23 files changed, 192 insertions, 68 deletions
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index c760e073963e..e87b0cac14b5 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,8 @@
 #include <asm/setup.h>
 #include <asm/desc.h>
+#undef memcpy                   /* Use memcpy from misc.c */
 #include "eboot.h"
 static efi_system_table_t *sys_table;
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 2a017441b8b2..8c132a625b94 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -476,6 +476,3 @@ die:
 setup_corrupt:
        .byte   7
        .string "No setup signature found...\n"
-        .data
-dummy:  .long   0
diff --git a/arch/x86/include/asm/Kbuild b/arch/x86/include/asm/Kbuild
index 66e5f0ef0523..79fd8a3418f9 100644
--- a/arch/x86/include/asm/Kbuild
+++ b/arch/x86/include/asm/Kbuild
@@ -12,6 +12,7 @@ header-y += mce.h
 header-y += msr-index.h
 header-y += msr.h
 header-y += mtrr.h
+header-y += perf_regs.h
 header-y += posix_types_32.h
 header-y += posix_types_64.h
 header-y += posix_types_x32.h
@@ -19,8 +20,10 @@ header-y += prctl.h
 header-y += processor-flags.h
 header-y += ptrace-abi.h
 header-y += sigcontext32.h
+header-y += svm.h
 header-y += ucontext.h
 header-y += vm86.h
+header-y += vmx.h
 header-y += vsyscall.h
 genhdr-y += unistd_32.h
diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h
index 831dbb9c6c02..41ab26ea6564 100644
--- a/arch/x86/include/asm/fpu-internal.h
+++ b/arch/x86/include/asm/fpu-internal.h
@@ -399,14 +399,17 @@ static inline void drop_init_fpu(struct task_struct *tsk)
 typedef struct { int preload; } fpu_switch_t;
 /*
- * FIXME! We could do a totally lazy restore, but we need to
+ * Must be run with preemption disabled: this clears the fpu_owner_task,
- * add a per-cpu "this was the task that last touched the FPU
+ * on this CPU.
- * on this CPU" variable, and the task needs to have a "I last
- * touched the FPU on this CPU" and check them.
 *
- * We don't do that yet, so "fpu_lazy_restore()" always returns
+ * This will disable any lazy FPU state restore of the current FPU state,
- * false, but some day..
+ * but if the current thread owns the FPU, it will still be saved by.
 */
+static inline void __cpu_disable_lazy_restore(unsigned int cpu)
+{
+        per_cpu(fpu_owner_task, cpu) = NULL;
+}
 static inline int fpu_lazy_restore(struct task_struct *new, unsigned int cpu)
 {
        return new == this_cpu_read_stable(fpu_owner_task) &&
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
index dcfde52979c3..19f16ebaf4fa 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -205,21 +205,14 @@ static inline bool user_64bit_mode(struct pt_regs *regs)
 }
 #endif
-/*
- * X86_32 CPUs don't save ss and esp if the CPU is already in kernel mode
- * when it traps.  The previous stack will be directly underneath the saved
- * registers, and 'sp/ss' won't even have been saved. Thus the '&regs->sp'.
- *
- * This is valid only for kernel mode traps.
- */
-static inline unsigned long kernel_stack_pointer(struct pt_regs *regs)
-{
 #ifdef CONFIG_X86_32
-        return (unsigned long)(&regs->sp);
+extern unsigned long kernel_stack_pointer(struct pt_regs *regs);
 #else
+static inline unsigned long kernel_stack_pointer(struct pt_regs *regs)
+{
        return regs->sp;
-#endif
 }
+#endif
 #define GET_IP(regs) ((regs)->ip)
 #define GET_FP(regs) ((regs)->bp)
diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index 59c226d120cd..c20d1ce62dc6 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -359,18 +359,14 @@ HYPERVISOR_update_va_mapping(unsigned long va, pte_t new_val,
                return _hypercall4(int, update_va_mapping, va,
                                   new_val.pte, new_val.pte >> 32, flags);
 }
+extern int __must_check xen_event_channel_op_compat(int, void *);
 static inline int
 HYPERVISOR_event_channel_op(int cmd, void *arg)
 {
        int rc = _hypercall2(int, event_channel_op, cmd, arg);
-        if (unlikely(rc == -ENOSYS)) {
+        if (unlikely(rc == -ENOSYS))
-                struct evtchn_op op;
+                rc = xen_event_channel_op_compat(cmd, arg);
-                op.cmd = cmd;
-                memcpy(&op.u, arg, sizeof(op.u));
-                rc = _hypercall1(int, event_channel_op_compat, &op);
-                memcpy(arg, &op.u, sizeof(op.u));
-        }
        return rc;
 }
@@ -386,17 +382,14 @@ HYPERVISOR_console_io(int cmd, int count, char *str)
        return _hypercall3(int, console_io, cmd, count, str);
 }
+extern int __must_check HYPERVISOR_physdev_op_compat(int, void *);
 static inline int
 HYPERVISOR_physdev_op(int cmd, void *arg)
 {
        int rc = _hypercall2(int, physdev_op, cmd, arg);
-        if (unlikely(rc == -ENOSYS)) {
+        if (unlikely(rc == -ENOSYS))
-                struct physdev_op op;
+                rc = HYPERVISOR_physdev_op_compat(cmd, arg);
-                op.cmd = cmd;
-                memcpy(&op.u, arg, sizeof(op.u));
-                rc = _hypercall1(int, physdev_op_compat, &op);
-                memcpy(arg, &op.u, sizeof(op.u));
-        }
        return rc;
 }
diff --git a/arch/x86/include/asm/xen/hypervisor.h b/arch/x86/include/asm/xen/hypervisor.h
index 66d0fff1ee84..125f344f06a9 100644
--- a/arch/x86/include/asm/xen/hypervisor.h
+++ b/arch/x86/include/asm/xen/hypervisor.h
@@ -33,7 +33,6 @@
 #ifndef _ASM_X86_XEN_HYPERVISOR_H
 #define _ASM_X86_XEN_HYPERVISOR_H
-/* arch/i386/kernel/setup.c */
 extern struct shared_info *HYPERVISOR_shared_info;
 extern struct start_info *xen_start_info;
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index f7e98a2c0d12..1b7d1656a042 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -631,6 +631,20 @@ static void __cpuinit init_amd(struct cpuinfo_x86 *c)
                }
        }
+        /*
+         * The way access filter has a performance penalty on some workloads.
+         * Disable it on the affected CPUs.
+         */
+        if ((c->x86 == 0x15) &&
+            (c->x86_model >= 0x02) && (c->x86_model < 0x20)) {
+                u64 val;
+                if (!rdmsrl_safe(0xc0011021, &val) && !(val & 0x1E)) {
+                        val |= 0x1E;
+                        wrmsrl_safe(0xc0011021, val);
+                }
+        }
        cpu_detect_cache_sizes(c);
        /* Multi core CPU? */
diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c
index 698b6ec12e0f..1ac581f38dfa 100644
--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c
@@ -6,7 +6,7 @@
 *
 *  Written by Jacob Shin - AMD, Inc.
 *
- *  Support: borislav.petkov@amd.com
+ *  Maintained by: Borislav Petkov <bp@alien8.de>
 *
 *  April 2006
 *     - added support for AMD Family 0x10 processors
diff --git a/arch/x86/kernel/cpu/mcheck/mce_intel.c b/arch/x86/kernel/cpu/mcheck/mce_intel.c
index 5f88abf07e9c..4f9a3cbfc4a3 100644
--- a/arch/x86/kernel/cpu/mcheck/mce_intel.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_intel.c
@@ -285,34 +285,39 @@ void cmci_clear(void)
        raw_spin_unlock_irqrestore(&cmci_discover_lock, flags);
 }
+static long cmci_rediscover_work_func(void *arg)
+{
+        int banks;
+        /* Recheck banks in case CPUs don't all have the same */
+        if (cmci_supported(&banks))
+                cmci_discover(banks);
+        return 0;
+}
 /*
 * After a CPU went down cycle through all the others and rediscover
 * Must run in process context.
 */
 void cmci_rediscover(int dying)
 {
-        int banks;
+        int cpu, banks;
-        int cpu;
-        cpumask_var_t old;
        if (!cmci_supported(&banks))
                return;
-        if (!alloc_cpumask_var(&old, GFP_KERNEL))
-                return;
-        cpumask_copy(old, &current->cpus_allowed);
        for_each_online_cpu(cpu) {
                if (cpu == dying)
                        continue;
-                if (set_cpus_allowed_ptr(current, cpumask_of(cpu)))
+                if (cpu == smp_processor_id()) {
+                        cmci_rediscover_work_func(NULL);
                        continue;
-                /* Recheck banks in case CPUs don't all have the same */
+                }
-                if (cmci_supported(&banks))
-                        cmci_discover(banks);
-        }
-        set_cpus_allowed_ptr(current, old);
+                work_on_cpu(cpu, cmci_rediscover_work_func, NULL);
-        free_cpumask_var(old);
+        }
 }
 /*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index b51b2c7ee51f..1328fe49a3f1 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -995,8 +995,8 @@ END(interrupt)
         */
        .p2align CONFIG_X86_L1_CACHE_SHIFT
 common_interrupt:
-        ASM_CLAC
        XCPT_FRAME
+        ASM_CLAC
        addq $-0x80,(%rsp)              /* Adjust vector to [-256,-1] range */
        interrupt do_IRQ
        /* 0(%rsp): old_rsp-ARGOFFSET */
@@ -1135,8 +1135,8 @@ END(common_interrupt)
 */
 .macro apicinterrupt num sym do_sym
 ENTRY(\sym)
-        ASM_CLAC
        INTR_FRAME
+        ASM_CLAC
        pushq_cfi $~(\num)
 .Lcommon_\sym:
        interrupt \do_sym
@@ -1190,8 +1190,8 @@ apicinterrupt IRQ_WORK_VECTOR \
 */
 .macro zeroentry sym do_sym
 ENTRY(\sym)
-        ASM_CLAC
        INTR_FRAME
+        ASM_CLAC
        PARAVIRT_ADJUST_EXCEPTION_FRAME
        pushq_cfi $-1           /* ORIG_RAX: no syscall to restart */
        subq $ORIG_RAX-R15, %rsp
@@ -1208,8 +1208,8 @@ END(\sym)
 .macro paranoidzeroentry sym do_sym
 ENTRY(\sym)
-        ASM_CLAC
        INTR_FRAME
+        ASM_CLAC
        PARAVIRT_ADJUST_EXCEPTION_FRAME
        pushq_cfi $-1           /* ORIG_RAX: no syscall to restart */
        subq $ORIG_RAX-R15, %rsp
@@ -1227,8 +1227,8 @@ END(\sym)
 #define INIT_TSS_IST(x) PER_CPU_VAR(init_tss) + (TSS_ist + ((x) - 1) * 8)
 .macro paranoidzeroentry_ist sym do_sym ist
 ENTRY(\sym)
-        ASM_CLAC
        INTR_FRAME
+        ASM_CLAC
        PARAVIRT_ADJUST_EXCEPTION_FRAME
        pushq_cfi $-1           /* ORIG_RAX: no syscall to restart */
        subq $ORIG_RAX-R15, %rsp
@@ -1247,8 +1247,8 @@ END(\sym)
 .macro errorentry sym do_sym
 ENTRY(\sym)
-        ASM_CLAC
        XCPT_FRAME
+        ASM_CLAC
        PARAVIRT_ADJUST_EXCEPTION_FRAME
        subq $ORIG_RAX-R15, %rsp
        CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
@@ -1266,8 +1266,8 @@ END(\sym)
        /* error code is on the stack already */
 .macro paranoiderrorentry sym do_sym
 ENTRY(\sym)
-        ASM_CLAC
        XCPT_FRAME
+        ASM_CLAC
        PARAVIRT_ADJUST_EXCEPTION_FRAME
        subq $ORIG_RAX-R15, %rsp
        CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index 957a47aec64e..4dac2f68ed4a 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -292,8 +292,8 @@ default_entry:
 *      be using the global pages. 
 *
 *      NOTE! If we are on a 486 we may have no cr4 at all!
- *      Specifically, cr4 exists if and only if CPUID exists,
+ *      Specifically, cr4 exists if and only if CPUID exists
- *      which in turn exists if and only if EFLAGS.ID exists.
+ *      and has flags other than the FPU flag set.
 */
        movl $X86_EFLAGS_ID,%ecx
        pushl %ecx
@@ -308,6 +308,11 @@ default_entry:
        testl %ecx,%eax
        jz 6f                   # No ID flag = no CPUID = no CR4
+        movl $1,%eax
+        cpuid
+        andl $~1,%edx           # Ignore CPUID.FPU
+        jz 6f                   # No flags or only CPUID.FPU = no CR4
        movl pa(mmu_cr4_features),%eax
        movl %eax,%cr4
diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/microcode_amd.c
index 7720ff5a9ee2..efdec7cd8e01 100644
--- a/arch/x86/kernel/microcode_amd.c
+++ b/arch/x86/kernel/microcode_amd.c
@@ -8,8 +8,8 @@
 *  Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
 *
 *  Maintainers:
- *  Andreas Herrmann <andreas.herrmann3@amd.com>
+ *  Andreas Herrmann <herrmann.der.user@googlemail.com>
- *  Borislav Petkov <borislav.petkov@amd.com>
+ *  Borislav Petkov <bp@alien8.de>
 *
 *  This driver allows to upgrade microcode on F10h AMD
 *  CPUs and later.
@@ -190,6 +190,7 @@ static unsigned int verify_patch_size(int cpu, u32 patch_size,
 #define F1XH_MPB_MAX_SIZE 2048
 #define F14H_MPB_MAX_SIZE 1824
 #define F15H_MPB_MAX_SIZE 4096
+#define F16H_MPB_MAX_SIZE 3458
        switch (c->x86) {
        case 0x14:
@@ -198,6 +199,9 @@ static unsigned int verify_patch_size(int cpu, u32 patch_size,
        case 0x15:
                max_size = F15H_MPB_MAX_SIZE;
                break;
+        case 0x16:
+                max_size = F16H_MPB_MAX_SIZE;
+                break;
        default:
                max_size = F1XH_MPB_MAX_SIZE;
                break;
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index b00b33a18390..974b67e46dd0 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -22,6 +22,7 @@
 #include <linux/perf_event.h>
 #include <linux/hw_breakpoint.h>
 #include <linux/rcupdate.h>
+#include <linux/module.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -166,6 +167,35 @@ static inline bool invalid_selector(u16 value)
 #define FLAG_MASK               FLAG_MASK_32
+/*
+ * X86_32 CPUs don't save ss and esp if the CPU is already in kernel mode
+ * when it traps.  The previous stack will be directly underneath the saved
+ * registers, and 'sp/ss' won't even have been saved. Thus the '&regs->sp'.
+ *
+ * Now, if the stack is empty, '&regs->sp' is out of range. In this
+ * case we try to take the previous stack. To always return a non-null
+ * stack pointer we fall back to regs as stack if no previous stack
+ * exists.
+ *
+ * This is valid only for kernel mode traps.
+ */
+unsigned long kernel_stack_pointer(struct pt_regs *regs)
+{
+        unsigned long context = (unsigned long)regs & ~(THREAD_SIZE - 1);
+        unsigned long sp = (unsigned long)&regs->sp;
+        struct thread_info *tinfo;
+        if (context == (sp & ~(THREAD_SIZE - 1)))
+                return sp;
+        tinfo = (struct thread_info *)context;
+        if (tinfo->previous_esp)
+                return tinfo->previous_esp;
+        return (unsigned long)regs;
+}
+EXPORT_SYMBOL_GPL(kernel_stack_pointer);
 static unsigned long *pt_regs_access(struct pt_regs *regs, unsigned long regno)
 {
        BUILD_BUG_ON(offsetof(struct pt_regs, bx) != 0);
@@ -1511,6 +1541,13 @@ void syscall_trace_leave(struct pt_regs *regs)
 {
        bool step;
+        /*
+         * We may come here right after calling schedule_user()
+         * or do_notify_resume(), in which case we can be in RCU
+         * user mode.
+         */
+        rcu_user_exit();
        audit_syscall_exit(regs);
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index c80a33bc528b..f3e2ec878b8c 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -68,6 +68,8 @@
 #include <asm/mwait.h>
 #include <asm/apic.h>
 #include <asm/io_apic.h>
+#include <asm/i387.h>
+#include <asm/fpu-internal.h>
 #include <asm/setup.h>
 #include <asm/uv/uv.h>
 #include <linux/mc146818rtc.h>
@@ -818,6 +820,9 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle)
        per_cpu(cpu_state, cpu) = CPU_UP_PREPARE;
+        /* the FPU context is blank, nobody can own it */
+        __cpu_disable_lazy_restore(cpu);
        err = do_boot_cpu(apicid, cpu, tidle);
        if (err) {
                pr_debug("do_boot_cpu failed %d\n", err);
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index a10e46016851..58fc51488828 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -24,6 +24,9 @@ static inline bool guest_cpuid_has_xsave(struct kvm_vcpu *vcpu)
 {
        struct kvm_cpuid_entry2 *best;
+        if (!static_cpu_has(X86_FEATURE_XSAVE))
+                return 0;
        best = kvm_find_cpuid_entry(vcpu, 1, 0);
        return best && (best->ecx & bit(X86_FEATURE_XSAVE));
 }
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 39171cb307ea..bba39bfa1c4b 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -426,8 +426,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
                        _ASM_EXTABLE(1b, 3b)                            \
                        : "=m" ((ctxt)->eflags), "=&r" (_tmp),          \
                          "+a" (*rax), "+d" (*rdx), "+qm"(_ex)          \
-                        : "i" (EFLAGS_MASK), "m" ((ctxt)->src.val),     \
+                        : "i" (EFLAGS_MASK), "m" ((ctxt)->src.val));    \
-                          "a" (*rax), "d" (*rdx));                      \
        } while (0)
 /* instruction has only one source operand, destination is implicit (e.g. mul, div, imul, idiv) */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index ad6b1dd06f8b..f85815945fc6 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6549,19 +6549,22 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu)
                }
        }
-        exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
        /* Exposing INVPCID only when PCID is exposed */
        best = kvm_find_cpuid_entry(vcpu, 0x7, 0);
        if (vmx_invpcid_supported() &&
            best && (best->ebx & bit(X86_FEATURE_INVPCID)) &&
            guest_cpuid_has_pcid(vcpu)) {
+                exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
                exec_control |= SECONDARY_EXEC_ENABLE_INVPCID;
                vmcs_write32(SECONDARY_VM_EXEC_CONTROL,
                             exec_control);
        } else {
-                exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID;
+                if (cpu_has_secondary_exec_ctrls()) {
-                vmcs_write32(SECONDARY_VM_EXEC_CONTROL,
+                        exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
-                             exec_control);
+                        exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID;
+                        vmcs_write32(SECONDARY_VM_EXEC_CONTROL,
+                                     exec_control);
+                }
                if (best)
                        best->ebx &= ~bit(X86_FEATURE_INVPCID);
        }
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 224a7e78cb6c..4f7641756be2 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5781,6 +5781,9 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
        int pending_vec, max_bits, idx;
        struct desc_ptr dt;
+        if (!guest_cpuid_has_xsave(vcpu) && (sregs->cr4 & X86_CR4_OSXSAVE))
+                return -EINVAL;
        dt.size = sregs->idt.limit;
        dt.address = sregs->idt.base;
        kvm_x86_ops->set_idt(vcpu, &dt);
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 0777f042e400..60f926cd8b0e 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -197,7 +197,7 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
        }
        if (end == TLB_FLUSH_ALL || tlb_flushall_shift == -1
-                                        || vmflag == VM_HUGETLB) {
+                                        || vmflag & VM_HUGETLB) {
                local_flush_tlb();
                goto flush_all;
        }
diff --git a/arch/x86/pci/ce4100.c b/arch/x86/pci/ce4100.c
index 41bd2a2d2c50..b914e20b5a00 100644
--- a/arch/x86/pci/ce4100.c
+++ b/arch/x86/pci/ce4100.c
@@ -115,6 +115,16 @@ static void sata_revid_read(struct sim_dev_reg *reg, u32 *value)
        reg_read(reg, value);
 }
+static void reg_noirq_read(struct sim_dev_reg *reg, u32 *value)
+{
+        unsigned long flags;
+        raw_spin_lock_irqsave(&pci_config_lock, flags);
+        /* force interrupt pin value to 0 */
+        *value = reg->sim_reg.value & 0xfff00ff;
+        raw_spin_unlock_irqrestore(&pci_config_lock, flags);
+}
 static struct sim_dev_reg bus1_fixups[] = {
        DEFINE_REG(2, 0, 0x10, (16*MB), reg_init, reg_read, reg_write)
        DEFINE_REG(2, 0, 0x14, (256), reg_init, reg_read, reg_write)
@@ -144,6 +154,7 @@ static struct sim_dev_reg bus1_fixups[] = {
        DEFINE_REG(11, 5, 0x10, (64*KB), reg_init, reg_read, reg_write)
        DEFINE_REG(11, 6, 0x10, (256), reg_init, reg_read, reg_write)
        DEFINE_REG(11, 7, 0x10, (64*KB), reg_init, reg_read, reg_write)
+        DEFINE_REG(11, 7, 0x3c, 256, reg_init, reg_noirq_read, reg_write)
        DEFINE_REG(12, 0, 0x10, (128*KB), reg_init, reg_read, reg_write)
        DEFINE_REG(12, 0, 0x14, (256), reg_init, reg_read, reg_write)
        DEFINE_REG(12, 1, 0x10, (1024), reg_init, reg_read, reg_write)
@@ -161,8 +172,10 @@ static struct sim_dev_reg bus1_fixups[] = {
        DEFINE_REG(16, 0, 0x10, (64*KB), reg_init, reg_read, reg_write)
        DEFINE_REG(16, 0, 0x14, (64*MB), reg_init, reg_read, reg_write)
        DEFINE_REG(16, 0, 0x18, (64*MB), reg_init, reg_read, reg_write)
+        DEFINE_REG(16, 0, 0x3c, 256, reg_init, reg_noirq_read, reg_write)
        DEFINE_REG(17, 0, 0x10, (128*KB), reg_init, reg_read, reg_write)
        DEFINE_REG(18, 0, 0x10, (1*KB), reg_init, reg_read, reg_write)
+        DEFINE_REG(18, 0, 0x3c, 256, reg_init, reg_noirq_read, reg_write)
 };
 static void __init init_sim_regs(void)
diff --git a/arch/x86/platform/ce4100/ce4100.c b/arch/x86/platform/ce4100/ce4100.c
index 4c61b52191eb..92525cb8e54c 100644
--- a/arch/x86/platform/ce4100/ce4100.c
+++ b/arch/x86/platform/ce4100/ce4100.c
@@ -21,12 +21,25 @@
 #include <asm/i8259.h>
 #include <asm/io.h>
 #include <asm/io_apic.h>
+#include <asm/emergency-restart.h>
 static int ce4100_i8042_detect(void)
 {
        return 0;
 }
+/*
+ * The CE4100 platform has an internal 8051 Microcontroller which is
+ * responsible for signaling to the external Power Management Unit the
+ * intention to reset, reboot or power off the system. This 8051 device has
+ * its command register mapped at I/O port 0xcf9 and the value 0x4 is used
+ * to power off the system.
+ */
+static void ce4100_power_off(void)
+{
+        outb(0x4, 0xcf9);
+}
 #ifdef CONFIG_SERIAL_8250
 static unsigned int mem_serial_in(struct uart_port *p, int offset)
@@ -139,8 +152,19 @@ void __init x86_ce4100_early_setup(void)
        x86_init.mpparse.find_smp_config = x86_init_noop;
        x86_init.pci.init = ce4100_pci_init;
+        /*
+         * By default, the reboot method is ACPI which is supported by the
+         * CE4100 bootloader CEFDK using FADT.ResetReg Address and ResetValue
+         * the bootloader will however issue a system power off instead of
+         * reboot. By using BOOT_KBD we ensure proper system reboot as
+         * expected.
+         */
+        reboot_type = BOOT_KBD;
 #ifdef CONFIG_X86_IO_APIC
        x86_init.pci.init_irq = sdv_pci_init;
        x86_init.mpparse.setup_ioapic_ids = setup_ioapic_ids_from_mpc_nocheck;
 #endif
+        pm_power_off = ce4100_power_off;
 }
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 6226c99729b9..dcf5f2dd91ec 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -1288,6 +1288,25 @@ unsigned long xen_read_cr2_direct(void)
        return this_cpu_read(xen_vcpu_info.arch.cr2);
 }
+void xen_flush_tlb_all(void)
+{
+        struct mmuext_op *op;
+        struct multicall_space mcs;
+        trace_xen_mmu_flush_tlb_all(0);
+        preempt_disable();
+        mcs = xen_mc_entry(sizeof(*op));
+        op = mcs.args;
+        op->cmd = MMUEXT_TLB_FLUSH_ALL;
+        MULTI_mmuext_op(mcs.mc, op, 1, NULL, DOMID_SELF);
+        xen_mc_issue(PARAVIRT_LAZY_MMU);
+        preempt_enable();
+}
 static void xen_flush_tlb(void)
 {
        struct mmuext_op *op;
@@ -2518,7 +2537,7 @@ int xen_remap_domain_mfn_range(struct vm_area_struct *vma,
        err = 0;
 out:
-        flush_tlb_all();
+        xen_flush_tlb_all();
        return err;
 }