrypt-cfb
+5: xcrypt-ofb
+EndTable
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
index 61b41ca3b5a2..d0474ad2a6e5 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -35,34 +35,3 @@ int fixup_exception(struct pt_regs *regs)
 
         return 0;
 }
-
-#ifdef CONFIG_X86_64
-/*
- * Need to defined our own search_extable on X86_64 to work around
- * a B stepping K8 bug.
- */
-const struct exception_table_entry *
-search_extable(const struct exception_table_entry *first,
-               const struct exception_table_entry *last,
-               unsigned long value)
-{
-        /* B stepping K8 bug */
-        if ((value >> 32) == 0)
-                value |= 0xffffffffUL << 32;
-
-        while (first <= last) {
-                const struct exception_table_entry *mid;
-                long diff;
-
-                mid = (last - first) / 2 + first;
-                diff = mid->insn - value;
-                if (diff == 0)
-                        return mid;
-                else if (diff < 0)
-                        first = mid+1;
-                else
-                        last = mid-1;
-        }
-        return NULL;
-}
-#endif
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index f4cee9028cf0..f62777940dfb 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -38,7 +38,8 @@ enum x86_pf_error_code {
  * Returns 0 if mmiotrace is disabled, or if the fault is not
  * handled by mmiotrace:
  */
-static inline int kmmio_fault(struct pt_regs *regs, unsigned long addr)
+static inline int __kprobes
+kmmio_fault(struct pt_regs *regs, unsigned long addr)
 {
         if (unlikely(is_kmmio_active()))
                 if (kmmio_handler(regs, addr) == 1)
@@ -46,7 +47,7 @@ static inline int kmmio_fault(struct pt_regs *regs, unsigned long addr)
         return 0;
 }
 
-static inline int notify_page_fault(struct pt_regs *regs)
+static inline int __kprobes notify_page_fault(struct pt_regs *regs)
 {
         int ret = 0;
 
@@ -240,7 +241,7 @@ void vmalloc_sync_all(void)
  *
  *   Handle a fault on the vmalloc or module mapping area
  */
-static noinline int vmalloc_fault(unsigned long address)
+static noinline __kprobes int vmalloc_fault(unsigned long address)
 {
         unsigned long pgd_paddr;
         pmd_t *pmd_k;
@@ -357,7 +358,7 @@ void vmalloc_sync_all(void)
  *
  * This assumes no large pages in there.
  */
-static noinline int vmalloc_fault(unsigned long address)
+static noinline __kprobes int vmalloc_fault(unsigned long address)
 {
         pgd_t *pgd, *pgd_ref;
         pud_t *pud, *pud_ref;
@@ -658,7 +659,7 @@ no_context(struct pt_regs *regs, unsigned long error_code,
         show_fault_oops(regs, error_code, address);
 
         stackend = end_of_stack(tsk);
-        if (*stackend != STACK_END_MAGIC)
+        if (tsk != &init_task && *stackend != STACK_END_MAGIC)
                 printk(KERN_ALERT "Thread overran stack, or stack corrupted\n");
 
         tsk->thread.cr2         = address;
@@ -860,7 +861,7 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
  * There are no security implications to leaving a stale TLB when
  * increasing the permissions on a page.
  */
-static noinline int
+static noinline __kprobes int
 spurious_fault(unsigned long error_code, unsigned long address)
 {
         pgd_t *pgd;
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 73ffd5536f62..d406c5239019 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -146,10 +146,6 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
         use_gbpages = direct_gbpages;
 #endif
 
-        set_nx();
-        if (nx_enabled)
-                printk(KERN_INFO "NX (Execute Disable) protection: active\n");
-
         /* Enable PSE if available */
         if (cpu_has_pse)
                 set_in_cr4(X86_CR4_PSE);
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index 30938c1d8d5d..c973f8e2a6cf 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -412,7 +412,7 @@ static void __init permanent_kmaps_init(pgd_t *pgd_base)
         pkmap_page_table = pte;
 }
 
-static void __init add_one_highpage_init(struct page *page, int pfn)
+static void __init add_one_highpage_init(struct page *page)
 {
         ClearPageReserved(page);
         init_page_count(page);
@@ -445,7 +445,7 @@ static int __init add_highpages_work_fn(unsigned long start_pfn,
                 if (!pfn_valid(node_pfn))
                         continue;
                 page = pfn_to_page(node_pfn);
-                add_one_highpage_init(page, node_pfn);
+                add_one_highpage_init(page);
         }
 
         return 0;
@@ -703,8 +703,8 @@ void __init find_low_pfn_range(void)
 }
 
 #ifndef CONFIG_NEED_MULTIPLE_NODES
-void __init initmem_init(unsigned long start_pfn,
-                                  unsigned long end_pfn)
+void __init initmem_init(unsigned long start_pfn, unsigned long end_pfn,
+                                int acpi, int k8)
 {
 #ifdef CONFIG_HIGHMEM
         highstart_pfn = highend_pfn = max_pfn;
@@ -997,7 +997,7 @@ static noinline int do_test_wp_bit(void)
 const int rodata_test_data = 0xC3;
 EXPORT_SYMBOL_GPL(rodata_test_data);
 
-static int kernel_set_to_readonly;
+int kernel_set_to_readonly __read_mostly;
 
 void set_kernel_text_rw(void)
 {
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 5a4398a6006b..5198b9bb34ef 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -568,7 +568,8 @@ kernel_physical_mapping_init(unsigned long start,
 }
 
 #ifndef CONFIG_NUMA
-void __init initmem_init(unsigned long start_pfn, unsigned long end_pfn)
+void __init initmem_init(unsigned long start_pfn, unsigned long end_pfn,
+                                int acpi, int k8)
 {
         unsigned long bootmap_size, bootmap;
 
@@ -694,12 +695,12 @@ void __init mem_init(void)
 const int rodata_test_data = 0xC3;
 EXPORT_SYMBOL_GPL(rodata_test_data);
 
-static int kernel_set_to_readonly;
+int kernel_set_to_readonly;
 
 void set_kernel_text_rw(void)
 {
-        unsigned long start = PFN_ALIGN(_stext);
-        unsigned long end = PFN_ALIGN(__start_rodata);
+        unsigned long start = PFN_ALIGN(_text);
+        unsigned long end = PFN_ALIGN(__stop___ex_table);
 
         if (!kernel_set_to_readonly)
                 return;
@@ -707,13 +708,18 @@ void set_kernel_text_rw(void)
         pr_debug("Set kernel text: %lx - %lx for read write\n",
                  start, end);
 
+        /*
+         * Make the kernel identity mapping for text RW. Kernel text
+         * mapping will always be RO. Refer to the comment in
+         * static_protections() in pageattr.c
+         */
         set_memory_rw(start, (end - start) >> PAGE_SHIFT);
 }
 
 void set_kernel_text_ro(void)
 {
-        unsigned long start = PFN_ALIGN(_stext);
-        unsigned long end = PFN_ALIGN(__start_rodata);
+        unsigned long start = PFN_ALIGN(_text);
+        unsigned long end = PFN_ALIGN(__stop___ex_table);
 
         if (!kernel_set_to_readonly)
                 return;
@@ -721,14 +727,21 @@ void set_kernel_text_ro(void)
         pr_debug("Set kernel text: %lx - %lx for read only\n",
                  start, end);
 
+        /*
+         * Set the kernel identity mapping for text RO.
+         */
         set_memory_ro(start, (end - start) >> PAGE_SHIFT);
 }
 
 void mark_rodata_ro(void)
 {
-        unsigned long start = PFN_ALIGN(_stext), end = PFN_ALIGN(__end_rodata);
+        unsigned long start = PFN_ALIGN(_text);
         unsigned long rodata_start =
                 ((unsigned long)__start_rodata + PAGE_SIZE - 1) & PAGE_MASK;
+        unsigned long end = (unsigned long) &__end_rodata_hpage_align;
+        unsigned long text_end = PAGE_ALIGN((unsigned long) &__stop___ex_table);
+        unsigned long rodata_end = PAGE_ALIGN((unsigned long) &__end_rodata);
+        unsigned long data_start = (unsigned long) &_sdata;
 
         printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
                (end - start) >> 10);
@@ -751,6 +764,14 @@ void mark_rodata_ro(void)
         printk(KERN_INFO "Testing CPA: again\n");
         set_memory_ro(start, (end-start) >> PAGE_SHIFT);
 #endif
+
+        free_init_pages("unused kernel memory",
+                        (unsigned long) page_address(virt_to_page(text_end)),
+                        (unsigned long)
+                                 page_address(virt_to_page(rodata_start)));
+        free_init_pages("unused kernel memory",
+                        (unsigned long) page_address(virt_to_page(rodata_end)),
+                        (unsigned long) page_address(virt_to_page(data_start)));
 }
 
 #endif
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index 334e63ca7b2b..c246d259822d 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -170,8 +170,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
                                 (unsigned long long)phys_addr,
                                 (unsigned long long)(phys_addr + size),
                                 prot_val, new_prot_val);
-                        free_memtype(phys_addr, phys_addr + size);
-                        return NULL;
+                        goto err_free_memtype;
                 }
                 prot_val = new_prot_val;
         }
@@ -197,26 +196,25 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
          */
         area = get_vm_area_caller(size, VM_IOREMAP, caller);
         if (!area)
-                return NULL;
+                goto err_free_memtype;
         area->phys_addr = phys_addr;
         vaddr = (unsigned long) area->addr;
 
-        if (kernel_map_sync_memtype(phys_addr, size, prot_val)) {
-                free_memtype(phys_addr, phys_addr + size);
-                free_vm_area(area);
-                return NULL;
-        }
+        if (kernel_map_sync_memtype(phys_addr, size, prot_val))
+                goto err_free_area;
 
-        if (ioremap_page_range(vaddr, vaddr + size, phys_addr, prot)) {
-                free_memtype(phys_addr, phys_addr + size);
-                free_vm_area(area);
-                return NULL;
-        }
+        if (ioremap_page_range(vaddr, vaddr + size, phys_addr, prot))
+                goto err_free_area;
 
         ret_addr = (void __iomem *) (vaddr + offset);
         mmiotrace_ioremap(unaligned_phys_addr, unaligned_size, ret_addr);
 
         return ret_addr;
+err_free_area:
+        free_vm_area(area);
+err_free_memtype:
+        free_memtype(phys_addr, phys_addr + size);
+        return NULL;
 }
 
 /**
@@ -283,30 +281,6 @@ void __iomem *ioremap_cache(resource_size_t phys_addr, unsigned long size)
 }
 EXPORT_SYMBOL(ioremap_cache);
 
-static void __iomem *ioremap_default(resource_size_t phys_addr,
-                                        unsigned long size)
-{
-        unsigned long flags;
-        void __iomem *ret;
-        int err;
-
-        /*
-         * - WB for WB-able memory and no other conflicting mappings
-         * - UC_MINUS for non-WB-able memory with no other conflicting mappings
-         * - Inherit from confliting mappings otherwise
-         */
-        err = reserve_memtype(phys_addr, phys_addr + size,
-                                _PAGE_CACHE_WB, &flags);
-        if (err < 0)
-                return NULL;
-
-        ret = __ioremap_caller(phys_addr, size, flags,
-                               __builtin_return_address(0));
-
-        free_memtype(phys_addr, phys_addr + size);
-        return ret;
-}
-
 void __iomem *ioremap_prot(resource_size_t phys_addr, unsigned long size,
                                 unsigned long prot_val)
 {
@@ -382,7 +356,7 @@ void *xlate_dev_mem_ptr(unsigned long phys)
         if (page_is_ram(start >> PAGE_SHIFT))
                 return __va(phys);
 
-        addr = (void __force *)ioremap_default(start, PAGE_SIZE);
+        addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
         if (addr)
                 addr = (void *)((unsigned long)addr | (phys & ~PAGE_MASK));
 
diff --git a/arch/x86/mm/k8topology_64.c b/arch/x86/mm/k8topology_64.c
index 268f8255280f..970ed579d4e4 100644
--- a/arch/x86/mm/k8topology_64.c
+++ b/arch/x86/mm/k8topology_64.c
@@ -24,6 +24,9 @@
 #include <asm/apic.h>
 #include <asm/k8.h>
 
+static struct bootnode __initdata nodes[8];
+static nodemask_t __initdata nodes_parsed = NODE_MASK_NONE;
+
 static __init int find_northbridge(void)
 {
         int num;
@@ -54,18 +57,6 @@ static __init void early_get_boot_cpu_id(void)
          * need to get boot_cpu_id so can use that to create apicid_to_node
          * in k8_scan_nodes()
          */
-        /*
-         * Find possible boot-time SMP configuration:
-         */
-#ifdef CONFIG_X86_MPPARSE
-        early_find_smp_config();
-#endif
-#ifdef CONFIG_ACPI
-        /*
-         * Read APIC information from ACPI tables.
-         */
-        early_acpi_boot_init();
-#endif
 #ifdef CONFIG_X86_MPPARSE
         /*
          * get boot-time SMP configuration:
@@ -76,12 +67,26 @@ static __init void early_get_boot_cpu_id(void)
         early_init_lapic_mapping();
 }
 
-int __init k8_scan_nodes(unsigned long start, unsigned long end)
+int __init k8_get_nodes(struct bootnode *physnodes)
 {
-        unsigned numnodes, cores, bits, apicid_base;
+        int i;
+        int ret = 0;
+
+        for_each_node_mask(i, nodes_parsed) {
+                physnodes[ret].start = nodes[i].start;
+                physnodes[ret].end = nodes[i].end;
+                ret++;
+        }
+        return ret;
+}
+
+int __init k8_numa_init(unsigned long start_pfn, unsigned long end_pfn)
+{
+        unsigned long start = PFN_PHYS(start_pfn);
+        unsigned long end = PFN_PHYS(end_pfn);
+        unsigned numnodes;
         unsigned long prevbase;
-        struct bootnode nodes[8];
-        int i, j, nb, found = 0;
+        int i, nb, found = 0;
         u32 nodeid, reg;
 
         if (!early_pci_allowed())
@@ -91,16 +96,15 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
         if (nb < 0)
                 return nb;
 
-        printk(KERN_INFO "Scanning NUMA topology in Northbridge %d\n", nb);
+        pr_info("Scanning NUMA topology in Northbridge %d\n", nb);
 
         reg = read_pci_config(0, nb, 0, 0x60);
         numnodes = ((reg >> 4) & 0xF) + 1;
         if (numnodes <= 1)
                 return -1;
 
-        printk(KERN_INFO "Number of nodes %d\n", numnodes);
+        pr_info("Number of physical nodes %d\n", numnodes);
 
-        memset(&nodes, 0, sizeof(nodes));
         prevbase = 0;
         for (i = 0; i < 8; i++) {
                 unsigned long base, limit;
@@ -111,28 +115,28 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
                 nodeid = limit & 7;
                 if ((base & 3) == 0) {
                         if (i < numnodes)
-                                printk("Skipping disabled node %d\n", i);
+                                pr_info("Skipping disabled node %d\n", i);
                         continue;
                 }
                 if (nodeid >= numnodes) {
-                        printk("Ignoring excess node %d (%lx:%lx)\n", nodeid,
-                               base, limit);
+                        pr_info("Ignoring excess node %d (%lx:%lx)\n", nodeid,
+                                base, limit);
                         continue;
                 }
 
                 if (!limit) {
-                        printk(KERN_INFO "Skipping node entry %d (base %lx)\n",
-                               i, base);
+                        pr_info("Skipping node entry %d (base %lx)\n",
+                                i, base);
                         continue;
                 }
                 if ((base >> 8) & 3 || (limit >> 8) & 3) {
-                        printk(KERN_ERR "Node %d using interleaving mode %lx/%lx\n",
-                               nodeid, (base>>8)&3, (limit>>8) & 3);
+                        pr_err("Node %d using interleaving mode %lx/%lx\n",
+                               nodeid, (base >> 8) & 3, (limit >> 8) & 3);
                         return -1;
                 }
-                if (node_isset(nodeid, node_possible_map)) {
-                        printk(KERN_INFO "Node %d already present. Skipping\n",
-                               nodeid);
+                if (node_isset(nodeid, nodes_parsed)) {
+                        pr_info("Node %d already present, skipping\n",
+                                nodeid);
                         continue;
                 }
 
@@ -141,8 +145,8 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
                 limit |= (1<<24)-1;
                 limit++;
 
-                if (limit > max_pfn << PAGE_SHIFT)
-                        limit = max_pfn << PAGE_SHIFT;
+                if (limit > end)
+                        limit = end;
                 if (limit <= base)
                         continue;
 
@@ -154,24 +158,24 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
                 if (limit > end)
                         limit = end;
                 if (limit == base) {
-                        printk(KERN_ERR "Empty node %d\n", nodeid);
+                        pr_err("Empty node %d\n", nodeid);
                         continue;
                 }
                 if (limit < base) {
-                        printk(KERN_ERR "Node %d bogus settings %lx-%lx.\n",
+                        pr_err("Node %d bogus settings %lx-%lx.\n",
                                nodeid, base, limit);
                         continue;
                 }
 
                 /* Could sort here, but pun for now. Should not happen anyroads. */
                 if (prevbase > base) {
-                        printk(KERN_ERR "Node map not sorted %lx,%lx\n",
+                        pr_err("Node map not sorted %lx,%lx\n",
                                prevbase, base);
                         return -1;
                 }
 
-                printk(KERN_INFO "Node %d MemBase %016lx Limit %016lx\n",
-                       nodeid, base, limit);
+                pr_info("Node %d MemBase %016lx Limit %016lx\n",
+                        nodeid, base, limit);
 
                 found++;
 
@@ -180,18 +184,29 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
 
                 prevbase = base;
 
-                node_set(nodeid, node_possible_map);
+                node_set(nodeid, nodes_parsed);
         }
 
         if (!found)
                 return -1;
+        return 0;
+}
+
+int __init k8_scan_nodes(void)
+{
+        unsigned int bits;
+        unsigned int cores;
+        unsigned int apicid_base;
+        int i;
 
+        BUG_ON(nodes_empty(nodes_parsed));
+        node_possible_map = nodes_parsed;
         memnode_shift = compute_hash_shift(nodes, 8, NULL);
         if (memnode_shift < 0) {
-                printk(KERN_ERR "No NUMA node hash function found. Contact maintainer\n");
+                pr_err("No NUMA node hash function found. Contact maintainer\n");
                 return -1;
         }
-        printk(KERN_INFO "Using node hash shift of %d\n", memnode_shift);
+        pr_info("Using node hash shift of %d\n", memnode_shift);
 
         /* use the coreid bits from early_identify_cpu */
         bits = boot_cpu_data.x86_coreid_bits;
@@ -200,14 +215,12 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
         /* need to get boot_cpu_id early for system with apicid lifting */
         early_get_boot_cpu_id();
         if (boot_cpu_physical_apicid > 0) {
-                printk(KERN_INFO "BSP APIC ID: %02x\n",
-                                 boot_cpu_physical_apicid);
+                pr_info("BSP APIC ID: %02x\n", boot_cpu_physical_apicid);
                 apicid_base = boot_cpu_physical_apicid;
         }
 
-        for (i = 0; i < 8; i++) {
-                if (nodes[i].start == nodes[i].end)
-                        continue;
+        for_each_node_mask(i, node_possible_map) {
+                int j;
 
                 e820_register_active_regions(i,
                                 nodes[i].start >> PAGE_SHIFT,
diff --git a/arch/x86/mm/kmemcheck/error.c b/arch/x86/mm/kmemcheck/error.c
index 4901d0dafda6..af3b6c8a436f 100644
--- a/arch/x86/mm/kmemcheck/error.c
+++ b/arch/x86/mm/kmemcheck/error.c
@@ -106,26 +106,25 @@ void kmemcheck_error_recall(void)
 
         switch (e->type) {
         case KMEMCHECK_ERROR_INVALID_ACCESS:
-                printk(KERN_ERR  "WARNING: kmemcheck: Caught %d-bit read "
-                        "from %s memory (%p)\n",
+                printk(KERN_WARNING "WARNING: kmemcheck: Caught %d-bit read from %s memory (%p)\n",
                         8 * e->size, e->state < ARRAY_SIZE(desc) ?
                                 desc[e->state] : "(invalid shadow state)",
                         (void *) e->address);
 
-                printk(KERN_INFO);
+                printk(KERN_WARNING);
                 for (i = 0; i < SHADOW_COPY_SIZE; ++i)
-                        printk("%02x", e->memory_copy[i]);
-                printk("\n");
+                        printk(KERN_CONT "%02x", e->memory_copy[i]);
+                printk(KERN_CONT "\n");
 
-                printk(KERN_INFO);
+                printk(KERN_WARNING);
                 for (i = 0; i < SHADOW_COPY_SIZE; ++i) {
                         if (e->shadow_copy[i] < ARRAY_SIZE(short_desc))
-                                printk(" %c", short_desc[e->shadow_copy[i]]);
+                                printk(KERN_CONT " %c", short_desc[e->shadow_copy[i]]);
                         else
-                                printk(" ?");
+                                printk(KERN_CONT " ?");
                 }
-                printk("\n");
-                printk(KERN_INFO "%*c\n", 2 + 2
+                printk(KERN_CONT "\n");
+                printk(KERN_WARNING "%*c\n", 2 + 2
                         * (int) (e->address & (SHADOW_COPY_SIZE - 1)), '^');
                 break;
         case KMEMCHECK_ERROR_BUG:
diff --git a/arch/x86/mm/kmmio.c b/arch/x86/mm/kmmio.c
index 16ccbd77917f..c0f6198565eb 100644
--- a/arch/x86/mm/kmmio.c
+++ b/arch/x86/mm/kmmio.c
@@ -5,6 +5,8 @@
  *     2008 Pekka Paalanen <pq@iki.fi>
  */
 
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/list.h>
 #include <linux/rculist.h>
 #include <linux/spinlock.h>
@@ -136,7 +138,7 @@ static int clear_page_presence(struct kmmio_fault_page *f, bool clear)
         pte_t *pte = lookup_address(f->page, &level);
 
         if (!pte) {
-                pr_err("kmmio: no pte for page 0x%08lx\n", f->page);
+                pr_err("no pte for page 0x%08lx\n", f->page);
                 return -1;
         }
 
@@ -148,7 +150,7 @@ static int clear_page_presence(struct kmmio_fault_page *f, bool clear)
                 clear_pte_presence(pte, clear, &f->old_presence);
                 break;
         default:
-                pr_err("kmmio: unexpected page level 0x%x.\n", level);
+                pr_err("unexpected page level 0x%x.\n", level);
                 return -1;
         }
 
@@ -170,13 +172,14 @@ static int clear_page_presence(struct kmmio_fault_page *f, bool clear)
 static int arm_kmmio_fault_page(struct kmmio_fault_page *f)
 {
         int ret;
-        WARN_ONCE(f->armed, KERN_ERR "kmmio page already armed.\n");
+        WARN_ONCE(f->armed, KERN_ERR pr_fmt("kmmio page already armed.\n"));
         if (f->armed) {
-                pr_warning("kmmio double-arm: page 0x%08lx, ref %d, old %d\n",
-                                        f->page, f->count, !!f->old_presence);
+                pr_warning("double-arm: page 0x%08lx, ref %d, old %d\n",
+                           f->page, f->count, !!f->old_presence);
         }
         ret = clear_page_presence(f, true);
-        WARN_ONCE(ret < 0, KERN_ERR "kmmio arming 0x%08lx failed.\n", f->page);
+        WARN_ONCE(ret < 0, KERN_ERR pr_fmt("arming 0x%08lx failed.\n"),
+                  f->page);
         f->armed = true;
         return ret;
 }
@@ -203,7 +206,7 @@ static void disarm_kmmio_fault_page(struct kmmio_fault_page *f)
  */
 /*
  * Interrupts are disabled on entry as trap3 is an interrupt gate
- * and they remain disabled thorough out this function.
+ * and they remain disabled throughout this function.
  */
 int kmmio_handler(struct pt_regs *regs, unsigned long addr)
 {
@@ -240,24 +243,21 @@ int kmmio_handler(struct pt_regs *regs, unsigned long addr)
                          * condition needs handling by do_page_fault(), the
                          * page really not being present is the most common.
                          */
-                        pr_debug("kmmio: secondary hit for 0x%08lx CPU %d.\n",
-                                        addr, smp_processor_id());
+                        pr_debug("secondary hit for 0x%08lx CPU %d.\n",
+                                 addr, smp_processor_id());
 
                         if (!faultpage->old_presence)
-                                pr_info("kmmio: unexpected secondary hit for "
-                                        "address 0x%08lx on CPU %d.\n", addr,
-                                        smp_processor_id());
+                                pr_info("unexpected secondary hit for address 0x%08lx on CPU %d.\n",
+                                        addr, smp_processor_id());
                 } else {
                         /*
                          * Prevent overwriting already in-flight context.
                          * This should not happen, let's hope disarming at
                          * least prevents a panic.
                          */
-                        pr_emerg("kmmio: recursive probe hit on CPU %d, "
-                                        "for address 0x%08lx. Ignoring.\n",
-                                        smp_processor_id(), addr);
-                        pr_emerg("kmmio: previous hit was at 0x%08lx.\n",
-                                                ctx->addr);
+                        pr_emerg("recursive probe hit on CPU %d, for address 0x%08lx. Ignoring.\n",
+                                 smp_processor_id(), addr);
+                        pr_emerg("previous hit was at 0x%08lx.\n", ctx->addr);
                         disarm_kmmio_fault_page(faultpage);
                 }
                 goto no_kmmio_ctx;
@@ -302,7 +302,7 @@ no_kmmio:
 
 /*
  * Interrupts are disabled on entry as trap1 is an interrupt gate
- * and they remain disabled thorough out this function.
+ * and they remain disabled throughout this function.
  * This must always get called as the pair to kmmio_handler().
  */
 static int post_kmmio_handler(unsigned long condition, struct pt_regs *regs)
@@ -316,8 +316,8 @@ static int post_kmmio_handler(unsigned long condition, struct pt_regs *regs)
                  * something external causing them (f.e. using a debugger while
                  * mmio tracing enabled), or erroneous behaviour
                  */
-                pr_warning("kmmio: unexpected debug trap on CPU %d.\n",
-                                                        smp_processor_id());
+                pr_warning("unexpected debug trap on CPU %d.\n",
+                           smp_processor_id());
                 goto out;
         }
 
@@ -425,7 +425,7 @@ int register_kmmio_probe(struct kmmio_probe *p)
         list_add_rcu(&p->list, &kmmio_probes);
         while (size < size_lim) {
                 if (add_kmmio_fault_page(p->addr + size))
-                        pr_err("kmmio: Unable to set page fault.\n");
+                        pr_err("Unable to set page fault.\n");
                 size += PAGE_SIZE;
         }
 out:
@@ -490,7 +490,7 @@ static void remove_kmmio_fault_pages(struct rcu_head *head)
  * 2. remove_kmmio_fault_pages()
  *    Remove the pages from kmmio_page_table.
  * 3. rcu_free_kmmio_fault_pages()
- *    Actally free the kmmio_fault_page structs as with RCU.
+ *    Actually free the kmmio_fault_page structs as with RCU.
  */
 void unregister_kmmio_probe(struct kmmio_probe *p)
 {
@@ -511,7 +511,7 @@ void unregister_kmmio_probe(struct kmmio_probe *p)
 
         drelease = kmalloc(sizeof(*drelease), GFP_ATOMIC);
         if (!drelease) {
-                pr_crit("kmmio: leaking kmmio_fault_page objects.\n");
+                pr_crit("leaking kmmio_fault_page objects.\n");
                 return;
         }
         drelease->release_list = release_list;
@@ -540,8 +540,14 @@ kmmio_die_notifier(struct notifier_block *nb, unsigned long val, void *args)
         struct die_args *arg = args;
 
         if (val == DIE_DEBUG && (arg->err & DR_STEP))
-                if (post_kmmio_handler(arg->err, arg->regs) == 1)
+                if (post_kmmio_handler(arg->err, arg->regs) == 1) {
+                        /*
+                         * Reset the BS bit in dr6 (pointed by args->err) to
+                         * denote completion of processing
+                         */
+                        (*(unsigned long *)ERR_PTR(arg->err)) &= ~DR_STEP;
                         return NOTIFY_STOP;
+                }
 
         return NOTIFY_DONE;
 }
diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c
index 132772a8ec57..34a3291ca103 100644
--- a/arch/x86/mm/mmio-mod.c
+++ b/arch/x86/mm/mmio-mod.c
@@ -19,6 +19,9 @@
  *
  * Derived from the read-mod example from relay-examples by Tom Zanussi.
  */
+
+#define pr_fmt(fmt) "mmiotrace: " fmt
+
 #define DEBUG 1
 
 #include <linux/module.h>
@@ -36,8 +39,6 @@
 
 #include "pf_in.h"
 
-#define NAME "mmiotrace: "
-
 struct trap_reason {
         unsigned long addr;
         unsigned long ip;
@@ -96,17 +97,18 @@ static void print_pte(unsigned long address)
         pte_t *pte = lookup_address(address, &level);
 
         if (!pte) {
-                pr_err(NAME "Error in %s: no pte for page 0x%08lx\n",
-                                                        __func__, address);
+                pr_err("Error in %s: no pte for page 0x%08lx\n",
+                       __func__, address);
                 return;
         }
 
         if (level == PG_LEVEL_2M) {
-                pr_emerg(NAME "4MB pages are not currently supported: "
-                                                        "0x%08lx\n", address);
+                pr_emerg("4MB pages are not currently supported: 0x%08lx\n",
+                         address);
                 BUG();
         }
-        pr_info(NAME "pte for 0x%lx: 0x%llx 0x%llx\n", address,
+        pr_info("pte for 0x%lx: 0x%llx 0x%llx\n",
+                address,
                 (unsigned long long)pte_val(*pte),
                 (unsigned long long)pte_val(*pte) & _PAGE_PRESENT);
 }
@@ -118,22 +120,21 @@ static void print_pte(unsigned long address)
 static void die_kmmio_nesting_error(struct pt_regs *regs, unsigned long addr)
 {
         const struct trap_reason *my_reason = &get_cpu_var(pf_reason);
-        pr_emerg(NAME "unexpected fault for address: 0x%08lx, "
-                                        "last fault for address: 0x%08lx\n",
-                                        addr, my_reason->addr);
+        pr_emerg("unexpected fault for address: 0x%08lx, last fault for address: 0x%08lx\n",
+                 addr, my_reason->addr);
         print_pte(addr);
         print_symbol(KERN_EMERG "faulting IP is at %s\n", regs->ip);
         print_symbol(KERN_EMERG "last faulting IP was at %s\n", my_reason->ip);
 #ifdef __i386__
         pr_emerg("eax: %08lx   ebx: %08lx   ecx: %08lx   edx: %08lx\n",
-                        regs->ax, regs->bx, regs->cx, regs->dx);
+                 regs->ax, regs->bx, regs->cx, regs->dx);
         pr_emerg("esi: %08lx   edi: %08lx   ebp: %08lx   esp: %08lx\n",
-                        regs->si, regs->di, regs->bp, regs->sp);
+                 regs->si, regs->di, regs->bp, regs->sp);
 #else
         pr_emerg("rax: %016lx   rcx: %016lx   rdx: %016lx\n",
-                                        regs->ax, regs->cx, regs->dx);
+                 regs->ax, regs->cx, regs->dx);
         pr_emerg("rsi: %016lx   rdi: %016lx   rbp: %016lx   rsp: %016lx\n",
-                                regs->si, regs->di, regs->bp, regs->sp);
+                 regs->si, regs->di, regs->bp, regs->sp);
 #endif
         put_cpu_var(pf_reason);
         BUG();
@@ -213,7 +214,7 @@ static void post(struct kmmio_probe *p, unsigned long condition,
         /* this should always return the active_trace count to 0 */
         my_reason->active_traces--;
         if (my_reason->active_traces) {
-                pr_emerg(NAME "unexpected post handler");
+                pr_emerg("unexpected post handler");
                 BUG();
         }
 
@@ -244,7 +245,7 @@ static void ioremap_trace_core(resource_size_t offset, unsigned long size,
         };
 
         if (!trace) {
-                pr_err(NAME "kmalloc failed in ioremap\n");
+                pr_err("kmalloc failed in ioremap\n");
                 return;
         }
 
@@ -282,8 +283,8 @@ void mmiotrace_ioremap(resource_size_t offset, unsigned long size,
         if (!is_enabled()) /* recheck and proper locking in *_core() */
                 return;
 
-        pr_debug(NAME "ioremap_*(0x%llx, 0x%lx) = %p\n",
-                                (unsigned long long)offset, size, addr);
+        pr_debug("ioremap_*(0x%llx, 0x%lx) = %p\n",
+                 (unsigned long long)offset, size, addr);
         if ((filter_offset) && (offset != filter_offset))
                 return;
         ioremap_trace_core(offset, size, addr);
@@ -301,7 +302,7 @@ static void iounmap_trace_core(volatile void __iomem *addr)
         struct remap_trace *tmp;
         struct remap_trace *found_trace = NULL;
 
-        pr_debug(NAME "Unmapping %p.\n", addr);
+        pr_debug("Unmapping %p.\n", addr);
 
         spin_lock_irq(&trace_lock);
         if (!is_enabled())
@@ -363,9 +364,8 @@ static void clear_trace_list(void)
          * Caller also ensures is_enabled() cannot change.
          */
         list_for_each_entry(trace, &trace_list, list) {
-                pr_notice(NAME "purging non-iounmapped "
-                                        "trace @0x%08lx, size 0x%lx.\n",
-                                        trace->probe.addr, trace->probe.len);
+                pr_notice("purging non-iounmapped trace @0x%08lx, size 0x%lx.\n",
+                          trace->probe.addr, trace->probe.len);
                 if (!nommiotrace)
                         unregister_kmmio_probe(&trace->probe);
         }
@@ -387,7 +387,7 @@ static void enter_uniprocessor(void)
 
         if (downed_cpus == NULL &&
             !alloc_cpumask_var(&downed_cpus, GFP_KERNEL)) {
-                pr_notice(NAME "Failed to allocate mask\n");
+                pr_notice("Failed to allocate mask\n");
                 goto out;
         }
 
@@ -395,20 +395,19 @@ static void enter_uniprocessor(void)
         cpumask_copy(downed_cpus, cpu_online_mask);
         cpumask_clear_cpu(cpumask_first(cpu_online_mask), downed_cpus);
         if (num_online_cpus() > 1)
-                pr_notice(NAME "Disabling non-boot CPUs...\n");
+                pr_notice("Disabling non-boot CPUs...\n");
         put_online_cpus();
 
         for_each_cpu(cpu, downed_cpus) {
                 err = cpu_down(cpu);
                 if (!err)
-                        pr_info(NAME "CPU%d is down.\n", cpu);
+                        pr_info("CPU%d is down.\n", cpu);
                 else
-                        pr_err(NAME "Error taking CPU%d down: %d\n", cpu, err);
+                        pr_err("Error taking CPU%d down: %d\n", cpu, err);
         }
 out:
         if (num_online_cpus() > 1)
-                pr_warning(NAME "multiple CPUs still online, "
-                                                "may miss events.\n");
+                pr_warning("multiple CPUs still online, may miss events.\n");
 }
 
 /* __ref because leave_uniprocessor calls cpu_up which is __cpuinit,
@@ -420,13 +419,13 @@ static void __ref leave_uniprocessor(void)
 
         if (downed_cpus == NULL || cpumask_weight(downed_cpus) == 0)
                 return;
-        pr_notice(NAME "Re-enabling CPUs...\n");
+        pr_notice("Re-enabling CPUs...\n");
         for_each_cpu(cpu, downed_cpus) {
                 err = cpu_up(cpu);
                 if (!err)
-                        pr_info(NAME "enabled CPU%d.\n", cpu);
+                        pr_info("enabled CPU%d.\n", cpu);
                 else
-                        pr_err(NAME "cannot re-enable CPU%d: %d\n", cpu, err);
+                        pr_err("cannot re-enable CPU%d: %d\n", cpu, err);
         }
 }
 
@@ -434,8 +433,8 @@ static void __ref leave_uniprocessor(void)
 static void enter_uniprocessor(void)
 {
         if (num_online_cpus() > 1)
-                pr_warning(NAME "multiple CPUs are online, may miss events. "
-                        "Suggest booting with maxcpus=1 kernel argument.\n");
+                pr_warning("multiple CPUs are online, may miss events. "
+                           "Suggest booting with maxcpus=1 kernel argument.\n");
 }
 
 static void leave_uniprocessor(void)
@@ -450,13 +449,13 @@ void enable_mmiotrace(void)
                 goto out;
 
         if (nommiotrace)
-                pr_info(NAME "MMIO tracing disabled.\n");
+                pr_info("MMIO tracing disabled.\n");
         kmmio_init();
         enter_uniprocessor();
         spin_lock_irq(&trace_lock);
         atomic_inc(&mmiotrace_enabled);
         spin_unlock_irq(&trace_lock);
-        pr_info(NAME "enabled.\n");
+        pr_info("enabled.\n");
 out:
         mutex_unlock(&mmiotrace_mutex);
 }
@@ -475,7 +474,7 @@ void disable_mmiotrace(void)
         clear_trace_list(); /* guarantees: no more kmmio callbacks */
         leave_uniprocessor();
         kmmio_cleanup();
-        pr_info(NAME "disabled.\n");
+        pr_info("disabled.\n");
 out:
         mutex_unlock(&mmiotrace_mutex);
 }
diff --git a/arch/x86/mm/numa_32.c b/arch/x86/mm/numa_32.c
index d2530062fe00..b20760ca7244 100644
--- a/arch/x86/mm/numa_32.c
+++ b/arch/x86/mm/numa_32.c
@@ -347,8 +347,8 @@ static void init_remap_allocator(int nid)
                 (ulong) node_remap_end_vaddr[nid]);
 }
 
-void __init initmem_init(unsigned long start_pfn,
-                                  unsigned long end_pfn)
+void __init initmem_init(unsigned long start_pfn, unsigned long end_pfn,
+                                int acpi, int k8)
 {
         int nid;
         long kva_target_pfn;
diff --git a/arch/x86/mm/numa_64.c b/arch/x86/mm/numa_64.c
index 459913beac71..83bbc70d11bb 100644
--- a/arch/x86/mm/numa_64.c
+++ b/arch/x86/mm/numa_64.c
@@ -239,8 +239,14 @@ setup_node_bootmem(int nodeid, unsigned long start, unsigned long end)
         bootmap = early_node_mem(nodeid, bootmap_start, end,
                                  bootmap_pages<<PAGE_SHIFT, PAGE_SIZE);
         if (bootmap == NULL)  {
-                if (nodedata_phys < start || nodedata_phys >= end)
-                        free_bootmem(nodedata_phys, pgdat_size);
+                if (nodedata_phys < start || nodedata_phys >= end) {
+                        /*
+                         * only need to free it if it is from other node
+                         * bootmem
+                         */
+                        if (nid != nodeid)
+                                free_bootmem(nodedata_phys, pgdat_size);
+                }
                 node_data[nodeid] = NULL;
                 return;
         }
@@ -306,8 +312,71 @@ void __init numa_init_array(void)
 
 #ifdef CONFIG_NUMA_EMU
 /* Numa emulation */
+static struct bootnode nodes[MAX_NUMNODES] __initdata;
+static struct bootnode physnodes[MAX_NUMNODES] __initdata;
 static char *cmdline __initdata;
 
+static int __init setup_physnodes(unsigned long start, unsigned long end,
+                                        int acpi, int k8)
+{
+        int nr_nodes = 0;
+        int ret = 0;
+        int i;
+
+#ifdef CONFIG_ACPI_NUMA
+        if (acpi)
+                nr_nodes = acpi_get_nodes(physnodes);
+#endif
+#ifdef CONFIG_K8_NUMA
+        if (k8)
+                nr_nodes = k8_get_nodes(physnodes);
+#endif
+        /*
+         * Basic sanity checking on the physical node map: there may be errors
+         * if the SRAT or K8 incorrectly reported the topology or the mem=
+         * kernel parameter is used.
+         */
+        for (i = 0; i < nr_nodes; i++) {
+                if (physnodes[i].start == physnodes[i].end)
+                        continue;
+                if (physnodes[i].start > end) {
+                        physnodes[i].end = physnodes[i].start;
+                        continue;
+                }
+                if (physnodes[i].end < start) {
+                        physnodes[i].start = physnodes[i].end;
+                        continue;
+                }
+                if (physnodes[i].start < start)
+                        physnodes[i].start = start;
+                if (physnodes[i].end > end)
+                        physnodes[i].end = end;
+        }
+
+        /*
+         * Remove all nodes that have no memory or were truncated because of the
+         * limited address range.
+         */
+        for (i = 0; i < nr_nodes; i++) {
+                if (physnodes[i].start == physnodes[i].end)
+                        continue;
+                physnodes[ret].start = physnodes[i].start;
+                physnodes[ret].end = physnodes[i].end;
+                ret++;
+        }
+
+        /*
+         * If no physical topology was detected, a single node is faked to cover
+         * the entire address space.
+         */
+        if (!ret) {
+                physnodes[ret].start = start;
+                physnodes[ret].end = end;
+                ret = 1;
+        }
+        return ret;
+}
+
 /*
  * Setups up nid to range from addr to addr + size.  If the end
  * boundary is greater than max_addr, then max_addr is used instead.
@@ -315,11 +384,9 @@ static char *cmdline __initdata;
  * allocation past addr and -1 otherwise.  addr is adjusted to be at
  * the end of the node.
  */
-static int __init setup_node_range(int nid, struct bootnode *nodes, u64 *addr,
-                                   u64 size, u64 max_addr)
+static int __init setup_node_range(int nid, u64 *addr, u64 size, u64 max_addr)
 {
         int ret = 0;
-
         nodes[nid].start = *addr;
         *addr += size;
         if (*addr >= max_addr) {
@@ -335,12 +402,111 @@ static int __init setup_node_range(int nid, struct bootnode *nodes, u64 *addr,
 }
 
 /*
+ * Sets up nr_nodes fake nodes interleaved over physical nodes ranging from addr
+ * to max_addr.  The return value is the number of nodes allocated.
+ */
+static int __init split_nodes_interleave(u64 addr, u64 max_addr,
+                                                int nr_phys_nodes, int nr_nodes)
+{
+        nodemask_t physnode_mask = NODE_MASK_NONE;
+        u64 size;
+        int big;
+        int ret = 0;
+        int i;
+
+        if (nr_nodes <= 0)
+                return -1;
+        if (nr_nodes > MAX_NUMNODES) {
+                pr_info("numa=fake=%d too large, reducing to %d\n",
+                        nr_nodes, MAX_NUMNODES);
+                nr_nodes = MAX_NUMNODES;
+        }
+
+        size = (max_addr - addr - e820_hole_size(addr, max_addr)) / nr_nodes;
+        /*
+         * Calculate the number of big nodes that can be allocated as a result
+         * of consolidating the remainder.
+         */
+        big = ((size & ~FAKE_NODE_MIN_HASH_MASK) & nr_nodes) /
+                FAKE_NODE_MIN_SIZE;
+
+        size &= FAKE_NODE_MIN_HASH_MASK;
+        if (!size) {
+                pr_err("Not enough memory for each node.  "
+                        "NUMA emulation disabled.\n");
+                return -1;
+        }
+
+        for (i = 0; i < nr_phys_nodes; i++)
+                if (physnodes[i].start != physnodes[i].end)
+                        node_set(i, physnode_mask);
+
+        /*
+         * Continue to fill physical nodes with fake nodes until there is no
+         * memory left on any of them.
+         */
+        while (nodes_weight(physnode_mask)) {
+                for_each_node_mask(i, physnode_mask) {
+                        u64 end = physnodes[i].start + size;
+                        u64 dma32_end = PFN_PHYS(MAX_DMA32_PFN);
+
+                        if (ret < big)
+                                end += FAKE_NODE_MIN_SIZE;
+
+                        /*
+                         * Continue to add memory to this fake node if its
+                         * non-reserved memory is less than the per-node size.
+                         */
+                        while (end - physnodes[i].start -
+                                e820_hole_size(physnodes[i].start, end) < size) {
+                                end += FAKE_NODE_MIN_SIZE;
+                                if (end > physnodes[i].end) {
+                                        end = physnodes[i].end;
+                                        break;
+                                }
+                        }
+
+                        /*
+                         * If there won't be at least FAKE_NODE_MIN_SIZE of
+                         * non-reserved memory in ZONE_DMA32 for the next node,
+                         * this one must extend to the boundary.
+                         */
+                        if (end < dma32_end && dma32_end - end -
+                            e820_hole_size(end, dma32_end) < FAKE_NODE_MIN_SIZE)
+                                end = dma32_end;
+
+                        /*
+                         * If there won't be enough non-reserved memory for the
+                         * next node, this one must extend to the end of the
+                         * physical node.
+                         */
+                        if (physnodes[i].end - end -
+                            e820_hole_size(end, physnodes[i].end) < size)
+                                end = physnodes[i].end;
+
+                        /*
+                         * Avoid allocating more nodes than requested, which can
+                         * happen as a result of rounding down each node's size
+                         * to FAKE_NODE_MIN_SIZE.
+                         */
+                        if (nodes_weight(physnode_mask) + ret >= nr_nodes)
+                                end = physnodes[i].end;
+
+                        if (setup_node_range(ret++, &physnodes[i].start,
+                                                end - physnodes[i].start,
+                                                physnodes[i].end) < 0)
+                                node_clear(i, physnode_mask);
+                }
+        }
+        return ret;
+}
+
+/*
  * Splits num_nodes nodes up equally starting at node_start.  The return value
  * is the number of nodes split up and addr is adjusted to be at the end of the
  * last node allocated.
  */
-static int __init split_nodes_equally(struct bootnode *nodes, u64 *addr,
-                                      u64 max_addr, int node_start,
+static int __init split_nodes_equally(u64 *addr, u64 max_addr, int node_start,
                                       int num_nodes)
 {
         unsigned int big;
@@ -388,7 +554,7 @@ static int __init split_nodes_equally(struct bootnode *nodes, u64 *addr,
                                         break;
                                 }
                         }
-                if (setup_node_range(i, nodes, addr, end - *addr, max_addr) < 0)
+                if (setup_node_range(i, addr, end - *addr, max_addr) < 0)
                         break;
         }
         return i - node_start + 1;
@@ -399,12 +565,12 @@ static int __init split_nodes_equally(struct bootnode *nodes, u64 *addr,
  * always assigned to a final node and can be asymmetric.  Returns the number of
  * nodes split.
  */
-static int __init split_nodes_by_size(struct bootnode *nodes, u64 *addr,
-                                      u64 max_addr, int node_start, u64 size)
+static int __init split_nodes_by_size(u64 *addr, u64 max_addr, int node_start,
+                                      u64 size)
 {
         int i = node_start;
         size = (size << 20) & FAKE_NODE_MIN_HASH_MASK;
-        while (!setup_node_range(i++, nodes, addr, size, max_addr))
+        while (!setup_node_range(i++, addr, size, max_addr))
                 ;
         return i - node_start;
 }
@@ -413,15 +579,15 @@ static int __init split_nodes_by_size(struct bootnode *nodes, u64 *addr,
  * Sets up the system RAM area from start_pfn to last_pfn according to the
  * numa=fake command-line option.
  */
-static struct bootnode nodes[MAX_NUMNODES] __initdata;
-
-static int __init numa_emulation(unsigned long start_pfn, unsigned long last_pfn)
+static int __init numa_emulation(unsigned long start_pfn,
+                        unsigned long last_pfn, int acpi, int k8)
 {
         u64 size, addr = start_pfn << PAGE_SHIFT;
         u64 max_addr = last_pfn << PAGE_SHIFT;
         int num_nodes = 0, num = 0, coeff_flag, coeff = -1, i;
+        int num_phys_nodes;
 
-        memset(&nodes, 0, sizeof(nodes));
+        num_phys_nodes = setup_physnodes(addr, max_addr, acpi, k8);
         /*
          * If the numa=fake command-line is just a single number N, split the
          * system RAM into N fake nodes.
@@ -429,7 +595,8 @@ static int __init numa_emulation(unsigned long start_pfn, unsigned long last_pfn
         if (!strchr(cmdline, '*') && !strchr(cmdline, ',')) {
                 long n = simple_strtol(cmdline, NULL, 0);
 
-                num_nodes = split_nodes_equally(nodes, &addr, max_addr, 0, n);
+                num_nodes = split_nodes_interleave(addr, max_addr,
+                                                        num_phys_nodes, n);
                 if (num_nodes < 0)
                         return num_nodes;
                 goto out;
@@ -456,8 +623,8 @@ static int __init numa_emulation(unsigned long start_pfn, unsigned long last_pfn
                         size = ((u64)num << 20) & FAKE_NODE_MIN_HASH_MASK;
                         if (size)
                                 for (i = 0; i < coeff; i++, num_nodes++)
-                                        if (setup_node_range(num_nodes, nodes,
-                                                &addr, size, max_addr) < 0)
+                                        if (setup_node_range(num_nodes, &addr,
+                                                size, max_addr) < 0)
                                                 goto done;
                         if (!*cmdline)
                                 break;
@@ -473,7 +640,7 @@ done:
         if (addr < max_addr) {
                 if (coeff_flag && coeff < 0) {
                         /* Split remaining nodes into num-sized chunks */
-                        num_nodes += split_nodes_by_size(nodes, &addr, max_addr,
+                        num_nodes += split_nodes_by_size(&addr, max_addr,
                                                          num_nodes, num);
                         goto out;
                 }
@@ -482,7 +649,7 @@ done:
                         /* Split remaining nodes into coeff chunks */
                         if (coeff <= 0)
                                 break;
-                        num_nodes += split_nodes_equally(nodes, &addr, max_addr,
+                        num_nodes += split_nodes_equally(&addr, max_addr,
                                                          num_nodes, coeff);
                         break;
                 case ',':
@@ -490,8 +657,8 @@ done:
                         break;
                 default:
                         /* Give one final node */
-                        setup_node_range(num_nodes, nodes, &addr,
-                                         max_addr - addr, max_addr);
+                        setup_node_range(num_nodes, &addr, max_addr - addr,
+                                         max_addr);
                         num_nodes++;
                 }
         }
@@ -505,14 +672,10 @@ out:
         }
 
         /*
-         * We need to vacate all active ranges that may have been registered by
-         * SRAT and set acpi_numa to -1 so that srat_disabled() always returns
-         * true.  NUMA emulation has succeeded so we will not scan ACPI nodes.
+         * We need to vacate all active ranges that may have been registered for
+         * the e820 memory map.
          */
         remove_all_active_ranges();
-#ifdef CONFIG_ACPI_NUMA
-        acpi_numa = -1;
-#endif
         for_each_node_mask(i, node_possible_map) {
                 e820_register_active_regions(i, nodes[i].start >> PAGE_SHIFT,
                                                 nodes[i].end >> PAGE_SHIFT);
@@ -524,7 +687,8 @@ out:
 }
 #endif /* CONFIG_NUMA_EMU */
 
-void __init initmem_init(unsigned long start_pfn, unsigned long last_pfn)
+void __init initmem_init(unsigned long start_pfn, unsigned long last_pfn,
+                                int acpi, int k8)
 {
         int i;
 
@@ -532,23 +696,22 @@ void __init initmem_init(unsigned long start_pfn, unsigned long last_pfn)
         nodes_clear(node_online_map);
 
 #ifdef CONFIG_NUMA_EMU
-        if (cmdline && !numa_emulation(start_pfn, last_pfn))
+        if (cmdline && !numa_emulation(start_pfn, last_pfn, acpi, k8))
                 return;
         nodes_clear(node_possible_map);
         nodes_clear(node_online_map);
 #endif
 
 #ifdef CONFIG_ACPI_NUMA
-        if (!numa_off && !acpi_scan_nodes(start_pfn << PAGE_SHIFT,
-                                          last_pfn << PAGE_SHIFT))
+        if (!numa_off && acpi && !acpi_scan_nodes(start_pfn << PAGE_SHIFT,
+                                                  last_pfn << PAGE_SHIFT))
                 return;
         nodes_clear(node_possible_map);
         nodes_clear(node_online_map);
 #endif
 
 #ifdef CONFIG_K8_NUMA
-        if (!numa_off && !k8_scan_nodes(start_pfn<<PAGE_SHIFT,
-                                        last_pfn<<PAGE_SHIFT))
+        if (!numa_off && k8 && !k8_scan_nodes())
                 return;
         nodes_clear(node_possible_map);
         nodes_clear(node_online_map);
@@ -601,6 +764,25 @@ static __init int numa_setup(char *opt)
 early_param("numa", numa_setup);
 
 #ifdef CONFIG_NUMA
+
+static __init int find_near_online_node(int node)
+{
+        int n, val;
+        int min_val = INT_MAX;
+        int best_node = -1;
+
+        for_each_online_node(n) {
+                val = node_distance(node, n);
+
+                if (val < min_val) {
+                        min_val = val;
+                        best_node = n;
+                }
+        }
+
+        return best_node;
+}
+
 /*
  * Setup early cpu_to_node.
  *
@@ -632,7 +814,7 @@ void __init init_cpu_to_node(void)
                 if (node == NUMA_NO_NODE)
                         continue;
                 if (!node_online(node))
-                        continue;
+                        node = find_near_online_node(node);
                 numa_set_node(cpu, node);
         }
 }
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index dd38bfbefd1f..1d4eb93d333c 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -279,6 +279,22 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
                    __pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
                 pgprot_val(forbidden) |= _PAGE_RW;
 
+#if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
+        /*
+         * Once the kernel maps the text as RO (kernel_set_to_readonly is set),
+         * kernel text mappings for the large page aligned text, rodata sections
+         * will be always read-only. For the kernel identity mappings covering
+         * the holes caused by this alignment can be anything that user asks.
+         *
+         * This will preserve the large page mappings for kernel text/data
+         * at no extra cost.
+         */
+        if (kernel_set_to_readonly &&
+            within(address, (unsigned long)_text,
+                   (unsigned long)__end_rodata_hpage_align))
+                pgprot_val(forbidden) |= _PAGE_RW;
+#endif
+
         prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
 
         return prot;
@@ -1069,12 +1085,18 @@ EXPORT_SYMBOL(set_memory_array_wb);
 
 int set_memory_x(unsigned long addr, int numpages)
 {
+        if (!(__supported_pte_mask & _PAGE_NX))
+                return 0;
+
         return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_NX), 0);
 }
 EXPORT_SYMBOL(set_memory_x);
 
 int set_memory_nx(unsigned long addr, int numpages)
 {
+        if (!(__supported_pte_mask & _PAGE_NX))
+                return 0;
+
         return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_NX), 0);
 }
 EXPORT_SYMBOL(set_memory_nx);
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index e78cd0ec2bcf..ae9648eb1c7f 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -20,6 +20,7 @@
 #include <asm/cacheflush.h>
 #include <asm/processor.h>
 #include <asm/tlbflush.h>
+#include <asm/x86_init.h>
 #include <asm/pgtable.h>
 #include <asm/fcntl.h>
 #include <asm/e820.h>
@@ -355,9 +356,6 @@ static int free_ram_pages_type(u64 start, u64 end)
  * - _PAGE_CACHE_UC_MINUS
  * - _PAGE_CACHE_UC
  *
- * req_type will have a special case value '-1', when requester want to inherit
- * the memory type from mtrr (if WB), existing PAT, defaulting to UC_MINUS.
- *
  * If new_type is NULL, function will return an error if it cannot reserve the
  * region with req_type. If new_type is non-NULL, function will return
  * available type in new_type in case of no error. In case of any error
@@ -377,9 +375,7 @@ int reserve_memtype(u64 start, u64 end, unsigned long req_type,
         if (!pat_enabled) {
                 /* This is identical to page table setting without PAT */
                 if (new_type) {
-                        if (req_type == -1)
-                                *new_type = _PAGE_CACHE_WB;
-                        else if (req_type == _PAGE_CACHE_WC)
+                        if (req_type == _PAGE_CACHE_WC)
                                 *new_type = _PAGE_CACHE_UC_MINUS;
                         else
                                 *new_type = req_type & _PAGE_CACHE_MASK;
@@ -388,7 +384,7 @@ int reserve_memtype(u64 start, u64 end, unsigned long req_type,
         }
 
         /* Low ISA region is always mapped WB in page table. No need to track */
-        if (is_ISA_range(start, end - 1)) {
+        if (x86_platform.is_untracked_pat_range(start, end)) {
                 if (new_type)
                         *new_type = _PAGE_CACHE_WB;
                 return 0;
@@ -499,7 +495,7 @@ int free_memtype(u64 start, u64 end)
                 return 0;
 
         /* Low ISA region is always mapped WB. No need to track */
-        if (is_ISA_range(start, end - 1))
+        if (x86_platform.is_untracked_pat_range(start, end))
                 return 0;
 
         is_range_ram = pat_pagerange_is_ram(start, end);
@@ -582,7 +578,7 @@ static unsigned long lookup_memtype(u64 paddr)
         int rettype = _PAGE_CACHE_WB;
         struct memtype *entry;
 
-        if (is_ISA_range(paddr, paddr + PAGE_SIZE - 1))
+        if (x86_platform.is_untracked_pat_range(paddr, paddr + PAGE_SIZE))
                 return rettype;
 
         if (pat_pagerange_is_ram(paddr, paddr + PAGE_SIZE)) {
@@ -708,9 +704,8 @@ int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn,
         if (!range_is_allowed(pfn, size))
                 return 0;
 
-        if (file->f_flags & O_SYNC) {
+        if (file->f_flags & O_DSYNC)
                 flags = _PAGE_CACHE_UC_MINUS;
-        }
 
 #ifdef CONFIG_X86_32
         /*
@@ -1018,8 +1013,10 @@ static const struct file_operations memtype_fops = {
 
 static int __init pat_memtype_list_init(void)
 {
-        debugfs_create_file("pat_memtype_list", S_IRUSR, arch_debugfs_dir,
-                                NULL, &memtype_fops);
+        if (pat_enabled) {
+                debugfs_create_file("pat_memtype_list", S_IRUSR,
+                                    arch_debugfs_dir, NULL, &memtype_fops);
+        }
         return 0;
 }
 
diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
index 513d8ed5d2ec..a3250aa34086 100644
--- a/arch/x86/mm/setup_nx.c
+++ b/arch/x86/mm/setup_nx.c
@@ -3,10 +3,8 @@
 #include <linux/init.h>
 
 #include <asm/pgtable.h>
+#include <asm/proto.h>
 
-int nx_enabled;
-
-#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
 static int disable_nx __cpuinitdata;
 
 /*
@@ -22,48 +20,41 @@ static int __init noexec_setup(char *str)
         if (!str)
                 return -EINVAL;
         if (!strncmp(str, "on", 2)) {
-                __supported_pte_mask |= _PAGE_NX;
                 disable_nx = 0;
         } else if (!strncmp(str, "off", 3)) {
                 disable_nx = 1;
-                __supported_pte_mask &= ~_PAGE_NX;
         }
+        x86_configure_nx();
         return 0;
 }
 early_param("noexec", noexec_setup);
-#endif
 
-#ifdef CONFIG_X86_PAE
-void __init set_nx(void)
+void __cpuinit x86_configure_nx(void)
 {
-        unsigned int v[4], l, h;
-
-        if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
-                cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
+        if (cpu_has_nx && !disable_nx)
+                __supported_pte_mask |= _PAGE_NX;
+        else
+                __supported_pte_mask &= ~_PAGE_NX;
+}
 
-                if ((v[3] & (1 << 20)) && !disable_nx) {
-                        rdmsr(MSR_EFER, l, h);
-                        l |= EFER_NX;
-                        wrmsr(MSR_EFER, l, h);
-                        nx_enabled = 1;
-                        __supported_pte_mask |= _PAGE_NX;
+void __init x86_report_nx(void)
+{
+        if (!cpu_has_nx) {
+                printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
+                       "missing in CPU or disabled in BIOS!\n");
+        } else {
+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
+                if (disable_nx) {
+                        printk(KERN_INFO "NX (Execute Disable) protection: "
+                               "disabled by kernel command line option\n");
+                } else {
+                        printk(KERN_INFO "NX (Execute Disable) protection: "
+                               "active\n");
                 }
-        }
-}
 #else
-void set_nx(void)
-{
-}
+                /* 32bit non-PAE kernel, NX cannot be used */
+                printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
+                       "cannot be enabled: non-PAE kernel!\n");
 #endif
-
-#ifdef CONFIG_X86_64
-void __cpuinit check_efer(void)
-{
-        unsigned long efer;
-
-        rdmsrl(MSR_EFER, efer);
-        if (!(efer & EFER_NX) || disable_nx)
-                __supported_pte_mask &= ~_PAGE_NX;
+        }
 }
-#endif
-
diff --git a/arch/x86/mm/srat_32.c b/arch/x86/mm/srat_32.c
index 6f8aa33031c7..9324f13492d5 100644
--- a/arch/x86/mm/srat_32.c
+++ b/arch/x86/mm/srat_32.c
@@ -267,6 +267,8 @@ int __init get_memcfg_from_srat(void)
                 e820_register_active_regions(chunk->nid, chunk->start_pfn,
                                              min(chunk->end_pfn, max_pfn));
         }
+        /* for out of order entries in SRAT */
+        sort_node_map();
 
         for_each_online_node(nid) {
                 unsigned long start = node_start_pfn[nid];
diff --git a/arch/x86/mm/srat_64.c b/arch/x86/mm/srat_64.c
index dbb5381f7b3b..a27124185fc1 100644
--- a/arch/x86/mm/srat_64.c
+++ b/arch/x86/mm/srat_64.c
@@ -136,7 +136,7 @@ acpi_numa_x2apic_affinity_init(struct acpi_srat_x2apic_cpu_affinity *pa)
         apicid_to_node[apic_id] = node;
         node_set(node, cpu_nodes_parsed);
         acpi_numa = 1;
-        printk(KERN_INFO "SRAT: PXM %u -> APIC %u -> Node %u\n",
+        printk(KERN_INFO "SRAT: PXM %u -> APIC 0x%04x -> Node %u\n",
                pxm, apic_id, node);
 }
 
@@ -170,7 +170,7 @@ acpi_numa_processor_affinity_init(struct acpi_srat_cpu_affinity *pa)
         apicid_to_node[apic_id] = node;
         node_set(node, cpu_nodes_parsed);
         acpi_numa = 1;
-        printk(KERN_INFO "SRAT: PXM %u -> APIC %u -> Node %u\n",
+        printk(KERN_INFO "SRAT: PXM %u -> APIC 0x%02x -> Node %u\n",
                pxm, apic_id, node);
 }
 
@@ -290,8 +290,6 @@ acpi_numa_memory_affinity_init(struct acpi_srat_mem_affinity *ma)
 
         printk(KERN_INFO "SRAT: Node %u PXM %u %lx-%lx\n", node, pxm,
                start, end);
-        e820_register_active_regions(node, start >> PAGE_SHIFT,
-                                     end >> PAGE_SHIFT);
 
         if (ma->flags & ACPI_SRAT_MEM_HOT_PLUGGABLE) {
                 update_nodes_add(node, start, end);
@@ -319,7 +317,7 @@ static int __init nodes_cover_memory(const struct bootnode *nodes)
                 unsigned long s = nodes[i].start >> PAGE_SHIFT;
                 unsigned long e = nodes[i].end >> PAGE_SHIFT;
                 pxmram += e - s;
-                pxmram -= absent_pages_in_range(s, e);
+                pxmram -= __absent_pages_in_range(i, s, e);
                 if ((long)pxmram < 0)
                         pxmram = 0;
         }
@@ -338,6 +336,19 @@ static int __init nodes_cover_memory(const struct bootnode *nodes)
 
 void __init acpi_numa_arch_fixup(void) {}
 
+int __init acpi_get_nodes(struct bootnode *physnodes)
+{
+        int i;
+        int ret = 0;
+
+        for_each_node_mask(i, nodes_parsed) {
+                physnodes[ret].start = nodes[i].start;
+                physnodes[ret].end = nodes[i].end;
+                ret++;
+        }
+        return ret;
+}
+
 /* Use the information discovered above to actually set up the nodes. */
 int __init acpi_scan_nodes(unsigned long start, unsigned long end)
 {
@@ -350,11 +361,6 @@ int __init acpi_scan_nodes(unsigned long start, unsigned long end)
         for (i = 0; i < MAX_NUMNODES; i++)
                 cutoff_node(i, start, end);
 
-        if (!nodes_cover_memory(nodes)) {
-                bad_srat();
-                return -1;
-        }
-
         memnode_shift = compute_hash_shift(node_memblk_range, num_node_memblks,
                                            memblk_nodeid);
         if (memnode_shift < 0) {
@@ -364,6 +370,16 @@ int __init acpi_scan_nodes(unsigned long start, unsigned long end)
                 return -1;
         }
 
+        for_each_node_mask(i, nodes_parsed)
+                e820_register_active_regions(i, nodes[i].start >> PAGE_SHIFT,
+                                                nodes[i].end >> PAGE_SHIFT);
+        /* for out of order entries in SRAT */
+        sort_node_map();
+        if (!nodes_cover_memory(nodes)) {
+                bad_srat();
+                return -1;
+        }
+
         /* Account for nodes with cpus and no memory */
         nodes_or(node_possible_map, nodes_parsed, cpu_nodes_parsed);
 
@@ -454,7 +470,6 @@ void __init acpi_fake_nodes(const struct bootnode *fake_nodes, int num_nodes)
         for (i = 0; i < num_nodes; i++)
                 if (fake_nodes[i].start != fake_nodes[i].end)
                         node_set(i, nodes_parsed);
-        WARN_ON(!nodes_cover_memory(fake_nodes));
 }
 
 static int null_slit_node_compare(int a, int b)
diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c
index 427fd1b56df5..8565d944f7cf 100644
--- a/arch/x86/mm/testmmiotrace.c
+++ b/arch/x86/mm/testmmiotrace.c
@@ -1,12 +1,13 @@
 /*
  * Written by Pekka Paalanen, 2008-2009 <pq@iki.fi>
  */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/module.h>
 #include <linux/io.h>
 #include <linux/mmiotrace.h>
 
-#define MODULE_NAME "testmmiotrace"
-
 static unsigned long mmio_address;
 module_param(mmio_address, ulong, 0);
 MODULE_PARM_DESC(mmio_address, " Start address of the mapping of 16 kB "
@@ -30,7 +31,7 @@ static unsigned v32(unsigned i)
 static void do_write_test(void __iomem *p)
 {
         unsigned int i;
-        pr_info(MODULE_NAME ": write test.\n");
+        pr_info("write test.\n");
         mmiotrace_printk("Write test.\n");
 
         for (i = 0; i < 256; i++)
@@ -47,7 +48,7 @@ static void do_read_test(void __iomem *p)
 {
         unsigned int i;
         unsigned errs[3] = { 0 };
-        pr_info(MODULE_NAME ": read test.\n");
+        pr_info("read test.\n");
         mmiotrace_printk("Read test.\n");
 
         for (i = 0; i < 256; i++)
@@ -68,7 +69,7 @@ static void do_read_test(void __iomem *p)
 
 static void do_read_far_test(void __iomem *p)
 {
-        pr_info(MODULE_NAME ": read far test.\n");
+        pr_info("read far test.\n");
         mmiotrace_printk("Read far test.\n");
 
         ioread32(p + read_far);
@@ -78,7 +79,7 @@ static void do_test(unsigned long size)
 {
         void __iomem *p = ioremap_nocache(mmio_address, size);
         if (!p) {
-                pr_err(MODULE_NAME ": could not ioremap, aborting.\n");
+                pr_err("could not ioremap, aborting.\n");
                 return;
         }
         mmiotrace_printk("ioremap returned %p.\n", p);
@@ -94,24 +95,22 @@ static int __init init(void)
         unsigned long size = (read_far) ? (8 << 20) : (16 << 10);
 
         if (mmio_address == 0) {
-                pr_err(MODULE_NAME ": you have to use the module argument "
-                                                        "mmio_address.\n");
-                pr_err(MODULE_NAME ": DO NOT LOAD THIS MODULE UNLESS"
-                                " YOU REALLY KNOW WHAT YOU ARE DOING!\n");
+                pr_err("you have to use the module argument mmio_address.\n");
+                pr_err("DO NOT LOAD THIS MODULE UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!\n");
                 return -ENXIO;
         }
 
-        pr_warning(MODULE_NAME ": WARNING: mapping %lu kB @ 0x%08lx in PCI "
-                "address space, and writing 16 kB of rubbish in there.\n",
-                 size >> 10, mmio_address);
+        pr_warning("WARNING: mapping %lu kB @ 0x%08lx in PCI address space, "
+                   "and writing 16 kB of rubbish in there.\n",
+                   size >> 10, mmio_address);
         do_test(size);
-        pr_info(MODULE_NAME ": All done.\n");
+        pr_info("All done.\n");
         return 0;
 }
 
 static void __exit cleanup(void)
 {
-        pr_debug(MODULE_NAME ": unloaded.\n");
+        pr_debug("unloaded.\n");
 }
 
 module_init(init);
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 36fe08eeb5c3..65b58e4b0b8b 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -8,6 +8,7 @@
 
 #include <asm/tlbflush.h>
 #include <asm/mmu_context.h>
+#include <asm/cache.h>
 #include <asm/apic.h>
 #include <asm/uv/uv.h>
 
@@ -43,7 +44,7 @@ union smp_flush_state {
                 spinlock_t tlbstate_lock;
                 DECLARE_BITMAP(flush_cpumask, NR_CPUS);
         };
-        char pad[CONFIG_X86_INTERNODE_CACHE_BYTES];
+        char pad[INTERNODE_CACHE_BYTES];
 } ____cacheline_internodealigned_in_smp;
 
 /* State is put into the per CPU data section, but padded
diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c
index 044897be021f..3855096c59b8 100644
--- a/arch/x86/oprofile/backtrace.c
+++ b/arch/x86/oprofile/backtrace.c
@@ -41,10 +41,11 @@ static void backtrace_address(void *data, unsigned long addr, int reliable)
 }
 
 static struct stacktrace_ops backtrace_ops = {
-        .warning = backtrace_warning,
-        .warning_symbol = backtrace_warning_symbol,
-        .stack = backtrace_stack,
-        .address = backtrace_address,
+        .warning        = backtrace_warning,
+        .warning_symbol = backtrace_warning_symbol,
+        .stack          = backtrace_stack,
+        .address        = backtrace_address,
+        .walk_stack     = print_context_stack,
 };
 
 struct frame_head {
diff --git a/arch/x86/pci/Makefile b/arch/x86/pci/Makefile
index d49202e740ea..564b008a51c7 100644
--- a/arch/x86/pci/Makefile
+++ b/arch/x86/pci/Makefile
@@ -15,3 +15,8 @@ obj-$(CONFIG_X86_NUMAQ)		+= numaq_32.o
 
 obj-y                           += common.o early.o
 obj-y                           += amd_bus.o
+obj-$(CONFIG_X86_64)            += bus_numa.o intel_bus.o
+
+ifeq ($(CONFIG_PCI_DEBUG),y)
+EXTRA_CFLAGS += -DDEBUG
+endif
diff --git a/arch/x86/pci/acpi.c b/arch/x86/pci/acpi.c
index 1014eb4bfc37..959e548a7039 100644
--- a/arch/x86/pci/acpi.c
+++ b/arch/x86/pci/acpi.c
@@ -7,6 +7,7 @@
 #include <asm/pci_x86.h>
 
 struct pci_root_info {
+        struct acpi_device *bridge;
         char *name;
         unsigned int res_num;
         struct resource *res;
@@ -58,6 +59,30 @@ bus_has_transparent_bridge(struct pci_bus *bus)
         return false;
 }
 
+static void
+align_resource(struct acpi_device *bridge, struct resource *res)
+{
+        int align = (res->flags & IORESOURCE_MEM) ? 16 : 4;
+
+        /*
+         * Host bridge windows are not BARs, but the decoders on the PCI side
+         * that claim this address space have starting alignment and length
+         * constraints, so fix any obvious BIOS goofs.
+         */
+        if (!IS_ALIGNED(res->start, align)) {
+                dev_printk(KERN_DEBUG, &bridge->dev,
+                           "host bridge window %pR invalid; "
+                           "aligning start to %d-byte boundary\n", res, align);
+                res->start &= ~(align - 1);
+        }
+        if (!IS_ALIGNED(res->end + 1, align)) {
+                dev_printk(KERN_DEBUG, &bridge->dev,
+                           "host bridge window %pR invalid; "
+                           "aligning end to %d-byte boundary\n", res, align);
+                res->end = ALIGN(res->end, align) - 1;
+        }
+}
+
 static acpi_status
 setup_resource(struct acpi_resource *acpi_res, void *data)
 {
@@ -91,11 +116,12 @@ setup_resource(struct acpi_resource *acpi_res, void *data)
         start = addr.minimum + addr.translation_offset;
         end = start + addr.address_length - 1;
         if (info->res_num >= max_root_bus_resources) {
-                printk(KERN_WARNING "PCI: Failed to allocate 0x%lx-0x%lx "
-                        "from %s for %s due to _CRS returning more than "
-                        "%d resource descriptors\n", (unsigned long) start,
-                        (unsigned long) end, root->name, info->name,
-                        max_root_bus_resources);
+                if (pci_probe & PCI_USE__CRS)
+                        printk(KERN_WARNING "PCI: Failed to allocate "
+                               "0x%lx-0x%lx from %s for %s due to _CRS "
+                               "returning more than %d resource descriptors\n",
+                               (unsigned long) start, (unsigned long) end,
+                               root->name, info->name, max_root_bus_resources);
                 return AE_OK;
         }
 
@@ -105,14 +131,28 @@ setup_resource(struct acpi_resource *acpi_res, void *data)
         res->start = start;
         res->end = end;
         res->child = NULL;
+        align_resource(info->bridge, res);
+
+        if (!(pci_probe & PCI_USE__CRS)) {
+                dev_printk(KERN_DEBUG, &info->bridge->dev,
+                           "host bridge window %pR (ignored)\n", res);
+                return AE_OK;
+        }
 
         if (insert_resource(root, res)) {
-                printk(KERN_ERR "PCI: Failed to allocate 0x%lx-0x%lx "
-                        "from %s for %s\n", (unsigned long) res->start,
-                        (unsigned long) res->end, root->name, info->name);
+                dev_err(&info->bridge->dev,
+                        "can't allocate host bridge window %pR\n", res);
         } else {
                 info->bus->resource[info->res_num] = res;
                 info->res_num++;
+                if (addr.translation_offset)
+                        dev_info(&info->bridge->dev, "host bridge window %pR "
+                                 "(PCI address [%#llx-%#llx])\n",
+                                 res, res->start - addr.translation_offset,
+                                 res->end - addr.translation_offset);
+                else
+                        dev_info(&info->bridge->dev,
+                                 "host bridge window %pR\n", res);
         }
         return AE_OK;
 }
@@ -124,6 +164,12 @@ get_current_resources(struct acpi_device *device, int busnum,
         struct pci_root_info info;
         size_t size;
 
+        if (!(pci_probe & PCI_USE__CRS))
+                dev_info(&device->dev,
+                         "ignoring host bridge windows from ACPI; "
+                         "boot with \"pci=use_crs\" to use them\n");
+
+        info.bridge = device;
         info.bus = bus;
         info.res_num = 0;
         acpi_walk_resources(device->handle, METHOD_NAME__CRS, count_resource,
@@ -163,8 +209,9 @@ struct pci_bus * __devinit pci_acpi_scan_root(struct acpi_device *device, int do
 #endif
 
         if (domain && !pci_domains_supported) {
-                printk(KERN_WARNING "PCI: Multiple domains not supported "
-                       "(dom %d, bus %d)\n", domain, busnum);
+                printk(KERN_WARNING "pci_bus %04x:%02x: "
+                       "ignored (multiple domains not supported)\n",
+                       domain, busnum);
                 return NULL;
         }
 
@@ -188,7 +235,8 @@ struct pci_bus * __devinit pci_acpi_scan_root(struct acpi_device *device, int do
          */
         sd = kzalloc(sizeof(*sd), GFP_KERNEL);
         if (!sd) {
-                printk(KERN_ERR "PCI: OOM, not probing PCI bus %02x\n", busnum);
+                printk(KERN_WARNING "pci_bus %04x:%02x: "
+                       "ignored (out of memory)\n", domain, busnum);
                 return NULL;
         }
 
@@ -209,9 +257,7 @@ struct pci_bus * __devinit pci_acpi_scan_root(struct acpi_device *device, int do
         } else {
                 bus = pci_create_bus(NULL, busnum, &pci_root_ops, sd);
                 if (bus) {
-                        if (pci_probe & PCI_USE__CRS)
-                                get_current_resources(device, busnum, domain,
-                                                        bus);
+                        get_current_resources(device, busnum, domain, bus);
                         bus->subordinate = pci_scan_child_bus(bus);
                 }
         }
diff --git a/arch/x86/pci/amd_bus.c b/arch/x86/pci/amd_bus.c
index 572ee9782f2a..95ecbd495955 100644
--- a/arch/x86/pci/amd_bus.c
+++ b/arch/x86/pci/amd_bus.c
@@ -6,10 +6,10 @@
 
 #ifdef CONFIG_X86_64
 #include <asm/pci-direct.h>
-#include <asm/mpspec.h>
-#include <linux/cpumask.h>
 #endif
 
+#include "bus_numa.h"
+
 /*
  * This discovers the pcibus <-> node mapping on AMD K8.
  * also get peer root bus resource for io,mmio
@@ -17,67 +17,6 @@
 
 #ifdef CONFIG_X86_64
 
-/*
- * sub bus (transparent) will use entres from 3 to store extra from root,
- * so need to make sure have enought slot there, increase PCI_BUS_NUM_RESOURCES?
- */
-#define RES_NUM 16
-struct pci_root_info {
-        char name[12];
-        unsigned int res_num;
-        struct resource res[RES_NUM];
-        int bus_min;
-        int bus_max;
-        int node;
-        int link;
-};
-
-/* 4 at this time, it may become to 32 */
-#define PCI_ROOT_NR 4
-static int pci_root_num;
-static struct pci_root_info pci_root_info[PCI_ROOT_NR];
-
-void x86_pci_root_bus_res_quirks(struct pci_bus *b)
-{
-        int i;
-        int j;
-        struct pci_root_info *info;
-
-        /* don't go for it if _CRS is used already */
-        if (b->resource[0] != &ioport_resource ||
-            b->resource[1] != &iomem_resource)
-                return;
-
-        /* if only one root bus, don't need to anything */
-        if (pci_root_num < 2)
-                return;
-
-        for (i = 0; i < pci_root_num; i++) {
-                if (pci_root_info[i].bus_min == b->number)
-                        break;
-        }
-
-        if (i == pci_root_num)
-                return;
-
-        printk(KERN_DEBUG "PCI: peer root bus %02x res updated from pci conf\n",
-                        b->number);
-
-        info = &pci_root_info[i];
-        for (j = 0; j < info->res_num; j++) {
-                struct resource *res;
-                struct resource *root;
-
-                res = &info->res[j];
-                b->resource[j] = res;
-                if (res->flags & IORESOURCE_IO)
-                        root = &ioport_resource;
-                else
-                        root = &iomem_resource;
-                insert_resource(root, res);
-        }
-}
-
 #define RANGE_NUM 16
 
 struct res_range {
@@ -130,52 +69,6 @@ static void __init update_range(struct res_range *range, size_t start,
         }
 }
 
-static void __init update_res(struct pci_root_info *info, size_t start,
-                              size_t end, unsigned long flags, int merge)
-{
-        int i;
-        struct resource *res;
-
-        if (!merge)
-                goto addit;
-
-        /* try to merge it with old one */
-        for (i = 0; i < info->res_num; i++) {
-                size_t final_start, final_end;
-                size_t common_start, common_end;
-
-                res = &info->res[i];
-                if (res->flags != flags)
-                        continue;
-
-                common_start = max((size_t)res->start, start);
-                common_end = min((size_t)res->end, end);
-                if (common_start > common_end + 1)
-                        continue;
-
-                final_start = min((size_t)res->start, start);
-                final_end = max((size_t)res->end, end);
-
-                res->start = final_start;
-                res->end = final_end;
-                return;
-        }
-
-addit:
-
-        /* need to add that */
-        if (info->res_num >= RES_NUM)
-                return;
-
-        res = &info->res[info->res_num];
-        res->name = info->name;
-        res->flags = flags;
-        res->start = start;
-        res->end = end;
-        res->child = NULL;
-        info->res_num++;
-}
-
 struct pci_hostbridge_probe {
         u32 bus;
         u32 slot;
@@ -230,7 +123,6 @@ static int __init early_fill_mp_bus_info(void)
         int j;
         unsigned bus;
         unsigned slot;
-        int found;
         int node;
         int link;
         int def_node;
@@ -247,7 +139,7 @@ static int __init early_fill_mp_bus_info(void)
         if (!early_pci_allowed())
                 return -1;
 
-        found = 0;
+        found_all_numa_early = 0;
         for (i = 0; i < ARRAY_SIZE(pci_probes); i++) {
                 u32 id;
                 u16 device;
@@ -261,12 +153,12 @@ static int __init early_fill_mp_bus_info(void)
                 device = (id>>16) & 0xffff;
                 if (pci_probes[i].vendor == vendor &&
                     pci_probes[i].device == device) {
-                        found = 1;
+                        found_all_numa_early = 1;
                         break;
                 }
         }
 
-        if (!found)
+        if (!found_all_numa_early)
                 return 0;
 
         pci_root_num = 0;
@@ -488,7 +380,7 @@ static int __init early_fill_mp_bus_info(void)
                 info = &pci_root_info[i];
                 res_num = info->res_num;
                 busnum = info->bus_min;
-                printk(KERN_DEBUG "bus: [%02x,%02x] on node %x link %x\n",
+                printk(KERN_DEBUG "bus: [%02x, %02x] on node %x link %x\n",
                        info->bus_min, info->bus_max, info->node, info->link);
                 for (j = 0; j < res_num; j++) {
                         res = &info->res[j];
diff --git a/arch/x86/pci/bus_numa.c b/arch/x86/pci/bus_numa.c
new file mode 100644
index 000000000000..f939d603adfa
--- /dev/null
+++ b/arch/x86/pci/bus_numa.c
@@ -0,0 +1,101 @@
+#include <linux/init.h>
+#include <linux/pci.h>
+
+#include "bus_numa.h"
+
+int pci_root_num;
+struct pci_root_info pci_root_info[PCI_ROOT_NR];
+int found_all_numa_early;
+
+void x86_pci_root_bus_res_quirks(struct pci_bus *b)
+{
+        int i;
+        int j;
+        struct pci_root_info *info;
+
+        /* don't go for it if _CRS is used already */
+        if (b->resource[0] != &ioport_resource ||
+            b->resource[1] != &iomem_resource)
+                return;
+
+        if (!pci_root_num)
+                return;
+
+        /* for amd, if only one root bus, don't need to do anything */
+        if (pci_root_num < 2 && found_all_numa_early)
+                return;
+
+        for (i = 0; i < pci_root_num; i++) {
+                if (pci_root_info[i].bus_min == b->number)
+                        break;
+        }
+
+        if (i == pci_root_num)
+                return;
+
+        printk(KERN_DEBUG "PCI: peer root bus %02x res updated from pci conf\n",
+                        b->number);
+
+        info = &pci_root_info[i];
+        for (j = 0; j < info->res_num; j++) {
+                struct resource *res;
+                struct resource *root;
+
+                res = &info->res[j];
+                b->resource[j] = res;
+                if (res->flags & IORESOURCE_IO)
+                        root = &ioport_resource;
+                else
+                        root = &iomem_resource;
+                insert_resource(root, res);
+        }
+}
+
+void __devinit update_res(struct pci_root_info *info, size_t start,
+                              size_t end, unsigned long flags, int merge)
+{
+        int i;
+        struct resource *res;
+
+        if (start > end)
+                return;
+
+        if (!merge)
+                goto addit;
+
+        /* try to merge it with old one */
+        for (i = 0; i < info->res_num; i++) {
+                size_t final_start, final_end;
+                size_t common_start, common_end;
+
+                res = &info->res[i];
+                if (res->flags != flags)
+                        continue;
+
+                common_start = max((size_t)res->start, start);
+                common_end = min((size_t)res->end, end);
+                if (common_start > common_end + 1)
+                        continue;
+
+                final_start = min((size_t)res->start, start);
+                final_end = max((size_t)res->end, end);
+
+                res->start = final_start;
+                res->end = final_end;
+                return;
+        }
+
+addit:
+
+        /* need to add that */
+        if (info->res_num >= RES_NUM)
+                return;
+
+        res = &info->res[info->res_num];
+        res->name = info->name;
+        res->flags = flags;
+        res->start = start;
+        res->end = end;
+        res->child = NULL;
+        info->res_num++;
+}
diff --git a/arch/x86/pci/bus_numa.h b/arch/x86/pci/bus_numa.h
new file mode 100644
index 000000000000..adbc23fe82ac
--- /dev/null
+++ b/arch/x86/pci/bus_numa.h
@@ -0,0 +1,27 @@
+#ifdef CONFIG_X86_64
+
+/*
+ * sub bus (transparent) will use entres from 3 to store extra from
+ * root, so need to make sure we have enough slot there, Should we
+ * increase PCI_BUS_NUM_RESOURCES?
+ */
+#define RES_NUM 16
+struct pci_root_info {
+        char name[12];
+        unsigned int res_num;
+        struct resource res[RES_NUM];
+        int bus_min;
+        int bus_max;
+        int node;
+        int link;
+};
+
+/* 4 at this time, it may become to 32 */
+#define PCI_ROOT_NR 4
+extern int pci_root_num;
+extern struct pci_root_info pci_root_info[PCI_ROOT_NR];
+extern int found_all_numa_early;
+
+extern void update_res(struct pci_root_info *info, size_t start,
+                              size_t end, unsigned long flags, int merge);
+#endif
diff --git a/arch/x86/pci/common.c b/arch/x86/pci/common.c
index 1331fcf26143..d2552c68e94d 100644
--- a/arch/x86/pci/common.c
+++ b/arch/x86/pci/common.c
@@ -410,8 +410,6 @@ struct pci_bus * __devinit pcibios_scan_root(int busnum)
         return bus;
 }
 
-extern u8 pci_cache_line_size;
-
 int __init pcibios_init(void)
 {
         struct cpuinfo_x86 *c = &boot_cpu_data;
@@ -422,15 +420,19 @@ int __init pcibios_init(void)
         }
 
         /*
-         * Assume PCI cacheline size of 32 bytes for all x86s except K7/K8
-         * and P4. It's also good for 386/486s (which actually have 16)
+         * Set PCI cacheline size to that of the CPU if the CPU has reported it.
+         * (For older CPUs that don't support cpuid, we se it to 32 bytes
+         * It's also good for 386/486s (which actually have 16)
          * as quite a few PCI devices do not support smaller values.
          */
-        pci_cache_line_size = 32 >> 2;
-        if (c->x86 >= 6 && c->x86_vendor == X86_VENDOR_AMD)
-                pci_cache_line_size = 64 >> 2;  /* K7 & K8 */
-        else if (c->x86 > 6 && c->x86_vendor == X86_VENDOR_INTEL)
-                pci_cache_line_size = 128 >> 2; /* P4 */
+        if (c->x86_clflush_size > 0) {
+                pci_dfl_cache_line_size = c->x86_clflush_size >> 2;
+                printk(KERN_DEBUG "PCI: pci_cache_line_size set to %d bytes\n",
+                        pci_dfl_cache_line_size << 2);
+        } else {
+                pci_dfl_cache_line_size = 32 >> 2;
+                printk(KERN_DEBUG "PCI: Unknown cacheline size. Setting to 32 bytes\n");
+        }
 
         pcibios_resource_survey();
 
diff --git a/arch/x86/pci/early.c b/arch/x86/pci/early.c
index aaf26ae58cd5..d1067d539bee 100644
--- a/arch/x86/pci/early.c
+++ b/arch/x86/pci/early.c
@@ -12,8 +12,6 @@ u32 read_pci_config(u8 bus, u8 slot, u8 func, u8 offset)
         u32 v;
         outl(0x80000000 | (bus<<16) | (slot<<11) | (func<<8) | offset, 0xcf8);
         v = inl(0xcfc);
-        if (v != 0xffffffff)
-                pr_debug("%x reading 4 from %x: %x\n", slot, offset, v);
         return v;
 }
 
@@ -22,7 +20,6 @@ u8 read_pci_config_byte(u8 bus, u8 slot, u8 func, u8 offset)
         u8 v;
         outl(0x80000000 | (bus<<16) | (slot<<11) | (func<<8) | offset, 0xcf8);
         v = inb(0xcfc + (offset&3));
-        pr_debug("%x reading 1 from %x: %x\n", slot, offset, v);
         return v;
 }
 
@@ -31,28 +28,24 @@ u16 read_pci_config_16(u8 bus, u8 slot, u8 func, u8 offset)
         u16 v;
         outl(0x80000000 | (bus<<16) | (slot<<11) | (func<<8) | offset, 0xcf8);
         v = inw(0xcfc + (offset&2));
-        pr_debug("%x reading 2 from %x: %x\n", slot, offset, v);
         return v;
 }
 
 void write_pci_config(u8 bus, u8 slot, u8 func, u8 offset,
                                     u32 val)
 {
-        pr_debug("%x writing to %x: %x\n", slot, offset, val);
         outl(0x80000000 | (bus<<16) | (slot<<11) | (func<<8) | offset, 0xcf8);
         outl(val, 0xcfc);
 }
 
 void write_pci_config_byte(u8 bus, u8 slot, u8 func, u8 offset, u8 val)
 {
-        pr_debug("%x writing to %x: %x\n", slot, offset, val);
         outl(0x80000000 | (bus<<16) | (slot<<11) | (func<<8) | offset, 0xcf8);
         outb(val, 0xcfc + (offset&3));
 }
 
 void write_pci_config_16(u8 bus, u8 slot, u8 func, u8 offset, u16 val)
 {
-        pr_debug("%x writing to %x: %x\n", slot, offset, val);
         outl(0x80000000 | (bus<<16) | (slot<<11) | (func<<8) | offset, 0xcf8);
         outw(val, 0xcfc + (offset&2));
 }
diff --git a/arch/x86/pci/i386.c b/arch/x86/pci/i386.c
index b22d13b0c71d..5dc9e8c63fcd 100644
--- a/arch/x86/pci/i386.c
+++ b/arch/x86/pci/i386.c
@@ -129,7 +129,9 @@ static void __init pcibios_allocate_bus_resources(struct list_head *bus_list)
                                         continue;
                                 if (!r->start ||
                                     pci_claim_resource(dev, idx) < 0) {
-                                        dev_info(&dev->dev, "BAR %d: can't allocate resource\n", idx);
+                                        dev_info(&dev->dev,
+                                                 "can't reserve window %pR\n",
+                                                 r);
                                         /*
                                          * Something is wrong with the region.
                                          * Invalidate the resource to prevent
@@ -144,16 +146,29 @@ static void __init pcibios_allocate_bus_resources(struct list_head *bus_list)
         }
 }
 
+struct pci_check_idx_range {
+        int start;
+        int end;
+};
+
 static void __init pcibios_allocate_resources(int pass)
 {
         struct pci_dev *dev = NULL;
-        int idx, disabled;
+        int idx, disabled, i;
         u16 command;
         struct resource *r;
 
+        struct pci_check_idx_range idx_range[] = {
+                { PCI_STD_RESOURCES, PCI_STD_RESOURCE_END },
+#ifdef CONFIG_PCI_IOV
+                { PCI_IOV_RESOURCES, PCI_IOV_RESOURCE_END },
+#endif
+        };
+
         for_each_pci_dev(dev) {
                 pci_read_config_word(dev, PCI_COMMAND, &command);
-                for (idx = 0; idx < PCI_ROM_RESOURCE; idx++) {
+                for (i = 0; i < ARRAY_SIZE(idx_range); i++)
+                for (idx = idx_range[i].start; idx <= idx_range[i].end; idx++) {
                         r = &dev->resource[idx];
                         if (r->parent)          /* Already allocated */
                                 continue;
@@ -164,12 +179,12 @@ static void __init pcibios_allocate_resources(int pass)
                         else
                                 disabled = !(command & PCI_COMMAND_MEMORY);
                         if (pass == disabled) {
-                                dev_dbg(&dev->dev, "resource %#08llx-%#08llx (f=%lx, d=%d, p=%d)\n",
-                                        (unsigned long long) r->start,
-                                        (unsigned long long) r->end,
-                                        r->flags, disabled, pass);
+                                dev_dbg(&dev->dev,
+                                        "BAR %d: reserving %pr (d=%d, p=%d)\n",
+                                        idx, r, disabled, pass);
                                 if (pci_claim_resource(dev, idx) < 0) {
-                                        dev_info(&dev->dev, "BAR %d: can't allocate resource\n", idx);
+                                        dev_info(&dev->dev,
+                                                 "can't reserve %pR\n", r);
                                         /* We'll assign a new address later */
                                         r->end -= r->start;
                                         r->start = 0;
@@ -182,7 +197,7 @@ static void __init pcibios_allocate_resources(int pass)
                                 /* Turn the ROM off, leave the resource region,
                                  * but keep it unregistered. */
                                 u32 reg;
-                                dev_dbg(&dev->dev, "disabling ROM\n");
+                                dev_dbg(&dev->dev, "disabling ROM %pR\n", r);
                                 r->flags &= ~IORESOURCE_ROM_ENABLE;
                                 pci_read_config_dword(dev,
                                                 dev->rom_base_reg, &reg);
@@ -282,6 +297,15 @@ int pci_mmap_page_range(struct pci_dev *dev, struct vm_area_struct *vma,
                 return -EINVAL;
 
         prot = pgprot_val(vma->vm_page_prot);
+
+        /*
+         * Return error if pat is not enabled and write_combine is requested.
+         * Caller can followup with UC MINUS request and add a WC mtrr if there
+         * is a free mtrr slot.
+         */
+        if (!pat_enabled && write_combine)
+                return -EINVAL;
+
         if (pat_enabled && write_combine)
                 prot |= _PAGE_CACHE_WC;
         else if (pat_enabled || boot_cpu_data.x86 > 3)
diff --git a/arch/x86/pci/intel_bus.c b/arch/x86/pci/intel_bus.c
new file mode 100644
index 000000000000..b7a55dc55d13
--- /dev/null
+++ b/arch/x86/pci/intel_bus.c
@@ -0,0 +1,90 @@
+/*
+ * to read io range from IOH pci conf, need to do it after mmconfig is there
+ */
+
+#include <linux/delay.h>
+#include <linux/dmi.h>
+#include <linux/pci.h>
+#include <linux/init.h>
+#include <asm/pci_x86.h>
+
+#include "bus_numa.h"
+
+static inline void print_ioh_resources(struct pci_root_info *info)
+{
+        int res_num;
+        int busnum;
+        int i;
+
+        printk(KERN_DEBUG "IOH bus: [%02x, %02x]\n",
+                        info->bus_min, info->bus_max);
+        res_num = info->res_num;
+        busnum = info->bus_min;
+        for (i = 0; i < res_num; i++) {
+                struct resource *res;
+
+                res = &info->res[i];
+                printk(KERN_DEBUG "IOH bus: %02x index %x %s: [%llx, %llx]\n",
+                        busnum, i,
+                        (res->flags & IORESOURCE_IO) ? "io port" :
+                                                        "mmio",
+                        res->start, res->end);
+        }
+}
+
+#define IOH_LIO                 0x108
+#define IOH_LMMIOL              0x10c
+#define IOH_LMMIOH              0x110
+#define IOH_LMMIOH_BASEU        0x114
+#define IOH_LMMIOH_LIMITU       0x118
+#define IOH_LCFGBUS             0x11c
+
+static void __devinit pci_root_bus_res(struct pci_dev *dev)
+{
+        u16 word;
+        u32 dword;
+        struct pci_root_info *info;
+        u16 io_base, io_end;
+        u32 mmiol_base, mmiol_end;
+        u64 mmioh_base, mmioh_end;
+        int bus_base, bus_end;
+
+        if (pci_root_num >= PCI_ROOT_NR) {
+                printk(KERN_DEBUG "intel_bus.c: PCI_ROOT_NR is too small\n");
+                return;
+        }
+
+        info = &pci_root_info[pci_root_num];
+        pci_root_num++;
+
+        pci_read_config_word(dev, IOH_LCFGBUS, &word);
+        bus_base = (word & 0xff);
+        bus_end = (word & 0xff00) >> 8;
+        sprintf(info->name, "PCI Bus #%02x", bus_base);
+        info->bus_min = bus_base;
+        info->bus_max = bus_end;
+
+        pci_read_config_word(dev, IOH_LIO, &word);
+        io_base = (word & 0xf0) << (12 - 4);
+        io_end = (word & 0xf000) | 0xfff;
+        update_res(info, io_base, io_end, IORESOURCE_IO, 0);
+
+        pci_read_config_dword(dev, IOH_LMMIOL, &dword);
+        mmiol_base = (dword & 0xff00) << (24 - 8);
+        mmiol_end = (dword & 0xff000000) | 0xffffff;
+        update_res(info, mmiol_base, mmiol_end, IORESOURCE_MEM, 0);
+
+        pci_read_config_dword(dev, IOH_LMMIOH, &dword);
+        mmioh_base = ((u64)(dword & 0xfc00)) << (26 - 10);
+        mmioh_end = ((u64)(dword & 0xfc000000) | 0x3ffffff);
+        pci_read_config_dword(dev, IOH_LMMIOH_BASEU, &dword);
+        mmioh_base |= ((u64)(dword & 0x7ffff)) << 32;
+        pci_read_config_dword(dev, IOH_LMMIOH_LIMITU, &dword);
+        mmioh_end |= ((u64)(dword & 0x7ffff)) << 32;
+        update_res(info, mmioh_base, mmioh_end, IORESOURCE_MEM, 0);
+
+        print_ioh_resources(info);
+}
+
+/* intel IOH */
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x342e, pci_root_bus_res);
diff --git a/arch/x86/pci/mmconfig-shared.c b/arch/x86/pci/mmconfig-shared.c
index 602c172d3bd5..b19d1e54201e 100644
--- a/arch/x86/pci/mmconfig-shared.c
+++ b/arch/x86/pci/mmconfig-shared.c
@@ -15,48 +15,98 @@
 #include <linux/acpi.h>
 #include <linux/sfi_acpi.h>
 #include <linux/bitmap.h>
-#include <linux/sort.h>
+#include <linux/dmi.h>
 #include <asm/e820.h>
 #include <asm/pci_x86.h>
 #include <asm/acpi.h>
 
 #define PREFIX "PCI: "
 
-/* aperture is up to 256MB but BIOS may reserve less */
-#define MMCONFIG_APER_MIN       (2 * 1024*1024)
-#define MMCONFIG_APER_MAX       (256 * 1024*1024)
-
 /* Indicate if the mmcfg resources have been placed into the resource table. */
 static int __initdata pci_mmcfg_resources_inserted;
 
-static __init int extend_mmcfg(int num)
+LIST_HEAD(pci_mmcfg_list);
+
+static __init void pci_mmconfig_remove(struct pci_mmcfg_region *cfg)
 {
-        struct acpi_mcfg_allocation *new;
-        int new_num = pci_mmcfg_config_num + num;
+        if (cfg->res.parent)
+                release_resource(&cfg->res);
+        list_del(&cfg->list);
+        kfree(cfg);
+}
 
-        new = kzalloc(sizeof(pci_mmcfg_config[0]) * new_num, GFP_KERNEL);
-        if (!new)
-                return -1;
+static __init void free_all_mmcfg(void)
+{
+        struct pci_mmcfg_region *cfg, *tmp;
 
-        if (pci_mmcfg_config) {
-                memcpy(new, pci_mmcfg_config,
-                         sizeof(pci_mmcfg_config[0]) * new_num);
-                kfree(pci_mmcfg_config);
+        pci_mmcfg_arch_free();
+        list_for_each_entry_safe(cfg, tmp, &pci_mmcfg_list, list)
+                pci_mmconfig_remove(cfg);
+}
+
+static __init void list_add_sorted(struct pci_mmcfg_region *new)
+{
+        struct pci_mmcfg_region *cfg;
+
+        /* keep list sorted by segment and starting bus number */
+        list_for_each_entry(cfg, &pci_mmcfg_list, list) {
+                if (cfg->segment > new->segment ||
+                    (cfg->segment == new->segment &&
+                     cfg->start_bus >= new->start_bus)) {
+                        list_add_tail(&new->list, &cfg->list);
+                        return;
+                }
         }
-        pci_mmcfg_config = new;
+        list_add_tail(&new->list, &pci_mmcfg_list);
+}
 
-        return 0;
+static __init struct pci_mmcfg_region *pci_mmconfig_add(int segment, int start,
+                                                        int end, u64 addr)
+{
+        struct pci_mmcfg_region *new;
+        int num_buses;
+        struct resource *res;
+
+        if (addr == 0)
+                return NULL;
+
+        new = kzalloc(sizeof(*new), GFP_KERNEL);
+        if (!new)
+                return NULL;
+
+        new->address = addr;
+        new->segment = segment;
+        new->start_bus = start;
+        new->end_bus = end;
+
+        list_add_sorted(new);
+
+        num_buses = end - start + 1;
+        res = &new->res;
+        res->start = addr + PCI_MMCFG_BUS_OFFSET(start);
+        res->end = addr + PCI_MMCFG_BUS_OFFSET(num_buses) - 1;
+        res->flags = IORESOURCE_MEM | IORESOURCE_BUSY;
+        snprintf(new->name, PCI_MMCFG_RESOURCE_NAME_LEN,
+                 "PCI MMCONFIG %04x [bus %02x-%02x]", segment, start, end);
+        res->name = new->name;
+
+        printk(KERN_INFO PREFIX "MMCONFIG for domain %04x [bus %02x-%02x] at "
+               "%pR (base %#lx)\n", segment, start, end, &new->res,
+               (unsigned long) addr);
+
+        return new;
 }
 
-static __init void fill_one_mmcfg(u64 addr, int segment, int start, int end)
+struct pci_mmcfg_region *pci_mmconfig_lookup(int segment, int bus)
 {
-        int i = pci_mmcfg_config_num;
+        struct pci_mmcfg_region *cfg;
 
-        pci_mmcfg_config_num++;
-        pci_mmcfg_config[i].address = addr;
-        pci_mmcfg_config[i].pci_segment = segment;
-        pci_mmcfg_config[i].start_bus_number = start;
-        pci_mmcfg_config[i].end_bus_number = end;
+        list_for_each_entry(cfg, &pci_mmcfg_list, list)
+                if (cfg->segment == segment &&
+                    cfg->start_bus <= bus && bus <= cfg->end_bus)
+                        return cfg;
+
+        return NULL;
 }
 
 static const char __init *pci_mmcfg_e7520(void)
@@ -68,11 +118,9 @@ static const char __init *pci_mmcfg_e7520(void)
         if (win == 0x0000 || win == 0xf000)
                 return NULL;
 
-        if (extend_mmcfg(1) == -1)
+        if (pci_mmconfig_add(0, 0, 255, win << 16) == NULL)
                 return NULL;
 
-        fill_one_mmcfg(win << 16, 0, 0, 255);
-
         return "Intel Corporation E7520 Memory Controller Hub";
 }
 
@@ -114,11 +162,9 @@ static const char __init *pci_mmcfg_intel_945(void)
         if ((pciexbar & mask) >= 0xf0000000U)
                 return NULL;
 
-        if (extend_mmcfg(1) == -1)
+        if (pci_mmconfig_add(0, 0, (len >> 20) - 1, pciexbar & mask) == NULL)
                 return NULL;
 
-        fill_one_mmcfg(pciexbar & mask, 0, 0, (len >> 20) - 1);
-
         return "Intel Corporation 945G/GZ/P/PL Express Memory Controller Hub";
 }
 
@@ -127,7 +173,7 @@ static const char __init *pci_mmcfg_amd_fam10h(void)
         u32 low, high, address;
         u64 base, msr;
         int i;
-        unsigned segnbits = 0, busnbits;
+        unsigned segnbits = 0, busnbits, end_bus;
 
         if (!(pci_probe & PCI_CHECK_ENABLE_AMD_MMCONF))
                 return NULL;
@@ -161,11 +207,13 @@ static const char __init *pci_mmcfg_amd_fam10h(void)
                 busnbits = 8;
         }
 
-        if (extend_mmcfg(1 << segnbits) == -1)
-                return NULL;
-
+        end_bus = (1 << busnbits) - 1;
         for (i = 0; i < (1 << segnbits); i++)
-                fill_one_mmcfg(base + (1<<28) * i, i, 0, (1 << busnbits) - 1);
+                if (pci_mmconfig_add(i, 0, end_bus,
+                                     base + (1<<28) * i) == NULL) {
+                        free_all_mmcfg();
+                        return NULL;
+                }
 
         return "AMD Family 10h NB";
 }
@@ -190,7 +238,7 @@ static const char __init *pci_mmcfg_nvidia_mcp55(void)
         /*
          * do check if amd fam10h already took over
          */
-        if (!acpi_disabled || pci_mmcfg_config_num || mcp55_checked)
+        if (!acpi_disabled || !list_empty(&pci_mmcfg_list) || mcp55_checked)
                 return NULL;
 
         mcp55_checked = true;
@@ -213,16 +261,14 @@ static const char __init *pci_mmcfg_nvidia_mcp55(void)
                 if (!(extcfg & extcfg_enable_mask))
                         continue;
 
-                if (extend_mmcfg(1) == -1)
-                        continue;
-
                 size_index = (extcfg & extcfg_size_mask) >> extcfg_size_shift;
                 base = extcfg & extcfg_base_mask[size_index];
                 /* base could > 4G */
                 base <<= extcfg_base_lshift;
                 start = (extcfg & extcfg_start_mask) >> extcfg_start_shift;
                 end = start + extcfg_sizebus[size_index] - 1;
-                fill_one_mmcfg(base, 0, start, end);
+                if (pci_mmconfig_add(0, start, end, base) == NULL)
+                        continue;
                 mcp55_mmconf_found++;
         }
 
@@ -253,45 +299,27 @@ static struct pci_mmcfg_hostbridge_probe pci_mmcfg_probes[] __initdata = {
           0x0369, pci_mmcfg_nvidia_mcp55 },
 };
 
-static int __init cmp_mmcfg(const void *x1, const void *x2)
-{
-        const typeof(pci_mmcfg_config[0]) *m1 = x1;
-        const typeof(pci_mmcfg_config[0]) *m2 = x2;
-        int start1, start2;
-
-        start1 = m1->start_bus_number;
-        start2 = m2->start_bus_number;
-
-        return start1 - start2;
-}
-
 static void __init pci_mmcfg_check_end_bus_number(void)
 {
-        int i;
-        typeof(pci_mmcfg_config[0]) *cfg, *cfgx;
-
-        /* sort them at first */
-        sort(pci_mmcfg_config, pci_mmcfg_config_num,
-                 sizeof(pci_mmcfg_config[0]), cmp_mmcfg, NULL);
+        struct pci_mmcfg_region *cfg, *cfgx;
 
         /* last one*/
-        if (pci_mmcfg_config_num > 0) {
-                i = pci_mmcfg_config_num - 1;
-                cfg = &pci_mmcfg_config[i];
-                if (cfg->end_bus_number < cfg->start_bus_number)
-                        cfg->end_bus_number = 255;
-        }
+        cfg = list_entry(pci_mmcfg_list.prev, typeof(*cfg), list);
+        if (cfg)
+                if (cfg->end_bus < cfg->start_bus)
+                        cfg->end_bus = 255;
 
-        /* don't overlap please */
-        for (i = 0; i < pci_mmcfg_config_num - 1; i++) {
-                cfg = &pci_mmcfg_config[i];
-                cfgx = &pci_mmcfg_config[i+1];
+        if (list_is_singular(&pci_mmcfg_list))
+                return;
 
-                if (cfg->end_bus_number < cfg->start_bus_number)
-                        cfg->end_bus_number = 255;
+        /* don't overlap please */
+        list_for_each_entry(cfg, &pci_mmcfg_list, list) {
+                if (cfg->end_bus < cfg->start_bus)
+                        cfg->end_bus = 255;
 
-                if (cfg->end_bus_number >= cfgx->start_bus_number)
-                        cfg->end_bus_number = cfgx->start_bus_number - 1;
+                cfgx = list_entry(cfg->list.next, typeof(*cfg), list);
+                if (cfg != cfgx && cfg->end_bus >= cfgx->start_bus)
+                        cfg->end_bus = cfgx->start_bus - 1;
         }
 }
 
@@ -306,8 +334,7 @@ static int __init pci_mmcfg_check_hostbridge(void)
         if (!raw_pci_ops)
                 return 0;
 
-        pci_mmcfg_config_num = 0;
-        pci_mmcfg_config = NULL;
+        free_all_mmcfg();
 
         for (i = 0; i < ARRAY_SIZE(pci_mmcfg_probes); i++) {
                 bus =  pci_mmcfg_probes[i].bus;
@@ -322,45 +349,22 @@ static int __init pci_mmcfg_check_hostbridge(void)
                         name = pci_mmcfg_probes[i].probe();
 
                 if (name)
-                        printk(KERN_INFO "PCI: Found %s with MMCONFIG support.\n",
+                        printk(KERN_INFO PREFIX "%s with MMCONFIG support\n",
                                name);
         }
 
         /* some end_bus_number is crazy, fix it */
         pci_mmcfg_check_end_bus_number();
 
-        return pci_mmcfg_config_num != 0;
+        return !list_empty(&pci_mmcfg_list);
 }
 
 static void __init pci_mmcfg_insert_resources(void)
 {
-#define PCI_MMCFG_RESOURCE_NAME_LEN 24
-        int i;
-        struct resource *res;
-        char *names;
-        unsigned num_buses;
-
-        res = kcalloc(PCI_MMCFG_RESOURCE_NAME_LEN + sizeof(*res),
-                        pci_mmcfg_config_num, GFP_KERNEL);
-        if (!res) {
-                printk(KERN_ERR "PCI: Unable to allocate MMCONFIG resources\n");
-                return;
-        }
+        struct pci_mmcfg_region *cfg;
 
-        names = (void *)&res[pci_mmcfg_config_num];
-        for (i = 0; i < pci_mmcfg_config_num; i++, res++) {
-                struct acpi_mcfg_allocation *cfg = &pci_mmcfg_config[i];
-                num_buses = cfg->end_bus_number - cfg->start_bus_number + 1;
-                res->name = names;
-                snprintf(names, PCI_MMCFG_RESOURCE_NAME_LEN,
-                         "PCI MMCONFIG %u [%02x-%02x]", cfg->pci_segment,
-                         cfg->start_bus_number, cfg->end_bus_number);
-                res->start = cfg->address + (cfg->start_bus_number << 20);
-                res->end = res->start + (num_buses << 20) - 1;
-                res->flags = IORESOURCE_MEM | IORESOURCE_BUSY;
-                insert_resource(&iomem_resource, res);
-                names += PCI_MMCFG_RESOURCE_NAME_LEN;
-        }
+        list_for_each_entry(cfg, &pci_mmcfg_list, list)
+                insert_resource(&iomem_resource, &cfg->res);
 
         /* Mark that the resources have been inserted. */
         pci_mmcfg_resources_inserted = 1;
@@ -437,11 +441,12 @@ static int __init is_acpi_reserved(u64 start, u64 end, unsigned not_used)
 typedef int (*check_reserved_t)(u64 start, u64 end, unsigned type);
 
 static int __init is_mmconf_reserved(check_reserved_t is_reserved,
-                u64 addr, u64 size, int i,
-                typeof(pci_mmcfg_config[0]) *cfg, int with_e820)
+                                    struct pci_mmcfg_region *cfg, int with_e820)
 {
+        u64 addr = cfg->res.start;
+        u64 size = resource_size(&cfg->res);
         u64 old_size = size;
-        int valid = 0;
+        int valid = 0, num_buses;
 
         while (!is_reserved(addr, addr + size, E820_RESERVED)) {
                 size >>= 1;
@@ -450,19 +455,25 @@ static int __init is_mmconf_reserved(check_reserved_t is_reserved,
         }
 
         if (size >= (16UL<<20) || size == old_size) {
-                printk(KERN_NOTICE
-                       "PCI: MCFG area at %Lx reserved in %s\n",
-                        addr, with_e820?"E820":"ACPI motherboard resources");
+                printk(KERN_INFO PREFIX "MMCONFIG at %pR reserved in %s\n",
+                       &cfg->res,
+                       with_e820 ? "E820" : "ACPI motherboard resources");
                 valid = 1;
 
                 if (old_size != size) {
-                        /* update end_bus_number */
-                        cfg->end_bus_number = cfg->start_bus_number + ((size>>20) - 1);
-                        printk(KERN_NOTICE "PCI: updated MCFG configuration %d: base %lx "
-                               "segment %hu buses %u - %u\n",
-                               i, (unsigned long)cfg->address, cfg->pci_segment,
-                               (unsigned int)cfg->start_bus_number,
-                               (unsigned int)cfg->end_bus_number);
+                        /* update end_bus */
+                        cfg->end_bus = cfg->start_bus + ((size>>20) - 1);
+                        num_buses = cfg->end_bus - cfg->start_bus + 1;
+                        cfg->res.end = cfg->res.start +
+                            PCI_MMCFG_BUS_OFFSET(num_buses) - 1;
+                        snprintf(cfg->name, PCI_MMCFG_RESOURCE_NAME_LEN,
+                                 "PCI MMCONFIG %04x [bus %02x-%02x]",
+                                 cfg->segment, cfg->start_bus, cfg->end_bus);
+                        printk(KERN_INFO PREFIX
+                               "MMCONFIG for %04x [bus%02x-%02x] "
+                               "at %pR (base %#lx) (size reduced!)\n",
+                               cfg->segment, cfg->start_bus, cfg->end_bus,
+                               &cfg->res, (unsigned long) cfg->address);
                 }
         }
 
@@ -471,45 +482,26 @@ static int __init is_mmconf_reserved(check_reserved_t is_reserved,
 
 static void __init pci_mmcfg_reject_broken(int early)
 {
-        typeof(pci_mmcfg_config[0]) *cfg;
-        int i;
+        struct pci_mmcfg_region *cfg;
 
-        if ((pci_mmcfg_config_num == 0) ||
-            (pci_mmcfg_config == NULL) ||
-            (pci_mmcfg_config[0].address == 0))
-                return;
-
-        for (i = 0; i < pci_mmcfg_config_num; i++) {
+        list_for_each_entry(cfg, &pci_mmcfg_list, list) {
                 int valid = 0;
-                u64 addr, size;
-
-                cfg = &pci_mmcfg_config[i];
-                addr = cfg->start_bus_number;
-                addr <<= 20;
-                addr += cfg->address;
-                size = cfg->end_bus_number + 1 - cfg->start_bus_number;
-                size <<= 20;
-                printk(KERN_NOTICE "PCI: MCFG configuration %d: base %lx "
-                       "segment %hu buses %u - %u\n",
-                       i, (unsigned long)cfg->address, cfg->pci_segment,
-                       (unsigned int)cfg->start_bus_number,
-                       (unsigned int)cfg->end_bus_number);
 
                 if (!early && !acpi_disabled)
-                        valid = is_mmconf_reserved(is_acpi_reserved, addr, size, i, cfg, 0);
+                        valid = is_mmconf_reserved(is_acpi_reserved, cfg, 0);
 
                 if (valid)
                         continue;
 
                 if (!early)
-                        printk(KERN_ERR "PCI: BIOS Bug: MCFG area at %Lx is not"
-                               " reserved in ACPI motherboard resources\n",
-                               cfg->address);
+                        printk(KERN_ERR FW_BUG PREFIX
+                               "MMCONFIG at %pR not reserved in "
+                               "ACPI motherboard resources\n", &cfg->res);
 
                 /* Don't try to do this check unless configuration
                    type 1 is available. how about type 2 ?*/
                 if (raw_pci_ops)
-                        valid = is_mmconf_reserved(e820_all_mapped, addr, size, i, cfg, 1);
+                        valid = is_mmconf_reserved(e820_all_mapped, cfg, 1);
 
                 if (!valid)
                         goto reject;
@@ -518,34 +510,41 @@ static void __init pci_mmcfg_reject_broken(int early)
         return;
 
 reject:
-        printk(KERN_INFO "PCI: Not using MMCONFIG.\n");
-        pci_mmcfg_arch_free();
-        kfree(pci_mmcfg_config);
-        pci_mmcfg_config = NULL;
-        pci_mmcfg_config_num = 0;
+        printk(KERN_INFO PREFIX "not using MMCONFIG\n");
+        free_all_mmcfg();
 }
 
 static int __initdata known_bridge;
 
-static int acpi_mcfg_64bit_base_addr __initdata = FALSE;
+static int __init acpi_mcfg_check_entry(struct acpi_table_mcfg *mcfg,
+                                        struct acpi_mcfg_allocation *cfg)
+{
+        int year;
 
-/* The physical address of the MMCONFIG aperture.  Set from ACPI tables. */
-struct acpi_mcfg_allocation *pci_mmcfg_config;
-int pci_mmcfg_config_num;
+        if (cfg->address < 0xFFFFFFFF)
+                return 0;
 
-static int __init acpi_mcfg_oem_check(struct acpi_table_mcfg *mcfg)
-{
         if (!strcmp(mcfg->header.oem_id, "SGI"))
-                acpi_mcfg_64bit_base_addr = TRUE;
+                return 0;
 
-        return 0;
+        if (mcfg->header.revision >= 1) {
+                if (dmi_get_date(DMI_BIOS_DATE, &year, NULL, NULL) &&
+                    year >= 2010)
+                        return 0;
+        }
+
+        printk(KERN_ERR PREFIX "MCFG region for %04x [bus %02x-%02x] at %#llx "
+               "is above 4GB, ignored\n", cfg->pci_segment,
+               cfg->start_bus_number, cfg->end_bus_number, cfg->address);
+        return -EINVAL;
 }
 
 static int __init pci_parse_mcfg(struct acpi_table_header *header)
 {
         struct acpi_table_mcfg *mcfg;
+        struct acpi_mcfg_allocation *cfg_table, *cfg;
         unsigned long i;
-        int config_size;
+        int entries;
 
         if (!header)
                 return -EINVAL;
@@ -553,38 +552,33 @@ static int __init pci_parse_mcfg(struct acpi_table_header *header)
         mcfg = (struct acpi_table_mcfg *)header;
 
         /* how many config structures do we have */
-        pci_mmcfg_config_num = 0;
+        free_all_mmcfg();
+        entries = 0;
         i = header->length - sizeof(struct acpi_table_mcfg);
         while (i >= sizeof(struct acpi_mcfg_allocation)) {
-                ++pci_mmcfg_config_num;
+                entries++;
                 i -= sizeof(struct acpi_mcfg_allocation);
         };
-        if (pci_mmcfg_config_num == 0) {
+        if (entries == 0) {
                 printk(KERN_ERR PREFIX "MMCONFIG has no entries\n");
                 return -ENODEV;
         }
 
-        config_size = pci_mmcfg_config_num * sizeof(*pci_mmcfg_config);
-        pci_mmcfg_config = kmalloc(config_size, GFP_KERNEL);
-        if (!pci_mmcfg_config) {
-                printk(KERN_WARNING PREFIX
-                       "No memory for MCFG config tables\n");
-                return -ENOMEM;
-        }
-
-        memcpy(pci_mmcfg_config, &mcfg[1], config_size);
-
-        acpi_mcfg_oem_check(mcfg);
-
-        for (i = 0; i < pci_mmcfg_config_num; ++i) {
-                if ((pci_mmcfg_config[i].address > 0xFFFFFFFF) &&
-                    !acpi_mcfg_64bit_base_addr) {
-                        printk(KERN_ERR PREFIX
-                               "MMCONFIG not in low 4GB of memory\n");
-                        kfree(pci_mmcfg_config);
-                        pci_mmcfg_config_num = 0;
+        cfg_table = (struct acpi_mcfg_allocation *) &mcfg[1];
+        for (i = 0; i < entries; i++) {
+                cfg = &cfg_table[i];
+                if (acpi_mcfg_check_entry(mcfg, cfg)) {
+                        free_all_mmcfg();
                         return -ENODEV;
                 }
+
+                if (pci_mmconfig_add(cfg->pci_segment, cfg->start_bus_number,
+                                   cfg->end_bus_number, cfg->address) == NULL) {
+                        printk(KERN_WARNING PREFIX
+                               "no memory for MCFG entries\n");
+                        free_all_mmcfg();
+                        return -ENOMEM;
+                }
         }
 
         return 0;
@@ -614,9 +608,7 @@ static void __init __pci_mmcfg_init(int early)
 
         pci_mmcfg_reject_broken(early);
 
-        if ((pci_mmcfg_config_num == 0) ||
-            (pci_mmcfg_config == NULL) ||
-            (pci_mmcfg_config[0].address == 0))
+        if (list_empty(&pci_mmcfg_list))
                 return;
 
         if (pci_mmcfg_arch_init())
@@ -648,9 +640,7 @@ static int __init pci_mmcfg_late_insert_resources(void)
          */
         if ((pci_mmcfg_resources_inserted == 1) ||
             (pci_probe & PCI_PROBE_MMCONF) == 0 ||
-            (pci_mmcfg_config_num == 0) ||
-            (pci_mmcfg_config == NULL) ||
-            (pci_mmcfg_config[0].address == 0))
+            list_empty(&pci_mmcfg_list))
                 return 1;
 
         /*
diff --git a/arch/x86/pci/mmconfig_32.c b/arch/x86/pci/mmconfig_32.c
index f10a7e94a84c..90d5fd476ed4 100644
--- a/arch/x86/pci/mmconfig_32.c
+++ b/arch/x86/pci/mmconfig_32.c
@@ -27,18 +27,10 @@ static int mmcfg_last_accessed_cpu;
  */
 static u32 get_base_addr(unsigned int seg, int bus, unsigned devfn)
 {
-        struct acpi_mcfg_allocation *cfg;
-        int cfg_num;
-
-        for (cfg_num = 0; cfg_num < pci_mmcfg_config_num; cfg_num++) {
-                cfg = &pci_mmcfg_config[cfg_num];
-                if (cfg->pci_segment == seg &&
-                    (cfg->start_bus_number <= bus) &&
-                    (cfg->end_bus_number >= bus))
-                        return cfg->address;
-        }
+        struct pci_mmcfg_region *cfg = pci_mmconfig_lookup(seg, bus);
 
-        /* Fall back to type 0 */
+        if (cfg)
+                return cfg->address;
         return 0;
 }
 
@@ -47,7 +39,7 @@ static u32 get_base_addr(unsigned int seg, int bus, unsigned devfn)
  */
 static void pci_exp_set_dev_base(unsigned int base, int bus, int devfn)
 {
-        u32 dev_base = base | (bus << 20) | (devfn << 12);
+        u32 dev_base = base | PCI_MMCFG_BUS_OFFSET(bus) | (devfn << 12);
         int cpu = smp_processor_id();
         if (dev_base != mmcfg_last_accessed_device ||
             cpu != mmcfg_last_accessed_cpu) {
diff --git a/arch/x86/pci/mmconfig_64.c b/arch/x86/pci/mmconfig_64.c
index 94349f8b2f96..e783841bd1d7 100644
--- a/arch/x86/pci/mmconfig_64.c
+++ b/arch/x86/pci/mmconfig_64.c
@@ -12,38 +12,15 @@
 #include <asm/e820.h>
 #include <asm/pci_x86.h>
 
-/* Static virtual mapping of the MMCONFIG aperture */
-struct mmcfg_virt {
-        struct acpi_mcfg_allocation *cfg;
-        char __iomem *virt;
-};
-static struct mmcfg_virt *pci_mmcfg_virt;
-
-static char __iomem *get_virt(unsigned int seg, unsigned bus)
-{
-        struct acpi_mcfg_allocation *cfg;
-        int cfg_num;
-
-        for (cfg_num = 0; cfg_num < pci_mmcfg_config_num; cfg_num++) {
-                cfg = pci_mmcfg_virt[cfg_num].cfg;
-                if (cfg->pci_segment == seg &&
-                    (cfg->start_bus_number <= bus) &&
-                    (cfg->end_bus_number >= bus))
-                        return pci_mmcfg_virt[cfg_num].virt;
-        }
-
-        /* Fall back to type 0 */
-        return NULL;
-}
+#define PREFIX "PCI: "
 
 static char __iomem *pci_dev_base(unsigned int seg, unsigned int bus, unsigned int devfn)
 {
-        char __iomem *addr;
+        struct pci_mmcfg_region *cfg = pci_mmconfig_lookup(seg, bus);
 
-        addr = get_virt(seg, bus);
-        if (!addr)
-                return NULL;
-        return addr + ((bus << 20) | (devfn << 12));
+        if (cfg && cfg->virt)
+                return cfg->virt + (PCI_MMCFG_BUS_OFFSET(bus) | (devfn << 12));
+        return NULL;
 }
 
 static int pci_mmcfg_read(unsigned int seg, unsigned int bus,
@@ -109,42 +86,30 @@ static struct pci_raw_ops pci_mmcfg = {
         .write =        pci_mmcfg_write,
 };
 
-static void __iomem * __init mcfg_ioremap(struct acpi_mcfg_allocation *cfg)
+static void __iomem * __init mcfg_ioremap(struct pci_mmcfg_region *cfg)
 {
         void __iomem *addr;
         u64 start, size;
+        int num_buses;
 
-        start = cfg->start_bus_number;
-        start <<= 20;
-        start += cfg->address;
-        size = cfg->end_bus_number + 1 - cfg->start_bus_number;
-        size <<= 20;
+        start = cfg->address + PCI_MMCFG_BUS_OFFSET(cfg->start_bus);
+        num_buses = cfg->end_bus - cfg->start_bus + 1;
+        size = PCI_MMCFG_BUS_OFFSET(num_buses);
         addr = ioremap_nocache(start, size);
-        if (addr) {
-                printk(KERN_INFO "PCI: Using MMCONFIG at %Lx - %Lx\n",
-                       start, start + size - 1);
-                addr -= cfg->start_bus_number << 20;
-        }
+        if (addr)
+                addr -= PCI_MMCFG_BUS_OFFSET(cfg->start_bus);
         return addr;
 }
 
 int __init pci_mmcfg_arch_init(void)
 {
-        int i;
-        pci_mmcfg_virt = kzalloc(sizeof(*pci_mmcfg_virt) *
-                                 pci_mmcfg_config_num, GFP_KERNEL);
-        if (pci_mmcfg_virt == NULL) {
-                printk(KERN_ERR "PCI: Can not allocate memory for mmconfig structures\n");
-                return 0;
-        }
+        struct pci_mmcfg_region *cfg;
 
-        for (i = 0; i < pci_mmcfg_config_num; ++i) {
-                pci_mmcfg_virt[i].cfg = &pci_mmcfg_config[i];
-                pci_mmcfg_virt[i].virt = mcfg_ioremap(&pci_mmcfg_config[i]);
-                if (!pci_mmcfg_virt[i].virt) {
-                        printk(KERN_ERR "PCI: Cannot map mmconfig aperture for "
-                                        "segment %d\n",
-                                pci_mmcfg_config[i].pci_segment);
+        list_for_each_entry(cfg, &pci_mmcfg_list, list) {
+                cfg->virt = mcfg_ioremap(cfg);
+                if (!cfg->virt) {
+                        printk(KERN_ERR PREFIX "can't map MMCONFIG at %pR\n",
+                               &cfg->res);
                         pci_mmcfg_arch_free();
                         return 0;
                 }
@@ -155,19 +120,12 @@ int __init pci_mmcfg_arch_init(void)
 
 void __init pci_mmcfg_arch_free(void)
 {
-        int i;
-
-        if (pci_mmcfg_virt == NULL)
-                return;
+        struct pci_mmcfg_region *cfg;
 
-        for (i = 0; i < pci_mmcfg_config_num; ++i) {
-                if (pci_mmcfg_virt[i].virt) {
-                        iounmap(pci_mmcfg_virt[i].virt + (pci_mmcfg_virt[i].cfg->start_bus_number << 20));
-                        pci_mmcfg_virt[i].virt = NULL;
-                        pci_mmcfg_virt[i].cfg = NULL;
+        list_for_each_entry(cfg, &pci_mmcfg_list, list) {
+                if (cfg->virt) {
+                        iounmap(cfg->virt + PCI_MMCFG_BUS_OFFSET(cfg->start_bus));
+                        cfg->virt = NULL;
                 }
         }
-
-        kfree(pci_mmcfg_virt);
-        pci_mmcfg_virt = NULL;
 }
diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c
index 8aa85f17667e..0a979f3e5b8a 100644
--- a/arch/x86/power/cpu.c
+++ b/arch/x86/power/cpu.c
@@ -18,6 +18,7 @@
 #include <asm/mce.h>
 #include <asm/xcr.h>
 #include <asm/suspend.h>
+#include <asm/debugreg.h>
 
 #ifdef CONFIG_X86_32
 static struct saved_context saved_context;
@@ -142,31 +143,6 @@ static void fix_processor_context(void)
 #endif
         load_TR_desc();                         /* This does ltr */
         load_LDT(&current->active_mm->context); /* This does lldt */
-
-        /*
-         * Now maybe reload the debug registers
-         */
-        if (current->thread.debugreg7) {
-#ifdef CONFIG_X86_32
-                set_debugreg(current->thread.debugreg0, 0);
-                set_debugreg(current->thread.debugreg1, 1);
-                set_debugreg(current->thread.debugreg2, 2);
-                set_debugreg(current->thread.debugreg3, 3);
-                /* no 4 and 5 */
-                set_debugreg(current->thread.debugreg6, 6);
-                set_debugreg(current->thread.debugreg7, 7);
-#else
-                /* CONFIG_X86_64 */
-                loaddebug(&current->thread, 0);
-                loaddebug(&current->thread, 1);
-                loaddebug(&current->thread, 2);
-                loaddebug(&current->thread, 3);
-                /* no 4 and 5 */
-                loaddebug(&current->thread, 6);
-                loaddebug(&current->thread, 7);
-#endif
-        }
-
 }
 
 /**
diff --git a/arch/x86/tools/Makefile b/arch/x86/tools/Makefile
new file mode 100644
index 000000000000..f82082677337
--- /dev/null
+++ b/arch/x86/tools/Makefile
@@ -0,0 +1,31 @@
+PHONY += posttest
+
+ifeq ($(KBUILD_VERBOSE),1)
+  posttest_verbose = -v
+else
+  posttest_verbose =
+endif
+
+ifeq ($(CONFIG_64BIT),y)
+  posttest_64bit = -y
+else
+  posttest_64bit = -n
+endif
+
+distill_awk = $(srctree)/arch/x86/tools/distill.awk
+chkobjdump = $(srctree)/arch/x86/tools/chkobjdump.awk
+
+quiet_cmd_posttest = TEST    $@
+      cmd_posttest = ($(OBJDUMP) -v | $(AWK) -f $(chkobjdump)) || $(OBJDUMP) -d -j .text $(objtree)/vmlinux | $(AWK) -f $(distill_awk) | $(obj)/test_get_len $(posttest_64bit) $(posttest_verbose)
+
+posttest: $(obj)/test_get_len vmlinux
+        $(call cmd,posttest)
+
+hostprogs-y     := test_get_len
+
+# -I needed for generated C source and C source which in the kernel tree.
+HOSTCFLAGS_test_get_len.o := -Wall -I$(objtree)/arch/x86/lib/ -I$(srctree)/arch/x86/include/ -I$(srctree)/arch/x86/lib/ -I$(srctree)/include/
+
+# Dependencies are also needed.
+$(obj)/test_get_len.o: $(srctree)/arch/x86/lib/insn.c $(srctree)/arch/x86/lib/inat.c $(srctree)/arch/x86/include/asm/inat_types.h $(srctree)/arch/x86/include/asm/inat.h $(srctree)/arch/x86/include/asm/insn.h $(objtree)/arch/x86/lib/inat-tables.c
+
diff --git a/arch/x86/tools/chkobjdump.awk b/arch/x86/tools/chkobjdump.awk
new file mode 100644
index 000000000000..fd1ab80be0de
--- /dev/null
+++ b/arch/x86/tools/chkobjdump.awk
@@ -0,0 +1,33 @@
+# GNU objdump version checker
+#
+# Usage:
+# objdump -v | awk -f chkobjdump.awk
+BEGIN {
+        # objdump version 2.19 or later is OK for the test.
+        od_ver = 2;
+        od_sver = 19;
+}
+
+/^GNU objdump/ {
+        verstr = ""
+        for (i = 3; i <= NF; i++)
+                if (match($(i), "^[0-9]")) {
+                        verstr = $(i);
+                        break;
+                }
+        if (verstr == "") {
+                printf("Warning: Failed to find objdump version number.\n");
+                exit 0;
+        }
+        split(verstr, ver, ".");
+        if (ver[1] > od_ver ||
+            (ver[1] == od_ver && ver[2] >= od_sver)) {
+                exit 1;
+        } else {
+                printf("Warning: objdump version %s is older than %d.%d\n",
+                       verstr, od_ver, od_sver);
+                print("Warning: Skipping posttest.");
+                # Logic is inverted, because we just skip test without error.
+                exit 0;
+        }
+}
diff --git a/arch/x86/tools/distill.awk b/arch/x86/tools/distill.awk
new file mode 100644
index 000000000000..c13c0ee48ab4
--- /dev/null
+++ b/arch/x86/tools/distill.awk
@@ -0,0 +1,47 @@
+#!/bin/awk -f
+# Usage: objdump -d a.out | awk -f distill.awk | ./test_get_len
+# Distills the disassembly as follows:
+# - Removes all lines except the disassembled instructions.
+# - For instructions that exceed 1 line (7 bytes), crams all the hex bytes
+# into a single line.
+# - Remove bad(or prefix only) instructions
+
+BEGIN {
+        prev_addr = ""
+        prev_hex = ""
+        prev_mnemonic = ""
+        bad_expr = "(\\(bad\\)|^rex|^.byte|^rep(z|nz)$|^lock$|^es$|^cs$|^ss$|^ds$|^fs$|^gs$|^data(16|32)$|^addr(16|32|64))"
+        fwait_expr = "^9b "
+        fwait_str="9b\tfwait"
+}
+
+/^ *[0-9a-f]+ <[^>]*>:/ {
+        # Symbol entry
+        printf("%s%s\n", $2, $1)
+}
+
+/^ *[0-9a-f]+:/ {
+        if (split($0, field, "\t") < 3) {
+                # This is a continuation of the same insn.
+                prev_hex = prev_hex field[2]
+        } else {
+                # Skip bad instructions
+                if (match(prev_mnemonic, bad_expr))
+                        prev_addr = ""
+                # Split fwait from other f* instructions
+                if (match(prev_hex, fwait_expr) && prev_mnemonic != "fwait") {
+                        printf "%s\t%s\n", prev_addr, fwait_str
+                        sub(fwait_expr, "", prev_hex)
+                }
+                if (prev_addr != "")
+                        printf "%s\t%s\t%s\n", prev_addr, prev_hex, prev_mnemonic
+                prev_addr = field[1]
+                prev_hex = field[2]
+                prev_mnemonic = field[3]
+        }
+}
+
+END {
+        if (prev_addr != "")
+                printf "%s\t%s\t%s\n", prev_addr, prev_hex, prev_mnemonic
+}
diff --git a/arch/x86/tools/gen-insn-attr-x86.awk b/arch/x86/tools/gen-insn-attr-x86.awk
new file mode 100644
index 000000000000..eaf11f52fc0b
--- /dev/null
+++ b/arch/x86/tools/gen-insn-attr-x86.awk
@@ -0,0 +1,378 @@
+#!/bin/awk -f
+# gen-insn-attr-x86.awk: Instruction attribute table generator
+# Written by Masami Hiramatsu <mhiramat@redhat.com>
+#
+# Usage: awk -f gen-insn-attr-x86.awk x86-opcode-map.txt > inat-tables.c
+
+# Awk implementation sanity check
+function check_awk_implement() {
+        if (sprintf("%x", 0) != "0")
+                return "Your awk has a printf-format problem."
+        return ""
+}
+
+# Clear working vars
+function clear_vars() {
+        delete table
+        delete lptable2
+        delete lptable1
+        delete lptable3
+        eid = -1 # escape id
+        gid = -1 # group id
+        aid = -1 # AVX id
+        tname = ""
+}
+
+BEGIN {
+        # Implementation error checking
+        awkchecked = check_awk_implement()
+        if (awkchecked != "") {
+                print "Error: " awkchecked > "/dev/stderr"
+                print "Please try to use gawk." > "/dev/stderr"
+                exit 1
+        }
+
+        # Setup generating tables
+        print "/* x86 opcode map generated from x86-opcode-map.txt */"
+        print "/* Do not change this code. */\n"
+        ggid = 1
+        geid = 1
+        gaid = 0
+        delete etable
+        delete gtable
+        delete atable
+
+        opnd_expr = "^[A-Za-z/]"
+        ext_expr = "^\\("
+        sep_expr = "^\\|$"
+        group_expr = "^Grp[0-9A-Za-z]+"
+
+        imm_expr = "^[IJAO][a-z]"
+        imm_flag["Ib"] = "INAT_MAKE_IMM(INAT_IMM_BYTE)"
+        imm_flag["Jb"] = "INAT_MAKE_IMM(INAT_IMM_BYTE)"
+        imm_flag["Iw"] = "INAT_MAKE_IMM(INAT_IMM_WORD)"
+        imm_flag["Id"] = "INAT_MAKE_IMM(INAT_IMM_DWORD)"
+        imm_flag["Iq"] = "INAT_MAKE_IMM(INAT_IMM_QWORD)"
+        imm_flag["Ap"] = "INAT_MAKE_IMM(INAT_IMM_PTR)"
+        imm_flag["Iz"] = "INAT_MAKE_IMM(INAT_IMM_VWORD32)"
+        imm_flag["Jz"] = "INAT_MAKE_IMM(INAT_IMM_VWORD32)"
+        imm_flag["Iv"] = "INAT_MAKE_IMM(INAT_IMM_VWORD)"
+        imm_flag["Ob"] = "INAT_MOFFSET"
+        imm_flag["Ov"] = "INAT_MOFFSET"
+
+        modrm_expr = "^([CDEGMNPQRSUVW/][a-z]+|NTA|T[012])"
+        force64_expr = "\\([df]64\\)"
+        rex_expr = "^REX(\\.[XRWB]+)*"
+        fpu_expr = "^ESC" # TODO
+
+        lprefix1_expr = "\\(66\\)"
+        lprefix2_expr = "\\(F3\\)"
+        lprefix3_expr = "\\(F2\\)"
+        max_lprefix = 4
+
+        vexok_expr = "\\(VEX\\)"
+        vexonly_expr = "\\(oVEX\\)"
+
+        prefix_expr = "\\(Prefix\\)"
+        prefix_num["Operand-Size"] = "INAT_PFX_OPNDSZ"
+        prefix_num["REPNE"] = "INAT_PFX_REPNE"
+        prefix_num["REP/REPE"] = "INAT_PFX_REPE"
+        prefix_num["LOCK"] = "INAT_PFX_LOCK"
+        prefix_num["SEG=CS"] = "INAT_PFX_CS"
+        prefix_num["SEG=DS"] = "INAT_PFX_DS"
+        prefix_num["SEG=ES"] = "INAT_PFX_ES"
+        prefix_num["SEG=FS"] = "INAT_PFX_FS"
+        prefix_num["SEG=GS"] = "INAT_PFX_GS"
+        prefix_num["SEG=SS"] = "INAT_PFX_SS"
+        prefix_num["Address-Size"] = "INAT_PFX_ADDRSZ"
+        prefix_num["2bytes-VEX"] = "INAT_PFX_VEX2"
+        prefix_num["3bytes-VEX"] = "INAT_PFX_VEX3"
+
+        clear_vars()
+}
+
+function semantic_error(msg) {
+        print "Semantic error at " NR ": " msg > "/dev/stderr"
+        exit 1
+}
+
+function debug(msg) {
+        print "DEBUG: " msg
+}
+
+function array_size(arr,   i,c) {
+        c = 0
+        for (i in arr)
+                c++
+        return c
+}
+
+/^Table:/ {
+        print "/* " $0 " */"
+        if (tname != "")
+                semantic_error("Hit Table: before EndTable:.");
+}
+
+/^Referrer:/ {
+        if (NF != 1) {
+                # escape opcode table
+                ref = ""
+                for (i = 2; i <= NF; i++)
+                        ref = ref $i
+                eid = escape[ref]
+                tname = sprintf("inat_escape_table_%d", eid)
+        }
+}
+
+/^AVXcode:/ {
+        if (NF != 1) {
+                # AVX/escape opcode table
+                aid = $2
+                if (gaid <= aid)
+                        gaid = aid + 1
+                if (tname == "")        # AVX only opcode table
+                        tname = sprintf("inat_avx_table_%d", $2)
+        }
+        if (aid == -1 && eid == -1)     # primary opcode table
+                tname = "inat_primary_table"
+}
+
+/^GrpTable:/ {
+        print "/* " $0 " */"
+        if (!($2 in group))
+                semantic_error("No group: " $2 )
+        gid = group[$2]
+        tname = "inat_group_table_" gid
+}
+
+function print_table(tbl,name,fmt,n)
+{
+        print "const insn_attr_t " name " = {"
+        for (i = 0; i < n; i++) {
+                id = sprintf(fmt, i)
+                if (tbl[id])
+                        print " [" id "] = " tbl[id] ","
+        }
+        print "};"
+}
+
+/^EndTable/ {
+        if (gid != -1) {
+                # print group tables
+                if (array_size(table) != 0) {
+                        print_table(table, tname "[INAT_GROUP_TABLE_SIZE]",
+                                    "0x%x", 8)
+                        gtable[gid,0] = tname
+                }
+                if (array_size(lptable1) != 0) {
+                        print_table(lptable1, tname "_1[INAT_GROUP_TABLE_SIZE]",
+                                    "0x%x", 8)
+                        gtable[gid,1] = tname "_1"
+                }
+                if (array_size(lptable2) != 0) {
+                        print_table(lptable2, tname "_2[INAT_GROUP_TABLE_SIZE]",
+                                    "0x%x", 8)
+                        gtable[gid,2] = tname "_2"
+                }
+                if (array_size(lptable3) != 0) {
+                        print_table(lptable3, tname "_3[INAT_GROUP_TABLE_SIZE]",
+                                    "0x%x", 8)
+                        gtable[gid,3] = tname "_3"
+                }
+        } else {
+                # print primary/escaped tables
+                if (array_size(table) != 0) {
+                        print_table(table, tname "[INAT_OPCODE_TABLE_SIZE]",
+                                    "0x%02x", 256)
+                        etable[eid,0] = tname
+                        if (aid >= 0)
+                                atable[aid,0] = tname
+                }
+                if (array_size(lptable1) != 0) {
+                        print_table(lptable1,tname "_1[INAT_OPCODE_TABLE_SIZE]",
+                                    "0x%02x", 256)
+                        etable[eid,1] = tname "_1"
+                        if (aid >= 0)
+                                atable[aid,1] = tname "_1"
+                }
+                if (array_size(lptable2) != 0) {
+                        print_table(lptable2,tname "_2[INAT_OPCODE_TABLE_SIZE]",
+                                    "0x%02x", 256)
+                        etable[eid,2] = tname "_2"
+                        if (aid >= 0)
+                                atable[aid,2] = tname "_2"
+                }
+                if (array_size(lptable3) != 0) {
+                        print_table(lptable3,tname "_3[INAT_OPCODE_TABLE_SIZE]",
+                                    "0x%02x", 256)
+                        etable[eid,3] = tname "_3"
+                        if (aid >= 0)
+                                atable[aid,3] = tname "_3"
+                }
+        }
+        print ""
+        clear_vars()
+}
+
+function add_flags(old,new) {
+        if (old && new)
+                return old " | " new
+        else if (old)
+                return old
+        else
+                return new
+}
+
+# convert operands to flags.
+function convert_operands(count,opnd,       i,j,imm,mod)
+{
+        imm = null
+        mod = null
+        for (j = 1; j <= count; j++) {
+                i = opnd[j]
+                if (match(i, imm_expr) == 1) {
+                        if (!imm_flag[i])
+                                semantic_error("Unknown imm opnd: " i)
+                        if (imm) {
+                                if (i != "Ib")
+                                        semantic_error("Second IMM error")
+                                imm = add_flags(imm, "INAT_SCNDIMM")
+                        } else
+                                imm = imm_flag[i]
+                } else if (match(i, modrm_expr))
+                        mod = "INAT_MODRM"
+        }
+        return add_flags(imm, mod)
+}
+
+/^[0-9a-f]+\:/ {
+        if (NR == 1)
+                next
+        # get index
+        idx = "0x" substr($1, 1, index($1,":") - 1)
+        if (idx in table)
+                semantic_error("Redefine " idx " in " tname)
+
+        # check if escaped opcode
+        if ("escape" == $2) {
+                if ($3 != "#")
+                        semantic_error("No escaped name")
+                ref = ""
+                for (i = 4; i <= NF; i++)
+                        ref = ref $i
+                if (ref in escape)
+                        semantic_error("Redefine escape (" ref ")")
+                escape[ref] = geid
+                geid++
+                table[idx] = "INAT_MAKE_ESCAPE(" escape[ref] ")"
+                next
+        }
+
+        variant = null
+        # converts
+        i = 2
+        while (i <= NF) {
+                opcode = $(i++)
+                delete opnds
+                ext = null
+                flags = null
+                opnd = null
+                # parse one opcode
+                if (match($i, opnd_expr)) {
+                        opnd = $i
+                        count = split($(i++), opnds, ",")
+                        flags = convert_operands(count, opnds)
+                }
+                if (match($i, ext_expr))
+                        ext = $(i++)
+                if (match($i, sep_expr))
+                        i++
+                else if (i < NF)
+                        semantic_error($i " is not a separator")
+
+                # check if group opcode
+                if (match(opcode, group_expr)) {
+                        if (!(opcode in group)) {
+                                group[opcode] = ggid
+                                ggid++
+                        }
+                        flags = add_flags(flags, "INAT_MAKE_GROUP(" group[opcode] ")")
+                }
+                # check force(or default) 64bit
+                if (match(ext, force64_expr))
+                        flags = add_flags(flags, "INAT_FORCE64")
+
+                # check REX prefix
+                if (match(opcode, rex_expr))
+                        flags = add_flags(flags, "INAT_MAKE_PREFIX(INAT_PFX_REX)")
+
+                # check coprocessor escape : TODO
+                if (match(opcode, fpu_expr))
+                        flags = add_flags(flags, "INAT_MODRM")
+
+                # check VEX only code
+                if (match(ext, vexonly_expr))
+                        flags = add_flags(flags, "INAT_VEXOK | INAT_VEXONLY")
+
+                # check VEX only code
+                if (match(ext, vexok_expr))
+                        flags = add_flags(flags, "INAT_VEXOK")
+
+                # check prefixes
+                if (match(ext, prefix_expr)) {
+                        if (!prefix_num[opcode])
+                                semantic_error("Unknown prefix: " opcode)
+                        flags = add_flags(flags, "INAT_MAKE_PREFIX(" prefix_num[opcode] ")")
+                }
+                if (length(flags) == 0)
+                        continue
+                # check if last prefix
+                if (match(ext, lprefix1_expr)) {
+                        lptable1[idx] = add_flags(lptable1[idx],flags)
+                        variant = "INAT_VARIANT"
+                } else if (match(ext, lprefix2_expr)) {
+                        lptable2[idx] = add_flags(lptable2[idx],flags)
+                        variant = "INAT_VARIANT"
+                } else if (match(ext, lprefix3_expr)) {
+                        lptable3[idx] = add_flags(lptable3[idx],flags)
+                        variant = "INAT_VARIANT"
+                } else {
+                        table[idx] = add_flags(table[idx],flags)
+                }
+        }
+        if (variant)
+                table[idx] = add_flags(table[idx],variant)
+}
+
+END {
+        if (awkchecked != "")
+                exit 1
+        # print escape opcode map's array
+        print "/* Escape opcode map array */"
+        print "const insn_attr_t const *inat_escape_tables[INAT_ESC_MAX + 1]" \
+              "[INAT_LSTPFX_MAX + 1] = {"
+        for (i = 0; i < geid; i++)
+                for (j = 0; j < max_lprefix; j++)
+                        if (etable[i,j])
+                                print " ["i"]["j"] = "etable[i,j]","
+        print "};\n"
+        # print group opcode map's array
+        print "/* Group opcode map array */"
+        print "const insn_attr_t const *inat_group_tables[INAT_GRP_MAX + 1]"\
+              "[INAT_LSTPFX_MAX + 1] = {"
+        for (i = 0; i < ggid; i++)
+                for (j = 0; j < max_lprefix; j++)
+                        if (gtable[i,j])
+                                print " ["i"]["j"] = "gtable[i,j]","
+        print "};\n"
+        # print AVX opcode map's array
+        print "/* AVX opcode map array */"
+        print "const insn_attr_t const *inat_avx_tables[X86_VEX_M_MAX + 1]"\
+              "[INAT_LSTPFX_MAX + 1] = {"
+        for (i = 0; i < gaid; i++)
+                for (j = 0; j < max_lprefix; j++)
+                        if (atable[i,j])
+                                print " ["i"]["j"] = "atable[i,j]","
+        print "};"
+}
+
diff --git a/arch/x86/tools/test_get_len.c b/arch/x86/tools/test_get_len.c
new file mode 100644
index 000000000000..bee8d6ac2691
--- /dev/null
+++ b/arch/x86/tools/test_get_len.c
@@ -0,0 +1,173 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Copyright (C) IBM Corporation, 2009
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include <unistd.h>
+
+#define unlikely(cond) (cond)
+
+#include <asm/insn.h>
+#include <inat.c>
+#include <insn.c>
+
+/*
+ * Test of instruction analysis in general and insn_get_length() in
+ * particular.  See if insn_get_length() and the disassembler agree
+ * on the length of each instruction in an elf disassembly.
+ *
+ * Usage: objdump -d a.out | awk -f distill.awk | ./test_get_len
+ */
+
+const char *prog;
+static int verbose;
+static int x86_64;
+
+static void usage(void)
+{
+        fprintf(stderr, "Usage: objdump -d a.out | awk -f distill.awk |"
+                " %s [-y|-n] [-v] \n", prog);
+        fprintf(stderr, "\t-y   64bit mode\n");
+        fprintf(stderr, "\t-n   32bit mode\n");
+        fprintf(stderr, "\t-v   verbose mode\n");
+        exit(1);
+}
+
+static void malformed_line(const char *line, int line_nr)
+{
+        fprintf(stderr, "%s: malformed line %d:\n%s", prog, line_nr, line);
+        exit(3);
+}
+
+static void dump_field(FILE *fp, const char *name, const char *indent,
+                       struct insn_field *field)
+{
+        fprintf(fp, "%s.%s = {\n", indent, name);
+        fprintf(fp, "%s\t.value = %d, bytes[] = {%x, %x, %x, %x},\n",
+                indent, field->value, field->bytes[0], field->bytes[1],
+                field->bytes[2], field->bytes[3]);
+        fprintf(fp, "%s\t.got = %d, .nbytes = %d},\n", indent,
+                field->got, field->nbytes);
+}
+
+static void dump_insn(FILE *fp, struct insn *insn)
+{
+        fprintf(fp, "Instruction = { \n");
+        dump_field(fp, "prefixes", "\t",        &insn->prefixes);
+        dump_field(fp, "rex_prefix", "\t",      &insn->rex_prefix);
+        dump_field(fp, "vex_prefix", "\t",      &insn->vex_prefix);
+        dump_field(fp, "opcode", "\t",          &insn->opcode);
+        dump_field(fp, "modrm", "\t",           &insn->modrm);
+        dump_field(fp, "sib", "\t",             &insn->sib);
+        dump_field(fp, "displacement", "\t",    &insn->displacement);
+        dump_field(fp, "immediate1", "\t",      &insn->immediate1);
+        dump_field(fp, "immediate2", "\t",      &insn->immediate2);
+        fprintf(fp, "\t.attr = %x, .opnd_bytes = %d, .addr_bytes = %d,\n",
+                insn->attr, insn->opnd_bytes, insn->addr_bytes);
+        fprintf(fp, "\t.length = %d, .x86_64 = %d, .kaddr = %p}\n",
+                insn->length, insn->x86_64, insn->kaddr);
+}
+
+static void parse_args(int argc, char **argv)
+{
+        int c;
+        prog = argv[0];
+        while ((c = getopt(argc, argv, "ynv")) != -1) {
+                switch (c) {
+                case 'y':
+                        x86_64 = 1;
+                        break;
+                case 'n':
+                        x86_64 = 0;
+                        break;
+                case 'v':
+                        verbose = 1;
+                        break;
+                default:
+                        usage();
+                }
+        }
+}
+
+#define BUFSIZE 256
+
+int main(int argc, char **argv)
+{
+        char line[BUFSIZE], sym[BUFSIZE] = "<unknown>";
+        unsigned char insn_buf[16];
+        struct insn insn;
+        int insns = 0;
+        int warnings = 0;
+
+        parse_args(argc, argv);
+
+        while (fgets(line, BUFSIZE, stdin)) {
+                char copy[BUFSIZE], *s, *tab1, *tab2;
+                int nb = 0;
+                unsigned int b;
+
+                if (line[0] == '<') {
+                        /* Symbol line */
+                        strcpy(sym, line);
+                        continue;
+                }
+
+                insns++;
+                memset(insn_buf, 0, 16);
+                strcpy(copy, line);
+                tab1 = strchr(copy, '\t');
+                if (!tab1)
+                        malformed_line(line, insns);
+                s = tab1 + 1;
+                s += strspn(s, " ");
+                tab2 = strchr(s, '\t');
+                if (!tab2)
+                        malformed_line(line, insns);
+                *tab2 = '\0';   /* Characters beyond tab2 aren't examined */
+                while (s < tab2) {
+                        if (sscanf(s, "%x", &b) == 1) {
+                                insn_buf[nb++] = (unsigned char) b;
+                                s += 3;
+                        } else
+                                break;
+                }
+                /* Decode an instruction */
+                insn_init(&insn, insn_buf, x86_64);
+                insn_get_length(&insn);
+                if (insn.length != nb) {
+                        warnings++;
+                        fprintf(stderr, "Warning: %s found difference at %s\n",
+                                prog, sym);
+                        fprintf(stderr, "Warning: %s", line);
+                        fprintf(stderr, "Warning: objdump says %d bytes, but "
+                                "insn_get_length() says %d\n", nb,
+                                insn.length);
+                        if (verbose)
+                                dump_insn(stderr, &insn);
+                }
+        }
+        if (warnings)
+                fprintf(stderr, "Warning: decoded and checked %d"
+                        " instructions with %d warnings\n", insns, warnings);
+        else
+                fprintf(stderr, "Succeed: decoded and checked %d"
+                        " instructions\n", insns);
+        return 0;
+}
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
index 58bc00f68b12..02b442e92007 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -393,7 +393,6 @@ static ctl_table abi_table2[] = {
 
 static ctl_table abi_root_table2[] = {
         {
-                .ctl_name = CTL_ABI,
                 .procname = "abi",
                 .mode = 0555,
                 .child = abi_table2
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 3439616d69f1..2b26dd5930c6 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -27,7 +27,9 @@
 #include <linux/page-flags.h>
 #include <linux/highmem.h>
 #include <linux/console.h>
+#include <linux/pci.h>
 
+#include <xen/xen.h>
 #include <xen/interface/xen.h>
 #include <xen/interface/version.h>
 #include <xen/interface/physdev.h>
@@ -138,24 +140,23 @@ static void xen_vcpu_setup(int cpu)
  */
 void xen_vcpu_restore(void)
 {
-        if (have_vcpu_info_placement) {
-                int cpu;
+        int cpu;
 
-                for_each_online_cpu(cpu) {
-                        bool other_cpu = (cpu != smp_processor_id());
+        for_each_online_cpu(cpu) {
+                bool other_cpu = (cpu != smp_processor_id());
 
-                        if (other_cpu &&
-                            HYPERVISOR_vcpu_op(VCPUOP_down, cpu, NULL))
-                                BUG();
+                if (other_cpu &&
+                    HYPERVISOR_vcpu_op(VCPUOP_down, cpu, NULL))
+                        BUG();
 
-                        xen_vcpu_setup(cpu);
+                xen_setup_runstate_info(cpu);
 
-                        if (other_cpu &&
-                            HYPERVISOR_vcpu_op(VCPUOP_up, cpu, NULL))
-                                BUG();
-                }
+                if (have_vcpu_info_placement)
+                        xen_vcpu_setup(cpu);
 
-                BUG_ON(!have_vcpu_info_placement);
+                if (other_cpu &&
+                    HYPERVISOR_vcpu_op(VCPUOP_up, cpu, NULL))
+                        BUG();
         }
 }
 
@@ -178,6 +179,7 @@ static __read_mostly unsigned int cpuid_leaf1_ecx_mask = ~0;
 static void xen_cpuid(unsigned int *ax, unsigned int *bx,
                       unsigned int *cx, unsigned int *dx)
 {
+        unsigned maskebx = ~0;
         unsigned maskecx = ~0;
         unsigned maskedx = ~0;
 
@@ -185,9 +187,16 @@ static void xen_cpuid(unsigned int *ax, unsigned int *bx,
          * Mask out inconvenient features, to try and disable as many
          * unsupported kernel subsystems as possible.
          */
-        if (*ax == 1) {
+        switch (*ax) {
+        case 1:
                 maskecx = cpuid_leaf1_ecx_mask;
                 maskedx = cpuid_leaf1_edx_mask;
+                break;
+
+        case 0xb:
+                /* Suppress extended topology stuff */
+                maskebx = 0;
+                break;
         }
 
         asm(XEN_EMULATE_PREFIX "cpuid"
@@ -197,6 +206,7 @@ static void xen_cpuid(unsigned int *ax, unsigned int *bx,
                   "=d" (*dx)
                 : "0" (*ax), "2" (*cx));
 
+        *bx &= maskebx;
         *cx &= maskecx;
         *dx &= maskedx;
 }
@@ -1075,6 +1085,8 @@ asmlinkage void __init xen_start_kernel(void)
          * Set up some pagetable state before starting to set any ptes.
          */
 
+        xen_init_mmu_ops();
+
         /* Prevent unwanted bits from being set in PTEs. */
         __supported_pte_mask &= ~_PAGE_GLOBAL;
         if (!xen_initial_domain())
@@ -1082,10 +1094,8 @@ asmlinkage void __init xen_start_kernel(void)
 
         __supported_pte_mask |= _PAGE_IOMAP;
 
-#ifdef CONFIG_X86_64
         /* Work out if we support NX */
-        check_efer();
-#endif
+        x86_configure_nx();
 
         xen_setup_features();
 
@@ -1099,7 +1109,6 @@ asmlinkage void __init xen_start_kernel(void)
          */
         xen_setup_stackprotector();
 
-        xen_init_mmu_ops();
         xen_init_irq_ops();
         xen_init_cpuid_mask();
 
@@ -1168,10 +1177,16 @@ asmlinkage void __init xen_start_kernel(void)
                 add_preferred_console("xenboot", 0, NULL);
                 add_preferred_console("tty", 0, NULL);
                 add_preferred_console("hvc", 0, NULL);
+        } else {
+                /* Make sure ACS will be enabled */
+                pci_request_acs();
         }
+                
 
         xen_raw_console_write("about to get started...\n");
 
+        xen_setup_runstate_info(0);
+
         /* Start the world */
 #ifdef CONFIG_X86_32
         i386_start_kernel();
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 3bf7b1d250ce..bf4cd6bfe959 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -185,7 +185,7 @@ static inline unsigned p2m_index(unsigned long pfn)
 }
 
 /* Build the parallel p2m_top_mfn structures */
-static void __init xen_build_mfn_list_list(void)
+void xen_build_mfn_list_list(void)
 {
         unsigned pfn, idx;
 
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index 1167d9830f5f..563d20504988 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -73,7 +73,7 @@ static __cpuinit void cpu_bringup(void)
 
         xen_setup_cpu_clockevents();
 
-        cpu_set(cpu, cpu_online_map);
+        set_cpu_online(cpu, true);
         percpu_write(cpu_state, CPU_ONLINE);
         wmb();
 
@@ -296,6 +296,7 @@ static int __cpuinit xen_cpu_up(unsigned int cpu)
                 (unsigned long)task_stack_page(idle) -
                 KERNEL_STACK_OFFSET + THREAD_SIZE;
 #endif
+        xen_setup_runstate_info(cpu);
         xen_setup_timer(cpu);
         xen_init_lock_cpu(cpu);
 
diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
index 36a5141108df..24ded31b5aec 100644
--- a/arch/x86/xen/spinlock.c
+++ b/arch/x86/xen/spinlock.c
@@ -120,14 +120,14 @@ struct xen_spinlock {
         unsigned short spinners;        /* count of waiting cpus */
 };
 
-static int xen_spin_is_locked(struct raw_spinlock *lock)
+static int xen_spin_is_locked(struct arch_spinlock *lock)
 {
         struct xen_spinlock *xl = (struct xen_spinlock *)lock;
 
         return xl->lock != 0;
 }
 
-static int xen_spin_is_contended(struct raw_spinlock *lock)
+static int xen_spin_is_contended(struct arch_spinlock *lock)
 {
         struct xen_spinlock *xl = (struct xen_spinlock *)lock;
 
@@ -136,7 +136,7 @@ static int xen_spin_is_contended(struct raw_spinlock *lock)
         return xl->spinners != 0;
 }
 
-static int xen_spin_trylock(struct raw_spinlock *lock)
+static int xen_spin_trylock(struct arch_spinlock *lock)
 {
         struct xen_spinlock *xl = (struct xen_spinlock *)lock;
         u8 old = 1;
@@ -181,7 +181,7 @@ static inline void unspinning_lock(struct xen_spinlock *xl, struct xen_spinlock
         __get_cpu_var(lock_spinners) = prev;
 }
 
-static noinline int xen_spin_lock_slow(struct raw_spinlock *lock, bool irq_enable)
+static noinline int xen_spin_lock_slow(struct arch_spinlock *lock, bool irq_enable)
 {
         struct xen_spinlock *xl = (struct xen_spinlock *)lock;
         struct xen_spinlock *prev;
@@ -254,7 +254,7 @@ out:
         return ret;
 }
 
-static inline void __xen_spin_lock(struct raw_spinlock *lock, bool irq_enable)
+static inline void __xen_spin_lock(struct arch_spinlock *lock, bool irq_enable)
 {
         struct xen_spinlock *xl = (struct xen_spinlock *)lock;
         unsigned timeout;
@@ -291,12 +291,12 @@ static inline void __xen_spin_lock(struct raw_spinlock *lock, bool irq_enable)
         spin_time_accum_total(start_spin);
 }
 
-static void xen_spin_lock(struct raw_spinlock *lock)
+static void xen_spin_lock(struct arch_spinlock *lock)
 {
         __xen_spin_lock(lock, false);
 }
 
-static void xen_spin_lock_flags(struct raw_spinlock *lock, unsigned long flags)
+static void xen_spin_lock_flags(struct arch_spinlock *lock, unsigned long flags)
 {
         __xen_spin_lock(lock, !raw_irqs_disabled_flags(flags));
 }
@@ -317,7 +317,7 @@ static noinline void xen_spin_unlock_slow(struct xen_spinlock *xl)
         }
 }
 
-static void xen_spin_unlock(struct raw_spinlock *lock)
+static void xen_spin_unlock(struct arch_spinlock *lock)
 {
         struct xen_spinlock *xl = (struct xen_spinlock *)lock;
 
diff --git a/arch/x86/xen/suspend.c b/arch/x86/xen/suspend.c
index 95be7b434724..987267f79bf5 100644
--- a/arch/x86/xen/suspend.c
+++ b/arch/x86/xen/suspend.c
@@ -1,4 +1,5 @@
 #include <linux/types.h>
+#include <linux/clockchips.h>
 
 #include <xen/interface/xen.h>
 #include <xen/grant_table.h>
@@ -27,6 +28,8 @@ void xen_pre_suspend(void)
 
 void xen_post_suspend(int suspend_cancelled)
 {
+        xen_build_mfn_list_list();
+
         xen_setup_shared_info();
 
         if (suspend_cancelled) {
@@ -44,7 +47,19 @@ void xen_post_suspend(int suspend_cancelled)
 
 }
 
+static void xen_vcpu_notify_restore(void *data)
+{
+        unsigned long reason = (unsigned long)data;
+
+        /* Boot processor notified via generic timekeeping_resume() */
+        if ( smp_processor_id() == 0)
+                return;
+
+        clockevents_notify(reason, NULL);
+}
+
 void xen_arch_resume(void)
 {
-        /* nothing */
+        smp_call_function(xen_vcpu_notify_restore,
+                               (void *)CLOCK_EVT_NOTIFY_RESUME, 1);
 }
diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c
index 26e37b787ad3..0d3f07cd1b5f 100644
--- a/arch/x86/xen/time.c
+++ b/arch/x86/xen/time.c
@@ -100,7 +100,7 @@ bool xen_vcpu_stolen(int vcpu)
         return per_cpu(xen_runstate, vcpu).state == RUNSTATE_runnable;
 }
 
-static void setup_runstate_info(int cpu)
+void xen_setup_runstate_info(int cpu)
 {
         struct vcpu_register_runstate_memory_area area;
 
@@ -434,7 +434,7 @@ void xen_setup_timer(int cpu)
                 name = "<timer kasprintf failed>";
 
         irq = bind_virq_to_irqhandler(VIRQ_TIMER, cpu, xen_timer_interrupt,
-                                      IRQF_DISABLED|IRQF_PERCPU|IRQF_NOBALANCING,
+                                      IRQF_DISABLED|IRQF_PERCPU|IRQF_NOBALANCING|IRQF_TIMER,
                                       name, NULL);
 
         evt = &per_cpu(xen_clock_events, cpu);
@@ -442,8 +442,6 @@ void xen_setup_timer(int cpu)
 
         evt->cpumask = cpumask_of(cpu);
         evt->irq = irq;
-
-        setup_runstate_info(cpu);
 }
 
 void xen_teardown_timer(int cpu)
@@ -494,6 +492,7 @@ __init void xen_time_init(void)
 
         setup_force_cpu_cap(X86_FEATURE_TSC);
 
+        xen_setup_runstate_info(cpu);
         xen_setup_timer(cpu);
         xen_setup_cpu_clockevents();
 }
diff --git a/arch/x86/xen/xen-asm_64.S b/arch/x86/xen/xen-asm_64.S
index 02f496a8dbaa..53adefda4275 100644
--- a/arch/x86/xen/xen-asm_64.S
+++ b/arch/x86/xen/xen-asm_64.S
@@ -96,7 +96,7 @@ ENTRY(xen_sysret32)
         pushq $__USER32_CS
         pushq %rcx
 
-        pushq $VGCF_in_syscall
+        pushq $0
 1:      jmp hypercall_iret
 ENDPATCH(xen_sysret32)
 RELOC(xen_sysret32, 1b+1)
@@ -151,7 +151,7 @@ ENTRY(xen_syscall32_target)
 ENTRY(xen_sysenter_target)
         lea 16(%rsp), %rsp      /* strip %rcx, %r11 */
         mov $-ENOSYS, %rax
-        pushq $VGCF_in_syscall
+        pushq $0
         jmp hypercall_iret
 ENDPROC(xen_syscall32_target)
 ENDPROC(xen_sysenter_target)
diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
index 355fa6b99c9c..f9153a300bce 100644
--- a/arch/x86/xen/xen-ops.h
+++ b/arch/x86/xen/xen-ops.h
@@ -25,6 +25,7 @@ extern struct shared_info *HYPERVISOR_shared_info;
 
 void xen_setup_mfn_list_list(void);
 void xen_setup_shared_info(void);
+void xen_build_mfn_list_list(void);
 void xen_setup_machphys_mapping(void);
 pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn);
 void xen_ident_map_ISA(void);
@@ -41,6 +42,7 @@ void __init xen_build_dynamic_phys_to_machine(void);
 
 void xen_init_irq_ops(void);
 void xen_setup_timer(int cpu);
+void xen_setup_runstate_info(int cpu);
 void xen_teardown_timer(int cpu);
 cycle_t xen_clocksource_read(void);
 void xen_setup_cpu_clockevents(void);