348 files changed, 14999 insertions, 7579 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 56f47caf6fa0..25d2c6f7325e 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -23,6 +23,7 @@ config X86
        def_bool y
        select ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS
        select ARCH_MIGHT_HAVE_PC_PARPORT
+        select ARCH_MIGHT_HAVE_PC_SERIO
        select HAVE_AOUT if X86_32
        select HAVE_UNSTABLE_SCHED_CLOCK
        select ARCH_SUPPORTS_NUMA_BALANCING
@@ -42,6 +43,7 @@ config X86
        select HAVE_DMA_ATTRS
        select HAVE_DMA_CONTIGUOUS if !SWIOTLB
        select HAVE_KRETPROBES
+        select GENERIC_EARLY_IOREMAP
        select HAVE_OPTPROBES
        select HAVE_KPROBES_ON_FTRACE
        select HAVE_FTRACE_MCOUNT_RECORD
@@ -106,9 +108,9 @@ config X86
        select HAVE_ARCH_SOFT_DIRTY
        select CLOCKSOURCE_WATCHDOG
        select GENERIC_CLOCKEVENTS
-        select ARCH_CLOCKSOURCE_DATA if X86_64
+        select ARCH_CLOCKSOURCE_DATA
        select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC)
-        select GENERIC_TIME_VSYSCALL if X86_64
+        select GENERIC_TIME_VSYSCALL
        select KTIME_SCALAR if X86_32
        select GENERIC_STRNCPY_FROM_USER
        select GENERIC_STRNLEN_USER
@@ -125,6 +127,8 @@ config X86
        select RTC_LIB
        select HAVE_DEBUG_STACKOVERFLOW
        select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
+        select HAVE_CC_STACKPROTECTOR
+        select GENERIC_CPU_AUTOPROBE
        select HAVE_ARCH_AUDITSYSCALL
 config INSTRUCTION_DECODER
@@ -194,9 +198,6 @@ config ARCH_HAS_CPU_RELAX
 config ARCH_HAS_CACHE_LINE_SIZE
        def_bool y
-config ARCH_HAS_CPU_AUTOPROBE
-        def_bool y
 config HAVE_SETUP_PER_CPU_AREA
        def_bool y
@@ -279,13 +280,13 @@ config SMP
        bool "Symmetric multi-processing support"
        ---help---
          This enables support for systems with more than one CPU. If you have
-          a system with only one CPU, like most personal computers, say N. If
+          a system with only one CPU, say N. If you have a system with more
-          you have a system with more than one CPU, say Y.
+          than one CPU, say Y.
-          If you say N here, the kernel will run on single and multiprocessor
+          If you say N here, the kernel will run on uni- and multiprocessor
          machines, but will use only one CPU of a multiprocessor machine. If
          you say Y here, the kernel will run on many, but not all,
-          singleprocessor machines. On a singleprocessor machine, the kernel
+          uniprocessor machines. On a uniprocessor machine, the kernel
          will run faster if you say N here.
          Note that if you say Y here and choose architecture "586" or
@@ -345,12 +346,9 @@ config X86_EXTENDED_PLATFORM
          for the following (non-PC) 32 bit x86 platforms:
                Goldfish (Android emulator)
                AMD Elan
-                NUMAQ (IBM/Sequent)
                RDC R-321x SoC
                SGI 320/540 (Visual Workstation)
                STA2X11-based (e.g. Northville)
-                Summit/EXA (IBM x440)
-                Unisys ES7000 IA32 series
                Moorestown MID devices
          If you have one of these systems, or if you want to build a
@@ -439,42 +437,27 @@ config X86_INTEL_CE
          This option compiles in support for the CE4100 SOC for settop
          boxes and media devices.
-config X86_WANT_INTEL_MID
+config X86_INTEL_MID
        bool "Intel MID platform support"
        depends on X86_32
        depends on X86_EXTENDED_PLATFORM
-        ---help---
+        depends on X86_PLATFORM_DEVICES
-          Select to build a kernel capable of supporting Intel MID platform
-          systems which do not have the PCI legacy interfaces (Moorestown,
-          Medfield). If you are building for a PC class system say N here.
-if X86_WANT_INTEL_MID
-config X86_INTEL_MID
-        bool
-config X86_MDFLD
-       bool "Medfield MID platform"
        depends on PCI
        depends on PCI_GOANY
        depends on X86_IO_APIC
-        select X86_INTEL_MID
        select SFI
+        select I2C
        select DW_APB_TIMER
        select APB_TIMER
-        select I2C
-        select SPI
        select INTEL_SCU_IPC
-        select X86_PLATFORM_DEVICES
        select MFD_INTEL_MSIC
        ---help---
-          Medfield is Intel's Low Power Intel Architecture (LPIA) based Moblin
+          Select to build a kernel capable of supporting Intel MID (Mobile
-          Internet Device(MID) platform. 
+          Internet Device) platform systems which do not have the PCI legacy
-          Unlike standard x86 PCs, Medfield does not have many legacy devices
+          interfaces. If you are building for a PC class system say N here.
-          nor standard legacy replacement devices/features. e.g. Medfield does
-          not contain i8259, i8254, HPET, legacy BIOS, most of the io ports.
-endif
+          Intel MID platforms are based on an Intel processor and chipset which
+          consume less power than most of the x86 derivatives.
 config X86_INTEL_LPSS
        bool "Intel Low Power Subsystem Support"
@@ -503,49 +486,22 @@ config X86_32_NON_STANDARD
        depends on X86_32 && SMP
        depends on X86_EXTENDED_PLATFORM
        ---help---
-          This option compiles in the NUMAQ, Summit, bigsmp, ES7000,
+          This option compiles in the bigsmp and STA2X11 default
-          STA2X11, default subarchitectures.  It is intended for a generic
+          subarchitectures.  It is intended for a generic binary
-          binary kernel. If you select them all, kernel will probe it
+          kernel. If you select them all, kernel will probe it one by
-          one by one and will fallback to default.
+          one and will fallback to default.
 # Alphabetically sorted list of Non standard 32 bit platforms
-config X86_NUMAQ
-        bool "NUMAQ (IBM/Sequent)"
-        depends on X86_32_NON_STANDARD
-        depends on PCI
-        select NUMA
-        select X86_MPPARSE
-        ---help---
-          This option is used for getting Linux to run on a NUMAQ (IBM/Sequent)
-          NUMA multiquad box. This changes the way that processors are
-          bootstrapped, and uses Clustered Logical APIC addressing mode instead
-          of Flat Logical.  You will need a new lynxer.elf file to flash your
-          firmware with - send email to <Martin.Bligh@us.ibm.com>.
 config X86_SUPPORTS_MEMORY_FAILURE
        def_bool y
        # MCE code calls memory_failure():
        depends on X86_MCE
        # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
-        depends on !X86_NUMAQ
        # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
        depends on X86_64 || !SPARSEMEM
        select ARCH_SUPPORTS_MEMORY_FAILURE
-config X86_VISWS
-        bool "SGI 320/540 (Visual Workstation)"
-        depends on X86_32 && PCI && X86_MPPARSE && PCI_GODIRECT
-        depends on X86_32_NON_STANDARD
-        ---help---
-          The SGI Visual Workstation series is an IA32-based workstation
-          based on SGI systems chips with some legacy PC hardware attached.
-          Say Y here to create a kernel to run on the SGI 320 or 540.
-          A kernel compiled for the Visual Workstation will run on general
-          PCs as well. See <file:Documentation/sgi-visws.txt> for details.
 config STA2X11
        bool "STA2X11 Companion Chip Support"
        depends on X86_32_NON_STANDARD && PCI
@@ -562,20 +518,6 @@ config STA2X11
          option is selected the kernel will still be able to boot on
          standard PC machines.
-config X86_SUMMIT
-        bool "Summit/EXA (IBM x440)"
-        depends on X86_32_NON_STANDARD
-        ---help---
-          This option is needed for IBM systems that use the Summit/EXA chipset.
-          In particular, it is needed for the x440.
-config X86_ES7000
-        bool "Unisys ES7000 IA32 series"
-        depends on X86_32_NON_STANDARD && X86_BIGSMP
-        ---help---
-          Support for Unisys ES7000 systems.  Say 'Y' here if this kernel is
-          supposed to run on an IA32-based Unisys ES7000 system.
 config X86_32_IRIS
        tristate "Eurobraille/Iris poweroff module"
        depends on X86_32
@@ -698,14 +640,6 @@ config MEMTEST
                memtest=4, mean do 4 test patterns.
          If you are unsure how to answer this question, answer N.
-config X86_SUMMIT_NUMA
-        def_bool y
-        depends on X86_32 && NUMA && X86_32_NON_STANDARD
-config X86_CYCLONE_TIMER
-        def_bool y
-        depends on X86_SUMMIT
 source "arch/x86/Kconfig.cpu"
 config HPET_TIMER
@@ -747,6 +681,7 @@ config APB_TIMER
 # The code disables itself when not needed.
 config DMI
        default y
+        select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
        bool "Enable DMI scanning" if EXPERT
        ---help---
          Enabled scanning of DMI to identify machine quirks. Say Y
@@ -833,7 +768,7 @@ config NR_CPUS
        range 2 8192 if SMP && !MAXSMP && CPUMASK_OFFSTACK && X86_64
        default "1" if !SMP
        default "8192" if MAXSMP
-        default "32" if SMP && (X86_NUMAQ || X86_SUMMIT || X86_BIGSMP || X86_ES7000)
+        default "32" if SMP && X86_BIGSMP
        default "8" if SMP
        ---help---
          This allows you to specify the maximum number of CPUs which this
@@ -897,10 +832,6 @@ config X86_IO_APIC
        def_bool y
        depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_IOAPIC || PCI_MSI
-config X86_VISWS_APIC
-        def_bool y
-        depends on X86_32 && X86_VISWS
 config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
        bool "Reroute for broken boot IRQs"
        depends on X86_IO_APIC
@@ -954,7 +885,7 @@ config X86_ANCIENT_MCE
        depends on X86_32 && X86_MCE
        ---help---
          Include support for machine check handling on old Pentium 5 or WinChip
-          systems. These typically need to be enabled explicitely on the command
+          systems. These typically need to be enabled explicitly on the command
          line.
 config X86_MCE_THRESHOLD
@@ -1065,9 +996,9 @@ config MICROCODE_INTEL
          This options enables microcode patch loading support for Intel
          processors.
-          For latest news and information on obtaining all the required
+          For the current Intel microcode data package go to
-          Intel ingredients for this driver, check:
+          <https://downloadcenter.intel.com> and search for
-          <http://www.urbanmyth.org/microcode/>.
+          'Linux Processor Microcode Data File'.
 config MICROCODE_AMD
        bool "AMD microcode loading support"
@@ -1081,10 +1012,6 @@ config MICROCODE_OLD_INTERFACE
        def_bool y
        depends on MICROCODE
-config MICROCODE_INTEL_LIB
-        def_bool y
-        depends on MICROCODE_INTEL
 config MICROCODE_INTEL_EARLY
        def_bool n
@@ -1122,13 +1049,11 @@ config X86_CPUID
 choice
        prompt "High Memory Support"
-        default HIGHMEM64G if X86_NUMAQ
        default HIGHMEM4G
        depends on X86_32
 config NOHIGHMEM
        bool "off"
-        depends on !X86_NUMAQ
        ---help---
          Linux can use up to 64 Gigabytes of physical memory on x86 systems.
          However, the address space of 32-bit x86 processors is only 4
@@ -1165,7 +1090,6 @@ config NOHIGHMEM
 config HIGHMEM4G
        bool "4GB"
-        depends on !X86_NUMAQ
        ---help---
          Select this if you have a 32-bit processor and between 1 and 4
          gigabytes of physical RAM.
@@ -1257,8 +1181,8 @@ config DIRECT_GBPAGES
 config NUMA
        bool "Numa Memory Allocation and Scheduler Support"
        depends on SMP
-        depends on X86_64 || (X86_32 && HIGHMEM64G && (X86_NUMAQ || X86_BIGSMP || X86_SUMMIT && ACPI))
+        depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP)
-        default y if (X86_NUMAQ || X86_SUMMIT || X86_BIGSMP)
+        default y if X86_BIGSMP
        ---help---
          Enable NUMA (Non Uniform Memory Access) support.
@@ -1269,15 +1193,11 @@ config NUMA
          For 64-bit this is recommended if the system is Intel Core i7
          (or later), AMD Opteron, or EM64T NUMA.
-          For 32-bit this is only needed on (rare) 32-bit-only platforms
+          For 32-bit this is only needed if you boot a 32-bit
-          that support NUMA topologies, such as NUMAQ / Summit, or if you
+          kernel on a 64-bit NUMA platform.
-          boot a 32-bit kernel on a 64-bit NUMA platform.
          Otherwise, you should say N.
-comment "NUMA (Summit) requires SMP, 64GB highmem support, ACPI"
-        depends on X86_32 && X86_SUMMIT && (!HIGHMEM64G || !ACPI)
 config AMD_NUMA
        def_bool y
        prompt "Old style AMD Opteron NUMA detection"
@@ -1319,7 +1239,6 @@ config NODES_SHIFT
        range 1 10
        default "10" if MAXSMP
        default "6" if X86_64
-        default "4" if X86_NUMAQ
        default "3"
        depends on NEED_MULTIPLE_NODES
        ---help---
@@ -1602,6 +1521,20 @@ config EFI_STUB
          See Documentation/efi-stub.txt for more information.
+config EFI_MIXED
+        bool "EFI mixed-mode support"
+        depends on EFI_STUB && X86_64
+        ---help---
+           Enabling this feature allows a 64-bit kernel to be booted
+           on a 32-bit firmware, provided that your CPU supports 64-bit
+           mode.
+           Note that it is not possible to boot a mixed-mode enabled
+           kernel via the EFI boot stub - a bootloader that supports
+           the EFI handover protocol must be used.
+           If unsure, say N.
 config SECCOMP
        def_bool y
        prompt "Enable seccomp to safely compute untrusted bytecode"
@@ -1618,22 +1551,6 @@ config SECCOMP
          If unsure, say Y. Only embedded should say N here.
-config CC_STACKPROTECTOR
-        bool "Enable -fstack-protector buffer overflow detection"
-        ---help---
-          This option turns on the -fstack-protector GCC feature. This
-          feature puts, at the beginning of functions, a canary value on
-          the stack just before the return address, and validates
-          the value just before actually returning.  Stack based buffer
-          overflows (that need to overwrite this return address) now also
-          overwrite the canary, which gets detected and the attack is then
-          neutralized via a kernel panic.
-          This feature requires gcc version 4.2 or above, or a distribution
-          gcc with the feature backported. Older versions are automatically
-          detected and for those versions, this configuration option is
-          ignored. (and a warning is printed during bootup)
 source kernel/Kconfig.hz
 config KEXEC
@@ -1729,16 +1646,67 @@ config RELOCATABLE
          Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
          it has been loaded at and the compile time physical address
-          (CONFIG_PHYSICAL_START) is ignored.
+          (CONFIG_PHYSICAL_START) is used as the minimum location.
-# Relocation on x86-32 needs some additional build support
+config RANDOMIZE_BASE
+        bool "Randomize the address of the kernel image"
+        depends on RELOCATABLE
+        depends on !HIBERNATION
+        default n
+        ---help---
+           Randomizes the physical and virtual address at which the
+           kernel image is decompressed, as a security feature that
+           deters exploit attempts relying on knowledge of the location
+           of kernel internals.
+           Entropy is generated using the RDRAND instruction if it is
+           supported. If RDTSC is supported, it is used as well. If
+           neither RDRAND nor RDTSC are supported, then randomness is
+           read from the i8254 timer.
+           The kernel will be offset by up to RANDOMIZE_BASE_MAX_OFFSET,
+           and aligned according to PHYSICAL_ALIGN. Since the kernel is
+           built using 2GiB addressing, and PHYSICAL_ALGIN must be at a
+           minimum of 2MiB, only 10 bits of entropy is theoretically
+           possible. At best, due to page table layouts, 64-bit can use
+           9 bits of entropy and 32-bit uses 8 bits.
+           If unsure, say N.
+config RANDOMIZE_BASE_MAX_OFFSET
+        hex "Maximum kASLR offset allowed" if EXPERT
+        depends on RANDOMIZE_BASE
+        range 0x0 0x20000000 if X86_32
+        default "0x20000000" if X86_32
+        range 0x0 0x40000000 if X86_64
+        default "0x40000000" if X86_64
+        ---help---
+          The lesser of RANDOMIZE_BASE_MAX_OFFSET and available physical
+          memory is used to determine the maximal offset in bytes that will
+          be applied to the kernel when kernel Address Space Layout
+          Randomization (kASLR) is active. This must be a multiple of
+          PHYSICAL_ALIGN.
+          On 32-bit this is limited to 512MiB by page table layouts. The
+          default is 512MiB.
+          On 64-bit this is limited by how the kernel fixmap page table is
+          positioned, so this cannot be larger than 1GiB currently. Without
+          RANDOMIZE_BASE, there is a 512MiB to 1.5GiB split between kernel
+          and modules. When RANDOMIZE_BASE_MAX_OFFSET is above 512MiB, the
+          modules area will shrink to compensate, up to the current maximum
+          1GiB to 1GiB split. The default is 1GiB.
+          If unsure, leave at the default value.
+# Relocation on x86 needs some additional build support
 config X86_NEED_RELOCS
        def_bool y
-        depends on X86_32 && RELOCATABLE
+        depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
 config PHYSICAL_ALIGN
        hex "Alignment value to which kernel should be aligned"
-        default "0x1000000"
+        default "0x200000"
        range 0x2000 0x1000000 if X86_32
        range 0x200000 0x1000000 if X86_64
        ---help---
@@ -1818,17 +1786,29 @@ config DEBUG_HOTPLUG_CPU0
          If unsure, say N.
 config COMPAT_VDSO
-        def_bool y
+        def_bool n
-        prompt "Compat VDSO support"
+        prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
        depends on X86_32 || IA32_EMULATION
        ---help---
-          Map the 32-bit VDSO to the predictable old-style address too.
+          Certain buggy versions of glibc will crash if they are
+          presented with a 32-bit vDSO that is not mapped at the address
+          indicated in its segment table.
-          Say N here if you are running a sufficiently recent glibc
+          The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
-          version (2.3.3 or later), to remove the high-mapped
+          and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
-          VDSO mapping and to exclusively use the randomized VDSO.
+          49ad572a70b8aeb91e57483a11dd1b77e31c4468.  Glibc 2.3.3 is
+          the only released version with the bug, but OpenSUSE 9
+          contains a buggy "glibc 2.3.2".
-          If unsure, say Y.
+          The symptom of the bug is that everything crashes on startup, saying:
+          dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
+          Saying Y here changes the default value of the vdso32 boot
+          option from 1 to 0, which turns off the 32-bit vDSO entirely.
+          This works around the glibc bug but hurts performance.
+          If unsure, say N: if you are compiling your own kernel, you
+          are unlikely to be using a buggy version of glibc.
 config CMDLINE_BOOL
        bool "Built-in kernel command line"
@@ -2394,6 +2374,14 @@ config X86_DMA_REMAP
        bool
        depends on STA2X11
+config IOSF_MBI
+        bool
+        depends on PCI
+        ---help---
+          To be selected by modules requiring access to the Intel OnChip System
+          Fabric (IOSF) Sideband MailBox Interface (MBI). For MBI platforms
+          enumerable by PCI.
 source "net/Kconfig"
 source "drivers/Kconfig"
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
index c026cca5602c..6983314c8b37 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
@@ -341,10 +341,6 @@ config X86_USE_3DNOW
        def_bool y
        depends on (MCYRIXIII || MK7 || MGEODE_LX) && !UML
-config X86_OOSTORE
-        def_bool y
-        depends on (MWINCHIP3D || MWINCHIPC6) && MTRR
 #
 # P6_NOPs are a relatively minor optimization that require a family >=
 # 6 processor, except that it is broken on certain VIA chips.
@@ -363,7 +359,7 @@ config X86_P6_NOP
 config X86_TSC
        def_bool y
-        depends on ((MWINCHIP3D || MCRUSOE || MEFFICEON || MCYRIXIII || MK7 || MK6 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || MK8 || MVIAC3_2 || MVIAC7 || MGEODEGX1 || MGEODE_LX || MCORE2 || MATOM) && !X86_NUMAQ) || X86_64
+        depends on (MWINCHIP3D || MCRUSOE || MEFFICEON || MCYRIXIII || MK7 || MK6 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || MK8 || MVIAC3_2 || MVIAC7 || MGEODEGX1 || MGEODE_LX || MCORE2 || MATOM) || X86_64
 config X86_CMPXCHG64
        def_bool y
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 0f3621ed1db6..61bd2ad94281 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -81,6 +81,15 @@ config X86_PTDUMP
          kernel.
          If in doubt, say "N"
+config EFI_PGT_DUMP
+        bool "Dump the EFI pagetable"
+        depends on EFI && X86_PTDUMP
+        ---help---
+          Enable this if you want to dump the EFI page table before
+          enabling virtual mode. This can be used to debug miscellaneous
+          issues with the mapping of the EFI runtime regions into that
+          table.
 config DEBUG_RODATA
        bool "Write protect kernel read-only data structures"
        default y
@@ -184,6 +193,7 @@ config HAVE_MMIOTRACE_SUPPORT
 config X86_DECODER_SELFTEST
        bool "x86 instruction decoder selftest"
        depends on DEBUG_KERNEL && KPROBES
+        depends on !COMPILE_TEST
        ---help---
         Perform x86 instruction decoder selftests at build time.
         This option is useful for checking the sanity of x86 instruction
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 57d021507120..3b9348a0c1a4 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -11,6 +11,28 @@ else
        KBUILD_DEFCONFIG := $(ARCH)_defconfig
 endif
+# How to compile the 16-bit code.  Note we always compile for -march=i386;
+# that way we can complain to the user if the CPU is insufficient.
+#
+# The -m16 option is supported by GCC >= 4.9 and clang >= 3.5. For
+# older versions of GCC, we need to play evil and unreliable tricks to
+# attempt to ensure that our asm(".code16gcc") is first in the asm
+# output.
+CODE16GCC_CFLAGS := -m32 -include $(srctree)/arch/x86/boot/code16gcc.h \
+                    $(call cc-option, -fno-toplevel-reorder,\
+                      $(call cc-option, -fno-unit-at-a-time))
+M16_CFLAGS       := $(call cc-option, -m16, $(CODE16GCC_CFLAGS))
+REALMODE_CFLAGS := $(M16_CFLAGS) -g -Os -D__KERNEL__ \
+                   -DDISABLE_BRANCH_PROFILING \
+                   -Wall -Wstrict-prototypes -march=i386 -mregparm=3 \
+                   -fno-strict-aliasing -fomit-frame-pointer -fno-pic \
+                   -mno-mmx -mno-sse \
+                   $(call cc-option, -ffreestanding) \
+                   $(call cc-option, -fno-stack-protector) \
+                   $(call cc-option, -mpreferred-stack-boundary=2)
+export REALMODE_CFLAGS
 # BITS is used as extension for files which are available in a 32 bit
 # and a 64 bit version to simplify shared Makefiles.
 # e.g.: obj-y += foo_$(BITS).o
@@ -60,8 +82,8 @@ else
        KBUILD_AFLAGS += -m64
        KBUILD_CFLAGS += -m64
-        # Don't autogenerate MMX or SSE instructions
+        # Don't autogenerate traditional x87, MMX or SSE instructions
-        KBUILD_CFLAGS += -mno-mmx -mno-sse
+        KBUILD_CFLAGS += -mno-mmx -mno-sse -mno-80387 -mno-fp-ret-in-387
        # Use -mpreferred-stack-boundary=3 if supported.
        KBUILD_CFLAGS += $(call cc-option,-mpreferred-stack-boundary=3)
@@ -89,13 +111,11 @@ else
        KBUILD_CFLAGS += -maccumulate-outgoing-args
 endif
+# Make sure compiler does not have buggy stack-protector support.
 ifdef CONFIG_CC_STACKPROTECTOR
        cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
-        ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
+        ifneq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
-                stackp-y := -fstack-protector
+                $(warning stack-protector enabled but compiler support broken)
-                KBUILD_CFLAGS += $(stackp-y)
-        else
-                $(warning stack protector enabled but no compiler support)
        endif
 endif
@@ -132,6 +152,7 @@ cfi-sections := $(call as-instr,.cfi_sections .debug_frame,-DCONFIG_AS_CFI_SECTI
 # does binutils support specific instructions?
 asinstr := $(call as-instr,fxsaveq (%rax),-DCONFIG_AS_FXSAVEQ=1)
+asinstr += $(call as-instr,crc32l %eax$(comma)%eax,-DCONFIG_AS_CRC32=1)
 avx_instr := $(call as-instr,vxorps %ymm0$(comma)%ymm1$(comma)%ymm2,-DCONFIG_AS_AVX=1)
 avx2_instr :=$(call as-instr,vpbroadcastb %xmm0$(comma)%ymm1,-DCONFIG_AS_AVX2=1)
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
index d9c11956fce0..abb9eba61b50 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -20,7 +20,7 @@ targets		:= vmlinux.bin setup.bin setup.elf bzImage
 targets         += fdimage fdimage144 fdimage288 image.iso mtools.conf
 subdir-         := compressed
-setup-y         += a20.o bioscall.o cmdline.o copy.o cpu.o cpucheck.o
+setup-y         += a20.o bioscall.o cmdline.o copy.o cpu.o cpuflags.o cpucheck.o
 setup-y         += early_serial_console.o edd.o header.o main.o mca.o memory.o
 setup-y         += pm.o pmjump.o printf.o regs.o string.o tty.o video.o
 setup-y         += video-mode.o version.o
@@ -51,20 +51,7 @@ $(obj)/cpustr.h: $(obj)/mkcpustr FORCE
 # ---------------------------------------------------------------------------
-# How to compile the 16-bit code.  Note we always compile for -march=i386,
+KBUILD_CFLAGS   := $(USERINCLUDE) $(REALMODE_CFLAGS) -D_SETUP
-# that way we can complain to the user if the CPU is insufficient.
-KBUILD_CFLAGS   := $(USERINCLUDE) -m32 -g -Os -D_SETUP -D__KERNEL__ \
-                   -DDISABLE_BRANCH_PROFILING \
-                   -Wall -Wstrict-prototypes \
-                   -march=i386 -mregparm=3 \
-                   -include $(srctree)/$(src)/code16gcc.h \
-                   -fno-strict-aliasing -fomit-frame-pointer -fno-pic \
-                   -mno-mmx -mno-sse \
-                   $(call cc-option, -ffreestanding) \
-                   $(call cc-option, -fno-toplevel-reorder,\
-                   $(call cc-option, -fno-unit-at-a-time)) \
-                   $(call cc-option, -fno-stack-protector) \
-                   $(call cc-option, -mpreferred-stack-boundary=2)
 KBUILD_AFLAGS   := $(KBUILD_CFLAGS) -D__ASSEMBLY__
 GCOV_PROFILE := n
@@ -93,7 +80,7 @@ targets += voffset.h
 $(obj)/voffset.h: vmlinux FORCE
        $(call if_changed,voffset)
-sed-zoffset := -e 's/^\([0-9a-fA-F]*\) . \(startup_32\|startup_64\|efi_pe_entry\|efi_stub_entry\|input_data\|_end\|z_.*\)$$/\#define ZO_\2 0x\1/p'
+sed-zoffset := -e 's/^\([0-9a-fA-F]*\) . \(startup_32\|startup_64\|efi32_stub_entry\|efi64_stub_entry\|efi_pe_entry\|input_data\|_end\|z_.*\)$$/\#define ZO_\2 0x\1/p'
 quiet_cmd_zoffset = ZOFFSET $@
      cmd_zoffset = $(NM) $< | sed -n $(sed-zoffset) > $@
diff --git a/arch/x86/boot/bioscall.S b/arch/x86/boot/bioscall.S
index 1dfbf64e52a2..d401b4a262b0 100644
--- a/arch/x86/boot/bioscall.S
+++ b/arch/x86/boot/bioscall.S
@@ -1,6 +1,6 @@
 /* -----------------------------------------------------------------------
 *
- *   Copyright 2009 Intel Corporation; author H. Peter Anvin
+ *   Copyright 2009-2014 Intel Corporation; author H. Peter Anvin
 *
 *   This file is part of the Linux kernel, and is made available under
 *   the terms of the GNU General Public License version 2 or (at your
@@ -13,8 +13,8 @@
 * touching registers they shouldn't be.
 */
-        .code16gcc
+        .code16
-        .text
+        .section ".inittext","ax"
        .globl  intcall
        .type   intcall, @function
 intcall:
diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h
index ef72baeff484..bd49ec61255c 100644
--- a/arch/x86/boot/boot.h
+++ b/arch/x86/boot/boot.h
@@ -26,9 +26,8 @@
 #include <asm/boot.h>
 #include <asm/setup.h>
 #include "bitops.h"
-#include <asm/cpufeature.h>
-#include <asm/processor-flags.h>
 #include "ctype.h"
+#include "cpuflags.h"
 /* Useful macros */
 #define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
@@ -178,14 +177,6 @@ static inline void wrgs32(u32 v, addr_t addr)
 }
 /* Note: these only return true/false, not a signed return value! */
-static inline int memcmp(const void *s1, const void *s2, size_t len)
-{
-        u8 diff;
-        asm("repe; cmpsb; setnz %0"
-            : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
-        return diff;
-}
 static inline int memcmp_fs(const void *s1, addr_t s2, size_t len)
 {
        u8 diff;
@@ -229,11 +220,6 @@ void copy_to_fs(addr_t dst, void *src, size_t len);
 void *copy_from_fs(void *dst, addr_t src, size_t len);
 void copy_to_gs(addr_t dst, void *src, size_t len);
 void *copy_from_gs(void *dst, addr_t src, size_t len);
-void *memcpy(void *dst, void *src, size_t len);
-void *memset(void *dst, int c, size_t len);
-#define memcpy(d,s,l) __builtin_memcpy(d,s,l)
-#define memset(d,c,l) __builtin_memset(d,c,l)
 /* a20.c */
 int enable_a20(void);
@@ -307,14 +293,7 @@ static inline int cmdline_find_option_bool(const char *option)
        return __cmdline_find_option_bool(cmd_line_ptr, option);
 }
 /* cpu.c, cpucheck.c */
-struct cpu_features {
-        int level;              /* Family, or 64 for x86-64 */
-        int model;
-        u32 flags[NCAPINTS];
-};
-extern struct cpu_features cpu;
 int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr);
 int validate_cpu(void);
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index c8a6792e7842..0fcd9133790c 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -28,7 +28,7 @@ HOST_EXTRACFLAGS += -I$(srctree)/tools/include
 VMLINUX_OBJS = $(obj)/vmlinux.lds $(obj)/head_$(BITS).o $(obj)/misc.o \
        $(obj)/string.o $(obj)/cmdline.o $(obj)/early_serial_console.o \
-        $(obj)/piggy.o
+        $(obj)/piggy.o $(obj)/cpuflags.o $(obj)/aslr.o
 $(obj)/eboot.o: KBUILD_CFLAGS += -fshort-wchar -mno-red-zone
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
new file mode 100644
index 000000000000..4dbf967da50d
--- /dev/null
+++ b/arch/x86/boot/compressed/aslr.c
@@ -0,0 +1,317 @@
+#include "misc.h"
+#ifdef CONFIG_RANDOMIZE_BASE
+#include <asm/msr.h>
+#include <asm/archrandom.h>
+#include <asm/e820.h>
+#include <generated/compile.h>
+#include <linux/module.h>
+#include <linux/uts.h>
+#include <linux/utsname.h>
+#include <generated/utsrelease.h>
+/* Simplified build-specific string for starting entropy. */
+static const char build_str[] = UTS_RELEASE " (" LINUX_COMPILE_BY "@"
+                LINUX_COMPILE_HOST ") (" LINUX_COMPILER ") " UTS_VERSION;
+#define I8254_PORT_CONTROL      0x43
+#define I8254_PORT_COUNTER0     0x40
+#define I8254_CMD_READBACK      0xC0
+#define I8254_SELECT_COUNTER0   0x02
+#define I8254_STATUS_NOTREADY   0x40
+static inline u16 i8254(void)
+{
+        u16 status, timer;
+        do {
+                outb(I8254_PORT_CONTROL,
+                     I8254_CMD_READBACK | I8254_SELECT_COUNTER0);
+                status = inb(I8254_PORT_COUNTER0);
+                timer  = inb(I8254_PORT_COUNTER0);
+                timer |= inb(I8254_PORT_COUNTER0) << 8;
+        } while (status & I8254_STATUS_NOTREADY);
+        return timer;
+}
+static unsigned long rotate_xor(unsigned long hash, const void *area,
+                                size_t size)
+{
+        size_t i;
+        unsigned long *ptr = (unsigned long *)area;
+        for (i = 0; i < size / sizeof(hash); i++) {
+                /* Rotate by odd number of bits and XOR. */
+                hash = (hash << ((sizeof(hash) * 8) - 7)) | (hash >> 7);
+                hash ^= ptr[i];
+        }
+        return hash;
+}
+/* Attempt to create a simple but unpredictable starting entropy. */
+static unsigned long get_random_boot(void)
+{
+        unsigned long hash = 0;
+        hash = rotate_xor(hash, build_str, sizeof(build_str));
+        hash = rotate_xor(hash, real_mode, sizeof(*real_mode));
+        return hash;
+}
+static unsigned long get_random_long(void)
+{
+#ifdef CONFIG_X86_64
+        const unsigned long mix_const = 0x5d6008cbf3848dd3UL;
+#else
+        const unsigned long mix_const = 0x3f39e593UL;
+#endif
+        unsigned long raw, random = get_random_boot();
+        bool use_i8254 = true;
+        debug_putstr("KASLR using");
+        if (has_cpuflag(X86_FEATURE_RDRAND)) {
+                debug_putstr(" RDRAND");
+                if (rdrand_long(&raw)) {
+                        random ^= raw;
+                        use_i8254 = false;
+                }
+        }
+        if (has_cpuflag(X86_FEATURE_TSC)) {
+                debug_putstr(" RDTSC");
+                rdtscll(raw);
+                random ^= raw;
+                use_i8254 = false;
+        }
+        if (use_i8254) {
+                debug_putstr(" i8254");
+                random ^= i8254();
+        }
+        /* Circular multiply for better bit diffusion */
+        asm("mul %3"
+            : "=a" (random), "=d" (raw)
+            : "a" (random), "rm" (mix_const));
+        random += raw;
+        debug_putstr("...\n");
+        return random;
+}
+struct mem_vector {
+        unsigned long start;
+        unsigned long size;
+};
+#define MEM_AVOID_MAX 5
+static struct mem_vector mem_avoid[MEM_AVOID_MAX];
+static bool mem_contains(struct mem_vector *region, struct mem_vector *item)
+{
+        /* Item at least partially before region. */
+        if (item->start < region->start)
+                return false;
+        /* Item at least partially after region. */
+        if (item->start + item->size > region->start + region->size)
+                return false;
+        return true;
+}
+static bool mem_overlaps(struct mem_vector *one, struct mem_vector *two)
+{
+        /* Item one is entirely before item two. */
+        if (one->start + one->size <= two->start)
+                return false;
+        /* Item one is entirely after item two. */
+        if (one->start >= two->start + two->size)
+                return false;
+        return true;
+}
+static void mem_avoid_init(unsigned long input, unsigned long input_size,
+                           unsigned long output, unsigned long output_size)
+{
+        u64 initrd_start, initrd_size;
+        u64 cmd_line, cmd_line_size;
+        unsigned long unsafe, unsafe_len;
+        char *ptr;
+        /*
+         * Avoid the region that is unsafe to overlap during
+         * decompression (see calculations at top of misc.c).
+         */
+        unsafe_len = (output_size >> 12) + 32768 + 18;
+        unsafe = (unsigned long)input + input_size - unsafe_len;
+        mem_avoid[0].start = unsafe;
+        mem_avoid[0].size = unsafe_len;
+        /* Avoid initrd. */
+        initrd_start  = (u64)real_mode->ext_ramdisk_image << 32;
+        initrd_start |= real_mode->hdr.ramdisk_image;
+        initrd_size  = (u64)real_mode->ext_ramdisk_size << 32;
+        initrd_size |= real_mode->hdr.ramdisk_size;
+        mem_avoid[1].start = initrd_start;
+        mem_avoid[1].size = initrd_size;
+        /* Avoid kernel command line. */
+        cmd_line  = (u64)real_mode->ext_cmd_line_ptr << 32;
+        cmd_line |= real_mode->hdr.cmd_line_ptr;
+        /* Calculate size of cmd_line. */
+        ptr = (char *)(unsigned long)cmd_line;
+        for (cmd_line_size = 0; ptr[cmd_line_size++]; )
+                ;
+        mem_avoid[2].start = cmd_line;
+        mem_avoid[2].size = cmd_line_size;
+        /* Avoid heap memory. */
+        mem_avoid[3].start = (unsigned long)free_mem_ptr;
+        mem_avoid[3].size = BOOT_HEAP_SIZE;
+        /* Avoid stack memory. */
+        mem_avoid[4].start = (unsigned long)free_mem_end_ptr;
+        mem_avoid[4].size = BOOT_STACK_SIZE;
+}
+/* Does this memory vector overlap a known avoided area? */
+static bool mem_avoid_overlap(struct mem_vector *img)
+{
+        int i;
+        for (i = 0; i < MEM_AVOID_MAX; i++) {
+                if (mem_overlaps(img, &mem_avoid[i]))
+                        return true;
+        }
+        return false;
+}
+static unsigned long slots[CONFIG_RANDOMIZE_BASE_MAX_OFFSET /
+                           CONFIG_PHYSICAL_ALIGN];
+static unsigned long slot_max;
+static void slots_append(unsigned long addr)
+{
+        /* Overflowing the slots list should be impossible. */
+        if (slot_max >= CONFIG_RANDOMIZE_BASE_MAX_OFFSET /
+                        CONFIG_PHYSICAL_ALIGN)
+                return;
+        slots[slot_max++] = addr;
+}
+static unsigned long slots_fetch_random(void)
+{
+        /* Handle case of no slots stored. */
+        if (slot_max == 0)
+                return 0;
+        return slots[get_random_long() % slot_max];
+}
+static void process_e820_entry(struct e820entry *entry,
+                               unsigned long minimum,
+                               unsigned long image_size)
+{
+        struct mem_vector region, img;
+        /* Skip non-RAM entries. */
+        if (entry->type != E820_RAM)
+                return;
+        /* Ignore entries entirely above our maximum. */
+        if (entry->addr >= CONFIG_RANDOMIZE_BASE_MAX_OFFSET)
+                return;
+        /* Ignore entries entirely below our minimum. */
+        if (entry->addr + entry->size < minimum)
+                return;
+        region.start = entry->addr;
+        region.size = entry->size;
+        /* Potentially raise address to minimum location. */
+        if (region.start < minimum)
+                region.start = minimum;
+        /* Potentially raise address to meet alignment requirements. */
+        region.start = ALIGN(region.start, CONFIG_PHYSICAL_ALIGN);
+        /* Did we raise the address above the bounds of this e820 region? */
+        if (region.start > entry->addr + entry->size)
+                return;
+        /* Reduce size by any delta from the original address. */
+        region.size -= region.start - entry->addr;
+        /* Reduce maximum size to fit end of image within maximum limit. */
+        if (region.start + region.size > CONFIG_RANDOMIZE_BASE_MAX_OFFSET)
+                region.size = CONFIG_RANDOMIZE_BASE_MAX_OFFSET - region.start;
+        /* Walk each aligned slot and check for avoided areas. */
+        for (img.start = region.start, img.size = image_size ;
+             mem_contains(&region, &img) ;
+             img.start += CONFIG_PHYSICAL_ALIGN) {
+                if (mem_avoid_overlap(&img))
+                        continue;
+                slots_append(img.start);
+        }
+}
+static unsigned long find_random_addr(unsigned long minimum,
+                                      unsigned long size)
+{
+        int i;
+        unsigned long addr;
+        /* Make sure minimum is aligned. */
+        minimum = ALIGN(minimum, CONFIG_PHYSICAL_ALIGN);
+        /* Verify potential e820 positions, appending to slots list. */
+        for (i = 0; i < real_mode->e820_entries; i++) {
+                process_e820_entry(&real_mode->e820_map[i], minimum, size);
+        }
+        return slots_fetch_random();
+}
+unsigned char *choose_kernel_location(unsigned char *input,
+                                      unsigned long input_size,
+                                      unsigned char *output,
+                                      unsigned long output_size)
+{
+        unsigned long choice = (unsigned long)output;
+        unsigned long random;
+        if (cmdline_find_option_bool("nokaslr")) {
+                debug_putstr("KASLR disabled...\n");
+                goto out;
+        }
+        /* Record the various known unsafe memory ranges. */
+        mem_avoid_init((unsigned long)input, input_size,
+                       (unsigned long)output, output_size);
+        /* Walk e820 and find a random address. */
+        random = find_random_addr(choice, output_size);
+        if (!random) {
+                debug_putstr("KASLR could not find suitable E820 region...\n");
+                goto out;
+        }
+        /* Always enforce the minimum. */
+        if (random < choice)
+                goto out;
+        choice = random;
+out:
+        return (unsigned char *)choice;
+}
+#endif /* CONFIG_RANDOMIZE_BASE */
diff --git a/arch/x86/boot/compressed/cmdline.c b/arch/x86/boot/compressed/cmdline.c
index bffd73b45b1f..b68e3033e6b9 100644
--- a/arch/x86/boot/compressed/cmdline.c
+++ b/arch/x86/boot/compressed/cmdline.c
@@ -1,6 +1,6 @@
 #include "misc.h"
-#ifdef CONFIG_EARLY_PRINTK
+#if CONFIG_EARLY_PRINTK || CONFIG_RANDOMIZE_BASE
 static unsigned long fs;
 static inline void set_fs(unsigned long seg)
diff --git a/arch/x86/boot/compressed/cpuflags.c b/arch/x86/boot/compressed/cpuflags.c
new file mode 100644
index 000000000000..aa313466118b
--- /dev/null
+++ b/arch/x86/boot/compressed/cpuflags.c
@@ -0,0 +1,12 @@
+#ifdef CONFIG_RANDOMIZE_BASE
+#include "../cpuflags.c"
+bool has_cpuflag(int flag)
+{
+        get_cpuflags();
+        return test_bit(flag, cpu.flags);
+}
+#endif
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index a7677babf946..4703a6c4b8e3 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -19,10 +19,272 @@
 static efi_system_table_t *sys_table;
+static struct efi_config *efi_early;
+#define efi_call_early(f, ...)                                          \
+        efi_early->call(efi_early->f, __VA_ARGS__);
+#define BOOT_SERVICES(bits)                                             \
+static void setup_boot_services##bits(struct efi_config *c)             \
+{                                                                       \
+        efi_system_table_##bits##_t *table;                             \
+        efi_boot_services_##bits##_t *bt;                               \
+                                                                        \
+        table = (typeof(table))sys_table;                               \
+                                                                        \
+        c->text_output = table->con_out;                                \
+                                                                        \
+        bt = (typeof(bt))(unsigned long)(table->boottime);              \
+                                                                        \
+        c->allocate_pool = bt->allocate_pool;                           \
+        c->allocate_pages = bt->allocate_pages;                         \
+        c->get_memory_map = bt->get_memory_map;                         \
+        c->free_pool = bt->free_pool;                                   \
+        c->free_pages = bt->free_pages;                                 \
+        c->locate_handle = bt->locate_handle;                           \
+        c->handle_protocol = bt->handle_protocol;                       \
+        c->exit_boot_services = bt->exit_boot_services;                 \
+}
+BOOT_SERVICES(32);
+BOOT_SERVICES(64);
-#include "../../../../drivers/firmware/efi/efi-stub-helper.c"
+static void efi_printk(efi_system_table_t *, char *);
+static void efi_char16_printk(efi_system_table_t *, efi_char16_t *);
+static efi_status_t
+__file_size32(void *__fh, efi_char16_t *filename_16,
+              void **handle, u64 *file_sz)
+{
+        efi_file_handle_32_t *h, *fh = __fh;
+        efi_file_info_t *info;
+        efi_status_t status;
+        efi_guid_t info_guid = EFI_FILE_INFO_ID;
+        u32 info_sz;
+        status = efi_early->call((unsigned long)fh->open, fh, &h, filename_16,
+                                 EFI_FILE_MODE_READ, (u64)0);
+        if (status != EFI_SUCCESS) {
+                efi_printk(sys_table, "Failed to open file: ");
+                efi_char16_printk(sys_table, filename_16);
+                efi_printk(sys_table, "\n");
+                return status;
+        }
+        *handle = h;
+        info_sz = 0;
+        status = efi_early->call((unsigned long)h->get_info, h, &info_guid,
+                                 &info_sz, NULL);
+        if (status != EFI_BUFFER_TOO_SMALL) {
+                efi_printk(sys_table, "Failed to get file info size\n");
+                return status;
+        }
+grow:
+        status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
+                                info_sz, (void **)&info);
+        if (status != EFI_SUCCESS) {
+                efi_printk(sys_table, "Failed to alloc mem for file info\n");
+                return status;
+        }
+        status = efi_early->call((unsigned long)h->get_info, h, &info_guid,
+                                 &info_sz, info);
+        if (status == EFI_BUFFER_TOO_SMALL) {
+                efi_call_early(free_pool, info);
+                goto grow;
+        }
+        *file_sz = info->file_size;
+        efi_call_early(free_pool, info);
+        if (status != EFI_SUCCESS)
+                efi_printk(sys_table, "Failed to get initrd info\n");
+        return status;
+}
+static efi_status_t
+__file_size64(void *__fh, efi_char16_t *filename_16,
+              void **handle, u64 *file_sz)
+{
+        efi_file_handle_64_t *h, *fh = __fh;
+        efi_file_info_t *info;
+        efi_status_t status;
+        efi_guid_t info_guid = EFI_FILE_INFO_ID;
+        u64 info_sz;
+        status = efi_early->call((unsigned long)fh->open, fh, &h, filename_16,
+                                 EFI_FILE_MODE_READ, (u64)0);
+        if (status != EFI_SUCCESS) {
+                efi_printk(sys_table, "Failed to open file: ");
+                efi_char16_printk(sys_table, filename_16);
+                efi_printk(sys_table, "\n");
+                return status;
+        }
+        *handle = h;
+        info_sz = 0;
+        status = efi_early->call((unsigned long)h->get_info, h, &info_guid,
+                                 &info_sz, NULL);
+        if (status != EFI_BUFFER_TOO_SMALL) {
+                efi_printk(sys_table, "Failed to get file info size\n");
+                return status;
+        }
+grow:
+        status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
+                                info_sz, (void **)&info);
+        if (status != EFI_SUCCESS) {
+                efi_printk(sys_table, "Failed to alloc mem for file info\n");
+                return status;
+        }
+        status = efi_early->call((unsigned long)h->get_info, h, &info_guid,
+                                 &info_sz, info);
+        if (status == EFI_BUFFER_TOO_SMALL) {
+                efi_call_early(free_pool, info);
+                goto grow;
+        }
+        *file_sz = info->file_size;
+        efi_call_early(free_pool, info);
+        if (status != EFI_SUCCESS)
+                efi_printk(sys_table, "Failed to get initrd info\n");
+        return status;
+}
+static efi_status_t
+efi_file_size(efi_system_table_t *sys_table, void *__fh,
+              efi_char16_t *filename_16, void **handle, u64 *file_sz)
+{
+        if (efi_early->is64)
+                return __file_size64(__fh, filename_16, handle, file_sz);
+        return __file_size32(__fh, filename_16, handle, file_sz);
+}
+static inline efi_status_t
+efi_file_read(void *handle, unsigned long *size, void *addr)
+{
+        unsigned long func;
+        if (efi_early->is64) {
+                efi_file_handle_64_t *fh = handle;
+                func = (unsigned long)fh->read;
+                return efi_early->call(func, handle, size, addr);
+        } else {
+                efi_file_handle_32_t *fh = handle;
+                func = (unsigned long)fh->read;
+                return efi_early->call(func, handle, size, addr);
+        }
+}
+static inline efi_status_t efi_file_close(void *handle)
+{
+        if (efi_early->is64) {
+                efi_file_handle_64_t *fh = handle;
+                return efi_early->call((unsigned long)fh->close, handle);
+        } else {
+                efi_file_handle_32_t *fh = handle;
+                return efi_early->call((unsigned long)fh->close, handle);
+        }
+}
+static inline efi_status_t __open_volume32(void *__image, void **__fh)
+{
+        efi_file_io_interface_t *io;
+        efi_loaded_image_32_t *image = __image;
+        efi_file_handle_32_t *fh;
+        efi_guid_t fs_proto = EFI_FILE_SYSTEM_GUID;
+        efi_status_t status;
+        void *handle = (void *)(unsigned long)image->device_handle;
+        unsigned long func;
+        status = efi_call_early(handle_protocol, handle,
+                                &fs_proto, (void **)&io);
+        if (status != EFI_SUCCESS) {
+                efi_printk(sys_table, "Failed to handle fs_proto\n");
+                return status;
+        }
+        func = (unsigned long)io->open_volume;
+        status = efi_early->call(func, io, &fh);
+        if (status != EFI_SUCCESS)
+                efi_printk(sys_table, "Failed to open volume\n");
+        *__fh = fh;
+        return status;
+}
+static inline efi_status_t __open_volume64(void *__image, void **__fh)
+{
+        efi_file_io_interface_t *io;
+        efi_loaded_image_64_t *image = __image;
+        efi_file_handle_64_t *fh;
+        efi_guid_t fs_proto = EFI_FILE_SYSTEM_GUID;
+        efi_status_t status;
+        void *handle = (void *)(unsigned long)image->device_handle;
+        unsigned long func;
+        status = efi_call_early(handle_protocol, handle,
+                                &fs_proto, (void **)&io);
+        if (status != EFI_SUCCESS) {
+                efi_printk(sys_table, "Failed to handle fs_proto\n");
+                return status;
+        }
+        func = (unsigned long)io->open_volume;
+        status = efi_early->call(func, io, &fh);
+        if (status != EFI_SUCCESS)
+                efi_printk(sys_table, "Failed to open volume\n");
+        *__fh = fh;
+        return status;
+}
+static inline efi_status_t
+efi_open_volume(efi_system_table_t *sys_table, void *__image, void **__fh)
+{
+        if (efi_early->is64)
+                return __open_volume64(__image, __fh);
+        return __open_volume32(__image, __fh);
+}
+static void efi_char16_printk(efi_system_table_t *table, efi_char16_t *str)
+{
+        unsigned long output_string;
+        size_t offset;
+        if (efi_early->is64) {
+                struct efi_simple_text_output_protocol_64 *out;
+                u64 *func;
+                offset = offsetof(typeof(*out), output_string);
+                output_string = efi_early->text_output + offset;
+                func = (u64 *)output_string;
+                efi_early->call(*func, efi_early->text_output, str);
+        } else {
+                struct efi_simple_text_output_protocol_32 *out;
+                u32 *func;
+                offset = offsetof(typeof(*out), output_string);
+                output_string = efi_early->text_output + offset;
+                func = (u32 *)output_string;
+                efi_early->call(*func, efi_early->text_output, str);
+        }
+}
+#include "../../../../drivers/firmware/efi/efi-stub-helper.c"
 static void find_bits(unsigned long mask, u8 *pos, u8 *size)
 {
@@ -47,105 +309,97 @@ static void find_bits(unsigned long mask, u8 *pos, u8 *size)
        *size = len;
 }
-static efi_status_t setup_efi_pci(struct boot_params *params)
+static efi_status_t
+__setup_efi_pci32(efi_pci_io_protocol_32 *pci, struct pci_setup_rom **__rom)
 {
-        efi_pci_io_protocol *pci;
+        struct pci_setup_rom *rom = NULL;
        efi_status_t status;
-        void **pci_handle;
+        unsigned long size;
-        efi_guid_t pci_proto = EFI_PCI_IO_PROTOCOL_GUID;
+        uint64_t attributes;
-        unsigned long nr_pci, size = 0;
-        int i;
-        struct setup_data *data;
-        data = (struct setup_data *)(unsigned long)params->hdr.setup_data;
-        while (data && data->next)
+        status = efi_early->call(pci->attributes, pci,
-                data = (struct setup_data *)(unsigned long)data->next;
+                                 EfiPciIoAttributeOperationGet, 0, 0,
+                                 &attributes);
+        if (status != EFI_SUCCESS)
+                return status;
-        status = efi_call_phys5(sys_table->boottime->locate_handle,
+        if (!pci->romimage || !pci->romsize)
-                                EFI_LOCATE_BY_PROTOCOL, &pci_proto,
+                return EFI_INVALID_PARAMETER;
-                                NULL, &size, pci_handle);
-        if (status == EFI_BUFFER_TOO_SMALL) {
+        size = pci->romsize + sizeof(*rom);
-                status = efi_call_phys3(sys_table->boottime->allocate_pool,
-                                        EFI_LOADER_DATA, size, &pci_handle);
-                if (status != EFI_SUCCESS)
+        status = efi_call_early(allocate_pool, EFI_LOADER_DATA, size, &rom);
-                        return status;
+        if (status != EFI_SUCCESS)
+                return status;
-                status = efi_call_phys5(sys_table->boottime->locate_handle,
+        memset(rom, 0, sizeof(*rom));
-                                        EFI_LOCATE_BY_PROTOCOL, &pci_proto,
-                                        NULL, &size, pci_handle);
-        }
-        if (status != EFI_SUCCESS)
+        rom->data.type = SETUP_PCI;
-                goto free_handle;
+        rom->data.len = size - sizeof(struct setup_data);
+        rom->data.next = 0;
+        rom->pcilen = pci->romsize;
+        *__rom = rom;
-        nr_pci = size / sizeof(void *);
+        status = efi_early->call(pci->pci.read, pci, EfiPciIoWidthUint16,
-        for (i = 0; i < nr_pci; i++) {
+                                 PCI_VENDOR_ID, 1, &(rom->vendor));
-                void *h = pci_handle[i];
-                uint64_t attributes;
-                struct pci_setup_rom *rom;
-                status = efi_call_phys3(sys_table->boottime->handle_protocol,
+        if (status != EFI_SUCCESS)
-                                        h, &pci_proto, &pci);
+                goto free_struct;
-                if (status != EFI_SUCCESS)
+        status = efi_early->call(pci->pci.read, pci, EfiPciIoWidthUint16,
-                        continue;
+                                 PCI_DEVICE_ID, 1, &(rom->devid));
-                if (!pci)
+        if (status != EFI_SUCCESS)
-                        continue;
+                goto free_struct;
-#ifdef CONFIG_X86_64
+        status = efi_early->call(pci->get_location, pci, &(rom->segment),
-                status = efi_call_phys4(pci->attributes, pci,
+                                 &(rom->bus), &(rom->device), &(rom->function));
-                                        EfiPciIoAttributeOperationGet, 0,
-                                        &attributes);
-#else
-                status = efi_call_phys5(pci->attributes, pci,
-                                        EfiPciIoAttributeOperationGet, 0, 0,
-                                        &attributes);
-#endif
-                if (status != EFI_SUCCESS)
-                        continue;
-                if (!pci->romimage || !pci->romsize)
+        if (status != EFI_SUCCESS)
-                        continue;
+                goto free_struct;
-                size = pci->romsize + sizeof(*rom);
+        memcpy(rom->romdata, pci->romimage, pci->romsize);
+        return status;
-                status = efi_call_phys3(sys_table->boottime->allocate_pool,
+free_struct:
-                                EFI_LOADER_DATA, size, &rom);
+        efi_call_early(free_pool, rom);
+        return status;
+}
-                if (status != EFI_SUCCESS)
+static efi_status_t
-                        continue;
+setup_efi_pci32(struct boot_params *params, void **pci_handle,
+                unsigned long size)
+{
+        efi_pci_io_protocol_32 *pci = NULL;
+        efi_guid_t pci_proto = EFI_PCI_IO_PROTOCOL_GUID;
+        u32 *handles = (u32 *)(unsigned long)pci_handle;
+        efi_status_t status;
+        unsigned long nr_pci;
+        struct setup_data *data;
+        int i;
-                rom->data.type = SETUP_PCI;
+        data = (struct setup_data *)(unsigned long)params->hdr.setup_data;
-                rom->data.len = size - sizeof(struct setup_data);
-                rom->data.next = 0;
-                rom->pcilen = pci->romsize;
-                status = efi_call_phys5(pci->pci.read, pci,
+        while (data && data->next)
-                                        EfiPciIoWidthUint16, PCI_VENDOR_ID,
+                data = (struct setup_data *)(unsigned long)data->next;
-                                        1, &(rom->vendor));
-                if (status != EFI_SUCCESS)
+        nr_pci = size / sizeof(u32);
-                        goto free_struct;
+        for (i = 0; i < nr_pci; i++) {
+                struct pci_setup_rom *rom = NULL;
+                u32 h = handles[i];
-                status = efi_call_phys5(pci->pci.read, pci,
+                status = efi_call_early(handle_protocol, h,
-                                        EfiPciIoWidthUint16, PCI_DEVICE_ID,
+                                        &pci_proto, (void **)&pci);
-                                        1, &(rom->devid));
                if (status != EFI_SUCCESS)
-                        goto free_struct;
+                        continue;
-                status = efi_call_phys5(pci->get_location, pci,
+                if (!pci)
-                                        &(rom->segment), &(rom->bus),
+                        continue;
-                                        &(rom->device), &(rom->function));
+                status = __setup_efi_pci32(pci, &rom);
                if (status != EFI_SUCCESS)
-                        goto free_struct;
+                        continue;
-                memcpy(rom->romdata, pci->romimage, pci->romsize);
                if (data)
                        data->next = (unsigned long)rom;
@@ -154,105 +408,155 @@ static efi_status_t setup_efi_pci(struct boot_params *params)
                data = (struct setup_data *)rom;
-                continue;
-        free_struct:
-                efi_call_phys1(sys_table->boottime->free_pool, rom);
        }
-free_handle:
-        efi_call_phys1(sys_table->boottime->free_pool, pci_handle);
        return status;
 }
-/*
+static efi_status_t
- * See if we have Graphics Output Protocol
+__setup_efi_pci64(efi_pci_io_protocol_64 *pci, struct pci_setup_rom **__rom)
- */
-static efi_status_t setup_gop(struct screen_info *si, efi_guid_t *proto,
-                              unsigned long size)
 {
-        struct efi_graphics_output_protocol *gop, *first_gop;
+        struct pci_setup_rom *rom;
-        struct efi_pixel_bitmask pixel_info;
-        unsigned long nr_gops;
        efi_status_t status;
-        void **gop_handle;
+        unsigned long size;
-        u16 width, height;
+        uint64_t attributes;
-        u32 fb_base, fb_size;
-        u32 pixels_per_scan_line;
-        int pixel_format;
-        int i;
-        status = efi_call_phys3(sys_table->boottime->allocate_pool,
+        status = efi_early->call(pci->attributes, pci,
-                                EFI_LOADER_DATA, size, &gop_handle);
+                                 EfiPciIoAttributeOperationGet, 0,
+                                 &attributes);
        if (status != EFI_SUCCESS)
                return status;
-        status = efi_call_phys5(sys_table->boottime->locate_handle,
+        if (!pci->romimage || !pci->romsize)
-                                EFI_LOCATE_BY_PROTOCOL, proto,
+                return EFI_INVALID_PARAMETER;
-                                NULL, &size, gop_handle);
+        size = pci->romsize + sizeof(*rom);
+        status = efi_call_early(allocate_pool, EFI_LOADER_DATA, size, &rom);
        if (status != EFI_SUCCESS)
-                goto free_handle;
+                return status;
-        first_gop = NULL;
+        rom->data.type = SETUP_PCI;
+        rom->data.len = size - sizeof(struct setup_data);
+        rom->data.next = 0;
+        rom->pcilen = pci->romsize;
+        *__rom = rom;
-        nr_gops = size / sizeof(void *);
+        status = efi_early->call(pci->pci.read, pci, EfiPciIoWidthUint16,
-        for (i = 0; i < nr_gops; i++) {
+                                 PCI_VENDOR_ID, 1, &(rom->vendor));
-                struct efi_graphics_output_mode_info *info;
-                efi_guid_t conout_proto = EFI_CONSOLE_OUT_DEVICE_GUID;
+        if (status != EFI_SUCCESS)
-                bool conout_found = false;
+                goto free_struct;
-                void *dummy;
-                void *h = gop_handle[i];
+        status = efi_early->call(pci->pci.read, pci, EfiPciIoWidthUint16,
+                                 PCI_DEVICE_ID, 1, &(rom->devid));
+        if (status != EFI_SUCCESS)
+                goto free_struct;
+        status = efi_early->call(pci->get_location, pci, &(rom->segment),
+                                 &(rom->bus), &(rom->device), &(rom->function));
+        if (status != EFI_SUCCESS)
+                goto free_struct;
+        memcpy(rom->romdata, pci->romimage, pci->romsize);
+        return status;
+free_struct:
+        efi_call_early(free_pool, rom);
+        return status;
+}
+static efi_status_t
+setup_efi_pci64(struct boot_params *params, void **pci_handle,
+                unsigned long size)
+{
+        efi_pci_io_protocol_64 *pci = NULL;
+        efi_guid_t pci_proto = EFI_PCI_IO_PROTOCOL_GUID;
+        u64 *handles = (u64 *)(unsigned long)pci_handle;
+        efi_status_t status;
+        unsigned long nr_pci;
+        struct setup_data *data;
+        int i;
+        data = (struct setup_data *)(unsigned long)params->hdr.setup_data;
+        while (data && data->next)
+                data = (struct setup_data *)(unsigned long)data->next;
+        nr_pci = size / sizeof(u64);
+        for (i = 0; i < nr_pci; i++) {
+                struct pci_setup_rom *rom = NULL;
+                u64 h = handles[i];
+                status = efi_call_early(handle_protocol, h,
+                                        &pci_proto, (void **)&pci);
-                status = efi_call_phys3(sys_table->boottime->handle_protocol,
-                                        h, proto, &gop);
                if (status != EFI_SUCCESS)
                        continue;
-                status = efi_call_phys3(sys_table->boottime->handle_protocol,
+                if (!pci)
-                                        h, &conout_proto, &dummy);
+                        continue;
-                if (status == EFI_SUCCESS)
+                status = __setup_efi_pci64(pci, &rom);
-                        conout_found = true;
+                if (status != EFI_SUCCESS)
+                        continue;
-                status = efi_call_phys4(gop->query_mode, gop,
+                if (data)
-                                        gop->mode->mode, &size, &info);
+                        data->next = (unsigned long)rom;
-                if (status == EFI_SUCCESS && (!first_gop || conout_found)) {
+                else
-                        /*
+                        params->hdr.setup_data = (unsigned long)rom;
-                         * Systems that use the UEFI Console Splitter may
-                         * provide multiple GOP devices, not all of which are
+                data = (struct setup_data *)rom;
-                         * backed by real hardware. The workaround is to search
-                         * for a GOP implementing the ConOut protocol, and if
-                         * one isn't found, to just fall back to the first GOP.
-                         */
-                        width = info->horizontal_resolution;
-                        height = info->vertical_resolution;
-                        fb_base = gop->mode->frame_buffer_base;
-                        fb_size = gop->mode->frame_buffer_size;
-                        pixel_format = info->pixel_format;
-                        pixel_info = info->pixel_information;
-                        pixels_per_scan_line = info->pixels_per_scan_line;
-                        /*
-                         * Once we've found a GOP supporting ConOut,
-                         * don't bother looking any further.
-                         */
-                        first_gop = gop;
-                        if (conout_found)
-                                break;
-                }
        }
-        /* Did we find any GOPs? */
+        return status;
-        if (!first_gop)
+}
+static efi_status_t setup_efi_pci(struct boot_params *params)
+{
+        efi_status_t status;
+        void **pci_handle = NULL;
+        efi_guid_t pci_proto = EFI_PCI_IO_PROTOCOL_GUID;
+        unsigned long size = 0;
+        status = efi_call_early(locate_handle,
+                                EFI_LOCATE_BY_PROTOCOL,
+                                &pci_proto, NULL, &size, pci_handle);
+        if (status == EFI_BUFFER_TOO_SMALL) {
+                status = efi_call_early(allocate_pool,
+                                        EFI_LOADER_DATA,
+                                        size, (void **)&pci_handle);
+                if (status != EFI_SUCCESS)
+                        return status;
+                status = efi_call_early(locate_handle,
+                                        EFI_LOCATE_BY_PROTOCOL, &pci_proto,
+                                        NULL, &size, pci_handle);
+        }
+        if (status != EFI_SUCCESS)
                goto free_handle;
-        /* EFI framebuffer */
+        if (efi_early->is64)
-        si->orig_video_isVGA = VIDEO_TYPE_EFI;
+                status = setup_efi_pci64(params, pci_handle, size);
+        else
+                status = setup_efi_pci32(params, pci_handle, size);
-        si->lfb_width = width;
+free_handle:
-        si->lfb_height = height;
+        efi_call_early(free_pool, pci_handle);
-        si->lfb_base = fb_base;
+        return status;
-        si->pages = 1;
+}
+static void
+setup_pixel_info(struct screen_info *si, u32 pixels_per_scan_line,
+                 struct efi_pixel_bitmask pixel_info, int pixel_format)
+{
        if (pixel_format == PIXEL_RGB_RESERVED_8BIT_PER_COLOR) {
                si->lfb_depth = 32;
                si->lfb_linelength = pixels_per_scan_line * 4;
@@ -297,62 +601,319 @@ static efi_status_t setup_gop(struct screen_info *si, efi_guid_t *proto,
                si->rsvd_size = 0;
                si->rsvd_pos = 0;
        }
+}
+static efi_status_t
+__gop_query32(struct efi_graphics_output_protocol_32 *gop32,
+              struct efi_graphics_output_mode_info **info,
+              unsigned long *size, u32 *fb_base)
+{
+        struct efi_graphics_output_protocol_mode_32 *mode;
+        efi_status_t status;
+        unsigned long m;
+        m = gop32->mode;
+        mode = (struct efi_graphics_output_protocol_mode_32 *)m;
+        status = efi_early->call(gop32->query_mode, gop32,
+                                 mode->mode, size, info);
+        if (status != EFI_SUCCESS)
+                return status;
+        *fb_base = mode->frame_buffer_base;
+        return status;
+}
+static efi_status_t
+setup_gop32(struct screen_info *si, efi_guid_t *proto,
+            unsigned long size, void **gop_handle)
+{
+        struct efi_graphics_output_protocol_32 *gop32, *first_gop;
+        unsigned long nr_gops;
+        u16 width, height;
+        u32 pixels_per_scan_line;
+        u32 fb_base;
+        struct efi_pixel_bitmask pixel_info;
+        int pixel_format;
+        efi_status_t status;
+        u32 *handles = (u32 *)(unsigned long)gop_handle;
+        int i;
+        first_gop = NULL;
+        gop32 = NULL;
+        nr_gops = size / sizeof(u32);
+        for (i = 0; i < nr_gops; i++) {
+                struct efi_graphics_output_mode_info *info = NULL;
+                efi_guid_t conout_proto = EFI_CONSOLE_OUT_DEVICE_GUID;
+                bool conout_found = false;
+                void *dummy = NULL;
+                u32 h = handles[i];
+                status = efi_call_early(handle_protocol, h,
+                                        proto, (void **)&gop32);
+                if (status != EFI_SUCCESS)
+                        continue;
+                status = efi_call_early(handle_protocol, h,
+                                        &conout_proto, &dummy);
+                if (status == EFI_SUCCESS)
+                        conout_found = true;
+                status = __gop_query32(gop32, &info, &size, &fb_base);
+                if (status == EFI_SUCCESS && (!first_gop || conout_found)) {
+                        /*
+                         * Systems that use the UEFI Console Splitter may
+                         * provide multiple GOP devices, not all of which are
+                         * backed by real hardware. The workaround is to search
+                         * for a GOP implementing the ConOut protocol, and if
+                         * one isn't found, to just fall back to the first GOP.
+                         */
+                        width = info->horizontal_resolution;
+                        height = info->vertical_resolution;
+                        pixel_format = info->pixel_format;
+                        pixel_info = info->pixel_information;
+                        pixels_per_scan_line = info->pixels_per_scan_line;
+                        /*
+                         * Once we've found a GOP supporting ConOut,
+                         * don't bother looking any further.
+                         */
+                        first_gop = gop32;
+                        if (conout_found)
+                                break;
+                }
+        }
+        /* Did we find any GOPs? */
+        if (!first_gop)
+                goto out;
+        /* EFI framebuffer */
+        si->orig_video_isVGA = VIDEO_TYPE_EFI;
+        si->lfb_width = width;
+        si->lfb_height = height;
+        si->lfb_base = fb_base;
+        si->pages = 1;
+        setup_pixel_info(si, pixels_per_scan_line, pixel_info, pixel_format);
        si->lfb_size = si->lfb_linelength * si->lfb_height;
        si->capabilities |= VIDEO_CAPABILITY_SKIP_QUIRKS;
+out:
+        return status;
+}
-free_handle:
+static efi_status_t
-        efi_call_phys1(sys_table->boottime->free_pool, gop_handle);
+__gop_query64(struct efi_graphics_output_protocol_64 *gop64,
+              struct efi_graphics_output_mode_info **info,
+              unsigned long *size, u32 *fb_base)
+{
+        struct efi_graphics_output_protocol_mode_64 *mode;
+        efi_status_t status;
+        unsigned long m;
+        m = gop64->mode;
+        mode = (struct efi_graphics_output_protocol_mode_64 *)m;
+        status = efi_early->call(gop64->query_mode, gop64,
+                                 mode->mode, size, info);
+        if (status != EFI_SUCCESS)
+                return status;
+        *fb_base = mode->frame_buffer_base;
+        return status;
+}
+static efi_status_t
+setup_gop64(struct screen_info *si, efi_guid_t *proto,
+            unsigned long size, void **gop_handle)
+{
+        struct efi_graphics_output_protocol_64 *gop64, *first_gop;
+        unsigned long nr_gops;
+        u16 width, height;
+        u32 pixels_per_scan_line;
+        u32 fb_base;
+        struct efi_pixel_bitmask pixel_info;
+        int pixel_format;
+        efi_status_t status;
+        u64 *handles = (u64 *)(unsigned long)gop_handle;
+        int i;
+        first_gop = NULL;
+        gop64 = NULL;
+        nr_gops = size / sizeof(u64);
+        for (i = 0; i < nr_gops; i++) {
+                struct efi_graphics_output_mode_info *info = NULL;
+                efi_guid_t conout_proto = EFI_CONSOLE_OUT_DEVICE_GUID;
+                bool conout_found = false;
+                void *dummy = NULL;
+                u64 h = handles[i];
+                status = efi_call_early(handle_protocol, h,
+                                        proto, (void **)&gop64);
+                if (status != EFI_SUCCESS)
+                        continue;
+                status = efi_call_early(handle_protocol, h,
+                                        &conout_proto, &dummy);
+                if (status == EFI_SUCCESS)
+                        conout_found = true;
+                status = __gop_query64(gop64, &info, &size, &fb_base);
+                if (status == EFI_SUCCESS && (!first_gop || conout_found)) {
+                        /*
+                         * Systems that use the UEFI Console Splitter may
+                         * provide multiple GOP devices, not all of which are
+                         * backed by real hardware. The workaround is to search
+                         * for a GOP implementing the ConOut protocol, and if
+                         * one isn't found, to just fall back to the first GOP.
+                         */
+                        width = info->horizontal_resolution;
+                        height = info->vertical_resolution;
+                        pixel_format = info->pixel_format;
+                        pixel_info = info->pixel_information;
+                        pixels_per_scan_line = info->pixels_per_scan_line;
+                        /*
+                         * Once we've found a GOP supporting ConOut,
+                         * don't bother looking any further.
+                         */
+                        first_gop = gop64;
+                        if (conout_found)
+                                break;
+                }
+        }
+        /* Did we find any GOPs? */
+        if (!first_gop)
+                goto out;
+        /* EFI framebuffer */
+        si->orig_video_isVGA = VIDEO_TYPE_EFI;
+        si->lfb_width = width;
+        si->lfb_height = height;
+        si->lfb_base = fb_base;
+        si->pages = 1;
+        setup_pixel_info(si, pixels_per_scan_line, pixel_info, pixel_format);
+        si->lfb_size = si->lfb_linelength * si->lfb_height;
+        si->capabilities |= VIDEO_CAPABILITY_SKIP_QUIRKS;
+out:
        return status;
 }
 /*
- * See if we have Universal Graphics Adapter (UGA) protocol
+ * See if we have Graphics Output Protocol
 */
-static efi_status_t setup_uga(struct screen_info *si, efi_guid_t *uga_proto,
+static efi_status_t setup_gop(struct screen_info *si, efi_guid_t *proto,
                              unsigned long size)
 {
-        struct efi_uga_draw_protocol *uga, *first_uga;
-        unsigned long nr_ugas;
        efi_status_t status;
-        u32 width, height;
+        void **gop_handle = NULL;
-        void **uga_handle = NULL;
-        int i;
-        status = efi_call_phys3(sys_table->boottime->allocate_pool,
+        status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
-                                EFI_LOADER_DATA, size, &uga_handle);
+                                size, (void **)&gop_handle);
        if (status != EFI_SUCCESS)
                return status;
-        status = efi_call_phys5(sys_table->boottime->locate_handle,
+        status = efi_call_early(locate_handle,
-                                EFI_LOCATE_BY_PROTOCOL, uga_proto,
+                                EFI_LOCATE_BY_PROTOCOL,
-                                NULL, &size, uga_handle);
+                                proto, NULL, &size, gop_handle);
        if (status != EFI_SUCCESS)
                goto free_handle;
+        if (efi_early->is64)
+                status = setup_gop64(si, proto, size, gop_handle);
+        else
+                status = setup_gop32(si, proto, size, gop_handle);
+free_handle:
+        efi_call_early(free_pool, gop_handle);
+        return status;
+}
+static efi_status_t
+setup_uga32(void **uga_handle, unsigned long size, u32 *width, u32 *height)
+{
+        struct efi_uga_draw_protocol *uga = NULL, *first_uga;
+        efi_guid_t uga_proto = EFI_UGA_PROTOCOL_GUID;
+        unsigned long nr_ugas;
+        u32 *handles = (u32 *)uga_handle;;
+        efi_status_t status;
+        int i;
        first_uga = NULL;
+        nr_ugas = size / sizeof(u32);
+        for (i = 0; i < nr_ugas; i++) {
+                efi_guid_t pciio_proto = EFI_PCI_IO_PROTOCOL_GUID;
+                u32 w, h, depth, refresh;
+                void *pciio;
+                u32 handle = handles[i];
-        nr_ugas = size / sizeof(void *);
+                status = efi_call_early(handle_protocol, handle,
+                                        &uga_proto, (void **)&uga);
+                if (status != EFI_SUCCESS)
+                        continue;
+                efi_call_early(handle_protocol, handle, &pciio_proto, &pciio);
+                status = efi_early->call((unsigned long)uga->get_mode, uga,
+                                         &w, &h, &depth, &refresh);
+                if (status == EFI_SUCCESS && (!first_uga || pciio)) {
+                        *width = w;
+                        *height = h;
+                        /*
+                         * Once we've found a UGA supporting PCIIO,
+                         * don't bother looking any further.
+                         */
+                        if (pciio)
+                                break;
+                        first_uga = uga;
+                }
+        }
+        return status;
+}
+static efi_status_t
+setup_uga64(void **uga_handle, unsigned long size, u32 *width, u32 *height)
+{
+        struct efi_uga_draw_protocol *uga = NULL, *first_uga;
+        efi_guid_t uga_proto = EFI_UGA_PROTOCOL_GUID;
+        unsigned long nr_ugas;
+        u64 *handles = (u64 *)uga_handle;;
+        efi_status_t status;
+        int i;
+        first_uga = NULL;
+        nr_ugas = size / sizeof(u64);
        for (i = 0; i < nr_ugas; i++) {
                efi_guid_t pciio_proto = EFI_PCI_IO_PROTOCOL_GUID;
-                void *handle = uga_handle[i];
                u32 w, h, depth, refresh;
                void *pciio;
+                u64 handle = handles[i];
-                status = efi_call_phys3(sys_table->boottime->handle_protocol,
+                status = efi_call_early(handle_protocol, handle,
-                                        handle, uga_proto, &uga);
+                                        &uga_proto, (void **)&uga);
                if (status != EFI_SUCCESS)
                        continue;
-                efi_call_phys3(sys_table->boottime->handle_protocol,
+                efi_call_early(handle_protocol, handle, &pciio_proto, &pciio);
-                               handle, &pciio_proto, &pciio);
-                status = efi_call_phys5(uga->get_mode, uga, &w, &h,
+                status = efi_early->call((unsigned long)uga->get_mode, uga,
-                                        &depth, &refresh);
+                                         &w, &h, &depth, &refresh);
                if (status == EFI_SUCCESS && (!first_uga || pciio)) {
-                        width = w;
+                        *width = w;
-                        height = h;
+                        *height = h;
                        /*
                         * Once we've found a UGA supporting PCIIO,
@@ -365,7 +926,39 @@ static efi_status_t setup_uga(struct screen_info *si, efi_guid_t *uga_proto,
                }
        }
-        if (!first_uga)
+        return status;
+}
+/*
+ * See if we have Universal Graphics Adapter (UGA) protocol
+ */
+static efi_status_t setup_uga(struct screen_info *si, efi_guid_t *uga_proto,
+                              unsigned long size)
+{
+        efi_status_t status;
+        u32 width, height;
+        void **uga_handle = NULL;
+        status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
+                                size, (void **)&uga_handle);
+        if (status != EFI_SUCCESS)
+                return status;
+        status = efi_call_early(locate_handle,
+                                EFI_LOCATE_BY_PROTOCOL,
+                                uga_proto, NULL, &size, uga_handle);
+        if (status != EFI_SUCCESS)
+                goto free_handle;
+        height = 0;
+        width = 0;
+        if (efi_early->is64)
+                status = setup_uga64(uga_handle, size, &width, &height);
+        else
+                status = setup_uga32(uga_handle, size, &width, &height);
+        if (!width && !height)
                goto free_handle;
        /* EFI framebuffer */
@@ -384,9 +977,8 @@ static efi_status_t setup_uga(struct screen_info *si, efi_guid_t *uga_proto,
        si->rsvd_size = 8;
        si->rsvd_pos = 24;
 free_handle:
-        efi_call_phys1(sys_table->boottime->free_pool, uga_handle);
+        efi_call_early(free_pool, uga_handle);
        return status;
 }
@@ -404,29 +996,31 @@ void setup_graphics(struct boot_params *boot_params)
        memset(si, 0, sizeof(*si));
        size = 0;
-        status = efi_call_phys5(sys_table->boottime->locate_handle,
+        status = efi_call_early(locate_handle,
-                                EFI_LOCATE_BY_PROTOCOL, &graphics_proto,
+                                EFI_LOCATE_BY_PROTOCOL,
-                                NULL, &size, gop_handle);
+                                &graphics_proto, NULL, &size, gop_handle);
        if (status == EFI_BUFFER_TOO_SMALL)
                status = setup_gop(si, &graphics_proto, size);
        if (status != EFI_SUCCESS) {
                size = 0;
-                status = efi_call_phys5(sys_table->boottime->locate_handle,
+                status = efi_call_early(locate_handle,
-                                        EFI_LOCATE_BY_PROTOCOL, &uga_proto,
+                                        EFI_LOCATE_BY_PROTOCOL,
-                                        NULL, &size, uga_handle);
+                                        &uga_proto, NULL, &size, uga_handle);
                if (status == EFI_BUFFER_TOO_SMALL)
                        setup_uga(si, &uga_proto, size);
        }
 }
 /*
 * Because the x86 boot code expects to be passed a boot_params we
 * need to create one ourselves (usually the bootloader would create
 * one for us).
+ *
+ * The caller is responsible for filling out ->code32_start in the
+ * returned boot_params.
 */
-struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
+struct boot_params *make_boot_params(struct efi_config *c)
 {
        struct boot_params *boot_params;
        struct sys_desc_table *sdt;
@@ -434,7 +1028,7 @@ struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
        struct setup_header *hdr;
        struct efi_info *efi;
        efi_loaded_image_t *image;
-        void *options;
+        void *options, *handle;
        efi_guid_t proto = LOADED_IMAGE_PROTOCOL_GUID;
        int options_size = 0;
        efi_status_t status;
@@ -445,14 +1039,21 @@ struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
        unsigned long ramdisk_addr;
        unsigned long ramdisk_size;
-        sys_table = _table;
+        efi_early = c;
+        sys_table = (efi_system_table_t *)(unsigned long)efi_early->table;
+        handle = (void *)(unsigned long)efi_early->image_handle;
        /* Check if we were booted by the EFI firmware */
        if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE)
                return NULL;
-        status = efi_call_phys3(sys_table->boottime->handle_protocol,
+        if (efi_early->is64)
-                                handle, &proto, (void *)&image);
+                setup_boot_services64(efi_early);
+        else
+                setup_boot_services32(efi_early);
+        status = efi_call_early(handle_protocol, handle,
+                                &proto, (void *)&image);
        if (status != EFI_SUCCESS) {
                efi_printk(sys_table, "Failed to get handle for LOADED_IMAGE_PROTOCOL\n");
                return NULL;
@@ -483,8 +1084,6 @@ struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
        hdr->vid_mode = 0xffff;
        hdr->boot_flag = 0xAA55;
-        hdr->code32_start = (__u64)(unsigned long)image->image_base;
        hdr->type_of_loader = 0x21;
        /* Convert unicode cmdline to ascii */
@@ -641,14 +1240,13 @@ static efi_status_t alloc_e820ext(u32 nr_desc, struct setup_data **e820ext,
                sizeof(struct e820entry) * nr_desc;
        if (*e820ext) {
-                efi_call_phys1(sys_table->boottime->free_pool, *e820ext);
+                efi_call_early(free_pool, *e820ext);
                *e820ext = NULL;
                *e820ext_size = 0;
        }
-        status = efi_call_phys3(sys_table->boottime->allocate_pool,
+        status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
-                                EFI_LOADER_DATA, size, e820ext);
+                                size, (void **)e820ext);
        if (status == EFI_SUCCESS)
                *e820ext_size = size;
@@ -656,12 +1254,13 @@ static efi_status_t alloc_e820ext(u32 nr_desc, struct setup_data **e820ext,
 }
 static efi_status_t exit_boot(struct boot_params *boot_params,
-                              void *handle)
+                              void *handle, bool is64)
 {
        struct efi_info *efi = &boot_params->efi_info;
        unsigned long map_sz, key, desc_size;
        efi_memory_desc_t *mem_map;
        struct setup_data *e820ext;
+        const char *signature;
        __u32 e820ext_size;
        __u32 nr_desc, prev_nr_desc;
        efi_status_t status;
@@ -691,11 +1290,13 @@ get_map:
                if (status != EFI_SUCCESS)
                        goto free_mem_map;
-                efi_call_phys1(sys_table->boottime->free_pool, mem_map);
+                efi_call_early(free_pool, mem_map);
                goto get_map; /* Allocated memory, get map again */
        }
-        memcpy(&efi->efi_loader_signature, EFI_LOADER_SIGNATURE, sizeof(__u32));
+        signature = is64 ? EFI64_LOADER_SIGNATURE : EFI32_LOADER_SIGNATURE;
+        memcpy(&efi->efi_loader_signature, signature, sizeof(__u32));
        efi->efi_systab = (unsigned long)sys_table;
        efi->efi_memdesc_size = desc_size;
        efi->efi_memdesc_version = desc_version;
@@ -708,8 +1309,7 @@ get_map:
 #endif
        /* Might as well exit boot services now */
-        status = efi_call_phys2(sys_table->boottime->exit_boot_services,
+        status = efi_call_early(exit_boot_services, handle, key);
-                                handle, key);
        if (status != EFI_SUCCESS) {
                /*
                 * ExitBootServices() will fail if any of the event
@@ -722,7 +1322,7 @@ get_map:
                        goto free_mem_map;
                called_exit = true;
-                efi_call_phys1(sys_table->boottime->free_pool, mem_map);
+                efi_call_early(free_pool, mem_map);
                goto get_map;
        }
@@ -736,23 +1336,31 @@ get_map:
        return EFI_SUCCESS;
 free_mem_map:
-        efi_call_phys1(sys_table->boottime->free_pool, mem_map);
+        efi_call_early(free_pool, mem_map);
        return status;
 }
 /*
 * On success we return a pointer to a boot_params structure, and NULL
 * on failure.
 */
-struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
+struct boot_params *efi_main(struct efi_config *c,
                             struct boot_params *boot_params)
 {
-        struct desc_ptr *gdt;
+        struct desc_ptr *gdt = NULL;
        efi_loaded_image_t *image;
        struct setup_header *hdr = &boot_params->hdr;
        efi_status_t status;
        struct desc_struct *desc;
+        void *handle;
+        efi_system_table_t *_table;
+        bool is64;
+        efi_early = c;
+        _table = (efi_system_table_t *)(unsigned long)efi_early->table;
+        handle = (void *)(unsigned long)efi_early->image_handle;
+        is64 = efi_early->is64;
        sys_table = _table;
@@ -760,13 +1368,17 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
        if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE)
                goto fail;
+        if (is64)
+                setup_boot_services64(efi_early);
+        else
+                setup_boot_services32(efi_early);
        setup_graphics(boot_params);
        setup_efi_pci(boot_params);
-        status = efi_call_phys3(sys_table->boottime->allocate_pool,
+        status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
-                                EFI_LOADER_DATA, sizeof(*gdt),
+                                sizeof(*gdt), (void **)&gdt);
-                                (void **)&gdt);
        if (status != EFI_SUCCESS) {
                efi_printk(sys_table, "Failed to alloc mem for gdt structure\n");
                goto fail;
@@ -797,7 +1409,7 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
                hdr->code32_start = bzimage_addr;
        }
-        status = exit_boot(boot_params, handle);
+        status = exit_boot(boot_params, handle, is64);
        if (status != EFI_SUCCESS)
                goto fail;
diff --git a/arch/x86/boot/compressed/eboot.h b/arch/x86/boot/compressed/eboot.h
index 81b6b652b46a..c88c31ecad12 100644
--- a/arch/x86/boot/compressed/eboot.h
+++ b/arch/x86/boot/compressed/eboot.h
@@ -37,6 +37,24 @@ struct efi_graphics_output_mode_info {
        u32 pixels_per_scan_line;
 } __packed;
+struct efi_graphics_output_protocol_mode_32 {
+        u32 max_mode;
+        u32 mode;
+        u32 info;
+        u32 size_of_info;
+        u64 frame_buffer_base;
+        u32 frame_buffer_size;
+} __packed;
+struct efi_graphics_output_protocol_mode_64 {
+        u32 max_mode;
+        u32 mode;
+        u64 info;
+        u64 size_of_info;
+        u64 frame_buffer_base;
+        u64 frame_buffer_size;
+} __packed;
 struct efi_graphics_output_protocol_mode {
        u32 max_mode;
        u32 mode;
@@ -46,6 +64,20 @@ struct efi_graphics_output_protocol_mode {
        unsigned long frame_buffer_size;
 } __packed;
+struct efi_graphics_output_protocol_32 {
+        u32 query_mode;
+        u32 set_mode;
+        u32 blt;
+        u32 mode;
+};
+struct efi_graphics_output_protocol_64 {
+        u64 query_mode;
+        u64 set_mode;
+        u64 blt;
+        u64 mode;
+};
 struct efi_graphics_output_protocol {
        void *query_mode;
        unsigned long set_mode;
@@ -53,10 +85,38 @@ struct efi_graphics_output_protocol {
        struct efi_graphics_output_protocol_mode *mode;
 };
+struct efi_uga_draw_protocol_32 {
+        u32 get_mode;
+        u32 set_mode;
+        u32 blt;
+};
+struct efi_uga_draw_protocol_64 {
+        u64 get_mode;
+        u64 set_mode;
+        u64 blt;
+};
 struct efi_uga_draw_protocol {
        void *get_mode;
        void *set_mode;
        void *blt;
 };
+struct efi_config {
+        u64 image_handle;
+        u64 table;
+        u64 allocate_pool;
+        u64 allocate_pages;
+        u64 get_memory_map;
+        u64 free_pool;
+        u64 free_pages;
+        u64 locate_handle;
+        u64 handle_protocol;
+        u64 exit_boot_services;
+        u64 text_output;
+        efi_status_t (*call)(unsigned long, ...);
+        bool is64;
+} __packed;
 #endif /* BOOT_COMPRESSED_EBOOT_H */
diff --git a/arch/x86/boot/compressed/efi_stub_64.S b/arch/x86/boot/compressed/efi_stub_64.S
index cedc60de86eb..7ff3632806b1 100644
--- a/arch/x86/boot/compressed/efi_stub_64.S
+++ b/arch/x86/boot/compressed/efi_stub_64.S
@@ -1 +1,30 @@
+#include <asm/segment.h>
+#include <asm/msr.h>
+#include <asm/processor-flags.h>
 #include "../../platform/efi/efi_stub_64.S"
+#ifdef CONFIG_EFI_MIXED
+        .code64
+        .text
+ENTRY(efi64_thunk)
+        push    %rbp
+        push    %rbx
+        subq    $16, %rsp
+        leaq    efi_exit32(%rip), %rax
+        movl    %eax, 8(%rsp)
+        leaq    efi_gdt64(%rip), %rax
+        movl    %eax, 4(%rsp)
+        movl    %eax, 2(%rax)           /* Fixup the gdt base address */
+        leaq    efi32_boot_gdt(%rip), %rax
+        movl    %eax, (%rsp)
+        call    __efi64_thunk
+        addq    $16, %rsp
+        pop     %rbx
+        pop     %rbp
+        ret
+ENDPROC(efi64_thunk)
+#endif /* CONFIG_EFI_MIXED */
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
index 5d6f6891b188..cbed1407a5cd 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -42,33 +42,56 @@ ENTRY(startup_32)
 ENTRY(efi_pe_entry)
        add     $0x4, %esp
+        call    1f
+1:      popl    %esi
+        subl    $1b, %esi
+        popl    %ecx
+        movl    %ecx, efi32_config(%esi)        /* Handle */
+        popl    %ecx
+        movl    %ecx, efi32_config+8(%esi)      /* EFI System table pointer */
+        /* Relocate efi_config->call() */
+        leal    efi32_config(%esi), %eax
+        add     %esi, 88(%eax)
+        pushl   %eax
        call    make_boot_params
        cmpl    $0, %eax
-        je      1f
+        je      fail
-        movl    0x4(%esp), %esi
+        movl    %esi, BP_code32_start(%eax)
-        movl    (%esp), %ecx
+        popl    %ecx
        pushl   %eax
-        pushl   %esi
        pushl   %ecx
-        sub     $0x4, %esp
+        jmp     2f              /* Skip efi_config initialization */
-ENTRY(efi_stub_entry)
+ENTRY(efi32_stub_entry)
        add     $0x4, %esp
+        popl    %ecx
+        popl    %edx
+        call    1f
+1:      popl    %esi
+        subl    $1b, %esi
+        movl    %ecx, efi32_config(%esi)        /* Handle */
+        movl    %edx, efi32_config+8(%esi)      /* EFI System table pointer */
+        /* Relocate efi_config->call() */
+        leal    efi32_config(%esi), %eax
+        add     %esi, 88(%eax)
+        pushl   %eax
+2:
        call    efi_main
        cmpl    $0, %eax
        movl    %eax, %esi
        jne     2f
-1:
+fail:
        /* EFI init failed, so hang. */
        hlt
-        jmp     1b
+        jmp     fail
 2:
-        call    3f
+        movl    BP_code32_start(%esi), %eax
-3:
-        popl    %eax
-        subl    $3b, %eax
-        subl    BP_pref_address(%esi), %eax
-        add     BP_code32_start(%esi), %eax
        leal    preferred_addr(%eax), %eax
        jmp     *%eax
@@ -117,9 +140,11 @@ preferred_addr:
        addl    %eax, %ebx
        notl    %eax
        andl    %eax, %ebx
-#else
+        cmpl    $LOAD_PHYSICAL_ADDR, %ebx
-        movl    $LOAD_PHYSICAL_ADDR, %ebx
+        jge     1f
 #endif
+        movl    $LOAD_PHYSICAL_ADDR, %ebx
+1:
        /* Target address to relocate to for decompression */
        addl    $z_extract_offset, %ebx
@@ -191,14 +216,23 @@ relocated:
        leal    boot_heap(%ebx), %eax
        pushl   %eax            /* heap area */
        pushl   %esi            /* real mode pointer */
-        call    decompress_kernel
+        call    decompress_kernel /* returns kernel location in %eax */
        addl    $24, %esp
 /*
 * Jump to the decompressed kernel.
 */
        xorl    %ebx, %ebx
-        jmp     *%ebp
+        jmp     *%eax
+#ifdef CONFIG_EFI_STUB
+        .data
+efi32_config:
+        .fill 11,8,0
+        .long efi_call_phys
+        .long 0
+        .byte 0
+#endif
 /*
 * Stack and heap for uncompression
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index c337422b575d..0d558ee899ae 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -94,9 +94,11 @@ ENTRY(startup_32)
        addl    %eax, %ebx
        notl    %eax
        andl    %eax, %ebx
-#else
+        cmpl    $LOAD_PHYSICAL_ADDR, %ebx
-        movl    $LOAD_PHYSICAL_ADDR, %ebx
+        jge     1f
 #endif
+        movl    $LOAD_PHYSICAL_ADDR, %ebx
+1:
        /* Target address to relocate to for decompression */
        addl    $z_extract_offset, %ebx
@@ -111,7 +113,8 @@ ENTRY(startup_32)
        lgdt    gdt(%ebp)
        /* Enable PAE mode */
-        movl    $(X86_CR4_PAE), %eax
+        movl    %cr4, %eax
+        orl     $X86_CR4_PAE, %eax
        movl    %eax, %cr4
 /*
@@ -176,6 +179,13 @@ ENTRY(startup_32)
         */
        pushl   $__KERNEL_CS
        leal    startup_64(%ebp), %eax
+#ifdef CONFIG_EFI_MIXED
+        movl    efi32_config(%ebp), %ebx
+        cmp     $0, %ebx
+        jz      1f
+        leal    handover_entry(%ebp), %eax
+1:
+#endif
        pushl   %eax
        /* Enter paged protected Mode, activating Long Mode */
@@ -186,6 +196,30 @@ ENTRY(startup_32)
        lret
 ENDPROC(startup_32)
+#ifdef CONFIG_EFI_MIXED
+        .org 0x190
+ENTRY(efi32_stub_entry)
+        add     $0x4, %esp              /* Discard return address */
+        popl    %ecx
+        popl    %edx
+        popl    %esi
+        leal    (BP_scratch+4)(%esi), %esp
+        call    1f
+1:      pop     %ebp
+        subl    $1b, %ebp
+        movl    %ecx, efi32_config(%ebp)
+        movl    %edx, efi32_config+8(%ebp)
+        sgdtl   efi32_boot_gdt(%ebp)
+        leal    efi32_config(%ebp), %eax
+        movl    %eax, efi_config(%ebp)
+        jmp     startup_32
+ENDPROC(efi32_stub_entry)
+#endif
        .code64
        .org 0x200
 ENTRY(startup_64)
@@ -207,33 +241,52 @@ ENTRY(startup_64)
        jmp     preferred_addr
 ENTRY(efi_pe_entry)
-        mov     %rcx, %rdi
+        movq    %rcx, efi64_config(%rip)        /* Handle */
-        mov     %rdx, %rsi
+        movq    %rdx, efi64_config+8(%rip) /* EFI System table pointer */
-        pushq   %rdi
-        pushq   %rsi
+        leaq    efi64_config(%rip), %rax
+        movq    %rax, efi_config(%rip)
+        call    1f
+1:      popq    %rbp
+        subq    $1b, %rbp
+        /*
+         * Relocate efi_config->call().
+         */
+        addq    %rbp, efi64_config+88(%rip)
+        movq    %rax, %rdi
        call    make_boot_params
        cmpq    $0,%rax
-        je      1f
+        je      fail
-        mov     %rax, %rdx
+        mov     %rax, %rsi
-        popq    %rsi
+        leaq    startup_32(%rip), %rax
-        popq    %rdi
+        movl    %eax, BP_code32_start(%rsi)
+        jmp     2f              /* Skip the relocation */
+handover_entry:
+        call    1f
+1:      popq    %rbp
+        subq    $1b, %rbp
-ENTRY(efi_stub_entry)
+        /*
+         * Relocate efi_config->call().
+         */
+        movq    efi_config(%rip), %rax
+        addq    %rbp, 88(%rax)
+2:
+        movq    efi_config(%rip), %rdi
        call    efi_main
        movq    %rax,%rsi
        cmpq    $0,%rax
        jne     2f
-1:
+fail:
        /* EFI init failed, so hang. */
        hlt
-        jmp     1b
+        jmp     fail
 2:
-        call    3f
+        movl    BP_code32_start(%esi), %eax
-3:
-        popq    %rax
-        subq    $3b, %rax
-        subq    BP_pref_address(%rsi), %rax
-        add     BP_code32_start(%esi), %eax
        leaq    preferred_addr(%rax), %rax
        jmp     *%rax
@@ -269,9 +322,11 @@ preferred_addr:
        addq    %rax, %rbp
        notq    %rax
        andq    %rax, %rbp
-#else
+        cmpq    $LOAD_PHYSICAL_ADDR, %rbp
-        movq    $LOAD_PHYSICAL_ADDR, %rbp
+        jge     1f
 #endif
+        movq    $LOAD_PHYSICAL_ADDR, %rbp
+1:
        /* Target address to relocate to for decompression */
        leaq    z_extract_offset(%rbp), %rbx
@@ -303,6 +358,20 @@ preferred_addr:
        leaq    relocated(%rbx), %rax
        jmp     *%rax
+#ifdef CONFIG_EFI_STUB
+        .org 0x390
+ENTRY(efi64_stub_entry)
+        movq    %rdi, efi64_config(%rip)        /* Handle */
+        movq    %rsi, efi64_config+8(%rip) /* EFI System table pointer */
+        leaq    efi64_config(%rip), %rax
+        movq    %rax, efi_config(%rip)
+        movq    %rdx, %rsi
+        jmp     handover_entry
+ENDPROC(efi64_stub_entry)
+#endif
        .text
 relocated:
@@ -339,13 +408,13 @@ relocated:
        movl    $z_input_len, %ecx      /* input_len */
        movq    %rbp, %r8               /* output target address */
        movq    $z_output_len, %r9      /* decompressed length */
-        call    decompress_kernel
+        call    decompress_kernel       /* returns kernel location in %rax */
        popq    %rsi
 /*
 * Jump to the decompressed kernel.
 */
-        jmp     *%rbp
+        jmp     *%rax
        .code32
 no_longmode:
@@ -368,6 +437,25 @@ gdt:
        .quad   0x0000000000000000      /* TS continued */
 gdt_end:
+#ifdef CONFIG_EFI_STUB
+efi_config:
+        .quad   0
+#ifdef CONFIG_EFI_MIXED
+        .global efi32_config
+efi32_config:
+        .fill   11,8,0
+        .quad   efi64_thunk
+        .byte   0
+#endif
+        .global efi64_config
+efi64_config:
+        .fill   11,8,0
+        .quad   efi_call6
+        .byte   1
+#endif /* CONFIG_EFI_STUB */
 /*
 * Stack and heap for uncompression
 */
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 434f077d2c4d..17684615374b 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -10,6 +10,7 @@
 */
 #include "misc.h"
+#include "../string.h"
 /* WARNING!!
 * This code is compiled with -fPIC and it is relocated dynamically
@@ -97,8 +98,14 @@
 */
 #define STATIC          static
-#undef memset
 #undef memcpy
+/*
+ * Use a normal definition of memset() from string.c. There are already
+ * included header files which expect a definition of memset() and by
+ * the time we define memset macro, it is too late.
+ */
+#undef memset
 #define memzero(s, n)   memset((s), 0, (n))
@@ -109,17 +116,8 @@ static void error(char *m);
 */
 struct boot_params *real_mode;          /* Pointer to real-mode data */
-void *memset(void *s, int c, size_t n);
+memptr free_mem_ptr;
-void *memcpy(void *dest, const void *src, size_t n);
+memptr free_mem_end_ptr;
-#ifdef CONFIG_X86_64
-#define memptr long
-#else
-#define memptr unsigned
-#endif
-static memptr free_mem_ptr;
-static memptr free_mem_end_ptr;
 static char *vidmem;
 static int vidport;
@@ -222,45 +220,6 @@ void __putstr(const char *s)
        outb(0xff & (pos >> 1), vidport+1);
 }
-void *memset(void *s, int c, size_t n)
-{
-        int i;
-        char *ss = s;
-        for (i = 0; i < n; i++)
-                ss[i] = c;
-        return s;
-}
-#ifdef CONFIG_X86_32
-void *memcpy(void *dest, const void *src, size_t n)
-{
-        int d0, d1, d2;
-        asm volatile(
-                "rep ; movsl\n\t"
-                "movl %4,%%ecx\n\t"
-                "rep ; movsb\n\t"
-                : "=&c" (d0), "=&D" (d1), "=&S" (d2)
-                : "0" (n >> 2), "g" (n & 3), "1" (dest), "2" (src)
-                : "memory");
-        return dest;
-}
-#else
-void *memcpy(void *dest, const void *src, size_t n)
-{
-        long d0, d1, d2;
-        asm volatile(
-                "rep ; movsq\n\t"
-                "movq %4,%%rcx\n\t"
-                "rep ; movsb\n\t"
-                : "=&c" (d0), "=&D" (d1), "=&S" (d2)
-                : "0" (n >> 3), "g" (n & 7), "1" (dest), "2" (src)
-                : "memory");
-        return dest;
-}
-#endif
 static void error(char *x)
 {
        error_putstr("\n\n");
@@ -395,7 +354,7 @@ static void parse_elf(void *output)
        free(phdrs);
 }
-asmlinkage void decompress_kernel(void *rmode, memptr heap,
+asmlinkage void *decompress_kernel(void *rmode, memptr heap,
                                  unsigned char *input_data,
                                  unsigned long input_len,
                                  unsigned char *output,
@@ -422,6 +381,10 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
        free_mem_ptr     = heap;        /* Heap */
        free_mem_end_ptr = heap + BOOT_HEAP_SIZE;
+        output = choose_kernel_location(input_data, input_len,
+                                        output, output_len);
+        /* Validate memory location choices. */
        if ((unsigned long)output & (MIN_KERNEL_ALIGN - 1))
                error("Destination address inappropriately aligned");
 #ifdef CONFIG_X86_64
@@ -441,5 +404,5 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
        parse_elf(output);
        handle_relocations(output, output_len);
        debug_putstr("done.\nBooting the kernel.\n");
-        return;
+        return output;
 }
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 674019d8e235..24e3e569a13c 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -23,7 +23,15 @@
 #define BOOT_BOOT_H
 #include "../ctype.h"
+#ifdef CONFIG_X86_64
+#define memptr long
+#else
+#define memptr unsigned
+#endif
 /* misc.c */
+extern memptr free_mem_ptr;
+extern memptr free_mem_end_ptr;
 extern struct boot_params *real_mode;           /* Pointer to real-mode data */
 void __putstr(const char *s);
 #define error_putstr(__x)  __putstr(__x)
@@ -39,23 +47,40 @@ static inline void debug_putstr(const char *s)
 #endif
-#ifdef CONFIG_EARLY_PRINTK
+#if CONFIG_EARLY_PRINTK || CONFIG_RANDOMIZE_BASE
 /* cmdline.c */
 int cmdline_find_option(const char *option, char *buffer, int bufsize);
 int cmdline_find_option_bool(const char *option);
+#endif
-/* early_serial_console.c */
-extern int early_serial_base;
-void console_init(void);
+#if CONFIG_RANDOMIZE_BASE
+/* aslr.c */
+unsigned char *choose_kernel_location(unsigned char *input,
+                                      unsigned long input_size,
+                                      unsigned char *output,
+                                      unsigned long output_size);
+/* cpuflags.c */
+bool has_cpuflag(int flag);
 #else
+static inline
+unsigned char *choose_kernel_location(unsigned char *input,
+                                      unsigned long input_size,
+                                      unsigned char *output,
+                                      unsigned long output_size)
+{
+        return output;
+}
+#endif
+#ifdef CONFIG_EARLY_PRINTK
 /* early_serial_console.c */
+extern int early_serial_base;
+void console_init(void);
+#else
 static const int early_serial_base;
 static inline void console_init(void)
 { }
 #endif
 #endif
diff --git a/arch/x86/boot/compressed/string.c b/arch/x86/boot/compressed/string.c
index ffb9c5c9d748..f3c57e341402 100644
--- a/arch/x86/boot/compressed/string.c
+++ b/arch/x86/boot/compressed/string.c
@@ -1,11 +1,45 @@
 #include "misc.h"
+#include "../string.c"
+/* misc.h might pull in string_32.h which has a macro for memcpy. undef that */
+#undef memcpy
-int memcmp(const void *s1, const void *s2, size_t len)
+#ifdef CONFIG_X86_32
+void *memcpy(void *dest, const void *src, size_t n)
 {
-        u8 diff;
+        int d0, d1, d2;
-        asm("repe; cmpsb; setnz %0"
+        asm volatile(
-            : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
+                "rep ; movsl\n\t"
-        return diff;
+                "movl %4,%%ecx\n\t"
+                "rep ; movsb\n\t"
+                : "=&c" (d0), "=&D" (d1), "=&S" (d2)
+                : "0" (n >> 2), "g" (n & 3), "1" (dest), "2" (src)
+                : "memory");
+        return dest;
 }
+#else
+void *memcpy(void *dest, const void *src, size_t n)
+{
+        long d0, d1, d2;
+        asm volatile(
+                "rep ; movsq\n\t"
+                "movq %4,%%rcx\n\t"
+                "rep ; movsb\n\t"
+                : "=&c" (d0), "=&D" (d1), "=&S" (d2)
+                : "0" (n >> 3), "g" (n & 7), "1" (dest), "2" (src)
+                : "memory");
-#include "../string.c"
+        return dest;
+}
+#endif
+void *memset(void *s, int c, size_t n)
+{
+        int i;
+        char *ss = s;
+        for (i = 0; i < n; i++)
+                ss[i] = c;
+        return s;
+}
diff --git a/arch/x86/boot/copy.S b/arch/x86/boot/copy.S
index 11f272c6f5e9..1eb7d298b47d 100644
--- a/arch/x86/boot/copy.S
+++ b/arch/x86/boot/copy.S
@@ -14,7 +14,7 @@
 * Memory copy routines
 */
-        .code16gcc
+        .code16
        .text
 GLOBAL(memcpy)
@@ -30,7 +30,7 @@ GLOBAL(memcpy)
        rep; movsb
        popw    %di
        popw    %si
-        ret
+        retl
 ENDPROC(memcpy)
 GLOBAL(memset)
@@ -45,25 +45,25 @@ GLOBAL(memset)
        andw    $3, %cx
        rep; stosb
        popw    %di
-        ret
+        retl
 ENDPROC(memset)
 GLOBAL(copy_from_fs)
        pushw   %ds
        pushw   %fs
        popw    %ds
-        call    memcpy
+        calll   memcpy
        popw    %ds
-        ret
+        retl
 ENDPROC(copy_from_fs)
 GLOBAL(copy_to_fs)
        pushw   %es
        pushw   %fs
        popw    %es
-        call    memcpy
+        calll   memcpy
        popw    %es
-        ret
+        retl
 ENDPROC(copy_to_fs)
 #if 0 /* Not currently used, but can be enabled as needed */
@@ -71,17 +71,17 @@ GLOBAL(copy_from_gs)
        pushw   %ds
        pushw   %gs
        popw    %ds
-        call    memcpy
+        calll   memcpy
        popw    %ds
-        ret
+        retl
 ENDPROC(copy_from_gs)
 GLOBAL(copy_to_gs)
        pushw   %es
        pushw   %gs
        popw    %es
-        call    memcpy
+        calll   memcpy
        popw    %es
-        ret
+        retl
 ENDPROC(copy_to_gs)
 #endif
diff --git a/arch/x86/boot/cpucheck.c b/arch/x86/boot/cpucheck.c
index 4d3ff037201f..1fd7d575092e 100644
--- a/arch/x86/boot/cpucheck.c
+++ b/arch/x86/boot/cpucheck.c
@@ -27,9 +27,8 @@
 #include <asm/processor-flags.h>
 #include <asm/required-features.h>
 #include <asm/msr-index.h>
+#include "string.h"
-struct cpu_features cpu;
-static u32 cpu_vendor[3];
 static u32 err_flags[NCAPINTS];
 static const int req_level = CONFIG_X86_MINIMUM_CPU_FAMILY;
@@ -69,92 +68,15 @@ static int is_transmeta(void)
               cpu_vendor[2] == A32('M', 'x', '8', '6');
 }
-static int has_fpu(void)
+static int is_intel(void)
 {
-        u16 fcw = -1, fsw = -1;
+        return cpu_vendor[0] == A32('G', 'e', 'n', 'u') &&
-        u32 cr0;
+               cpu_vendor[1] == A32('i', 'n', 'e', 'I') &&
+               cpu_vendor[2] == A32('n', 't', 'e', 'l');
-        asm("movl %%cr0,%0" : "=r" (cr0));
-        if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
-                cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
-                asm volatile("movl %0,%%cr0" : : "r" (cr0));
-        }
-        asm volatile("fninit ; fnstsw %0 ; fnstcw %1"
-                     : "+m" (fsw), "+m" (fcw));
-        return fsw == 0 && (fcw & 0x103f) == 0x003f;
-}
-static int has_eflag(u32 mask)
-{
-        u32 f0, f1;
-        asm("pushfl ; "
-            "pushfl ; "
-            "popl %0 ; "
-            "movl %0,%1 ; "
-            "xorl %2,%1 ; "
-            "pushl %1 ; "
-            "popfl ; "
-            "pushfl ; "
-            "popl %1 ; "
-            "popfl"
-            : "=&r" (f0), "=&r" (f1)
-            : "ri" (mask));
-        return !!((f0^f1) & mask);
-}
-static void get_flags(void)
-{
-        u32 max_intel_level, max_amd_level;
-        u32 tfms;
-        if (has_fpu())
-                set_bit(X86_FEATURE_FPU, cpu.flags);
-        if (has_eflag(X86_EFLAGS_ID)) {
-                asm("cpuid"
-                    : "=a" (max_intel_level),
-                      "=b" (cpu_vendor[0]),
-                      "=d" (cpu_vendor[1]),
-                      "=c" (cpu_vendor[2])
-                    : "a" (0));
-                if (max_intel_level >= 0x00000001 &&
-                    max_intel_level <= 0x0000ffff) {
-                        asm("cpuid"
-                            : "=a" (tfms),
-                              "=c" (cpu.flags[4]),
-                              "=d" (cpu.flags[0])
-                            : "a" (0x00000001)
-                            : "ebx");
-                        cpu.level = (tfms >> 8) & 15;
-                        cpu.model = (tfms >> 4) & 15;
-                        if (cpu.level >= 6)
-                                cpu.model += ((tfms >> 16) & 0xf) << 4;
-                }
-                asm("cpuid"
-                    : "=a" (max_amd_level)
-                    : "a" (0x80000000)
-                    : "ebx", "ecx", "edx");
-                if (max_amd_level >= 0x80000001 &&
-                    max_amd_level <= 0x8000ffff) {
-                        u32 eax = 0x80000001;
-                        asm("cpuid"
-                            : "+a" (eax),
-                              "=c" (cpu.flags[6]),
-                              "=d" (cpu.flags[1])
-                            : : "ebx");
-                }
-        }
 }
 /* Returns a bitmask of which words we have error bits in */
-static int check_flags(void)
+static int check_cpuflags(void)
 {
        u32 err;
        int i;
@@ -187,8 +109,8 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr)
        if (has_eflag(X86_EFLAGS_AC))
                cpu.level = 4;
-        get_flags();
+        get_cpuflags();
-        err = check_flags();
+        err = check_cpuflags();
        if (test_bit(X86_FEATURE_LM, cpu.flags))
                cpu.level = 64;
@@ -207,8 +129,8 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr)
                eax &= ~(1 << 15);
                asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
-                get_flags();    /* Make sure it really did something */
+                get_cpuflags(); /* Make sure it really did something */
-                err = check_flags();
+                err = check_cpuflags();
        } else if (err == 0x01 &&
                   !(err_flags[0] & ~(1 << X86_FEATURE_CX8)) &&
                   is_centaur() && cpu.model >= 6) {
@@ -223,7 +145,7 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr)
                asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
                set_bit(X86_FEATURE_CX8, cpu.flags);
-                err = check_flags();
+                err = check_cpuflags();
        } else if (err == 0x01 && is_transmeta()) {
                /* Transmeta might have masked feature bits in word 0 */
@@ -238,7 +160,20 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr)
                    : : "ecx", "ebx");
                asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
-                err = check_flags();
+                err = check_cpuflags();
+        } else if (err == 0x01 &&
+                   !(err_flags[0] & ~(1 << X86_FEATURE_PAE)) &&
+                   is_intel() && cpu.level == 6 &&
+                   (cpu.model == 9 || cpu.model == 13)) {
+                /* PAE is disabled on this Pentium M but can be forced */
+                if (cmdline_find_option_bool("forcepae")) {
+                        puts("WARNING: Forcing PAE in CPU flags\n");
+                        set_bit(X86_FEATURE_PAE, cpu.flags);
+                        err = check_cpuflags();
+                }
+                else {
+                        puts("WARNING: PAE disabled. Use parameter 'forcepae' to enable at your own risk!\n");
+                }
        }
        if (err_flags_ptr)
diff --git a/arch/x86/boot/cpuflags.c b/arch/x86/boot/cpuflags.c
new file mode 100644
index 000000000000..431fa5f84537
--- /dev/null
+++ b/arch/x86/boot/cpuflags.c
@@ -0,0 +1,119 @@
+#include <linux/types.h>
+#include "bitops.h"
+#include <asm/processor-flags.h>
+#include <asm/required-features.h>
+#include <asm/msr-index.h>
+#include "cpuflags.h"
+struct cpu_features cpu;
+u32 cpu_vendor[3];
+static bool loaded_flags;
+static int has_fpu(void)
+{
+        u16 fcw = -1, fsw = -1;
+        unsigned long cr0;
+        asm volatile("mov %%cr0,%0" : "=r" (cr0));
+        if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
+                cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
+                asm volatile("mov %0,%%cr0" : : "r" (cr0));
+        }
+        asm volatile("fninit ; fnstsw %0 ; fnstcw %1"
+                     : "+m" (fsw), "+m" (fcw));
+        return fsw == 0 && (fcw & 0x103f) == 0x003f;
+}
+/*
+ * For building the 16-bit code we want to explicitly specify 32-bit
+ * push/pop operations, rather than just saying 'pushf' or 'popf' and
+ * letting the compiler choose. But this is also included from the
+ * compressed/ directory where it may be 64-bit code, and thus needs
+ * to be 'pushfq' or 'popfq' in that case.
+ */
+#ifdef __x86_64__
+#define PUSHF "pushfq"
+#define POPF "popfq"
+#else
+#define PUSHF "pushfl"
+#define POPF "popfl"
+#endif
+int has_eflag(unsigned long mask)
+{
+        unsigned long f0, f1;
+        asm volatile(PUSHF "    \n\t"
+                     PUSHF "    \n\t"
+                     "pop %0    \n\t"
+                     "mov %0,%1 \n\t"
+                     "xor %2,%1 \n\t"
+                     "push %1   \n\t"
+                     POPF "     \n\t"
+                     PUSHF "    \n\t"
+                     "pop %1    \n\t"
+                     POPF
+                     : "=&r" (f0), "=&r" (f1)
+                     : "ri" (mask));
+        return !!((f0^f1) & mask);
+}
+/* Handle x86_32 PIC using ebx. */
+#if defined(__i386__) && defined(__PIC__)
+# define EBX_REG "=r"
+#else
+# define EBX_REG "=b"
+#endif
+static inline void cpuid(u32 id, u32 *a, u32 *b, u32 *c, u32 *d)
+{
+        asm volatile(".ifnc %%ebx,%3 ; movl  %%ebx,%3 ; .endif  \n\t"
+                     "cpuid                                     \n\t"
+                     ".ifnc %%ebx,%3 ; xchgl %%ebx,%3 ; .endif  \n\t"
+                    : "=a" (*a), "=c" (*c), "=d" (*d), EBX_REG (*b)
+                    : "a" (id)
+        );
+}
+void get_cpuflags(void)
+{
+        u32 max_intel_level, max_amd_level;
+        u32 tfms;
+        u32 ignored;
+        if (loaded_flags)
+                return;
+        loaded_flags = true;
+        if (has_fpu())
+                set_bit(X86_FEATURE_FPU, cpu.flags);
+        if (has_eflag(X86_EFLAGS_ID)) {
+                cpuid(0x0, &max_intel_level, &cpu_vendor[0], &cpu_vendor[2],
+                      &cpu_vendor[1]);
+                if (max_intel_level >= 0x00000001 &&
+                    max_intel_level <= 0x0000ffff) {
+                        cpuid(0x1, &tfms, &ignored, &cpu.flags[4],
+                              &cpu.flags[0]);
+                        cpu.level = (tfms >> 8) & 15;
+                        cpu.model = (tfms >> 4) & 15;
+                        if (cpu.level >= 6)
+                                cpu.model += ((tfms >> 16) & 0xf) << 4;
+                }
+                cpuid(0x80000000, &max_amd_level, &ignored, &ignored,
+                      &ignored);
+                if (max_amd_level >= 0x80000001 &&
+                    max_amd_level <= 0x8000ffff) {
+                        cpuid(0x80000001, &ignored, &ignored, &cpu.flags[6],
+                              &cpu.flags[1]);
+                }
+        }
+}
diff --git a/arch/x86/boot/cpuflags.h b/arch/x86/boot/cpuflags.h
new file mode 100644
index 000000000000..ea97697e51e4
--- /dev/null
+++ b/arch/x86/boot/cpuflags.h
@@ -0,0 +1,19 @@
+#ifndef BOOT_CPUFLAGS_H
+#define BOOT_CPUFLAGS_H
+#include <asm/cpufeature.h>
+#include <asm/processor-flags.h>
+struct cpu_features {
+        int level;              /* Family, or 64 for x86-64 */
+        int model;
+        u32 flags[NCAPINTS];
+};
+extern struct cpu_features cpu;
+extern u32 cpu_vendor[3];
+int has_eflag(unsigned long mask);
+void get_cpuflags(void);
+#endif
diff --git a/arch/x86/boot/edd.c b/arch/x86/boot/edd.c
index c501a5b466f8..223e42527077 100644
--- a/arch/x86/boot/edd.c
+++ b/arch/x86/boot/edd.c
@@ -15,6 +15,7 @@
 #include "boot.h"
 #include <linux/edd.h>
+#include "string.h"
 #if defined(CONFIG_EDD) || defined(CONFIG_EDD_MODULE)
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 9ec06a1f6d61..0ca9a5c362bc 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -283,7 +283,7 @@ _start:
        # Part 2 of the header, from the old setup.S
                .ascii  "HdrS"          # header signature
-                .word   0x020c          # header version number (>= 0x0105)
+                .word   0x020d          # header version number (>= 0x0105)
                                        # or else old loadlin-1.5 will fail)
                .globl realmode_swtch
 realmode_swtch: .word   0, 0            # default_switch, SETUPSEG
@@ -350,7 +350,7 @@ cmd_line_ptr:	.long	0		# (Header version 0x0202 or later)
                                        # can be located anywhere in
                                        # low memory 0x10000 or higher.
-ramdisk_max:    .long 0x7fffffff
+initrd_addr_max: .long 0x7fffffff
                                        # (Header version 0x0203 or later)
                                        # The highest safe address for
                                        # the contents of an initrd
@@ -375,7 +375,8 @@ xloadflags:
 # define XLF0 0
 #endif
-#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64)
+#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64) && \
+        !defined(CONFIG_EFI_MIXED)
   /* kernel/boot_param/ramdisk could be loaded above 4g */
 # define XLF1 XLF_CAN_BE_LOADED_ABOVE_4G
 #else
@@ -383,15 +384,26 @@ xloadflags:
 #endif
 #ifdef CONFIG_EFI_STUB
-# ifdef CONFIG_X86_64
+# ifdef CONFIG_EFI_MIXED
-#  define XLF23 XLF_EFI_HANDOVER_64             /* 64-bit EFI handover ok */
+#  define XLF23 (XLF_EFI_HANDOVER_32|XLF_EFI_HANDOVER_64)
 # else
-#  define XLF23 XLF_EFI_HANDOVER_32             /* 32-bit EFI handover ok */
+#  ifdef CONFIG_X86_64
+#   define XLF23 XLF_EFI_HANDOVER_64            /* 64-bit EFI handover ok */
+#  else
+#   define XLF23 XLF_EFI_HANDOVER_32            /* 32-bit EFI handover ok */
+#  endif
 # endif
 #else
 # define XLF23 0
 #endif
-                        .word XLF0 | XLF1 | XLF23
+#if defined(CONFIG_X86_64) && defined(CONFIG_EFI) && defined(CONFIG_KEXEC)
+# define XLF4 XLF_EFI_KEXEC
+#else
+# define XLF4 0
+#endif
+                        .word XLF0 | XLF1 | XLF23 | XLF4
 cmdline_size:   .long   COMMAND_LINE_SIZE-1     #length of the command line,
                                                #added with boot protocol
@@ -419,13 +431,7 @@ pref_address:		.quad LOAD_PHYSICAL_ADDR	# preferred load addr
 #define INIT_SIZE VO_INIT_SIZE
 #endif
 init_size:              .long INIT_SIZE         # kernel initialization size
-handover_offset:
+handover_offset:        .long 0                 # Filled in by build.c
-#ifdef CONFIG_EFI_STUB
-                        .long 0x30              # offset to the handover
-                                                # protocol entry point
-#else
-                        .long 0
-#endif
 # End of setup header #####################################################
diff --git a/arch/x86/boot/main.c b/arch/x86/boot/main.c
index cf6083d444f4..fd6c9f236996 100644
--- a/arch/x86/boot/main.c
+++ b/arch/x86/boot/main.c
@@ -14,6 +14,7 @@
 */
 #include "boot.h"
+#include "string.h"
 struct boot_params boot_params __attribute__((aligned(16)));
diff --git a/arch/x86/boot/regs.c b/arch/x86/boot/regs.c
index 958019b1cfa5..c0fb356a3092 100644
--- a/arch/x86/boot/regs.c
+++ b/arch/x86/boot/regs.c
@@ -17,6 +17,7 @@
 */
 #include "boot.h"
+#include "string.h"
 void initregs(struct biosregs *reg)
 {
diff --git a/arch/x86/boot/string.c b/arch/x86/boot/string.c
index 574dedfe2890..5339040ef86e 100644
--- a/arch/x86/boot/string.c
+++ b/arch/x86/boot/string.c
@@ -14,6 +14,20 @@
 #include "boot.h"
+/*
+ * This file gets included in compressed/string.c which might pull in
+ * string_32.h and which in turn maps memcmp to __builtin_memcmp(). Undo
+ * that first.
+ */
+#undef memcmp
+int memcmp(const void *s1, const void *s2, size_t len)
+{
+        u8 diff;
+        asm("repe; cmpsb; setnz %0"
+            : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
+        return diff;
+}
 int strcmp(const char *str1, const char *str2)
 {
        const unsigned char *s1 = (const unsigned char *)str1;
diff --git a/arch/x86/boot/string.h b/arch/x86/boot/string.h
new file mode 100644
index 000000000000..725e820602b1
--- /dev/null
+++ b/arch/x86/boot/string.h
@@ -0,0 +1,21 @@
+#ifndef BOOT_STRING_H
+#define BOOT_STRING_H
+/* Undef any of these macros coming from string_32.h. */
+#undef memcpy
+#undef memset
+#undef memcmp
+void *memcpy(void *dst, const void *src, size_t len);
+void *memset(void *dst, int c, size_t len);
+int memcmp(const void *s1, const void *s2, size_t len);
+/*
+ * Access builtin version by default. If one needs to use optimized version,
+ * do "undef memcpy" in .c file and link against right string.c
+ */
+#define memcpy(d,s,l) __builtin_memcpy(d,s,l)
+#define memset(d,c,l) __builtin_memset(d,c,l)
+#define memcmp  __builtin_memcmp
+#endif /* BOOT_STRING_H */
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index 8e15b22391fc..1a2f2121cada 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -53,7 +53,8 @@ int is_big_kernel;
 #define PECOFF_RELOC_RESERVE 0x20
-unsigned long efi_stub_entry;
+unsigned long efi32_stub_entry;
+unsigned long efi64_stub_entry;
 unsigned long efi_pe_entry;
 unsigned long startup_64;
@@ -219,6 +220,52 @@ static void update_pecoff_text(unsigned int text_start, unsigned int file_sz)
        update_pecoff_section_header(".text", text_start, text_sz);
 }
+static int reserve_pecoff_reloc_section(int c)
+{
+        /* Reserve 0x20 bytes for .reloc section */
+        memset(buf+c, 0, PECOFF_RELOC_RESERVE);
+        return PECOFF_RELOC_RESERVE;
+}
+static void efi_stub_defaults(void)
+{
+        /* Defaults for old kernel */
+#ifdef CONFIG_X86_32
+        efi_pe_entry = 0x10;
+#else
+        efi_pe_entry = 0x210;
+        startup_64 = 0x200;
+#endif
+}
+static void efi_stub_entry_update(void)
+{
+        unsigned long addr = efi32_stub_entry;
+#ifdef CONFIG_X86_64
+        /* Yes, this is really how we defined it :( */
+        addr = efi64_stub_entry - 0x200;
+#endif
+#ifdef CONFIG_EFI_MIXED
+        if (efi32_stub_entry != addr)
+                die("32-bit and 64-bit EFI entry points do not match\n");
+#endif
+        put_unaligned_le32(addr, &buf[0x264]);
+}
+#else
+static inline void update_pecoff_setup_and_reloc(unsigned int size) {}
+static inline void update_pecoff_text(unsigned int text_start,
+                                      unsigned int file_sz) {}
+static inline void efi_stub_defaults(void) {}
+static inline void efi_stub_entry_update(void) {}
+static inline int reserve_pecoff_reloc_section(int c)
+{
+        return 0;
+}
 #endif /* CONFIG_EFI_STUB */
@@ -250,7 +297,8 @@ static void parse_zoffset(char *fname)
        p = (char *)buf;
        while (p && *p) {
-                PARSE_ZOFS(p, efi_stub_entry);
+                PARSE_ZOFS(p, efi32_stub_entry);
+                PARSE_ZOFS(p, efi64_stub_entry);
                PARSE_ZOFS(p, efi_pe_entry);
                PARSE_ZOFS(p, startup_64);
@@ -271,15 +319,7 @@ int main(int argc, char ** argv)
        void *kernel;
        u32 crc = 0xffffffffUL;
-        /* Defaults for old kernel */
+        efi_stub_defaults();
-#ifdef CONFIG_X86_32
-        efi_pe_entry = 0x10;
-        efi_stub_entry = 0x30;
-#else
-        efi_pe_entry = 0x210;
-        efi_stub_entry = 0x230;
-        startup_64 = 0x200;
-#endif
        if (argc != 5)
                usage();
@@ -302,11 +342,7 @@ int main(int argc, char ** argv)
                die("Boot block hasn't got boot flag (0xAA55)");
        fclose(file);
-#ifdef CONFIG_EFI_STUB
+        c += reserve_pecoff_reloc_section(c);
-        /* Reserve 0x20 bytes for .reloc section */
-        memset(buf+c, 0, PECOFF_RELOC_RESERVE);
-        c += PECOFF_RELOC_RESERVE;
-#endif
        /* Pad unused space with zeros */
        setup_sectors = (c + 511) / 512;
@@ -315,9 +351,7 @@ int main(int argc, char ** argv)
        i = setup_sectors*512;
        memset(buf+c, 0, i-c);
-#ifdef CONFIG_EFI_STUB
        update_pecoff_setup_and_reloc(i);
-#endif
        /* Set the default root device */
        put_unaligned_le16(DEFAULT_ROOT_DEV, &buf[508]);
@@ -342,14 +376,9 @@ int main(int argc, char ** argv)
        buf[0x1f1] = setup_sectors-1;
        put_unaligned_le32(sys_size, &buf[0x1f4]);
-#ifdef CONFIG_EFI_STUB
        update_pecoff_text(setup_sectors * 512, sz + i + ((sys_size * 16) - sz));
-#ifdef CONFIG_X86_64 /* Yes, this is really how we defined it :( */
+        efi_stub_entry_update();
-        efi_stub_entry -= 0x200;
-#endif
-        put_unaligned_le32(efi_stub_entry, &buf[0x264]);
-#endif
        crc = partial_crc32(buf, i, crc);
        if (fwrite(buf, 1, i, dest) != i)
diff --git a/arch/x86/boot/video-vesa.c b/arch/x86/boot/video-vesa.c
index 11e8c6eb80a1..ba3e100654db 100644
--- a/arch/x86/boot/video-vesa.c
+++ b/arch/x86/boot/video-vesa.c
@@ -16,6 +16,7 @@
 #include "boot.h"
 #include "video.h"
 #include "vesa.h"
+#include "string.h"
 /* VESA information */
 static struct vesa_general_info vginfo;
diff --git a/arch/x86/boot/video.h b/arch/x86/boot/video.h
index ff339c5db311..0bb25491262d 100644
--- a/arch/x86/boot/video.h
+++ b/arch/x86/boot/video.h
@@ -80,7 +80,7 @@ struct card_info {
        u16 xmode_n;            /* Size of unprobed mode range */
 };
-#define __videocard struct card_info __attribute__((section(".videocards")))
+#define __videocard struct card_info __attribute__((used,section(".videocards")))
 extern struct card_info video_cards[], video_cards_end[];
 int mode_defined(u16 mode);     /* video.c */
diff --git a/arch/x86/configs/i386_defconfig b/arch/x86/configs/i386_defconfig
index a7fef2621cc9..619e7f7426c6 100644
--- a/arch/x86/configs/i386_defconfig
+++ b/arch/x86/configs/i386_defconfig
@@ -60,7 +60,6 @@ CONFIG_CRASH_DUMP=y
 CONFIG_HIBERNATION=y
 CONFIG_PM_DEBUG=y
 CONFIG_PM_TRACE_RTC=y
-CONFIG_ACPI_PROCFS=y
 CONFIG_ACPI_DOCK=y
 CONFIG_CPU_FREQ=y
 # CONFIG_CPU_FREQ_STAT is not set
diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig
index c1119d4c1281..6181c69b786b 100644
--- a/arch/x86/configs/x86_64_defconfig
+++ b/arch/x86/configs/x86_64_defconfig
@@ -58,7 +58,6 @@ CONFIG_CRASH_DUMP=y
 CONFIG_HIBERNATION=y
 CONFIG_PM_DEBUG=y
 CONFIG_PM_TRACE_RTC=y
-CONFIG_ACPI_PROCFS=y
 CONFIG_ACPI_DOCK=y
 CONFIG_CPU_FREQ=y
 # CONFIG_CPU_FREQ_STAT is not set
diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
index e0fc24db234a..61d6e281898b 100644
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -76,8 +76,12 @@ ifeq ($(avx2_supported),yes)
 endif
 aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o fpu.o
+aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o
 ghash-clmulni-intel-y := ghash-clmulni-intel_asm.o ghash-clmulni-intel_glue.o
 sha1-ssse3-y := sha1_ssse3_asm.o sha1_ssse3_glue.o
+ifeq ($(avx2_supported),yes)
+sha1-ssse3-y += sha1_avx2_x86_64_asm.o
+endif
 crc32c-intel-y := crc32c-intel_glue.o
 crc32c-intel-$(CONFIG_64BIT) += crc32c-pcl-intel-asm_64.o
 crc32-pclmul-y := crc32-pclmul_asm.o crc32-pclmul_glue.o
diff --git a/arch/x86/crypto/aesni-intel_avx-x86_64.S b/arch/x86/crypto/aesni-intel_avx-x86_64.S
new file mode 100644
index 000000000000..522ab68d1c88
--- /dev/null
+++ b/arch/x86/crypto/aesni-intel_avx-x86_64.S
@@ -0,0 +1,2811 @@
+########################################################################
+# Copyright (c) 2013, Intel Corporation
+#
+# This software is available to you under a choice of one of two
+# licenses.  You may choose to be licensed under the terms of the GNU
+# General Public License (GPL) Version 2, available from the file
+# COPYING in the main directory of this source tree, or the
+# OpenIB.org BSD license below:
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the
+#   distribution.
+#
+# * Neither the name of the Intel Corporation nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES# LOSS OF USE, DATA, OR
+# PROFITS# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+########################################################################
+##
+## Authors:
+##      Erdinc Ozturk <erdinc.ozturk@intel.com>
+##      Vinodh Gopal <vinodh.gopal@intel.com>
+##      James Guilford <james.guilford@intel.com>
+##      Tim Chen <tim.c.chen@linux.intel.com>
+##
+## References:
+##       This code was derived and highly optimized from the code described in paper:
+##               Vinodh Gopal et. al. Optimized Galois-Counter-Mode Implementation
+##                      on Intel Architecture Processors. August, 2010
+##       The details of the implementation is explained in:
+##               Erdinc Ozturk et. al. Enabling High-Performance Galois-Counter-Mode
+##                      on Intel Architecture Processors. October, 2012.
+##
+## Assumptions:
+##
+##
+##
+## iv:
+##       0                   1                   2                   3
+##       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##       |                             Salt  (From the SA)               |
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##       |                     Initialization Vector                     |
+##       |         (This is the sequence number from IPSec header)       |
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##       |                              0x1                              |
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##
+##
+##
+## AAD:
+##       AAD padded to 128 bits with 0
+##       for example, assume AAD is a u32 vector
+##
+##       if AAD is 8 bytes:
+##       AAD[3] = {A0, A1}#
+##       padded AAD in xmm register = {A1 A0 0 0}
+##
+##       0                   1                   2                   3
+##       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##       |                               SPI (A1)                        |
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##       |                     32-bit Sequence Number (A0)               |
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##       |                              0x0                              |
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##
+##                                       AAD Format with 32-bit Sequence Number
+##
+##       if AAD is 12 bytes:
+##       AAD[3] = {A0, A1, A2}#
+##       padded AAD in xmm register = {A2 A1 A0 0}
+##
+##       0                   1                   2                   3
+##       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##       |                               SPI (A2)                        |
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##       |                 64-bit Extended Sequence Number {A1,A0}       |
+##       |                                                               |
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##       |                              0x0                              |
+##       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+##
+##        AAD Format with 64-bit Extended Sequence Number
+##
+##
+## aadLen:
+##       from the definition of the spec, aadLen can only be 8 or 12 bytes.
+##       The code additionally supports aadLen of length 16 bytes.
+##
+## TLen:
+##       from the definition of the spec, TLen can only be 8, 12 or 16 bytes.
+##
+## poly = x^128 + x^127 + x^126 + x^121 + 1
+## throughout the code, one tab and two tab indentations are used. one tab is
+## for GHASH part, two tabs is for AES part.
+##
+#include <linux/linkage.h>
+#include <asm/inst.h>
+.data
+.align 16
+POLY:            .octa     0xC2000000000000000000000000000001
+POLY2:           .octa     0xC20000000000000000000001C2000000
+TWOONE:          .octa     0x00000001000000000000000000000001
+# order of these constants should not change.
+# more specifically, ALL_F should follow SHIFT_MASK, and ZERO should follow ALL_F
+SHUF_MASK:       .octa     0x000102030405060708090A0B0C0D0E0F
+SHIFT_MASK:      .octa     0x0f0e0d0c0b0a09080706050403020100
+ALL_F:           .octa     0xffffffffffffffffffffffffffffffff
+ZERO:            .octa     0x00000000000000000000000000000000
+ONE:             .octa     0x00000000000000000000000000000001
+ONEf:            .octa     0x01000000000000000000000000000000
+.text
+##define the fields of the gcm aes context
+#{
+#        u8 expanded_keys[16*11] store expanded keys
+#        u8 shifted_hkey_1[16]   store HashKey <<1 mod poly here
+#        u8 shifted_hkey_2[16]   store HashKey^2 <<1 mod poly here
+#        u8 shifted_hkey_3[16]   store HashKey^3 <<1 mod poly here
+#        u8 shifted_hkey_4[16]   store HashKey^4 <<1 mod poly here
+#        u8 shifted_hkey_5[16]   store HashKey^5 <<1 mod poly here
+#        u8 shifted_hkey_6[16]   store HashKey^6 <<1 mod poly here
+#        u8 shifted_hkey_7[16]   store HashKey^7 <<1 mod poly here
+#        u8 shifted_hkey_8[16]   store HashKey^8 <<1 mod poly here
+#        u8 shifted_hkey_1_k[16] store XOR HashKey <<1 mod poly here (for Karatsuba purposes)
+#        u8 shifted_hkey_2_k[16] store XOR HashKey^2 <<1 mod poly here (for Karatsuba purposes)
+#        u8 shifted_hkey_3_k[16] store XOR HashKey^3 <<1 mod poly here (for Karatsuba purposes)
+#        u8 shifted_hkey_4_k[16] store XOR HashKey^4 <<1 mod poly here (for Karatsuba purposes)
+#        u8 shifted_hkey_5_k[16] store XOR HashKey^5 <<1 mod poly here (for Karatsuba purposes)
+#        u8 shifted_hkey_6_k[16] store XOR HashKey^6 <<1 mod poly here (for Karatsuba purposes)
+#        u8 shifted_hkey_7_k[16] store XOR HashKey^7 <<1 mod poly here (for Karatsuba purposes)
+#        u8 shifted_hkey_8_k[16] store XOR HashKey^8 <<1 mod poly here (for Karatsuba purposes)
+#} gcm_ctx#
+HashKey        = 16*11   # store HashKey <<1 mod poly here
+HashKey_2      = 16*12   # store HashKey^2 <<1 mod poly here
+HashKey_3      = 16*13   # store HashKey^3 <<1 mod poly here
+HashKey_4      = 16*14   # store HashKey^4 <<1 mod poly here
+HashKey_5      = 16*15   # store HashKey^5 <<1 mod poly here
+HashKey_6      = 16*16   # store HashKey^6 <<1 mod poly here
+HashKey_7      = 16*17   # store HashKey^7 <<1 mod poly here
+HashKey_8      = 16*18   # store HashKey^8 <<1 mod poly here
+HashKey_k      = 16*19   # store XOR of HashKey <<1 mod poly here (for Karatsuba purposes)
+HashKey_2_k    = 16*20   # store XOR of HashKey^2 <<1 mod poly here (for Karatsuba purposes)
+HashKey_3_k    = 16*21   # store XOR of HashKey^3 <<1 mod poly here (for Karatsuba purposes)
+HashKey_4_k    = 16*22   # store XOR of HashKey^4 <<1 mod poly here (for Karatsuba purposes)
+HashKey_5_k    = 16*23   # store XOR of HashKey^5 <<1 mod poly here (for Karatsuba purposes)
+HashKey_6_k    = 16*24   # store XOR of HashKey^6 <<1 mod poly here (for Karatsuba purposes)
+HashKey_7_k    = 16*25   # store XOR of HashKey^7 <<1 mod poly here (for Karatsuba purposes)
+HashKey_8_k    = 16*26   # store XOR of HashKey^8 <<1 mod poly here (for Karatsuba purposes)
+#define arg1 %rdi
+#define arg2 %rsi
+#define arg3 %rdx
+#define arg4 %rcx
+#define arg5 %r8
+#define arg6 %r9
+#define arg7 STACK_OFFSET+8*1(%r14)
+#define arg8 STACK_OFFSET+8*2(%r14)
+#define arg9 STACK_OFFSET+8*3(%r14)
+i = 0
+j = 0
+out_order = 0
+in_order = 1
+DEC = 0
+ENC = 1
+.macro define_reg r n
+reg_\r = %xmm\n
+.endm
+.macro setreg
+.altmacro
+define_reg i %i
+define_reg j %j
+.noaltmacro
+.endm
+# need to push 4 registers into stack to maintain
+STACK_OFFSET = 8*4
+TMP1 =   16*0    # Temporary storage for AAD
+TMP2 =   16*1    # Temporary storage for AES State 2 (State 1 is stored in an XMM register)
+TMP3 =   16*2    # Temporary storage for AES State 3
+TMP4 =   16*3    # Temporary storage for AES State 4
+TMP5 =   16*4    # Temporary storage for AES State 5
+TMP6 =   16*5    # Temporary storage for AES State 6
+TMP7 =   16*6    # Temporary storage for AES State 7
+TMP8 =   16*7    # Temporary storage for AES State 8
+VARIABLE_OFFSET = 16*8
+################################
+# Utility Macros
+################################
+# Encryption of a single block
+.macro ENCRYPT_SINGLE_BLOCK XMM0
+                vpxor    (arg1), \XMM0, \XMM0
+                i = 1
+                setreg
+.rep 9
+                vaesenc  16*i(arg1), \XMM0, \XMM0
+                i = (i+1)
+                setreg
+.endr
+                vaesenclast 16*10(arg1), \XMM0, \XMM0
+.endm
+#ifdef CONFIG_AS_AVX
+###############################################################################
+# GHASH_MUL MACRO to implement: Data*HashKey mod (128,127,126,121,0)
+# Input: A and B (128-bits each, bit-reflected)
+# Output: C = A*B*x mod poly, (i.e. >>1 )
+# To compute GH = GH*HashKey mod poly, give HK = HashKey<<1 mod poly as input
+# GH = GH * HK * x mod poly which is equivalent to GH*HashKey mod poly.
+###############################################################################
+.macro  GHASH_MUL_AVX GH HK T1 T2 T3 T4 T5
+        vpshufd         $0b01001110, \GH, \T2
+        vpshufd         $0b01001110, \HK, \T3
+        vpxor           \GH     , \T2, \T2      # T2 = (a1+a0)
+        vpxor           \HK     , \T3, \T3      # T3 = (b1+b0)
+        vpclmulqdq      $0x11, \HK, \GH, \T1    # T1 = a1*b1
+        vpclmulqdq      $0x00, \HK, \GH, \GH    # GH = a0*b0
+        vpclmulqdq      $0x00, \T3, \T2, \T2    # T2 = (a1+a0)*(b1+b0)
+        vpxor           \GH, \T2,\T2
+        vpxor           \T1, \T2,\T2            # T2 = a0*b1+a1*b0
+        vpslldq         $8, \T2,\T3             # shift-L T3 2 DWs
+        vpsrldq         $8, \T2,\T2             # shift-R T2 2 DWs
+        vpxor           \T3, \GH, \GH
+        vpxor           \T2, \T1, \T1           # <T1:GH> = GH x HK
+        #first phase of the reduction
+        vpslld  $31, \GH, \T2                   # packed right shifting << 31
+        vpslld  $30, \GH, \T3                   # packed right shifting shift << 30
+        vpslld  $25, \GH, \T4                   # packed right shifting shift << 25
+        vpxor   \T3, \T2, \T2                   # xor the shifted versions
+        vpxor   \T4, \T2, \T2
+        vpsrldq $4, \T2, \T5                    # shift-R T5 1 DW
+        vpslldq $12, \T2, \T2                   # shift-L T2 3 DWs
+        vpxor   \T2, \GH, \GH                   # first phase of the reduction complete
+        #second phase of the reduction
+        vpsrld  $1,\GH, \T2                     # packed left shifting >> 1
+        vpsrld  $2,\GH, \T3                     # packed left shifting >> 2
+        vpsrld  $7,\GH, \T4                     # packed left shifting >> 7
+        vpxor   \T3, \T2, \T2                   # xor the shifted versions
+        vpxor   \T4, \T2, \T2
+        vpxor   \T5, \T2, \T2
+        vpxor   \T2, \GH, \GH
+        vpxor   \T1, \GH, \GH                   # the result is in GH
+.endm
+.macro PRECOMPUTE_AVX HK T1 T2 T3 T4 T5 T6
+        # Haskey_i_k holds XORed values of the low and high parts of the Haskey_i
+        vmovdqa  \HK, \T5
+        vpshufd  $0b01001110, \T5, \T1
+        vpxor    \T5, \T1, \T1
+        vmovdqa  \T1, HashKey_k(arg1)
+        GHASH_MUL_AVX \T5, \HK, \T1, \T3, \T4, \T6, \T2  #  T5 = HashKey^2<<1 mod poly
+        vmovdqa  \T5, HashKey_2(arg1)                    #  [HashKey_2] = HashKey^2<<1 mod poly
+        vpshufd  $0b01001110, \T5, \T1
+        vpxor    \T5, \T1, \T1
+        vmovdqa  \T1, HashKey_2_k(arg1)
+        GHASH_MUL_AVX \T5, \HK, \T1, \T3, \T4, \T6, \T2  #  T5 = HashKey^3<<1 mod poly
+        vmovdqa  \T5, HashKey_3(arg1)
+        vpshufd  $0b01001110, \T5, \T1
+        vpxor    \T5, \T1, \T1
+        vmovdqa  \T1, HashKey_3_k(arg1)
+        GHASH_MUL_AVX \T5, \HK, \T1, \T3, \T4, \T6, \T2  #  T5 = HashKey^4<<1 mod poly
+        vmovdqa  \T5, HashKey_4(arg1)
+        vpshufd  $0b01001110, \T5, \T1
+        vpxor    \T5, \T1, \T1
+        vmovdqa  \T1, HashKey_4_k(arg1)
+        GHASH_MUL_AVX \T5, \HK, \T1, \T3, \T4, \T6, \T2  #  T5 = HashKey^5<<1 mod poly
+        vmovdqa  \T5, HashKey_5(arg1)
+        vpshufd  $0b01001110, \T5, \T1
+        vpxor    \T5, \T1, \T1
+        vmovdqa  \T1, HashKey_5_k(arg1)
+        GHASH_MUL_AVX \T5, \HK, \T1, \T3, \T4, \T6, \T2  #  T5 = HashKey^6<<1 mod poly
+        vmovdqa  \T5, HashKey_6(arg1)
+        vpshufd  $0b01001110, \T5, \T1
+        vpxor    \T5, \T1, \T1
+        vmovdqa  \T1, HashKey_6_k(arg1)
+        GHASH_MUL_AVX \T5, \HK, \T1, \T3, \T4, \T6, \T2  #  T5 = HashKey^7<<1 mod poly
+        vmovdqa  \T5, HashKey_7(arg1)
+        vpshufd  $0b01001110, \T5, \T1
+        vpxor    \T5, \T1, \T1
+        vmovdqa  \T1, HashKey_7_k(arg1)
+        GHASH_MUL_AVX \T5, \HK, \T1, \T3, \T4, \T6, \T2  #  T5 = HashKey^8<<1 mod poly
+        vmovdqa  \T5, HashKey_8(arg1)
+        vpshufd  $0b01001110, \T5, \T1
+        vpxor    \T5, \T1, \T1
+        vmovdqa  \T1, HashKey_8_k(arg1)
+.endm
+## if a = number of total plaintext bytes
+## b = floor(a/16)
+## num_initial_blocks = b mod 4#
+## encrypt the initial num_initial_blocks blocks and apply ghash on the ciphertext
+## r10, r11, r12, rax are clobbered
+## arg1, arg2, arg3, r14 are used as a pointer only, not modified
+.macro INITIAL_BLOCKS_AVX num_initial_blocks T1 T2 T3 T4 T5 CTR XMM1 XMM2 XMM3 XMM4 XMM5 XMM6 XMM7 XMM8 T6 T_key ENC_DEC
+        i = (8-\num_initial_blocks)
+        setreg
+        mov     arg6, %r10                      # r10 = AAD
+        mov     arg7, %r12                      # r12 = aadLen
+        mov     %r12, %r11
+        vpxor   reg_i, reg_i, reg_i
+_get_AAD_loop\@:
+        vmovd   (%r10), \T1
+        vpslldq $12, \T1, \T1
+        vpsrldq $4, reg_i, reg_i
+        vpxor   \T1, reg_i, reg_i
+        add     $4, %r10
+        sub     $4, %r12
+        jg      _get_AAD_loop\@
+        cmp     $16, %r11
+        je      _get_AAD_loop2_done\@
+        mov     $16, %r12
+_get_AAD_loop2\@:
+        vpsrldq $4, reg_i, reg_i
+        sub     $4, %r12
+        cmp     %r11, %r12
+        jg      _get_AAD_loop2\@
+_get_AAD_loop2_done\@:
+        #byte-reflect the AAD data
+        vpshufb SHUF_MASK(%rip), reg_i, reg_i
+        # initialize the data pointer offset as zero
+        xor     %r11, %r11
+        # start AES for num_initial_blocks blocks
+        mov     arg5, %rax                     # rax = *Y0
+        vmovdqu (%rax), \CTR                   # CTR = Y0
+        vpshufb SHUF_MASK(%rip), \CTR, \CTR
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+                vpaddd  ONE(%rip), \CTR, \CTR           # INCR Y0
+                vmovdqa \CTR, reg_i
+                vpshufb SHUF_MASK(%rip), reg_i, reg_i   # perform a 16Byte swap
+        i = (i+1)
+        setreg
+.endr
+        vmovdqa  (arg1), \T_key
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+                vpxor   \T_key, reg_i, reg_i
+        i = (i+1)
+        setreg
+.endr
+        j = 1
+        setreg
+.rep 9
+        vmovdqa  16*j(arg1), \T_key
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+        vaesenc \T_key, reg_i, reg_i
+        i = (i+1)
+        setreg
+.endr
+        j = (j+1)
+        setreg
+.endr
+        vmovdqa  16*10(arg1), \T_key
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+        vaesenclast      \T_key, reg_i, reg_i
+        i = (i+1)
+        setreg
+.endr
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+                vmovdqu (arg3, %r11), \T1
+                vpxor   \T1, reg_i, reg_i
+                vmovdqu reg_i, (arg2 , %r11)           # write back ciphertext for num_initial_blocks blocks
+                add     $16, %r11
+.if  \ENC_DEC == DEC
+                vmovdqa \T1, reg_i
+.endif
+                vpshufb SHUF_MASK(%rip), reg_i, reg_i  # prepare ciphertext for GHASH computations
+        i = (i+1)
+        setreg
+.endr
+        i = (8-\num_initial_blocks)
+        j = (9-\num_initial_blocks)
+        setreg
+        GHASH_MUL_AVX       reg_i, \T2, \T1, \T3, \T4, \T5, \T6
+.rep \num_initial_blocks
+        vpxor    reg_i, reg_j, reg_j
+        GHASH_MUL_AVX       reg_j, \T2, \T1, \T3, \T4, \T5, \T6 # apply GHASH on num_initial_blocks blocks
+        i = (i+1)
+        j = (j+1)
+        setreg
+.endr
+        # XMM8 has the combined result here
+        vmovdqa  \XMM8, TMP1(%rsp)
+        vmovdqa  \XMM8, \T3
+        cmp     $128, %r13
+        jl      _initial_blocks_done\@                  # no need for precomputed constants
+###############################################################################
+# Haskey_i_k holds XORed values of the low and high parts of the Haskey_i
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM1
+                vpshufb  SHUF_MASK(%rip), \XMM1, \XMM1  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM2
+                vpshufb  SHUF_MASK(%rip), \XMM2, \XMM2  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM3
+                vpshufb  SHUF_MASK(%rip), \XMM3, \XMM3  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM4
+                vpshufb  SHUF_MASK(%rip), \XMM4, \XMM4  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM5
+                vpshufb  SHUF_MASK(%rip), \XMM5, \XMM5  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM6
+                vpshufb  SHUF_MASK(%rip), \XMM6, \XMM6  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM7
+                vpshufb  SHUF_MASK(%rip), \XMM7, \XMM7  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM8
+                vpshufb  SHUF_MASK(%rip), \XMM8, \XMM8  # perform a 16Byte swap
+                vmovdqa  (arg1), \T_key
+                vpxor    \T_key, \XMM1, \XMM1
+                vpxor    \T_key, \XMM2, \XMM2
+                vpxor    \T_key, \XMM3, \XMM3
+                vpxor    \T_key, \XMM4, \XMM4
+                vpxor    \T_key, \XMM5, \XMM5
+                vpxor    \T_key, \XMM6, \XMM6
+                vpxor    \T_key, \XMM7, \XMM7
+                vpxor    \T_key, \XMM8, \XMM8
+                i = 1
+                setreg
+.rep    9       # do 9 rounds
+                vmovdqa  16*i(arg1), \T_key
+                vaesenc  \T_key, \XMM1, \XMM1
+                vaesenc  \T_key, \XMM2, \XMM2
+                vaesenc  \T_key, \XMM3, \XMM3
+                vaesenc  \T_key, \XMM4, \XMM4
+                vaesenc  \T_key, \XMM5, \XMM5
+                vaesenc  \T_key, \XMM6, \XMM6
+                vaesenc  \T_key, \XMM7, \XMM7
+                vaesenc  \T_key, \XMM8, \XMM8
+                i = (i+1)
+                setreg
+.endr
+                vmovdqa  16*i(arg1), \T_key
+                vaesenclast  \T_key, \XMM1, \XMM1
+                vaesenclast  \T_key, \XMM2, \XMM2
+                vaesenclast  \T_key, \XMM3, \XMM3
+                vaesenclast  \T_key, \XMM4, \XMM4
+                vaesenclast  \T_key, \XMM5, \XMM5
+                vaesenclast  \T_key, \XMM6, \XMM6
+                vaesenclast  \T_key, \XMM7, \XMM7
+                vaesenclast  \T_key, \XMM8, \XMM8
+                vmovdqu  (arg3, %r11), \T1
+                vpxor    \T1, \XMM1, \XMM1
+                vmovdqu  \XMM1, (arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM1
+                .endif
+                vmovdqu  16*1(arg3, %r11), \T1
+                vpxor    \T1, \XMM2, \XMM2
+                vmovdqu  \XMM2, 16*1(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM2
+                .endif
+                vmovdqu  16*2(arg3, %r11), \T1
+                vpxor    \T1, \XMM3, \XMM3
+                vmovdqu  \XMM3, 16*2(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM3
+                .endif
+                vmovdqu  16*3(arg3, %r11), \T1
+                vpxor    \T1, \XMM4, \XMM4
+                vmovdqu  \XMM4, 16*3(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM4
+                .endif
+                vmovdqu  16*4(arg3, %r11), \T1
+                vpxor    \T1, \XMM5, \XMM5
+                vmovdqu  \XMM5, 16*4(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM5
+                .endif
+                vmovdqu  16*5(arg3, %r11), \T1
+                vpxor    \T1, \XMM6, \XMM6
+                vmovdqu  \XMM6, 16*5(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM6
+                .endif
+                vmovdqu  16*6(arg3, %r11), \T1
+                vpxor    \T1, \XMM7, \XMM7
+                vmovdqu  \XMM7, 16*6(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM7
+                .endif
+                vmovdqu  16*7(arg3, %r11), \T1
+                vpxor    \T1, \XMM8, \XMM8
+                vmovdqu  \XMM8, 16*7(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM8
+                .endif
+                add     $128, %r11
+                vpshufb  SHUF_MASK(%rip), \XMM1, \XMM1     # perform a 16Byte swap
+                vpxor    TMP1(%rsp), \XMM1, \XMM1          # combine GHASHed value with the corresponding ciphertext
+                vpshufb  SHUF_MASK(%rip), \XMM2, \XMM2     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM3, \XMM3     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM4, \XMM4     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM5, \XMM5     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM6, \XMM6     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM7, \XMM7     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM8, \XMM8     # perform a 16Byte swap
+###############################################################################
+_initial_blocks_done\@:
+.endm
+# encrypt 8 blocks at a time
+# ghash the 8 previously encrypted ciphertext blocks
+# arg1, arg2, arg3 are used as pointers only, not modified
+# r11 is the data offset value
+.macro GHASH_8_ENCRYPT_8_PARALLEL_AVX T1 T2 T3 T4 T5 T6 CTR XMM1 XMM2 XMM3 XMM4 XMM5 XMM6 XMM7 XMM8 T7 loop_idx ENC_DEC
+        vmovdqa \XMM1, \T2
+        vmovdqa \XMM2, TMP2(%rsp)
+        vmovdqa \XMM3, TMP3(%rsp)
+        vmovdqa \XMM4, TMP4(%rsp)
+        vmovdqa \XMM5, TMP5(%rsp)
+        vmovdqa \XMM6, TMP6(%rsp)
+        vmovdqa \XMM7, TMP7(%rsp)
+        vmovdqa \XMM8, TMP8(%rsp)
+.if \loop_idx == in_order
+                vpaddd  ONE(%rip), \CTR, \XMM1           # INCR CNT
+                vpaddd  ONE(%rip), \XMM1, \XMM2
+                vpaddd  ONE(%rip), \XMM2, \XMM3
+                vpaddd  ONE(%rip), \XMM3, \XMM4
+                vpaddd  ONE(%rip), \XMM4, \XMM5
+                vpaddd  ONE(%rip), \XMM5, \XMM6
+                vpaddd  ONE(%rip), \XMM6, \XMM7
+                vpaddd  ONE(%rip), \XMM7, \XMM8
+                vmovdqa \XMM8, \CTR
+                vpshufb SHUF_MASK(%rip), \XMM1, \XMM1    # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM2, \XMM2    # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM3, \XMM3    # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM4, \XMM4    # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM5, \XMM5    # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM6, \XMM6    # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM7, \XMM7    # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM8, \XMM8    # perform a 16Byte swap
+.else
+                vpaddd  ONEf(%rip), \CTR, \XMM1           # INCR CNT
+                vpaddd  ONEf(%rip), \XMM1, \XMM2
+                vpaddd  ONEf(%rip), \XMM2, \XMM3
+                vpaddd  ONEf(%rip), \XMM3, \XMM4
+                vpaddd  ONEf(%rip), \XMM4, \XMM5
+                vpaddd  ONEf(%rip), \XMM5, \XMM6
+                vpaddd  ONEf(%rip), \XMM6, \XMM7
+                vpaddd  ONEf(%rip), \XMM7, \XMM8
+                vmovdqa \XMM8, \CTR
+.endif
+        #######################################################################
+                vmovdqu (arg1), \T1
+                vpxor   \T1, \XMM1, \XMM1
+                vpxor   \T1, \XMM2, \XMM2
+                vpxor   \T1, \XMM3, \XMM3
+                vpxor   \T1, \XMM4, \XMM4
+                vpxor   \T1, \XMM5, \XMM5
+                vpxor   \T1, \XMM6, \XMM6
+                vpxor   \T1, \XMM7, \XMM7
+                vpxor   \T1, \XMM8, \XMM8
+        #######################################################################
+                vmovdqu 16*1(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+                vmovdqu 16*2(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        #######################################################################
+        vmovdqa         HashKey_8(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T2, \T4             # T4 = a1*b1
+        vpclmulqdq      $0x00, \T5, \T2, \T7             # T7 = a0*b0
+        vpshufd         $0b01001110, \T2, \T6
+        vpxor           \T2, \T6, \T6
+        vmovdqa         HashKey_8_k(arg1), \T5
+        vpclmulqdq      $0x00, \T5, \T6, \T6
+                vmovdqu 16*3(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP2(%rsp), \T1
+        vmovdqa         HashKey_7(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpshufd         $0b01001110, \T1, \T3
+        vpxor           \T1, \T3, \T3
+        vmovdqa         HashKey_7_k(arg1), \T5
+        vpclmulqdq      $0x10, \T5, \T3, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*4(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        #######################################################################
+        vmovdqa         TMP3(%rsp), \T1
+        vmovdqa         HashKey_6(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpshufd         $0b01001110, \T1, \T3
+        vpxor           \T1, \T3, \T3
+        vmovdqa         HashKey_6_k(arg1), \T5
+        vpclmulqdq      $0x10, \T5, \T3, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*5(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP4(%rsp), \T1
+        vmovdqa         HashKey_5(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpshufd         $0b01001110, \T1, \T3
+        vpxor           \T1, \T3, \T3
+        vmovdqa         HashKey_5_k(arg1), \T5
+        vpclmulqdq      $0x10, \T5, \T3, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*6(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP5(%rsp), \T1
+        vmovdqa         HashKey_4(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpshufd         $0b01001110, \T1, \T3
+        vpxor           \T1, \T3, \T3
+        vmovdqa         HashKey_4_k(arg1), \T5
+        vpclmulqdq      $0x10, \T5, \T3, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*7(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP6(%rsp), \T1
+        vmovdqa         HashKey_3(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpshufd         $0b01001110, \T1, \T3
+        vpxor           \T1, \T3, \T3
+        vmovdqa         HashKey_3_k(arg1), \T5
+        vpclmulqdq      $0x10, \T5, \T3, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*8(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP7(%rsp), \T1
+        vmovdqa         HashKey_2(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpshufd         $0b01001110, \T1, \T3
+        vpxor           \T1, \T3, \T3
+        vmovdqa         HashKey_2_k(arg1), \T5
+        vpclmulqdq      $0x10, \T5, \T3, \T3
+        vpxor           \T3, \T6, \T6
+        #######################################################################
+                vmovdqu 16*9(arg1), \T5
+                vaesenc \T5, \XMM1, \XMM1
+                vaesenc \T5, \XMM2, \XMM2
+                vaesenc \T5, \XMM3, \XMM3
+                vaesenc \T5, \XMM4, \XMM4
+                vaesenc \T5, \XMM5, \XMM5
+                vaesenc \T5, \XMM6, \XMM6
+                vaesenc \T5, \XMM7, \XMM7
+                vaesenc \T5, \XMM8, \XMM8
+        vmovdqa         TMP8(%rsp), \T1
+        vmovdqa         HashKey(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpshufd         $0b01001110, \T1, \T3
+        vpxor           \T1, \T3, \T3
+        vmovdqa         HashKey_k(arg1), \T5
+        vpclmulqdq      $0x10, \T5, \T3, \T3
+        vpxor           \T3, \T6, \T6
+        vpxor           \T4, \T6, \T6
+        vpxor           \T7, \T6, \T6
+                vmovdqu 16*10(arg1), \T5
+        i = 0
+        j = 1
+        setreg
+.rep 8
+                vpxor   16*i(arg3, %r11), \T5, \T2
+                .if \ENC_DEC == ENC
+                vaesenclast     \T2, reg_j, reg_j
+                .else
+                vaesenclast     \T2, reg_j, \T3
+                vmovdqu 16*i(arg3, %r11), reg_j
+                vmovdqu \T3, 16*i(arg2, %r11)
+                .endif
+        i = (i+1)
+        j = (j+1)
+        setreg
+.endr
+        #######################################################################
+        vpslldq $8, \T6, \T3                            # shift-L T3 2 DWs
+        vpsrldq $8, \T6, \T6                            # shift-R T2 2 DWs
+        vpxor   \T3, \T7, \T7
+        vpxor   \T4, \T6, \T6                           # accumulate the results in T6:T7
+        #######################################################################
+        #first phase of the reduction
+        #######################################################################
+        vpslld  $31, \T7, \T2                           # packed right shifting << 31
+        vpslld  $30, \T7, \T3                           # packed right shifting shift << 30
+        vpslld  $25, \T7, \T4                           # packed right shifting shift << 25
+        vpxor   \T3, \T2, \T2                           # xor the shifted versions
+        vpxor   \T4, \T2, \T2
+        vpsrldq $4, \T2, \T1                            # shift-R T1 1 DW
+        vpslldq $12, \T2, \T2                           # shift-L T2 3 DWs
+        vpxor   \T2, \T7, \T7                           # first phase of the reduction complete
+        #######################################################################
+                .if \ENC_DEC == ENC
+                vmovdqu  \XMM1, 16*0(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM2, 16*1(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM3, 16*2(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM4, 16*3(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM5, 16*4(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM6, 16*5(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM7, 16*6(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM8, 16*7(arg2,%r11)         # Write to the Ciphertext buffer
+                .endif
+        #######################################################################
+        #second phase of the reduction
+        vpsrld  $1, \T7, \T2                            # packed left shifting >> 1
+        vpsrld  $2, \T7, \T3                            # packed left shifting >> 2
+        vpsrld  $7, \T7, \T4                            # packed left shifting >> 7
+        vpxor   \T3, \T2, \T2                           # xor the shifted versions
+        vpxor   \T4, \T2, \T2
+        vpxor   \T1, \T2, \T2
+        vpxor   \T2, \T7, \T7
+        vpxor   \T7, \T6, \T6                           # the result is in T6
+        #######################################################################
+                vpshufb SHUF_MASK(%rip), \XMM1, \XMM1   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM2, \XMM2   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM3, \XMM3   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM4, \XMM4   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM5, \XMM5   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM6, \XMM6   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM7, \XMM7   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM8, \XMM8   # perform a 16Byte swap
+        vpxor   \T6, \XMM1, \XMM1
+.endm
+# GHASH the last 4 ciphertext blocks.
+.macro  GHASH_LAST_8_AVX T1 T2 T3 T4 T5 T6 T7 XMM1 XMM2 XMM3 XMM4 XMM5 XMM6 XMM7 XMM8
+        ## Karatsuba Method
+        vpshufd         $0b01001110, \XMM1, \T2
+        vpxor           \XMM1, \T2, \T2
+        vmovdqa         HashKey_8(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \XMM1, \T6
+        vpclmulqdq      $0x00, \T5, \XMM1, \T7
+        vmovdqa         HashKey_8_k(arg1), \T3
+        vpclmulqdq      $0x00, \T3, \T2, \XMM1
+        ######################
+        vpshufd         $0b01001110, \XMM2, \T2
+        vpxor           \XMM2, \T2, \T2
+        vmovdqa         HashKey_7(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \XMM2, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM2, \T4
+        vpxor           \T4, \T7, \T7
+        vmovdqa         HashKey_7_k(arg1), \T3
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vpshufd         $0b01001110, \XMM3, \T2
+        vpxor           \XMM3, \T2, \T2
+        vmovdqa         HashKey_6(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \XMM3, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM3, \T4
+        vpxor           \T4, \T7, \T7
+        vmovdqa         HashKey_6_k(arg1), \T3
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vpshufd         $0b01001110, \XMM4, \T2
+        vpxor           \XMM4, \T2, \T2
+        vmovdqa         HashKey_5(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \XMM4, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM4, \T4
+        vpxor           \T4, \T7, \T7
+        vmovdqa         HashKey_5_k(arg1), \T3
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vpshufd         $0b01001110, \XMM5, \T2
+        vpxor           \XMM5, \T2, \T2
+        vmovdqa         HashKey_4(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \XMM5, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM5, \T4
+        vpxor           \T4, \T7, \T7
+        vmovdqa         HashKey_4_k(arg1), \T3
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vpshufd         $0b01001110, \XMM6, \T2
+        vpxor           \XMM6, \T2, \T2
+        vmovdqa         HashKey_3(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \XMM6, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM6, \T4
+        vpxor           \T4, \T7, \T7
+        vmovdqa         HashKey_3_k(arg1), \T3
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vpshufd         $0b01001110, \XMM7, \T2
+        vpxor           \XMM7, \T2, \T2
+        vmovdqa         HashKey_2(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \XMM7, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM7, \T4
+        vpxor           \T4, \T7, \T7
+        vmovdqa         HashKey_2_k(arg1), \T3
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vpshufd         $0b01001110, \XMM8, \T2
+        vpxor           \XMM8, \T2, \T2
+        vmovdqa         HashKey(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \XMM8, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM8, \T4
+        vpxor           \T4, \T7, \T7
+        vmovdqa         HashKey_k(arg1), \T3
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        vpxor           \T6, \XMM1, \XMM1
+        vpxor           \T7, \XMM1, \T2
+        vpslldq $8, \T2, \T4
+        vpsrldq $8, \T2, \T2
+        vpxor   \T4, \T7, \T7
+        vpxor   \T2, \T6, \T6   # <T6:T7> holds the result of
+                                # the accumulated carry-less multiplications
+        #######################################################################
+        #first phase of the reduction
+        vpslld  $31, \T7, \T2   # packed right shifting << 31
+        vpslld  $30, \T7, \T3   # packed right shifting shift << 30
+        vpslld  $25, \T7, \T4   # packed right shifting shift << 25
+        vpxor   \T3, \T2, \T2   # xor the shifted versions
+        vpxor   \T4, \T2, \T2
+        vpsrldq $4, \T2, \T1    # shift-R T1 1 DW
+        vpslldq $12, \T2, \T2   # shift-L T2 3 DWs
+        vpxor   \T2, \T7, \T7   # first phase of the reduction complete
+        #######################################################################
+        #second phase of the reduction
+        vpsrld  $1, \T7, \T2    # packed left shifting >> 1
+        vpsrld  $2, \T7, \T3    # packed left shifting >> 2
+        vpsrld  $7, \T7, \T4    # packed left shifting >> 7
+        vpxor   \T3, \T2, \T2   # xor the shifted versions
+        vpxor   \T4, \T2, \T2
+        vpxor   \T1, \T2, \T2
+        vpxor   \T2, \T7, \T7
+        vpxor   \T7, \T6, \T6   # the result is in T6
+.endm
+# combined for GCM encrypt and decrypt functions
+# clobbering all xmm registers
+# clobbering r10, r11, r12, r13, r14, r15
+.macro  GCM_ENC_DEC_AVX     ENC_DEC
+        #the number of pushes must equal STACK_OFFSET
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        mov     %rsp, %r14
+        sub     $VARIABLE_OFFSET, %rsp
+        and     $~63, %rsp                  # align rsp to 64 bytes
+        vmovdqu  HashKey(arg1), %xmm13      # xmm13 = HashKey
+        mov     arg4, %r13                  # save the number of bytes of plaintext/ciphertext
+        and     $-16, %r13                  # r13 = r13 - (r13 mod 16)
+        mov     %r13, %r12
+        shr     $4, %r12
+        and     $7, %r12
+        jz      _initial_num_blocks_is_0\@
+        cmp     $7, %r12
+        je      _initial_num_blocks_is_7\@
+        cmp     $6, %r12
+        je      _initial_num_blocks_is_6\@
+        cmp     $5, %r12
+        je      _initial_num_blocks_is_5\@
+        cmp     $4, %r12
+        je      _initial_num_blocks_is_4\@
+        cmp     $3, %r12
+        je      _initial_num_blocks_is_3\@
+        cmp     $2, %r12
+        je      _initial_num_blocks_is_2\@
+        jmp     _initial_num_blocks_is_1\@
+_initial_num_blocks_is_7\@:
+        INITIAL_BLOCKS_AVX  7, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*7, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_6\@:
+        INITIAL_BLOCKS_AVX  6, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*6, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_5\@:
+        INITIAL_BLOCKS_AVX  5, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*5, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_4\@:
+        INITIAL_BLOCKS_AVX  4, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*4, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_3\@:
+        INITIAL_BLOCKS_AVX  3, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*3, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_2\@:
+        INITIAL_BLOCKS_AVX  2, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*2, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_1\@:
+        INITIAL_BLOCKS_AVX  1, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*1, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_0\@:
+        INITIAL_BLOCKS_AVX  0, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+_initial_blocks_encrypted\@:
+        cmp     $0, %r13
+        je      _zero_cipher_left\@
+        sub     $128, %r13
+        je      _eight_cipher_left\@
+        vmovd   %xmm9, %r15d
+        and     $255, %r15d
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+_encrypt_by_8_new\@:
+        cmp     $(255-8), %r15d
+        jg      _encrypt_by_8\@
+        add     $8, %r15b
+        GHASH_8_ENCRYPT_8_PARALLEL_AVX      %xmm0, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm15, out_order, \ENC_DEC
+        add     $128, %r11
+        sub     $128, %r13
+        jne     _encrypt_by_8_new\@
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        jmp     _eight_cipher_left\@
+_encrypt_by_8\@:
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        add     $8, %r15b
+        GHASH_8_ENCRYPT_8_PARALLEL_AVX      %xmm0, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm15, in_order, \ENC_DEC
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        add     $128, %r11
+        sub     $128, %r13
+        jne     _encrypt_by_8_new\@
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+_eight_cipher_left\@:
+        GHASH_LAST_8_AVX    %xmm0, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm15, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8
+_zero_cipher_left\@:
+        cmp     $16, arg4
+        jl      _only_less_than_16\@
+        mov     arg4, %r13
+        and     $15, %r13                            # r13 = (arg4 mod 16)
+        je      _multiple_of_16_bytes\@
+        # handle the last <16 Byte block seperately
+        vpaddd   ONE(%rip), %xmm9, %xmm9             # INCR CNT to get Yn
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        ENCRYPT_SINGLE_BLOCK    %xmm9                # E(K, Yn)
+        sub     $16, %r11
+        add     %r13, %r11
+        vmovdqu (arg3, %r11), %xmm1                  # receive the last <16 Byte block
+        lea     SHIFT_MASK+16(%rip), %r12
+        sub     %r13, %r12                           # adjust the shuffle mask pointer to be
+                                                     # able to shift 16-r13 bytes (r13 is the
+                                                     # number of bytes in plaintext mod 16)
+        vmovdqu (%r12), %xmm2                        # get the appropriate shuffle mask
+        vpshufb %xmm2, %xmm1, %xmm1                  # shift right 16-r13 bytes
+        jmp     _final_ghash_mul\@
+_only_less_than_16\@:
+        # check for 0 length
+        mov     arg4, %r13
+        and     $15, %r13                            # r13 = (arg4 mod 16)
+        je      _multiple_of_16_bytes\@
+        # handle the last <16 Byte block seperately
+        vpaddd  ONE(%rip), %xmm9, %xmm9              # INCR CNT to get Yn
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        ENCRYPT_SINGLE_BLOCK    %xmm9                # E(K, Yn)
+        lea     SHIFT_MASK+16(%rip), %r12
+        sub     %r13, %r12                           # adjust the shuffle mask pointer to be
+                                                     # able to shift 16-r13 bytes (r13 is the
+                                                     # number of bytes in plaintext mod 16)
+_get_last_16_byte_loop\@:
+        movb    (arg3, %r11),  %al
+        movb    %al,  TMP1 (%rsp , %r11)
+        add     $1, %r11
+        cmp     %r13,  %r11
+        jne     _get_last_16_byte_loop\@
+        vmovdqu  TMP1(%rsp), %xmm1
+        sub     $16, %r11
+_final_ghash_mul\@:
+        .if  \ENC_DEC ==  DEC
+        vmovdqa %xmm1, %xmm2
+        vpxor   %xmm1, %xmm9, %xmm9                  # Plaintext XOR E(K, Yn)
+        vmovdqu ALL_F-SHIFT_MASK(%r12), %xmm1        # get the appropriate mask to
+                                                     # mask out top 16-r13 bytes of xmm9
+        vpand   %xmm1, %xmm9, %xmm9                  # mask out top 16-r13 bytes of xmm9
+        vpand   %xmm1, %xmm2, %xmm2
+        vpshufb SHUF_MASK(%rip), %xmm2, %xmm2
+        vpxor   %xmm2, %xmm14, %xmm14
+        #GHASH computation for the last <16 Byte block
+        GHASH_MUL_AVX       %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6
+        sub     %r13, %r11
+        add     $16, %r11
+        .else
+        vpxor   %xmm1, %xmm9, %xmm9                  # Plaintext XOR E(K, Yn)
+        vmovdqu ALL_F-SHIFT_MASK(%r12), %xmm1        # get the appropriate mask to
+                                                     # mask out top 16-r13 bytes of xmm9
+        vpand   %xmm1, %xmm9, %xmm9                  # mask out top 16-r13 bytes of xmm9
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        vpxor   %xmm9, %xmm14, %xmm14
+        #GHASH computation for the last <16 Byte block
+        GHASH_MUL_AVX       %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6
+        sub     %r13, %r11
+        add     $16, %r11
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9        # shuffle xmm9 back to output as ciphertext
+        .endif
+        #############################
+        # output r13 Bytes
+        vmovq   %xmm9, %rax
+        cmp     $8, %r13
+        jle     _less_than_8_bytes_left\@
+        mov     %rax, (arg2 , %r11)
+        add     $8, %r11
+        vpsrldq $8, %xmm9, %xmm9
+        vmovq   %xmm9, %rax
+        sub     $8, %r13
+_less_than_8_bytes_left\@:
+        movb    %al, (arg2 , %r11)
+        add     $1, %r11
+        shr     $8, %rax
+        sub     $1, %r13
+        jne     _less_than_8_bytes_left\@
+        #############################
+_multiple_of_16_bytes\@:
+        mov     arg7, %r12                           # r12 = aadLen (number of bytes)
+        shl     $3, %r12                             # convert into number of bits
+        vmovd   %r12d, %xmm15                        # len(A) in xmm15
+        shl     $3, arg4                             # len(C) in bits  (*128)
+        vmovq   arg4, %xmm1
+        vpslldq $8, %xmm15, %xmm15                   # xmm15 = len(A)|| 0x0000000000000000
+        vpxor   %xmm1, %xmm15, %xmm15                # xmm15 = len(A)||len(C)
+        vpxor   %xmm15, %xmm14, %xmm14
+        GHASH_MUL_AVX       %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6    # final GHASH computation
+        vpshufb SHUF_MASK(%rip), %xmm14, %xmm14      # perform a 16Byte swap
+        mov     arg5, %rax                           # rax = *Y0
+        vmovdqu (%rax), %xmm9                        # xmm9 = Y0
+        ENCRYPT_SINGLE_BLOCK    %xmm9                # E(K, Y0)
+        vpxor   %xmm14, %xmm9, %xmm9
+_return_T\@:
+        mov     arg8, %r10              # r10 = authTag
+        mov     arg9, %r11              # r11 = auth_tag_len
+        cmp     $16, %r11
+        je      _T_16\@
+        cmp     $12, %r11
+        je      _T_12\@
+_T_8\@:
+        vmovq   %xmm9, %rax
+        mov     %rax, (%r10)
+        jmp     _return_T_done\@
+_T_12\@:
+        vmovq   %xmm9, %rax
+        mov     %rax, (%r10)
+        vpsrldq $8, %xmm9, %xmm9
+        vmovd   %xmm9, %eax
+        mov     %eax, 8(%r10)
+        jmp     _return_T_done\@
+_T_16\@:
+        vmovdqu %xmm9, (%r10)
+_return_T_done\@:
+        mov     %r14, %rsp
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+.endm
+#############################################################
+#void   aesni_gcm_precomp_avx_gen2
+#        (gcm_data     *my_ctx_data,
+#        u8     *hash_subkey)# /* H, the Hash sub key input. Data starts on a 16-byte boundary. */
+#############################################################
+ENTRY(aesni_gcm_precomp_avx_gen2)
+        #the number of pushes must equal STACK_OFFSET
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        mov     %rsp, %r14
+        sub     $VARIABLE_OFFSET, %rsp
+        and     $~63, %rsp                  # align rsp to 64 bytes
+        vmovdqu  (arg2), %xmm6              # xmm6 = HashKey
+        vpshufb  SHUF_MASK(%rip), %xmm6, %xmm6
+        ###############  PRECOMPUTATION of HashKey<<1 mod poly from the HashKey
+        vmovdqa  %xmm6, %xmm2
+        vpsllq   $1, %xmm6, %xmm6
+        vpsrlq   $63, %xmm2, %xmm2
+        vmovdqa  %xmm2, %xmm1
+        vpslldq  $8, %xmm2, %xmm2
+        vpsrldq  $8, %xmm1, %xmm1
+        vpor     %xmm2, %xmm6, %xmm6
+        #reduction
+        vpshufd  $0b00100100, %xmm1, %xmm2
+        vpcmpeqd TWOONE(%rip), %xmm2, %xmm2
+        vpand    POLY(%rip), %xmm2, %xmm2
+        vpxor    %xmm2, %xmm6, %xmm6        # xmm6 holds the HashKey<<1 mod poly
+        #######################################################################
+        vmovdqa  %xmm6, HashKey(arg1)       # store HashKey<<1 mod poly
+        PRECOMPUTE_AVX  %xmm6, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5
+        mov     %r14, %rsp
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        ret
+ENDPROC(aesni_gcm_precomp_avx_gen2)
+###############################################################################
+#void   aesni_gcm_enc_avx_gen2(
+#        gcm_data        *my_ctx_data,     /* aligned to 16 Bytes */
+#        u8      *out, /* Ciphertext output. Encrypt in-place is allowed.  */
+#        const   u8 *in, /* Plaintext input */
+#        u64     plaintext_len, /* Length of data in Bytes for encryption. */
+#        u8      *iv, /* Pre-counter block j0: 4 byte salt
+#                       (from Security Association) concatenated with 8 byte
+#                       Initialisation Vector (from IPSec ESP Payload)
+#                       concatenated with 0x00000001. 16-byte aligned pointer. */
+#        const   u8 *aad, /* Additional Authentication Data (AAD)*/
+#        u64     aad_len, /* Length of AAD in bytes. With RFC4106 this is going to be 8 or 12 Bytes */
+#        u8      *auth_tag, /* Authenticated Tag output. */
+#        u64     auth_tag_len)# /* Authenticated Tag Length in bytes.
+#                               Valid values are 16 (most likely), 12 or 8. */
+###############################################################################
+ENTRY(aesni_gcm_enc_avx_gen2)
+        GCM_ENC_DEC_AVX     ENC
+        ret
+ENDPROC(aesni_gcm_enc_avx_gen2)
+###############################################################################
+#void   aesni_gcm_dec_avx_gen2(
+#        gcm_data        *my_ctx_data,     /* aligned to 16 Bytes */
+#        u8      *out, /* Plaintext output. Decrypt in-place is allowed.  */
+#        const   u8 *in, /* Ciphertext input */
+#        u64     plaintext_len, /* Length of data in Bytes for encryption. */
+#        u8      *iv, /* Pre-counter block j0: 4 byte salt
+#                       (from Security Association) concatenated with 8 byte
+#                       Initialisation Vector (from IPSec ESP Payload)
+#                       concatenated with 0x00000001. 16-byte aligned pointer. */
+#        const   u8 *aad, /* Additional Authentication Data (AAD)*/
+#        u64     aad_len, /* Length of AAD in bytes. With RFC4106 this is going to be 8 or 12 Bytes */
+#        u8      *auth_tag, /* Authenticated Tag output. */
+#        u64     auth_tag_len)# /* Authenticated Tag Length in bytes.
+#                               Valid values are 16 (most likely), 12 or 8. */
+###############################################################################
+ENTRY(aesni_gcm_dec_avx_gen2)
+        GCM_ENC_DEC_AVX     DEC
+        ret
+ENDPROC(aesni_gcm_dec_avx_gen2)
+#endif /* CONFIG_AS_AVX */
+#ifdef CONFIG_AS_AVX2
+###############################################################################
+# GHASH_MUL MACRO to implement: Data*HashKey mod (128,127,126,121,0)
+# Input: A and B (128-bits each, bit-reflected)
+# Output: C = A*B*x mod poly, (i.e. >>1 )
+# To compute GH = GH*HashKey mod poly, give HK = HashKey<<1 mod poly as input
+# GH = GH * HK * x mod poly which is equivalent to GH*HashKey mod poly.
+###############################################################################
+.macro  GHASH_MUL_AVX2 GH HK T1 T2 T3 T4 T5
+        vpclmulqdq      $0x11,\HK,\GH,\T1      # T1 = a1*b1
+        vpclmulqdq      $0x00,\HK,\GH,\T2      # T2 = a0*b0
+        vpclmulqdq      $0x01,\HK,\GH,\T3      # T3 = a1*b0
+        vpclmulqdq      $0x10,\HK,\GH,\GH      # GH = a0*b1
+        vpxor           \T3, \GH, \GH
+        vpsrldq         $8 , \GH, \T3          # shift-R GH 2 DWs
+        vpslldq         $8 , \GH, \GH          # shift-L GH 2 DWs
+        vpxor           \T3, \T1, \T1
+        vpxor           \T2, \GH, \GH
+        #######################################################################
+        #first phase of the reduction
+        vmovdqa         POLY2(%rip), \T3
+        vpclmulqdq      $0x01, \GH, \T3, \T2
+        vpslldq         $8, \T2, \T2           # shift-L T2 2 DWs
+        vpxor           \T2, \GH, \GH          # first phase of the reduction complete
+        #######################################################################
+        #second phase of the reduction
+        vpclmulqdq      $0x00, \GH, \T3, \T2
+        vpsrldq         $4, \T2, \T2           # shift-R T2 1 DW (Shift-R only 1-DW to obtain 2-DWs shift-R)
+        vpclmulqdq      $0x10, \GH, \T3, \GH
+        vpslldq         $4, \GH, \GH           # shift-L GH 1 DW (Shift-L 1-DW to obtain result with no shifts)
+        vpxor           \T2, \GH, \GH          # second phase of the reduction complete
+        #######################################################################
+        vpxor           \T1, \GH, \GH          # the result is in GH
+.endm
+.macro PRECOMPUTE_AVX2 HK T1 T2 T3 T4 T5 T6
+        # Haskey_i_k holds XORed values of the low and high parts of the Haskey_i
+        vmovdqa  \HK, \T5
+        GHASH_MUL_AVX2 \T5, \HK, \T1, \T3, \T4, \T6, \T2    #  T5 = HashKey^2<<1 mod poly
+        vmovdqa  \T5, HashKey_2(arg1)                       #  [HashKey_2] = HashKey^2<<1 mod poly
+        GHASH_MUL_AVX2 \T5, \HK, \T1, \T3, \T4, \T6, \T2    #  T5 = HashKey^3<<1 mod poly
+        vmovdqa  \T5, HashKey_3(arg1)
+        GHASH_MUL_AVX2 \T5, \HK, \T1, \T3, \T4, \T6, \T2    #  T5 = HashKey^4<<1 mod poly
+        vmovdqa  \T5, HashKey_4(arg1)
+        GHASH_MUL_AVX2 \T5, \HK, \T1, \T3, \T4, \T6, \T2    #  T5 = HashKey^5<<1 mod poly
+        vmovdqa  \T5, HashKey_5(arg1)
+        GHASH_MUL_AVX2 \T5, \HK, \T1, \T3, \T4, \T6, \T2    #  T5 = HashKey^6<<1 mod poly
+        vmovdqa  \T5, HashKey_6(arg1)
+        GHASH_MUL_AVX2 \T5, \HK, \T1, \T3, \T4, \T6, \T2    #  T5 = HashKey^7<<1 mod poly
+        vmovdqa  \T5, HashKey_7(arg1)
+        GHASH_MUL_AVX2 \T5, \HK, \T1, \T3, \T4, \T6, \T2    #  T5 = HashKey^8<<1 mod poly
+        vmovdqa  \T5, HashKey_8(arg1)
+.endm
+## if a = number of total plaintext bytes
+## b = floor(a/16)
+## num_initial_blocks = b mod 4#
+## encrypt the initial num_initial_blocks blocks and apply ghash on the ciphertext
+## r10, r11, r12, rax are clobbered
+## arg1, arg2, arg3, r14 are used as a pointer only, not modified
+.macro INITIAL_BLOCKS_AVX2 num_initial_blocks T1 T2 T3 T4 T5 CTR XMM1 XMM2 XMM3 XMM4 XMM5 XMM6 XMM7 XMM8 T6 T_key ENC_DEC VER
+        i = (8-\num_initial_blocks)
+        setreg
+        mov     arg6, %r10                       # r10 = AAD
+        mov     arg7, %r12                       # r12 = aadLen
+        mov     %r12, %r11
+        vpxor   reg_i, reg_i, reg_i
+_get_AAD_loop\@:
+        vmovd   (%r10), \T1
+        vpslldq $12, \T1, \T1
+        vpsrldq $4, reg_i, reg_i
+        vpxor   \T1, reg_i, reg_i
+        add     $4, %r10
+        sub     $4, %r12
+        jg      _get_AAD_loop\@
+        cmp     $16, %r11
+        je      _get_AAD_loop2_done\@
+        mov     $16, %r12
+_get_AAD_loop2\@:
+        vpsrldq $4, reg_i, reg_i
+        sub     $4, %r12
+        cmp     %r11, %r12
+        jg      _get_AAD_loop2\@
+_get_AAD_loop2_done\@:
+        #byte-reflect the AAD data
+        vpshufb SHUF_MASK(%rip), reg_i, reg_i
+        # initialize the data pointer offset as zero
+        xor     %r11, %r11
+        # start AES for num_initial_blocks blocks
+        mov     arg5, %rax                     # rax = *Y0
+        vmovdqu (%rax), \CTR                   # CTR = Y0
+        vpshufb SHUF_MASK(%rip), \CTR, \CTR
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+                vpaddd  ONE(%rip), \CTR, \CTR   # INCR Y0
+                vmovdqa \CTR, reg_i
+                vpshufb SHUF_MASK(%rip), reg_i, reg_i     # perform a 16Byte swap
+        i = (i+1)
+        setreg
+.endr
+        vmovdqa  (arg1), \T_key
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+                vpxor   \T_key, reg_i, reg_i
+        i = (i+1)
+        setreg
+.endr
+        j = 1
+        setreg
+.rep 9
+        vmovdqa  16*j(arg1), \T_key
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+        vaesenc \T_key, reg_i, reg_i
+        i = (i+1)
+        setreg
+.endr
+        j = (j+1)
+        setreg
+.endr
+        vmovdqa  16*10(arg1), \T_key
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+        vaesenclast      \T_key, reg_i, reg_i
+        i = (i+1)
+        setreg
+.endr
+        i = (9-\num_initial_blocks)
+        setreg
+.rep \num_initial_blocks
+                vmovdqu (arg3, %r11), \T1
+                vpxor   \T1, reg_i, reg_i
+                vmovdqu reg_i, (arg2 , %r11)           # write back ciphertext for
+                                                       # num_initial_blocks blocks
+                add     $16, %r11
+.if  \ENC_DEC == DEC
+                vmovdqa \T1, reg_i
+.endif
+                vpshufb SHUF_MASK(%rip), reg_i, reg_i  # prepare ciphertext for GHASH computations
+        i = (i+1)
+        setreg
+.endr
+        i = (8-\num_initial_blocks)
+        j = (9-\num_initial_blocks)
+        setreg
+        GHASH_MUL_AVX2       reg_i, \T2, \T1, \T3, \T4, \T5, \T6
+.rep \num_initial_blocks
+        vpxor    reg_i, reg_j, reg_j
+        GHASH_MUL_AVX2       reg_j, \T2, \T1, \T3, \T4, \T5, \T6  # apply GHASH on num_initial_blocks blocks
+        i = (i+1)
+        j = (j+1)
+        setreg
+.endr
+        # XMM8 has the combined result here
+        vmovdqa  \XMM8, TMP1(%rsp)
+        vmovdqa  \XMM8, \T3
+        cmp     $128, %r13
+        jl      _initial_blocks_done\@                  # no need for precomputed constants
+###############################################################################
+# Haskey_i_k holds XORed values of the low and high parts of the Haskey_i
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM1
+                vpshufb  SHUF_MASK(%rip), \XMM1, \XMM1  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM2
+                vpshufb  SHUF_MASK(%rip), \XMM2, \XMM2  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM3
+                vpshufb  SHUF_MASK(%rip), \XMM3, \XMM3  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM4
+                vpshufb  SHUF_MASK(%rip), \XMM4, \XMM4  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM5
+                vpshufb  SHUF_MASK(%rip), \XMM5, \XMM5  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM6
+                vpshufb  SHUF_MASK(%rip), \XMM6, \XMM6  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM7
+                vpshufb  SHUF_MASK(%rip), \XMM7, \XMM7  # perform a 16Byte swap
+                vpaddd   ONE(%rip), \CTR, \CTR          # INCR Y0
+                vmovdqa  \CTR, \XMM8
+                vpshufb  SHUF_MASK(%rip), \XMM8, \XMM8  # perform a 16Byte swap
+                vmovdqa  (arg1), \T_key
+                vpxor    \T_key, \XMM1, \XMM1
+                vpxor    \T_key, \XMM2, \XMM2
+                vpxor    \T_key, \XMM3, \XMM3
+                vpxor    \T_key, \XMM4, \XMM4
+                vpxor    \T_key, \XMM5, \XMM5
+                vpxor    \T_key, \XMM6, \XMM6
+                vpxor    \T_key, \XMM7, \XMM7
+                vpxor    \T_key, \XMM8, \XMM8
+                i = 1
+                setreg
+.rep    9       # do 9 rounds
+                vmovdqa  16*i(arg1), \T_key
+                vaesenc  \T_key, \XMM1, \XMM1
+                vaesenc  \T_key, \XMM2, \XMM2
+                vaesenc  \T_key, \XMM3, \XMM3
+                vaesenc  \T_key, \XMM4, \XMM4
+                vaesenc  \T_key, \XMM5, \XMM5
+                vaesenc  \T_key, \XMM6, \XMM6
+                vaesenc  \T_key, \XMM7, \XMM7
+                vaesenc  \T_key, \XMM8, \XMM8
+                i = (i+1)
+                setreg
+.endr
+                vmovdqa  16*i(arg1), \T_key
+                vaesenclast  \T_key, \XMM1, \XMM1
+                vaesenclast  \T_key, \XMM2, \XMM2
+                vaesenclast  \T_key, \XMM3, \XMM3
+                vaesenclast  \T_key, \XMM4, \XMM4
+                vaesenclast  \T_key, \XMM5, \XMM5
+                vaesenclast  \T_key, \XMM6, \XMM6
+                vaesenclast  \T_key, \XMM7, \XMM7
+                vaesenclast  \T_key, \XMM8, \XMM8
+                vmovdqu  (arg3, %r11), \T1
+                vpxor    \T1, \XMM1, \XMM1
+                vmovdqu  \XMM1, (arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM1
+                .endif
+                vmovdqu  16*1(arg3, %r11), \T1
+                vpxor    \T1, \XMM2, \XMM2
+                vmovdqu  \XMM2, 16*1(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM2
+                .endif
+                vmovdqu  16*2(arg3, %r11), \T1
+                vpxor    \T1, \XMM3, \XMM3
+                vmovdqu  \XMM3, 16*2(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM3
+                .endif
+                vmovdqu  16*3(arg3, %r11), \T1
+                vpxor    \T1, \XMM4, \XMM4
+                vmovdqu  \XMM4, 16*3(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM4
+                .endif
+                vmovdqu  16*4(arg3, %r11), \T1
+                vpxor    \T1, \XMM5, \XMM5
+                vmovdqu  \XMM5, 16*4(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM5
+                .endif
+                vmovdqu  16*5(arg3, %r11), \T1
+                vpxor    \T1, \XMM6, \XMM6
+                vmovdqu  \XMM6, 16*5(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM6
+                .endif
+                vmovdqu  16*6(arg3, %r11), \T1
+                vpxor    \T1, \XMM7, \XMM7
+                vmovdqu  \XMM7, 16*6(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM7
+                .endif
+                vmovdqu  16*7(arg3, %r11), \T1
+                vpxor    \T1, \XMM8, \XMM8
+                vmovdqu  \XMM8, 16*7(arg2 , %r11)
+                .if   \ENC_DEC == DEC
+                vmovdqa  \T1, \XMM8
+                .endif
+                add     $128, %r11
+                vpshufb  SHUF_MASK(%rip), \XMM1, \XMM1     # perform a 16Byte swap
+                vpxor    TMP1(%rsp), \XMM1, \XMM1          # combine GHASHed value with
+                                                           # the corresponding ciphertext
+                vpshufb  SHUF_MASK(%rip), \XMM2, \XMM2     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM3, \XMM3     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM4, \XMM4     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM5, \XMM5     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM6, \XMM6     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM7, \XMM7     # perform a 16Byte swap
+                vpshufb  SHUF_MASK(%rip), \XMM8, \XMM8     # perform a 16Byte swap
+###############################################################################
+_initial_blocks_done\@:
+.endm
+# encrypt 8 blocks at a time
+# ghash the 8 previously encrypted ciphertext blocks
+# arg1, arg2, arg3 are used as pointers only, not modified
+# r11 is the data offset value
+.macro GHASH_8_ENCRYPT_8_PARALLEL_AVX2 T1 T2 T3 T4 T5 T6 CTR XMM1 XMM2 XMM3 XMM4 XMM5 XMM6 XMM7 XMM8 T7 loop_idx ENC_DEC
+        vmovdqa \XMM1, \T2
+        vmovdqa \XMM2, TMP2(%rsp)
+        vmovdqa \XMM3, TMP3(%rsp)
+        vmovdqa \XMM4, TMP4(%rsp)
+        vmovdqa \XMM5, TMP5(%rsp)
+        vmovdqa \XMM6, TMP6(%rsp)
+        vmovdqa \XMM7, TMP7(%rsp)
+        vmovdqa \XMM8, TMP8(%rsp)
+.if \loop_idx == in_order
+                vpaddd  ONE(%rip), \CTR, \XMM1            # INCR CNT
+                vpaddd  ONE(%rip), \XMM1, \XMM2
+                vpaddd  ONE(%rip), \XMM2, \XMM3
+                vpaddd  ONE(%rip), \XMM3, \XMM4
+                vpaddd  ONE(%rip), \XMM4, \XMM5
+                vpaddd  ONE(%rip), \XMM5, \XMM6
+                vpaddd  ONE(%rip), \XMM6, \XMM7
+                vpaddd  ONE(%rip), \XMM7, \XMM8
+                vmovdqa \XMM8, \CTR
+                vpshufb SHUF_MASK(%rip), \XMM1, \XMM1     # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM2, \XMM2     # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM3, \XMM3     # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM4, \XMM4     # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM5, \XMM5     # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM6, \XMM6     # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM7, \XMM7     # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM8, \XMM8     # perform a 16Byte swap
+.else
+                vpaddd  ONEf(%rip), \CTR, \XMM1            # INCR CNT
+                vpaddd  ONEf(%rip), \XMM1, \XMM2
+                vpaddd  ONEf(%rip), \XMM2, \XMM3
+                vpaddd  ONEf(%rip), \XMM3, \XMM4
+                vpaddd  ONEf(%rip), \XMM4, \XMM5
+                vpaddd  ONEf(%rip), \XMM5, \XMM6
+                vpaddd  ONEf(%rip), \XMM6, \XMM7
+                vpaddd  ONEf(%rip), \XMM7, \XMM8
+                vmovdqa \XMM8, \CTR
+.endif
+        #######################################################################
+                vmovdqu (arg1), \T1
+                vpxor   \T1, \XMM1, \XMM1
+                vpxor   \T1, \XMM2, \XMM2
+                vpxor   \T1, \XMM3, \XMM3
+                vpxor   \T1, \XMM4, \XMM4
+                vpxor   \T1, \XMM5, \XMM5
+                vpxor   \T1, \XMM6, \XMM6
+                vpxor   \T1, \XMM7, \XMM7
+                vpxor   \T1, \XMM8, \XMM8
+        #######################################################################
+                vmovdqu 16*1(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+                vmovdqu 16*2(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        #######################################################################
+        vmovdqa         HashKey_8(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T2, \T4              # T4 = a1*b1
+        vpclmulqdq      $0x00, \T5, \T2, \T7              # T7 = a0*b0
+        vpclmulqdq      $0x01, \T5, \T2, \T6              # T6 = a1*b0
+        vpclmulqdq      $0x10, \T5, \T2, \T5              # T5 = a0*b1
+        vpxor           \T5, \T6, \T6
+                vmovdqu 16*3(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP2(%rsp), \T1
+        vmovdqa         HashKey_7(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpclmulqdq      $0x01, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+        vpclmulqdq      $0x10, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*4(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        #######################################################################
+        vmovdqa         TMP3(%rsp), \T1
+        vmovdqa         HashKey_6(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpclmulqdq      $0x01, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+        vpclmulqdq      $0x10, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*5(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP4(%rsp), \T1
+        vmovdqa         HashKey_5(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpclmulqdq      $0x01, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+        vpclmulqdq      $0x10, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*6(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP5(%rsp), \T1
+        vmovdqa         HashKey_4(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpclmulqdq      $0x01, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+        vpclmulqdq      $0x10, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*7(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP6(%rsp), \T1
+        vmovdqa         HashKey_3(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpclmulqdq      $0x01, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+        vpclmulqdq      $0x10, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+                vmovdqu 16*8(arg1), \T1
+                vaesenc \T1, \XMM1, \XMM1
+                vaesenc \T1, \XMM2, \XMM2
+                vaesenc \T1, \XMM3, \XMM3
+                vaesenc \T1, \XMM4, \XMM4
+                vaesenc \T1, \XMM5, \XMM5
+                vaesenc \T1, \XMM6, \XMM6
+                vaesenc \T1, \XMM7, \XMM7
+                vaesenc \T1, \XMM8, \XMM8
+        vmovdqa         TMP7(%rsp), \T1
+        vmovdqa         HashKey_2(arg1), \T5
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T4
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpclmulqdq      $0x01, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+        vpclmulqdq      $0x10, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+        #######################################################################
+                vmovdqu 16*9(arg1), \T5
+                vaesenc \T5, \XMM1, \XMM1
+                vaesenc \T5, \XMM2, \XMM2
+                vaesenc \T5, \XMM3, \XMM3
+                vaesenc \T5, \XMM4, \XMM4
+                vaesenc \T5, \XMM5, \XMM5
+                vaesenc \T5, \XMM6, \XMM6
+                vaesenc \T5, \XMM7, \XMM7
+                vaesenc \T5, \XMM8, \XMM8
+        vmovdqa         TMP8(%rsp), \T1
+        vmovdqa         HashKey(arg1), \T5
+        vpclmulqdq      $0x00, \T5, \T1, \T3
+        vpxor           \T3, \T7, \T7
+        vpclmulqdq      $0x01, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+        vpclmulqdq      $0x10, \T5, \T1, \T3
+        vpxor           \T3, \T6, \T6
+        vpclmulqdq      $0x11, \T5, \T1, \T3
+        vpxor           \T3, \T4, \T1
+                vmovdqu 16*10(arg1), \T5
+        i = 0
+        j = 1
+        setreg
+.rep 8
+                vpxor   16*i(arg3, %r11), \T5, \T2
+                .if \ENC_DEC == ENC
+                vaesenclast     \T2, reg_j, reg_j
+                .else
+                vaesenclast     \T2, reg_j, \T3
+                vmovdqu 16*i(arg3, %r11), reg_j
+                vmovdqu \T3, 16*i(arg2, %r11)
+                .endif
+        i = (i+1)
+        j = (j+1)
+        setreg
+.endr
+        #######################################################################
+        vpslldq $8, \T6, \T3                            # shift-L T3 2 DWs
+        vpsrldq $8, \T6, \T6                            # shift-R T2 2 DWs
+        vpxor   \T3, \T7, \T7
+        vpxor   \T6, \T1, \T1                           # accumulate the results in T1:T7
+        #######################################################################
+        #first phase of the reduction
+        vmovdqa         POLY2(%rip), \T3
+        vpclmulqdq      $0x01, \T7, \T3, \T2
+        vpslldq         $8, \T2, \T2                    # shift-L xmm2 2 DWs
+        vpxor           \T2, \T7, \T7                   # first phase of the reduction complete
+        #######################################################################
+                .if \ENC_DEC == ENC
+                vmovdqu  \XMM1, 16*0(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM2, 16*1(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM3, 16*2(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM4, 16*3(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM5, 16*4(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM6, 16*5(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM7, 16*6(arg2,%r11)         # Write to the Ciphertext buffer
+                vmovdqu  \XMM8, 16*7(arg2,%r11)         # Write to the Ciphertext buffer
+                .endif
+        #######################################################################
+        #second phase of the reduction
+        vpclmulqdq      $0x00, \T7, \T3, \T2
+        vpsrldq         $4, \T2, \T2                    # shift-R xmm2 1 DW (Shift-R only 1-DW to obtain 2-DWs shift-R)
+        vpclmulqdq      $0x10, \T7, \T3, \T4
+        vpslldq         $4, \T4, \T4                    # shift-L xmm0 1 DW (Shift-L 1-DW to obtain result with no shifts)
+        vpxor           \T2, \T4, \T4                   # second phase of the reduction complete
+        #######################################################################
+        vpxor           \T4, \T1, \T1                   # the result is in T1
+                vpshufb SHUF_MASK(%rip), \XMM1, \XMM1   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM2, \XMM2   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM3, \XMM3   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM4, \XMM4   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM5, \XMM5   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM6, \XMM6   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM7, \XMM7   # perform a 16Byte swap
+                vpshufb SHUF_MASK(%rip), \XMM8, \XMM8   # perform a 16Byte swap
+        vpxor   \T1, \XMM1, \XMM1
+.endm
+# GHASH the last 4 ciphertext blocks.
+.macro  GHASH_LAST_8_AVX2 T1 T2 T3 T4 T5 T6 T7 XMM1 XMM2 XMM3 XMM4 XMM5 XMM6 XMM7 XMM8
+        ## Karatsuba Method
+        vmovdqa         HashKey_8(arg1), \T5
+        vpshufd         $0b01001110, \XMM1, \T2
+        vpshufd         $0b01001110, \T5, \T3
+        vpxor           \XMM1, \T2, \T2
+        vpxor           \T5, \T3, \T3
+        vpclmulqdq      $0x11, \T5, \XMM1, \T6
+        vpclmulqdq      $0x00, \T5, \XMM1, \T7
+        vpclmulqdq      $0x00, \T3, \T2, \XMM1
+        ######################
+        vmovdqa         HashKey_7(arg1), \T5
+        vpshufd         $0b01001110, \XMM2, \T2
+        vpshufd         $0b01001110, \T5, \T3
+        vpxor           \XMM2, \T2, \T2
+        vpxor           \T5, \T3, \T3
+        vpclmulqdq      $0x11, \T5, \XMM2, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM2, \T4
+        vpxor           \T4, \T7, \T7
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vmovdqa         HashKey_6(arg1), \T5
+        vpshufd         $0b01001110, \XMM3, \T2
+        vpshufd         $0b01001110, \T5, \T3
+        vpxor           \XMM3, \T2, \T2
+        vpxor           \T5, \T3, \T3
+        vpclmulqdq      $0x11, \T5, \XMM3, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM3, \T4
+        vpxor           \T4, \T7, \T7
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vmovdqa         HashKey_5(arg1), \T5
+        vpshufd         $0b01001110, \XMM4, \T2
+        vpshufd         $0b01001110, \T5, \T3
+        vpxor           \XMM4, \T2, \T2
+        vpxor           \T5, \T3, \T3
+        vpclmulqdq      $0x11, \T5, \XMM4, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM4, \T4
+        vpxor           \T4, \T7, \T7
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vmovdqa         HashKey_4(arg1), \T5
+        vpshufd         $0b01001110, \XMM5, \T2
+        vpshufd         $0b01001110, \T5, \T3
+        vpxor           \XMM5, \T2, \T2
+        vpxor           \T5, \T3, \T3
+        vpclmulqdq      $0x11, \T5, \XMM5, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM5, \T4
+        vpxor           \T4, \T7, \T7
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vmovdqa         HashKey_3(arg1), \T5
+        vpshufd         $0b01001110, \XMM6, \T2
+        vpshufd         $0b01001110, \T5, \T3
+        vpxor           \XMM6, \T2, \T2
+        vpxor           \T5, \T3, \T3
+        vpclmulqdq      $0x11, \T5, \XMM6, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM6, \T4
+        vpxor           \T4, \T7, \T7
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vmovdqa         HashKey_2(arg1), \T5
+        vpshufd         $0b01001110, \XMM7, \T2
+        vpshufd         $0b01001110, \T5, \T3
+        vpxor           \XMM7, \T2, \T2
+        vpxor           \T5, \T3, \T3
+        vpclmulqdq      $0x11, \T5, \XMM7, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM7, \T4
+        vpxor           \T4, \T7, \T7
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        ######################
+        vmovdqa         HashKey(arg1), \T5
+        vpshufd         $0b01001110, \XMM8, \T2
+        vpshufd         $0b01001110, \T5, \T3
+        vpxor           \XMM8, \T2, \T2
+        vpxor           \T5, \T3, \T3
+        vpclmulqdq      $0x11, \T5, \XMM8, \T4
+        vpxor           \T4, \T6, \T6
+        vpclmulqdq      $0x00, \T5, \XMM8, \T4
+        vpxor           \T4, \T7, \T7
+        vpclmulqdq      $0x00, \T3, \T2, \T2
+        vpxor           \T2, \XMM1, \XMM1
+        vpxor           \T6, \XMM1, \XMM1
+        vpxor           \T7, \XMM1, \T2
+        vpslldq $8, \T2, \T4
+        vpsrldq $8, \T2, \T2
+        vpxor   \T4, \T7, \T7
+        vpxor   \T2, \T6, \T6                      # <T6:T7> holds the result of the
+                                                   # accumulated carry-less multiplications
+        #######################################################################
+        #first phase of the reduction
+        vmovdqa         POLY2(%rip), \T3
+        vpclmulqdq      $0x01, \T7, \T3, \T2
+        vpslldq         $8, \T2, \T2               # shift-L xmm2 2 DWs
+        vpxor           \T2, \T7, \T7              # first phase of the reduction complete
+        #######################################################################
+        #second phase of the reduction
+        vpclmulqdq      $0x00, \T7, \T3, \T2
+        vpsrldq         $4, \T2, \T2               # shift-R T2 1 DW (Shift-R only 1-DW to obtain 2-DWs shift-R)
+        vpclmulqdq      $0x10, \T7, \T3, \T4
+        vpslldq         $4, \T4, \T4               # shift-L T4 1 DW (Shift-L 1-DW to obtain result with no shifts)
+        vpxor           \T2, \T4, \T4              # second phase of the reduction complete
+        #######################################################################
+        vpxor           \T4, \T6, \T6              # the result is in T6
+.endm
+# combined for GCM encrypt and decrypt functions
+# clobbering all xmm registers
+# clobbering r10, r11, r12, r13, r14, r15
+.macro  GCM_ENC_DEC_AVX2     ENC_DEC
+        #the number of pushes must equal STACK_OFFSET
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        mov     %rsp, %r14
+        sub     $VARIABLE_OFFSET, %rsp
+        and     $~63, %rsp                         # align rsp to 64 bytes
+        vmovdqu  HashKey(arg1), %xmm13             # xmm13 = HashKey
+        mov     arg4, %r13                         # save the number of bytes of plaintext/ciphertext
+        and     $-16, %r13                         # r13 = r13 - (r13 mod 16)
+        mov     %r13, %r12
+        shr     $4, %r12
+        and     $7, %r12
+        jz      _initial_num_blocks_is_0\@
+        cmp     $7, %r12
+        je      _initial_num_blocks_is_7\@
+        cmp     $6, %r12
+        je      _initial_num_blocks_is_6\@
+        cmp     $5, %r12
+        je      _initial_num_blocks_is_5\@
+        cmp     $4, %r12
+        je      _initial_num_blocks_is_4\@
+        cmp     $3, %r12
+        je      _initial_num_blocks_is_3\@
+        cmp     $2, %r12
+        je      _initial_num_blocks_is_2\@
+        jmp     _initial_num_blocks_is_1\@
+_initial_num_blocks_is_7\@:
+        INITIAL_BLOCKS_AVX2  7, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*7, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_6\@:
+        INITIAL_BLOCKS_AVX2  6, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*6, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_5\@:
+        INITIAL_BLOCKS_AVX2  5, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*5, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_4\@:
+        INITIAL_BLOCKS_AVX2  4, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*4, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_3\@:
+        INITIAL_BLOCKS_AVX2  3, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*3, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_2\@:
+        INITIAL_BLOCKS_AVX2  2, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*2, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_1\@:
+        INITIAL_BLOCKS_AVX2  1, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+        sub     $16*1, %r13
+        jmp     _initial_blocks_encrypted\@
+_initial_num_blocks_is_0\@:
+        INITIAL_BLOCKS_AVX2  0, %xmm12, %xmm13, %xmm14, %xmm15, %xmm11, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm10, %xmm0, \ENC_DEC
+_initial_blocks_encrypted\@:
+        cmp     $0, %r13
+        je      _zero_cipher_left\@
+        sub     $128, %r13
+        je      _eight_cipher_left\@
+        vmovd   %xmm9, %r15d
+        and     $255, %r15d
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+_encrypt_by_8_new\@:
+        cmp     $(255-8), %r15d
+        jg      _encrypt_by_8\@
+        add     $8, %r15b
+        GHASH_8_ENCRYPT_8_PARALLEL_AVX2      %xmm0, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm15, out_order, \ENC_DEC
+        add     $128, %r11
+        sub     $128, %r13
+        jne     _encrypt_by_8_new\@
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        jmp     _eight_cipher_left\@
+_encrypt_by_8\@:
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        add     $8, %r15b
+        GHASH_8_ENCRYPT_8_PARALLEL_AVX2      %xmm0, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm9, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, %xmm15, in_order, \ENC_DEC
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        add     $128, %r11
+        sub     $128, %r13
+        jne     _encrypt_by_8_new\@
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+_eight_cipher_left\@:
+        GHASH_LAST_8_AVX2    %xmm0, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm15, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8
+_zero_cipher_left\@:
+        cmp     $16, arg4
+        jl      _only_less_than_16\@
+        mov     arg4, %r13
+        and     $15, %r13                            # r13 = (arg4 mod 16)
+        je      _multiple_of_16_bytes\@
+        # handle the last <16 Byte block seperately
+        vpaddd   ONE(%rip), %xmm9, %xmm9             # INCR CNT to get Yn
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        ENCRYPT_SINGLE_BLOCK    %xmm9                # E(K, Yn)
+        sub     $16, %r11
+        add     %r13, %r11
+        vmovdqu (arg3, %r11), %xmm1                  # receive the last <16 Byte block
+        lea     SHIFT_MASK+16(%rip), %r12
+        sub     %r13, %r12                           # adjust the shuffle mask pointer
+                                                     # to be able to shift 16-r13 bytes
+                                                     # (r13 is the number of bytes in plaintext mod 16)
+        vmovdqu (%r12), %xmm2                        # get the appropriate shuffle mask
+        vpshufb %xmm2, %xmm1, %xmm1                  # shift right 16-r13 bytes
+        jmp     _final_ghash_mul\@
+_only_less_than_16\@:
+        # check for 0 length
+        mov     arg4, %r13
+        and     $15, %r13                            # r13 = (arg4 mod 16)
+        je      _multiple_of_16_bytes\@
+        # handle the last <16 Byte block seperately
+        vpaddd  ONE(%rip), %xmm9, %xmm9              # INCR CNT to get Yn
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        ENCRYPT_SINGLE_BLOCK    %xmm9                # E(K, Yn)
+        lea     SHIFT_MASK+16(%rip), %r12
+        sub     %r13, %r12                           # adjust the shuffle mask pointer to be
+                                                     # able to shift 16-r13 bytes (r13 is the
+                                                     # number of bytes in plaintext mod 16)
+_get_last_16_byte_loop\@:
+        movb    (arg3, %r11),  %al
+        movb    %al,  TMP1 (%rsp , %r11)
+        add     $1, %r11
+        cmp     %r13,  %r11
+        jne     _get_last_16_byte_loop\@
+        vmovdqu  TMP1(%rsp), %xmm1
+        sub     $16, %r11
+_final_ghash_mul\@:
+        .if  \ENC_DEC ==  DEC
+        vmovdqa %xmm1, %xmm2
+        vpxor   %xmm1, %xmm9, %xmm9                  # Plaintext XOR E(K, Yn)
+        vmovdqu ALL_F-SHIFT_MASK(%r12), %xmm1        # get the appropriate mask to mask out top 16-r13 bytes of xmm9
+        vpand   %xmm1, %xmm9, %xmm9                  # mask out top 16-r13 bytes of xmm9
+        vpand   %xmm1, %xmm2, %xmm2
+        vpshufb SHUF_MASK(%rip), %xmm2, %xmm2
+        vpxor   %xmm2, %xmm14, %xmm14
+        #GHASH computation for the last <16 Byte block
+        GHASH_MUL_AVX2       %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6
+        sub     %r13, %r11
+        add     $16, %r11
+        .else
+        vpxor   %xmm1, %xmm9, %xmm9                  # Plaintext XOR E(K, Yn)
+        vmovdqu ALL_F-SHIFT_MASK(%r12), %xmm1        # get the appropriate mask to mask out top 16-r13 bytes of xmm9
+        vpand   %xmm1, %xmm9, %xmm9                  # mask out top 16-r13 bytes of xmm9
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
+        vpxor   %xmm9, %xmm14, %xmm14
+        #GHASH computation for the last <16 Byte block
+        GHASH_MUL_AVX2       %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6
+        sub     %r13, %r11
+        add     $16, %r11
+        vpshufb SHUF_MASK(%rip), %xmm9, %xmm9        # shuffle xmm9 back to output as ciphertext
+        .endif
+        #############################
+        # output r13 Bytes
+        vmovq   %xmm9, %rax
+        cmp     $8, %r13
+        jle     _less_than_8_bytes_left\@
+        mov     %rax, (arg2 , %r11)
+        add     $8, %r11
+        vpsrldq $8, %xmm9, %xmm9
+        vmovq   %xmm9, %rax
+        sub     $8, %r13
+_less_than_8_bytes_left\@:
+        movb    %al, (arg2 , %r11)
+        add     $1, %r11
+        shr     $8, %rax
+        sub     $1, %r13
+        jne     _less_than_8_bytes_left\@
+        #############################
+_multiple_of_16_bytes\@:
+        mov     arg7, %r12                           # r12 = aadLen (number of bytes)
+        shl     $3, %r12                             # convert into number of bits
+        vmovd   %r12d, %xmm15                        # len(A) in xmm15
+        shl     $3, arg4                             # len(C) in bits  (*128)
+        vmovq   arg4, %xmm1
+        vpslldq $8, %xmm15, %xmm15                   # xmm15 = len(A)|| 0x0000000000000000
+        vpxor   %xmm1, %xmm15, %xmm15                # xmm15 = len(A)||len(C)
+        vpxor   %xmm15, %xmm14, %xmm14
+        GHASH_MUL_AVX2       %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6    # final GHASH computation
+        vpshufb SHUF_MASK(%rip), %xmm14, %xmm14              # perform a 16Byte swap
+        mov     arg5, %rax                           # rax = *Y0
+        vmovdqu (%rax), %xmm9                        # xmm9 = Y0
+        ENCRYPT_SINGLE_BLOCK    %xmm9                # E(K, Y0)
+        vpxor   %xmm14, %xmm9, %xmm9
+_return_T\@:
+        mov     arg8, %r10              # r10 = authTag
+        mov     arg9, %r11              # r11 = auth_tag_len
+        cmp     $16, %r11
+        je      _T_16\@
+        cmp     $12, %r11
+        je      _T_12\@
+_T_8\@:
+        vmovq   %xmm9, %rax
+        mov     %rax, (%r10)
+        jmp     _return_T_done\@
+_T_12\@:
+        vmovq   %xmm9, %rax
+        mov     %rax, (%r10)
+        vpsrldq $8, %xmm9, %xmm9
+        vmovd   %xmm9, %eax
+        mov     %eax, 8(%r10)
+        jmp     _return_T_done\@
+_T_16\@:
+        vmovdqu %xmm9, (%r10)
+_return_T_done\@:
+        mov     %r14, %rsp
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+.endm
+#############################################################
+#void   aesni_gcm_precomp_avx_gen4
+#        (gcm_data     *my_ctx_data,
+#        u8     *hash_subkey)# /* H, the Hash sub key input.
+#                               Data starts on a 16-byte boundary. */
+#############################################################
+ENTRY(aesni_gcm_precomp_avx_gen4)
+        #the number of pushes must equal STACK_OFFSET
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        mov     %rsp, %r14
+        sub     $VARIABLE_OFFSET, %rsp
+        and     $~63, %rsp                    # align rsp to 64 bytes
+        vmovdqu  (arg2), %xmm6                # xmm6 = HashKey
+        vpshufb  SHUF_MASK(%rip), %xmm6, %xmm6
+        ###############  PRECOMPUTATION of HashKey<<1 mod poly from the HashKey
+        vmovdqa  %xmm6, %xmm2
+        vpsllq   $1, %xmm6, %xmm6
+        vpsrlq   $63, %xmm2, %xmm2
+        vmovdqa  %xmm2, %xmm1
+        vpslldq  $8, %xmm2, %xmm2
+        vpsrldq  $8, %xmm1, %xmm1
+        vpor     %xmm2, %xmm6, %xmm6
+        #reduction
+        vpshufd  $0b00100100, %xmm1, %xmm2
+        vpcmpeqd TWOONE(%rip), %xmm2, %xmm2
+        vpand    POLY(%rip), %xmm2, %xmm2
+        vpxor    %xmm2, %xmm6, %xmm6          # xmm6 holds the HashKey<<1 mod poly
+        #######################################################################
+        vmovdqa  %xmm6, HashKey(arg1)         # store HashKey<<1 mod poly
+        PRECOMPUTE_AVX2  %xmm6, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5
+        mov     %r14, %rsp
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        ret
+ENDPROC(aesni_gcm_precomp_avx_gen4)
+###############################################################################
+#void   aesni_gcm_enc_avx_gen4(
+#        gcm_data        *my_ctx_data,     /* aligned to 16 Bytes */
+#        u8      *out, /* Ciphertext output. Encrypt in-place is allowed.  */
+#        const   u8 *in, /* Plaintext input */
+#        u64     plaintext_len, /* Length of data in Bytes for encryption. */
+#        u8      *iv, /* Pre-counter block j0: 4 byte salt
+#                       (from Security Association) concatenated with 8 byte
+#                        Initialisation Vector (from IPSec ESP Payload)
+#                        concatenated with 0x00000001. 16-byte aligned pointer. */
+#        const   u8 *aad, /* Additional Authentication Data (AAD)*/
+#        u64     aad_len, /* Length of AAD in bytes. With RFC4106 this is going to be 8 or 12 Bytes */
+#        u8      *auth_tag, /* Authenticated Tag output. */
+#        u64     auth_tag_len)# /* Authenticated Tag Length in bytes.
+#                               Valid values are 16 (most likely), 12 or 8. */
+###############################################################################
+ENTRY(aesni_gcm_enc_avx_gen4)
+        GCM_ENC_DEC_AVX2     ENC
+        ret
+ENDPROC(aesni_gcm_enc_avx_gen4)
+###############################################################################
+#void   aesni_gcm_dec_avx_gen4(
+#        gcm_data        *my_ctx_data,     /* aligned to 16 Bytes */
+#        u8      *out, /* Plaintext output. Decrypt in-place is allowed.  */
+#        const   u8 *in, /* Ciphertext input */
+#        u64     plaintext_len, /* Length of data in Bytes for encryption. */
+#        u8      *iv, /* Pre-counter block j0: 4 byte salt
+#                       (from Security Association) concatenated with 8 byte
+#                       Initialisation Vector (from IPSec ESP Payload)
+#                       concatenated with 0x00000001. 16-byte aligned pointer. */
+#        const   u8 *aad, /* Additional Authentication Data (AAD)*/
+#        u64     aad_len, /* Length of AAD in bytes. With RFC4106 this is going to be 8 or 12 Bytes */
+#        u8      *auth_tag, /* Authenticated Tag output. */
+#        u64     auth_tag_len)# /* Authenticated Tag Length in bytes.
+#                               Valid values are 16 (most likely), 12 or 8. */
+###############################################################################
+ENTRY(aesni_gcm_dec_avx_gen4)
+        GCM_ENC_DEC_AVX2     DEC
+        ret
+ENDPROC(aesni_gcm_dec_avx_gen4)
+#endif /* CONFIG_AS_AVX2 */
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index 835488b745ee..948ad0e77741 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -101,6 +101,9 @@ asmlinkage void aesni_cbc_dec(struct crypto_aes_ctx *ctx, u8 *out,
 int crypto_fpu_init(void);
 void crypto_fpu_exit(void);
+#define AVX_GEN2_OPTSIZE 640
+#define AVX_GEN4_OPTSIZE 4096
 #ifdef CONFIG_X86_64
 asmlinkage void aesni_ctr_enc(struct crypto_aes_ctx *ctx, u8 *out,
                              const u8 *in, unsigned int len, u8 *iv);
@@ -150,6 +153,123 @@ asmlinkage void aesni_gcm_dec(void *ctx, u8 *out,
                        u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
                        u8 *auth_tag, unsigned long auth_tag_len);
+#ifdef CONFIG_AS_AVX
+/*
+ * asmlinkage void aesni_gcm_precomp_avx_gen2()
+ * gcm_data *my_ctx_data, context data
+ * u8 *hash_subkey,  the Hash sub key input. Data starts on a 16-byte boundary.
+ */
+asmlinkage void aesni_gcm_precomp_avx_gen2(void *my_ctx_data, u8 *hash_subkey);
+asmlinkage void aesni_gcm_enc_avx_gen2(void *ctx, u8 *out,
+                        const u8 *in, unsigned long plaintext_len, u8 *iv,
+                        const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len);
+asmlinkage void aesni_gcm_dec_avx_gen2(void *ctx, u8 *out,
+                        const u8 *in, unsigned long ciphertext_len, u8 *iv,
+                        const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len);
+static void aesni_gcm_enc_avx(void *ctx, u8 *out,
+                        const u8 *in, unsigned long plaintext_len, u8 *iv,
+                        u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len)
+{
+        if (plaintext_len < AVX_GEN2_OPTSIZE) {
+                aesni_gcm_enc(ctx, out, in, plaintext_len, iv, hash_subkey, aad,
+                                aad_len, auth_tag, auth_tag_len);
+        } else {
+                aesni_gcm_precomp_avx_gen2(ctx, hash_subkey);
+                aesni_gcm_enc_avx_gen2(ctx, out, in, plaintext_len, iv, aad,
+                                        aad_len, auth_tag, auth_tag_len);
+        }
+}
+static void aesni_gcm_dec_avx(void *ctx, u8 *out,
+                        const u8 *in, unsigned long ciphertext_len, u8 *iv,
+                        u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len)
+{
+        if (ciphertext_len < AVX_GEN2_OPTSIZE) {
+                aesni_gcm_dec(ctx, out, in, ciphertext_len, iv, hash_subkey, aad,
+                                aad_len, auth_tag, auth_tag_len);
+        } else {
+                aesni_gcm_precomp_avx_gen2(ctx, hash_subkey);
+                aesni_gcm_dec_avx_gen2(ctx, out, in, ciphertext_len, iv, aad,
+                                        aad_len, auth_tag, auth_tag_len);
+        }
+}
+#endif
+#ifdef CONFIG_AS_AVX2
+/*
+ * asmlinkage void aesni_gcm_precomp_avx_gen4()
+ * gcm_data *my_ctx_data, context data
+ * u8 *hash_subkey,  the Hash sub key input. Data starts on a 16-byte boundary.
+ */
+asmlinkage void aesni_gcm_precomp_avx_gen4(void *my_ctx_data, u8 *hash_subkey);
+asmlinkage void aesni_gcm_enc_avx_gen4(void *ctx, u8 *out,
+                        const u8 *in, unsigned long plaintext_len, u8 *iv,
+                        const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len);
+asmlinkage void aesni_gcm_dec_avx_gen4(void *ctx, u8 *out,
+                        const u8 *in, unsigned long ciphertext_len, u8 *iv,
+                        const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len);
+static void aesni_gcm_enc_avx2(void *ctx, u8 *out,
+                        const u8 *in, unsigned long plaintext_len, u8 *iv,
+                        u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len)
+{
+        if (plaintext_len < AVX_GEN2_OPTSIZE) {
+                aesni_gcm_enc(ctx, out, in, plaintext_len, iv, hash_subkey, aad,
+                                aad_len, auth_tag, auth_tag_len);
+        } else if (plaintext_len < AVX_GEN4_OPTSIZE) {
+                aesni_gcm_precomp_avx_gen2(ctx, hash_subkey);
+                aesni_gcm_enc_avx_gen2(ctx, out, in, plaintext_len, iv, aad,
+                                        aad_len, auth_tag, auth_tag_len);
+        } else {
+                aesni_gcm_precomp_avx_gen4(ctx, hash_subkey);
+                aesni_gcm_enc_avx_gen4(ctx, out, in, plaintext_len, iv, aad,
+                                        aad_len, auth_tag, auth_tag_len);
+        }
+}
+static void aesni_gcm_dec_avx2(void *ctx, u8 *out,
+                        const u8 *in, unsigned long ciphertext_len, u8 *iv,
+                        u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len)
+{
+        if (ciphertext_len < AVX_GEN2_OPTSIZE) {
+                aesni_gcm_dec(ctx, out, in, ciphertext_len, iv, hash_subkey,
+                                aad, aad_len, auth_tag, auth_tag_len);
+        } else if (ciphertext_len < AVX_GEN4_OPTSIZE) {
+                aesni_gcm_precomp_avx_gen2(ctx, hash_subkey);
+                aesni_gcm_dec_avx_gen2(ctx, out, in, ciphertext_len, iv, aad,
+                                        aad_len, auth_tag, auth_tag_len);
+        } else {
+                aesni_gcm_precomp_avx_gen4(ctx, hash_subkey);
+                aesni_gcm_dec_avx_gen4(ctx, out, in, ciphertext_len, iv, aad,
+                                        aad_len, auth_tag, auth_tag_len);
+        }
+}
+#endif
+static void (*aesni_gcm_enc_tfm)(void *ctx, u8 *out,
+                        const u8 *in, unsigned long plaintext_len, u8 *iv,
+                        u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len);
+static void (*aesni_gcm_dec_tfm)(void *ctx, u8 *out,
+                        const u8 *in, unsigned long ciphertext_len, u8 *iv,
+                        u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
+                        u8 *auth_tag, unsigned long auth_tag_len);
 static inline struct
 aesni_rfc4106_gcm_ctx *aesni_rfc4106_gcm_ctx_get(struct crypto_aead *tfm)
 {
@@ -915,7 +1035,7 @@ static int __driver_rfc4106_encrypt(struct aead_request *req)
                dst = src;
        }
-        aesni_gcm_enc(aes_ctx, dst, src, (unsigned long)req->cryptlen, iv,
+        aesni_gcm_enc_tfm(aes_ctx, dst, src, (unsigned long)req->cryptlen, iv,
                ctx->hash_subkey, assoc, (unsigned long)req->assoclen, dst
                + ((unsigned long)req->cryptlen), auth_tag_len);
@@ -996,12 +1116,12 @@ static int __driver_rfc4106_decrypt(struct aead_request *req)
                dst = src;
        }
-        aesni_gcm_dec(aes_ctx, dst, src, tempCipherLen, iv,
+        aesni_gcm_dec_tfm(aes_ctx, dst, src, tempCipherLen, iv,
                ctx->hash_subkey, assoc, (unsigned long)req->assoclen,
                authTag, auth_tag_len);
        /* Compare generated tag with passed in tag. */
-        retval = memcmp(src + tempCipherLen, authTag, auth_tag_len) ?
+        retval = crypto_memneq(src + tempCipherLen, authTag, auth_tag_len) ?
                -EBADMSG : 0;
        if (one_entry_in_sg) {
@@ -1353,6 +1473,27 @@ static int __init aesni_init(void)
        if (!x86_match_cpu(aesni_cpu_id))
                return -ENODEV;
+#ifdef CONFIG_X86_64
+#ifdef CONFIG_AS_AVX2
+        if (boot_cpu_has(X86_FEATURE_AVX2)) {
+                pr_info("AVX2 version of gcm_enc/dec engaged.\n");
+                aesni_gcm_enc_tfm = aesni_gcm_enc_avx2;
+                aesni_gcm_dec_tfm = aesni_gcm_dec_avx2;
+        } else
+#endif
+#ifdef CONFIG_AS_AVX
+        if (boot_cpu_has(X86_FEATURE_AVX)) {
+                pr_info("AVX version of gcm_enc/dec engaged.\n");
+                aesni_gcm_enc_tfm = aesni_gcm_enc_avx;
+                aesni_gcm_dec_tfm = aesni_gcm_dec_avx;
+        } else
+#endif
+        {
+                pr_info("SSE version of gcm_enc/dec engaged.\n");
+                aesni_gcm_enc_tfm = aesni_gcm_enc;
+                aesni_gcm_dec_tfm = aesni_gcm_dec;
+        }
+#endif
        err = crypto_fpu_init();
        if (err)
diff --git a/arch/x86/crypto/blowfish_glue.c b/arch/x86/crypto/blowfish_glue.c
index 50ec333b70e6..8af519ed73d1 100644
--- a/arch/x86/crypto/blowfish_glue.c
+++ b/arch/x86/crypto/blowfish_glue.c
@@ -223,9 +223,6 @@ static unsigned int __cbc_decrypt(struct blkcipher_desc *desc,
                        src -= 1;
                        dst -= 1;
                } while (nbytes >= bsize * 4);
-                if (nbytes < bsize)
-                        goto done;
        }
        /* Handle leftovers */
diff --git a/arch/x86/crypto/cast5_avx_glue.c b/arch/x86/crypto/cast5_avx_glue.c
index e6a3700489b9..e57e20ab5e0b 100644
--- a/arch/x86/crypto/cast5_avx_glue.c
+++ b/arch/x86/crypto/cast5_avx_glue.c
@@ -203,9 +203,6 @@ static unsigned int __cbc_decrypt(struct blkcipher_desc *desc,
                        src -= 1;
                        dst -= 1;
                } while (nbytes >= bsize * CAST5_PARALLEL_BLOCKS);
-                if (nbytes < bsize)
-                        goto done;
        }
        /* Handle leftovers */
diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S
index 586f41aac361..185fad49d86f 100644
--- a/arch/x86/crypto/ghash-clmulni-intel_asm.S
+++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S
@@ -24,10 +24,6 @@
 .align 16
 .Lbswap_mask:
        .octa 0x000102030405060708090a0b0c0d0e0f
-.Lpoly:
-        .octa 0xc2000000000000000000000000000001
-.Ltwo_one:
-        .octa 0x00000001000000000000000000000001
 #define DATA    %xmm0
 #define SHASH   %xmm1
@@ -134,28 +130,3 @@ ENTRY(clmul_ghash_update)
 .Lupdate_just_ret:
        ret
 ENDPROC(clmul_ghash_update)
-/*
- * void clmul_ghash_setkey(be128 *shash, const u8 *key);
- *
- * Calculate hash_key << 1 mod poly
- */
-ENTRY(clmul_ghash_setkey)
-        movaps .Lbswap_mask, BSWAP
-        movups (%rsi), %xmm0
-        PSHUFB_XMM BSWAP %xmm0
-        movaps %xmm0, %xmm1
-        psllq $1, %xmm0
-        psrlq $63, %xmm1
-        movaps %xmm1, %xmm2
-        pslldq $8, %xmm1
-        psrldq $8, %xmm2
-        por %xmm1, %xmm0
-        # reduction
-        pshufd $0b00100100, %xmm2, %xmm1
-        pcmpeqd .Ltwo_one, %xmm1
-        pand .Lpoly, %xmm1
-        pxor %xmm1, %xmm0
-        movups %xmm0, (%rdi)
-        ret
-ENDPROC(clmul_ghash_setkey)
diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c
index 6759dd1135be..d785cf2c529c 100644
--- a/arch/x86/crypto/ghash-clmulni-intel_glue.c
+++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
@@ -30,8 +30,6 @@ void clmul_ghash_mul(char *dst, const be128 *shash);
 void clmul_ghash_update(char *dst, const char *src, unsigned int srclen,
                        const be128 *shash);
-void clmul_ghash_setkey(be128 *shash, const u8 *key);
 struct ghash_async_ctx {
        struct cryptd_ahash *cryptd_tfm;
 };
@@ -58,13 +56,23 @@ static int ghash_setkey(struct crypto_shash *tfm,
                        const u8 *key, unsigned int keylen)
 {
        struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
+        be128 *x = (be128 *)key;
+        u64 a, b;
        if (keylen != GHASH_BLOCK_SIZE) {
                crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
                return -EINVAL;
        }
-        clmul_ghash_setkey(&ctx->shash, key);
+        /* perform multiplication by 'x' in GF(2^128) */
+        a = be64_to_cpu(x->a);
+        b = be64_to_cpu(x->b);
+        ctx->shash.a = (__be64)((b << 1) | (a >> 63));
+        ctx->shash.b = (__be64)((a << 1) | (b >> 63));
+        if (a >> 63)
+                ctx->shash.b ^= cpu_to_be64(0xc2);
        return 0;
 }
diff --git a/arch/x86/crypto/sha1_avx2_x86_64_asm.S b/arch/x86/crypto/sha1_avx2_x86_64_asm.S
new file mode 100644
index 000000000000..1cd792db15ef
--- /dev/null
+++ b/arch/x86/crypto/sha1_avx2_x86_64_asm.S
@@ -0,0 +1,708 @@
+/*
+ *      Implement fast SHA-1 with AVX2 instructions. (x86_64)
+ *
+ * This file is provided under a dual BSD/GPLv2 license.  When using or
+ * redistributing this file, you may do so under either license.
+ *
+ * GPL LICENSE SUMMARY
+ *
+ * Copyright(c) 2014 Intel Corporation.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * Contact Information:
+ * Ilya Albrekht <ilya.albrekht@intel.com>
+ * Maxim Locktyukhin <maxim.locktyukhin@intel.com>
+ * Ronen Zohar <ronen.zohar@intel.com>
+ * Chandramouli Narayanan <mouli@linux.intel.com>
+ *
+ * BSD LICENSE
+ *
+ * Copyright(c) 2014 Intel Corporation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/*
+ * SHA-1 implementation with Intel(R) AVX2 instruction set extensions.
+ *
+ *This implementation is based on the previous SSSE3 release:
+ *Visit http://software.intel.com/en-us/articles/
+ *and refer to improving-the-performance-of-the-secure-hash-algorithm-1/
+ *
+ *Updates 20-byte SHA-1 record in 'hash' for even number of
+ *'num_blocks' consecutive 64-byte blocks
+ *
+ *extern "C" void sha1_transform_avx2(
+ *      int *hash, const char* input, size_t num_blocks );
+ */
+#include <linux/linkage.h>
+#define CTX     %rdi    /* arg1 */
+#define BUF     %rsi    /* arg2 */
+#define CNT     %rdx    /* arg3 */
+#define REG_A   %ecx
+#define REG_B   %esi
+#define REG_C   %edi
+#define REG_D   %eax
+#define REG_E   %edx
+#define REG_TB  %ebx
+#define REG_TA  %r12d
+#define REG_RA  %rcx
+#define REG_RB  %rsi
+#define REG_RC  %rdi
+#define REG_RD  %rax
+#define REG_RE  %rdx
+#define REG_RTA %r12
+#define REG_RTB %rbx
+#define REG_T1  %ebp
+#define xmm_mov vmovups
+#define avx2_zeroupper  vzeroupper
+#define RND_F1  1
+#define RND_F2  2
+#define RND_F3  3
+.macro REGALLOC
+        .set A, REG_A
+        .set B, REG_B
+        .set C, REG_C
+        .set D, REG_D
+        .set E, REG_E
+        .set TB, REG_TB
+        .set TA, REG_TA
+        .set RA, REG_RA
+        .set RB, REG_RB
+        .set RC, REG_RC
+        .set RD, REG_RD
+        .set RE, REG_RE
+        .set RTA, REG_RTA
+        .set RTB, REG_RTB
+        .set T1, REG_T1
+.endm
+#define K_BASE          %r8
+#define HASH_PTR        %r9
+#define BUFFER_PTR      %r10
+#define BUFFER_PTR2     %r13
+#define BUFFER_END      %r11
+#define PRECALC_BUF     %r14
+#define WK_BUF          %r15
+#define W_TMP           %xmm0
+#define WY_TMP          %ymm0
+#define WY_TMP2         %ymm9
+# AVX2 variables
+#define WY0             %ymm3
+#define WY4             %ymm5
+#define WY08            %ymm7
+#define WY12            %ymm8
+#define WY16            %ymm12
+#define WY20            %ymm13
+#define WY24            %ymm14
+#define WY28            %ymm15
+#define YMM_SHUFB_BSWAP %ymm10
+/*
+ * Keep 2 iterations precalculated at a time:
+ *    - 80 DWORDs per iteration * 2
+ */
+#define W_SIZE          (80*2*2 +16)
+#define WK(t)   ((((t) % 80) / 4)*32 + ( (t) % 4)*4 + ((t)/80)*16 )(WK_BUF)
+#define PRECALC_WK(t)   ((t)*2*2)(PRECALC_BUF)
+.macro UPDATE_HASH  hash, val
+        add     \hash, \val
+        mov     \val, \hash
+.endm
+.macro PRECALC_RESET_WY
+        .set WY_00, WY0
+        .set WY_04, WY4
+        .set WY_08, WY08
+        .set WY_12, WY12
+        .set WY_16, WY16
+        .set WY_20, WY20
+        .set WY_24, WY24
+        .set WY_28, WY28
+        .set WY_32, WY_00
+.endm
+.macro PRECALC_ROTATE_WY
+        /* Rotate macros */
+        .set WY_32, WY_28
+        .set WY_28, WY_24
+        .set WY_24, WY_20
+        .set WY_20, WY_16
+        .set WY_16, WY_12
+        .set WY_12, WY_08
+        .set WY_08, WY_04
+        .set WY_04, WY_00
+        .set WY_00, WY_32
+        /* Define register aliases */
+        .set WY, WY_00
+        .set WY_minus_04, WY_04
+        .set WY_minus_08, WY_08
+        .set WY_minus_12, WY_12
+        .set WY_minus_16, WY_16
+        .set WY_minus_20, WY_20
+        .set WY_minus_24, WY_24
+        .set WY_minus_28, WY_28
+        .set WY_minus_32, WY
+.endm
+.macro PRECALC_00_15
+        .if (i == 0) # Initialize and rotate registers
+                PRECALC_RESET_WY
+                PRECALC_ROTATE_WY
+        .endif
+        /* message scheduling pre-compute for rounds 0-15 */
+        .if   ((i & 7) == 0)
+                /*
+                 * blended AVX2 and ALU instruction scheduling
+                 * 1 vector iteration per 8 rounds
+                 */
+                vmovdqu ((i * 2) + PRECALC_OFFSET)(BUFFER_PTR), W_TMP
+        .elseif ((i & 7) == 1)
+                vinsertf128 $1, (((i-1) * 2)+PRECALC_OFFSET)(BUFFER_PTR2),\
+                         WY_TMP, WY_TMP
+        .elseif ((i & 7) == 2)
+                vpshufb YMM_SHUFB_BSWAP, WY_TMP, WY
+        .elseif ((i & 7) == 4)
+                vpaddd  K_XMM(K_BASE), WY, WY_TMP
+        .elseif ((i & 7) == 7)
+                vmovdqu  WY_TMP, PRECALC_WK(i&~7)
+                PRECALC_ROTATE_WY
+        .endif
+.endm
+.macro PRECALC_16_31
+        /*
+         * message scheduling pre-compute for rounds 16-31
+         * calculating last 32 w[i] values in 8 XMM registers
+         * pre-calculate K+w[i] values and store to mem
+         * for later load by ALU add instruction
+         *
+         * "brute force" vectorization for rounds 16-31 only
+         * due to w[i]->w[i-3] dependency
+         */
+        .if   ((i & 7) == 0)
+                /*
+                 * blended AVX2 and ALU instruction scheduling
+                 * 1 vector iteration per 8 rounds
+                 */
+                /* w[i-14] */
+                vpalignr        $8, WY_minus_16, WY_minus_12, WY
+                vpsrldq $4, WY_minus_04, WY_TMP               /* w[i-3] */
+        .elseif ((i & 7) == 1)
+                vpxor   WY_minus_08, WY, WY
+                vpxor   WY_minus_16, WY_TMP, WY_TMP
+        .elseif ((i & 7) == 2)
+                vpxor   WY_TMP, WY, WY
+                vpslldq $12, WY, WY_TMP2
+        .elseif ((i & 7) == 3)
+                vpslld  $1, WY, WY_TMP
+                vpsrld  $31, WY, WY
+        .elseif ((i & 7) == 4)
+                vpor    WY, WY_TMP, WY_TMP
+                vpslld  $2, WY_TMP2, WY
+        .elseif ((i & 7) == 5)
+                vpsrld  $30, WY_TMP2, WY_TMP2
+                vpxor   WY, WY_TMP, WY_TMP
+        .elseif ((i & 7) == 7)
+                vpxor   WY_TMP2, WY_TMP, WY
+                vpaddd  K_XMM(K_BASE), WY, WY_TMP
+                vmovdqu WY_TMP, PRECALC_WK(i&~7)
+                PRECALC_ROTATE_WY
+        .endif
+.endm
+.macro PRECALC_32_79
+        /*
+         * in SHA-1 specification:
+         * w[i] = (w[i-3] ^ w[i-8]  ^ w[i-14] ^ w[i-16]) rol 1
+         * instead we do equal:
+         * w[i] = (w[i-6] ^ w[i-16] ^ w[i-28] ^ w[i-32]) rol 2
+         * allows more efficient vectorization
+         * since w[i]=>w[i-3] dependency is broken
+         */
+        .if   ((i & 7) == 0)
+        /*
+         * blended AVX2 and ALU instruction scheduling
+         * 1 vector iteration per 8 rounds
+         */
+                vpalignr        $8, WY_minus_08, WY_minus_04, WY_TMP
+        .elseif ((i & 7) == 1)
+                /* W is W_minus_32 before xor */
+                vpxor   WY_minus_28, WY, WY
+        .elseif ((i & 7) == 2)
+                vpxor   WY_minus_16, WY_TMP, WY_TMP
+        .elseif ((i & 7) == 3)
+                vpxor   WY_TMP, WY, WY
+        .elseif ((i & 7) == 4)
+                vpslld  $2, WY, WY_TMP
+        .elseif ((i & 7) == 5)
+                vpsrld  $30, WY, WY
+                vpor    WY, WY_TMP, WY
+        .elseif ((i & 7) == 7)
+                vpaddd  K_XMM(K_BASE), WY, WY_TMP
+                vmovdqu WY_TMP, PRECALC_WK(i&~7)
+                PRECALC_ROTATE_WY
+        .endif
+.endm
+.macro PRECALC r, s
+        .set i, \r
+        .if (i < 40)
+                .set K_XMM, 32*0
+        .elseif (i < 80)
+                .set K_XMM, 32*1
+        .elseif (i < 120)
+                .set K_XMM, 32*2
+        .else
+                .set K_XMM, 32*3
+        .endif
+        .if (i<32)
+                PRECALC_00_15   \s
+        .elseif (i<64)
+                PRECALC_16_31   \s
+        .elseif (i < 160)
+                PRECALC_32_79   \s
+        .endif
+.endm
+.macro ROTATE_STATE
+        .set T_REG, E
+        .set E, D
+        .set D, C
+        .set C, B
+        .set B, TB
+        .set TB, A
+        .set A, T_REG
+        .set T_REG, RE
+        .set RE, RD
+        .set RD, RC
+        .set RC, RB
+        .set RB, RTB
+        .set RTB, RA
+        .set RA, T_REG
+.endm
+/* Macro relies on saved ROUND_Fx */
+.macro RND_FUN f, r
+        .if (\f == RND_F1)
+                ROUND_F1        \r
+        .elseif (\f == RND_F2)
+                ROUND_F2        \r
+        .elseif (\f == RND_F3)
+                ROUND_F3        \r
+        .endif
+.endm
+.macro RR r
+        .set round_id, (\r % 80)
+        .if (round_id == 0)        /* Precalculate F for first round */
+                .set ROUND_FUNC, RND_F1
+                mov     B, TB
+                rorx    $(32-30), B, B    /* b>>>2 */
+                andn    D, TB, T1
+                and     C, TB
+                xor     T1, TB
+        .endif
+        RND_FUN ROUND_FUNC, \r
+        ROTATE_STATE
+        .if   (round_id == 18)
+                .set ROUND_FUNC, RND_F2
+        .elseif (round_id == 38)
+                .set ROUND_FUNC, RND_F3
+        .elseif (round_id == 58)
+                .set ROUND_FUNC, RND_F2
+        .endif
+        .set round_id, ( (\r+1) % 80)
+        RND_FUN ROUND_FUNC, (\r+1)
+        ROTATE_STATE
+.endm
+.macro ROUND_F1 r
+        add     WK(\r), E
+        andn    C, A, T1                        /* ~b&d */
+        lea     (RE,RTB), E             /* Add F from the previous round */
+        rorx    $(32-5), A, TA          /* T2 = A >>> 5 */
+        rorx    $(32-30),A, TB          /* b>>>2 for next round */
+        PRECALC (\r)                    /* msg scheduling for next 2 blocks */
+        /*
+         * Calculate F for the next round
+         * (b & c) ^ andn[b, d]
+         */
+        and     B, A                    /* b&c */
+        xor     T1, A                   /* F1 = (b&c) ^ (~b&d) */
+        lea     (RE,RTA), E             /* E += A >>> 5 */
+.endm
+.macro ROUND_F2 r
+        add     WK(\r), E
+        lea     (RE,RTB), E             /* Add F from the previous round */
+        /* Calculate F for the next round */
+        rorx    $(32-5), A, TA          /* T2 = A >>> 5 */
+        .if ((round_id) < 79)
+                rorx    $(32-30), A, TB /* b>>>2 for next round */
+        .endif
+        PRECALC (\r)                    /* msg scheduling for next 2 blocks */
+        .if ((round_id) < 79)
+                xor     B, A
+        .endif
+        add     TA, E                   /* E += A >>> 5 */
+        .if ((round_id) < 79)
+                xor     C, A
+        .endif
+.endm
+.macro ROUND_F3 r
+        add     WK(\r), E
+        PRECALC (\r)                    /* msg scheduling for next 2 blocks */
+        lea     (RE,RTB), E             /* Add F from the previous round */
+        mov     B, T1
+        or      A, T1
+        rorx    $(32-5), A, TA          /* T2 = A >>> 5 */
+        rorx    $(32-30), A, TB         /* b>>>2 for next round */
+        /* Calculate F for the next round
+         * (b and c) or (d and (b or c))
+         */
+        and     C, T1
+        and     B, A
+        or      T1, A
+        add     TA, E                   /* E += A >>> 5 */
+.endm
+/*
+ * macro implements 80 rounds of SHA-1, for multiple blocks with s/w pipelining
+ */
+.macro SHA1_PIPELINED_MAIN_BODY
+        REGALLOC
+        mov     (HASH_PTR), A
+        mov     4(HASH_PTR), B
+        mov     8(HASH_PTR), C
+        mov     12(HASH_PTR), D
+        mov     16(HASH_PTR), E
+        mov     %rsp, PRECALC_BUF
+        lea     (2*4*80+32)(%rsp), WK_BUF
+        # Precalc WK for first 2 blocks
+        PRECALC_OFFSET = 0
+        .set i, 0
+        .rept    160
+                PRECALC i
+                .set i, i + 1
+        .endr
+        PRECALC_OFFSET = 128
+        xchg    WK_BUF, PRECALC_BUF
+        .align 32
+_loop:
+        /*
+         * code loops through more than one block
+         * we use K_BASE value as a signal of a last block,
+         * it is set below by: cmovae BUFFER_PTR, K_BASE
+         */
+        cmp     K_BASE, BUFFER_PTR
+        jne     _begin
+        .align 32
+        jmp     _end
+        .align 32
+_begin:
+        /*
+         * Do first block
+         * rounds: 0,2,4,6,8
+         */
+        .set j, 0
+        .rept 5
+                RR      j
+                .set j, j+2
+        .endr
+        jmp _loop0
+_loop0:
+        /*
+         * rounds:
+         * 10,12,14,16,18
+         * 20,22,24,26,28
+         * 30,32,34,36,38
+         * 40,42,44,46,48
+         * 50,52,54,56,58
+         */
+        .rept 25
+                RR      j
+                .set j, j+2
+        .endr
+        add     $(2*64), BUFFER_PTR       /* move to next odd-64-byte block */
+        cmp     BUFFER_END, BUFFER_PTR    /* is current block the last one? */
+        cmovae  K_BASE, BUFFER_PTR      /* signal the last iteration smartly */
+        /*
+         * rounds
+         * 60,62,64,66,68
+         * 70,72,74,76,78
+         */
+        .rept 10
+                RR      j
+                .set j, j+2
+        .endr
+        UPDATE_HASH     (HASH_PTR), A
+        UPDATE_HASH     4(HASH_PTR), TB
+        UPDATE_HASH     8(HASH_PTR), C
+        UPDATE_HASH     12(HASH_PTR), D
+        UPDATE_HASH     16(HASH_PTR), E
+        cmp     K_BASE, BUFFER_PTR      /* is current block the last one? */
+        je      _loop
+        mov     TB, B
+        /* Process second block */
+        /*
+         * rounds
+         *  0+80, 2+80, 4+80, 6+80, 8+80
+         * 10+80,12+80,14+80,16+80,18+80
+         */
+        .set j, 0
+        .rept 10
+                RR      j+80
+                .set j, j+2
+        .endr
+        jmp     _loop1
+_loop1:
+        /*
+         * rounds
+         * 20+80,22+80,24+80,26+80,28+80
+         * 30+80,32+80,34+80,36+80,38+80
+         */
+        .rept 10
+                RR      j+80
+                .set j, j+2
+        .endr
+        jmp     _loop2
+_loop2:
+        /*
+         * rounds
+         * 40+80,42+80,44+80,46+80,48+80
+         * 50+80,52+80,54+80,56+80,58+80
+         */
+        .rept 10
+                RR      j+80
+                .set j, j+2
+        .endr
+        add     $(2*64), BUFFER_PTR2      /* move to next even-64-byte block */
+        cmp     BUFFER_END, BUFFER_PTR2   /* is current block the last one */
+        cmovae  K_BASE, BUFFER_PTR       /* signal the last iteration smartly */
+        jmp     _loop3
+_loop3:
+        /*
+         * rounds
+         * 60+80,62+80,64+80,66+80,68+80
+         * 70+80,72+80,74+80,76+80,78+80
+         */
+        .rept 10
+                RR      j+80
+                .set j, j+2
+        .endr
+        UPDATE_HASH     (HASH_PTR), A
+        UPDATE_HASH     4(HASH_PTR), TB
+        UPDATE_HASH     8(HASH_PTR), C
+        UPDATE_HASH     12(HASH_PTR), D
+        UPDATE_HASH     16(HASH_PTR), E
+        /* Reset state for AVX2 reg permutation */
+        mov     A, TA
+        mov     TB, A
+        mov     C, TB
+        mov     E, C
+        mov     D, B
+        mov     TA, D
+        REGALLOC
+        xchg    WK_BUF, PRECALC_BUF
+        jmp     _loop
+        .align 32
+        _end:
+.endm
+/*
+ * macro implements SHA-1 function's body for several 64-byte blocks
+ * param: function's name
+ */
+.macro SHA1_VECTOR_ASM  name
+        ENTRY(\name)
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        RESERVE_STACK  = (W_SIZE*4 + 8+24)
+        /* Align stack */
+        mov     %rsp, %rbx
+        and     $~(0x20-1), %rsp
+        push    %rbx
+        sub     $RESERVE_STACK, %rsp
+        avx2_zeroupper
+        lea     K_XMM_AR(%rip), K_BASE
+        mov     CTX, HASH_PTR
+        mov     BUF, BUFFER_PTR
+        lea     64(BUF), BUFFER_PTR2
+        shl     $6, CNT                 /* mul by 64 */
+        add     BUF, CNT
+        add     $64, CNT
+        mov     CNT, BUFFER_END
+        cmp     BUFFER_END, BUFFER_PTR2
+        cmovae  K_BASE, BUFFER_PTR2
+        xmm_mov BSWAP_SHUFB_CTL(%rip), YMM_SHUFB_BSWAP
+        SHA1_PIPELINED_MAIN_BODY
+        avx2_zeroupper
+        add     $RESERVE_STACK, %rsp
+        pop     %rsp
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        ret
+        ENDPROC(\name)
+.endm
+.section .rodata
+#define K1 0x5a827999
+#define K2 0x6ed9eba1
+#define K3 0x8f1bbcdc
+#define K4 0xca62c1d6
+.align 128
+K_XMM_AR:
+        .long K1, K1, K1, K1
+        .long K1, K1, K1, K1
+        .long K2, K2, K2, K2
+        .long K2, K2, K2, K2
+        .long K3, K3, K3, K3
+        .long K3, K3, K3, K3
+        .long K4, K4, K4, K4
+        .long K4, K4, K4, K4
+BSWAP_SHUFB_CTL:
+        .long 0x00010203
+        .long 0x04050607
+        .long 0x08090a0b
+        .long 0x0c0d0e0f
+        .long 0x00010203
+        .long 0x04050607
+        .long 0x08090a0b
+        .long 0x0c0d0e0f
+.text
+SHA1_VECTOR_ASM     sha1_transform_avx2
diff --git a/arch/x86/crypto/sha1_ssse3_glue.c b/arch/x86/crypto/sha1_ssse3_glue.c
index 4a11a9d72451..74d16ef707c7 100644
--- a/arch/x86/crypto/sha1_ssse3_glue.c
+++ b/arch/x86/crypto/sha1_ssse3_glue.c
@@ -10,6 +10,7 @@
 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
 * Copyright (c) Jean-Francois Dive <jef@linuxbe.org>
 * Copyright (c) Mathias Krause <minipli@googlemail.com>
+ * Copyright (c) Chandramouli Narayanan <mouli@linux.intel.com>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
@@ -39,6 +40,12 @@ asmlinkage void sha1_transform_ssse3(u32 *digest, const char *data,
 asmlinkage void sha1_transform_avx(u32 *digest, const char *data,
                                   unsigned int rounds);
 #endif
+#ifdef CONFIG_AS_AVX2
+#define SHA1_AVX2_BLOCK_OPTSIZE 4       /* optimal 4*64 bytes of SHA1 blocks */
+asmlinkage void sha1_transform_avx2(u32 *digest, const char *data,
+                                unsigned int rounds);
+#endif
 static asmlinkage void (*sha1_transform_asm)(u32 *, const char *, unsigned int);
@@ -165,6 +172,18 @@ static int sha1_ssse3_import(struct shash_desc *desc, const void *in)
        return 0;
 }
+#ifdef CONFIG_AS_AVX2
+static void sha1_apply_transform_avx2(u32 *digest, const char *data,
+                                unsigned int rounds)
+{
+        /* Select the optimal transform based on data block size */
+        if (rounds >= SHA1_AVX2_BLOCK_OPTSIZE)
+                sha1_transform_avx2(digest, data, rounds);
+        else
+                sha1_transform_avx(digest, data, rounds);
+}
+#endif
 static struct shash_alg alg = {
        .digestsize     =       SHA1_DIGEST_SIZE,
        .init           =       sha1_ssse3_init,
@@ -201,27 +220,49 @@ static bool __init avx_usable(void)
        return true;
 }
+#ifdef CONFIG_AS_AVX2
+static bool __init avx2_usable(void)
+{
+        if (avx_usable() && cpu_has_avx2 && boot_cpu_has(X86_FEATURE_BMI1) &&
+            boot_cpu_has(X86_FEATURE_BMI2))
+                return true;
+        return false;
+}
+#endif
 #endif
 static int __init sha1_ssse3_mod_init(void)
 {
+        char *algo_name;
        /* test for SSSE3 first */
-        if (cpu_has_ssse3)
+        if (cpu_has_ssse3) {
                sha1_transform_asm = sha1_transform_ssse3;
+                algo_name = "SSSE3";
+        }
 #ifdef CONFIG_AS_AVX
        /* allow AVX to override SSSE3, it's a little faster */
-        if (avx_usable())
+        if (avx_usable()) {
                sha1_transform_asm = sha1_transform_avx;
+                algo_name = "AVX";
+#ifdef CONFIG_AS_AVX2
+                /* allow AVX2 to override AVX, it's a little faster */
+                if (avx2_usable()) {
+                        sha1_transform_asm = sha1_apply_transform_avx2;
+                        algo_name = "AVX2";
+                }
+#endif
+        }
 #endif
        if (sha1_transform_asm) {
-                pr_info("Using %s optimized SHA-1 implementation\n",
+                pr_info("Using %s optimized SHA-1 implementation\n", algo_name);
-                        sha1_transform_asm == sha1_transform_ssse3 ? "SSSE3"
-                                                                   : "AVX");
                return crypto_register_shash(&alg);
        }
-        pr_info("Neither AVX nor SSSE3 is available/usable.\n");
+        pr_info("Neither AVX nor AVX2 nor SSSE3 is available/usable.\n");
        return -ENODEV;
 }
diff --git a/arch/x86/include/asm/Kbuild b/arch/x86/include/asm/Kbuild
index 7f669853317a..3ca9762e1649 100644
--- a/arch/x86/include/asm/Kbuild
+++ b/arch/x86/include/asm/Kbuild
@@ -5,3 +5,6 @@ genhdr-y += unistd_64.h
 genhdr-y += unistd_x32.h
 generic-y += clkdev.h
+generic-y += early_ioremap.h
+generic-y += cputime.h
+generic-y += mcs_spinlock.h
diff --git a/arch/x86/include/asm/amd_nb.h b/arch/x86/include/asm/amd_nb.h
index a54ee1d054d9..aaac3b2fb746 100644
--- a/arch/x86/include/asm/amd_nb.h
+++ b/arch/x86/include/asm/amd_nb.h
@@ -19,7 +19,7 @@ extern int amd_cache_northbridges(void);
 extern void amd_flush_garts(void);
 extern int amd_numa_init(void);
 extern int amd_get_subcaches(int);
-extern int amd_set_subcaches(int, int);
+extern int amd_set_subcaches(int, unsigned long);
 struct amd_l3_cache {
        unsigned indices;
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index 1d2091a226bc..19b0ebafcd3e 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -93,9 +93,6 @@ static inline int is_vsmp_box(void)
        return 0;
 }
 #endif
-extern void xapic_wait_icr_idle(void);
-extern u32 safe_xapic_wait_icr_idle(void);
-extern void xapic_icr_write(u32, u32);
 extern int setup_profiling_timer(unsigned int);
 static inline void native_apic_mem_write(u32 reg, u32 v)
@@ -184,7 +181,6 @@ extern int x2apic_phys;
 extern int x2apic_preenabled;
 extern void check_x2apic(void);
 extern void enable_x2apic(void);
-extern void x2apic_icr_write(u32 low, u32 id);
 static inline int x2apic_enabled(void)
 {
        u64 msr;
@@ -221,7 +217,6 @@ static inline void x2apic_force_phys(void)
 {
 }
-#define nox2apic        0
 #define x2apic_preenabled 0
 #define x2apic_supported()      0
 #endif
@@ -351,7 +346,7 @@ struct apic {
        int trampoline_phys_low;
        int trampoline_phys_high;
-        void (*wait_for_init_deassert)(atomic_t *deassert);
+        bool wait_for_init_deassert;
        void (*smp_callin_clear_local_apic)(void);
        void (*inquire_remote_apic)(int apicid);
@@ -517,13 +512,6 @@ extern int default_cpu_present_to_apicid(int mps_cpu);
 extern int default_check_phys_apicid_present(int phys_apicid);
 #endif
-static inline void default_wait_for_init_deassert(atomic_t *deassert)
-{
-        while (!atomic_read(deassert))
-                cpu_relax();
-        return;
-}
 extern void generic_bigsmp_probe(void);
diff --git a/arch/x86/include/asm/archrandom.h b/arch/x86/include/asm/archrandom.h
index 0d9ec770f2f8..69f1366f1aa3 100644
--- a/arch/x86/include/asm/archrandom.h
+++ b/arch/x86/include/asm/archrandom.h
@@ -1,7 +1,7 @@
 /*
 * This file is part of the Linux kernel.
 *
- * Copyright (c) 2011, Intel Corporation
+ * Copyright (c) 2011-2014, Intel Corporation
 * Authors: Fenghua Yu <fenghua.yu@intel.com>,
 *          H. Peter Anvin <hpa@linux.intel.com>
 *
@@ -31,14 +31,41 @@
 #define RDRAND_RETRY_LOOPS      10
 #define RDRAND_INT      ".byte 0x0f,0xc7,0xf0"
+#define RDSEED_INT      ".byte 0x0f,0xc7,0xf8"
 #ifdef CONFIG_X86_64
 # define RDRAND_LONG    ".byte 0x48,0x0f,0xc7,0xf0"
+# define RDSEED_LONG    ".byte 0x48,0x0f,0xc7,0xf8"
 #else
 # define RDRAND_LONG    RDRAND_INT
+# define RDSEED_LONG    RDSEED_INT
 #endif
 #ifdef CONFIG_ARCH_RANDOM
+/* Instead of arch_get_random_long() when alternatives haven't run. */
+static inline int rdrand_long(unsigned long *v)
+{
+        int ok;
+        asm volatile("1: " RDRAND_LONG "\n\t"
+                     "jc 2f\n\t"
+                     "decl %0\n\t"
+                     "jnz 1b\n\t"
+                     "2:"
+                     : "=r" (ok), "=a" (*v)
+                     : "0" (RDRAND_RETRY_LOOPS));
+        return ok;
+}
+/* A single attempt at RDSEED */
+static inline bool rdseed_long(unsigned long *v)
+{
+        unsigned char ok;
+        asm volatile(RDSEED_LONG "\n\t"
+                     "setc %0"
+                     : "=qm" (ok), "=a" (*v));
+        return ok;
+}
 #define GET_RANDOM(name, type, rdrand, nop)                     \
 static inline int name(type *v)                                 \
 {                                                               \
@@ -56,18 +83,52 @@ static inline int name(type *v)					\
        return ok;                                              \
 }
+#define GET_SEED(name, type, rdseed, nop)                       \
+static inline int name(type *v)                                 \
+{                                                               \
+        unsigned char ok;                                       \
+        alternative_io("movb $0, %0\n\t"                        \
+                       nop,                                     \
+                       rdseed "\n\t"                            \
+                       "setc %0",                               \
+                       X86_FEATURE_RDSEED,                      \
+                       ASM_OUTPUT2("=q" (ok), "=a" (*v)));      \
+        return ok;                                              \
+}
 #ifdef CONFIG_X86_64
 GET_RANDOM(arch_get_random_long, unsigned long, RDRAND_LONG, ASM_NOP5);
 GET_RANDOM(arch_get_random_int, unsigned int, RDRAND_INT, ASM_NOP4);
+GET_SEED(arch_get_random_seed_long, unsigned long, RDSEED_LONG, ASM_NOP5);
+GET_SEED(arch_get_random_seed_int, unsigned int, RDSEED_INT, ASM_NOP4);
 #else
 GET_RANDOM(arch_get_random_long, unsigned long, RDRAND_LONG, ASM_NOP3);
 GET_RANDOM(arch_get_random_int, unsigned int, RDRAND_INT, ASM_NOP3);
+GET_SEED(arch_get_random_seed_long, unsigned long, RDSEED_LONG, ASM_NOP4);
+GET_SEED(arch_get_random_seed_int, unsigned int, RDSEED_INT, ASM_NOP4);
 #endif /* CONFIG_X86_64 */
+#define arch_has_random()       static_cpu_has(X86_FEATURE_RDRAND)
+#define arch_has_random_seed()  static_cpu_has(X86_FEATURE_RDSEED)
+#else
+static inline int rdrand_long(unsigned long *v)
+{
+        return 0;
+}
+static inline bool rdseed_long(unsigned long *v)
+{
+        return 0;
+}
 #endif  /* CONFIG_ARCH_RANDOM */
 extern void x86_init_rdrand(struct cpuinfo_x86 *c);
diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h
index c6cd358a1eec..69bbb4845020 100644
--- a/arch/x86/include/asm/barrier.h
+++ b/arch/x86/include/asm/barrier.h
@@ -85,19 +85,56 @@
 #else
 # define smp_rmb()      barrier()
 #endif
-#ifdef CONFIG_X86_OOSTORE
+#define smp_wmb()       barrier()
-# define smp_wmb()      wmb()
-#else
-# define smp_wmb()      barrier()
-#endif
 #define smp_read_barrier_depends()      read_barrier_depends()
 #define set_mb(var, value) do { (void)xchg(&var, value); } while (0)
-#else
+#else /* !SMP */
 #define smp_mb()        barrier()
 #define smp_rmb()       barrier()
 #define smp_wmb()       barrier()
 #define smp_read_barrier_depends()      do { } while (0)
 #define set_mb(var, value) do { var = value; barrier(); } while (0)
+#endif /* SMP */
+#if defined(CONFIG_X86_PPRO_FENCE)
+/*
+ * For either of these options x86 doesn't have a strong TSO memory
+ * model and we should fall back to full barriers.
+ */
+#define smp_store_release(p, v)                                         \
+do {                                                                    \
+        compiletime_assert_atomic_type(*p);                             \
+        smp_mb();                                                       \
+        ACCESS_ONCE(*p) = (v);                                          \
+} while (0)
+#define smp_load_acquire(p)                                             \
+({                                                                      \
+        typeof(*p) ___p1 = ACCESS_ONCE(*p);                             \
+        compiletime_assert_atomic_type(*p);                             \
+        smp_mb();                                                       \
+        ___p1;                                                          \
+})
+#else /* regular x86 TSO memory ordering */
+#define smp_store_release(p, v)                                         \
+do {                                                                    \
+        compiletime_assert_atomic_type(*p);                             \
+        barrier();                                                      \
+        ACCESS_ONCE(*p) = (v);                                          \
+} while (0)
+#define smp_load_acquire(p)                                             \
+({                                                                      \
+        typeof(*p) ___p1 = ACCESS_ONCE(*p);                             \
+        compiletime_assert_atomic_type(*p);                             \
+        barrier();                                                      \
+        ___p1;                                                          \
+})
 #endif
 /*
diff --git a/arch/x86/include/asm/bug.h b/arch/x86/include/asm/bug.h
index 2f03ff018d36..ba38ebbaced3 100644
--- a/arch/x86/include/asm/bug.h
+++ b/arch/x86/include/asm/bug.h
@@ -1,7 +1,6 @@
 #ifndef _ASM_X86_BUG_H
 #define _ASM_X86_BUG_H
-#ifdef CONFIG_BUG
 #define HAVE_ARCH_BUG
 #ifdef CONFIG_DEBUG_BUGVERBOSE
@@ -33,8 +32,6 @@ do {								\
 } while (0)
 #endif
-#endif /* !CONFIG_BUG */
 #include <asm-generic/bug.h>
 #endif /* _ASM_X86_BUG_H */
diff --git a/arch/x86/include/asm/clocksource.h b/arch/x86/include/asm/clocksource.h
index 16a57f4ed64d..eda81dc0f4ae 100644
--- a/arch/x86/include/asm/clocksource.h
+++ b/arch/x86/include/asm/clocksource.h
@@ -3,8 +3,6 @@
 #ifndef _ASM_X86_CLOCKSOURCE_H
 #define _ASM_X86_CLOCKSOURCE_H
-#ifdef CONFIG_X86_64
 #define VCLOCK_NONE 0  /* No vDSO clock available.      */
 #define VCLOCK_TSC  1  /* vDSO should use vread_tsc.    */
 #define VCLOCK_HPET 2  /* vDSO should use vread_hpet.   */
@@ -14,6 +12,4 @@ struct arch_clocksource_data {
        int vclock_mode;
 };
-#endif /* CONFIG_X86_64 */
 #endif /* _ASM_X86_CLOCKSOURCE_H */
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 89270b4318db..e265ff95d16d 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -37,7 +37,7 @@
 #define X86_FEATURE_PAT         (0*32+16) /* Page Attribute Table */
 #define X86_FEATURE_PSE36       (0*32+17) /* 36-bit PSEs */
 #define X86_FEATURE_PN          (0*32+18) /* Processor serial number */
-#define X86_FEATURE_CLFLSH      (0*32+19) /* "clflush" CLFLUSH instruction */
+#define X86_FEATURE_CLFLUSH     (0*32+19) /* CLFLUSH instruction */
 #define X86_FEATURE_DS          (0*32+21) /* "dts" Debug Store */
 #define X86_FEATURE_ACPI        (0*32+22) /* ACPI via MSR */
 #define X86_FEATURE_MMX         (0*32+23) /* Multimedia Extensions */
@@ -216,9 +216,15 @@
 #define X86_FEATURE_ERMS        (9*32+ 9) /* Enhanced REP MOVSB/STOSB */
 #define X86_FEATURE_INVPCID     (9*32+10) /* Invalidate Processor Context ID */
 #define X86_FEATURE_RTM         (9*32+11) /* Restricted Transactional Memory */
+#define X86_FEATURE_MPX         (9*32+14) /* Memory Protection Extension */
+#define X86_FEATURE_AVX512F     (9*32+16) /* AVX-512 Foundation */
 #define X86_FEATURE_RDSEED      (9*32+18) /* The RDSEED instruction */
 #define X86_FEATURE_ADX         (9*32+19) /* The ADCX and ADOX instructions */
 #define X86_FEATURE_SMAP        (9*32+20) /* Supervisor Mode Access Prevention */
+#define X86_FEATURE_CLFLUSHOPT  (9*32+23) /* CLFLUSHOPT instruction */
+#define X86_FEATURE_AVX512PF    (9*32+26) /* AVX-512 Prefetch */
+#define X86_FEATURE_AVX512ER    (9*32+27) /* AVX-512 Exponential and Reciprocal */
+#define X86_FEATURE_AVX512CD    (9*32+28) /* AVX-512 Conflict Detection */
 /*
 * BUG word(s)
@@ -312,7 +318,7 @@ extern const char * const x86_power_flags[32];
 #define cpu_has_pmm_enabled     boot_cpu_has(X86_FEATURE_PMM_EN)
 #define cpu_has_ds              boot_cpu_has(X86_FEATURE_DS)
 #define cpu_has_pebs            boot_cpu_has(X86_FEATURE_PEBS)
-#define cpu_has_clflush         boot_cpu_has(X86_FEATURE_CLFLSH)
+#define cpu_has_clflush         boot_cpu_has(X86_FEATURE_CLFLUSH)
 #define cpu_has_bts             boot_cpu_has(X86_FEATURE_BTS)
 #define cpu_has_gbpages         boot_cpu_has(X86_FEATURE_GBPAGES)
 #define cpu_has_arch_perfmon    boot_cpu_has(X86_FEATURE_ARCH_PERFMON)
@@ -540,6 +546,13 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
 #define static_cpu_has_bug(bit) static_cpu_has((bit))
 #define boot_cpu_has_bug(bit)   cpu_has_bug(&boot_cpu_data, (bit))
+#define MAX_CPU_FEATURES        (NCAPINTS * 32)
+#define cpu_have_feature        boot_cpu_has
+#define CPU_FEATURE_TYPEFMT     "x86,ven%04Xfam%04Xmod%04X"
+#define CPU_FEATURE_TYPEVAL     boot_cpu_data.x86_vendor, boot_cpu_data.x86, \
+                                boot_cpu_data.x86_model
 #endif /* defined(__KERNEL__) && !defined(__ASSEMBLY__) */
 #endif /* _ASM_X86_CPUFEATURE_H */
diff --git a/arch/x86/include/asm/cputime.h b/arch/x86/include/asm/cputime.h
deleted file mode 100644
index 6d68ad7e0ea3..000000000000
--- a/arch/x86/include/asm/cputime.h
+++ /dev/null
@@ -1 +0,0 @@
-#include <asm-generic/cputime.h>
diff --git a/arch/x86/include/asm/dmi.h b/arch/x86/include/asm/dmi.h
index fd8f9e2ca35f..535192f6bfad 100644
--- a/arch/x86/include/asm/dmi.h
+++ b/arch/x86/include/asm/dmi.h
@@ -13,7 +13,9 @@ static __always_inline __init void *dmi_alloc(unsigned len)
 }
 /* Use early IO mappings for DMI because it's initialized early */
-#define dmi_ioremap early_ioremap
+#define dmi_early_remap         early_ioremap
-#define dmi_iounmap early_iounmap
+#define dmi_early_unmap         early_iounmap
+#define dmi_remap               ioremap
+#define dmi_unmap               iounmap
 #endif /* _ASM_X86_DMI_H */
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
index 65c6e6e3a552..0869434eaf72 100644
--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -1,9 +1,29 @@
 #ifndef _ASM_X86_EFI_H
 #define _ASM_X86_EFI_H
+/*
+ * We map the EFI regions needed for runtime services non-contiguously,
+ * with preserved alignment on virtual addresses starting from -4G down
+ * for a total max space of 64G. This way, we provide for stable runtime
+ * services addresses across kernels so that a kexec'd kernel can still
+ * use them.
+ *
+ * This is the main reason why we're doing stable VA mappings for RT
+ * services.
+ *
+ * This flag is used in conjuction with a chicken bit called
+ * "efi=old_map" which can be used as a fallback to the old runtime
+ * services mapping method in case there's some b0rkage with a
+ * particular EFI implementation (haha, it is hard to hold up the
+ * sarcasm here...).
+ */
+#define EFI_OLD_MEMMAP          EFI_ARCH_1
+#define EFI32_LOADER_SIGNATURE  "EL32"
+#define EFI64_LOADER_SIGNATURE  "EL64"
 #ifdef CONFIG_X86_32
-#define EFI_LOADER_SIGNATURE    "EL32"
 extern unsigned long asmlinkage efi_call_phys(void *, ...);
@@ -39,8 +59,6 @@ extern unsigned long asmlinkage efi_call_phys(void *, ...);
 #else /* !CONFIG_X86_32 */
-#define EFI_LOADER_SIGNATURE    "EL64"
 extern u64 efi_call0(void *fp);
 extern u64 efi_call1(void *fp, u64 arg1);
 extern u64 efi_call2(void *fp, u64 arg1, u64 arg2);
@@ -69,24 +87,31 @@ extern u64 efi_call6(void *fp, u64 arg1, u64 arg2, u64 arg3,
        efi_call6((f), (u64)(a1), (u64)(a2), (u64)(a3),         \
                  (u64)(a4), (u64)(a5), (u64)(a6))
+#define _efi_call_virtX(x, f, ...)                                      \
+({                                                                      \
+        efi_status_t __s;                                               \
+                                                                        \
+        efi_sync_low_kernel_mappings();                                 \
+        preempt_disable();                                              \
+        __s = efi_call##x((void *)efi.systab->runtime->f, __VA_ARGS__); \
+        preempt_enable();                                               \
+        __s;                                                            \
+})
 #define efi_call_virt0(f)                               \
-        efi_call0((efi.systab->runtime->f))
+        _efi_call_virtX(0, f)
-#define efi_call_virt1(f, a1)                                   \
+#define efi_call_virt1(f, a1)                           \
-        efi_call1((efi.systab->runtime->f), (u64)(a1))
+        _efi_call_virtX(1, f, (u64)(a1))
-#define efi_call_virt2(f, a1, a2)                                       \
+#define efi_call_virt2(f, a1, a2)                       \
-        efi_call2((efi.systab->runtime->f), (u64)(a1), (u64)(a2))
+        _efi_call_virtX(2, f, (u64)(a1), (u64)(a2))
-#define efi_call_virt3(f, a1, a2, a3)                                   \
+#define efi_call_virt3(f, a1, a2, a3)                   \
-        efi_call3((efi.systab->runtime->f), (u64)(a1), (u64)(a2), \
+        _efi_call_virtX(3, f, (u64)(a1), (u64)(a2), (u64)(a3))
-                  (u64)(a3))
+#define efi_call_virt4(f, a1, a2, a3, a4)               \
-#define efi_call_virt4(f, a1, a2, a3, a4)                               \
+        _efi_call_virtX(4, f, (u64)(a1), (u64)(a2), (u64)(a3), (u64)(a4))
-        efi_call4((efi.systab->runtime->f), (u64)(a1), (u64)(a2), \
+#define efi_call_virt5(f, a1, a2, a3, a4, a5)           \
-                  (u64)(a3), (u64)(a4))
+        _efi_call_virtX(5, f, (u64)(a1), (u64)(a2), (u64)(a3), (u64)(a4), (u64)(a5))
-#define efi_call_virt5(f, a1, a2, a3, a4, a5)                           \
+#define efi_call_virt6(f, a1, a2, a3, a4, a5, a6)       \
-        efi_call5((efi.systab->runtime->f), (u64)(a1), (u64)(a2), \
+        _efi_call_virtX(6, f, (u64)(a1), (u64)(a2), (u64)(a3), (u64)(a4), (u64)(a5), (u64)(a6))
-                  (u64)(a3), (u64)(a4), (u64)(a5))
-#define efi_call_virt6(f, a1, a2, a3, a4, a5, a6)                       \
-        efi_call6((efi.systab->runtime->f), (u64)(a1), (u64)(a2), \
-                  (u64)(a3), (u64)(a4), (u64)(a5), (u64)(a6))
 extern void __iomem *efi_ioremap(unsigned long addr, unsigned long size,
                                 u32 type, u64 attribute);
@@ -94,13 +119,33 @@ extern void __iomem *efi_ioremap(unsigned long addr, unsigned long size,
 #endif /* CONFIG_X86_32 */
 extern int add_efi_memmap;
-extern unsigned long x86_efi_facility;
+extern struct efi_scratch efi_scratch;
 extern void efi_set_executable(efi_memory_desc_t *md, bool executable);
 extern int efi_memblock_x86_reserve_range(void);
 extern void efi_call_phys_prelog(void);
 extern void efi_call_phys_epilog(void);
 extern void efi_unmap_memmap(void);
 extern void efi_memory_uc(u64 addr, unsigned long size);
+extern void __init efi_map_region(efi_memory_desc_t *md);
+extern void __init efi_map_region_fixed(efi_memory_desc_t *md);
+extern void efi_sync_low_kernel_mappings(void);
+extern int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages);
+extern void efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages);
+extern void __init old_map_region(efi_memory_desc_t *md);
+extern void __init runtime_code_page_mkexec(void);
+extern void __init efi_runtime_mkexec(void);
+extern void __init efi_dump_pagetable(void);
+extern void __init efi_apply_memmap_quirks(void);
+struct efi_setup_data {
+        u64 fw_vendor;
+        u64 runtime;
+        u64 tables;
+        u64 smbios;
+        u64 reserved[8];
+};
+extern u64 efi_setup;
 #ifdef CONFIG_EFI
@@ -109,8 +154,40 @@ static inline bool efi_is_native(void)
        return IS_ENABLED(CONFIG_X86_64) == efi_enabled(EFI_64BIT);
 }
-extern struct console early_efi_console;
+static inline bool efi_runtime_supported(void)
+{
+        if (efi_is_native())
+                return true;
+        if (IS_ENABLED(CONFIG_EFI_MIXED) && !efi_enabled(EFI_OLD_MEMMAP))
+                return true;
+        return false;
+}
+extern struct console early_efi_console;
+extern void parse_efi_setup(u64 phys_addr, u32 data_len);
+#ifdef CONFIG_EFI_MIXED
+extern void efi_thunk_runtime_setup(void);
+extern efi_status_t efi_thunk_set_virtual_address_map(
+        void *phys_set_virtual_address_map,
+        unsigned long memory_map_size,
+        unsigned long descriptor_size,
+        u32 descriptor_version,
+        efi_memory_desc_t *virtual_map);
+#else
+static inline void efi_thunk_runtime_setup(void) {}
+static inline efi_status_t efi_thunk_set_virtual_address_map(
+        void *phys_set_virtual_address_map,
+        unsigned long memory_map_size,
+        unsigned long descriptor_size,
+        u32 descriptor_version,
+        efi_memory_desc_t *virtual_map)
+{
+        return EFI_SUCCESS;
+}
+#endif /* CONFIG_EFI_MIXED */
 #else
 /*
 * IF EFI is not configured, have the EFI calls return -ENOSYS.
@@ -122,6 +199,7 @@ extern struct console early_efi_console;
 #define efi_call4(_f, _a1, _a2, _a3, _a4)               (-ENOSYS)
 #define efi_call5(_f, _a1, _a2, _a3, _a4, _a5)          (-ENOSYS)
 #define efi_call6(_f, _a1, _a2, _a3, _a4, _a5, _a6)     (-ENOSYS)
+static inline void parse_efi_setup(u64 phys_addr, u32 data_len) {}
 #endif /* CONFIG_EFI */
 #endif /* _ASM_X86_EFI_H */
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
index 9c999c1674fa..2c71182d30ef 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -281,16 +281,12 @@ do {									\
 #define STACK_RND_MASK (0x7ff)
-#define VDSO_HIGH_BASE          (__fix_to_virt(FIX_VDSO))
 #define ARCH_DLINFO             ARCH_DLINFO_IA32(vdso_enabled)
 /* update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT entries changes */
 #else /* CONFIG_X86_32 */
-#define VDSO_HIGH_BASE          0xffffe000U /* CONFIG_COMPAT_VDSO address */
 /* 1GB for 64bit, 8MB for 32bit */
 #define STACK_RND_MASK (test_thread_flag(TIF_ADDR32) ? 0x7ff : 0x3fffff)
diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h
index e846225265ed..43f482a0db37 100644
--- a/arch/x86/include/asm/fixmap.h
+++ b/arch/x86/include/asm/fixmap.h
@@ -40,15 +40,8 @@
 */
 extern unsigned long __FIXADDR_TOP;
 #define FIXADDR_TOP     ((unsigned long)__FIXADDR_TOP)
-#define FIXADDR_USER_START     __fix_to_virt(FIX_VDSO)
-#define FIXADDR_USER_END       __fix_to_virt(FIX_VDSO - 1)
 #else
 #define FIXADDR_TOP     (VSYSCALL_END-PAGE_SIZE)
-/* Only covers 32bit vsyscalls currently. Need another set for 64bit. */
-#define FIXADDR_USER_START      ((unsigned long)VSYSCALL32_VSYSCALL)
-#define FIXADDR_USER_END        (FIXADDR_USER_START + PAGE_SIZE)
 #endif
@@ -74,7 +67,6 @@ extern unsigned long __FIXADDR_TOP;
 enum fixed_addresses {
 #ifdef CONFIG_X86_32
        FIX_HOLE,
-        FIX_VDSO,
 #else
        VSYSCALL_LAST_PAGE,
        VSYSCALL_FIRST_PAGE = VSYSCALL_LAST_PAGE
@@ -98,12 +90,6 @@ enum fixed_addresses {
        FIX_IO_APIC_BASE_0,
        FIX_IO_APIC_BASE_END = FIX_IO_APIC_BASE_0 + MAX_IO_APICS - 1,
 #endif
-#ifdef CONFIG_X86_VISWS_APIC
-        FIX_CO_CPU,     /* Cobalt timer */
-        FIX_CO_APIC,    /* Cobalt APIC Redirection Table */
-        FIX_LI_PCIA,    /* Lithium PCI Bridge A */
-        FIX_LI_PCIB,    /* Lithium PCI Bridge B */
-#endif
        FIX_RO_IDT,     /* Virtual mapping for read-only IDT */
 #ifdef CONFIG_X86_32
        FIX_KMAP_BEGIN, /* reserved pte's for temporary kernel mappings */
@@ -175,64 +161,13 @@ static inline void __set_fixmap(enum fixed_addresses idx,
 }
 #endif
-#define set_fixmap(idx, phys)                           \
+#include <asm-generic/fixmap.h>
-        __set_fixmap(idx, phys, PAGE_KERNEL)
-/*
- * Some hardware wants to get fixmapped without caching.
- */
-#define set_fixmap_nocache(idx, phys)                   \
-        __set_fixmap(idx, phys, PAGE_KERNEL_NOCACHE)
-#define clear_fixmap(idx)                       \
-        __set_fixmap(idx, 0, __pgprot(0))
-#define __fix_to_virt(x)        (FIXADDR_TOP - ((x) << PAGE_SHIFT))
-#define __virt_to_fix(x)        ((FIXADDR_TOP - ((x)&PAGE_MASK)) >> PAGE_SHIFT)
-extern void __this_fixmap_does_not_exist(void);
-/*
- * 'index to address' translation. If anyone tries to use the idx
- * directly without translation, we catch the bug with a NULL-deference
- * kernel oops. Illegal ranges of incoming indices are caught too.
- */
-static __always_inline unsigned long fix_to_virt(const unsigned int idx)
-{
-        /*
-         * this branch gets completely eliminated after inlining,
-         * except when someone tries to use fixaddr indices in an
-         * illegal way. (such as mixing up address types or using
-         * out-of-range indices).
-         *
-         * If it doesn't get removed, the linker will complain
-         * loudly with a reasonably clear error message..
-         */
-        if (idx >= __end_of_fixed_addresses)
-                __this_fixmap_does_not_exist();
-        return __fix_to_virt(idx);
-}
-static inline unsigned long virt_to_fix(const unsigned long vaddr)
-{
-        BUG_ON(vaddr >= FIXADDR_TOP || vaddr < FIXADDR_START);
-        return __virt_to_fix(vaddr);
-}
-/* Return an pointer with offset calculated */
-static __always_inline unsigned long
-__set_fixmap_offset(enum fixed_addresses idx, phys_addr_t phys, pgprot_t flags)
-{
-        __set_fixmap(idx, phys, flags);
-        return fix_to_virt(idx) + (phys & (PAGE_SIZE - 1));
-}
-#define set_fixmap_offset(idx, phys)                    \
+#define __late_set_fixmap(idx, phys, flags) __set_fixmap(idx, phys, flags)
-        __set_fixmap_offset(idx, phys, PAGE_KERNEL)
+#define __late_clear_fixmap(idx) __set_fixmap(idx, 0, __pgprot(0))
-#define set_fixmap_offset_nocache(idx, phys)                    \
+void __early_set_fixmap(enum fixed_addresses idx,
-        __set_fixmap_offset(idx, phys, PAGE_KERNEL_NOCACHE)
+                        phys_addr_t phys, pgprot_t flags);
 #endif /* !__ASSEMBLY__ */
 #endif /* _ASM_X86_FIXMAP_H */
diff --git a/arch/x86/include/asm/floppy.h b/arch/x86/include/asm/floppy.h
index d3d74698dce9..1c7eefe32502 100644
--- a/arch/x86/include/asm/floppy.h
+++ b/arch/x86/include/asm/floppy.h
@@ -145,10 +145,10 @@ static int fd_request_irq(void)
 {
        if (can_use_virtual_dma)
                return request_irq(FLOPPY_IRQ, floppy_hardint,
-                                   IRQF_DISABLED, "floppy", NULL);
+                                   0, "floppy", NULL);
        else
                return request_irq(FLOPPY_IRQ, floppy_interrupt,
-                                   IRQF_DISABLED, "floppy", NULL);
+                                   0, "floppy", NULL);
 }
 static unsigned long dma_mem_alloc(unsigned long size)
diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h
index be27ba1e947a..b4c1f5453436 100644
--- a/arch/x86/include/asm/futex.h
+++ b/arch/x86/include/asm/futex.h
@@ -110,26 +110,7 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
 static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
                                                u32 oldval, u32 newval)
 {
-        int ret = 0;
+        return user_atomic_cmpxchg_inatomic(uval, uaddr, oldval, newval);
-        if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
-                return -EFAULT;
-        asm volatile("\t" ASM_STAC "\n"
-                     "1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n"
-                     "2:\t" ASM_CLAC "\n"
-                     "\t.section .fixup, \"ax\"\n"
-                     "3:\tmov     %3, %0\n"
-                     "\tjmp     2b\n"
-                     "\t.previous\n"
-                     _ASM_EXTABLE(1b, 3b)
-                     : "+r" (ret), "=a" (oldval), "+m" (*uaddr)
-                     : "i" (-EFAULT), "r" (newval), "1" (oldval)
-                     : "memory"
-        );
-        *uval = oldval;
-        return ret;
 }
 #endif
diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h
index ab0ae1aa6d0a..230853da4ec0 100644
--- a/arch/x86/include/asm/hardirq.h
+++ b/arch/x86/include/asm/hardirq.h
@@ -33,6 +33,9 @@ typedef struct {
 #ifdef CONFIG_X86_MCE_THRESHOLD
        unsigned int irq_threshold_count;
 #endif
+#if IS_ENABLED(CONFIG_HYPERV) || defined(CONFIG_XEN)
+        unsigned int irq_hv_callback_count;
+#endif
 } ____cacheline_aligned irq_cpustat_t;
 DECLARE_PER_CPU_SHARED_ALIGNED(irq_cpustat_t, irq_stat);
diff --git a/arch/x86/include/asm/hash.h b/arch/x86/include/asm/hash.h
new file mode 100644
index 000000000000..e8c58f88b1d4
--- /dev/null
+++ b/arch/x86/include/asm/hash.h
@@ -0,0 +1,7 @@
+#ifndef _ASM_X86_HASH_H
+#define _ASM_X86_HASH_H
+struct fast_hash_ops;
+extern void setup_arch_fast_hash(struct fast_hash_ops *ops);
+#endif /* _ASM_X86_HASH_H */
diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h
index cba45d99ac1a..a307b7530e54 100644
--- a/arch/x86/include/asm/hw_irq.h
+++ b/arch/x86/include/asm/hw_irq.h
@@ -98,7 +98,6 @@ extern void trace_call_function_single_interrupt(void);
 #define IO_APIC_IRQ(x) (((x) >= NR_IRQS_LEGACY) || ((1<<(x)) & io_apic_irqs))
 extern unsigned long io_apic_irqs;
-extern void init_VISWS_APIC_irqs(void);
 extern void setup_IO_APIC(void);
 extern void disable_IO_APIC(void);
@@ -191,6 +190,9 @@ extern void (*__initconst interrupt[NR_VECTORS-FIRST_EXTERNAL_VECTOR])(void);
 #define trace_interrupt interrupt
 #endif
+#define VECTOR_UNDEFINED        -1
+#define VECTOR_RETRIGGERED      -2
 typedef int vector_irq_t[NR_VECTORS];
 DECLARE_PER_CPU(vector_irq_t, vector_irq);
 extern void setup_vector_irq(int cpu);
diff --git a/arch/x86/include/asm/intel-mid.h b/arch/x86/include/asm/intel-mid.h
index 459769d39263..e34e097b6f9d 100644
--- a/arch/x86/include/asm/intel-mid.h
+++ b/arch/x86/include/asm/intel-mid.h
@@ -51,10 +51,41 @@ struct devs_id {
 enum intel_mid_cpu_type {
        /* 1 was Moorestown */
        INTEL_MID_CPU_CHIP_PENWELL = 2,
+        INTEL_MID_CPU_CHIP_CLOVERVIEW,
+        INTEL_MID_CPU_CHIP_TANGIER,
 };
 extern enum intel_mid_cpu_type __intel_mid_cpu_chip;
+/**
+ * struct intel_mid_ops - Interface between intel-mid & sub archs
+ * @arch_setup: arch_setup function to re-initialize platform
+ *             structures (x86_init, x86_platform_init)
+ *
+ * This structure can be extended if any new interface is required
+ * between intel-mid & its sub arch files.
+ */
+struct intel_mid_ops {
+        void (*arch_setup)(void);
+};
+/* Helper API's for INTEL_MID_OPS_INIT */
+#define DECLARE_INTEL_MID_OPS_INIT(cpuname, cpuid)      \
+                                [cpuid] = get_##cpuname##_ops
+/* Maximum number of CPU ops */
+#define MAX_CPU_OPS(a) (sizeof(a)/sizeof(void *))
+/*
+ * For every new cpu addition, a weak get_<cpuname>_ops() function needs be
+ * declared in arch/x86/platform/intel_mid/intel_mid_weak_decls.h.
+ */
+#define INTEL_MID_OPS_INIT {\
+        DECLARE_INTEL_MID_OPS_INIT(penwell, INTEL_MID_CPU_CHIP_PENWELL), \
+        DECLARE_INTEL_MID_OPS_INIT(cloverview, INTEL_MID_CPU_CHIP_CLOVERVIEW), \
+        DECLARE_INTEL_MID_OPS_INIT(tangier, INTEL_MID_CPU_CHIP_TANGIER) \
+};
 #ifdef CONFIG_X86_INTEL_MID
 static inline enum intel_mid_cpu_type intel_mid_identify_cpu(void)
@@ -86,8 +117,21 @@ extern enum intel_mid_timer_options intel_mid_timer_options;
 * Penwell uses spread spectrum clock, so the freq number is not exactly
 * the same as reported by MSR based on SDM.
 */
-#define PENWELL_FSB_FREQ_83SKU         83200
+#define FSB_FREQ_83SKU  83200
-#define PENWELL_FSB_FREQ_100SKU        99840
+#define FSB_FREQ_100SKU 99840
+#define FSB_FREQ_133SKU 133000
+#define FSB_FREQ_167SKU 167000
+#define FSB_FREQ_200SKU 200000
+#define FSB_FREQ_267SKU 267000
+#define FSB_FREQ_333SKU 333000
+#define FSB_FREQ_400SKU 400000
+/* Bus Select SoC Fuse value */
+#define BSEL_SOC_FUSE_MASK      0x7
+#define BSEL_SOC_FUSE_001       0x1 /* FSB 133MHz */
+#define BSEL_SOC_FUSE_101       0x5 /* FSB 100MHz */
+#define BSEL_SOC_FUSE_111       0x7 /* FSB 83MHz */
 #define SFI_MTMR_MAX_NUM 8
 #define SFI_MRTC_MAX    8
diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h
index 34f69cb9350a..b8237d8a1e0c 100644
--- a/arch/x86/include/asm/io.h
+++ b/arch/x86/include/asm/io.h
@@ -39,6 +39,7 @@
 #include <linux/string.h>
 #include <linux/compiler.h>
 #include <asm/page.h>
+#include <asm/early_ioremap.h>
 #define build_mmio_read(name, size, type, reg, barrier) \
 static inline type name(const volatile void __iomem *addr) \
@@ -237,7 +238,7 @@ memcpy_toio(volatile void __iomem *dst, const void *src, size_t count)
 static inline void flush_write_buffers(void)
 {
-#if defined(CONFIG_X86_OOSTORE) || defined(CONFIG_X86_PPRO_FENCE)
+#if defined(CONFIG_X86_PPRO_FENCE)
        asm volatile("lock; addl $0,0(%%esp)": : :"memory");
 #endif
 }
@@ -316,19 +317,6 @@ extern int ioremap_change_attr(unsigned long vaddr, unsigned long size,
                                unsigned long prot_val);
 extern void __iomem *ioremap_wc(resource_size_t offset, unsigned long size);
-/*
- * early_ioremap() and early_iounmap() are for temporary early boot-time
- * mappings, before the real ioremap() is functional.
- * A boot-time mapping is currently limited to at most 16 pages.
- */
-extern void early_ioremap_init(void);
-extern void early_ioremap_reset(void);
-extern void __iomem *early_ioremap(resource_size_t phys_addr,
-                                   unsigned long size);
-extern void __iomem *early_memremap(resource_size_t phys_addr,
-                                    unsigned long size);
-extern void early_iounmap(void __iomem *addr, unsigned long size);
-extern void fixup_early_ioremap(void);
 extern bool is_early_ioremap_ptep(pte_t *ptep);
 #ifdef CONFIG_XEN
diff --git a/arch/x86/include/asm/iosf_mbi.h b/arch/x86/include/asm/iosf_mbi.h
new file mode 100644
index 000000000000..8e71c7941767
--- /dev/null
+++ b/arch/x86/include/asm/iosf_mbi.h
@@ -0,0 +1,90 @@
+/*
+ * iosf_mbi.h: Intel OnChip System Fabric MailBox access support
+ */
+#ifndef IOSF_MBI_SYMS_H
+#define IOSF_MBI_SYMS_H
+#define MBI_MCR_OFFSET          0xD0
+#define MBI_MDR_OFFSET          0xD4
+#define MBI_MCRX_OFFSET         0xD8
+#define MBI_RD_MASK             0xFEFFFFFF
+#define MBI_WR_MASK             0X01000000
+#define MBI_MASK_HI             0xFFFFFF00
+#define MBI_MASK_LO             0x000000FF
+#define MBI_ENABLE              0xF0
+/* Baytrail available units */
+#define BT_MBI_UNIT_AUNIT       0x00
+#define BT_MBI_UNIT_SMC         0x01
+#define BT_MBI_UNIT_CPU         0x02
+#define BT_MBI_UNIT_BUNIT       0x03
+#define BT_MBI_UNIT_PMC         0x04
+#define BT_MBI_UNIT_GFX         0x06
+#define BT_MBI_UNIT_SMI         0x0C
+#define BT_MBI_UNIT_USB         0x43
+#define BT_MBI_UNIT_SATA        0xA3
+#define BT_MBI_UNIT_PCIE        0xA6
+/* Baytrail read/write opcodes */
+#define BT_MBI_AUNIT_READ       0x10
+#define BT_MBI_AUNIT_WRITE      0x11
+#define BT_MBI_SMC_READ         0x10
+#define BT_MBI_SMC_WRITE        0x11
+#define BT_MBI_CPU_READ         0x10
+#define BT_MBI_CPU_WRITE        0x11
+#define BT_MBI_BUNIT_READ       0x10
+#define BT_MBI_BUNIT_WRITE      0x11
+#define BT_MBI_PMC_READ         0x06
+#define BT_MBI_PMC_WRITE        0x07
+#define BT_MBI_GFX_READ         0x00
+#define BT_MBI_GFX_WRITE        0x01
+#define BT_MBI_SMIO_READ        0x06
+#define BT_MBI_SMIO_WRITE       0x07
+#define BT_MBI_USB_READ         0x06
+#define BT_MBI_USB_WRITE        0x07
+#define BT_MBI_SATA_READ        0x00
+#define BT_MBI_SATA_WRITE       0x01
+#define BT_MBI_PCIE_READ        0x00
+#define BT_MBI_PCIE_WRITE       0x01
+/**
+ * iosf_mbi_read() - MailBox Interface read command
+ * @port:       port indicating subunit being accessed
+ * @opcode:     port specific read or write opcode
+ * @offset:     register address offset
+ * @mdr:        register data to be read
+ *
+ * Locking is handled by spinlock - cannot sleep.
+ * Return: Nonzero on error
+ */
+int iosf_mbi_read(u8 port, u8 opcode, u32 offset, u32 *mdr);
+/**
+ * iosf_mbi_write() - MailBox unmasked write command
+ * @port:       port indicating subunit being accessed
+ * @opcode:     port specific read or write opcode
+ * @offset:     register address offset
+ * @mdr:        register data to be written
+ *
+ * Locking is handled by spinlock - cannot sleep.
+ * Return: Nonzero on error
+ */
+int iosf_mbi_write(u8 port, u8 opcode, u32 offset, u32 mdr);
+/**
+ * iosf_mbi_modify() - MailBox masked write command
+ * @port:       port indicating subunit being accessed
+ * @opcode:     port specific read or write opcode
+ * @offset:     register address offset
+ * @mdr:        register data being modified
+ * @mask:       mask indicating bits in mdr to be modified
+ *
+ * Locking is handled by spinlock - cannot sleep.
+ * Return: Nonzero on error
+ */
+int iosf_mbi_modify(u8 port, u8 opcode, u32 offset, u32 mdr, u32 mask);
+#endif /* IOSF_MBI_SYMS_H */
diff --git a/arch/x86/include/asm/irq.h b/arch/x86/include/asm/irq.h
index 0ea10f27d613..cb6cfcd034cf 100644
--- a/arch/x86/include/asm/irq.h
+++ b/arch/x86/include/asm/irq.h
@@ -25,6 +25,7 @@ extern void irq_ctx_init(int cpu);
 #ifdef CONFIG_HOTPLUG_CPU
 #include <linux/cpumask.h>
+extern int check_irq_vectors_for_cpu_disable(void);
 extern void fixup_irqs(void);
 extern void irq_force_complete_move(int);
 #endif
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index ae5d7830855c..fcaf9c961265 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -337,6 +337,11 @@ struct kvm_pmu {
        u64 reprogram_pmi;
 };
+enum {
+        KVM_DEBUGREG_BP_ENABLED = 1,
+        KVM_DEBUGREG_WONT_EXIT = 2,
+};
 struct kvm_vcpu_arch {
        /*
         * rip and regs accesses must go through
@@ -444,7 +449,6 @@ struct kvm_vcpu_arch {
        } st;
        u64 last_guest_tsc;
-        u64 last_kernel_ns;
        u64 last_host_tsc;
        u64 tsc_offset_adjustment;
        u64 this_tsc_nsec;
@@ -464,7 +468,7 @@ struct kvm_vcpu_arch {
        struct mtrr_state_type mtrr_state;
        u32 pat;
-        int switch_db_regs;
+        unsigned switch_db_regs;
        unsigned long db[KVM_NR_DB_REGS];
        unsigned long dr6;
        unsigned long dr7;
@@ -599,12 +603,15 @@ struct kvm_arch {
        bool use_master_clock;
        u64 master_kernel_ns;
        cycle_t master_cycle_now;
+        struct delayed_work kvmclock_update_work;
+        struct delayed_work kvmclock_sync_work;
        struct kvm_xen_hvm_config xen_hvm_config;
        /* fields used by HYPER-V emulation */
        u64 hv_guest_os_id;
        u64 hv_hypercall;
+        u64 hv_tsc_page;
        #ifdef CONFIG_KVM_MMU_AUDIT
        int audit_point;
@@ -699,6 +706,9 @@ struct kvm_x86_ops {
        void (*set_idt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
        void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
        void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
+        u64 (*get_dr6)(struct kvm_vcpu *vcpu);
+        void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value);
+        void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu);
        void (*set_dr7)(struct kvm_vcpu *vcpu, unsigned long value);
        void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg);
        unsigned long (*get_rflags)(struct kvm_vcpu *vcpu);
@@ -725,8 +735,8 @@ struct kvm_x86_ops {
        int (*nmi_allowed)(struct kvm_vcpu *vcpu);
        bool (*get_nmi_mask)(struct kvm_vcpu *vcpu);
        void (*set_nmi_mask)(struct kvm_vcpu *vcpu, bool masked);
-        int (*enable_nmi_window)(struct kvm_vcpu *vcpu);
+        void (*enable_nmi_window)(struct kvm_vcpu *vcpu);
-        int (*enable_irq_window)(struct kvm_vcpu *vcpu);
+        void (*enable_irq_window)(struct kvm_vcpu *vcpu);
        void (*update_cr8_intercept)(struct kvm_vcpu *vcpu, int tpr, int irr);
        int (*vm_has_apicv)(struct kvm *kvm);
        void (*hwapic_irr_update)(struct kvm_vcpu *vcpu, int max_irr);
@@ -762,6 +772,9 @@ struct kvm_x86_ops {
                               struct x86_instruction_info *info,
                               enum x86_intercept_stage stage);
        void (*handle_external_intr)(struct kvm_vcpu *vcpu);
+        bool (*mpx_supported)(void);
+        int (*check_nested_events)(struct kvm_vcpu *vcpu, bool external_intr);
 };
 struct kvm_arch_async_pf {
diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h
index 1df115909758..c7678e43465b 100644
--- a/arch/x86/include/asm/kvm_para.h
+++ b/arch/x86/include/asm/kvm_para.h
@@ -85,28 +85,9 @@ static inline long kvm_hypercall4(unsigned int nr, unsigned long p1,
        return ret;
 }
-static inline uint32_t kvm_cpuid_base(void)
-{
-        if (boot_cpu_data.cpuid_level < 0)
-                return 0;       /* So we don't blow up on old processors */
-        if (cpu_has_hypervisor)
-                return hypervisor_cpuid_base("KVMKVMKVM\0\0\0", 0);
-        return 0;
-}
-static inline bool kvm_para_available(void)
-{
-        return kvm_cpuid_base() != 0;
-}
-static inline unsigned int kvm_arch_para_features(void)
-{
-        return cpuid_eax(KVM_CPUID_FEATURES);
-}
 #ifdef CONFIG_KVM_GUEST
+bool kvm_para_available(void);
+unsigned int kvm_arch_para_features(void);
 void __init kvm_guest_init(void);
 void kvm_async_pf_task_wait(u32 token);
 void kvm_async_pf_task_wake(u32 token);
@@ -126,6 +107,16 @@ static inline void kvm_spinlock_init(void)
 #define kvm_async_pf_task_wait(T) do {} while(0)
 #define kvm_async_pf_task_wake(T) do {} while(0)
+static inline bool kvm_para_available(void)
+{
+        return 0;
+}
+static inline unsigned int kvm_arch_para_features(void)
+{
+        return 0;
+}
 static inline u32 kvm_read_and_reset_pf_reason(void)
 {
        return 0;
diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h
index c696a8687567..6e4ce2df87cf 100644
--- a/arch/x86/include/asm/mce.h
+++ b/arch/x86/include/asm/mce.h
@@ -118,7 +118,6 @@ extern void mce_register_decode_chain(struct notifier_block *nb);
 extern void mce_unregister_decode_chain(struct notifier_block *nb);
 #include <linux/percpu.h>
-#include <linux/init.h>
 #include <linux/atomic.h>
 extern int mce_p5_enabled;
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
index f98bd6625318..b59827e76529 100644
--- a/arch/x86/include/asm/microcode.h
+++ b/arch/x86/include/asm/microcode.h
@@ -1,6 +1,21 @@
 #ifndef _ASM_X86_MICROCODE_H
 #define _ASM_X86_MICROCODE_H
+#define native_rdmsr(msr, val1, val2)                   \
+do {                                                    \
+        u64 __val = native_read_msr((msr));             \
+        (void)((val1) = (u32)__val);                    \
+        (void)((val2) = (u32)(__val >> 32));            \
+} while (0)
+#define native_wrmsr(msr, low, high)                    \
+        native_write_msr(msr, low, high)
+#define native_wrmsrl(msr, val)                         \
+        native_write_msr((msr),                         \
+                         (u32)((u64)(val)),             \
+                         (u32)((u64)(val) >> 32))
 struct cpu_signature {
        unsigned int sig;
        unsigned int pf;
diff --git a/arch/x86/include/asm/microcode_amd.h b/arch/x86/include/asm/microcode_amd.h
index 4c019179a57d..b7b10b82d3e5 100644
--- a/arch/x86/include/asm/microcode_amd.h
+++ b/arch/x86/include/asm/microcode_amd.h
@@ -61,11 +61,10 @@ extern int __apply_microcode_amd(struct microcode_amd *mc_amd);
 extern int apply_microcode_amd(int cpu);
 extern enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t size);
+#define PATCH_MAX_SIZE PAGE_SIZE
+extern u8 amd_ucode_patch[PATCH_MAX_SIZE];
 #ifdef CONFIG_MICROCODE_AMD_EARLY
-#ifdef CONFIG_X86_32
-#define MPB_MAX_SIZE PAGE_SIZE
-extern u8 amd_bsp_mpb[MPB_MAX_SIZE];
-#endif
 extern void __init load_ucode_amd_bsp(void);
 extern void load_ucode_amd_ap(void);
 extern int __init save_microcode_in_initrd_amd(void);
diff --git a/arch/x86/include/asm/mmzone_32.h b/arch/x86/include/asm/mmzone_32.h
index 8a9b3e288cb4..1ec990bd7dc0 100644
--- a/arch/x86/include/asm/mmzone_32.h
+++ b/arch/x86/include/asm/mmzone_32.h
@@ -11,9 +11,6 @@
 #ifdef CONFIG_NUMA
 extern struct pglist_data *node_data[];
 #define NODE_DATA(nid)  (node_data[nid])
-#include <asm/numaq.h>
 #endif /* CONFIG_NUMA */
 #ifdef CONFIG_DISCONTIGMEM
diff --git a/arch/x86/include/asm/mpspec.h b/arch/x86/include/asm/mpspec.h
index 3142a94c7b4b..f5a617956735 100644
--- a/arch/x86/include/asm/mpspec.h
+++ b/arch/x86/include/asm/mpspec.h
@@ -1,7 +1,6 @@
 #ifndef _ASM_X86_MPSPEC_H
 #define _ASM_X86_MPSPEC_H
-#include <linux/init.h>
 #include <asm/mpspec_def.h>
 #include <asm/x86_init.h>
@@ -26,12 +25,6 @@ extern int pic_mode;
 extern unsigned int def_to_bigsmp;
-#ifdef CONFIG_X86_NUMAQ
-extern int mp_bus_id_to_node[MAX_MP_BUSSES];
-extern int mp_bus_id_to_local[MAX_MP_BUSSES];
-extern int quad_local_to_mp_bus_id [NR_CPUS/4][4];
-#endif
 #else /* CONFIG_X86_64: */
 #define MAX_MP_BUSSES           256
diff --git a/arch/x86/include/asm/mshyperv.h b/arch/x86/include/asm/mshyperv.h
index cd9c41938b8a..c163215abb9a 100644
--- a/arch/x86/include/asm/mshyperv.h
+++ b/arch/x86/include/asm/mshyperv.h
@@ -2,6 +2,7 @@
 #define _ASM_X86_MSHYPER_H
 #include <linux/types.h>
+#include <linux/interrupt.h>
 #include <asm/hyperv.h>
 struct ms_hyperv_info {
@@ -16,6 +17,7 @@ void hyperv_callback_vector(void);
 #define trace_hyperv_callback_vector hyperv_callback_vector
 #endif
 void hyperv_vector_handler(struct pt_regs *regs);
-void hv_register_vmbus_handler(int irq, irq_handler_t handler);
+void hv_setup_vmbus_irq(void (*handler)(void));
+void hv_remove_vmbus_irq(void);
 #endif
diff --git a/arch/x86/include/asm/msr.h b/arch/x86/include/asm/msr.h
index e139b13f2a33..de36f22eb0b9 100644
--- a/arch/x86/include/asm/msr.h
+++ b/arch/x86/include/asm/msr.h
@@ -214,6 +214,8 @@ do {                                                            \
 struct msr *msrs_alloc(void);
 void msrs_free(struct msr *msrs);
+int msr_set_bit(u32 msr, u8 bit);
+int msr_clear_bit(u32 msr, u8 bit);
 #ifdef CONFIG_SMP
 int rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h);
diff --git a/arch/x86/include/asm/mwait.h b/arch/x86/include/asm/mwait.h
index 2f366d0ac6b4..1da25a5f96f9 100644
--- a/arch/x86/include/asm/mwait.h
+++ b/arch/x86/include/asm/mwait.h
@@ -1,6 +1,8 @@
 #ifndef _ASM_X86_MWAIT_H
 #define _ASM_X86_MWAIT_H
+#include <linux/sched.h>
 #define MWAIT_SUBSTATE_MASK             0xf
 #define MWAIT_CSTATE_MASK               0xf
 #define MWAIT_SUBSTATE_SIZE             4
@@ -13,4 +15,45 @@
 #define MWAIT_ECX_INTERRUPT_BREAK       0x1
+static inline void __monitor(const void *eax, unsigned long ecx,
+                             unsigned long edx)
+{
+        /* "monitor %eax, %ecx, %edx;" */
+        asm volatile(".byte 0x0f, 0x01, 0xc8;"
+                     :: "a" (eax), "c" (ecx), "d"(edx));
+}
+static inline void __mwait(unsigned long eax, unsigned long ecx)
+{
+        /* "mwait %eax, %ecx;" */
+        asm volatile(".byte 0x0f, 0x01, 0xc9;"
+                     :: "a" (eax), "c" (ecx));
+}
+/*
+ * This uses new MONITOR/MWAIT instructions on P4 processors with PNI,
+ * which can obviate IPI to trigger checking of need_resched.
+ * We execute MONITOR against need_resched and enter optimized wait state
+ * through MWAIT. Whenever someone changes need_resched, we would be woken
+ * up from MWAIT (without an IPI).
+ *
+ * New with Core Duo processors, MWAIT can take some hints based on CPU
+ * capability.
+ */
+static inline void mwait_idle_with_hints(unsigned long eax, unsigned long ecx)
+{
+        if (!current_set_polling_and_test()) {
+                if (static_cpu_has(X86_FEATURE_CLFLUSH_MONITOR)) {
+                        mb();
+                        clflush((void *)&current_thread_info()->flags);
+                        mb();
+                }
+                __monitor((void *)&current_thread_info()->flags, 0, 0);
+                if (!need_resched())
+                        __mwait(eax, ecx);
+        }
+        current_clr_polling();
+}
 #endif /* _ASM_X86_MWAIT_H */
diff --git a/arch/x86/include/asm/nmi.h b/arch/x86/include/asm/nmi.h
index 86f9301903c8..5f2fc4441b11 100644
--- a/arch/x86/include/asm/nmi.h
+++ b/arch/x86/include/asm/nmi.h
@@ -1,6 +1,7 @@
 #ifndef _ASM_X86_NMI_H
 #define _ASM_X86_NMI_H
+#include <linux/irq_work.h>
 #include <linux/pm.h>
 #include <asm/irq.h>
 #include <asm/io.h>
@@ -38,6 +39,8 @@ typedef int (*nmi_handler_t)(unsigned int, struct pt_regs *);
 struct nmiaction {
        struct list_head        list;
        nmi_handler_t           handler;
+        u64                     max_duration;
+        struct irq_work         irq_work;
        unsigned long           flags;
        const char              *name;
 };
diff --git a/arch/x86/include/asm/numaq.h b/arch/x86/include/asm/numaq.h
deleted file mode 100644
index c3b3c322fd87..000000000000
--- a/arch/x86/include/asm/numaq.h
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Written by: Patricia Gaughen, IBM Corporation
- *
- * Copyright (C) 2002, IBM Corp.
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
- * NON INFRINGEMENT.  See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Send feedback to <gone@us.ibm.com>
- */
-#ifndef _ASM_X86_NUMAQ_H
-#define _ASM_X86_NUMAQ_H
-#ifdef CONFIG_X86_NUMAQ
-extern int found_numaq;
-extern int numaq_numa_init(void);
-extern int pci_numaq_init(void);
-extern void *xquad_portio;
-#define XQUAD_PORTIO_BASE 0xfe400000
-#define XQUAD_PORTIO_QUAD 0x40000  /* 256k per quad. */
-#define XQUAD_PORT_ADDR(port, quad) (xquad_portio + (XQUAD_PORTIO_QUAD*quad) + port)
-/*
- * SYS_CFG_DATA_PRIV_ADDR, struct eachquadmem, and struct sys_cfg_data are the
- */
-#define SYS_CFG_DATA_PRIV_ADDR          0x0009d000 /* place for scd in private
-                                                      quad space */
-/*
- * Communication area for each processor on lynxer-processor tests.
- *
- * NOTE: If you change the size of this eachproc structure you need
- *       to change the definition for EACH_QUAD_SIZE.
- */
-struct eachquadmem {
-        unsigned int    priv_mem_start;         /* Starting address of this */
-                                                /* quad's private memory. */
-                                                /* This is always 0. */
-                                                /* In MB. */
-        unsigned int    priv_mem_size;          /* Size of this quad's */
-                                                /* private memory. */
-                                                /* In MB. */
-        unsigned int    low_shrd_mem_strp_start;/* Starting address of this */
-                                                /* quad's low shared block */
-                                                /* (untranslated). */
-                                                /* In MB. */
-        unsigned int    low_shrd_mem_start;     /* Starting address of this */
-                                                /* quad's low shared memory */
-                                                /* (untranslated). */
-                                                /* In MB. */
-        unsigned int    low_shrd_mem_size;      /* Size of this quad's low */
-                                                /* shared memory. */
-                                                /* In MB. */
-        unsigned int    lmmio_copb_start;       /* Starting address of this */
-                                                /* quad's local memory */
-                                                /* mapped I/O in the */
-                                                /* compatibility OPB. */
-                                                /* In MB. */
-        unsigned int    lmmio_copb_size;        /* Size of this quad's local */
-                                                /* memory mapped I/O in the */
-                                                /* compatibility OPB. */
-                                                /* In MB. */
-        unsigned int    lmmio_nopb_start;       /* Starting address of this */
-                                                /* quad's local memory */
-                                                /* mapped I/O in the */
-                                                /* non-compatibility OPB. */
-                                                /* In MB. */
-        unsigned int    lmmio_nopb_size;        /* Size of this quad's local */
-                                                /* memory mapped I/O in the */
-                                                /* non-compatibility OPB. */
-                                                /* In MB. */
-        unsigned int    io_apic_0_start;        /* Starting address of I/O */
-                                                /* APIC 0. */
-        unsigned int    io_apic_0_sz;           /* Size I/O APIC 0. */
-        unsigned int    io_apic_1_start;        /* Starting address of I/O */
-                                                /* APIC 1. */
-        unsigned int    io_apic_1_sz;           /* Size I/O APIC 1. */
-        unsigned int    hi_shrd_mem_start;      /* Starting address of this */
-                                                /* quad's high shared memory.*/
-                                                /* In MB. */
-        unsigned int    hi_shrd_mem_size;       /* Size of this quad's high */
-                                                /* shared memory. */
-                                                /* In MB. */
-        unsigned int    mps_table_addr;         /* Address of this quad's */
-                                                /* MPS tables from BIOS, */
-                                                /* in system space.*/
-        unsigned int    lcl_MDC_pio_addr;       /* Port-I/O address for */
-                                                /* local access of MDC. */
-        unsigned int    rmt_MDC_mmpio_addr;     /* MM-Port-I/O address for */
-                                                /* remote access of MDC. */
-        unsigned int    mm_port_io_start;       /* Starting address of this */
-                                                /* quad's memory mapped Port */
-                                                /* I/O space. */
-        unsigned int    mm_port_io_size;        /* Size of this quad's memory*/
-                                                /* mapped Port I/O space. */
-        unsigned int    mm_rmt_io_apic_start;   /* Starting address of this */
-                                                /* quad's memory mapped */
-                                                /* remote I/O APIC space. */
-        unsigned int    mm_rmt_io_apic_size;    /* Size of this quad's memory*/
-                                                /* mapped remote I/O APIC */
-                                                /* space. */
-        unsigned int    mm_isa_start;           /* Starting address of this */
-                                                /* quad's memory mapped ISA */
-                                                /* space (contains MDC */
-                                                /* memory space). */
-        unsigned int    mm_isa_size;            /* Size of this quad's memory*/
-                                                /* mapped ISA space (contains*/
-                                                /* MDC memory space). */
-        unsigned int    rmt_qmi_addr;           /* Remote addr to access QMI.*/
-        unsigned int    lcl_qmi_addr;           /* Local addr to access QMI. */
-};
-/*
- * Note: This structure must be NOT be changed unless the multiproc and
- * OS are changed to reflect the new structure.
- */
-struct sys_cfg_data {
-        unsigned int    quad_id;
-        unsigned int    bsp_proc_id; /* Boot Strap Processor in this quad. */
-        unsigned int    scd_version; /* Version number of this table. */
-        unsigned int    first_quad_id;
-        unsigned int    quads_present31_0; /* 1 bit for each quad */
-        unsigned int    quads_present63_32; /* 1 bit for each quad */
-        unsigned int    config_flags;
-        unsigned int    boot_flags;
-        unsigned int    csr_start_addr; /* Absolute value (not in MB) */
-        unsigned int    csr_size; /* Absolute value (not in MB) */
-        unsigned int    lcl_apic_start_addr; /* Absolute value (not in MB) */
-        unsigned int    lcl_apic_size; /* Absolute value (not in MB) */
-        unsigned int    low_shrd_mem_base; /* 0 or 512MB or 1GB */
-        unsigned int    low_shrd_mem_quad_offset; /* 0,128M,256M,512M,1G */
-                                        /* may not be totally populated */
-        unsigned int    split_mem_enbl; /* 0 for no low shared memory */
-        unsigned int    mmio_sz; /* Size of total system memory mapped I/O */
-                                 /* (in MB). */
-        unsigned int    quad_spin_lock; /* Spare location used for quad */
-                                        /* bringup. */
-        unsigned int    nonzero55; /* For checksumming. */
-        unsigned int    nonzeroaa; /* For checksumming. */
-        unsigned int    scd_magic_number;
-        unsigned int    system_type;
-        unsigned int    checksum;
-        /*
-         *      memory configuration area for each quad
-         */
-        struct          eachquadmem eq[MAX_NUMNODES];   /* indexed by quad id */
-};
-void numaq_tsc_disable(void);
-#endif /* CONFIG_X86_NUMAQ */
-#endif /* _ASM_X86_NUMAQ_H */
diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h
index c87892442e53..775873d3be55 100644
--- a/arch/x86/include/asm/page.h
+++ b/arch/x86/include/asm/page.h
@@ -71,6 +71,7 @@ extern bool __virt_addr_valid(unsigned long kaddr);
 #include <asm-generic/getorder.h>
 #define __HAVE_ARCH_GATE_AREA 1
+#define HAVE_ARCH_HUGETLB_UNMAPPED_AREA
 #endif  /* __KERNEL__ */
 #endif /* _ASM_X86_PAGE_H */
diff --git a/arch/x86/include/asm/page_32.h b/arch/x86/include/asm/page_32.h
index 4d550d04b609..904f528cc8e8 100644
--- a/arch/x86/include/asm/page_32.h
+++ b/arch/x86/include/asm/page_32.h
@@ -5,10 +5,6 @@
 #ifndef __ASSEMBLY__
-#ifdef CONFIG_HUGETLB_PAGE
-#define HAVE_ARCH_HUGETLB_UNMAPPED_AREA
-#endif
 #define __phys_addr_nodebug(x)  ((x) - PAGE_OFFSET)
 #ifdef CONFIG_DEBUG_VIRTUAL
 extern unsigned long __phys_addr(unsigned long);
diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
index 43dcd804ebd5..8de6d9cf3b95 100644
--- a/arch/x86/include/asm/page_64_types.h
+++ b/arch/x86/include/asm/page_64_types.h
@@ -39,9 +39,18 @@
 #define __VIRTUAL_MASK_SHIFT    47
 /*
- * Kernel image size is limited to 512 MB (see level2_kernel_pgt in
+ * Kernel image size is limited to 1GiB due to the fixmap living in the
- * arch/x86/kernel/head_64.S), and it is mapped here:
+ * next 1GiB (see level2_kernel_pgt in arch/x86/kernel/head_64.S). Use
+ * 512MiB by default, leaving 1.5GiB for modules once the page tables
+ * are fully set up. If kernel ASLR is configured, it can extend the
+ * kernel page table mapping, reducing the size of the modules area.
 */
-#define KERNEL_IMAGE_SIZE       (512 * 1024 * 1024)
+#define KERNEL_IMAGE_SIZE_DEFAULT      (512 * 1024 * 1024)
+#if defined(CONFIG_RANDOMIZE_BASE) && \
+        CONFIG_RANDOMIZE_BASE_MAX_OFFSET > KERNEL_IMAGE_SIZE_DEFAULT
+#define KERNEL_IMAGE_SIZE   CONFIG_RANDOMIZE_BASE_MAX_OFFSET
+#else
+#define KERNEL_IMAGE_SIZE      KERNEL_IMAGE_SIZE_DEFAULT
+#endif
 #endif /* _ASM_X86_PAGE_64_DEFS_H */
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index 401f350ef71b..cd6e1610e29e 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -781,9 +781,9 @@ static __always_inline void __ticket_unlock_kick(struct arch_spinlock *lock,
 */
 #define PV_CALLEE_SAVE_REGS_THUNK(func)                                 \
        extern typeof(func) __raw_callee_save_##func;                   \
-        static void *__##func##__ __used = func;                        \
                                                                        \
        asm(".pushsection .text;"                                       \
+            ".globl __raw_callee_save_" #func " ; "                     \
            "__raw_callee_save_" #func ": "                             \
            PV_SAVE_ALL_CALLER_REGS                                     \
            "call " #func ";"                                           \
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
index aab8f671b523..7549b8b369e4 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -388,10 +388,11 @@ extern struct pv_lock_ops pv_lock_ops;
        _paravirt_alt(insn_string, "%c[paravirt_typenum]", "%c[paravirt_clobber]")
 /* Simple instruction patching code. */
-#define DEF_NATIVE(ops, name, code)                                     \
+#define NATIVE_LABEL(a,x,b) "\n\t.globl " a #x "_" #b "\n" a #x "_" #b ":\n\t"
-        extern const char start_##ops##_##name[] __visible,             \
-                          end_##ops##_##name[] __visible;               \
+#define DEF_NATIVE(ops, name, code)                                     \
-        asm("start_" #ops "_" #name ": " code "; end_" #ops "_" #name ":")
+        __visible extern const char start_##ops##_##name[], end_##ops##_##name[];       \
+        asm(NATIVE_LABEL("start_", ops, name) code NATIVE_LABEL("end_", ops, name))
 unsigned paravirt_patch_nop(void);
 unsigned paravirt_patch_ident_32(void *insnbuf, unsigned len);
diff --git a/arch/x86/include/asm/pci.h b/arch/x86/include/asm/pci.h
index 947b5c417e83..96ae4f4040bb 100644
--- a/arch/x86/include/asm/pci.h
+++ b/arch/x86/include/asm/pci.h
@@ -26,11 +26,6 @@ extern int pci_routeirq;
 extern int noioapicquirk;
 extern int noioapicreroute;
-/* scan a bus after allocating a pci_sysdata for it */
-extern struct pci_bus *pci_scan_bus_on_node(int busno, struct pci_ops *ops,
-                                            int node);
-extern struct pci_bus *pci_scan_bus_with_sysdata(int busno);
 #ifdef CONFIG_PCI
 #ifdef CONFIG_PCI_DOMAINS
@@ -70,7 +65,7 @@ extern unsigned long pci_mem_start;
 extern int pcibios_enabled;
 void pcibios_config_init(void);
-struct pci_bus *pcibios_scan_root(int bus);
+void pcibios_scan_root(int bus);
 void pcibios_set_master(struct pci_dev *dev);
 void pcibios_penalize_isa_irq(int irq, int active);
@@ -104,7 +99,7 @@ extern void pci_iommu_alloc(void);
 struct msi_desc;
 int native_setup_msi_irqs(struct pci_dev *dev, int nvec, int type);
 void native_teardown_msi_irq(unsigned int irq);
-void native_restore_msi_irqs(struct pci_dev *dev, int irq);
+void native_restore_msi_irqs(struct pci_dev *dev);
 int setup_msi_irq(struct pci_dev *dev, struct msi_desc *msidesc,
                  unsigned int irq_base, unsigned int irq_offset);
 #else
@@ -125,7 +120,6 @@ int setup_msi_irq(struct pci_dev *dev, struct msi_desc *msidesc,
 /* generic pci stuff */
 #include <asm-generic/pci.h>
-#define PCIBIOS_MAX_MEM_32 0xffffffff
 #ifdef CONFIG_NUMA
 /* Returns the node based on pci bus */
diff --git a/arch/x86/include/asm/percpu.h b/arch/x86/include/asm/percpu.h
index 94220d14d5cc..851bcdc5db04 100644
--- a/arch/x86/include/asm/percpu.h
+++ b/arch/x86/include/asm/percpu.h
@@ -52,7 +52,7 @@
 * Compared to the generic __my_cpu_offset version, the following
 * saves one instruction and avoids clobbering a temp register.
 */
-#define __this_cpu_ptr(ptr)                             \
+#define raw_cpu_ptr(ptr)                                \
 ({                                                      \
        unsigned long tcp_ptr__;                        \
        __verify_pcpu_ptr(ptr);                         \
@@ -362,25 +362,25 @@ do {									\
 */
 #define this_cpu_read_stable(var)       percpu_from_op("mov", var, "p" (&(var)))
-#define __this_cpu_read_1(pcp)          percpu_from_op("mov", (pcp), "m"(pcp))
+#define raw_cpu_read_1(pcp)             percpu_from_op("mov", (pcp), "m"(pcp))
-#define __this_cpu_read_2(pcp)          percpu_from_op("mov", (pcp), "m"(pcp))
+#define raw_cpu_read_2(pcp)             percpu_from_op("mov", (pcp), "m"(pcp))
-#define __this_cpu_read_4(pcp)          percpu_from_op("mov", (pcp), "m"(pcp))
+#define raw_cpu_read_4(pcp)             percpu_from_op("mov", (pcp), "m"(pcp))
-#define __this_cpu_write_1(pcp, val)    percpu_to_op("mov", (pcp), val)
+#define raw_cpu_write_1(pcp, val)       percpu_to_op("mov", (pcp), val)
-#define __this_cpu_write_2(pcp, val)    percpu_to_op("mov", (pcp), val)
+#define raw_cpu_write_2(pcp, val)       percpu_to_op("mov", (pcp), val)
-#define __this_cpu_write_4(pcp, val)    percpu_to_op("mov", (pcp), val)
+#define raw_cpu_write_4(pcp, val)       percpu_to_op("mov", (pcp), val)
-#define __this_cpu_add_1(pcp, val)      percpu_add_op((pcp), val)
+#define raw_cpu_add_1(pcp, val)         percpu_add_op((pcp), val)
-#define __this_cpu_add_2(pcp, val)      percpu_add_op((pcp), val)
+#define raw_cpu_add_2(pcp, val)         percpu_add_op((pcp), val)
-#define __this_cpu_add_4(pcp, val)      percpu_add_op((pcp), val)
+#define raw_cpu_add_4(pcp, val)         percpu_add_op((pcp), val)
-#define __this_cpu_and_1(pcp, val)      percpu_to_op("and", (pcp), val)
+#define raw_cpu_and_1(pcp, val)         percpu_to_op("and", (pcp), val)
-#define __this_cpu_and_2(pcp, val)      percpu_to_op("and", (pcp), val)
+#define raw_cpu_and_2(pcp, val)         percpu_to_op("and", (pcp), val)
-#define __this_cpu_and_4(pcp, val)      percpu_to_op("and", (pcp), val)
+#define raw_cpu_and_4(pcp, val)         percpu_to_op("and", (pcp), val)
-#define __this_cpu_or_1(pcp, val)       percpu_to_op("or", (pcp), val)
+#define raw_cpu_or_1(pcp, val)          percpu_to_op("or", (pcp), val)
-#define __this_cpu_or_2(pcp, val)       percpu_to_op("or", (pcp), val)
+#define raw_cpu_or_2(pcp, val)          percpu_to_op("or", (pcp), val)
-#define __this_cpu_or_4(pcp, val)       percpu_to_op("or", (pcp), val)
+#define raw_cpu_or_4(pcp, val)          percpu_to_op("or", (pcp), val)
-#define __this_cpu_xchg_1(pcp, val)     percpu_xchg_op(pcp, val)
+#define raw_cpu_xchg_1(pcp, val)        percpu_xchg_op(pcp, val)
-#define __this_cpu_xchg_2(pcp, val)     percpu_xchg_op(pcp, val)
+#define raw_cpu_xchg_2(pcp, val)        percpu_xchg_op(pcp, val)
-#define __this_cpu_xchg_4(pcp, val)     percpu_xchg_op(pcp, val)
+#define raw_cpu_xchg_4(pcp, val)        percpu_xchg_op(pcp, val)
 #define this_cpu_read_1(pcp)            percpu_from_op("mov", (pcp), "m"(pcp))
 #define this_cpu_read_2(pcp)            percpu_from_op("mov", (pcp), "m"(pcp))
@@ -401,16 +401,16 @@ do {									\
 #define this_cpu_xchg_2(pcp, nval)      percpu_xchg_op(pcp, nval)
 #define this_cpu_xchg_4(pcp, nval)      percpu_xchg_op(pcp, nval)
-#define __this_cpu_add_return_1(pcp, val) percpu_add_return_op(pcp, val)
+#define raw_cpu_add_return_1(pcp, val)          percpu_add_return_op(pcp, val)
-#define __this_cpu_add_return_2(pcp, val) percpu_add_return_op(pcp, val)
+#define raw_cpu_add_return_2(pcp, val)          percpu_add_return_op(pcp, val)
-#define __this_cpu_add_return_4(pcp, val) percpu_add_return_op(pcp, val)
+#define raw_cpu_add_return_4(pcp, val)          percpu_add_return_op(pcp, val)
-#define __this_cpu_cmpxchg_1(pcp, oval, nval)   percpu_cmpxchg_op(pcp, oval, nval)
+#define raw_cpu_cmpxchg_1(pcp, oval, nval)      percpu_cmpxchg_op(pcp, oval, nval)
-#define __this_cpu_cmpxchg_2(pcp, oval, nval)   percpu_cmpxchg_op(pcp, oval, nval)
+#define raw_cpu_cmpxchg_2(pcp, oval, nval)      percpu_cmpxchg_op(pcp, oval, nval)
-#define __this_cpu_cmpxchg_4(pcp, oval, nval)   percpu_cmpxchg_op(pcp, oval, nval)
+#define raw_cpu_cmpxchg_4(pcp, oval, nval)      percpu_cmpxchg_op(pcp, oval, nval)
-#define this_cpu_add_return_1(pcp, val) percpu_add_return_op(pcp, val)
+#define this_cpu_add_return_1(pcp, val)         percpu_add_return_op(pcp, val)
-#define this_cpu_add_return_2(pcp, val) percpu_add_return_op(pcp, val)
+#define this_cpu_add_return_2(pcp, val)         percpu_add_return_op(pcp, val)
-#define this_cpu_add_return_4(pcp, val) percpu_add_return_op(pcp, val)
+#define this_cpu_add_return_4(pcp, val)         percpu_add_return_op(pcp, val)
 #define this_cpu_cmpxchg_1(pcp, oval, nval)     percpu_cmpxchg_op(pcp, oval, nval)
 #define this_cpu_cmpxchg_2(pcp, oval, nval)     percpu_cmpxchg_op(pcp, oval, nval)
 #define this_cpu_cmpxchg_4(pcp, oval, nval)     percpu_cmpxchg_op(pcp, oval, nval)
@@ -427,7 +427,7 @@ do {									\
        __ret;                                                          \
 })
-#define __this_cpu_cmpxchg_double_4     percpu_cmpxchg8b_double
+#define raw_cpu_cmpxchg_double_4        percpu_cmpxchg8b_double
 #define this_cpu_cmpxchg_double_4       percpu_cmpxchg8b_double
 #endif /* CONFIG_X86_CMPXCHG64 */
@@ -436,22 +436,22 @@ do {									\
 * 32 bit must fall back to generic operations.
 */
 #ifdef CONFIG_X86_64
-#define __this_cpu_read_8(pcp)          percpu_from_op("mov", (pcp), "m"(pcp))
+#define raw_cpu_read_8(pcp)                     percpu_from_op("mov", (pcp), "m"(pcp))
-#define __this_cpu_write_8(pcp, val)    percpu_to_op("mov", (pcp), val)
+#define raw_cpu_write_8(pcp, val)               percpu_to_op("mov", (pcp), val)
-#define __this_cpu_add_8(pcp, val)      percpu_add_op((pcp), val)
+#define raw_cpu_add_8(pcp, val)                 percpu_add_op((pcp), val)
-#define __this_cpu_and_8(pcp, val)      percpu_to_op("and", (pcp), val)
+#define raw_cpu_and_8(pcp, val)                 percpu_to_op("and", (pcp), val)
-#define __this_cpu_or_8(pcp, val)       percpu_to_op("or", (pcp), val)
+#define raw_cpu_or_8(pcp, val)                  percpu_to_op("or", (pcp), val)
-#define __this_cpu_add_return_8(pcp, val) percpu_add_return_op(pcp, val)
+#define raw_cpu_add_return_8(pcp, val)          percpu_add_return_op(pcp, val)
-#define __this_cpu_xchg_8(pcp, nval)    percpu_xchg_op(pcp, nval)
+#define raw_cpu_xchg_8(pcp, nval)               percpu_xchg_op(pcp, nval)
-#define __this_cpu_cmpxchg_8(pcp, oval, nval)   percpu_cmpxchg_op(pcp, oval, nval)
+#define raw_cpu_cmpxchg_8(pcp, oval, nval)      percpu_cmpxchg_op(pcp, oval, nval)
-#define this_cpu_read_8(pcp)            percpu_from_op("mov", (pcp), "m"(pcp))
+#define this_cpu_read_8(pcp)                    percpu_from_op("mov", (pcp), "m"(pcp))
-#define this_cpu_write_8(pcp, val)      percpu_to_op("mov", (pcp), val)
+#define this_cpu_write_8(pcp, val)              percpu_to_op("mov", (pcp), val)
-#define this_cpu_add_8(pcp, val)        percpu_add_op((pcp), val)
+#define this_cpu_add_8(pcp, val)                percpu_add_op((pcp), val)
-#define this_cpu_and_8(pcp, val)        percpu_to_op("and", (pcp), val)
+#define this_cpu_and_8(pcp, val)                percpu_to_op("and", (pcp), val)
-#define this_cpu_or_8(pcp, val)         percpu_to_op("or", (pcp), val)
+#define this_cpu_or_8(pcp, val)                 percpu_to_op("or", (pcp), val)
-#define this_cpu_add_return_8(pcp, val) percpu_add_return_op(pcp, val)
+#define this_cpu_add_return_8(pcp, val)         percpu_add_return_op(pcp, val)
-#define this_cpu_xchg_8(pcp, nval)      percpu_xchg_op(pcp, nval)
+#define this_cpu_xchg_8(pcp, nval)              percpu_xchg_op(pcp, nval)
 #define this_cpu_cmpxchg_8(pcp, oval, nval)     percpu_cmpxchg_op(pcp, oval, nval)
 /*
@@ -474,7 +474,7 @@ do {									\
        __ret;                                                          \
 })
-#define __this_cpu_cmpxchg_double_8     percpu_cmpxchg16b_double
+#define raw_cpu_cmpxchg_double_8        percpu_cmpxchg16b_double
 #define this_cpu_cmpxchg_double_8       percpu_cmpxchg16b_double
 #endif
@@ -495,9 +495,9 @@ static __always_inline int x86_this_cpu_constant_test_bit(unsigned int nr,
        unsigned long __percpu *a = (unsigned long *)addr + nr / BITS_PER_LONG;
 #ifdef CONFIG_X86_64
-        return ((1UL << (nr % BITS_PER_LONG)) & __this_cpu_read_8(*a)) != 0;
+        return ((1UL << (nr % BITS_PER_LONG)) & raw_cpu_read_8(*a)) != 0;
 #else
-        return ((1UL << (nr % BITS_PER_LONG)) & __this_cpu_read_4(*a)) != 0;
+        return ((1UL << (nr % BITS_PER_LONG)) & raw_cpu_read_4(*a)) != 0;
 #endif
 }
diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h
index 3bf2dd0cf61f..0d193e234647 100644
--- a/arch/x86/include/asm/pgtable-2level.h
+++ b/arch/x86/include/asm/pgtable-2level.h
@@ -55,6 +55,13 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
 #define native_pmdp_get_and_clear(xp) native_local_pmdp_get_and_clear(xp)
 #endif
+/* Bit manipulation helper on pte/pgoff entry */
+static inline unsigned long pte_bitop(unsigned long value, unsigned int rightshift,
+                                      unsigned long mask, unsigned int leftshift)
+{
+        return ((value >> rightshift) & mask) << leftshift;
+}
 #ifdef CONFIG_MEM_SOFT_DIRTY
 /*
@@ -71,31 +78,34 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
 #define PTE_FILE_BITS2          (PTE_FILE_SHIFT3 - PTE_FILE_SHIFT2 - 1)
 #define PTE_FILE_BITS3          (PTE_FILE_SHIFT4 - PTE_FILE_SHIFT3 - 1)
-#define pte_to_pgoff(pte)                                               \
+#define PTE_FILE_MASK1          ((1U << PTE_FILE_BITS1) - 1)
-        ((((pte).pte_low >> (PTE_FILE_SHIFT1))                          \
+#define PTE_FILE_MASK2          ((1U << PTE_FILE_BITS2) - 1)
-          & ((1U << PTE_FILE_BITS1) - 1)))                              \
+#define PTE_FILE_MASK3          ((1U << PTE_FILE_BITS3) - 1)
-        + ((((pte).pte_low >> (PTE_FILE_SHIFT2))                        \
-            & ((1U << PTE_FILE_BITS2) - 1))                             \
+#define PTE_FILE_LSHIFT2        (PTE_FILE_BITS1)
-           << (PTE_FILE_BITS1))                                         \
+#define PTE_FILE_LSHIFT3        (PTE_FILE_BITS1 + PTE_FILE_BITS2)
-        + ((((pte).pte_low >> (PTE_FILE_SHIFT3))                        \
+#define PTE_FILE_LSHIFT4        (PTE_FILE_BITS1 + PTE_FILE_BITS2 + PTE_FILE_BITS3)
-            & ((1U << PTE_FILE_BITS3) - 1))                             \
-           << (PTE_FILE_BITS1 + PTE_FILE_BITS2))                        \
+static __always_inline pgoff_t pte_to_pgoff(pte_t pte)
-        + ((((pte).pte_low >> (PTE_FILE_SHIFT4)))                       \
+{
-            << (PTE_FILE_BITS1 + PTE_FILE_BITS2 + PTE_FILE_BITS3))
+        return (pgoff_t)
+                (pte_bitop(pte.pte_low, PTE_FILE_SHIFT1, PTE_FILE_MASK1,  0)                +
-#define pgoff_to_pte(off)                                               \
+                 pte_bitop(pte.pte_low, PTE_FILE_SHIFT2, PTE_FILE_MASK2,  PTE_FILE_LSHIFT2) +
-        ((pte_t) { .pte_low =                                           \
+                 pte_bitop(pte.pte_low, PTE_FILE_SHIFT3, PTE_FILE_MASK3,  PTE_FILE_LSHIFT3) +
-         ((((off)) & ((1U << PTE_FILE_BITS1) - 1)) << PTE_FILE_SHIFT1)  \
+                 pte_bitop(pte.pte_low, PTE_FILE_SHIFT4,           -1UL,  PTE_FILE_LSHIFT4));
-         + ((((off) >> PTE_FILE_BITS1)                                  \
+}
-             & ((1U << PTE_FILE_BITS2) - 1))                            \
-            << PTE_FILE_SHIFT2)                                         \
+static __always_inline pte_t pgoff_to_pte(pgoff_t off)
-         + ((((off) >> (PTE_FILE_BITS1 + PTE_FILE_BITS2))               \
+{
-             & ((1U << PTE_FILE_BITS3) - 1))                            \
+        return (pte_t){
-            << PTE_FILE_SHIFT3)                                         \
+                .pte_low =
-         + ((((off) >>                                                  \
+                        pte_bitop(off,                0, PTE_FILE_MASK1,  PTE_FILE_SHIFT1) +
-              (PTE_FILE_BITS1 + PTE_FILE_BITS2 + PTE_FILE_BITS3)))      \
+                        pte_bitop(off, PTE_FILE_LSHIFT2, PTE_FILE_MASK2,  PTE_FILE_SHIFT2) +
-            << PTE_FILE_SHIFT4)                                         \
+                        pte_bitop(off, PTE_FILE_LSHIFT3, PTE_FILE_MASK3,  PTE_FILE_SHIFT3) +
-         + _PAGE_FILE })
+                        pte_bitop(off, PTE_FILE_LSHIFT4,           -1UL,  PTE_FILE_SHIFT4) +
+                        _PAGE_FILE,
+        };
+}
 #else /* CONFIG_MEM_SOFT_DIRTY */
@@ -115,22 +125,30 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
 #define PTE_FILE_BITS1          (PTE_FILE_SHIFT2 - PTE_FILE_SHIFT1 - 1)
 #define PTE_FILE_BITS2          (PTE_FILE_SHIFT3 - PTE_FILE_SHIFT2 - 1)
-#define pte_to_pgoff(pte)                                               \
+#define PTE_FILE_MASK1          ((1U << PTE_FILE_BITS1) - 1)
-        ((((pte).pte_low >> PTE_FILE_SHIFT1)                            \
+#define PTE_FILE_MASK2          ((1U << PTE_FILE_BITS2) - 1)
-          & ((1U << PTE_FILE_BITS1) - 1))                               \
-         + ((((pte).pte_low >> PTE_FILE_SHIFT2)                         \
+#define PTE_FILE_LSHIFT2        (PTE_FILE_BITS1)
-             & ((1U << PTE_FILE_BITS2) - 1)) << PTE_FILE_BITS1)         \
+#define PTE_FILE_LSHIFT3        (PTE_FILE_BITS1 + PTE_FILE_BITS2)
-         + (((pte).pte_low >> PTE_FILE_SHIFT3)                          \
-            << (PTE_FILE_BITS1 + PTE_FILE_BITS2)))
+static __always_inline pgoff_t pte_to_pgoff(pte_t pte)
+{
-#define pgoff_to_pte(off)                                               \
+        return (pgoff_t)
-        ((pte_t) { .pte_low =                                           \
+                (pte_bitop(pte.pte_low, PTE_FILE_SHIFT1, PTE_FILE_MASK1,  0)                +
-         (((off) & ((1U << PTE_FILE_BITS1) - 1)) << PTE_FILE_SHIFT1)    \
+                 pte_bitop(pte.pte_low, PTE_FILE_SHIFT2, PTE_FILE_MASK2,  PTE_FILE_LSHIFT2) +
-         + ((((off) >> PTE_FILE_BITS1) & ((1U << PTE_FILE_BITS2) - 1))  \
+                 pte_bitop(pte.pte_low, PTE_FILE_SHIFT3,           -1UL,  PTE_FILE_LSHIFT3));
-            << PTE_FILE_SHIFT2)                                         \
+}
-         + (((off) >> (PTE_FILE_BITS1 + PTE_FILE_BITS2))                \
-            << PTE_FILE_SHIFT3)                                         \
+static __always_inline pte_t pgoff_to_pte(pgoff_t off)
-         + _PAGE_FILE })
+{
+        return (pte_t){
+                .pte_low =
+                        pte_bitop(off,                0, PTE_FILE_MASK1,  PTE_FILE_SHIFT1) +
+                        pte_bitop(off, PTE_FILE_LSHIFT2, PTE_FILE_MASK2,  PTE_FILE_SHIFT2) +
+                        pte_bitop(off, PTE_FILE_LSHIFT3,           -1UL,  PTE_FILE_SHIFT3) +
+                        _PAGE_FILE,
+        };
+}
 #endif /* CONFIG_MEM_SOFT_DIRTY */
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index bbc8b12fa443..b459ddf27d64 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -15,9 +15,10 @@
         : (prot))
 #ifndef __ASSEMBLY__
 #include <asm/x86_init.h>
+void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd);
 /*
 * ZERO_PAGE is a global shared page that is always zero: used
 * for zero-mapped memory areas etc..
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
index 2d883440cb9a..c883bf726398 100644
--- a/arch/x86/include/asm/pgtable_64_types.h
+++ b/arch/x86/include/asm/pgtable_64_types.h
@@ -58,7 +58,7 @@ typedef struct { pteval_t pte; } pte_t;
 #define VMALLOC_START    _AC(0xffffc90000000000, UL)
 #define VMALLOC_END      _AC(0xffffe8ffffffffff, UL)
 #define VMEMMAP_START    _AC(0xffffea0000000000, UL)
-#define MODULES_VADDR    _AC(0xffffffffa0000000, UL)
+#define MODULES_VADDR    (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
 #define MODULES_END      _AC(0xffffffffff000000, UL)
 #define MODULES_LEN   (MODULES_END - MODULES_VADDR)
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 0ecac257fb26..eb3d44945133 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -121,7 +121,8 @@
 /* Set of bits not changed in pte_modify */
 #define _PAGE_CHG_MASK  (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT |         \
-                         _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY)
+                         _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY | \
+                         _PAGE_SOFT_DIRTY)
 #define _HPAGE_CHG_MASK (_PAGE_CHG_MASK | _PAGE_PSE)
 #define _PAGE_CACHE_MASK        (_PAGE_PCD | _PAGE_PWT)
@@ -213,13 +214,8 @@
 #ifdef CONFIG_X86_64
 #define __PAGE_KERNEL_IDENT_LARGE_EXEC  __PAGE_KERNEL_LARGE_EXEC
 #else
-/*
- * For PDE_IDENT_ATTR include USER bit. As the PDE and PTE protection
- * bits are combined, this will alow user to access the high address mapped
- * VDSO in the presence of CONFIG_COMPAT_VDSO
- */
 #define PTE_IDENT_ATTR   0x003          /* PRESENT+RW */
-#define PDE_IDENT_ATTR   0x067          /* PRESENT+RW+USER+DIRTY+ACCESSED */
+#define PDE_IDENT_ATTR   0x063          /* PRESENT+RW+DIRTY+ACCESSED */
 #define PGD_IDENT_ATTR   0x001          /* PRESENT (no other attributes) */
 #endif
@@ -381,8 +377,13 @@ static inline void update_page_count(int level, unsigned long pages) { }
 * as a pte too.
 */
 extern pte_t *lookup_address(unsigned long address, unsigned int *level);
+extern pte_t *lookup_address_in_pgd(pgd_t *pgd, unsigned long address,
+                                    unsigned int *level);
 extern phys_addr_t slow_virt_to_phys(void *__address);
+extern int kernel_map_pages_in_pgd(pgd_t *pgd, u64 pfn, unsigned long address,
+                                   unsigned numpages, unsigned long page_flags);
+void kernel_unmap_pages_in_pgd(pgd_t *root, unsigned long address,
+                               unsigned numpages);
 #endif  /* !__ASSEMBLY__ */
 #endif /* _ASM_X86_PGTABLE_DEFS_H */
diff --git a/arch/x86/include/asm/preempt.h b/arch/x86/include/asm/preempt.h
index c8b051933b1b..7024c12f7bfe 100644
--- a/arch/x86/include/asm/preempt.h
+++ b/arch/x86/include/asm/preempt.h
@@ -19,12 +19,12 @@ DECLARE_PER_CPU(int, __preempt_count);
 */
 static __always_inline int preempt_count(void)
 {
-        return __this_cpu_read_4(__preempt_count) & ~PREEMPT_NEED_RESCHED;
+        return raw_cpu_read_4(__preempt_count) & ~PREEMPT_NEED_RESCHED;
 }
 static __always_inline void preempt_count_set(int pc)
 {
-        __this_cpu_write_4(__preempt_count, pc);
+        raw_cpu_write_4(__preempt_count, pc);
 }
 /*
@@ -53,17 +53,17 @@ static __always_inline void preempt_count_set(int pc)
 static __always_inline void set_preempt_need_resched(void)
 {
-        __this_cpu_and_4(__preempt_count, ~PREEMPT_NEED_RESCHED);
+        raw_cpu_and_4(__preempt_count, ~PREEMPT_NEED_RESCHED);
 }
 static __always_inline void clear_preempt_need_resched(void)
 {
-        __this_cpu_or_4(__preempt_count, PREEMPT_NEED_RESCHED);
+        raw_cpu_or_4(__preempt_count, PREEMPT_NEED_RESCHED);
 }
 static __always_inline bool test_preempt_need_resched(void)
 {
-        return !(__this_cpu_read_4(__preempt_count) & PREEMPT_NEED_RESCHED);
+        return !(raw_cpu_read_4(__preempt_count) & PREEMPT_NEED_RESCHED);
 }
 /*
@@ -72,12 +72,12 @@ static __always_inline bool test_preempt_need_resched(void)
 static __always_inline void __preempt_count_add(int val)
 {
-        __this_cpu_add_4(__preempt_count, val);
+        raw_cpu_add_4(__preempt_count, val);
 }
 static __always_inline void __preempt_count_sub(int val)
 {
-        __this_cpu_add_4(__preempt_count, -val);
+        raw_cpu_add_4(__preempt_count, -val);
 }
 /*
@@ -95,7 +95,7 @@ static __always_inline bool __preempt_count_dec_and_test(void)
 */
 static __always_inline bool should_resched(void)
 {
-        return unlikely(!__this_cpu_read_4(__preempt_count));
+        return unlikely(!raw_cpu_read_4(__preempt_count));
 }
 #ifdef CONFIG_PREEMPT
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 7b034a4057f9..a4ea02351f4d 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -27,7 +27,6 @@ struct mm_struct;
 #include <linux/cache.h>
 #include <linux/threads.h>
 #include <linux/math64.h>
-#include <linux/init.h>
 #include <linux/err.h>
 #include <linux/irqflags.h>
@@ -72,6 +71,7 @@ extern u16 __read_mostly tlb_lli_4m[NR_INFO];
 extern u16 __read_mostly tlb_lld_4k[NR_INFO];
 extern u16 __read_mostly tlb_lld_2m[NR_INFO];
 extern u16 __read_mostly tlb_lld_4m[NR_INFO];
+extern u16 __read_mostly tlb_lld_1g[NR_INFO];
 extern s8  __read_mostly tlb_flushall_shift;
 /*
@@ -370,6 +370,20 @@ struct ymmh_struct {
        u32 ymmh_space[64];
 };
+/* We don't support LWP yet: */
+struct lwp_struct {
+        u8 reserved[128];
+};
+struct bndregs_struct {
+        u64 bndregs[8];
+} __packed;
+struct bndcsr_struct {
+        u64 cfg_reg_u;
+        u64 status_reg;
+} __packed;
 struct xsave_hdr_struct {
        u64 xstate_bv;
        u64 reserved1[2];
@@ -380,6 +394,9 @@ struct xsave_struct {
        struct i387_fxsave_struct i387;
        struct xsave_hdr_struct xsave_hdr;
        struct ymmh_struct ymmh;
+        struct lwp_struct lwp;
+        struct bndregs_struct bndregs;
+        struct bndcsr_struct bndcsr;
        /* new processor state extensions will go here */
 } __attribute__ ((packed, aligned (64)));
@@ -432,6 +449,15 @@ struct stack_canary {
 };
 DECLARE_PER_CPU_ALIGNED(struct stack_canary, stack_canary);
 #endif
+/*
+ * per-CPU IRQ handling stacks
+ */
+struct irq_stack {
+        u32                     stack[THREAD_SIZE/sizeof(u32)];
+} __aligned(THREAD_SIZE);
+DECLARE_PER_CPU(struct irq_stack *, hardirq_stack);
+DECLARE_PER_CPU(struct irq_stack *, softirq_stack);
 #endif  /* X86_64 */
 extern unsigned int xstate_size;
@@ -700,29 +726,6 @@ static inline void sync_core(void)
 #endif
 }
-static inline void __monitor(const void *eax, unsigned long ecx,
-                             unsigned long edx)
-{
-        /* "monitor %eax, %ecx, %edx;" */
-        asm volatile(".byte 0x0f, 0x01, 0xc8;"
-                     :: "a" (eax), "c" (ecx), "d"(edx));
-}
-static inline void __mwait(unsigned long eax, unsigned long ecx)
-{
-        /* "mwait %eax, %ecx;" */
-        asm volatile(".byte 0x0f, 0x01, 0xc9;"
-                     :: "a" (eax), "c" (ecx));
-}
-static inline void __sti_mwait(unsigned long eax, unsigned long ecx)
-{
-        trace_hardirqs_on();
-        /* "mwait %eax, %ecx;" */
-        asm volatile("sti; .byte 0x0f, 0x01, 0xc9;"
-                     :: "a" (eax), "c" (ecx));
-}
 extern void select_idle_routine(const struct cpuinfo_x86 *c);
 extern void init_amd_e400_c1e_mask(void);
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
index 942a08623a1a..14fd6fd75a19 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -60,7 +60,6 @@ struct pt_regs {
 #endif /* !__i386__ */
-#include <linux/init.h>
 #ifdef CONFIG_PARAVIRT
 #include <asm/paravirt_types.h>
 #endif
diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h
index 59bcf4e22418..9264f04a4c55 100644
--- a/arch/x86/include/asm/setup.h
+++ b/arch/x86/include/asm/setup.h
@@ -3,7 +3,6 @@
 #include <uapi/asm/setup.h>
 #define COMMAND_LINE_SIZE 2048
 #include <linux/linkage.h>
@@ -29,6 +28,8 @@
 #include <asm/bootparam.h>
 #include <asm/x86_init.h>
+extern u64 relocated_ramdisk;
 /* Interrupt control for vSMPowered x86_64 systems */
 #ifdef CONFIG_X86_64
 void vsmp_init(void);
@@ -38,12 +39,6 @@ static inline void vsmp_init(void) { }
 void setup_bios_corruption_check(void);
-#ifdef CONFIG_X86_VISWS
-extern void visws_early_detect(void);
-#else
-static inline void visws_early_detect(void) { }
-#endif
 extern unsigned long saved_video_mode;
 extern void reserve_standard_io_resources(void);
diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h
index 4137890e88e3..8cd27e08e23c 100644
--- a/arch/x86/include/asm/smp.h
+++ b/arch/x86/include/asm/smp.h
@@ -2,7 +2,6 @@
 #define _ASM_X86_SMP_H
 #ifndef __ASSEMBLY__
 #include <linux/cpumask.h>
-#include <linux/init.h>
 #include <asm/percpu.h>
 /*
diff --git a/arch/x86/include/asm/special_insns.h b/arch/x86/include/asm/special_insns.h
index 645cad2c95ff..e820c080a4e9 100644
--- a/arch/x86/include/asm/special_insns.h
+++ b/arch/x86/include/asm/special_insns.h
@@ -191,6 +191,14 @@ static inline void clflush(volatile void *__p)
        asm volatile("clflush %0" : "+m" (*(volatile char __force *)__p));
 }
+static inline void clflushopt(volatile void *__p)
+{
+        alternative_io(".byte " __stringify(NOP_DS_PREFIX) "; clflush %P0",
+                       ".byte 0x66; clflush %P0",
+                       X86_FEATURE_CLFLUSHOPT,
+                       "+m" (*(volatile char __force *)__p));
+}
 #define nop() asm volatile ("nop")
diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h
index bf156ded74b5..0f62f5482d91 100644
--- a/arch/x86/include/asm/spinlock.h
+++ b/arch/x86/include/asm/spinlock.h
@@ -26,10 +26,9 @@
 # define LOCK_PTR_REG "D"
 #endif
-#if defined(CONFIG_X86_32) && \
+#if defined(CONFIG_X86_32) && (defined(CONFIG_X86_PPRO_FENCE))
-        (defined(CONFIG_X86_OOSTORE) || defined(CONFIG_X86_PPRO_FENCE))
 /*
- * On PPro SMP or if we are using OOSTORE, we use a locked operation to unlock
+ * On PPro SMP, we use a locked operation to unlock
 * (PPro errata 66, 92)
 */
 # define UNLOCK_LOCK_PREFIX LOCK_PREFIX
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 3ba3de457d05..47e5de25ba79 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -9,6 +9,7 @@
 #include <linux/compiler.h>
 #include <asm/page.h>
+#include <asm/percpu.h>
 #include <asm/types.h>
 /*
@@ -32,12 +33,6 @@ struct thread_info {
        mm_segment_t            addr_limit;
        struct restart_block    restart_block;
        void __user             *sysenter_return;
-#ifdef CONFIG_X86_32
-        unsigned long           previous_esp;   /* ESP of the previous stack in
-                                                   case of nested (IRQ) stacks
-                                                */
-        __u8                    supervisor_stack[0];
-#endif
        unsigned int            sig_on_uaccess_error:1;
        unsigned int            uaccess_err:1;  /* uaccess failed */
 };
@@ -153,9 +148,9 @@ struct thread_info {
 #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
 #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW)
-#ifdef CONFIG_X86_32
+#define STACK_WARN              (THREAD_SIZE/8)
+#define KERNEL_STACK_OFFSET     (5*(BITS_PER_LONG/8))
-#define STACK_WARN      (THREAD_SIZE/8)
 /*
 * macros/functions for gaining access to the thread information structure
 *
@@ -163,40 +158,6 @@ struct thread_info {
 */
 #ifndef __ASSEMBLY__
-/* how to get the current stack pointer from C */
-register unsigned long current_stack_pointer asm("esp") __used;
-/* how to get the thread information struct from C */
-static inline struct thread_info *current_thread_info(void)
-{
-        return (struct thread_info *)
-                (current_stack_pointer & ~(THREAD_SIZE - 1));
-}
-#else /* !__ASSEMBLY__ */
-/* how to get the thread information struct from ASM */
-#define GET_THREAD_INFO(reg)     \
-        movl $-THREAD_SIZE, reg; \
-        andl %esp, reg
-/* use this one if reg already contains %esp */
-#define GET_THREAD_INFO_WITH_ESP(reg) \
-        andl $-THREAD_SIZE, reg
-#endif
-#else /* X86_32 */
-#include <asm/percpu.h>
-#define KERNEL_STACK_OFFSET (5*8)
-/*
- * macros/functions for gaining access to the thread information structure
- * preempt_count needs to be 1 initially, until the scheduler is functional.
- */
-#ifndef __ASSEMBLY__
 DECLARE_PER_CPU(unsigned long, kernel_stack);
 static inline struct thread_info *current_thread_info(void)
@@ -211,8 +172,8 @@ static inline struct thread_info *current_thread_info(void)
 /* how to get the thread information struct from ASM */
 #define GET_THREAD_INFO(reg) \
-        movq PER_CPU_VAR(kernel_stack),reg ; \
+        _ASM_MOV PER_CPU_VAR(kernel_stack),reg ; \
-        subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg
+        _ASM_SUB $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg ;
 /*
 * Same if PER_CPU_VAR(kernel_stack) is, perhaps with some offset, already in
@@ -222,8 +183,6 @@ static inline struct thread_info *current_thread_info(void)
 #endif
-#endif /* !X86_32 */
 /*
 * Thread-synchronous status.
 *
diff --git a/arch/x86/include/asm/timer.h b/arch/x86/include/asm/timer.h
index 34baa0eb5d0c..a04eabd43d06 100644
--- a/arch/x86/include/asm/timer.h
+++ b/arch/x86/include/asm/timer.h
@@ -1,9 +1,9 @@
 #ifndef _ASM_X86_TIMER_H
 #define _ASM_X86_TIMER_H
-#include <linux/init.h>
 #include <linux/pm.h>
 #include <linux/percpu.h>
 #include <linux/interrupt.h>
+#include <linux/math64.h>
 #define TICK_SIZE (tick_nsec / 1000)
@@ -12,68 +12,26 @@ extern int recalibrate_cpu_khz(void);
 extern int no_timer_check;
-/* Accelerators for sched_clock()
+/*
- * convert from cycles(64bits) => nanoseconds (64bits)
+ * We use the full linear equation: f(x) = a + b*x, in order to allow
- *  basic equation:
+ * a continuous function in the face of dynamic freq changes.
- *              ns = cycles / (freq / ns_per_sec)
- *              ns = cycles * (ns_per_sec / freq)
- *              ns = cycles * (10^9 / (cpu_khz * 10^3))
- *              ns = cycles * (10^6 / cpu_khz)
 *
- *      Then we use scaling math (suggested by george@mvista.com) to get:
+ * Continuity means that when our frequency changes our slope (b); we want to
- *              ns = cycles * (10^6 * SC / cpu_khz) / SC
+ * ensure that: f(t) == f'(t), which gives: a + b*t == a' + b'*t.
- *              ns = cycles * cyc2ns_scale / SC
 *
- *      And since SC is a constant power of two, we can convert the div
+ * Without an offset (a) the above would not be possible.
- *  into a shift.
 *
- *  We can use khz divisor instead of mhz to keep a better precision, since
+ * See the comment near cycles_2_ns() for details on how we compute (b).
- *  cyc2ns_scale is limited to 10^6 * 2^10, which fits in 32 bits.
- *  (mathieu.desnoyers@polymtl.ca)
- *
- *                      -johnstul@us.ibm.com "math is hard, lets go shopping!"
- *
- * In:
- *
- * ns = cycles * cyc2ns_scale / SC
- *
- * Although we may still have enough bits to store the value of ns,
- * in some cases, we may not have enough bits to store cycles * cyc2ns_scale,
- * leading to an incorrect result.
- *
- * To avoid this, we can decompose 'cycles' into quotient and remainder
- * of division by SC.  Then,
- *
- * ns = (quot * SC + rem) * cyc2ns_scale / SC
- *    = quot * cyc2ns_scale + (rem * cyc2ns_scale) / SC
- *
- *                      - sqazi@google.com
 */
+struct cyc2ns_data {
-DECLARE_PER_CPU(unsigned long, cyc2ns);
+        u32 cyc2ns_mul;
-DECLARE_PER_CPU(unsigned long long, cyc2ns_offset);
+        u32 cyc2ns_shift;
+        u64 cyc2ns_offset;
-#define CYC2NS_SCALE_FACTOR 10 /* 2^10, carefully chosen */
+        u32 __count;
+        /* u32 hole */
-static inline unsigned long long __cycles_2_ns(unsigned long long cyc)
+}; /* 24 bytes -- do not grow */
-{
-        int cpu = smp_processor_id();
+extern struct cyc2ns_data *cyc2ns_read_begin(void);
-        unsigned long long ns = per_cpu(cyc2ns_offset, cpu);
+extern void cyc2ns_read_end(struct cyc2ns_data *);
-        ns += mult_frac(cyc, per_cpu(cyc2ns, cpu),
-                        (1UL << CYC2NS_SCALE_FACTOR));
-        return ns;
-}
-static inline unsigned long long cycles_2_ns(unsigned long long cyc)
-{
-        unsigned long long ns;
-        unsigned long flags;
-        local_irq_save(flags);
-        ns = __cycles_2_ns(cyc);
-        local_irq_restore(flags);
-        return ns;
-}
 #endif /* _ASM_X86_TIMER_H */
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index e6d90babc245..04905bfc508b 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -62,7 +62,7 @@ static inline void __flush_tlb_all(void)
 static inline void __flush_tlb_one(unsigned long addr)
 {
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ONE);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
        __flush_tlb_single(addr);
 }
@@ -93,13 +93,13 @@ static inline void __flush_tlb_one(unsigned long addr)
 */
 static inline void __flush_tlb_up(void)
 {
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        __flush_tlb();
 }
 static inline void flush_tlb_all(void)
 {
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        __flush_tlb_all();
 }
diff --git a/arch/x86/include/asm/topology.h b/arch/x86/include/asm/topology.h
index d35f24e231cd..0e8f04f2c26f 100644
--- a/arch/x86/include/asm/topology.h
+++ b/arch/x86/include/asm/topology.h
@@ -119,9 +119,10 @@ static inline void setup_node_to_cpumask_map(void) { }
 extern const struct cpumask *cpu_coregroup_mask(int cpu);
-#ifdef ENABLE_TOPO_DEFINES
 #define topology_physical_package_id(cpu)       (cpu_data(cpu).phys_proc_id)
 #define topology_core_id(cpu)                   (cpu_data(cpu).cpu_core_id)
+#ifdef ENABLE_TOPO_DEFINES
 #define topology_core_cpumask(cpu)              (per_cpu(cpu_core_map, cpu))
 #define topology_thread_cpumask(cpu)            (per_cpu(cpu_sibling_map, cpu))
 #endif
@@ -131,25 +132,7 @@ static inline void arch_fix_phys_package_id(int num, u32 slot)
 }
 struct pci_bus;
+int x86_pci_root_bus_node(int bus);
 void x86_pci_root_bus_resources(int bus, struct list_head *resources);
-#ifdef CONFIG_SMP
-#define mc_capable()    ((boot_cpu_data.x86_max_cores > 1) && \
-                        (cpumask_weight(cpu_core_mask(0)) != nr_cpu_ids))
-#define smt_capable()                   (smp_num_siblings > 1)
-#endif
-#ifdef CONFIG_NUMA
-extern int get_mp_bus_to_node(int busnum);
-extern void set_mp_bus_to_node(int busnum, int node);
-#else
-static inline int get_mp_bus_to_node(int busnum)
-{
-        return 0;
-}
-static inline void set_mp_bus_to_node(int busnum, int node)
-{
-}
-#endif
 #endif /* _ASM_X86_TOPOLOGY_H */
diff --git a/arch/x86/include/asm/tsc.h b/arch/x86/include/asm/tsc.h
index 235be70d5bb4..94605c0e9cee 100644
--- a/arch/x86/include/asm/tsc.h
+++ b/arch/x86/include/asm/tsc.h
@@ -65,4 +65,7 @@ extern int notsc_setup(char *);
 extern void tsc_save_sched_clock_state(void);
 extern void tsc_restore_sched_clock_state(void);
+/* MSR based TSC calibration for Intel Atom SoC platforms */
+unsigned long try_msr_calibrate_tsc(void);
 #endif /* _ASM_X86_TSC_H */
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 8ec57c07b125..0d592e0a5b84 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -40,22 +40,30 @@
 /*
 * Test whether a block of memory is a valid user space address.
 * Returns 0 if the range is valid, nonzero otherwise.
- *
- * This is equivalent to the following test:
- * (u33)addr + (u33)size > (u33)current->addr_limit.seg (u65 for x86_64)
- *
- * This needs 33-bit (65-bit for x86_64) arithmetic. We have a carry...
 */
+static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, unsigned long limit)
+{
+        /*
+         * If we have used "sizeof()" for the size,
+         * we know it won't overflow the limit (but
+         * it might overflow the 'addr', so it's
+         * important to subtract the size from the
+         * limit, not add it to the address).
+         */
+        if (__builtin_constant_p(size))
+                return addr > limit - size;
+        /* Arbitrary sizes? Be careful about overflow */
+        addr += size;
+        if (addr < size)
+                return true;
+        return addr > limit;
+}
 #define __range_not_ok(addr, size, limit)                               \
 ({                                                                      \
-        unsigned long flag, roksum;                                     \
        __chk_user_ptr(addr);                                           \
-        asm("add %3,%1 ; sbb %0,%0 ; cmp %1,%4 ; sbb $0,%0"             \
+        __chk_range_not_ok((unsigned long __force)(addr), size, limit); \
-            : "=&r" (flag), "=r" (roksum)                               \
-            : "1" (addr), "g" ((long)(size)),                           \
-              "rm" (limit));                                            \
-        flag;                                                           \
 })
 /**
@@ -78,7 +86,7 @@
 * this function, memory access functions may still return -EFAULT.
 */
 #define access_ok(type, addr, size) \
-        (likely(__range_not_ok(addr, size, user_addr_max()) == 0))
+        likely(!__range_not_ok(addr, size, user_addr_max()))
 /*
 * The exception table consists of pairs of addresses relative to the
@@ -525,6 +533,98 @@ extern __must_check long strnlen_user(const char __user *str, long n);
 unsigned long __must_check clear_user(void __user *mem, unsigned long len);
 unsigned long __must_check __clear_user(void __user *mem, unsigned long len);
+extern void __cmpxchg_wrong_size(void)
+        __compiletime_error("Bad argument size for cmpxchg");
+#define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size)       \
+({                                                                      \
+        int __ret = 0;                                                  \
+        __typeof__(ptr) __uval = (uval);                                \
+        __typeof__(*(ptr)) __old = (old);                               \
+        __typeof__(*(ptr)) __new = (new);                               \
+        switch (size) {                                                 \
+        case 1:                                                         \
+        {                                                               \
+                asm volatile("\t" ASM_STAC "\n"                         \
+                        "1:\t" LOCK_PREFIX "cmpxchgb %4, %2\n"          \
+                        "2:\t" ASM_CLAC "\n"                            \
+                        "\t.section .fixup, \"ax\"\n"                   \
+                        "3:\tmov     %3, %0\n"                          \
+                        "\tjmp     2b\n"                                \
+                        "\t.previous\n"                                 \
+                        _ASM_EXTABLE(1b, 3b)                            \
+                        : "+r" (__ret), "=a" (__old), "+m" (*(ptr))     \
+                        : "i" (-EFAULT), "q" (__new), "1" (__old)       \
+                        : "memory"                                      \
+                );                                                      \
+                break;                                                  \
+        }                                                               \
+        case 2:                                                         \
+        {                                                               \
+                asm volatile("\t" ASM_STAC "\n"                         \
+                        "1:\t" LOCK_PREFIX "cmpxchgw %4, %2\n"          \
+                        "2:\t" ASM_CLAC "\n"                            \
+                        "\t.section .fixup, \"ax\"\n"                   \
+                        "3:\tmov     %3, %0\n"                          \
+                        "\tjmp     2b\n"                                \
+                        "\t.previous\n"                                 \
+                        _ASM_EXTABLE(1b, 3b)                            \
+                        : "+r" (__ret), "=a" (__old), "+m" (*(ptr))     \
+                        : "i" (-EFAULT), "r" (__new), "1" (__old)       \
+                        : "memory"                                      \
+                );                                                      \
+                break;                                                  \
+        }                                                               \
+        case 4:                                                         \
+        {                                                               \
+                asm volatile("\t" ASM_STAC "\n"                         \
+                        "1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n"          \
+                        "2:\t" ASM_CLAC "\n"                            \
+                        "\t.section .fixup, \"ax\"\n"                   \
+                        "3:\tmov     %3, %0\n"                          \
+                        "\tjmp     2b\n"                                \
+                        "\t.previous\n"                                 \
+                        _ASM_EXTABLE(1b, 3b)                            \
+                        : "+r" (__ret), "=a" (__old), "+m" (*(ptr))     \
+                        : "i" (-EFAULT), "r" (__new), "1" (__old)       \
+                        : "memory"                                      \
+                );                                                      \
+                break;                                                  \
+        }                                                               \
+        case 8:                                                         \
+        {                                                               \
+                if (!IS_ENABLED(CONFIG_X86_64))                         \
+                        __cmpxchg_wrong_size();                         \
+                                                                        \
+                asm volatile("\t" ASM_STAC "\n"                         \
+                        "1:\t" LOCK_PREFIX "cmpxchgq %4, %2\n"          \
+                        "2:\t" ASM_CLAC "\n"                            \
+                        "\t.section .fixup, \"ax\"\n"                   \
+                        "3:\tmov     %3, %0\n"                          \
+                        "\tjmp     2b\n"                                \
+                        "\t.previous\n"                                 \
+                        _ASM_EXTABLE(1b, 3b)                            \
+                        : "+r" (__ret), "=a" (__old), "+m" (*(ptr))     \
+                        : "i" (-EFAULT), "r" (__new), "1" (__old)       \
+                        : "memory"                                      \
+                );                                                      \
+                break;                                                  \
+        }                                                               \
+        default:                                                        \
+                __cmpxchg_wrong_size();                                 \
+        }                                                               \
+        *__uval = __old;                                                \
+        __ret;                                                          \
+})
+#define user_atomic_cmpxchg_inatomic(uval, ptr, old, new)               \
+({                                                                      \
+        access_ok(VERIFY_WRITE, (ptr), sizeof(*(ptr))) ?                \
+                __user_atomic_cmpxchg_inatomic((uval), (ptr),           \
+                                (old), (new), sizeof(*(ptr))) :         \
+                -EFAULT;                                                \
+})
 /*
 * movsl can be slow when source and dest are not both 8-byte aligned
 */
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index 190413d0de57..12a26b979bf1 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -204,13 +204,13 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
 static __must_check __always_inline int
 __copy_from_user_inatomic(void *dst, const void __user *src, unsigned size)
 {
-        return __copy_from_user_nocheck(dst, (__force const void *)src, size);
+        return __copy_from_user_nocheck(dst, src, size);
 }
 static __must_check __always_inline int
 __copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
 {
-        return __copy_to_user_nocheck((__force void *)dst, src, size);
+        return __copy_to_user_nocheck(dst, src, size);
 }
 extern long __copy_user_nocache(void *dst, const void __user *src,
diff --git a/arch/x86/include/asm/unistd.h b/arch/x86/include/asm/unistd.h
index c2a48139c340..3f556c6a0157 100644
--- a/arch/x86/include/asm/unistd.h
+++ b/arch/x86/include/asm/unistd.h
@@ -23,6 +23,9 @@
 #  include <asm/unistd_64.h>
 #  include <asm/unistd_64_x32.h>
 #  define __ARCH_WANT_COMPAT_SYS_TIME
+#  define __ARCH_WANT_COMPAT_SYS_GETDENTS64
+#  define __ARCH_WANT_COMPAT_SYS_PREADV64
+#  define __ARCH_WANT_COMPAT_SYS_PWRITEV64
 # endif
diff --git a/arch/x86/include/asm/uv/uv.h b/arch/x86/include/asm/uv/uv.h
index 6b964a0b86d1..062921ef34e9 100644
--- a/arch/x86/include/asm/uv/uv.h
+++ b/arch/x86/include/asm/uv/uv.h
@@ -12,7 +12,6 @@ extern enum uv_system_type get_uv_system_type(void);
 extern int is_uv_system(void);
 extern void uv_cpu_init(void);
 extern void uv_nmi_init(void);
-extern void uv_register_nmi_notifier(void);
 extern void uv_system_init(void);
 extern const struct cpumask *uv_flush_tlb_others(const struct cpumask *cpumask,
                                                 struct mm_struct *mm,
@@ -26,7 +25,6 @@ static inline enum uv_system_type get_uv_system_type(void) { return UV_NONE; }
 static inline int is_uv_system(void)    { return 0; }
 static inline void uv_cpu_init(void)    { }
 static inline void uv_system_init(void) { }
-static inline void uv_register_nmi_notifier(void) { }
 static inline const struct cpumask *
 uv_flush_tlb_others(const struct cpumask *cpumask, struct mm_struct *mm,
                    unsigned long start, unsigned long end, unsigned int cpu)
diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h
index fddb53d63915..d1dc55404ff1 100644
--- a/arch/x86/include/asm/vdso.h
+++ b/arch/x86/include/asm/vdso.h
@@ -1,8 +1,45 @@
 #ifndef _ASM_X86_VDSO_H
 #define _ASM_X86_VDSO_H
+#include <asm/page_types.h>
+#include <linux/linkage.h>
+#ifdef __ASSEMBLER__
+#define DEFINE_VDSO_IMAGE(symname, filename)                            \
+__PAGE_ALIGNED_DATA ;                                                   \
+        .globl symname##_start, symname##_end ;                         \
+        .align PAGE_SIZE ;                                              \
+        symname##_start: ;                                              \
+        .incbin filename ;                                              \
+        symname##_end: ;                                                \
+        .align PAGE_SIZE /* extra data here leaks to userspace. */ ;    \
+                                                                        \
+.previous ;                                                             \
+                                                                        \
+        .globl symname##_pages ;                                        \
+        .bss ;                                                          \
+        .align 8 ;                                                      \
+        .type symname##_pages, @object ;                                \
+        symname##_pages: ;                                              \
+        .zero (symname##_end - symname##_start + PAGE_SIZE - 1) / PAGE_SIZE * (BITS_PER_LONG / 8) ; \
+        .size symname##_pages, .-symname##_pages
+#else
+#define DECLARE_VDSO_IMAGE(symname)                             \
+        extern char symname##_start[], symname##_end[];         \
+        extern struct page *symname##_pages[]
 #if defined CONFIG_X86_32 || defined CONFIG_COMPAT
-extern const char VDSO32_PRELINK[];
+#include <asm/vdso32.h>
+DECLARE_VDSO_IMAGE(vdso32_int80);
+#ifdef CONFIG_COMPAT
+DECLARE_VDSO_IMAGE(vdso32_syscall);
+#endif
+DECLARE_VDSO_IMAGE(vdso32_sysenter);
 /*
 * Given a pointer to the vDSO image, find the pointer to VDSO32_name
@@ -11,8 +48,7 @@ extern const char VDSO32_PRELINK[];
 #define VDSO32_SYMBOL(base, name)                                       \
 ({                                                                      \
        extern const char VDSO32_##name[];                              \
-        (void __user *)(VDSO32_##name - VDSO32_PRELINK +                \
+        (void __user *)(VDSO32_##name + (unsigned long)(base));         \
-                        (unsigned long)(base));                         \
 })
 #endif
@@ -23,12 +59,8 @@ extern const char VDSO32_PRELINK[];
 extern void __user __kernel_sigreturn;
 extern void __user __kernel_rt_sigreturn;
-/*
+void __init patch_vdso32(void *vdso, size_t len);
- * These symbols are defined by vdso32.S to mark the bounds
- * of the ELF DSO images included therein.
+#endif /* __ASSEMBLER__ */
- */
-extern const char vdso32_int80_start, vdso32_int80_end;
-extern const char vdso32_syscall_start, vdso32_syscall_end;
-extern const char vdso32_sysenter_start, vdso32_sysenter_end;
 #endif /* _ASM_X86_VDSO_H */
diff --git a/arch/x86/include/asm/vdso32.h b/arch/x86/include/asm/vdso32.h
new file mode 100644
index 000000000000..7efb7018406e
--- /dev/null
+++ b/arch/x86/include/asm/vdso32.h
@@ -0,0 +1,11 @@
+#ifndef _ASM_X86_VDSO32_H
+#define _ASM_X86_VDSO32_H
+#define VDSO_BASE_PAGE  0
+#define VDSO_VVAR_PAGE  1
+#define VDSO_HPET_PAGE  2
+#define VDSO_PAGES      3
+#define VDSO_PREV_PAGES 2
+#define VDSO_OFFSET(x)  ((x) * PAGE_SIZE)
+#endif
diff --git a/arch/x86/include/asm/vgtod.h b/arch/x86/include/asm/vgtod.h
index 46e24d36b7da..3c3366c2e37f 100644
--- a/arch/x86/include/asm/vgtod.h
+++ b/arch/x86/include/asm/vgtod.h
@@ -1,30 +1,73 @@
 #ifndef _ASM_X86_VGTOD_H
 #define _ASM_X86_VGTOD_H
-#include <asm/vsyscall.h>
+#include <linux/compiler.h>
 #include <linux/clocksource.h>
+#ifdef BUILD_VDSO32_64
+typedef u64 gtod_long_t;
+#else
+typedef unsigned long gtod_long_t;
+#endif
+/*
+ * vsyscall_gtod_data will be accessed by 32 and 64 bit code at the same time
+ * so be carefull by modifying this structure.
+ */
 struct vsyscall_gtod_data {
-        seqcount_t      seq;
+        unsigned seq;
-        struct { /* extract of a clocksource struct */
+        int vclock_mode;
-                int vclock_mode;
+        cycle_t cycle_last;
-                cycle_t cycle_last;
+        cycle_t mask;
-                cycle_t mask;
+        u32     mult;
-                u32     mult;
+        u32     shift;
-                u32     shift;
-        } clock;
        /* open coded 'struct timespec' */
-        time_t          wall_time_sec;
        u64             wall_time_snsec;
+        gtod_long_t     wall_time_sec;
+        gtod_long_t     monotonic_time_sec;
        u64             monotonic_time_snsec;
-        time_t          monotonic_time_sec;
+        gtod_long_t     wall_time_coarse_sec;
+        gtod_long_t     wall_time_coarse_nsec;
+        gtod_long_t     monotonic_time_coarse_sec;
+        gtod_long_t     monotonic_time_coarse_nsec;
-        struct timezone sys_tz;
+        int             tz_minuteswest;
-        struct timespec wall_time_coarse;
+        int             tz_dsttime;
-        struct timespec monotonic_time_coarse;
 };
 extern struct vsyscall_gtod_data vsyscall_gtod_data;
+static inline unsigned gtod_read_begin(const struct vsyscall_gtod_data *s)
+{
+        unsigned ret;
+repeat:
+        ret = ACCESS_ONCE(s->seq);
+        if (unlikely(ret & 1)) {
+                cpu_relax();
+                goto repeat;
+        }
+        smp_rmb();
+        return ret;
+}
+static inline int gtod_read_retry(const struct vsyscall_gtod_data *s,
+                                        unsigned start)
+{
+        smp_rmb();
+        return unlikely(s->seq != start);
+}
+static inline void gtod_write_begin(struct vsyscall_gtod_data *s)
+{
+        ++s->seq;
+        smp_wmb();
+}
+static inline void gtod_write_end(struct vsyscall_gtod_data *s)
+{
+        smp_wmb();
+        ++s->seq;
+}
 #endif /* _ASM_X86_VGTOD_H */
diff --git a/arch/x86/include/asm/visws/cobalt.h b/arch/x86/include/asm/visws/cobalt.h
deleted file mode 100644
index 2edb37637ead..000000000000
--- a/arch/x86/include/asm/visws/cobalt.h
+++ /dev/null
@@ -1,127 +0,0 @@
-#ifndef _ASM_X86_VISWS_COBALT_H
-#define _ASM_X86_VISWS_COBALT_H
-#include <asm/fixmap.h>
-/*
- * Cobalt SGI Visual Workstation system ASIC
- */ 
-#define CO_CPU_NUM_PHYS 0x1e00
-#define CO_CPU_TAB_PHYS (CO_CPU_NUM_PHYS + 2)
-#define CO_CPU_MAX 4
-#define CO_CPU_PHYS             0xc2000000
-#define CO_APIC_PHYS            0xc4000000
-/* see set_fixmap() and asm/fixmap.h */
-#define CO_CPU_VADDR            (fix_to_virt(FIX_CO_CPU))
-#define CO_APIC_VADDR           (fix_to_virt(FIX_CO_APIC))
-/* Cobalt CPU registers -- relative to CO_CPU_VADDR, use co_cpu_*() */
-#define CO_CPU_REV              0x08
-#define CO_CPU_CTRL             0x10
-#define CO_CPU_STAT             0x20
-#define CO_CPU_TIMEVAL          0x30
-/* CO_CPU_CTRL bits */
-#define CO_CTRL_TIMERUN         0x04            /* 0 == disabled */
-#define CO_CTRL_TIMEMASK        0x08            /* 0 == unmasked */
-/* CO_CPU_STATUS bits */
-#define CO_STAT_TIMEINTR        0x02    /* (r) 1 == int pend, (w) 0 == clear */
-/* CO_CPU_TIMEVAL value */
-#define CO_TIME_HZ              100000000       /* Cobalt core rate */
-/* Cobalt APIC registers -- relative to CO_APIC_VADDR, use co_apic_*() */
-#define CO_APIC_HI(n)           (((n) * 0x10) + 4)
-#define CO_APIC_LO(n)           ((n) * 0x10)
-#define CO_APIC_ID              0x0ffc
-/* CO_APIC_ID bits */
-#define CO_APIC_ENABLE          0x00000100
-/* CO_APIC_LO bits */
-#define CO_APIC_MASK            0x00010000      /* 0 = enabled */
-#define CO_APIC_LEVEL           0x00008000      /* 0 = edge */
-/*
- * Where things are physically wired to Cobalt
- * #defines with no board _<type>_<rev>_ are common to all (thus far)
- */
-#define CO_APIC_IDE0            4
-#define CO_APIC_IDE1            2               /* Only on 320 */
-#define CO_APIC_8259            12              /* serial, floppy, par-l-l */
-/* Lithium PCI Bridge A -- "the one with 82557 Ethernet" */
-#define CO_APIC_PCIA_BASE0      0 /* and 1 */   /* slot 0, line 0 */
-#define CO_APIC_PCIA_BASE123    5 /* and 6 */   /* slot 0, line 1 */
-#define CO_APIC_PIIX4_USB       7               /* this one is weird */
-/* Lithium PCI Bridge B -- "the one with PIIX4" */
-#define CO_APIC_PCIB_BASE0      8 /* and 9-12 *//* slot 0, line 0 */
-#define CO_APIC_PCIB_BASE123    13 /* 14.15 */  /* slot 0, line 1 */
-#define CO_APIC_VIDOUT0         16
-#define CO_APIC_VIDOUT1         17
-#define CO_APIC_VIDIN0          18
-#define CO_APIC_VIDIN1          19
-#define CO_APIC_LI_AUDIO        22
-#define CO_APIC_AS              24
-#define CO_APIC_RE              25
-#define CO_APIC_CPU             28              /* Timer and Cache interrupt */
-#define CO_APIC_NMI             29
-#define CO_APIC_LAST            CO_APIC_NMI
-/*
- * This is how irqs are assigned on the Visual Workstation.
- * Legacy devices get irq's 1-15 (system clock is 0 and is CO_APIC_CPU).
- * All other devices (including PCI) go to Cobalt and are irq's 16 on up.
- */
-#define CO_IRQ_APIC0    16                      /* irq of apic entry 0 */
-#define IS_CO_APIC(irq) ((irq) >= CO_IRQ_APIC0)
-#define CO_IRQ(apic)    (CO_IRQ_APIC0 + (apic)) /* apic ent to irq */
-#define CO_APIC(irq)    ((irq) - CO_IRQ_APIC0)  /* irq to apic ent */
-#define CO_IRQ_IDE0     14                      /* knowledge of... */
-#define CO_IRQ_IDE1     15                      /* ... ide driver defaults! */
-#define CO_IRQ_8259     CO_IRQ(CO_APIC_8259)
-#ifdef CONFIG_X86_VISWS_APIC
-static inline void co_cpu_write(unsigned long reg, unsigned long v)
-{
-        *((volatile unsigned long *)(CO_CPU_VADDR+reg))=v;
-}
-static inline unsigned long co_cpu_read(unsigned long reg)
-{
-        return *((volatile unsigned long *)(CO_CPU_VADDR+reg));
-}            
-             
-static inline void co_apic_write(unsigned long reg, unsigned long v)
-{
-        *((volatile unsigned long *)(CO_APIC_VADDR+reg))=v;
-}            
-             
-static inline unsigned long co_apic_read(unsigned long reg)
-{
-        return *((volatile unsigned long *)(CO_APIC_VADDR+reg));
-}
-#endif
-extern char visws_board_type;
-#define VISWS_320       0
-#define VISWS_540       1
-extern char visws_board_rev;
-extern int pci_visws_init(void);
-#endif /* _ASM_X86_VISWS_COBALT_H */
diff --git a/arch/x86/include/asm/visws/lithium.h b/arch/x86/include/asm/visws/lithium.h
deleted file mode 100644
index a10d89bc1270..000000000000
--- a/arch/x86/include/asm/visws/lithium.h
+++ /dev/null
@@ -1,53 +0,0 @@
-#ifndef _ASM_X86_VISWS_LITHIUM_H
-#define _ASM_X86_VISWS_LITHIUM_H
-#include <asm/fixmap.h>
-/*
- * Lithium is the SGI Visual Workstation I/O ASIC
- */
-#define LI_PCI_A_PHYS           0xfc000000      /* Enet is dev 3 */
-#define LI_PCI_B_PHYS           0xfd000000      /* PIIX4 is here */
-/* see set_fixmap() and asm/fixmap.h */
-#define LI_PCIA_VADDR   (fix_to_virt(FIX_LI_PCIA))
-#define LI_PCIB_VADDR   (fix_to_virt(FIX_LI_PCIB))
-/* Not a standard PCI? (not in linux/pci.h) */
-#define LI_PCI_BUSNUM   0x44                    /* lo8: primary, hi8: sub */
-#define LI_PCI_INTEN    0x46
-/* LI_PCI_INTENT bits */
-#define LI_INTA_0       0x0001
-#define LI_INTA_1       0x0002
-#define LI_INTA_2       0x0004
-#define LI_INTA_3       0x0008
-#define LI_INTA_4       0x0010
-#define LI_INTB         0x0020
-#define LI_INTC         0x0040
-#define LI_INTD         0x0080
-/* More special purpose macros... */
-static inline void li_pcia_write16(unsigned long reg, unsigned short v)
-{
-        *((volatile unsigned short *)(LI_PCIA_VADDR+reg))=v;
-}
-static inline unsigned short li_pcia_read16(unsigned long reg)
-{
-         return *((volatile unsigned short *)(LI_PCIA_VADDR+reg));
-}
-static inline void li_pcib_write16(unsigned long reg, unsigned short v)
-{
-        *((volatile unsigned short *)(LI_PCIB_VADDR+reg))=v;
-}
-static inline unsigned short li_pcib_read16(unsigned long reg)
-{
-        return *((volatile unsigned short *)(LI_PCIB_VADDR+reg));
-}
-#endif /* _ASM_X86_VISWS_LITHIUM_H */
diff --git a/arch/x86/include/asm/visws/piix4.h b/arch/x86/include/asm/visws/piix4.h
deleted file mode 100644
index d0af4d338e7f..000000000000
--- a/arch/x86/include/asm/visws/piix4.h
+++ /dev/null
@@ -1,107 +0,0 @@
-#ifndef _ASM_X86_VISWS_PIIX4_H
-#define _ASM_X86_VISWS_PIIX4_H
-/*
- * PIIX4 as used on SGI Visual Workstations
- */
-#define PIIX_PM_START           0x0F80
-#define SIO_GPIO_START          0x0FC0
-#define SIO_PM_START            0x0FC8
-#define PMBASE                  PIIX_PM_START
-#define GPIREG0                 (PMBASE+0x30)
-#define GPIREG(x)               (GPIREG0+((x)/8))
-#define GPIBIT(x)               (1 << ((x)%8))
-#define PIIX_GPI_BD_ID1         18
-#define PIIX_GPI_BD_ID2         19
-#define PIIX_GPI_BD_ID3         20
-#define PIIX_GPI_BD_ID4         21
-#define PIIX_GPI_BD_REG         GPIREG(PIIX_GPI_BD_ID1)
-#define PIIX_GPI_BD_MASK        (GPIBIT(PIIX_GPI_BD_ID1) | \
-                                GPIBIT(PIIX_GPI_BD_ID2) | \
-                                GPIBIT(PIIX_GPI_BD_ID3) | \
-                                GPIBIT(PIIX_GPI_BD_ID4) )
-#define PIIX_GPI_BD_SHIFT       (PIIX_GPI_BD_ID1 % 8)
-#define SIO_INDEX               0x2e
-#define SIO_DATA                0x2f
-#define SIO_DEV_SEL             0x7
-#define SIO_DEV_ENB             0x30
-#define SIO_DEV_MSB             0x60
-#define SIO_DEV_LSB             0x61
-#define SIO_GP_DEV              0x7
-#define SIO_GP_BASE             SIO_GPIO_START
-#define SIO_GP_MSB              (SIO_GP_BASE>>8)
-#define SIO_GP_LSB              (SIO_GP_BASE&0xff)
-#define SIO_GP_DATA1            (SIO_GP_BASE+0)
-#define SIO_PM_DEV              0x8
-#define SIO_PM_BASE             SIO_PM_START
-#define SIO_PM_MSB              (SIO_PM_BASE>>8)
-#define SIO_PM_LSB              (SIO_PM_BASE&0xff)
-#define SIO_PM_INDEX            (SIO_PM_BASE+0)
-#define SIO_PM_DATA             (SIO_PM_BASE+1)
-#define SIO_PM_FER2             0x1
-#define SIO_PM_GP_EN            0x80
-/*
- * This is the dev/reg where generating a config cycle will
- * result in a PCI special cycle.
- */
-#define SPECIAL_DEV             0xff
-#define SPECIAL_REG             0x00
-/*
- * PIIX4 needs to see a special cycle with the following data
- * to be convinced the processor has gone into the stop grant
- * state.  PIIX4 insists on seeing this before it will power
- * down a system.
- */
-#define PIIX_SPECIAL_STOP               0x00120002
-#define PIIX4_RESET_PORT        0xcf9
-#define PIIX4_RESET_VAL         0x6
-#define PMSTS_PORT              0xf80   // 2 bytes      PM Status
-#define PMEN_PORT               0xf82   // 2 bytes      PM Enable
-#define PMCNTRL_PORT            0xf84   // 2 bytes      PM Control
-#define PM_SUSPEND_ENABLE       0x2000  // start sequence to suspend state
-/*
- * PMSTS and PMEN I/O bit definitions.
- * (Bits are the same in both registers)
- */
-#define PM_STS_RSM              (1<<15) // Resume Status
-#define PM_STS_PWRBTNOR         (1<<11) // Power Button Override
-#define PM_STS_RTC              (1<<10) // RTC status
-#define PM_STS_PWRBTN           (1<<8)  // Power Button Pressed?
-#define PM_STS_GBL              (1<<5)  // Global Status
-#define PM_STS_BM               (1<<4)  // Bus Master Status
-#define PM_STS_TMROF            (1<<0)  // Timer Overflow Status.
-/*
- * Stop clock GPI register
- */
-#define PIIX_GPIREG0                    (0xf80 + 0x30)
-/*
- * Stop clock GPI bit in GPIREG0
- */
-#define PIIX_GPI_STPCLK         0x4     // STPCLK signal routed back in
-#endif /* _ASM_X86_VISWS_PIIX4_H */
diff --git a/arch/x86/include/asm/visws/sgivw.h b/arch/x86/include/asm/visws/sgivw.h
deleted file mode 100644
index 5fbf63e1003c..000000000000
--- a/arch/x86/include/asm/visws/sgivw.h
+++ /dev/null
@@ -1,5 +0,0 @@
-/*
- * Frame buffer position and size:
- */
-extern unsigned long sgivwfb_mem_phys;
-extern unsigned long sgivwfb_mem_size;
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 966502d4682e..7004d21e6219 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -85,6 +85,7 @@
 #define VM_EXIT_SAVE_IA32_EFER                  0x00100000
 #define VM_EXIT_LOAD_IA32_EFER                  0x00200000
 #define VM_EXIT_SAVE_VMX_PREEMPTION_TIMER       0x00400000
+#define VM_EXIT_CLEAR_BNDCFGS                   0x00800000
 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR       0x00036dff
@@ -95,11 +96,13 @@
 #define VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL     0x00002000
 #define VM_ENTRY_LOAD_IA32_PAT                  0x00004000
 #define VM_ENTRY_LOAD_IA32_EFER                 0x00008000
+#define VM_ENTRY_LOAD_BNDCFGS                   0x00010000
 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR      0x000011ff
 #define VMX_MISC_PREEMPTION_TIMER_RATE_MASK     0x0000001f
 #define VMX_MISC_SAVE_EFER_LMA                  0x00000020
+#define VMX_MISC_ACTIVITY_HLT                   0x00000040
 /* VMCS Encodings */
 enum vmcs_field {
@@ -173,6 +176,8 @@ enum vmcs_field {
        GUEST_PDPTR2_HIGH               = 0x0000280f,
        GUEST_PDPTR3                    = 0x00002810,
        GUEST_PDPTR3_HIGH               = 0x00002811,
+        GUEST_BNDCFGS                   = 0x00002812,
+        GUEST_BNDCFGS_HIGH              = 0x00002813,
        HOST_IA32_PAT                   = 0x00002c00,
        HOST_IA32_PAT_HIGH              = 0x00002c01,
        HOST_IA32_EFER                  = 0x00002c02,
diff --git a/arch/x86/include/asm/vvar.h b/arch/x86/include/asm/vvar.h
index d76ac40da206..081d909bc495 100644
--- a/arch/x86/include/asm/vvar.h
+++ b/arch/x86/include/asm/vvar.h
@@ -16,8 +16,8 @@
 * you mess up, the linker will catch it.)
 */
-/* Base address of vvars.  This is not ABI. */
+#ifndef _ASM_X86_VVAR_H
-#define VVAR_ADDRESS (-10*1024*1024 - 4096)
+#define _ASM_X86_VVAR_H
 #if defined(__VVAR_KERNEL_LDS)
@@ -29,16 +29,35 @@
 #else
+#ifdef BUILD_VDSO32
+#define DECLARE_VVAR(offset, type, name)                                \
+        extern type vvar_ ## name __attribute__((visibility("hidden")));
+#define VVAR(name) (vvar_ ## name)
+#else
+extern char __vvar_page;
+/* Base address of vvars.  This is not ABI. */
+#ifdef CONFIG_X86_64
+#define VVAR_ADDRESS (-10*1024*1024 - 4096)
+#else
+#define VVAR_ADDRESS (&__vvar_page)
+#endif
 #define DECLARE_VVAR(offset, type, name)                                \
        static type const * const vvaraddr_ ## name =                   \
                (void *)(VVAR_ADDRESS + (offset));
+#define VVAR(name) (*vvaraddr_ ## name)
+#endif
 #define DEFINE_VVAR(type, name)                                         \
        type name                                                       \
        __attribute__((section(".vvar_" #name), aligned(16))) __visible
-#define VVAR(name) (*vvaraddr_ ## name)
 #endif
 /* DECLARE_VVAR(offset, type, name) */
@@ -48,3 +67,5 @@ DECLARE_VVAR(16, int, vgetcpu_mode)
 DECLARE_VVAR(128, struct vsyscall_gtod_data, vsyscall_gtod_data)
 #undef DECLARE_VVAR
+#endif
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
index 0f1be11e43d2..e45e4da96bf1 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -181,7 +181,7 @@ struct x86_msi_ops {
                               u8 hpet_id);
        void (*teardown_msi_irq)(unsigned int irq);
        void (*teardown_msi_irqs)(struct pci_dev *dev);
-        void (*restore_msi_irqs)(struct pci_dev *dev, int irq);
+        void (*restore_msi_irqs)(struct pci_dev *dev);
        int  (*setup_hpet_msi)(unsigned int irq, unsigned int id);
        u32 (*msi_mask_irq)(struct msi_desc *desc, u32 mask, u32 flag);
        u32 (*msix_mask_irq)(struct msi_desc *desc, u32 flag);
diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h
index b913915e8e63..c949923a5668 100644
--- a/arch/x86/include/asm/xen/page.h
+++ b/arch/x86/include/asm/xen/page.h
@@ -49,10 +49,17 @@ extern bool __set_phys_to_machine(unsigned long pfn, unsigned long mfn);
 extern unsigned long set_phys_range_identity(unsigned long pfn_s,
                                             unsigned long pfn_e);
+extern int set_foreign_p2m_mapping(struct gnttab_map_grant_ref *map_ops,
+                                   struct gnttab_map_grant_ref *kmap_ops,
+                                   struct page **pages, unsigned int count);
 extern int m2p_add_override(unsigned long mfn, struct page *page,
                            struct gnttab_map_grant_ref *kmap_op);
+extern int clear_foreign_p2m_mapping(struct gnttab_unmap_grant_ref *unmap_ops,
+                                     struct gnttab_map_grant_ref *kmap_ops,
+                                     struct page **pages, unsigned int count);
 extern int m2p_remove_override(struct page *page,
-                                struct gnttab_map_grant_ref *kmap_op);
+                               struct gnttab_map_grant_ref *kmap_op,
+                               unsigned long mfn);
 extern struct page *m2p_find_override(unsigned long mfn);
 extern unsigned long m2p_find_override_pfn(unsigned long mfn, unsigned long pfn);
@@ -121,7 +128,7 @@ static inline unsigned long mfn_to_pfn(unsigned long mfn)
                pfn = m2p_find_override_pfn(mfn, ~0);
        }
-        /* 
+        /*
         * pfn is ~0 if there are no entries in the m2p for mfn or if the
         * entry doesn't map back to the mfn and m2p_override doesn't have a
         * valid entry for it.
@@ -167,7 +174,12 @@ static inline xpaddr_t machine_to_phys(xmaddr_t machine)
 */
 static inline unsigned long mfn_to_local_pfn(unsigned long mfn)
 {
-        unsigned long pfn = mfn_to_pfn(mfn);
+        unsigned long pfn;
+        if (xen_feature(XENFEAT_auto_translated_physmap))
+                return mfn;
+        pfn = mfn_to_pfn(mfn);
        if (get_phys_to_machine(pfn) != mfn)
                return -1; /* force !pfn_valid() */
        return pfn;
@@ -222,5 +234,6 @@ void make_lowmem_page_readonly(void *vaddr);
 void make_lowmem_page_readwrite(void *vaddr);
 #define xen_remap(cookie, size) ioremap((cookie), (size));
+#define xen_unmap(cookie) iounmap((cookie))
 #endif /* _ASM_X86_XEN_PAGE_H */
diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h
index 0415cdabb5a6..d949ef28c48b 100644
--- a/arch/x86/include/asm/xsave.h
+++ b/arch/x86/include/asm/xsave.h
@@ -6,11 +6,18 @@
 #define XSTATE_CPUID            0x0000000d
-#define XSTATE_FP       0x1
+#define XSTATE_FP               0x1
-#define XSTATE_SSE      0x2
+#define XSTATE_SSE              0x2
-#define XSTATE_YMM      0x4
+#define XSTATE_YMM              0x4
+#define XSTATE_BNDREGS          0x8
+#define XSTATE_BNDCSR           0x10
+#define XSTATE_OPMASK           0x20
+#define XSTATE_ZMM_Hi256        0x40
+#define XSTATE_Hi16_ZMM         0x80
 #define XSTATE_FPSSE    (XSTATE_FP | XSTATE_SSE)
+/* Bit 63 of XCR0 is reserved for future expansion */
+#define XSTATE_EXTEND_MASK      (~(XSTATE_FPSSE | (1ULL << 63)))
 #define FXSAVE_SIZE     512
@@ -20,10 +27,15 @@
 #define XSAVE_YMM_SIZE      256
 #define XSAVE_YMM_OFFSET    (XSAVE_HDR_SIZE + XSAVE_HDR_OFFSET)
-/*
+/* Supported features which support lazy state saving */
- * These are the features that the OS can handle currently.
+#define XSTATE_LAZY     (XSTATE_FP | XSTATE_SSE | XSTATE_YMM                  \
- */
+                        | XSTATE_OPMASK | XSTATE_ZMM_Hi256 | XSTATE_Hi16_ZMM)
-#define XCNTXT_MASK     (XSTATE_FP | XSTATE_SSE | XSTATE_YMM)
+/* Supported features which require eager state saving */
+#define XSTATE_EAGER    (XSTATE_BNDREGS | XSTATE_BNDCSR)
+/* All currently supported features */
+#define XCNTXT_MASK     (XSTATE_LAZY | XSTATE_EAGER)
 #ifdef CONFIG_X86_64
 #define REX_PREFIX      "0x48, "
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index 9c3733c5f8f7..225b0988043a 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -6,6 +6,7 @@
 #define SETUP_E820_EXT                  1
 #define SETUP_DTB                       2
 #define SETUP_PCI                       3
+#define SETUP_EFI                       4
 /* ram_size flags */
 #define RAMDISK_IMAGE_START_MASK        0x07FF
@@ -23,6 +24,7 @@
 #define XLF_CAN_BE_LOADED_ABOVE_4G      (1<<1)
 #define XLF_EFI_HANDOVER_32             (1<<2)
 #define XLF_EFI_HANDOVER_64             (1<<3)
+#define XLF_EFI_KEXEC                   (1<<4)
 #ifndef __ASSEMBLY__
diff --git a/arch/x86/include/uapi/asm/hyperv.h b/arch/x86/include/uapi/asm/hyperv.h
index b8f1c0176cbc..462efe746d77 100644
--- a/arch/x86/include/uapi/asm/hyperv.h
+++ b/arch/x86/include/uapi/asm/hyperv.h
@@ -28,6 +28,9 @@
 /* Partition Reference Counter (HV_X64_MSR_TIME_REF_COUNT) available*/
 #define HV_X64_MSR_TIME_REF_COUNT_AVAILABLE     (1 << 1)
+/* A partition's reference time stamp counter (TSC) page */
+#define HV_X64_MSR_REFERENCE_TSC                0x40000021
 /*
 * There is a single feature flag that signifies the presence of the MSR
 * that can be used to retrieve both the local APIC Timer frequency as
@@ -198,6 +201,9 @@
 #define HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_MASK        \
                (~((1ull << HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_SHIFT) - 1))
+#define HV_X64_MSR_TSC_REFERENCE_ENABLE         0x00000001
+#define HV_X64_MSR_TSC_REFERENCE_ADDRESS_SHIFT  12
 #define HV_PROCESSOR_POWER_STATE_C0             0
 #define HV_PROCESSOR_POWER_STATE_C1             1
 #define HV_PROCESSOR_POWER_STATE_C2             2
@@ -210,4 +216,11 @@
 #define HV_STATUS_INVALID_ALIGNMENT             4
 #define HV_STATUS_INSUFFICIENT_BUFFERS          19
+typedef struct _HV_REFERENCE_TSC_PAGE {
+        __u32 tsc_sequence;
+        __u32 res1;
+        __u64 tsc_scale;
+        __s64 tsc_offset;
+} HV_REFERENCE_TSC_PAGE, *PHV_REFERENCE_TSC_PAGE;
 #endif
diff --git a/arch/x86/include/uapi/asm/msr-index.h b/arch/x86/include/uapi/asm/msr-index.h
index 37813b5ddc37..c827ace3121b 100644
--- a/arch/x86/include/uapi/asm/msr-index.h
+++ b/arch/x86/include/uapi/asm/msr-index.h
@@ -184,6 +184,7 @@
 #define MSR_AMD64_PATCH_LOADER          0xc0010020
 #define MSR_AMD64_OSVW_ID_LENGTH        0xc0010140
 #define MSR_AMD64_OSVW_STATUS           0xc0010141
+#define MSR_AMD64_LS_CFG                0xc0011020
 #define MSR_AMD64_DC_CFG                0xc0011022
 #define MSR_AMD64_BU_CFG2               0xc001102a
 #define MSR_AMD64_IBSFETCHCTL           0xc0011030
@@ -294,6 +295,7 @@
 #define MSR_SMI_COUNT                   0x00000034
 #define MSR_IA32_FEATURE_CONTROL        0x0000003a
 #define MSR_IA32_TSC_ADJUST             0x0000003b
+#define MSR_IA32_BNDCFGS                0x00000d90
 #define FEATURE_CONTROL_LOCKED                          (1<<0)
 #define FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX        (1<<1)
@@ -367,33 +369,58 @@
 #define THERM_LOG_THRESHOLD1           (1 << 9)
 /* MISC_ENABLE bits: architectural */
-#define MSR_IA32_MISC_ENABLE_FAST_STRING        (1ULL << 0)
+#define MSR_IA32_MISC_ENABLE_FAST_STRING_BIT            0
-#define MSR_IA32_MISC_ENABLE_TCC                (1ULL << 1)
+#define MSR_IA32_MISC_ENABLE_FAST_STRING                (1ULL << MSR_IA32_MISC_ENABLE_FAST_STRING_BIT)
-#define MSR_IA32_MISC_ENABLE_EMON               (1ULL << 7)
+#define MSR_IA32_MISC_ENABLE_TCC_BIT                    1
-#define MSR_IA32_MISC_ENABLE_BTS_UNAVAIL        (1ULL << 11)
+#define MSR_IA32_MISC_ENABLE_TCC                        (1ULL << MSR_IA32_MISC_ENABLE_TCC_BIT)
-#define MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL       (1ULL << 12)
+#define MSR_IA32_MISC_ENABLE_EMON_BIT                   7
-#define MSR_IA32_MISC_ENABLE_ENHANCED_SPEEDSTEP (1ULL << 16)
+#define MSR_IA32_MISC_ENABLE_EMON                       (1ULL << MSR_IA32_MISC_ENABLE_EMON_BIT)
-#define MSR_IA32_MISC_ENABLE_MWAIT              (1ULL << 18)
+#define MSR_IA32_MISC_ENABLE_BTS_UNAVAIL_BIT            11
-#define MSR_IA32_MISC_ENABLE_LIMIT_CPUID        (1ULL << 22)
+#define MSR_IA32_MISC_ENABLE_BTS_UNAVAIL                (1ULL << MSR_IA32_MISC_ENABLE_BTS_UNAVAIL_BIT)
-#define MSR_IA32_MISC_ENABLE_XTPR_DISABLE       (1ULL << 23)
+#define MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL_BIT           12
-#define MSR_IA32_MISC_ENABLE_XD_DISABLE         (1ULL << 34)
+#define MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL               (1ULL << MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL_BIT)
+#define MSR_IA32_MISC_ENABLE_ENHANCED_SPEEDSTEP_BIT     16
+#define MSR_IA32_MISC_ENABLE_ENHANCED_SPEEDSTEP         (1ULL << MSR_IA32_MISC_ENABLE_ENHANCED_SPEEDSTEP_BIT)
+#define MSR_IA32_MISC_ENABLE_MWAIT_BIT                  18
+#define MSR_IA32_MISC_ENABLE_MWAIT                      (1ULL << MSR_IA32_MISC_ENABLE_MWAIT_BIT)
+#define MSR_IA32_MISC_ENABLE_LIMIT_CPUID_BIT            22
+#define MSR_IA32_MISC_ENABLE_LIMIT_CPUID                (1ULL << MSR_IA32_MISC_ENABLE_LIMIT_CPUID_BIT);
+#define MSR_IA32_MISC_ENABLE_XTPR_DISABLE_BIT           23
+#define MSR_IA32_MISC_ENABLE_XTPR_DISABLE               (1ULL << MSR_IA32_MISC_ENABLE_XTPR_DISABLE_BIT)
+#define MSR_IA32_MISC_ENABLE_XD_DISABLE_BIT             34
+#define MSR_IA32_MISC_ENABLE_XD_DISABLE                 (1ULL << MSR_IA32_MISC_ENABLE_XD_DISABLE_BIT)
 /* MISC_ENABLE bits: model-specific, meaning may vary from core to core */
-#define MSR_IA32_MISC_ENABLE_X87_COMPAT         (1ULL << 2)
+#define MSR_IA32_MISC_ENABLE_X87_COMPAT_BIT             2
-#define MSR_IA32_MISC_ENABLE_TM1                (1ULL << 3)
+#define MSR_IA32_MISC_ENABLE_X87_COMPAT                 (1ULL << MSR_IA32_MISC_ENABLE_X87_COMPAT_BIT)
-#define MSR_IA32_MISC_ENABLE_SPLIT_LOCK_DISABLE (1ULL << 4)
+#define MSR_IA32_MISC_ENABLE_TM1_BIT                    3
-#define MSR_IA32_MISC_ENABLE_L3CACHE_DISABLE    (1ULL << 6)
+#define MSR_IA32_MISC_ENABLE_TM1                        (1ULL << MSR_IA32_MISC_ENABLE_TM1_BIT)
-#define MSR_IA32_MISC_ENABLE_SUPPRESS_LOCK      (1ULL << 8)
+#define MSR_IA32_MISC_ENABLE_SPLIT_LOCK_DISABLE_BIT     4
-#define MSR_IA32_MISC_ENABLE_PREFETCH_DISABLE   (1ULL << 9)
+#define MSR_IA32_MISC_ENABLE_SPLIT_LOCK_DISABLE         (1ULL << MSR_IA32_MISC_ENABLE_SPLIT_LOCK_DISABLE_BIT)
-#define MSR_IA32_MISC_ENABLE_FERR               (1ULL << 10)
+#define MSR_IA32_MISC_ENABLE_L3CACHE_DISABLE_BIT        6
-#define MSR_IA32_MISC_ENABLE_FERR_MULTIPLEX     (1ULL << 10)
+#define MSR_IA32_MISC_ENABLE_L3CACHE_DISABLE            (1ULL << MSR_IA32_MISC_ENABLE_L3CACHE_DISABLE_BIT)
-#define MSR_IA32_MISC_ENABLE_TM2                (1ULL << 13)
+#define MSR_IA32_MISC_ENABLE_SUPPRESS_LOCK_BIT          8
-#define MSR_IA32_MISC_ENABLE_ADJ_PREF_DISABLE   (1ULL << 19)
+#define MSR_IA32_MISC_ENABLE_SUPPRESS_LOCK              (1ULL << MSR_IA32_MISC_ENABLE_SUPPRESS_LOCK_BIT)
-#define MSR_IA32_MISC_ENABLE_SPEEDSTEP_LOCK     (1ULL << 20)
+#define MSR_IA32_MISC_ENABLE_PREFETCH_DISABLE_BIT       9
-#define MSR_IA32_MISC_ENABLE_L1D_CONTEXT        (1ULL << 24)
+#define MSR_IA32_MISC_ENABLE_PREFETCH_DISABLE           (1ULL << MSR_IA32_MISC_ENABLE_PREFETCH_DISABLE_BIT)
-#define MSR_IA32_MISC_ENABLE_DCU_PREF_DISABLE   (1ULL << 37)
+#define MSR_IA32_MISC_ENABLE_FERR_BIT                   10
-#define MSR_IA32_MISC_ENABLE_TURBO_DISABLE      (1ULL << 38)
+#define MSR_IA32_MISC_ENABLE_FERR                       (1ULL << MSR_IA32_MISC_ENABLE_FERR_BIT)
-#define MSR_IA32_MISC_ENABLE_IP_PREF_DISABLE    (1ULL << 39)
+#define MSR_IA32_MISC_ENABLE_FERR_MULTIPLEX_BIT         10
+#define MSR_IA32_MISC_ENABLE_FERR_MULTIPLEX             (1ULL << MSR_IA32_MISC_ENABLE_FERR_MULTIPLEX_BIT)
+#define MSR_IA32_MISC_ENABLE_TM2_BIT                    13
+#define MSR_IA32_MISC_ENABLE_TM2                        (1ULL << MSR_IA32_MISC_ENABLE_TM2_BIT)
+#define MSR_IA32_MISC_ENABLE_ADJ_PREF_DISABLE_BIT       19
+#define MSR_IA32_MISC_ENABLE_ADJ_PREF_DISABLE           (1ULL << MSR_IA32_MISC_ENABLE_ADJ_PREF_DISABLE_BIT)
+#define MSR_IA32_MISC_ENABLE_SPEEDSTEP_LOCK_BIT         20
+#define MSR_IA32_MISC_ENABLE_SPEEDSTEP_LOCK             (1ULL << MSR_IA32_MISC_ENABLE_SPEEDSTEP_LOCK_BIT)
+#define MSR_IA32_MISC_ENABLE_L1D_CONTEXT_BIT            24
+#define MSR_IA32_MISC_ENABLE_L1D_CONTEXT                (1ULL << MSR_IA32_MISC_ENABLE_L1D_CONTEXT_BIT)
+#define MSR_IA32_MISC_ENABLE_DCU_PREF_DISABLE_BIT       37
+#define MSR_IA32_MISC_ENABLE_DCU_PREF_DISABLE           (1ULL << MSR_IA32_MISC_ENABLE_DCU_PREF_DISABLE_BIT)
+#define MSR_IA32_MISC_ENABLE_TURBO_DISABLE_BIT          38
+#define MSR_IA32_MISC_ENABLE_TURBO_DISABLE              (1ULL << MSR_IA32_MISC_ENABLE_TURBO_DISABLE_BIT)
+#define MSR_IA32_MISC_ENABLE_IP_PREF_DISABLE_BIT        39
+#define MSR_IA32_MISC_ENABLE_IP_PREF_DISABLE            (1ULL << MSR_IA32_MISC_ENABLE_IP_PREF_DISABLE_BIT)
 #define MSR_IA32_TSC_DEADLINE           0x000006E0
@@ -527,6 +554,7 @@
 #define MSR_IA32_VMX_TRUE_PROCBASED_CTLS 0x0000048e
 #define MSR_IA32_VMX_TRUE_EXIT_CTLS      0x0000048f
 #define MSR_IA32_VMX_TRUE_ENTRY_CTLS     0x00000490
+#define MSR_IA32_VMX_VMFUNC             0x00000491
 /* VMX_BASIC bits and bitmasks */
 #define VMX_BASIC_VMCS_SIZE_SHIFT       32
diff --git a/arch/x86/include/uapi/asm/sembuf.h b/arch/x86/include/uapi/asm/sembuf.h
index ee50c801f7b7..cc2d6a3aeae7 100644
--- a/arch/x86/include/uapi/asm/sembuf.h
+++ b/arch/x86/include/uapi/asm/sembuf.h
@@ -13,12 +13,12 @@
 struct semid64_ds {
        struct ipc64_perm sem_perm;     /* permissions .. see ipc.h */
        __kernel_time_t sem_otime;      /* last semop time */
-        unsigned long   __unused1;
+        __kernel_ulong_t __unused1;
        __kernel_time_t sem_ctime;      /* last change time */
-        unsigned long   __unused2;
+        __kernel_ulong_t __unused2;
-        unsigned long   sem_nsems;      /* no. of semaphores in array */
+        __kernel_ulong_t sem_nsems;     /* no. of semaphores in array */
-        unsigned long   __unused3;
+        __kernel_ulong_t __unused3;
-        unsigned long   __unused4;
+        __kernel_ulong_t __unused4;
 };
 #endif /* _ASM_X86_SEMBUF_H */
diff --git a/arch/x86/include/uapi/asm/stat.h b/arch/x86/include/uapi/asm/stat.h
index 7b3ddc348585..bc03eb5d6360 100644
--- a/arch/x86/include/uapi/asm/stat.h
+++ b/arch/x86/include/uapi/asm/stat.h
@@ -1,6 +1,8 @@
 #ifndef _ASM_X86_STAT_H
 #define _ASM_X86_STAT_H
+#include <asm/posix_types.h>
 #define STAT_HAVE_NSEC 1
 #ifdef __i386__
@@ -78,26 +80,26 @@ struct stat64 {
 #else /* __i386__ */
 struct stat {
-        unsigned long   st_dev;
+        __kernel_ulong_t        st_dev;
-        unsigned long   st_ino;
+        __kernel_ulong_t        st_ino;
-        unsigned long   st_nlink;
+        __kernel_ulong_t        st_nlink;
-        unsigned int    st_mode;
+        unsigned int            st_mode;
-        unsigned int    st_uid;
+        unsigned int            st_uid;
-        unsigned int    st_gid;
+        unsigned int            st_gid;
-        unsigned int    __pad0;
+        unsigned int            __pad0;
-        unsigned long   st_rdev;
+        __kernel_ulong_t        st_rdev;
-        long            st_size;
+        __kernel_long_t         st_size;
-        long            st_blksize;
+        __kernel_long_t         st_blksize;
-        long            st_blocks;      /* Number 512-byte blocks allocated. */
+        __kernel_long_t         st_blocks;      /* Number 512-byte blocks allocated. */
-        unsigned long   st_atime;
+        __kernel_ulong_t        st_atime;
-        unsigned long   st_atime_nsec;
+        __kernel_ulong_t        st_atime_nsec;
-        unsigned long   st_mtime;
+        __kernel_ulong_t        st_mtime;
-        unsigned long   st_mtime_nsec;
+        __kernel_ulong_t        st_mtime_nsec;
-        unsigned long   st_ctime;
+        __kernel_ulong_t        st_ctime;
-        unsigned long   st_ctime_nsec;
+        __kernel_ulong_t        st_ctime_nsec;
-        long            __unused[3];
+        __kernel_long_t         __unused[3];
 };
 /* We don't need to memset the whole thing just to initialize the padding */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 9b0a34e2cd79..f4d96000d33a 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -26,13 +26,14 @@ obj-$(CONFIG_IRQ_WORK)  += irq_work.o
 obj-y                   += probe_roms.o
 obj-$(CONFIG_X86_32)    += i386_ksyms_32.o
 obj-$(CONFIG_X86_64)    += sys_x86_64.o x8664_ksyms_64.o
-obj-y                   += syscall_$(BITS).o
+obj-y                   += syscall_$(BITS).o vsyscall_gtod.o
 obj-$(CONFIG_X86_64)    += vsyscall_64.o
 obj-$(CONFIG_X86_64)    += vsyscall_emu_64.o
+obj-$(CONFIG_SYSFS)     += ksysfs.o
 obj-y                   += bootflag.o e820.o
 obj-y                   += pci-dma.o quirks.o topology.o kdebugfs.o
 obj-y                   += alternative.o i8253.o pci-nommu.o hw_breakpoint.o
-obj-y                   += tsc.o io_delay.o rtc.o
+obj-y                   += tsc.o tsc_msr.o io_delay.o rtc.o
 obj-y                   += pci-iommu_table.o
 obj-y                   += resource.o
@@ -91,15 +92,6 @@ obj-$(CONFIG_PARAVIRT_CLOCK)	+= pvclock.o
 obj-$(CONFIG_PCSPKR_PLATFORM)   += pcspeaker.o
-obj-$(CONFIG_MICROCODE_EARLY)           += microcode_core_early.o
-obj-$(CONFIG_MICROCODE_INTEL_EARLY)     += microcode_intel_early.o
-obj-$(CONFIG_MICROCODE_INTEL_LIB)       += microcode_intel_lib.o
-microcode-y                             := microcode_core.o
-microcode-$(CONFIG_MICROCODE_INTEL)     += microcode_intel.o
-microcode-$(CONFIG_MICROCODE_AMD)       += microcode_amd.o
-obj-$(CONFIG_MICROCODE_AMD_EARLY)       += microcode_amd_early.o
-obj-$(CONFIG_MICROCODE)                 += microcode.o
 obj-$(CONFIG_X86_CHECK_BIOS_CORRUPTION) += check.o
 obj-$(CONFIG_SWIOTLB)                   += pci-swiotlb.o
@@ -111,6 +103,7 @@ obj-$(CONFIG_EFI)			+= sysfb_efi.o
 obj-$(CONFIG_PERF_EVENTS)               += perf_regs.o
 obj-$(CONFIG_TRACING)                   += tracepoint.o
+obj-$(CONFIG_IOSF_MBI)                  += iosf_mbi.o
 ###
 # 64 bit specific files
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
index 6c0b43bd024b..86281ffb96d6 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -46,7 +46,6 @@
 #include "sleep.h" /* To include x86_acpi_suspend_lowlevel */
 static int __initdata acpi_force = 0;
-u32 acpi_rsdt_forced;
 int acpi_disabled;
 EXPORT_SYMBOL(acpi_disabled);
@@ -54,10 +53,6 @@ EXPORT_SYMBOL(acpi_disabled);
 # include <asm/proto.h>
 #endif                          /* X86 */
-#define BAD_MADT_ENTRY(entry, end) (                                        \
-                (!entry) || (unsigned long)entry + sizeof(*entry) > end ||  \
-                ((struct acpi_subtable_header *)entry)->length < sizeof(*entry))
 #define PREFIX                  "ACPI: "
 int acpi_noirq;                         /* skip ACPI IRQ initialization */
@@ -614,10 +609,10 @@ static void acpi_map_cpu2node(acpi_handle handle, int cpu, int physid)
        int nid;
        nid = acpi_get_node(handle);
-        if (nid == -1 || !node_online(nid))
+        if (nid != -1) {
-                return;
+                set_apicid_to_node(physid, nid);
-        set_apicid_to_node(physid, nid);
+                numa_set_node(cpu, nid);
-        numa_set_node(cpu, nid);
+        }
 #endif
 }
@@ -908,10 +903,6 @@ static int __init acpi_parse_madt_lapic_entries(void)
 #ifdef  CONFIG_X86_IO_APIC
 #define MP_ISA_BUS              0
-#ifdef CONFIG_X86_ES7000
-extern int es7000_plat;
-#endif
 void __init mp_override_legacy_irq(u8 bus_irq, u8 polarity, u8 trigger, u32 gsi)
 {
        int ioapic;
@@ -961,14 +952,6 @@ void __init mp_config_acpi_legacy_irqs(void)
        set_bit(MP_ISA_BUS, mp_bus_not_pci);
        pr_debug("Bus #%d is ISA\n", MP_ISA_BUS);
-#ifdef CONFIG_X86_ES7000
-        /*
-         * Older generations of ES7000 have no legacy identity mappings
-         */
-        if (es7000_plat == 1)
-                return;
-#endif
        /*
         * Use the default configuration for the IRQs 0-15.  Unless
         * overridden by (MADT) interrupt source override entries.
@@ -1034,9 +1017,7 @@ static int mp_config_acpi_gsi(struct device *dev, u32 gsi, int trigger,
        if (!acpi_ioapic)
                return 0;
-        if (!dev)
+        if (!dev || !dev_is_pci(dev))
-                return 0;
-        if (dev->bus != &pci_bus_type)
                return 0;
        pdev = to_pci_dev(dev);
@@ -1564,7 +1545,7 @@ static int __init parse_acpi(char *arg)
        }
        /* acpi=rsdt use RSDT instead of XSDT */
        else if (strcmp(arg, "rsdt") == 0) {
-                acpi_rsdt_forced = 1;
+                acpi_gbl_do_not_use_xsdt = TRUE;
        }
        /* "acpi=noirq" disables ACPI interrupt routing */
        else if (strcmp(arg, "noirq") == 0) {
diff --git a/arch/x86/kernel/acpi/cstate.c b/arch/x86/kernel/acpi/cstate.c
index d2b7f27781bc..4b28159e0421 100644
--- a/arch/x86/kernel/acpi/cstate.c
+++ b/arch/x86/kernel/acpi/cstate.c
@@ -87,7 +87,9 @@ static long acpi_processor_ffh_cstate_probe_cpu(void *_cx)
        num_cstate_subtype = edx_part & MWAIT_SUBSTATE_MASK;
        retval = 0;
-        if (num_cstate_subtype < (cx->address & MWAIT_SUBSTATE_MASK)) {
+        /* If the HW does not support any sub-states in this C-state */
+        if (num_cstate_subtype == 0) {
+                pr_warn(FW_BUG "ACPI MWAIT C-state 0x%x not supported by HW (0x%x)\n", cx->address, edx_part);
                retval = -1;
                goto out;
        }
@@ -150,29 +152,6 @@ int acpi_processor_ffh_cstate_probe(unsigned int cpu,
 }
 EXPORT_SYMBOL_GPL(acpi_processor_ffh_cstate_probe);
-/*
- * This uses new MONITOR/MWAIT instructions on P4 processors with PNI,
- * which can obviate IPI to trigger checking of need_resched.
- * We execute MONITOR against need_resched and enter optimized wait state
- * through MWAIT. Whenever someone changes need_resched, we would be woken
- * up from MWAIT (without an IPI).
- *
- * New with Core Duo processors, MWAIT can take some hints based on CPU
- * capability.
- */
-void mwait_idle_with_hints(unsigned long ax, unsigned long cx)
-{
-        if (!need_resched()) {
-                if (this_cpu_has(X86_FEATURE_CLFLUSH_MONITOR))
-                        clflush((void *)&current_thread_info()->flags);
-                __monitor((void *)&current_thread_info()->flags, 0, 0);
-                smp_mb();
-                if (!need_resched())
-                        __mwait(ax, cx);
-        }
-}
 void acpi_processor_ffh_cstate_enter(struct acpi_processor_cx *cx)
 {
        unsigned int cpu = smp_processor_id();
diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
index 59554dca96ec..f04dbb3069b8 100644
--- a/arch/x86/kernel/amd_nb.c
+++ b/arch/x86/kernel/amd_nb.c
@@ -22,6 +22,7 @@ const struct pci_device_id amd_nb_misc_ids[] = {
        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_M10H_F3) },
        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_M30H_NB_F3) },
        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_NB_F3) },
+        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_M30H_NB_F3) },
        {}
 };
 EXPORT_SYMBOL(amd_nb_misc_ids);
@@ -30,6 +31,7 @@ static const struct pci_device_id amd_nb_link_ids[] = {
        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_NB_F4) },
        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_M30H_NB_F4) },
        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_NB_F4) },
+        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_M30H_NB_F4) },
        {}
 };
@@ -179,7 +181,7 @@ int amd_get_subcaches(int cpu)
        return (mask >> (4 * cuid)) & 0xf;
 }
-int amd_set_subcaches(int cpu, int mask)
+int amd_set_subcaches(int cpu, unsigned long mask)
 {
        static unsigned int reset, ban;
        struct amd_northbridge *nb = node_to_amd_nb(amd_get_nb_id(cpu));
diff --git a/arch/x86/kernel/aperture_64.c b/arch/x86/kernel/aperture_64.c
index fd972a3e4cbb..9fa8aa051f54 100644
--- a/arch/x86/kernel/aperture_64.c
+++ b/arch/x86/kernel/aperture_64.c
@@ -18,7 +18,6 @@
 #include <linux/pci_ids.h>
 #include <linux/pci.h>
 #include <linux/bitops.h>
-#include <linux/ioport.h>
 #include <linux/suspend.h>
 #include <asm/e820.h>
 #include <asm/io.h>
@@ -54,18 +53,6 @@ int fallback_aper_force __initdata;
 int fix_aperture __initdata = 1;
-static struct resource gart_resource = {
-        .name   = "GART",
-        .flags  = IORESOURCE_MEM,
-};
-static void __init insert_aperture_resource(u32 aper_base, u32 aper_size)
-{
-        gart_resource.start = aper_base;
-        gart_resource.end = aper_base + aper_size - 1;
-        insert_resource(&iomem_resource, &gart_resource);
-}
 /* This code runs before the PCI subsystem is initialized, so just
   access the northbridge directly. */
@@ -96,7 +83,6 @@ static u32 __init allocate_aperture(void)
        memblock_reserve(addr, aper_size);
        printk(KERN_INFO "Mapping aperture over %d KB of RAM @ %lx\n",
                        aper_size >> 10, addr);
-        insert_aperture_resource((u32)addr, aper_size);
        register_nosave_region(addr >> PAGE_SHIFT,
                               (addr+aper_size) >> PAGE_SHIFT);
@@ -444,12 +430,8 @@ int __init gart_iommu_hole_init(void)
 out:
        if (!fix && !fallback_aper_force) {
-                if (last_aper_base) {
+                if (last_aper_base)
-                        unsigned long n = (32 * 1024 * 1024) << last_aper_order;
-                        insert_aperture_resource((u32)last_aper_base, n);
                        return 1;
-                }
                return 0;
        }
diff --git a/arch/x86/kernel/apic/Makefile b/arch/x86/kernel/apic/Makefile
index 0ae0323b1f9c..dcb5b15401ce 100644
--- a/arch/x86/kernel/apic/Makefile
+++ b/arch/x86/kernel/apic/Makefile
@@ -18,10 +18,7 @@ obj-y				+= apic_flat_64.o
 endif
 # APIC probe will depend on the listing order here
-obj-$(CONFIG_X86_NUMAQ)         += numaq_32.o
-obj-$(CONFIG_X86_SUMMIT)        += summit_32.o
 obj-$(CONFIG_X86_BIGSMP)        += bigsmp_32.o
-obj-$(CONFIG_X86_ES7000)        += es7000_32.o
 # For 32bit, probe_32 need to be listed last
 obj-$(CONFIG_X86_LOCAL_APIC)    += probe_$(BITS).o
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index d278736bf774..ad28db7e6bde 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -75,6 +75,13 @@ unsigned int max_physical_apicid;
 physid_mask_t phys_cpu_present_map;
 /*
+ * Processor to be disabled specified by kernel parameter
+ * disable_cpu_apicid=<int>, mostly used for the kdump 2nd kernel to
+ * avoid undefined behaviour caused by sending INIT from AP to BSP.
+ */
+static unsigned int disabled_cpu_apicid __read_mostly = BAD_APICID;
+/*
 * Map cpu index to physical APIC ID
 */
 DEFINE_EARLY_PER_CPU_READ_MOSTLY(u16, x86_cpu_to_apicid, BAD_APICID);
@@ -126,6 +133,10 @@ static inline void imcr_apic_to_pic(void)
 * +1=force-enable
 */
 static int force_enable_local_apic __initdata;
+/* Control whether x2APIC mode is enabled or not */
+static bool nox2apic __initdata;
 /*
 * APIC command line parameters
 */
@@ -155,8 +166,7 @@ int x2apic_mode;
 /* x2apic enabled before OS handover */
 int x2apic_preenabled;
 static int x2apic_disabled;
-static int nox2apic;
+static int __init setup_nox2apic(char *str)
-static __init int setup_nox2apic(char *str)
 {
        if (x2apic_enabled()) {
                int apicid = native_apic_msr_read(APIC_ID);
@@ -171,7 +181,7 @@ static __init int setup_nox2apic(char *str)
        } else
                setup_clear_cpu_cap(X86_FEATURE_X2APIC);
-        nox2apic = 1;
+        nox2apic = true;
        return 0;
 }
@@ -276,8 +286,12 @@ u32 native_safe_apic_wait_icr_idle(void)
 void native_apic_icr_write(u32 low, u32 id)
 {
+        unsigned long flags;
+        local_irq_save(flags);
        apic_write(APIC_ICR2, SET_APIC_DEST_FIELD(id));
        apic_write(APIC_ICR, low);
+        local_irq_restore(flags);
 }
 u64 native_apic_icr_read(void)
@@ -1968,7 +1982,7 @@ __visible void smp_trace_spurious_interrupt(struct pt_regs *regs)
 */
 static inline void __smp_error_interrupt(struct pt_regs *regs)
 {
-        u32 v0, v1;
+        u32 v;
        u32 i = 0;
        static const char * const error_interrupt_reason[] = {
                "Send CS error",                /* APIC Error Bit 0 */
@@ -1982,21 +1996,21 @@ static inline void __smp_error_interrupt(struct pt_regs *regs)
        };
        /* First tickle the hardware, only then report what went on. -- REW */
-        v0 = apic_read(APIC_ESR);
+        if (lapic_get_maxlvt() > 3)     /* Due to the Pentium erratum 3AP. */
-        apic_write(APIC_ESR, 0);
+                apic_write(APIC_ESR, 0);
-        v1 = apic_read(APIC_ESR);
+        v = apic_read(APIC_ESR);
        ack_APIC_irq();
        atomic_inc(&irq_err_count);
-        apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)",
+        apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x",
-                    smp_processor_id(), v0 , v1);
+                    smp_processor_id(), v);
-        v1 = v1 & 0xff;
+        v &= 0xff;
-        while (v1) {
+        while (v) {
-                if (v1 & 0x1)
+                if (v & 0x1)
                        apic_printk(APIC_DEBUG, KERN_CONT " : %s", error_interrupt_reason[i]);
                i++;
-                v1 >>= 1;
+                v >>= 1;
        }
        apic_printk(APIC_DEBUG, KERN_CONT "\n");
@@ -2115,6 +2129,38 @@ int generic_processor_info(int apicid, int version)
                                phys_cpu_present_map);
        /*
+         * boot_cpu_physical_apicid is designed to have the apicid
+         * returned by read_apic_id(), i.e, the apicid of the
+         * currently booting-up processor. However, on some platforms,
+         * it is temporarily modified by the apicid reported as BSP
+         * through MP table. Concretely:
+         *
+         * - arch/x86/kernel/mpparse.c: MP_processor_info()
+         * - arch/x86/mm/amdtopology.c: amd_numa_init()
+         *
+         * This function is executed with the modified
+         * boot_cpu_physical_apicid. So, disabled_cpu_apicid kernel
+         * parameter doesn't work to disable APs on kdump 2nd kernel.
+         *
+         * Since fixing handling of boot_cpu_physical_apicid requires
+         * another discussion and tests on each platform, we leave it
+         * for now and here we use read_apic_id() directly in this
+         * function, generic_processor_info().
+         */
+        if (disabled_cpu_apicid != BAD_APICID &&
+            disabled_cpu_apicid != read_apic_id() &&
+            disabled_cpu_apicid == apicid) {
+                int thiscpu = num_processors + disabled_cpus;
+                pr_warning("APIC: Disabling requested cpu."
+                           " Processor %d/0x%x ignored.\n",
+                           thiscpu, apicid);
+                disabled_cpus++;
+                return -ENODEV;
+        }
+        /*
         * If boot cpu has not been detected yet, then only allow upto
         * nr_cpu_ids - 1 processors and keep one slot free for boot cpu
         */
@@ -2592,3 +2638,12 @@ static int __init lapic_insert_resource(void)
 * that is using request_resource
 */
 late_initcall(lapic_insert_resource);
+static int __init apic_set_disabled_cpu_apicid(char *arg)
+{
+        if (!arg || !get_option(&arg, &disabled_cpu_apicid))
+                return -EINVAL;
+        return 0;
+}
+early_param("disable_cpu_apicid", apic_set_disabled_cpu_apicid);
diff --git a/arch/x86/kernel/apic/apic_flat_64.c b/arch/x86/kernel/apic/apic_flat_64.c
index 00c77cf78e9e..7c1b29479513 100644
--- a/arch/x86/kernel/apic/apic_flat_64.c
+++ b/arch/x86/kernel/apic/apic_flat_64.c
@@ -14,16 +14,13 @@
 #include <linux/string.h>
 #include <linux/kernel.h>
 #include <linux/ctype.h>
-#include <linux/init.h>
 #include <linux/hardirq.h>
 #include <linux/module.h>
 #include <asm/smp.h>
 #include <asm/apic.h>
 #include <asm/ipi.h>
-#ifdef CONFIG_ACPI
+#include <linux/acpi.h>
-#include <acpi/acpi_bus.h>
-#endif
 static struct apic apic_physflat;
 static struct apic apic_flat;
@@ -201,7 +198,7 @@ static struct apic apic_flat =  {
        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = NULL,
+        .wait_for_init_deassert         = false,
        .smp_callin_clear_local_apic    = NULL,
        .inquire_remote_apic            = default_inquire_remote_apic,
@@ -317,7 +314,7 @@ static struct apic apic_physflat =  {
        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = NULL,
+        .wait_for_init_deassert         = false,
        .smp_callin_clear_local_apic    = NULL,
        .inquire_remote_apic            = default_inquire_remote_apic,
diff --git a/arch/x86/kernel/apic/apic_noop.c b/arch/x86/kernel/apic/apic_noop.c
index e145f28b4099..8c7c98249c20 100644
--- a/arch/x86/kernel/apic/apic_noop.c
+++ b/arch/x86/kernel/apic/apic_noop.c
@@ -15,7 +15,6 @@
 #include <linux/string.h>
 #include <linux/kernel.h>
 #include <linux/ctype.h>
-#include <linux/init.h>
 #include <linux/errno.h>
 #include <asm/fixmap.h>
 #include <asm/mpspec.h>
@@ -173,8 +172,7 @@ struct apic apic_noop = {
        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = NULL,
+        .wait_for_init_deassert         = false,
        .smp_callin_clear_local_apic    = NULL,
        .inquire_remote_apic            = NULL,
diff --git a/arch/x86/kernel/apic/apic_numachip.c b/arch/x86/kernel/apic/apic_numachip.c
index 3e67f9e3d7ef..a5b45df8bc88 100644
--- a/arch/x86/kernel/apic/apic_numachip.c
+++ b/arch/x86/kernel/apic/apic_numachip.c
@@ -248,7 +248,7 @@ static const struct apic apic_numachip __refconst = {
        .wakeup_secondary_cpu           = numachip_wakeup_secondary,
        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = NULL,
+        .wait_for_init_deassert         = false,
        .smp_callin_clear_local_apic    = NULL,
        .inquire_remote_apic            = NULL, /* REMRD not supported */
diff --git a/arch/x86/kernel/apic/bigsmp_32.c b/arch/x86/kernel/apic/bigsmp_32.c
index d50e3640d5ae..e4840aa7a255 100644
--- a/arch/x86/kernel/apic/bigsmp_32.c
+++ b/arch/x86/kernel/apic/bigsmp_32.c
@@ -199,8 +199,7 @@ static struct apic apic_bigsmp = {
        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = default_wait_for_init_deassert,
+        .wait_for_init_deassert         = true,
        .smp_callin_clear_local_apic    = NULL,
        .inquire_remote_apic            = default_inquire_remote_apic,
diff --git a/arch/x86/kernel/apic/es7000_32.c b/arch/x86/kernel/apic/es7000_32.c
deleted file mode 100644
index c55224731b2d..000000000000
--- a/arch/x86/kernel/apic/es7000_32.c
+++ /dev/null
@@ -1,746 +0,0 @@
-/*
- * Written by: Garry Forsgren, Unisys Corporation
- *             Natalie Protasevich, Unisys Corporation
- *
- * This file contains the code to configure and interface
- * with Unisys ES7000 series hardware system manager.
- *
- * Copyright (c) 2003 Unisys Corporation.
- * Copyright (C) 2009, Red Hat, Inc., Ingo Molnar
- *
- *   All Rights Reserved.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it would be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write the Free Software Foundation, Inc., 59
- * Temple Place - Suite 330, Boston MA 02111-1307, USA.
- *
- * Contact information: Unisys Corporation, Township Line & Union Meeting
- * Roads-A, Unisys Way, Blue Bell, Pennsylvania, 19424, or:
- *
- * http://www.unisys.com
- */
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-#include <linux/notifier.h>
-#include <linux/spinlock.h>
-#include <linux/cpumask.h>
-#include <linux/threads.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/reboot.h>
-#include <linux/string.h>
-#include <linux/types.h>
-#include <linux/errno.h>
-#include <linux/acpi.h>
-#include <linux/init.h>
-#include <linux/gfp.h>
-#include <linux/nmi.h>
-#include <linux/smp.h>
-#include <linux/io.h>
-#include <asm/apicdef.h>
-#include <linux/atomic.h>
-#include <asm/fixmap.h>
-#include <asm/mpspec.h>
-#include <asm/setup.h>
-#include <asm/apic.h>
-#include <asm/ipi.h>
-/*
- * ES7000 chipsets
- */
-#define NON_UNISYS                      0
-#define ES7000_CLASSIC                  1
-#define ES7000_ZORRO                    2
-#define MIP_REG                         1
-#define MIP_PSAI_REG                    4
-#define MIP_BUSY                        1
-#define MIP_SPIN                        0xf0000
-#define MIP_VALID                       0x0100000000000000ULL
-#define MIP_SW_APIC                     0x1020b
-#define MIP_PORT(val)                   ((val >> 32) & 0xffff)
-#define MIP_RD_LO(val)                  (val & 0xffffffff)
-struct mip_reg {
-        unsigned long long              off_0x00;
-        unsigned long long              off_0x08;
-        unsigned long long              off_0x10;
-        unsigned long long              off_0x18;
-        unsigned long long              off_0x20;
-        unsigned long long              off_0x28;
-        unsigned long long              off_0x30;
-        unsigned long long              off_0x38;
-};
-struct mip_reg_info {
-        unsigned long long              mip_info;
-        unsigned long long              delivery_info;
-        unsigned long long              host_reg;
-        unsigned long long              mip_reg;
-};
-struct psai {
-        unsigned long long              entry_type;
-        unsigned long long              addr;
-        unsigned long long              bep_addr;
-};
-#ifdef CONFIG_ACPI
-struct es7000_oem_table {
-        struct acpi_table_header        Header;
-        u32                             OEMTableAddr;
-        u32                             OEMTableSize;
-};
-static unsigned long                    oem_addrX;
-static unsigned long                    oem_size;
-#endif
-/*
- * ES7000 Globals
- */
-static volatile unsigned long           *psai;
-static struct mip_reg                   *mip_reg;
-static struct mip_reg                   *host_reg;
-static int                              mip_port;
-static unsigned long                    mip_addr;
-static unsigned long                    host_addr;
-int                                     es7000_plat;
-/*
- * GSI override for ES7000 platforms.
- */
-static int wakeup_secondary_cpu_via_mip(int cpu, unsigned long eip)
-{
-        unsigned long vect = 0, psaival = 0;
-        if (psai == NULL)
-                return -1;
-        vect = ((unsigned long)__pa(eip)/0x1000) << 16;
-        psaival = (0x1000000 | vect | cpu);
-        while (*psai & 0x1000000)
-                ;
-        *psai = psaival;
-        return 0;
-}
-static int es7000_apic_is_cluster(void)
-{
-        /* MPENTIUMIII */
-        if (boot_cpu_data.x86 == 6 &&
-            (boot_cpu_data.x86_model >= 7 && boot_cpu_data.x86_model <= 11))
-                return 1;
-        return 0;
-}
-static void setup_unisys(void)
-{
-        /*
-         * Determine the generation of the ES7000 currently running.
-         *
-         * es7000_plat = 1 if the machine is a 5xx ES7000 box
-         * es7000_plat = 2 if the machine is a x86_64 ES7000 box
-         *
-         */
-        if (!(boot_cpu_data.x86 <= 15 && boot_cpu_data.x86_model <= 2))
-                es7000_plat = ES7000_ZORRO;
-        else
-                es7000_plat = ES7000_CLASSIC;
-}
-/*
- * Parse the OEM Table:
- */
-static int parse_unisys_oem(char *oemptr)
-{
-        int                     i;
-        int                     success = 0;
-        unsigned char           type, size;
-        unsigned long           val;
-        char                    *tp = NULL;
-        struct psai             *psaip = NULL;
-        struct mip_reg_info     *mi;
-        struct mip_reg          *host, *mip;
-        tp = oemptr;
-        tp += 8;
-        for (i = 0; i <= 6; i++) {
-                type = *tp++;
-                size = *tp++;
-                tp -= 2;
-                switch (type) {
-                case MIP_REG:
-                        mi = (struct mip_reg_info *)tp;
-                        val = MIP_RD_LO(mi->host_reg);
-                        host_addr = val;
-                        host = (struct mip_reg *)val;
-                        host_reg = __va(host);
-                        val = MIP_RD_LO(mi->mip_reg);
-                        mip_port = MIP_PORT(mi->mip_info);
-                        mip_addr = val;
-                        mip = (struct mip_reg *)val;
-                        mip_reg = __va(mip);
-                        pr_debug("host_reg = 0x%lx\n",
-                                 (unsigned long)host_reg);
-                        pr_debug("mip_reg = 0x%lx\n",
-                                 (unsigned long)mip_reg);
-                        success++;
-                        break;
-                case MIP_PSAI_REG:
-                        psaip = (struct psai *)tp;
-                        if (tp != NULL) {
-                                if (psaip->addr)
-                                        psai = __va(psaip->addr);
-                                else
-                                        psai = NULL;
-                                success++;
-                        }
-                        break;
-                default:
-                        break;
-                }
-                tp += size;
-        }
-        if (success < 2)
-                es7000_plat = NON_UNISYS;
-        else
-                setup_unisys();
-        return es7000_plat;
-}
-#ifdef CONFIG_ACPI
-static int __init find_unisys_acpi_oem_table(unsigned long *oem_addr)
-{
-        struct acpi_table_header *header = NULL;
-        struct es7000_oem_table *table;
-        acpi_size tbl_size;
-        acpi_status ret;
-        int i = 0;
-        for (;;) {
-                ret = acpi_get_table_with_size("OEM1", i++, &header, &tbl_size);
-                if (!ACPI_SUCCESS(ret))
-                        return -1;
-                if (!memcmp((char *) &header->oem_id, "UNISYS", 6))
-                        break;
-                early_acpi_os_unmap_memory(header, tbl_size);
-        }
-        table = (void *)header;
-        oem_addrX       = table->OEMTableAddr;
-        oem_size        = table->OEMTableSize;
-        early_acpi_os_unmap_memory(header, tbl_size);
-        *oem_addr       = (unsigned long)__acpi_map_table(oem_addrX, oem_size);
-        return 0;
-}
-static void __init unmap_unisys_acpi_oem_table(unsigned long oem_addr)
-{
-        if (!oem_addr)
-                return;
-        __acpi_unmap_table((char *)oem_addr, oem_size);
-}
-static int es7000_check_dsdt(void)
-{
-        struct acpi_table_header header;
-        if (ACPI_SUCCESS(acpi_get_table_header(ACPI_SIG_DSDT, 0, &header)) &&
-            !strncmp(header.oem_id, "UNISYS", 6))
-                return 1;
-        return 0;
-}
-static int es7000_acpi_ret;
-/* Hook from generic ACPI tables.c */
-static int __init es7000_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
-{
-        unsigned long oem_addr = 0;
-        int check_dsdt;
-        int ret = 0;
-        /* check dsdt at first to avoid clear fix_map for oem_addr */
-        check_dsdt = es7000_check_dsdt();
-        if (!find_unisys_acpi_oem_table(&oem_addr)) {
-                if (check_dsdt) {
-                        ret = parse_unisys_oem((char *)oem_addr);
-                } else {
-                        setup_unisys();
-                        ret = 1;
-                }
-                /*
-                 * we need to unmap it
-                 */
-                unmap_unisys_acpi_oem_table(oem_addr);
-        }
-        es7000_acpi_ret = ret;
-        return ret && !es7000_apic_is_cluster();
-}
-static int es7000_acpi_madt_oem_check_cluster(char *oem_id, char *oem_table_id)
-{
-        int ret = es7000_acpi_ret;
-        return ret && es7000_apic_is_cluster();
-}
-#else /* !CONFIG_ACPI: */
-static int es7000_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
-{
-        return 0;
-}
-static int es7000_acpi_madt_oem_check_cluster(char *oem_id, char *oem_table_id)
-{
-        return 0;
-}
-#endif /* !CONFIG_ACPI */
-static void es7000_spin(int n)
-{
-        int i = 0;
-        while (i++ < n)
-                rep_nop();
-}
-static int es7000_mip_write(struct mip_reg *mip_reg)
-{
-        int status = 0;
-        int spin;
-        spin = MIP_SPIN;
-        while ((host_reg->off_0x38 & MIP_VALID) != 0) {
-                if (--spin <= 0) {
-                        WARN(1, "Timeout waiting for Host Valid Flag\n");
-                        return -1;
-                }
-                es7000_spin(MIP_SPIN);
-        }
-        memcpy(host_reg, mip_reg, sizeof(struct mip_reg));
-        outb(1, mip_port);
-        spin = MIP_SPIN;
-        while ((mip_reg->off_0x38 & MIP_VALID) == 0) {
-                if (--spin <= 0) {
-                        WARN(1, "Timeout waiting for MIP Valid Flag\n");
-                        return -1;
-                }
-                es7000_spin(MIP_SPIN);
-        }
-        status = (mip_reg->off_0x00 & 0xffff0000000000ULL) >> 48;
-        mip_reg->off_0x38 &= ~MIP_VALID;
-        return status;
-}
-static void es7000_enable_apic_mode(void)
-{
-        struct mip_reg es7000_mip_reg;
-        int mip_status;
-        if (!es7000_plat)
-                return;
-        pr_info("Enabling APIC mode.\n");
-        memset(&es7000_mip_reg, 0, sizeof(struct mip_reg));
-        es7000_mip_reg.off_0x00 = MIP_SW_APIC;
-        es7000_mip_reg.off_0x38 = MIP_VALID;
-        while ((mip_status = es7000_mip_write(&es7000_mip_reg)) != 0)
-                WARN(1, "Command failed, status = %x\n", mip_status);
-}
-static void es7000_wait_for_init_deassert(atomic_t *deassert)
-{
-        while (!atomic_read(deassert))
-                cpu_relax();
-}
-static unsigned int es7000_get_apic_id(unsigned long x)
-{
-        return (x >> 24) & 0xFF;
-}
-static void es7000_send_IPI_mask(const struct cpumask *mask, int vector)
-{
-        default_send_IPI_mask_sequence_phys(mask, vector);
-}
-static void es7000_send_IPI_allbutself(int vector)
-{
-        default_send_IPI_mask_allbutself_phys(cpu_online_mask, vector);
-}
-static void es7000_send_IPI_all(int vector)
-{
-        es7000_send_IPI_mask(cpu_online_mask, vector);
-}
-static int es7000_apic_id_registered(void)
-{
-        return 1;
-}
-static const struct cpumask *target_cpus_cluster(void)
-{
-        return cpu_all_mask;
-}
-static const struct cpumask *es7000_target_cpus(void)
-{
-        return cpumask_of(smp_processor_id());
-}
-static unsigned long es7000_check_apicid_used(physid_mask_t *map, int apicid)
-{
-        return 0;
-}
-static unsigned long es7000_check_apicid_present(int bit)
-{
-        return physid_isset(bit, phys_cpu_present_map);
-}
-static int es7000_early_logical_apicid(int cpu)
-{
-        /* on es7000, logical apicid is the same as physical */
-        return early_per_cpu(x86_bios_cpu_apicid, cpu);
-}
-static unsigned long calculate_ldr(int cpu)
-{
-        unsigned long id = per_cpu(x86_bios_cpu_apicid, cpu);
-        return SET_APIC_LOGICAL_ID(id);
-}
-/*
- * Set up the logical destination ID.
- *
- * Intel recommends to set DFR, LdR and TPR before enabling
- * an APIC.  See e.g. "AP-388 82489DX User's Manual" (Intel
- * document number 292116).  So here it goes...
- */
-static void es7000_init_apic_ldr_cluster(void)
-{
-        unsigned long val;
-        int cpu = smp_processor_id();
-        apic_write(APIC_DFR, APIC_DFR_CLUSTER);
-        val = calculate_ldr(cpu);
-        apic_write(APIC_LDR, val);
-}
-static void es7000_init_apic_ldr(void)
-{
-        unsigned long val;
-        int cpu = smp_processor_id();
-        apic_write(APIC_DFR, APIC_DFR_FLAT);
-        val = calculate_ldr(cpu);
-        apic_write(APIC_LDR, val);
-}
-static void es7000_setup_apic_routing(void)
-{
-        int apic = per_cpu(x86_bios_cpu_apicid, smp_processor_id());
-        pr_info("Enabling APIC mode:  %s. Using %d I/O APICs, target cpus %lx\n",
-                (apic_version[apic] == 0x14) ?
-                        "Physical Cluster" : "Logical Cluster",
-                nr_ioapics, cpumask_bits(es7000_target_cpus())[0]);
-}
-static int es7000_cpu_present_to_apicid(int mps_cpu)
-{
-        if (!mps_cpu)
-                return boot_cpu_physical_apicid;
-        else if (mps_cpu < nr_cpu_ids)
-                return per_cpu(x86_bios_cpu_apicid, mps_cpu);
-        else
-                return BAD_APICID;
-}
-static int cpu_id;
-static void es7000_apicid_to_cpu_present(int phys_apicid, physid_mask_t *retmap)
-{
-        physid_set_mask_of_physid(cpu_id, retmap);
-        ++cpu_id;
-}
-static void es7000_ioapic_phys_id_map(physid_mask_t *phys_map, physid_mask_t *retmap)
-{
-        /* For clustered we don't have a good way to do this yet - hack */
-        physids_promote(0xFFL, retmap);
-}
-static int es7000_check_phys_apicid_present(int cpu_physical_apicid)
-{
-        boot_cpu_physical_apicid = read_apic_id();
-        return 1;
-}
-static inline int
-es7000_cpu_mask_to_apicid(const struct cpumask *cpumask, unsigned int *dest_id)
-{
-        unsigned int round = 0;
-        unsigned int cpu, uninitialized_var(apicid);
-        /*
-         * The cpus in the mask must all be on the apic cluster.
-         */
-        for_each_cpu_and(cpu, cpumask, cpu_online_mask) {
-                int new_apicid = early_per_cpu(x86_cpu_to_logical_apicid, cpu);
-                if (round && APIC_CLUSTER(apicid) != APIC_CLUSTER(new_apicid)) {
-                        WARN(1, "Not a valid mask!");
-                        return -EINVAL;
-                }
-                apicid |= new_apicid;
-                round++;
-        }
-        if (!round)
-                return -EINVAL;
-        *dest_id = apicid;
-        return 0;
-}
-static int
-es7000_cpu_mask_to_apicid_and(const struct cpumask *inmask,
-                              const struct cpumask *andmask,
-                              unsigned int *apicid)
-{
-        cpumask_var_t cpumask;
-        *apicid = early_per_cpu(x86_cpu_to_logical_apicid, 0);
-        if (!alloc_cpumask_var(&cpumask, GFP_ATOMIC))
-                return 0;
-        cpumask_and(cpumask, inmask, andmask);
-        es7000_cpu_mask_to_apicid(cpumask, apicid);
-        free_cpumask_var(cpumask);
-        return 0;
-}
-static int es7000_phys_pkg_id(int cpuid_apic, int index_msb)
-{
-        return cpuid_apic >> index_msb;
-}
-static int probe_es7000(void)
-{
-        /* probed later in mptable/ACPI hooks */
-        return 0;
-}
-static int es7000_mps_ret;
-static int es7000_mps_oem_check(struct mpc_table *mpc, char *oem,
-                char *productid)
-{
-        int ret = 0;
-        if (mpc->oemptr) {
-                struct mpc_oemtable *oem_table =
-                        (struct mpc_oemtable *)mpc->oemptr;
-                if (!strncmp(oem, "UNISYS", 6))
-                        ret = parse_unisys_oem((char *)oem_table);
-        }
-        es7000_mps_ret = ret;
-        return ret && !es7000_apic_is_cluster();
-}
-static int es7000_mps_oem_check_cluster(struct mpc_table *mpc, char *oem,
-                char *productid)
-{
-        int ret = es7000_mps_ret;
-        return ret && es7000_apic_is_cluster();
-}
-/* We've been warned by a false positive warning.Use __refdata to keep calm. */
-static struct apic __refdata apic_es7000_cluster = {
-        .name                           = "es7000",
-        .probe                          = probe_es7000,
-        .acpi_madt_oem_check            = es7000_acpi_madt_oem_check_cluster,
-        .apic_id_valid                  = default_apic_id_valid,
-        .apic_id_registered             = es7000_apic_id_registered,
-        .irq_delivery_mode              = dest_LowestPrio,
-        /* logical delivery broadcast to all procs: */
-        .irq_dest_mode                  = 1,
-        .target_cpus                    = target_cpus_cluster,
-        .disable_esr                    = 1,
-        .dest_logical                   = 0,
-        .check_apicid_used              = es7000_check_apicid_used,
-        .check_apicid_present           = es7000_check_apicid_present,
-        .vector_allocation_domain       = flat_vector_allocation_domain,
-        .init_apic_ldr                  = es7000_init_apic_ldr_cluster,
-        .ioapic_phys_id_map             = es7000_ioapic_phys_id_map,
-        .setup_apic_routing             = es7000_setup_apic_routing,
-        .multi_timer_check              = NULL,
-        .cpu_present_to_apicid          = es7000_cpu_present_to_apicid,
-        .apicid_to_cpu_present          = es7000_apicid_to_cpu_present,
-        .setup_portio_remap             = NULL,
-        .check_phys_apicid_present      = es7000_check_phys_apicid_present,
-        .enable_apic_mode               = es7000_enable_apic_mode,
-        .phys_pkg_id                    = es7000_phys_pkg_id,
-        .mps_oem_check                  = es7000_mps_oem_check_cluster,
-        .get_apic_id                    = es7000_get_apic_id,
-        .set_apic_id                    = NULL,
-        .apic_id_mask                   = 0xFF << 24,
-        .cpu_mask_to_apicid_and         = es7000_cpu_mask_to_apicid_and,
-        .send_IPI_mask                  = es7000_send_IPI_mask,
-        .send_IPI_mask_allbutself       = NULL,
-        .send_IPI_allbutself            = es7000_send_IPI_allbutself,
-        .send_IPI_all                   = es7000_send_IPI_all,
-        .send_IPI_self                  = default_send_IPI_self,
-        .wakeup_secondary_cpu           = wakeup_secondary_cpu_via_mip,
-        .trampoline_phys_low            = 0x467,
-        .trampoline_phys_high           = 0x469,
-        .wait_for_init_deassert         = NULL,
-        /* Nothing to do for most platforms, since cleared by the INIT cycle: */
-        .smp_callin_clear_local_apic    = NULL,
-        .inquire_remote_apic            = default_inquire_remote_apic,
-        .read                           = native_apic_mem_read,
-        .write                          = native_apic_mem_write,
-        .eoi_write                      = native_apic_mem_write,
-        .icr_read                       = native_apic_icr_read,
-        .icr_write                      = native_apic_icr_write,
-        .wait_icr_idle                  = native_apic_wait_icr_idle,
-        .safe_wait_icr_idle             = native_safe_apic_wait_icr_idle,
-        .x86_32_early_logical_apicid    = es7000_early_logical_apicid,
-};
-static struct apic __refdata apic_es7000 = {
-        .name                           = "es7000",
-        .probe                          = probe_es7000,
-        .acpi_madt_oem_check            = es7000_acpi_madt_oem_check,
-        .apic_id_valid                  = default_apic_id_valid,
-        .apic_id_registered             = es7000_apic_id_registered,
-        .irq_delivery_mode              = dest_Fixed,
-        /* phys delivery to target CPUs: */
-        .irq_dest_mode                  = 0,
-        .target_cpus                    = es7000_target_cpus,
-        .disable_esr                    = 1,
-        .dest_logical                   = 0,
-        .check_apicid_used              = es7000_check_apicid_used,
-        .check_apicid_present           = es7000_check_apicid_present,
-        .vector_allocation_domain       = flat_vector_allocation_domain,
-        .init_apic_ldr                  = es7000_init_apic_ldr,
-        .ioapic_phys_id_map             = es7000_ioapic_phys_id_map,
-        .setup_apic_routing             = es7000_setup_apic_routing,
-        .multi_timer_check              = NULL,
-        .cpu_present_to_apicid          = es7000_cpu_present_to_apicid,
-        .apicid_to_cpu_present          = es7000_apicid_to_cpu_present,
-        .setup_portio_remap             = NULL,
-        .check_phys_apicid_present      = es7000_check_phys_apicid_present,
-        .enable_apic_mode               = es7000_enable_apic_mode,
-        .phys_pkg_id                    = es7000_phys_pkg_id,
-        .mps_oem_check                  = es7000_mps_oem_check,
-        .get_apic_id                    = es7000_get_apic_id,
-        .set_apic_id                    = NULL,
-        .apic_id_mask                   = 0xFF << 24,
-        .cpu_mask_to_apicid_and         = es7000_cpu_mask_to_apicid_and,
-        .send_IPI_mask                  = es7000_send_IPI_mask,
-        .send_IPI_mask_allbutself       = NULL,
-        .send_IPI_allbutself            = es7000_send_IPI_allbutself,
-        .send_IPI_all                   = es7000_send_IPI_all,
-        .send_IPI_self                  = default_send_IPI_self,
-        .trampoline_phys_low            = 0x467,
-        .trampoline_phys_high           = 0x469,
-        .wait_for_init_deassert         = es7000_wait_for_init_deassert,
-        /* Nothing to do for most platforms, since cleared by the INIT cycle: */
-        .smp_callin_clear_local_apic    = NULL,
-        .inquire_remote_apic            = default_inquire_remote_apic,
-        .read                           = native_apic_mem_read,
-        .write                          = native_apic_mem_write,
-        .eoi_write                      = native_apic_mem_write,
-        .icr_read                       = native_apic_icr_read,
-        .icr_write                      = native_apic_icr_write,
-        .wait_icr_idle                  = native_apic_wait_icr_idle,
-        .safe_wait_icr_idle             = native_safe_apic_wait_icr_idle,
-        .x86_32_early_logical_apicid    = es7000_early_logical_apicid,
-};
-/*
- * Need to check for es7000 followed by es7000_cluster, so this order
- * in apic_drivers is important.
- */
-apic_drivers(apic_es7000, apic_es7000_cluster);
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index e63a5bd2a78f..6ad4658de705 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -37,9 +37,6 @@
 #include <linux/kthread.h>
 #include <linux/jiffies.h>      /* time_after() */
 #include <linux/slab.h>
-#ifdef CONFIG_ACPI
-#include <acpi/acpi_bus.h>
-#endif
 #include <linux/bootmem.h>
 #include <linux/dmar.h>
 #include <linux/hpet.h>
@@ -1142,9 +1139,10 @@ next:
                if (test_bit(vector, used_vectors))
                        goto next;
-                for_each_cpu_and(new_cpu, tmp_mask, cpu_online_mask)
+                for_each_cpu_and(new_cpu, tmp_mask, cpu_online_mask) {
-                        if (per_cpu(vector_irq, new_cpu)[vector] != -1)
+                        if (per_cpu(vector_irq, new_cpu)[vector] > VECTOR_UNDEFINED)
                                goto next;
+                }
                /* Found one! */
                current_vector = vector;
                current_offset = offset;
@@ -1183,7 +1181,7 @@ static void __clear_irq_vector(int irq, struct irq_cfg *cfg)
        vector = cfg->vector;
        for_each_cpu_and(cpu, cfg->domain, cpu_online_mask)
-                per_cpu(vector_irq, cpu)[vector] = -1;
+                per_cpu(vector_irq, cpu)[vector] = VECTOR_UNDEFINED;
        cfg->vector = 0;
        cpumask_clear(cfg->domain);
@@ -1191,11 +1189,10 @@ static void __clear_irq_vector(int irq, struct irq_cfg *cfg)
        if (likely(!cfg->move_in_progress))
                return;
        for_each_cpu_and(cpu, cfg->old_domain, cpu_online_mask) {
-                for (vector = FIRST_EXTERNAL_VECTOR; vector < NR_VECTORS;
+                for (vector = FIRST_EXTERNAL_VECTOR; vector < NR_VECTORS; vector++) {
-                                                                vector++) {
                        if (per_cpu(vector_irq, cpu)[vector] != irq)
                                continue;
-                        per_cpu(vector_irq, cpu)[vector] = -1;
+                        per_cpu(vector_irq, cpu)[vector] = VECTOR_UNDEFINED;
                        break;
                }
        }
@@ -1228,12 +1225,12 @@ void __setup_vector_irq(int cpu)
        /* Mark the free vectors */
        for (vector = 0; vector < NR_VECTORS; ++vector) {
                irq = per_cpu(vector_irq, cpu)[vector];
-                if (irq < 0)
+                if (irq <= VECTOR_UNDEFINED)
                        continue;
                cfg = irq_cfg(irq);
                if (!cpumask_test_cpu(cpu, cfg->domain))
-                        per_cpu(vector_irq, cpu)[vector] = -1;
+                        per_cpu(vector_irq, cpu)[vector] = VECTOR_UNDEFINED;
        }
        raw_spin_unlock(&vector_lock);
 }
@@ -2202,13 +2199,13 @@ asmlinkage void smp_irq_move_cleanup_interrupt(void)
        me = smp_processor_id();
        for (vector = FIRST_EXTERNAL_VECTOR; vector < NR_VECTORS; vector++) {
-                unsigned int irq;
+                int irq;
                unsigned int irr;
                struct irq_desc *desc;
                struct irq_cfg *cfg;
                irq = __this_cpu_read(vector_irq[vector]);
-                if (irq == -1)
+                if (irq <= VECTOR_UNDEFINED)
                        continue;
                desc = irq_to_desc(irq);
diff --git a/arch/x86/kernel/apic/ipi.c b/arch/x86/kernel/apic/ipi.c
index 7434d8556d09..62071569bd50 100644
--- a/arch/x86/kernel/apic/ipi.c
+++ b/arch/x86/kernel/apic/ipi.c
@@ -1,6 +1,5 @@
 #include <linux/cpumask.h>
 #include <linux/interrupt.h>
-#include <linux/init.h>
 #include <linux/mm.h>
 #include <linux/delay.h>
diff --git a/arch/x86/kernel/apic/numaq_32.c b/arch/x86/kernel/apic/numaq_32.c
deleted file mode 100644
index 1e42e8f305ee..000000000000
--- a/arch/x86/kernel/apic/numaq_32.c
+++ /dev/null
@@ -1,525 +0,0 @@
-/*
- * Written by: Patricia Gaughen, IBM Corporation
- *
- * Copyright (C) 2002, IBM Corp.
- * Copyright (C) 2009, Red Hat, Inc., Ingo Molnar
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
- * NON INFRINGEMENT.  See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Send feedback to <gone@us.ibm.com>
- */
-#include <linux/nodemask.h>
-#include <linux/topology.h>
-#include <linux/bootmem.h>
-#include <linux/memblock.h>
-#include <linux/threads.h>
-#include <linux/cpumask.h>
-#include <linux/kernel.h>
-#include <linux/mmzone.h>
-#include <linux/module.h>
-#include <linux/string.h>
-#include <linux/init.h>
-#include <linux/numa.h>
-#include <linux/smp.h>
-#include <linux/io.h>
-#include <linux/mm.h>
-#include <asm/processor.h>
-#include <asm/fixmap.h>
-#include <asm/mpspec.h>
-#include <asm/numaq.h>
-#include <asm/setup.h>
-#include <asm/apic.h>
-#include <asm/e820.h>
-#include <asm/ipi.h>
-int found_numaq;
-/*
- * Have to match translation table entries to main table entries by counter
- * hence the mpc_record variable .... can't see a less disgusting way of
- * doing this ....
- */
-struct mpc_trans {
-        unsigned char                   mpc_type;
-        unsigned char                   trans_len;
-        unsigned char                   trans_type;
-        unsigned char                   trans_quad;
-        unsigned char                   trans_global;
-        unsigned char                   trans_local;
-        unsigned short                  trans_reserved;
-};
-static int                              mpc_record;
-static struct mpc_trans                 *translation_table[MAX_MPC_ENTRY];
-int                                     mp_bus_id_to_node[MAX_MP_BUSSES];
-int                                     mp_bus_id_to_local[MAX_MP_BUSSES];
-int                                     quad_local_to_mp_bus_id[NR_CPUS/4][4];
-static inline void numaq_register_node(int node, struct sys_cfg_data *scd)
-{
-        struct eachquadmem *eq = scd->eq + node;
-        u64 start = (u64)(eq->hi_shrd_mem_start - eq->priv_mem_size) << 20;
-        u64 end = (u64)(eq->hi_shrd_mem_start + eq->hi_shrd_mem_size) << 20;
-        int ret;
-        node_set(node, numa_nodes_parsed);
-        ret = numa_add_memblk(node, start, end);
-        BUG_ON(ret < 0);
-}
-/*
- * Function: smp_dump_qct()
- *
- * Description: gets memory layout from the quad config table.  This
- * function also updates numa_nodes_parsed with the nodes (quads) present.
- */
-static void __init smp_dump_qct(void)
-{
-        struct sys_cfg_data *scd;
-        int node;
-        scd = (void *)__va(SYS_CFG_DATA_PRIV_ADDR);
-        for_each_node(node) {
-                if (scd->quads_present31_0 & (1 << node))
-                        numaq_register_node(node, scd);
-        }
-}
-void numaq_tsc_disable(void)
-{
-        if (!found_numaq)
-                return;
-        if (num_online_nodes() > 1) {
-                printk(KERN_DEBUG "NUMAQ: disabling TSC\n");
-                setup_clear_cpu_cap(X86_FEATURE_TSC);
-        }
-}
-static void __init numaq_tsc_init(void)
-{
-        numaq_tsc_disable();
-}
-static inline int generate_logical_apicid(int quad, int phys_apicid)
-{
-        return (quad << 4) + (phys_apicid ? phys_apicid << 1 : 1);
-}
-/* x86_quirks member */
-static int mpc_apic_id(struct mpc_cpu *m)
-{
-        int quad = translation_table[mpc_record]->trans_quad;
-        int logical_apicid = generate_logical_apicid(quad, m->apicid);
-        printk(KERN_DEBUG
-                "Processor #%d %u:%u APIC version %d (quad %d, apic %d)\n",
-                 m->apicid, (m->cpufeature & CPU_FAMILY_MASK) >> 8,
-                (m->cpufeature & CPU_MODEL_MASK) >> 4,
-                 m->apicver, quad, logical_apicid);
-        return logical_apicid;
-}
-/* x86_quirks member */
-static void mpc_oem_bus_info(struct mpc_bus *m, char *name)
-{
-        int quad = translation_table[mpc_record]->trans_quad;
-        int local = translation_table[mpc_record]->trans_local;
-        mp_bus_id_to_node[m->busid] = quad;
-        mp_bus_id_to_local[m->busid] = local;
-        printk(KERN_INFO "Bus #%d is %s (node %d)\n", m->busid, name, quad);
-}
-/* x86_quirks member */
-static void mpc_oem_pci_bus(struct mpc_bus *m)
-{
-        int quad = translation_table[mpc_record]->trans_quad;
-        int local = translation_table[mpc_record]->trans_local;
-        quad_local_to_mp_bus_id[quad][local] = m->busid;
-}
-/*
- * Called from mpparse code.
- * mode = 0: prescan
- * mode = 1: one mpc entry scanned
- */
-static void numaq_mpc_record(unsigned int mode)
-{
-        if (!mode)
-                mpc_record = 0;
-        else
-                mpc_record++;
-}
-static void __init MP_translation_info(struct mpc_trans *m)
-{
-        printk(KERN_INFO
-            "Translation: record %d, type %d, quad %d, global %d, local %d\n",
-               mpc_record, m->trans_type, m->trans_quad, m->trans_global,
-               m->trans_local);
-        if (mpc_record >= MAX_MPC_ENTRY)
-                printk(KERN_ERR "MAX_MPC_ENTRY exceeded!\n");
-        else
-                translation_table[mpc_record] = m; /* stash this for later */
-        if (m->trans_quad < MAX_NUMNODES && !node_online(m->trans_quad))
-                node_set_online(m->trans_quad);
-}
-static int __init mpf_checksum(unsigned char *mp, int len)
-{
-        int sum = 0;
-        while (len--)
-                sum += *mp++;
-        return sum & 0xFF;
-}
-/*
- * Read/parse the MPC oem tables
- */
-static void __init smp_read_mpc_oem(struct mpc_table *mpc)
-{
-        struct mpc_oemtable *oemtable = (void *)(long)mpc->oemptr;
-        int count = sizeof(*oemtable);  /* the header size */
-        unsigned char *oemptr = ((unsigned char *)oemtable) + count;
-        mpc_record = 0;
-        printk(KERN_INFO
-                "Found an OEM MPC table at %8p - parsing it...\n", oemtable);
-        if (memcmp(oemtable->signature, MPC_OEM_SIGNATURE, 4)) {
-                printk(KERN_WARNING
-                       "SMP mpc oemtable: bad signature [%c%c%c%c]!\n",
-                       oemtable->signature[0], oemtable->signature[1],
-                       oemtable->signature[2], oemtable->signature[3]);
-                return;
-        }
-        if (mpf_checksum((unsigned char *)oemtable, oemtable->length)) {
-                printk(KERN_WARNING "SMP oem mptable: checksum error!\n");
-                return;
-        }
-        while (count < oemtable->length) {
-                switch (*oemptr) {
-                case MP_TRANSLATION:
-                        {
-                                struct mpc_trans *m = (void *)oemptr;
-                                MP_translation_info(m);
-                                oemptr += sizeof(*m);
-                                count += sizeof(*m);
-                                ++mpc_record;
-                                break;
-                        }
-                default:
-                        printk(KERN_WARNING
-                               "Unrecognised OEM table entry type! - %d\n",
-                               (int)*oemptr);
-                        return;
-                }
-        }
-}
-static __init void early_check_numaq(void)
-{
-        /*
-         * get boot-time SMP configuration:
-         */
-        if (smp_found_config)
-                early_get_smp_config();
-        if (found_numaq) {
-                x86_init.mpparse.mpc_record = numaq_mpc_record;
-                x86_init.mpparse.setup_ioapic_ids = x86_init_noop;
-                x86_init.mpparse.mpc_apic_id = mpc_apic_id;
-                x86_init.mpparse.smp_read_mpc_oem = smp_read_mpc_oem;
-                x86_init.mpparse.mpc_oem_pci_bus = mpc_oem_pci_bus;
-                x86_init.mpparse.mpc_oem_bus_info = mpc_oem_bus_info;
-                x86_init.timers.tsc_pre_init = numaq_tsc_init;
-                x86_init.pci.init = pci_numaq_init;
-        }
-}
-int __init numaq_numa_init(void)
-{
-        early_check_numaq();
-        if (!found_numaq)
-                return -ENOENT;
-        smp_dump_qct();
-        return 0;
-}
-#define NUMAQ_APIC_DFR_VALUE    (APIC_DFR_CLUSTER)
-static inline unsigned int numaq_get_apic_id(unsigned long x)
-{
-        return (x >> 24) & 0x0F;
-}
-static inline void numaq_send_IPI_mask(const struct cpumask *mask, int vector)
-{
-        default_send_IPI_mask_sequence_logical(mask, vector);
-}
-static inline void numaq_send_IPI_allbutself(int vector)
-{
-        default_send_IPI_mask_allbutself_logical(cpu_online_mask, vector);
-}
-static inline void numaq_send_IPI_all(int vector)
-{
-        numaq_send_IPI_mask(cpu_online_mask, vector);
-}
-#define NUMAQ_TRAMPOLINE_PHYS_LOW       (0x8)
-#define NUMAQ_TRAMPOLINE_PHYS_HIGH      (0xa)
-/*
- * Because we use NMIs rather than the INIT-STARTUP sequence to
- * bootstrap the CPUs, the APIC may be in a weird state. Kick it:
- */
-static inline void numaq_smp_callin_clear_local_apic(void)
-{
-        clear_local_APIC();
-}
-static inline const struct cpumask *numaq_target_cpus(void)
-{
-        return cpu_all_mask;
-}
-static unsigned long numaq_check_apicid_used(physid_mask_t *map, int apicid)
-{
-        return physid_isset(apicid, *map);
-}
-static inline unsigned long numaq_check_apicid_present(int bit)
-{
-        return physid_isset(bit, phys_cpu_present_map);
-}
-static inline int numaq_apic_id_registered(void)
-{
-        return 1;
-}
-static inline void numaq_init_apic_ldr(void)
-{
-        /* Already done in NUMA-Q firmware */
-}
-static inline void numaq_setup_apic_routing(void)
-{
-        printk(KERN_INFO
-                "Enabling APIC mode:  NUMA-Q.  Using %d I/O APICs\n",
-                nr_ioapics);
-}
-/*
- * Skip adding the timer int on secondary nodes, which causes
- * a small but painful rift in the time-space continuum.
- */
-static inline int numaq_multi_timer_check(int apic, int irq)
-{
-        return apic != 0 && irq == 0;
-}
-static inline void numaq_ioapic_phys_id_map(physid_mask_t *phys_map, physid_mask_t *retmap)
-{
-        /* We don't have a good way to do this yet - hack */
-        return physids_promote(0xFUL, retmap);
-}
-/*
- * Supporting over 60 cpus on NUMA-Q requires a locality-dependent
- * cpu to APIC ID relation to properly interact with the intelligent
- * mode of the cluster controller.
- */
-static inline int numaq_cpu_present_to_apicid(int mps_cpu)
-{
-        if (mps_cpu < 60)
-                return ((mps_cpu >> 2) << 4) | (1 << (mps_cpu & 0x3));
-        else
-                return BAD_APICID;
-}
-static inline int numaq_apicid_to_node(int logical_apicid)
-{
-        return logical_apicid >> 4;
-}
-static int numaq_numa_cpu_node(int cpu)
-{
-        int logical_apicid = early_per_cpu(x86_cpu_to_logical_apicid, cpu);
-        if (logical_apicid != BAD_APICID)
-                return numaq_apicid_to_node(logical_apicid);
-        return NUMA_NO_NODE;
-}
-static void numaq_apicid_to_cpu_present(int logical_apicid, physid_mask_t *retmap)
-{
-        int node = numaq_apicid_to_node(logical_apicid);
-        int cpu = __ffs(logical_apicid & 0xf);
-        physid_set_mask_of_physid(cpu + 4*node, retmap);
-}
-/* Where the IO area was mapped on multiquad, always 0 otherwise */
-void *xquad_portio;
-static inline int numaq_check_phys_apicid_present(int phys_apicid)
-{
-        return 1;
-}
-/*
- * We use physical apicids here, not logical, so just return the default
- * physical broadcast to stop people from breaking us
- */
-static int
-numaq_cpu_mask_to_apicid_and(const struct cpumask *cpumask,
-                             const struct cpumask *andmask,
-                             unsigned int *apicid)
-{
-        *apicid = 0x0F;
-        return 0;
-}
-/* No NUMA-Q box has a HT CPU, but it can't hurt to use the default code. */
-static inline int numaq_phys_pkg_id(int cpuid_apic, int index_msb)
-{
-        return cpuid_apic >> index_msb;
-}
-static int
-numaq_mps_oem_check(struct mpc_table *mpc, char *oem, char *productid)
-{
-        if (strncmp(oem, "IBM NUMA", 8))
-                printk(KERN_ERR "Warning! Not a NUMA-Q system!\n");
-        else
-                found_numaq = 1;
-        return found_numaq;
-}
-static int probe_numaq(void)
-{
-        /* already know from get_memcfg_numaq() */
-        return found_numaq;
-}
-static void numaq_setup_portio_remap(void)
-{
-        int num_quads = num_online_nodes();
-        if (num_quads <= 1)
-                return;
-        printk(KERN_INFO
-                "Remapping cross-quad port I/O for %d quads\n", num_quads);
-        xquad_portio = ioremap(XQUAD_PORTIO_BASE, num_quads*XQUAD_PORTIO_QUAD);
-        printk(KERN_INFO
-                "xquad_portio vaddr 0x%08lx, len %08lx\n",
-                (u_long) xquad_portio, (u_long) num_quads*XQUAD_PORTIO_QUAD);
-}
-/* Use __refdata to keep false positive warning calm.  */
-static struct apic __refdata apic_numaq = {
-        .name                           = "NUMAQ",
-        .probe                          = probe_numaq,
-        .acpi_madt_oem_check            = NULL,
-        .apic_id_valid                  = default_apic_id_valid,
-        .apic_id_registered             = numaq_apic_id_registered,
-        .irq_delivery_mode              = dest_LowestPrio,
-        /* physical delivery on LOCAL quad: */
-        .irq_dest_mode                  = 0,
-        .target_cpus                    = numaq_target_cpus,
-        .disable_esr                    = 1,
-        .dest_logical                   = APIC_DEST_LOGICAL,
-        .check_apicid_used              = numaq_check_apicid_used,
-        .check_apicid_present           = numaq_check_apicid_present,
-        .vector_allocation_domain       = flat_vector_allocation_domain,
-        .init_apic_ldr                  = numaq_init_apic_ldr,
-        .ioapic_phys_id_map             = numaq_ioapic_phys_id_map,
-        .setup_apic_routing             = numaq_setup_apic_routing,
-        .multi_timer_check              = numaq_multi_timer_check,
-        .cpu_present_to_apicid          = numaq_cpu_present_to_apicid,
-        .apicid_to_cpu_present          = numaq_apicid_to_cpu_present,
-        .setup_portio_remap             = numaq_setup_portio_remap,
-        .check_phys_apicid_present      = numaq_check_phys_apicid_present,
-        .enable_apic_mode               = NULL,
-        .phys_pkg_id                    = numaq_phys_pkg_id,
-        .mps_oem_check                  = numaq_mps_oem_check,
-        .get_apic_id                    = numaq_get_apic_id,
-        .set_apic_id                    = NULL,
-        .apic_id_mask                   = 0x0F << 24,
-        .cpu_mask_to_apicid_and         = numaq_cpu_mask_to_apicid_and,
-        .send_IPI_mask                  = numaq_send_IPI_mask,
-        .send_IPI_mask_allbutself       = NULL,
-        .send_IPI_allbutself            = numaq_send_IPI_allbutself,
-        .send_IPI_all                   = numaq_send_IPI_all,
-        .send_IPI_self                  = default_send_IPI_self,
-        .wakeup_secondary_cpu           = wakeup_secondary_cpu_via_nmi,
-        .trampoline_phys_low            = NUMAQ_TRAMPOLINE_PHYS_LOW,
-        .trampoline_phys_high           = NUMAQ_TRAMPOLINE_PHYS_HIGH,
-        /* We don't do anything here because we use NMI's to boot instead */
-        .wait_for_init_deassert         = NULL,
-        .smp_callin_clear_local_apic    = numaq_smp_callin_clear_local_apic,
-        .inquire_remote_apic            = NULL,
-        .read                           = native_apic_mem_read,
-        .write                          = native_apic_mem_write,
-        .eoi_write                      = native_apic_mem_write,
-        .icr_read                       = native_apic_icr_read,
-        .icr_write                      = native_apic_icr_write,
-        .wait_icr_idle                  = native_apic_wait_icr_idle,
-        .safe_wait_icr_idle             = native_safe_apic_wait_icr_idle,
-        .x86_32_early_logical_apicid    = noop_x86_32_early_logical_apicid,
-        .x86_32_numa_cpu_node           = numaq_numa_cpu_node,
-};
-apic_driver(apic_numaq);
diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c
index eb35ef9ee63f..cceb352c968c 100644
--- a/arch/x86/kernel/apic/probe_32.c
+++ b/arch/x86/kernel/apic/probe_32.c
@@ -119,8 +119,7 @@ static struct apic apic_default = {
        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = default_wait_for_init_deassert,
+        .wait_for_init_deassert         = true,
        .smp_callin_clear_local_apic    = NULL,
        .inquire_remote_apic            = default_inquire_remote_apic,
diff --git a/arch/x86/kernel/apic/summit_32.c b/arch/x86/kernel/apic/summit_32.c
deleted file mode 100644
index 77c95c0e1bf7..000000000000
--- a/arch/x86/kernel/apic/summit_32.c
+++ /dev/null
@@ -1,552 +0,0 @@
-/*
- * IBM Summit-Specific Code
- *
- * Written By: Matthew Dobson, IBM Corporation
- *
- * Copyright (c) 2003 IBM Corp.
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
- * NON INFRINGEMENT.  See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Send feedback to <colpatch@us.ibm.com>
- *
- */
-#define pr_fmt(fmt) "summit: %s: " fmt, __func__
-#include <linux/mm.h>
-#include <linux/init.h>
-#include <asm/io.h>
-#include <asm/bios_ebda.h>
-/*
- * APIC driver for the IBM "Summit" chipset.
- */
-#include <linux/threads.h>
-#include <linux/cpumask.h>
-#include <asm/mpspec.h>
-#include <asm/apic.h>
-#include <asm/smp.h>
-#include <asm/fixmap.h>
-#include <asm/apicdef.h>
-#include <asm/ipi.h>
-#include <linux/kernel.h>
-#include <linux/string.h>
-#include <linux/gfp.h>
-#include <linux/smp.h>
-static unsigned summit_get_apic_id(unsigned long x)
-{
-        return (x >> 24) & 0xFF;
-}
-static inline void summit_send_IPI_mask(const struct cpumask *mask, int vector)
-{
-        default_send_IPI_mask_sequence_logical(mask, vector);
-}
-static void summit_send_IPI_allbutself(int vector)
-{
-        default_send_IPI_mask_allbutself_logical(cpu_online_mask, vector);
-}
-static void summit_send_IPI_all(int vector)
-{
-        summit_send_IPI_mask(cpu_online_mask, vector);
-}
-#include <asm/tsc.h>
-extern int use_cyclone;
-#ifdef CONFIG_X86_SUMMIT_NUMA
-static void setup_summit(void);
-#else
-static inline void setup_summit(void) {}
-#endif
-static int summit_mps_oem_check(struct mpc_table *mpc, char *oem,
-                char *productid)
-{
-        if (!strncmp(oem, "IBM ENSW", 8) &&
-                        (!strncmp(productid, "VIGIL SMP", 9)
-                         || !strncmp(productid, "EXA", 3)
-                         || !strncmp(productid, "RUTHLESS SMP", 12))){
-                mark_tsc_unstable("Summit based system");
-                use_cyclone = 1; /*enable cyclone-timer*/
-                setup_summit();
-                return 1;
-        }
-        return 0;
-}
-/* Hook from generic ACPI tables.c */
-static int summit_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
-{
-        if (!strncmp(oem_id, "IBM", 3) &&
-            (!strncmp(oem_table_id, "SERVIGIL", 8)
-             || !strncmp(oem_table_id, "EXA", 3))){
-                mark_tsc_unstable("Summit based system");
-                use_cyclone = 1; /*enable cyclone-timer*/
-                setup_summit();
-                return 1;
-        }
-        return 0;
-}
-struct rio_table_hdr {
-        unsigned char version;      /* Version number of this data structure           */
-                                    /* Version 3 adds chassis_num & WP_index           */
-        unsigned char num_scal_dev; /* # of Scalability devices (Twisters for Vigil)   */
-        unsigned char num_rio_dev;  /* # of RIO I/O devices (Cyclones and Winnipegs)   */
-} __attribute__((packed));
-struct scal_detail {
-        unsigned char node_id;      /* Scalability Node ID                             */
-        unsigned long CBAR;         /* Address of 1MB register space                   */
-        unsigned char port0node;    /* Node ID port connected to: 0xFF=None            */
-        unsigned char port0port;    /* Port num port connected to: 0,1,2, or 0xFF=None */
-        unsigned char port1node;    /* Node ID port connected to: 0xFF = None          */
-        unsigned char port1port;    /* Port num port connected to: 0,1,2, or 0xFF=None */
-        unsigned char port2node;    /* Node ID port connected to: 0xFF = None          */
-        unsigned char port2port;    /* Port num port connected to: 0,1,2, or 0xFF=None */
-        unsigned char chassis_num;  /* 1 based Chassis number (1 = boot node)          */
-} __attribute__((packed));
-struct rio_detail {
-        unsigned char node_id;      /* RIO Node ID                                     */
-        unsigned long BBAR;         /* Address of 1MB register space                   */
-        unsigned char type;         /* Type of device                                  */
-        unsigned char owner_id;     /* For WPEG: Node ID of Cyclone that owns this WPEG*/
-                                    /* For CYC:  Node ID of Twister that owns this CYC */
-        unsigned char port0node;    /* Node ID port connected to: 0xFF=None            */
-        unsigned char port0port;    /* Port num port connected to: 0,1,2, or 0xFF=None */
-        unsigned char port1node;    /* Node ID port connected to: 0xFF=None            */
-        unsigned char port1port;    /* Port num port connected to: 0,1,2, or 0xFF=None */
-        unsigned char first_slot;   /* For WPEG: Lowest slot number below this WPEG    */
-                                    /* For CYC:  0                                     */
-        unsigned char status;       /* For WPEG: Bit 0 = 1 : the XAPIC is used         */
-                                    /*                 = 0 : the XAPIC is not used, ie:*/
-                                    /*                     ints fwded to another XAPIC */
-                                    /*           Bits1:7 Reserved                      */
-                                    /* For CYC:  Bits0:7 Reserved                      */
-        unsigned char WP_index;     /* For WPEG: WPEG instance index - lower ones have */
-                                    /*           lower slot numbers/PCI bus numbers    */
-                                    /* For CYC:  No meaning                            */
-        unsigned char chassis_num;  /* 1 based Chassis number                          */
-                                    /* For LookOut WPEGs this field indicates the      */
-                                    /* Expansion Chassis #, enumerated from Boot       */
-                                    /* Node WPEG external port, then Boot Node CYC     */
-                                    /* external port, then Next Vigil chassis WPEG     */
-                                    /* external port, etc.                             */
-                                    /* Shared Lookouts have only 1 chassis number (the */
-                                    /* first one assigned)                             */
-} __attribute__((packed));
-typedef enum {
-        CompatTwister = 0,  /* Compatibility Twister               */
-        AltTwister    = 1,  /* Alternate Twister of internal 8-way */
-        CompatCyclone = 2,  /* Compatibility Cyclone               */
-        AltCyclone    = 3,  /* Alternate Cyclone of internal 8-way */
-        CompatWPEG    = 4,  /* Compatibility WPEG                  */
-        AltWPEG       = 5,  /* Second Planar WPEG                  */
-        LookOutAWPEG  = 6,  /* LookOut WPEG                        */
-        LookOutBWPEG  = 7,  /* LookOut WPEG                        */
-} node_type;
-static inline int is_WPEG(struct rio_detail *rio){
-        return (rio->type == CompatWPEG || rio->type == AltWPEG ||
-                rio->type == LookOutAWPEG || rio->type == LookOutBWPEG);
-}
-#define SUMMIT_APIC_DFR_VALUE   (APIC_DFR_CLUSTER)
-static const struct cpumask *summit_target_cpus(void)
-{
-        /* CPU_MASK_ALL (0xff) has undefined behaviour with
-         * dest_LowestPrio mode logical clustered apic interrupt routing
-         * Just start on cpu 0.  IRQ balancing will spread load
-         */
-        return cpumask_of(0);
-}
-static unsigned long summit_check_apicid_used(physid_mask_t *map, int apicid)
-{
-        return 0;
-}
-/* we don't use the phys_cpu_present_map to indicate apicid presence */
-static unsigned long summit_check_apicid_present(int bit)
-{
-        return 1;
-}
-static int summit_early_logical_apicid(int cpu)
-{
-        int count = 0;
-        u8 my_id = early_per_cpu(x86_cpu_to_apicid, cpu);
-        u8 my_cluster = APIC_CLUSTER(my_id);
-#ifdef CONFIG_SMP
-        u8 lid;
-        int i;
-        /* Create logical APIC IDs by counting CPUs already in cluster. */
-        for (count = 0, i = nr_cpu_ids; --i >= 0; ) {
-                lid = early_per_cpu(x86_cpu_to_logical_apicid, i);
-                if (lid != BAD_APICID && APIC_CLUSTER(lid) == my_cluster)
-                        ++count;
-        }
-#endif
-        /* We only have a 4 wide bitmap in cluster mode.  If a deranged
-         * BIOS puts 5 CPUs in one APIC cluster, we're hosed. */
-        BUG_ON(count >= XAPIC_DEST_CPUS_SHIFT);
-        return my_cluster | (1UL << count);
-}
-static void summit_init_apic_ldr(void)
-{
-        int cpu = smp_processor_id();
-        unsigned long id = early_per_cpu(x86_cpu_to_logical_apicid, cpu);
-        unsigned long val;
-        apic_write(APIC_DFR, SUMMIT_APIC_DFR_VALUE);
-        val = apic_read(APIC_LDR) & ~APIC_LDR_MASK;
-        val |= SET_APIC_LOGICAL_ID(id);
-        apic_write(APIC_LDR, val);
-}
-static int summit_apic_id_registered(void)
-{
-        return 1;
-}
-static void summit_setup_apic_routing(void)
-{
-        pr_info("Enabling APIC mode:  Summit.  Using %d I/O APICs\n",
-                nr_ioapics);
-}
-static int summit_cpu_present_to_apicid(int mps_cpu)
-{
-        if (mps_cpu < nr_cpu_ids)
-                return (int)per_cpu(x86_bios_cpu_apicid, mps_cpu);
-        else
-                return BAD_APICID;
-}
-static void summit_ioapic_phys_id_map(physid_mask_t *phys_id_map, physid_mask_t *retmap)
-{
-        /* For clustered we don't have a good way to do this yet - hack */
-        physids_promote(0x0FL, retmap);
-}
-static void summit_apicid_to_cpu_present(int apicid, physid_mask_t *retmap)
-{
-        physid_set_mask_of_physid(0, retmap);
-}
-static int summit_check_phys_apicid_present(int physical_apicid)
-{
-        return 1;
-}
-static inline int
-summit_cpu_mask_to_apicid(const struct cpumask *cpumask, unsigned int *dest_id)
-{
-        unsigned int round = 0;
-        unsigned int cpu, apicid = 0;
-        /*
-         * The cpus in the mask must all be on the apic cluster.
-         */
-        for_each_cpu_and(cpu, cpumask, cpu_online_mask) {
-                int new_apicid = early_per_cpu(x86_cpu_to_logical_apicid, cpu);
-                if (round && APIC_CLUSTER(apicid) != APIC_CLUSTER(new_apicid)) {
-                        pr_err("Not a valid mask!\n");
-                        return -EINVAL;
-                }
-                apicid |= new_apicid;
-                round++;
-        }
-        if (!round)
-                return -EINVAL;
-        *dest_id = apicid;
-        return 0;
-}
-static int
-summit_cpu_mask_to_apicid_and(const struct cpumask *inmask,
-                              const struct cpumask *andmask,
-                              unsigned int *apicid)
-{
-        cpumask_var_t cpumask;
-        *apicid = early_per_cpu(x86_cpu_to_logical_apicid, 0);
-        if (!alloc_cpumask_var(&cpumask, GFP_ATOMIC))
-                return 0;
-        cpumask_and(cpumask, inmask, andmask);
-        summit_cpu_mask_to_apicid(cpumask, apicid);
-        free_cpumask_var(cpumask);
-        return 0;
-}
-/*
- * cpuid returns the value latched in the HW at reset, not the APIC ID
- * register's value.  For any box whose BIOS changes APIC IDs, like
- * clustered APIC systems, we must use hard_smp_processor_id.
- *
- * See Intel's IA-32 SW Dev's Manual Vol2 under CPUID.
- */
-static int summit_phys_pkg_id(int cpuid_apic, int index_msb)
-{
-        return hard_smp_processor_id() >> index_msb;
-}
-static int probe_summit(void)
-{
-        /* probed later in mptable/ACPI hooks */
-        return 0;
-}
-#ifdef CONFIG_X86_SUMMIT_NUMA
-static struct rio_table_hdr *rio_table_hdr;
-static struct scal_detail   *scal_devs[MAX_NUMNODES];
-static struct rio_detail    *rio_devs[MAX_NUMNODES*4];
-#ifndef CONFIG_X86_NUMAQ
-static int mp_bus_id_to_node[MAX_MP_BUSSES];
-#endif
-static int setup_pci_node_map_for_wpeg(int wpeg_num, int last_bus)
-{
-        int twister = 0, node = 0;
-        int i, bus, num_buses;
-        for (i = 0; i < rio_table_hdr->num_rio_dev; i++) {
-                if (rio_devs[i]->node_id == rio_devs[wpeg_num]->owner_id) {
-                        twister = rio_devs[i]->owner_id;
-                        break;
-                }
-        }
-        if (i == rio_table_hdr->num_rio_dev) {
-                pr_err("Couldn't find owner Cyclone for Winnipeg!\n");
-                return last_bus;
-        }
-        for (i = 0; i < rio_table_hdr->num_scal_dev; i++) {
-                if (scal_devs[i]->node_id == twister) {
-                        node = scal_devs[i]->node_id;
-                        break;
-                }
-        }
-        if (i == rio_table_hdr->num_scal_dev) {
-                pr_err("Couldn't find owner Twister for Cyclone!\n");
-                return last_bus;
-        }
-        switch (rio_devs[wpeg_num]->type) {
-        case CompatWPEG:
-                /*
-                 * The Compatibility Winnipeg controls the 2 legacy buses,
-                 * the 66MHz PCI bus [2 slots] and the 2 "extra" buses in case
-                 * a PCI-PCI bridge card is used in either slot: total 5 buses.
-                 */
-                num_buses = 5;
-                break;
-        case AltWPEG:
-                /*
-                 * The Alternate Winnipeg controls the 2 133MHz buses [1 slot
-                 * each], their 2 "extra" buses, the 100MHz bus [2 slots] and
-                 * the "extra" buses for each of those slots: total 7 buses.
-                 */
-                num_buses = 7;
-                break;
-        case LookOutAWPEG:
-        case LookOutBWPEG:
-                /*
-                 * A Lookout Winnipeg controls 3 100MHz buses [2 slots each]
-                 * & the "extra" buses for each of those slots: total 9 buses.
-                 */
-                num_buses = 9;
-                break;
-        default:
-                pr_info("Unsupported Winnipeg type!\n");
-                return last_bus;
-        }
-        for (bus = last_bus; bus < last_bus + num_buses; bus++)
-                mp_bus_id_to_node[bus] = node;
-        return bus;
-}
-static int build_detail_arrays(void)
-{
-        unsigned long ptr;
-        int i, scal_detail_size, rio_detail_size;
-        if (rio_table_hdr->num_scal_dev > MAX_NUMNODES) {
-                pr_warn("MAX_NUMNODES too low!  Defined as %d, but system has %d nodes\n",
-                        MAX_NUMNODES, rio_table_hdr->num_scal_dev);
-                return 0;
-        }
-        switch (rio_table_hdr->version) {
-        default:
-                pr_warn("Invalid Rio Grande Table Version: %d\n",
-                        rio_table_hdr->version);
-                return 0;
-        case 2:
-                scal_detail_size = 11;
-                rio_detail_size = 13;
-                break;
-        case 3:
-                scal_detail_size = 12;
-                rio_detail_size = 15;
-                break;
-        }
-        ptr = (unsigned long)rio_table_hdr + 3;
-        for (i = 0; i < rio_table_hdr->num_scal_dev; i++, ptr += scal_detail_size)
-                scal_devs[i] = (struct scal_detail *)ptr;
-        for (i = 0; i < rio_table_hdr->num_rio_dev; i++, ptr += rio_detail_size)
-                rio_devs[i] = (struct rio_detail *)ptr;
-        return 1;
-}
-void setup_summit(void)
-{
-        unsigned long           ptr;
-        unsigned short          offset;
-        int                     i, next_wpeg, next_bus = 0;
-        /* The pointer to the EBDA is stored in the word @ phys 0x40E(40:0E) */
-        ptr = get_bios_ebda();
-        ptr = (unsigned long)phys_to_virt(ptr);
-        rio_table_hdr = NULL;
-        offset = 0x180;
-        while (offset) {
-                /* The block id is stored in the 2nd word */
-                if (*((unsigned short *)(ptr + offset + 2)) == 0x4752) {
-                        /* set the pointer past the offset & block id */
-                        rio_table_hdr = (struct rio_table_hdr *)(ptr + offset + 4);
-                        break;
-                }
-                /* The next offset is stored in the 1st word.  0 means no more */
-                offset = *((unsigned short *)(ptr + offset));
-        }
-        if (!rio_table_hdr) {
-                pr_err("Unable to locate Rio Grande Table in EBDA - bailing!\n");
-                return;
-        }
-        if (!build_detail_arrays())
-                return;
-        /* The first Winnipeg we're looking for has an index of 0 */
-        next_wpeg = 0;
-        do {
-                for (i = 0; i < rio_table_hdr->num_rio_dev; i++) {
-                        if (is_WPEG(rio_devs[i]) && rio_devs[i]->WP_index == next_wpeg) {
-                                /* It's the Winnipeg we're looking for! */
-                                next_bus = setup_pci_node_map_for_wpeg(i, next_bus);
-                                next_wpeg++;
-                                break;
-                        }
-                }
-                /*
-                 * If we go through all Rio devices and don't find one with
-                 * the next index, it means we've found all the Winnipegs,
-                 * and thus all the PCI buses.
-                 */
-                if (i == rio_table_hdr->num_rio_dev)
-                        next_wpeg = 0;
-        } while (next_wpeg != 0);
-}
-#endif
-static struct apic apic_summit = {
-        .name                           = "summit",
-        .probe                          = probe_summit,
-        .acpi_madt_oem_check            = summit_acpi_madt_oem_check,
-        .apic_id_valid                  = default_apic_id_valid,
-        .apic_id_registered             = summit_apic_id_registered,
-        .irq_delivery_mode              = dest_LowestPrio,
-        /* logical delivery broadcast to all CPUs: */
-        .irq_dest_mode                  = 1,
-        .target_cpus                    = summit_target_cpus,
-        .disable_esr                    = 1,
-        .dest_logical                   = APIC_DEST_LOGICAL,
-        .check_apicid_used              = summit_check_apicid_used,
-        .check_apicid_present           = summit_check_apicid_present,
-        .vector_allocation_domain       = flat_vector_allocation_domain,
-        .init_apic_ldr                  = summit_init_apic_ldr,
-        .ioapic_phys_id_map             = summit_ioapic_phys_id_map,
-        .setup_apic_routing             = summit_setup_apic_routing,
-        .multi_timer_check              = NULL,
-        .cpu_present_to_apicid          = summit_cpu_present_to_apicid,
-        .apicid_to_cpu_present          = summit_apicid_to_cpu_present,
-        .setup_portio_remap             = NULL,
-        .check_phys_apicid_present      = summit_check_phys_apicid_present,
-        .enable_apic_mode               = NULL,
-        .phys_pkg_id                    = summit_phys_pkg_id,
-        .mps_oem_check                  = summit_mps_oem_check,
-        .get_apic_id                    = summit_get_apic_id,
-        .set_apic_id                    = NULL,
-        .apic_id_mask                   = 0xFF << 24,
-        .cpu_mask_to_apicid_and         = summit_cpu_mask_to_apicid_and,
-        .send_IPI_mask                  = summit_send_IPI_mask,
-        .send_IPI_mask_allbutself       = NULL,
-        .send_IPI_allbutself            = summit_send_IPI_allbutself,
-        .send_IPI_all                   = summit_send_IPI_all,
-        .send_IPI_self                  = default_send_IPI_self,
-        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
-        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = default_wait_for_init_deassert,
-        .smp_callin_clear_local_apic    = NULL,
-        .inquire_remote_apic            = default_inquire_remote_apic,
-        .read                           = native_apic_mem_read,
-        .write                          = native_apic_mem_write,
-        .eoi_write                      = native_apic_mem_write,
-        .icr_read                       = native_apic_icr_read,
-        .icr_write                      = native_apic_icr_write,
-        .wait_icr_idle                  = native_apic_wait_icr_idle,
-        .safe_wait_icr_idle             = native_safe_apic_wait_icr_idle,
-        .x86_32_early_logical_apicid    = summit_early_logical_apicid,
-};
-apic_driver(apic_summit);
diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c
index 140e29db478d..e66766bf1641 100644
--- a/arch/x86/kernel/apic/x2apic_cluster.c
+++ b/arch/x86/kernel/apic/x2apic_cluster.c
@@ -3,7 +3,6 @@
 #include <linux/string.h>
 #include <linux/kernel.h>
 #include <linux/ctype.h>
-#include <linux/init.h>
 #include <linux/dmar.h>
 #include <linux/cpu.h>
@@ -280,7 +279,7 @@ static struct apic apic_x2apic_cluster = {
        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = NULL,
+        .wait_for_init_deassert         = false,
        .smp_callin_clear_local_apic    = NULL,
        .inquire_remote_apic            = NULL,
diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c
index 562a76d433c8..6d600ebf6c12 100644
--- a/arch/x86/kernel/apic/x2apic_phys.c
+++ b/arch/x86/kernel/apic/x2apic_phys.c
@@ -3,7 +3,6 @@
 #include <linux/string.h>
 #include <linux/kernel.h>
 #include <linux/ctype.h>
-#include <linux/init.h>
 #include <linux/dmar.h>
 #include <asm/smp.h>
@@ -134,7 +133,7 @@ static struct apic apic_x2apic_phys = {
        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = NULL,
+        .wait_for_init_deassert         = false,
        .smp_callin_clear_local_apic    = NULL,
        .inquire_remote_apic            = NULL,
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index ad0dc0428baf..7834389ba5be 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -396,7 +396,7 @@ static struct apic __refdata apic_x2apic_uv_x = {
        .wakeup_secondary_cpu           = uv_wakeup_secondary,
        .trampoline_phys_low            = DEFAULT_TRAMPOLINE_PHYS_LOW,
        .trampoline_phys_high           = DEFAULT_TRAMPOLINE_PHYS_HIGH,
-        .wait_for_init_deassert         = NULL,
+        .wait_for_init_deassert         = false,
        .smp_callin_clear_local_apic    = NULL,
        .inquire_remote_apic            = NULL,
@@ -980,7 +980,6 @@ void __init uv_system_init(void)
        uv_nmi_setup();
        uv_cpu_init();
        uv_scir_register_cpu_notifier();
-        uv_register_nmi_notifier();
        proc_mkdir("sgi_uv", NULL);
        /* register Legacy VGA I/O redirection handler */
diff --git a/arch/x86/kernel/check.c b/arch/x86/kernel/check.c
index e2dbcb7dabdd..83a7995625a6 100644
--- a/arch/x86/kernel/check.c
+++ b/arch/x86/kernel/check.c
@@ -91,7 +91,7 @@ void __init setup_bios_corruption_check(void)
        corruption_check_size = round_up(corruption_check_size, PAGE_SIZE);
-        for_each_free_mem_range(i, MAX_NUMNODES, &start, &end, NULL) {
+        for_each_free_mem_range(i, NUMA_NO_NODE, &start, &end, NULL) {
                start = clamp_t(phys_addr_t, round_up(start, PAGE_SIZE),
                                PAGE_SIZE, corruption_check_size);
                end = clamp_t(phys_addr_t, round_down(end, PAGE_SIZE),
diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
index 47b56a7e99cb..7fd54f09b011 100644
--- a/arch/x86/kernel/cpu/Makefile
+++ b/arch/x86/kernel/cpu/Makefile
@@ -36,12 +36,13 @@ obj-$(CONFIG_CPU_SUP_AMD)		+= perf_event_amd_iommu.o
 endif
 obj-$(CONFIG_CPU_SUP_INTEL)             += perf_event_p6.o perf_event_knc.o perf_event_p4.o
 obj-$(CONFIG_CPU_SUP_INTEL)             += perf_event_intel_lbr.o perf_event_intel_ds.o perf_event_intel.o
-obj-$(CONFIG_CPU_SUP_INTEL)             += perf_event_intel_uncore.o
+obj-$(CONFIG_CPU_SUP_INTEL)             += perf_event_intel_uncore.o perf_event_intel_rapl.o
 endif
 obj-$(CONFIG_X86_MCE)                   += mcheck/
 obj-$(CONFIG_MTRR)                      += mtrr/
+obj-$(CONFIG_MICROCODE)                 += microcode/
 obj-$(CONFIG_X86_LOCAL_APIC)            += perfctr-watchdog.o perf_event_amd_ibs.o
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index bca023bdd6b2..ce8b8ff0e0ef 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -1,5 +1,4 @@
 #include <linux/export.h>
-#include <linux/init.h>
 #include <linux/bitops.h>
 #include <linux/elf.h>
 #include <linux/mm.h>
@@ -219,7 +218,7 @@ static void amd_k7_smp_check(struct cpuinfo_x86 *c)
         */
        WARN_ONCE(1, "WARNING: This combination of AMD"
                " processors is not suitable for SMP.\n");
-        add_taint(TAINT_UNSAFE_SMP, LOCKDEP_NOW_UNRELIABLE);
+        add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_NOW_UNRELIABLE);
 }
 static void init_amd_k7(struct cpuinfo_x86 *c)
@@ -234,9 +233,7 @@ static void init_amd_k7(struct cpuinfo_x86 *c)
        if (c->x86_model >= 6 && c->x86_model <= 10) {
                if (!cpu_has(c, X86_FEATURE_XMM)) {
                        printk(KERN_INFO "Enabling disabled K7/SSE Support.\n");
-                        rdmsr(MSR_K7_HWCR, l, h);
+                        msr_clear_bit(MSR_K7_HWCR, 15);
-                        l &= ~0x00008000;
-                        wrmsr(MSR_K7_HWCR, l, h);
                        set_cpu_cap(c, X86_FEATURE_XMM);
                }
        }
@@ -487,7 +484,7 @@ static void early_init_amd(struct cpuinfo_x86 *c)
                set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
                set_cpu_cap(c, X86_FEATURE_NONSTOP_TSC);
                if (!check_tsc_unstable())
-                        sched_clock_stable = 1;
+                        set_sched_clock_stable();
        }
 #ifdef CONFIG_X86_64
@@ -508,6 +505,10 @@ static void early_init_amd(struct cpuinfo_x86 *c)
                        set_cpu_cap(c, X86_FEATURE_EXTD_APICID);
        }
 #endif
+        /* F16h erratum 793, CVE-2013-6885 */
+        if (c->x86 == 0x16 && c->x86_model <= 0xf)
+                msr_set_bit(MSR_AMD64_LS_CFG, 15);
 }
 static const int amd_erratum_383[];
@@ -527,11 +528,8 @@ static void init_amd(struct cpuinfo_x86 *c)
         * Errata 63 for SH-B3 steppings
         * Errata 122 for all steppings (F+ have it disabled by default)
         */
-        if (c->x86 == 0xf) {
+        if (c->x86 == 0xf)
-                rdmsrl(MSR_K7_HWCR, value);
+                msr_set_bit(MSR_K7_HWCR, 6);
-                value |= 1 << 6;
-                wrmsrl(MSR_K7_HWCR, value);
-        }
 #endif
        early_init_amd(c);
@@ -614,14 +612,11 @@ static void init_amd(struct cpuinfo_x86 *c)
            (c->x86_model >= 0x10) && (c->x86_model <= 0x1f) &&
            !cpu_has(c, X86_FEATURE_TOPOEXT)) {
-                if (!rdmsrl_safe(0xc0011005, &value)) {
+                if (msr_set_bit(0xc0011005, 54) > 0) {
-                        value |= 1ULL << 54;
-                        wrmsrl_safe(0xc0011005, value);
                        rdmsrl(0xc0011005, value);
-                        if (value & (1ULL << 54)) {
+                        if (value & BIT_64(54)) {
                                set_cpu_cap(c, X86_FEATURE_TOPOEXT);
-                                printk(KERN_INFO FW_INFO "CPU: Re-enabling "
+                                pr_info(FW_INFO "CPU: Re-enabling disabled Topology Extensions Support.\n");
-                                  "disabled Topology Extensions Support\n");
                        }
                }
        }
@@ -700,19 +695,12 @@ static void init_amd(struct cpuinfo_x86 *c)
                 * Disable GART TLB Walk Errors on Fam10h. We do this here
                 * because this is always needed when GART is enabled, even in a
                 * kernel which has no MCE support built in.
-                 * BIOS should disable GartTlbWlk Errors themself. If
+                 * BIOS should disable GartTlbWlk Errors already. If
-                 * it doesn't do it here as suggested by the BKDG.
+                 * it doesn't, do it here as suggested by the BKDG.
                 *
                 * Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=33012
                 */
-                u64 mask;
+                msr_set_bit(MSR_AMD64_MCx_MASK(4), 10);
-                int err;
-                err = rdmsrl_safe(MSR_AMD64_MCx_MASK(4), &mask);
-                if (err == 0) {
-                        mask |= (1 << 10);
-                        wrmsrl_safe(MSR_AMD64_MCx_MASK(4), mask);
-                }
                /*
                 * On family 10h BIOS may not have properly enabled WC+ support,
@@ -724,10 +712,7 @@ static void init_amd(struct cpuinfo_x86 *c)
                 * NOTE: we want to use the _safe accessors so as not to #GP kvm
                 * guests on older kvm hosts.
                 */
+                msr_clear_bit(MSR_AMD64_BU_CFG2, 24);
-                rdmsrl_safe(MSR_AMD64_BU_CFG2, &value);
-                value &= ~(1ULL << 24);
-                wrmsrl_safe(MSR_AMD64_BU_CFG2, value);
                if (cpu_has_amd_erratum(c, amd_erratum_383))
                        set_cpu_bug(c, X86_BUG_AMD_TLB_MMATCH);
@@ -758,10 +743,7 @@ static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size)
 static void cpu_set_tlb_flushall_shift(struct cpuinfo_x86 *c)
 {
-        tlb_flushall_shift = 5;
+        tlb_flushall_shift = 6;
-        if (c->x86 <= 0x11)
-                tlb_flushall_shift = 4;
 }
 static void cpu_detect_tlb_amd(struct cpuinfo_x86 *c)
@@ -790,14 +772,10 @@ static void cpu_detect_tlb_amd(struct cpuinfo_x86 *c)
        }
        /* Handle DTLB 2M and 4M sizes, fall back to L1 if L2 is disabled */
-        if (!((eax >> 16) & mask)) {
+        if (!((eax >> 16) & mask))
-                u32 a, b, c, d;
+                tlb_lld_2m[ENTRIES] = (cpuid_eax(0x80000005) >> 16) & 0xff;
+        else
-                cpuid(0x80000005, &a, &b, &c, &d);
-                tlb_lld_2m[ENTRIES] = (a >> 16) & 0xff;
-        } else {
                tlb_lld_2m[ENTRIES] = (eax >> 16) & mask;
-        }
        /* a 4M entry uses two 2M entries */
        tlb_lld_4m[ENTRIES] = tlb_lld_2m[ENTRIES] >> 1;
diff --git a/arch/x86/kernel/cpu/centaur.c b/arch/x86/kernel/cpu/centaur.c
index 8d5652dc99dd..d8fba5c15fbd 100644
--- a/arch/x86/kernel/cpu/centaur.c
+++ b/arch/x86/kernel/cpu/centaur.c
@@ -1,6 +1,5 @@
 #include <linux/bitops.h>
 #include <linux/kernel.h>
-#include <linux/init.h>
 #include <asm/processor.h>
 #include <asm/e820.h>
@@ -9,236 +8,6 @@
 #include "cpu.h"
-#ifdef CONFIG_X86_OOSTORE
-static u32 power2(u32 x)
-{
-        u32 s = 1;
-        while (s <= x)
-                s <<= 1;
-        return s >>= 1;
-}
-/*
- * Set up an actual MCR
- */
-static void centaur_mcr_insert(int reg, u32 base, u32 size, int key)
-{
-        u32 lo, hi;
-        hi = base & ~0xFFF;
-        lo = ~(size-1);         /* Size is a power of 2 so this makes a mask */
-        lo &= ~0xFFF;           /* Remove the ctrl value bits */
-        lo |= key;              /* Attribute we wish to set */
-        wrmsr(reg+MSR_IDT_MCR0, lo, hi);
-        mtrr_centaur_report_mcr(reg, lo, hi);   /* Tell the mtrr driver */
-}
-/*
- * Figure what we can cover with MCR's
- *
- * Shortcut: We know you can't put 4Gig of RAM on a winchip
- */
-static u32 ramtop(void)
-{
-        u32 clip = 0xFFFFFFFFUL;
-        u32 top = 0;
-        int i;
-        for (i = 0; i < e820.nr_map; i++) {
-                unsigned long start, end;
-                if (e820.map[i].addr > 0xFFFFFFFFUL)
-                        continue;
-                /*
-                 * Don't MCR over reserved space. Ignore the ISA hole
-                 * we frob around that catastrophe already
-                 */
-                if (e820.map[i].type == E820_RESERVED) {
-                        if (e820.map[i].addr >= 0x100000UL &&
-                            e820.map[i].addr < clip)
-                                clip = e820.map[i].addr;
-                        continue;
-                }
-                start = e820.map[i].addr;
-                end = e820.map[i].addr + e820.map[i].size;
-                if (start >= end)
-                        continue;
-                if (end > top)
-                        top = end;
-        }
-        /*
-         * Everything below 'top' should be RAM except for the ISA hole.
-         * Because of the limited MCR's we want to map NV/ACPI into our
-         * MCR range for gunk in RAM
-         *
-         * Clip might cause us to MCR insufficient RAM but that is an
-         * acceptable failure mode and should only bite obscure boxes with
-         * a VESA hole at 15Mb
-         *
-         * The second case Clip sometimes kicks in is when the EBDA is marked
-         * as reserved. Again we fail safe with reasonable results
-         */
-        if (top > clip)
-                top = clip;
-        return top;
-}
-/*
- * Compute a set of MCR's to give maximum coverage
- */
-static int centaur_mcr_compute(int nr, int key)
-{
-        u32 mem = ramtop();
-        u32 root = power2(mem);
-        u32 base = root;
-        u32 top = root;
-        u32 floor = 0;
-        int ct = 0;
-        while (ct < nr) {
-                u32 fspace = 0;
-                u32 high;
-                u32 low;
-                /*
-                 * Find the largest block we will fill going upwards
-                 */
-                high = power2(mem-top);
-                /*
-                 * Find the largest block we will fill going downwards
-                 */
-                low = base/2;
-                /*
-                 * Don't fill below 1Mb going downwards as there
-                 * is an ISA hole in the way.
-                 */
-                if (base <= 1024*1024)
-                        low = 0;
-                /*
-                 * See how much space we could cover by filling below
-                 * the ISA hole
-                 */
-                if (floor == 0)
-                        fspace = 512*1024;
-                else if (floor == 512*1024)
-                        fspace = 128*1024;
-                /* And forget ROM space */
-                /*
-                 * Now install the largest coverage we get
-                 */
-                if (fspace > high && fspace > low) {
-                        centaur_mcr_insert(ct, floor, fspace, key);
-                        floor += fspace;
-                } else if (high > low) {
-                        centaur_mcr_insert(ct, top, high, key);
-                        top += high;
-                } else if (low > 0) {
-                        base -= low;
-                        centaur_mcr_insert(ct, base, low, key);
-                } else
-                        break;
-                ct++;
-        }
-        /*
-         * We loaded ct values. We now need to set the mask. The caller
-         * must do this bit.
-         */
-        return ct;
-}
-static void centaur_create_optimal_mcr(void)
-{
-        int used;
-        int i;
-        /*
-         * Allocate up to 6 mcrs to mark as much of ram as possible
-         * as write combining and weak write ordered.
-         *
-         * To experiment with: Linux never uses stack operations for
-         * mmio spaces so we could globally enable stack operation wc
-         *
-         * Load the registers with type 31 - full write combining, all
-         * writes weakly ordered.
-         */
-        used = centaur_mcr_compute(6, 31);
-        /*
-         * Wipe unused MCRs
-         */
-        for (i = used; i < 8; i++)
-                wrmsr(MSR_IDT_MCR0+i, 0, 0);
-}
-static void winchip2_create_optimal_mcr(void)
-{
-        u32 lo, hi;
-        int used;
-        int i;
-        /*
-         * Allocate up to 6 mcrs to mark as much of ram as possible
-         * as write combining, weak store ordered.
-         *
-         * Load the registers with type 25
-         *      8       -       weak write ordering
-         *      16      -       weak read ordering
-         *      1       -       write combining
-         */
-        used = centaur_mcr_compute(6, 25);
-        /*
-         * Mark the registers we are using.
-         */
-        rdmsr(MSR_IDT_MCR_CTRL, lo, hi);
-        for (i = 0; i < used; i++)
-                lo |= 1<<(9+i);
-        wrmsr(MSR_IDT_MCR_CTRL, lo, hi);
-        /*
-         * Wipe unused MCRs
-         */
-        for (i = used; i < 8; i++)
-                wrmsr(MSR_IDT_MCR0+i, 0, 0);
-}
-/*
- * Handle the MCR key on the Winchip 2.
- */
-static void winchip2_unprotect_mcr(void)
-{
-        u32 lo, hi;
-        u32 key;
-        rdmsr(MSR_IDT_MCR_CTRL, lo, hi);
-        lo &= ~0x1C0;   /* blank bits 8-6 */
-        key = (lo>>17) & 7;
-        lo |= key<<6;   /* replace with unlock key */
-        wrmsr(MSR_IDT_MCR_CTRL, lo, hi);
-}
-static void winchip2_protect_mcr(void)
-{
-        u32 lo, hi;
-        rdmsr(MSR_IDT_MCR_CTRL, lo, hi);
-        lo &= ~0x1C0;   /* blank bits 8-6 */
-        wrmsr(MSR_IDT_MCR_CTRL, lo, hi);
-}
-#endif /* CONFIG_X86_OOSTORE */
 #define ACE_PRESENT     (1 << 6)
 #define ACE_ENABLED     (1 << 7)
 #define ACE_FCR         (1 << 28)       /* MSR_VIA_FCR */
@@ -363,20 +132,6 @@ static void init_centaur(struct cpuinfo_x86 *c)
                        fcr_clr = DPDC;
                        printk(KERN_NOTICE "Disabling bugged TSC.\n");
                        clear_cpu_cap(c, X86_FEATURE_TSC);
-#ifdef CONFIG_X86_OOSTORE
-                        centaur_create_optimal_mcr();
-                        /*
-                         * Enable:
-                         *      write combining on non-stack, non-string
-                         *      write combining on string, all types
-                         *      weak write ordering
-                         *
-                         * The C6 original lacks weak read order
-                         *
-                         * Note 0x120 is write only on Winchip 1
-                         */
-                        wrmsr(MSR_IDT_MCR_CTRL, 0x01F0001F, 0);
-#endif
                        break;
                case 8:
                        switch (c->x86_mask) {
@@ -393,40 +148,12 @@ static void init_centaur(struct cpuinfo_x86 *c)
                        fcr_set = ECX8|DSMC|DTLOCK|EMMX|EBRPRED|ERETSTK|
                                  E2MMX|EAMD3D;
                        fcr_clr = DPDC;
-#ifdef CONFIG_X86_OOSTORE
-                        winchip2_unprotect_mcr();
-                        winchip2_create_optimal_mcr();
-                        rdmsr(MSR_IDT_MCR_CTRL, lo, hi);
-                        /*
-                         * Enable:
-                         *      write combining on non-stack, non-string
-                         *      write combining on string, all types
-                         *      weak write ordering
-                         */
-                        lo |= 31;
-                        wrmsr(MSR_IDT_MCR_CTRL, lo, hi);
-                        winchip2_protect_mcr();
-#endif
                        break;
                case 9:
                        name = "3";
                        fcr_set = ECX8|DSMC|DTLOCK|EMMX|EBRPRED|ERETSTK|
                                  E2MMX|EAMD3D;
                        fcr_clr = DPDC;
-#ifdef CONFIG_X86_OOSTORE
-                        winchip2_unprotect_mcr();
-                        winchip2_create_optimal_mcr();
-                        rdmsr(MSR_IDT_MCR_CTRL, lo, hi);
-                        /*
-                         * Enable:
-                         *      write combining on non-stack, non-string
-                         *      write combining on string, all types
-                         *      weak write ordering
-                         */
-                        lo |= 31;
-                        wrmsr(MSR_IDT_MCR_CTRL, lo, hi);
-                        winchip2_protect_mcr();
-#endif
                        break;
                default:
                        name = "??";
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 6abc172b8258..a135239badb7 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -284,8 +284,13 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
        raw_local_save_flags(eflags);
        BUG_ON(eflags & X86_EFLAGS_AC);
-        if (cpu_has(c, X86_FEATURE_SMAP))
+        if (cpu_has(c, X86_FEATURE_SMAP)) {
+#ifdef CONFIG_X86_SMAP
                set_in_cr4(X86_CR4_SMAP);
+#else
+                clear_in_cr4(X86_CR4_SMAP);
+#endif
+        }
 }
 /*
@@ -472,6 +477,7 @@ u16 __read_mostly tlb_lli_4m[NR_INFO];
 u16 __read_mostly tlb_lld_4k[NR_INFO];
 u16 __read_mostly tlb_lld_2m[NR_INFO];
 u16 __read_mostly tlb_lld_4m[NR_INFO];
+u16 __read_mostly tlb_lld_1g[NR_INFO];
 /*
 * tlb_flushall_shift shows the balance point in replacing cr3 write
@@ -486,13 +492,13 @@ void cpu_detect_tlb(struct cpuinfo_x86 *c)
        if (this_cpu->c_detect_tlb)
                this_cpu->c_detect_tlb(c);
-        printk(KERN_INFO "Last level iTLB entries: 4KB %d, 2MB %d, 4MB %d\n" \
+        printk(KERN_INFO "Last level iTLB entries: 4KB %d, 2MB %d, 4MB %d\n"
-                "Last level dTLB entries: 4KB %d, 2MB %d, 4MB %d\n"          \
+                "Last level dTLB entries: 4KB %d, 2MB %d, 4MB %d, 1GB %d\n"
                "tlb_flushall_shift: %d\n",
                tlb_lli_4k[ENTRIES], tlb_lli_2m[ENTRIES],
                tlb_lli_4m[ENTRIES], tlb_lld_4k[ENTRIES],
                tlb_lld_2m[ENTRIES], tlb_lld_4m[ENTRIES],
-                tlb_flushall_shift);
+                tlb_lld_1g[ENTRIES], tlb_flushall_shift);
 }
 void detect_ht(struct cpuinfo_x86 *c)
@@ -1019,7 +1025,8 @@ __setup("show_msr=", setup_show_msr);
 static __init int setup_noclflush(char *arg)
 {
-        setup_clear_cpu_cap(X86_FEATURE_CLFLSH);
+        setup_clear_cpu_cap(X86_FEATURE_CLFLUSH);
+        setup_clear_cpu_cap(X86_FEATURE_CLFLUSHOPT);
        return 1;
 }
 __setup("noclflush", setup_noclflush);
@@ -1072,6 +1079,10 @@ static __init int setup_disablecpuid(char *arg)
 }
 __setup("clearcpuid=", setup_disablecpuid);
+DEFINE_PER_CPU(unsigned long, kernel_stack) =
+        (unsigned long)&init_thread_union - KERNEL_STACK_OFFSET + THREAD_SIZE;
+EXPORT_PER_CPU_SYMBOL(kernel_stack);
 #ifdef CONFIG_X86_64
 struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table };
 struct desc_ptr debug_idt_descr = { NR_VECTORS * 16 - 1,
@@ -1088,10 +1099,6 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
        &init_task;
 EXPORT_PER_CPU_SYMBOL(current_task);
-DEFINE_PER_CPU(unsigned long, kernel_stack) =
-        (unsigned long)&init_thread_union - KERNEL_STACK_OFFSET + THREAD_SIZE;
-EXPORT_PER_CPU_SYMBOL(kernel_stack);
 DEFINE_PER_CPU(char *, irq_stack_ptr) =
        init_per_cpu_var(irq_stack_union.irq_stack) + IRQ_STACK_SIZE - 64;
diff --git a/arch/x86/kernel/cpu/cyrix.c b/arch/x86/kernel/cpu/cyrix.c
index d0969c75ab54..aaf152e79637 100644
--- a/arch/x86/kernel/cpu/cyrix.c
+++ b/arch/x86/kernel/cpu/cyrix.c
@@ -1,4 +1,3 @@
-#include <linux/init.h>
 #include <linux/bitops.h>
 #include <linux/delay.h>
 #include <linux/pci.h>
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index ea04b342c026..a80029035bf2 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -1,4 +1,3 @@
-#include <linux/init.h>
 #include <linux/kernel.h>
 #include <linux/string.h>
@@ -32,11 +31,8 @@ static void early_init_intel(struct cpuinfo_x86 *c)
        /* Unmask CPUID levels if masked: */
        if (c->x86 > 6 || (c->x86 == 6 && c->x86_model >= 0xd)) {
-                rdmsrl(MSR_IA32_MISC_ENABLE, misc_enable);
+                if (msr_clear_bit(MSR_IA32_MISC_ENABLE,
+                                  MSR_IA32_MISC_ENABLE_LIMIT_CPUID_BIT) > 0) {
-                if (misc_enable & MSR_IA32_MISC_ENABLE_LIMIT_CPUID) {
-                        misc_enable &= ~MSR_IA32_MISC_ENABLE_LIMIT_CPUID;
-                        wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable);
                        c->cpuid_level = cpuid_eax(0);
                        get_cpu_cap(c);
                }
@@ -93,7 +89,7 @@ static void early_init_intel(struct cpuinfo_x86 *c)
                set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
                set_cpu_cap(c, X86_FEATURE_NONSTOP_TSC);
                if (!check_tsc_unstable())
-                        sched_clock_stable = 1;
+                        set_sched_clock_stable();
        }
        /* Penwell and Cloverview have the TSC which doesn't sleep on S3 */
@@ -130,16 +126,10 @@ static void early_init_intel(struct cpuinfo_x86 *c)
         * Ingo Molnar reported a Pentium D (model 6) and a Xeon
         * (model 2) with the same problem.
         */
-        if (c->x86 == 15) {
+        if (c->x86 == 15)
-                rdmsrl(MSR_IA32_MISC_ENABLE, misc_enable);
+                if (msr_clear_bit(MSR_IA32_MISC_ENABLE,
+                                  MSR_IA32_MISC_ENABLE_FAST_STRING_BIT) > 0)
-                if (misc_enable & MSR_IA32_MISC_ENABLE_FAST_STRING) {
+                        pr_info("kmemcheck: Disabling fast string operations\n");
-                        printk(KERN_INFO "kmemcheck: Disabling fast string operations\n");
-                        misc_enable &= ~MSR_IA32_MISC_ENABLE_FAST_STRING;
-                        wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable);
-                }
-        }
 #endif
        /*
@@ -196,10 +186,16 @@ static void intel_smp_check(struct cpuinfo_x86 *c)
        }
 }
-static void intel_workarounds(struct cpuinfo_x86 *c)
+static int forcepae;
+static int __init forcepae_setup(char *__unused)
 {
-        unsigned long lo, hi;
+        forcepae = 1;
+        return 1;
+}
+__setup("forcepae", forcepae_setup);
+static void intel_workarounds(struct cpuinfo_x86 *c)
+{
 #ifdef CONFIG_X86_F00F_BUG
        /*
         * All current models of Pentium and Pentium with MMX technology CPUs
@@ -226,16 +222,26 @@ static void intel_workarounds(struct cpuinfo_x86 *c)
                clear_cpu_cap(c, X86_FEATURE_SEP);
        /*
+         * PAE CPUID issue: many Pentium M report no PAE but may have a
+         * functionally usable PAE implementation.
+         * Forcefully enable PAE if kernel parameter "forcepae" is present.
+         */
+        if (forcepae) {
+                printk(KERN_WARNING "PAE forced!\n");
+                set_cpu_cap(c, X86_FEATURE_PAE);
+                add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_NOW_UNRELIABLE);
+        }
+        /*
         * P4 Xeon errata 037 workaround.
         * Hardware prefetcher may cause stale data to be loaded into the cache.
         */
        if ((c->x86 == 15) && (c->x86_model == 1) && (c->x86_mask == 1)) {
-                rdmsr(MSR_IA32_MISC_ENABLE, lo, hi);
+                if (msr_set_bit(MSR_IA32_MISC_ENABLE,
-                if ((lo & MSR_IA32_MISC_ENABLE_PREFETCH_DISABLE) == 0) {
+                                MSR_IA32_MISC_ENABLE_PREFETCH_DISABLE_BIT)
-                        printk (KERN_INFO "CPU: C0 stepping P4 Xeon detected.\n");
+                    > 0) {
-                        printk (KERN_INFO "CPU: Disabling hardware prefetching (Errata 037)\n");
+                        pr_info("CPU: C0 stepping P4 Xeon detected.\n");
-                        lo |= MSR_IA32_MISC_ENABLE_PREFETCH_DISABLE;
+                        pr_info("CPU: Disabling hardware prefetching (Errata 037)\n");
-                        wrmsr(MSR_IA32_MISC_ENABLE, lo, hi);
                }
        }
@@ -268,10 +274,6 @@ static void intel_workarounds(struct cpuinfo_x86 *c)
        }
 #endif
-#ifdef CONFIG_X86_NUMAQ
-        numaq_tsc_disable();
-#endif
        intel_smp_check(c);
 }
 #else
@@ -506,6 +508,7 @@ static unsigned int intel_size_cache(struct cpuinfo_x86 *c, unsigned int size)
 #define TLB_DATA0_2M_4M 0x23
 #define STLB_4K         0x41
+#define STLB_4K_2M      0x42
 static const struct _tlb_table intel_tlb_table[] = {
        { 0x01, TLB_INST_4K,            32,     " TLB_INST 4 KByte pages, 4-way set associative" },
@@ -526,13 +529,20 @@ static const struct _tlb_table intel_tlb_table[] = {
        { 0x5b, TLB_DATA_4K_4M,         64,     " TLB_DATA 4 KByte and 4 MByte pages" },
        { 0x5c, TLB_DATA_4K_4M,         128,    " TLB_DATA 4 KByte and 4 MByte pages" },
        { 0x5d, TLB_DATA_4K_4M,         256,    " TLB_DATA 4 KByte and 4 MByte pages" },
+        { 0x61, TLB_INST_4K,            48,     " TLB_INST 4 KByte pages, full associative" },
+        { 0x63, TLB_DATA_1G,            4,      " TLB_DATA 1 GByte pages, 4-way set associative" },
+        { 0x76, TLB_INST_2M_4M,         8,      " TLB_INST 2-MByte or 4-MByte pages, fully associative" },
        { 0xb0, TLB_INST_4K,            128,    " TLB_INST 4 KByte pages, 4-way set associative" },
        { 0xb1, TLB_INST_2M_4M,         4,      " TLB_INST 2M pages, 4-way, 8 entries or 4M pages, 4-way entries" },
        { 0xb2, TLB_INST_4K,            64,     " TLB_INST 4KByte pages, 4-way set associative" },
        { 0xb3, TLB_DATA_4K,            128,    " TLB_DATA 4 KByte pages, 4-way set associative" },
        { 0xb4, TLB_DATA_4K,            256,    " TLB_DATA 4 KByte pages, 4-way associative" },
+        { 0xb5, TLB_INST_4K,            64,     " TLB_INST 4 KByte pages, 8-way set ssociative" },
+        { 0xb6, TLB_INST_4K,            128,    " TLB_INST 4 KByte pages, 8-way set ssociative" },
        { 0xba, TLB_DATA_4K,            64,     " TLB_DATA 4 KByte pages, 4-way associative" },
        { 0xc0, TLB_DATA_4K_4M,         8,      " TLB_DATA 4 KByte and 4 MByte pages, 4-way associative" },
+        { 0xc1, STLB_4K_2M,             1024,   " STLB 4 KByte and 2 MByte pages, 8-way associative" },
+        { 0xc2, TLB_DATA_2M_4M,         16,     " DTLB 2 MByte/4MByte pages, 4-way associative" },
        { 0xca, STLB_4K,                512,    " STLB 4 KByte pages, 4-way associative" },
        { 0x00, 0, 0 }
 };
@@ -558,6 +568,20 @@ static void intel_tlb_lookup(const unsigned char desc)
                if (tlb_lld_4k[ENTRIES] < intel_tlb_table[k].entries)
                        tlb_lld_4k[ENTRIES] = intel_tlb_table[k].entries;
                break;
+        case STLB_4K_2M:
+                if (tlb_lli_4k[ENTRIES] < intel_tlb_table[k].entries)
+                        tlb_lli_4k[ENTRIES] = intel_tlb_table[k].entries;
+                if (tlb_lld_4k[ENTRIES] < intel_tlb_table[k].entries)
+                        tlb_lld_4k[ENTRIES] = intel_tlb_table[k].entries;
+                if (tlb_lli_2m[ENTRIES] < intel_tlb_table[k].entries)
+                        tlb_lli_2m[ENTRIES] = intel_tlb_table[k].entries;
+                if (tlb_lld_2m[ENTRIES] < intel_tlb_table[k].entries)
+                        tlb_lld_2m[ENTRIES] = intel_tlb_table[k].entries;
+                if (tlb_lli_4m[ENTRIES] < intel_tlb_table[k].entries)
+                        tlb_lli_4m[ENTRIES] = intel_tlb_table[k].entries;
+                if (tlb_lld_4m[ENTRIES] < intel_tlb_table[k].entries)
+                        tlb_lld_4m[ENTRIES] = intel_tlb_table[k].entries;
+                break;
        case TLB_INST_ALL:
                if (tlb_lli_4k[ENTRIES] < intel_tlb_table[k].entries)
                        tlb_lli_4k[ENTRIES] = intel_tlb_table[k].entries;
@@ -603,6 +627,10 @@ static void intel_tlb_lookup(const unsigned char desc)
                if (tlb_lld_4m[ENTRIES] < intel_tlb_table[k].entries)
                        tlb_lld_4m[ENTRIES] = intel_tlb_table[k].entries;
                break;
+        case TLB_DATA_1G:
+                if (tlb_lld_1g[ENTRIES] < intel_tlb_table[k].entries)
+                        tlb_lld_1g[ENTRIES] = intel_tlb_table[k].entries;
+                break;
        }
 }
@@ -615,21 +643,17 @@ static void intel_tlb_flushall_shift_set(struct cpuinfo_x86 *c)
        case 0x61d: /* six-core 45 nm xeon "Dunnington" */
                tlb_flushall_shift = -1;
                break;
+        case 0x63a: /* Ivybridge */
+                tlb_flushall_shift = 2;
+                break;
        case 0x61a: /* 45 nm nehalem, "Bloomfield" */
        case 0x61e: /* 45 nm nehalem, "Lynnfield" */
        case 0x625: /* 32 nm nehalem, "Clarkdale" */
        case 0x62c: /* 32 nm nehalem, "Gulftown" */
        case 0x62e: /* 45 nm nehalem-ex, "Beckton" */
        case 0x62f: /* 32 nm Xeon E7 */
-                tlb_flushall_shift = 6;
-                break;
        case 0x62a: /* SandyBridge */
        case 0x62d: /* SandyBridge, "Romely-EP" */
-                tlb_flushall_shift = 5;
-                break;
-        case 0x63a: /* Ivybridge */
-                tlb_flushall_shift = 1;
-                break;
        default:
                tlb_flushall_shift = 6;
        }
diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c
index 0641113e2965..a952e9c85b6f 100644
--- a/arch/x86/kernel/cpu/intel_cacheinfo.c
+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c
@@ -1225,21 +1225,24 @@ static struct notifier_block cacheinfo_cpu_notifier = {
 static int __init cache_sysfs_init(void)
 {
-        int i;
+        int i, err = 0;
        if (num_cache_leaves == 0)
                return 0;
+        cpu_notifier_register_begin();
        for_each_online_cpu(i) {
-                int err;
                struct device *dev = get_cpu_device(i);
                err = cache_add_dev(dev);
                if (err)
-                        return err;
+                        goto out;
        }
-        register_hotcpu_notifier(&cacheinfo_cpu_notifier);
+        __register_hotcpu_notifier(&cacheinfo_cpu_notifier);
-        return 0;
+out:
+        cpu_notifier_register_done();
+        return err;
 }
 device_initcall(cache_sysfs_init);
diff --git a/arch/x86/kernel/cpu/match.c b/arch/x86/kernel/cpu/match.c
index 36565373af87..afa9f0d487ea 100644
--- a/arch/x86/kernel/cpu/match.c
+++ b/arch/x86/kernel/cpu/match.c
@@ -47,45 +47,3 @@ const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match)
        return NULL;
 }
 EXPORT_SYMBOL(x86_match_cpu);
-ssize_t arch_print_cpu_modalias(struct device *dev,
-                                struct device_attribute *attr,
-                                char *bufptr)
-{
-        int size = PAGE_SIZE;
-        int i, n;
-        char *buf = bufptr;
-        n = snprintf(buf, size, "x86cpu:vendor:%04X:family:%04X:"
-                     "model:%04X:feature:",
-                boot_cpu_data.x86_vendor,
-                boot_cpu_data.x86,
-                boot_cpu_data.x86_model);
-        size -= n;
-        buf += n;
-        size -= 1;
-        for (i = 0; i < NCAPINTS*32; i++) {
-                if (boot_cpu_has(i)) {
-                        n = snprintf(buf, size, ",%04X", i);
-                        if (n >= size) {
-                                WARN(1, "x86 features overflow page\n");
-                                break;
-                        }
-                        size -= n;
-                        buf += n;
-                }
-        }
-        *buf++ = '\n';
-        return buf - bufptr;
-}
-int arch_cpu_uevent(struct device *dev, struct kobj_uevent_env *env)
-{
-        char *buf = kzalloc(PAGE_SIZE, GFP_KERNEL);
-        if (buf) {
-                arch_print_cpu_modalias(NULL, NULL, buf);
-                add_uevent_var(env, "MODALIAS=%s", buf);
-                kfree(buf);
-        }
-        return 0;
-}
diff --git a/arch/x86/kernel/cpu/mcheck/mce-apei.c b/arch/x86/kernel/cpu/mcheck/mce-apei.c
index de8b60a53f69..a1aef9533154 100644
--- a/arch/x86/kernel/cpu/mcheck/mce-apei.c
+++ b/arch/x86/kernel/cpu/mcheck/mce-apei.c
@@ -33,22 +33,28 @@
 #include <linux/acpi.h>
 #include <linux/cper.h>
 #include <acpi/apei.h>
+#include <acpi/ghes.h>
 #include <asm/mce.h>
 #include "mce-internal.h"
-void apei_mce_report_mem_error(int corrected, struct cper_sec_mem_err *mem_err)
+void apei_mce_report_mem_error(int severity, struct cper_sec_mem_err *mem_err)
 {
        struct mce m;
-        /* Only corrected MC is reported */
+        if (!(mem_err->validation_bits & CPER_MEM_VALID_PA))
-        if (!corrected || !(mem_err->validation_bits & CPER_MEM_VALID_PA))
                return;
        mce_setup(&m);
        m.bank = 1;
-        /* Fake a memory read corrected error with unknown channel */
+        /* Fake a memory read error with unknown channel */
        m.status = MCI_STATUS_VAL | MCI_STATUS_EN | MCI_STATUS_ADDRV | 0x9f;
+        if (severity >= GHES_SEV_RECOVERABLE)
+                m.status |= MCI_STATUS_UC;
+        if (severity >= GHES_SEV_PANIC)
+                m.status |= MCI_STATUS_PCC;
        m.addr = mem_err->physical_addr;
        mce_log(&m);
        mce_notify_irq();
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
index b3218cdee95f..eeee23ff75ef 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -89,6 +89,9 @@ static DECLARE_WAIT_QUEUE_HEAD(mce_chrdev_wait);
 static DEFINE_PER_CPU(struct mce, mces_seen);
 static int                      cpu_missing;
+/* CMCI storm detection filter */
+static DEFINE_PER_CPU(unsigned long, mce_polled_error);
 /*
 * MCA banks polled by the period polling timer for corrected events.
 * With Intel CMCI, this only has MCA banks which do not support CMCI (if any).
@@ -595,6 +598,7 @@ void machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
 {
        struct mce m;
        int i;
+        unsigned long *v;
        this_cpu_inc(mce_poll_count);
@@ -614,6 +618,8 @@ void machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
                if (!(m.status & MCI_STATUS_VAL))
                        continue;
+                v = &get_cpu_var(mce_polled_error);
+                set_bit(0, v);
                /*
                 * Uncorrected or signalled events are handled by the exception
                 * handler when it is enabled, so don't process those here.
@@ -1278,10 +1284,18 @@ static unsigned long mce_adjust_timer_default(unsigned long interval)
 static unsigned long (*mce_adjust_timer)(unsigned long interval) =
        mce_adjust_timer_default;
+static int cmc_error_seen(void)
+{
+        unsigned long *v = &__get_cpu_var(mce_polled_error);
+        return test_and_clear_bit(0, v);
+}
 static void mce_timer_fn(unsigned long data)
 {
        struct timer_list *t = &__get_cpu_var(mce_timer);
        unsigned long iv;
+        int notify;
        WARN_ON(smp_processor_id() != data);
@@ -1296,7 +1310,9 @@ static void mce_timer_fn(unsigned long data)
         * polling interval, otherwise increase the polling interval.
         */
        iv = __this_cpu_read(mce_next_interval);
-        if (mce_notify_irq()) {
+        notify = mce_notify_irq();
+        notify |= cmc_error_seen();
+        if (notify) {
                iv = max(iv / 2, (unsigned long) HZ/100);
        } else {
                iv = min(iv * 2, round_jiffies_relative(check_interval * HZ));
@@ -1638,15 +1654,15 @@ static void __mcheck_cpu_init_vendor(struct cpuinfo_x86 *c)
 static void mce_start_timer(unsigned int cpu, struct timer_list *t)
 {
-        unsigned long iv = mce_adjust_timer(check_interval * HZ);
+        unsigned long iv = check_interval * HZ;
-        __this_cpu_write(mce_next_interval, iv);
        if (mca_cfg.ignore_ce || !iv)
                return;
+        per_cpu(mce_next_interval, cpu) = iv;
        t->expires = round_jiffies(jiffies + iv);
-        add_timer_on(t, smp_processor_id());
+        add_timer_on(t, cpu);
 }
 static void __mcheck_cpu_init_timer(void)
@@ -2272,8 +2288,10 @@ static int mce_device_create(unsigned int cpu)
        dev->release = &mce_device_release;
        err = device_register(dev);
-        if (err)
+        if (err) {
+                put_device(dev);
                return err;
+        }
        for (i = 0; mce_device_attrs[i]; i++) {
                err = device_create_file(dev, mce_device_attrs[i]);
@@ -2432,14 +2450,18 @@ static __init int mcheck_init_device(void)
        if (err)
                return err;
+        cpu_notifier_register_begin();
        for_each_online_cpu(i) {
                err = mce_device_create(i);
-                if (err)
+                if (err) {
+                        cpu_notifier_register_done();
                        return err;
+                }
        }
        register_syscore_ops(&mce_syscore_ops);
-        register_hotcpu_notifier(&mce_cpu_notifier);
+        __register_hotcpu_notifier(&mce_cpu_notifier);
+        cpu_notifier_register_done();
        /* register character device /dev/mcelog */
        misc_register(&mce_chrdev_device);
diff --git a/arch/x86/kernel/cpu/mcheck/mce_intel.c b/arch/x86/kernel/cpu/mcheck/mce_intel.c
index 4cfe0458ca66..3bdb95ae8c43 100644
--- a/arch/x86/kernel/cpu/mcheck/mce_intel.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_intel.c
@@ -6,10 +6,10 @@
 */
 #include <linux/gfp.h>
-#include <linux/init.h>
 #include <linux/interrupt.h>
 #include <linux/percpu.h>
 #include <linux/sched.h>
+#include <linux/cpumask.h>
 #include <asm/apic.h>
 #include <asm/processor.h>
 #include <asm/msr.h>
@@ -138,6 +138,22 @@ unsigned long mce_intel_adjust_timer(unsigned long interval)
        }
 }
+static void cmci_storm_disable_banks(void)
+{
+        unsigned long flags, *owned;
+        int bank;
+        u64 val;
+        raw_spin_lock_irqsave(&cmci_discover_lock, flags);
+        owned = __get_cpu_var(mce_banks_owned);
+        for_each_set_bit(bank, owned, MAX_NR_BANKS) {
+                rdmsrl(MSR_IA32_MCx_CTL2(bank), val);
+                val &= ~MCI_CTL2_CMCI_EN;
+                wrmsrl(MSR_IA32_MCx_CTL2(bank), val);
+        }
+        raw_spin_unlock_irqrestore(&cmci_discover_lock, flags);
+}
 static bool cmci_storm_detect(void)
 {
        unsigned int cnt = __this_cpu_read(cmci_storm_cnt);
@@ -159,7 +175,7 @@ static bool cmci_storm_detect(void)
        if (cnt <= CMCI_STORM_THRESHOLD)
                return false;
-        cmci_clear();
+        cmci_storm_disable_banks();
        __this_cpu_write(cmci_storm_state, CMCI_STORM_ACTIVE);
        r = atomic_add_return(1, &cmci_storm_on_cpus);
        mce_timer_kick(CMCI_POLL_INTERVAL);
diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c
index 1c044b1ccc59..a3042989398c 100644
--- a/arch/x86/kernel/cpu/mcheck/p5.c
+++ b/arch/x86/kernel/cpu/mcheck/p5.c
@@ -5,7 +5,6 @@
 #include <linux/interrupt.h>
 #include <linux/kernel.h>
 #include <linux/types.h>
-#include <linux/init.h>
 #include <linux/smp.h>
 #include <asm/processor.h>
diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c
index 3eec7de76efb..d921b7ee6595 100644
--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c
+++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c
@@ -271,9 +271,6 @@ static void thermal_throttle_remove_dev(struct device *dev)
        sysfs_remove_group(&dev->kobj, &thermal_attr_group);
 }
-/* Mutex protecting device creation against CPU hotplug: */
-static DEFINE_MUTEX(therm_cpu_lock);
 /* Get notified when a cpu comes on/off. Be hotplug friendly. */
 static int
 thermal_throttle_cpu_callback(struct notifier_block *nfb,
@@ -289,18 +286,14 @@ thermal_throttle_cpu_callback(struct notifier_block *nfb,
        switch (action) {
        case CPU_UP_PREPARE:
        case CPU_UP_PREPARE_FROZEN:
-                mutex_lock(&therm_cpu_lock);
                err = thermal_throttle_add_dev(dev, cpu);
-                mutex_unlock(&therm_cpu_lock);
                WARN_ON(err);
                break;
        case CPU_UP_CANCELED:
        case CPU_UP_CANCELED_FROZEN:
        case CPU_DEAD:
        case CPU_DEAD_FROZEN:
-                mutex_lock(&therm_cpu_lock);
                thermal_throttle_remove_dev(dev);
-                mutex_unlock(&therm_cpu_lock);
                break;
        }
        return notifier_from_errno(err);
@@ -319,19 +312,16 @@ static __init int thermal_throttle_init_device(void)
        if (!atomic_read(&therm_throt_en))
                return 0;
-        register_hotcpu_notifier(&thermal_throttle_cpu_notifier);
+        cpu_notifier_register_begin();
-#ifdef CONFIG_HOTPLUG_CPU
-        mutex_lock(&therm_cpu_lock);
-#endif
        /* connect live CPUs to sysfs */
        for_each_online_cpu(cpu) {
                err = thermal_throttle_add_dev(get_cpu_device(cpu), cpu);
                WARN_ON(err);
        }
-#ifdef CONFIG_HOTPLUG_CPU
-        mutex_unlock(&therm_cpu_lock);
+        __register_hotcpu_notifier(&thermal_throttle_cpu_notifier);
-#endif
+        cpu_notifier_register_done();
        return 0;
 }
diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c
index e9a701aecaa1..7dc5564d0cdf 100644
--- a/arch/x86/kernel/cpu/mcheck/winchip.c
+++ b/arch/x86/kernel/cpu/mcheck/winchip.c
@@ -5,7 +5,6 @@
 #include <linux/interrupt.h>
 #include <linux/kernel.h>
 #include <linux/types.h>
-#include <linux/init.h>
 #include <asm/processor.h>
 #include <asm/mce.h>
diff --git a/arch/x86/kernel/cpu/microcode/Makefile b/arch/x86/kernel/cpu/microcode/Makefile
new file mode 100644
index 000000000000..285c85427c32
--- /dev/null
+++ b/arch/x86/kernel/cpu/microcode/Makefile
@@ -0,0 +1,7 @@
+microcode-y                             := core.o
+obj-$(CONFIG_MICROCODE)                 += microcode.o
+microcode-$(CONFIG_MICROCODE_INTEL)     += intel.o intel_lib.o
+microcode-$(CONFIG_MICROCODE_AMD)       += amd.o
+obj-$(CONFIG_MICROCODE_EARLY)           += core_early.o
+obj-$(CONFIG_MICROCODE_INTEL_EARLY)     += intel_early.o
+obj-$(CONFIG_MICROCODE_AMD_EARLY)       += amd_early.o
diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index c3d4cc972eca..8fffd845e22b 100644
--- a/arch/x86/kernel/microcode_amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -182,10 +182,10 @@ int __apply_microcode_amd(struct microcode_amd *mc_amd)
 {
        u32 rev, dummy;
-        wrmsrl(MSR_AMD64_PATCH_LOADER, (u64)(long)&mc_amd->hdr.data_code);
+        native_wrmsrl(MSR_AMD64_PATCH_LOADER, (u64)(long)&mc_amd->hdr.data_code);
        /* verify patch application was successful */
-        rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
+        native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
        if (rev != mc_amd->hdr.patch_id)
                return -1;
@@ -332,6 +332,9 @@ static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover)
        patch->patch_id  = mc_hdr->patch_id;
        patch->equiv_cpu = proc_id;
+        pr_debug("%s: Added patch_id: 0x%08x, proc_id: 0x%04x\n",
+                 __func__, patch->patch_id, proc_id);
        /* ... and add to cache. */
        update_cache(patch);
@@ -390,9 +393,9 @@ enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t size)
        if (cpu_data(smp_processor_id()).cpu_index == boot_cpu_data.cpu_index) {
                struct ucode_patch *p = find_patch(smp_processor_id());
                if (p) {
-                        memset(amd_bsp_mpb, 0, MPB_MAX_SIZE);
+                        memset(amd_ucode_patch, 0, PATCH_MAX_SIZE);
-                        memcpy(amd_bsp_mpb, p->data, min_t(u32, ksize(p->data),
+                        memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data),
-                                                           MPB_MAX_SIZE));
+                                                               PATCH_MAX_SIZE));
                }
        }
 #endif
@@ -430,7 +433,7 @@ static enum ucode_state request_microcode_amd(int cpu, struct device *device,
        if (c->x86 >= 0x15)
                snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
-        if (request_firmware(&fw, (const char *)fw_name, device)) {
+        if (request_firmware_direct(&fw, (const char *)fw_name, device)) {
                pr_debug("failed to load file %s\n", fw_name);
                goto out;
        }
diff --git a/arch/x86/kernel/microcode_amd_early.c b/arch/x86/kernel/cpu/microcode/amd_early.c
index 6073104ccaa3..617a9e284245 100644
--- a/arch/x86/kernel/microcode_amd_early.c
+++ b/arch/x86/kernel/cpu/microcode/amd_early.c
@@ -2,6 +2,7 @@
 * Copyright (C) 2013 Advanced Micro Devices, Inc.
 *
 * Author: Jacob Shin <jacob.shin@amd.com>
+ * Fixes: Borislav Petkov <bp@suse.de>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@@ -15,10 +16,18 @@
 #include <asm/setup.h>
 #include <asm/microcode_amd.h>
-static bool ucode_loaded;
+/*
+ * This points to the current valid container of microcode patches which we will
+ * save from the initrd before jettisoning its contents.
+ */
+static u8 *container;
+static size_t container_size;
 static u32 ucode_new_rev;
-static unsigned long ucode_offset;
+u8 amd_ucode_patch[PATCH_MAX_SIZE];
-static size_t ucode_size;
+static u16 this_equiv_id;
+struct cpio_data ucode_cpio;
 /*
 * Microcode patch container file is prepended to the initrd in cpio format.
@@ -32,9 +41,6 @@ static struct cpio_data __init find_ucode_in_initrd(void)
        char *path;
        void *start;
        size_t size;
-        unsigned long *uoffset;
-        size_t *usize;
-        struct cpio_data cd;
 #ifdef CONFIG_X86_32
        struct boot_params *p;
@@ -47,30 +53,50 @@ static struct cpio_data __init find_ucode_in_initrd(void)
        path    = (char *)__pa_nodebug(ucode_path);
        start   = (void *)p->hdr.ramdisk_image;
        size    = p->hdr.ramdisk_size;
-        uoffset = (unsigned long *)__pa_nodebug(&ucode_offset);
-        usize   = (size_t *)__pa_nodebug(&ucode_size);
 #else
        path    = ucode_path;
        start   = (void *)(boot_params.hdr.ramdisk_image + PAGE_OFFSET);
        size    = boot_params.hdr.ramdisk_size;
-        uoffset = &ucode_offset;
-        usize   = &ucode_size;
 #endif
-        cd = find_cpio_data(path, start, size, &offset);
+        return find_cpio_data(path, start, size, &offset);
-        if (!cd.data)
+}
-                return cd;
-        if (*(u32 *)cd.data != UCODE_MAGIC) {
+static size_t compute_container_size(u8 *data, u32 total_size)
-                cd.data = NULL;
+{
-                cd.size = 0;
+        size_t size = 0;
-                return cd;
+        u32 *header = (u32 *)data;
-        }
+        if (header[0] != UCODE_MAGIC ||
+            header[1] != UCODE_EQUIV_CPU_TABLE_TYPE || /* type */
+            header[2] == 0)                            /* size */
+                return size;
+        size = header[2] + CONTAINER_HDR_SZ;
+        total_size -= size;
+        data += size;
-        *uoffset = (u8 *)cd.data - (u8 *)start;
+        while (total_size) {
-        *usize   = cd.size;
+                u16 patch_size;
+                header = (u32 *)data;
+                if (header[0] != UCODE_UCODE_TYPE)
+                        break;
+                /*
+                 * Sanity-check patch size.
+                 */
+                patch_size = header[1];
+                if (patch_size > PATCH_MAX_SIZE)
+                        break;
+                size       += patch_size + SECTION_HDR_SIZE;
+                data       += patch_size + SECTION_HDR_SIZE;
+                total_size -= patch_size + SECTION_HDR_SIZE;
+        }
-        return cd;
+        return size;
 }
 /*
@@ -85,23 +111,22 @@ static struct cpio_data __init find_ucode_in_initrd(void)
 static void apply_ucode_in_initrd(void *ucode, size_t size)
 {
        struct equiv_cpu_entry *eq;
+        size_t *cont_sz;
        u32 *header;
-        u8  *data;
+        u8  *data, **cont;
        u16 eq_id = 0;
        int offset, left;
-        u32 rev, eax;
+        u32 rev, eax, ebx, ecx, edx;
        u32 *new_rev;
-        unsigned long *uoffset;
-        size_t *usize;
 #ifdef CONFIG_X86_32
        new_rev = (u32 *)__pa_nodebug(&ucode_new_rev);
-        uoffset = (unsigned long *)__pa_nodebug(&ucode_offset);
+        cont_sz = (size_t *)__pa_nodebug(&container_size);
-        usize   = (size_t *)__pa_nodebug(&ucode_size);
+        cont    = (u8 **)__pa_nodebug(&container);
 #else
        new_rev = &ucode_new_rev;
-        uoffset = &ucode_offset;
+        cont_sz = &container_size;
-        usize   = &ucode_size;
+        cont    = &container;
 #endif
        data   = ucode;
@@ -109,23 +134,37 @@ static void apply_ucode_in_initrd(void *ucode, size_t size)
        header = (u32 *)data;
        /* find equiv cpu table */
+        if (header[0] != UCODE_MAGIC ||
-        if (header[1] != UCODE_EQUIV_CPU_TABLE_TYPE || /* type */
+            header[1] != UCODE_EQUIV_CPU_TABLE_TYPE || /* type */
            header[2] == 0)                            /* size */
                return;
-        eax = cpuid_eax(0x00000001);
+        eax = 0x00000001;
+        ecx = 0;
+        native_cpuid(&eax, &ebx, &ecx, &edx);
        while (left > 0) {
                eq = (struct equiv_cpu_entry *)(data + CONTAINER_HDR_SZ);
+                *cont = data;
+                /* Advance past the container header */
                offset = header[2] + CONTAINER_HDR_SZ;
                data  += offset;
                left  -= offset;
                eq_id = find_equiv_id(eq, eax);
-                if (eq_id)
+                if (eq_id) {
+                        this_equiv_id = eq_id;
+                        *cont_sz = compute_container_size(*cont, left + offset);
+                        /*
+                         * truncate how much we need to iterate over in the
+                         * ucode update loop below
+                         */
+                        left = *cont_sz - offset;
                        break;
+                }
                /*
                 * support multiple container files appended together. if this
@@ -145,19 +184,18 @@ static void apply_ucode_in_initrd(void *ucode, size_t size)
                /* mark where the next microcode container file starts */
                offset    = data - (u8 *)ucode;
-                *uoffset += offset;
-                *usize   -= offset;
                ucode     = data;
        }
        if (!eq_id) {
-                *usize = 0;
+                *cont = NULL;
+                *cont_sz = 0;
                return;
        }
        /* find ucode and update if needed */
-        rdmsr(MSR_AMD64_PATCH_LEVEL, rev, eax);
+        native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, eax);
        while (left > 0) {
                struct microcode_amd *mc;
@@ -168,134 +206,190 @@ static void apply_ucode_in_initrd(void *ucode, size_t size)
                        break;
                mc = (struct microcode_amd *)(data + SECTION_HDR_SIZE);
-                if (eq_id == mc->hdr.processor_rev_id && rev < mc->hdr.patch_id)
-                        if (__apply_microcode_amd(mc) == 0) {
+                if (eq_id == mc->hdr.processor_rev_id && rev < mc->hdr.patch_id) {
+                        if (!__apply_microcode_amd(mc)) {
                                rev = mc->hdr.patch_id;
                                *new_rev = rev;
+                                /* save ucode patch */
+                                memcpy(amd_ucode_patch, mc,
+                                       min_t(u32, header[1], PATCH_MAX_SIZE));
                        }
+                }
                offset  = header[1] + SECTION_HDR_SIZE;
                data   += offset;
                left   -= offset;
        }
-        /* mark where this microcode container file ends */
-        offset  = *usize - (data - (u8 *)ucode);
-        *usize -= offset;
-        if (!(*new_rev))
-                *usize = 0;
 }
 void __init load_ucode_amd_bsp(void)
 {
-        struct cpio_data cd = find_ucode_in_initrd();
+        struct cpio_data cp;
-        if (!cd.data)
+        void **data;
+        size_t *size;
+#ifdef CONFIG_X86_32
+        data =  (void **)__pa_nodebug(&ucode_cpio.data);
+        size = (size_t *)__pa_nodebug(&ucode_cpio.size);
+#else
+        data = &ucode_cpio.data;
+        size = &ucode_cpio.size;
+#endif
+        cp = find_ucode_in_initrd();
+        if (!cp.data)
                return;
-        apply_ucode_in_initrd(cd.data, cd.size);
+        *data = cp.data;
+        *size = cp.size;
+        apply_ucode_in_initrd(cp.data, cp.size);
 }
 #ifdef CONFIG_X86_32
-u8 amd_bsp_mpb[MPB_MAX_SIZE];
 /*
 * On 32-bit, since AP's early load occurs before paging is turned on, we
 * cannot traverse cpu_equiv_table and pcache in kernel heap memory. So during
 * cold boot, AP will apply_ucode_in_initrd() just like the BSP. During
- * save_microcode_in_initrd_amd() BSP's patch is copied to amd_bsp_mpb, which
+ * save_microcode_in_initrd_amd() BSP's patch is copied to amd_ucode_patch,
- * is used upon resume from suspend.
+ * which is used upon resume from suspend.
 */
 void load_ucode_amd_ap(void)
 {
        struct microcode_amd *mc;
-        unsigned long *initrd;
-        unsigned long *uoffset;
        size_t *usize;
-        void *ucode;
+        void **ucode;
-        mc = (struct microcode_amd *)__pa(amd_bsp_mpb);
+        mc = (struct microcode_amd *)__pa(amd_ucode_patch);
        if (mc->hdr.patch_id && mc->hdr.processor_rev_id) {
                __apply_microcode_amd(mc);
                return;
        }
-        initrd  = (unsigned long *)__pa(&initrd_start);
+        ucode = (void *)__pa_nodebug(&container);
-        uoffset = (unsigned long *)__pa(&ucode_offset);
+        usize = (size_t *)__pa_nodebug(&container_size);
-        usize   = (size_t *)__pa(&ucode_size);
-        if (!*usize || !*initrd)
+        if (!*ucode || !*usize)
                return;
-        ucode = (void *)((unsigned long)__pa(*initrd) + *uoffset);
+        apply_ucode_in_initrd(*ucode, *usize);
-        apply_ucode_in_initrd(ucode, *usize);
 }
 static void __init collect_cpu_sig_on_bsp(void *arg)
 {
        unsigned int cpu = smp_processor_id();
        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
        uci->cpu_sig.sig = cpuid_eax(0x00000001);
 }
+static void __init get_bsp_sig(void)
+{
+        unsigned int bsp = boot_cpu_data.cpu_index;
+        struct ucode_cpu_info *uci = ucode_cpu_info + bsp;
+        if (!uci->cpu_sig.sig)
+                smp_call_function_single(bsp, collect_cpu_sig_on_bsp, NULL, 1);
+}
 #else
 void load_ucode_amd_ap(void)
 {
        unsigned int cpu = smp_processor_id();
        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+        struct equiv_cpu_entry *eq;
+        struct microcode_amd *mc;
        u32 rev, eax;
+        u16 eq_id;
+        /* Exit if called on the BSP. */
+        if (!cpu)
+                return;
+        if (!container)
+                return;
        rdmsr(MSR_AMD64_PATCH_LEVEL, rev, eax);
-        eax = cpuid_eax(0x00000001);
        uci->cpu_sig.rev = rev;
        uci->cpu_sig.sig = eax;
-        if (cpu && !ucode_loaded) {
+        eax = cpuid_eax(0x00000001);
-                void *ucode;
+        eq  = (struct equiv_cpu_entry *)(container + CONTAINER_HDR_SZ);
+        eq_id = find_equiv_id(eq, eax);
+        if (!eq_id)
+                return;
-                if (!ucode_size || !initrd_start)
+        if (eq_id == this_equiv_id) {
-                        return;
+                mc = (struct microcode_amd *)amd_ucode_patch;
+                if (mc && rev < mc->hdr.patch_id) {
+                        if (!__apply_microcode_amd(mc))
+                                ucode_new_rev = mc->hdr.patch_id;
+                }
-                ucode = (void *)(initrd_start + ucode_offset);
+        } else {
-                eax   = ((eax >> 8) & 0xf) + ((eax >> 20) & 0xff);
+                if (!ucode_cpio.data)
-                if (load_microcode_amd(eax, ucode, ucode_size) != UCODE_OK)
                        return;
-                ucode_loaded = true;
+                /*
+                 * AP has a different equivalence ID than BSP, looks like
+                 * mixed-steppings silicon so go through the ucode blob anew.
+                 */
+                apply_ucode_in_initrd(ucode_cpio.data, ucode_cpio.size);
        }
-        apply_microcode_amd(cpu);
 }
 #endif
 int __init save_microcode_in_initrd_amd(void)
 {
+        unsigned long cont;
        enum ucode_state ret;
-        void *ucode;
        u32 eax;
-#ifdef CONFIG_X86_32
+        if (!container)
-        unsigned int bsp = boot_cpu_data.cpu_index;
+                return -EINVAL;
-        struct ucode_cpu_info *uci = ucode_cpu_info + bsp;
-        if (!uci->cpu_sig.sig)
+#ifdef CONFIG_X86_32
-                smp_call_function_single(bsp, collect_cpu_sig_on_bsp, NULL, 1);
+        get_bsp_sig();
+        cont = (unsigned long)container;
+#else
+        /*
+         * We need the physical address of the container for both bitness since
+         * boot_params.hdr.ramdisk_image is a physical address.
+         */
+        cont = __pa(container);
 #endif
+        /*
+         * Take into account the fact that the ramdisk might get relocated and
+         * therefore we need to recompute the container's position in virtual
+         * memory space.
+         */
+        if (relocated_ramdisk)
+                container = (u8 *)(__va(relocated_ramdisk) +
+                             (cont - boot_params.hdr.ramdisk_image));
        if (ucode_new_rev)
                pr_info("microcode: updated early to new patch_level=0x%08x\n",
                        ucode_new_rev);
-        if (ucode_loaded || !ucode_size || !initrd_start)
-                return 0;
-        ucode = (void *)(initrd_start + ucode_offset);
        eax   = cpuid_eax(0x00000001);
        eax   = ((eax >> 8) & 0xf) + ((eax >> 20) & 0xff);
-        ret = load_microcode_amd(eax, ucode, ucode_size);
+        ret = load_microcode_amd(eax, container, container_size);
        if (ret != UCODE_OK)
                return -EINVAL;
-        ucode_loaded = true;
+        /*
+         * This will be freed any msec now, stash patches for the current
+         * family and switch to patch cache for cpu hotplug, etc later.
+         */
+        container = NULL;
+        container_size = 0;
        return 0;
 }
diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/cpu/microcode/core.c
index 15c987698b0f..15c987698b0f 100644
--- a/arch/x86/kernel/microcode_core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
diff --git a/arch/x86/kernel/microcode_core_early.c b/arch/x86/kernel/cpu/microcode/core_early.c
index be7f8514f577..be7f8514f577 100644
--- a/arch/x86/kernel/microcode_core_early.c
+++ b/arch/x86/kernel/cpu/microcode/core_early.c
diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 5fb2cebf556b..a276fa75d9b5 100644
--- a/arch/x86/kernel/microcode_intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -278,7 +278,7 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device,
        sprintf(name, "intel-ucode/%02x-%02x-%02x",
                c->x86, c->x86_model, c->x86_mask);
-        if (request_firmware(&firmware, name, device)) {
+        if (request_firmware_direct(&firmware, name, device)) {
                pr_debug("data file %s load failed\n", name);
                return UCODE_NFOUND;
        }
diff --git a/arch/x86/kernel/microcode_intel_early.c b/arch/x86/kernel/cpu/microcode/intel_early.c
index 1575deb2e636..18f739129e72 100644
--- a/arch/x86/kernel/microcode_intel_early.c
+++ b/arch/x86/kernel/cpu/microcode/intel_early.c
@@ -365,16 +365,6 @@ out:
        return state;
 }
-#define native_rdmsr(msr, val1, val2)           \
-do {                                            \
-        u64 __val = native_read_msr((msr));     \
-        (void)((val1) = (u32)__val);            \
-        (void)((val2) = (u32)(__val >> 32));    \
-} while (0)
-#define native_wrmsr(msr, low, high)            \
-        native_write_msr(msr, low, high);
 static int collect_cpu_info_early(struct ucode_cpu_info *uci)
 {
        unsigned int val[2];
diff --git a/arch/x86/kernel/microcode_intel_lib.c b/arch/x86/kernel/cpu/microcode/intel_lib.c
index ce69320d0179..ce69320d0179 100644
--- a/arch/x86/kernel/microcode_intel_lib.c
+++ b/arch/x86/kernel/cpu/microcode/intel_lib.c
diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
index 9f7ca266864a..76f98fe5b35c 100644
--- a/arch/x86/kernel/cpu/mshyperv.c
+++ b/arch/x86/kernel/cpu/mshyperv.c
@@ -17,6 +17,7 @@
 #include <linux/hardirq.h>
 #include <linux/efi.h>
 #include <linux/interrupt.h>
+#include <linux/irq.h>
 #include <asm/processor.h>
 #include <asm/hypervisor.h>
 #include <asm/hyperv.h>
@@ -26,10 +27,50 @@
 #include <asm/irq_regs.h>
 #include <asm/i8259.h>
 #include <asm/apic.h>
+#include <asm/timer.h>
 struct ms_hyperv_info ms_hyperv;
 EXPORT_SYMBOL_GPL(ms_hyperv);
+#if IS_ENABLED(CONFIG_HYPERV)
+static void (*vmbus_handler)(void);
+void hyperv_vector_handler(struct pt_regs *regs)
+{
+        struct pt_regs *old_regs = set_irq_regs(regs);
+        irq_enter();
+        exit_idle();
+        inc_irq_stat(irq_hv_callback_count);
+        if (vmbus_handler)
+                vmbus_handler();
+        irq_exit();
+        set_irq_regs(old_regs);
+}
+void hv_setup_vmbus_irq(void (*handler)(void))
+{
+        vmbus_handler = handler;
+        /*
+         * Setup the IDT for hypervisor callback. Prevent reallocation
+         * at module reload.
+         */
+        if (!test_bit(HYPERVISOR_CALLBACK_VECTOR, used_vectors))
+                alloc_intr_gate(HYPERVISOR_CALLBACK_VECTOR,
+                                hyperv_callback_vector);
+}
+void hv_remove_vmbus_irq(void)
+{
+        /* We have no way to deallocate the interrupt gate */
+        vmbus_handler = NULL;
+}
+EXPORT_SYMBOL_GPL(hv_setup_vmbus_irq);
+EXPORT_SYMBOL_GPL(hv_remove_vmbus_irq);
+#endif
 static uint32_t  __init ms_hyperv_platform(void)
 {
        u32 eax;
@@ -105,6 +146,11 @@ static void __init ms_hyperv_init_platform(void)
        if (ms_hyperv.features & HV_X64_MSR_TIME_REF_COUNT_AVAILABLE)
                clocksource_register_hz(&hyperv_cs, NSEC_PER_SEC/100);
+#ifdef CONFIG_X86_IO_APIC
+        no_timer_check = 1;
+#endif
 }
 const __refconst struct hypervisor_x86 x86_hyper_ms_hyperv = {
@@ -113,41 +159,3 @@ const __refconst struct hypervisor_x86 x86_hyper_ms_hyperv = {
        .init_platform          = ms_hyperv_init_platform,
 };
 EXPORT_SYMBOL(x86_hyper_ms_hyperv);
-#if IS_ENABLED(CONFIG_HYPERV)
-static int vmbus_irq = -1;
-static irq_handler_t vmbus_isr;
-void hv_register_vmbus_handler(int irq, irq_handler_t handler)
-{
-        /*
-         * Setup the IDT for hypervisor callback.
-         */
-        alloc_intr_gate(HYPERVISOR_CALLBACK_VECTOR, hyperv_callback_vector);
-        vmbus_irq = irq;
-        vmbus_isr = handler;
-}
-void hyperv_vector_handler(struct pt_regs *regs)
-{
-        struct pt_regs *old_regs = set_irq_regs(regs);
-        struct irq_desc *desc;
-        irq_enter();
-        exit_idle();
-        desc = irq_to_desc(vmbus_irq);
-        if (desc)
-                generic_handle_irq_desc(vmbus_irq, desc);
-        irq_exit();
-        set_irq_regs(old_regs);
-}
-#else
-void hv_register_vmbus_handler(int irq, irq_handler_t handler)
-{
-}
-#endif
-EXPORT_SYMBOL_GPL(hv_register_vmbus_handler);
diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c
index ce2d0a2c3e4f..0e25a1bc5ab5 100644
--- a/arch/x86/kernel/cpu/mtrr/generic.c
+++ b/arch/x86/kernel/cpu/mtrr/generic.c
@@ -683,7 +683,7 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
        }
        /* Flush all TLBs via a mov %cr3, %reg; mov %reg, %cr3 */
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        __flush_tlb();
        /* Save MTRR state */
@@ -697,7 +697,7 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
 static void post_set(void) __releases(set_atomicity_lock)
 {
        /* Flush TLBs (no need to flush caches - they are disabled) */
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        __flush_tlb();
        /* Intel (P6) standard MTRRs */
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
index 8e132931614d..ae407f7226c8 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
@@ -892,7 +892,6 @@ static void x86_pmu_enable(struct pmu *pmu)
                 * hw_perf_group_sched_in() or x86_pmu_enable()
                 *
                 * step1: save events moving to new counters
-                 * step2: reprogram moved events into new counters
                 */
                for (i = 0; i < n_running; i++) {
                        event = cpuc->event_list[i];
@@ -918,6 +917,9 @@ static void x86_pmu_enable(struct pmu *pmu)
                        x86_pmu_stop(event, PERF_EF_UPDATE);
                }
+                /*
+                 * step2: reprogram moved events into new counters
+                 */
                for (i = 0; i < cpuc->n_events; i++) {
                        event = cpuc->event_list[i];
                        hwc = &event->hw;
@@ -1043,7 +1045,7 @@ static int x86_pmu_add(struct perf_event *event, int flags)
        /*
         * If group events scheduling transaction was started,
         * skip the schedulability test here, it will be performed
-         * at commit time (->commit_txn) as a whole
+         * at commit time (->commit_txn) as a whole.
         */
        if (cpuc->group_flag & PERF_EVENT_TXN)
                goto done_collect;
@@ -1058,6 +1060,10 @@ static int x86_pmu_add(struct perf_event *event, int flags)
        memcpy(cpuc->assign, assign, n*sizeof(int));
 done_collect:
+        /*
+         * Commit the collect_events() state. See x86_pmu_del() and
+         * x86_pmu_*_txn().
+         */
        cpuc->n_events = n;
        cpuc->n_added += n - n0;
        cpuc->n_txn += n - n0;
@@ -1183,25 +1189,38 @@ static void x86_pmu_del(struct perf_event *event, int flags)
         * If we're called during a txn, we don't need to do anything.
         * The events never got scheduled and ->cancel_txn will truncate
         * the event_list.
+         *
+         * XXX assumes any ->del() called during a TXN will only be on
+         * an event added during that same TXN.
         */
        if (cpuc->group_flag & PERF_EVENT_TXN)
                return;
+        /*
+         * Not a TXN, therefore cleanup properly.
+         */
        x86_pmu_stop(event, PERF_EF_UPDATE);
        for (i = 0; i < cpuc->n_events; i++) {
-                if (event == cpuc->event_list[i]) {
+                if (event == cpuc->event_list[i])
+                        break;
+        }
-                        if (x86_pmu.put_event_constraints)
+        if (WARN_ON_ONCE(i == cpuc->n_events)) /* called ->del() without ->add() ? */
-                                x86_pmu.put_event_constraints(cpuc, event);
+                return;
-                        while (++i < cpuc->n_events)
+        /* If we have a newly added event; make sure to decrease n_added. */
-                                cpuc->event_list[i-1] = cpuc->event_list[i];
+        if (i >= cpuc->n_events - cpuc->n_added)
+                --cpuc->n_added;
+        if (x86_pmu.put_event_constraints)
+                x86_pmu.put_event_constraints(cpuc, event);
+        /* Delete the array entry. */
+        while (++i < cpuc->n_events)
+                cpuc->event_list[i-1] = cpuc->event_list[i];
+        --cpuc->n_events;
-                        --cpuc->n_events;
-                        break;
-                }
-        }
        perf_event_update_userpage(event);
 }
@@ -1521,6 +1540,8 @@ static int __init init_hw_perf_events(void)
        pr_cont("%s PMU driver.\n", x86_pmu.name);
+        x86_pmu.attr_rdpmc = 1; /* enable userspace RDPMC usage by default */
        for (quirk = x86_pmu.quirks; quirk; quirk = quirk->next)
                quirk->func();
@@ -1534,7 +1555,6 @@ static int __init init_hw_perf_events(void)
                __EVENT_CONSTRAINT(0, (1ULL << x86_pmu.num_counters) - 1,
                                   0, x86_pmu.num_counters, 0, 0);
-        x86_pmu.attr_rdpmc = 1; /* enable userspace RDPMC usage by default */
        x86_pmu_format_group.attrs = x86_pmu.format_attrs;
        if (x86_pmu.event_attrs)
@@ -1594,7 +1614,8 @@ static void x86_pmu_cancel_txn(struct pmu *pmu)
 {
        __this_cpu_and(cpu_hw_events.group_flag, ~PERF_EVENT_TXN);
        /*
-         * Truncate the collected events.
+         * Truncate collected array by the number of events added in this
+         * transaction. See x86_pmu_add() and x86_pmu_*_txn().
         */
        __this_cpu_sub(cpu_hw_events.n_added, __this_cpu_read(cpu_hw_events.n_txn));
        __this_cpu_sub(cpu_hw_events.n_events, __this_cpu_read(cpu_hw_events.n_txn));
@@ -1605,6 +1626,8 @@ static void x86_pmu_cancel_txn(struct pmu *pmu)
 * Commit group events scheduling transaction
 * Perform the group schedulability test as a whole
 * Return 0 if success
+ *
+ * Does not cancel the transaction on failure; expects the caller to do this.
 */
 static int x86_pmu_commit_txn(struct pmu *pmu)
 {
@@ -1820,9 +1843,12 @@ static ssize_t set_attr_rdpmc(struct device *cdev,
        if (ret)
                return ret;
+        if (x86_pmu.attr_rdpmc_broken)
+                return -ENOTSUPP;
        if (!!val != !!x86_pmu.attr_rdpmc) {
                x86_pmu.attr_rdpmc = !!val;
-                smp_call_function(change_rdpmc, (void *)val, 1);
+                on_each_cpu(change_rdpmc, (void *)val, 1);
        }
        return count;
@@ -1883,21 +1909,27 @@ static struct pmu pmu = {
 void arch_perf_update_userpage(struct perf_event_mmap_page *userpg, u64 now)
 {
+        struct cyc2ns_data *data;
        userpg->cap_user_time = 0;
        userpg->cap_user_time_zero = 0;
        userpg->cap_user_rdpmc = x86_pmu.attr_rdpmc;
        userpg->pmc_width = x86_pmu.cntval_bits;
-        if (!sched_clock_stable)
+        if (!sched_clock_stable())
                return;
+        data = cyc2ns_read_begin();
        userpg->cap_user_time = 1;
-        userpg->time_mult = this_cpu_read(cyc2ns);
+        userpg->time_mult = data->cyc2ns_mul;
-        userpg->time_shift = CYC2NS_SCALE_FACTOR;
+        userpg->time_shift = data->cyc2ns_shift;
-        userpg->time_offset = this_cpu_read(cyc2ns_offset) - now;
+        userpg->time_offset = data->cyc2ns_offset - now;
        userpg->cap_user_time_zero = 1;
-        userpg->time_zero = this_cpu_read(cyc2ns_offset);
+        userpg->time_zero = data->cyc2ns_offset;
+        cyc2ns_read_end(data);
 }
 /*
diff --git a/arch/x86/kernel/cpu/perf_event.h b/arch/x86/kernel/cpu/perf_event.h
index c1a861829d81..3b2f9bdd974b 100644
--- a/arch/x86/kernel/cpu/perf_event.h
+++ b/arch/x86/kernel/cpu/perf_event.h
@@ -130,9 +130,11 @@ struct cpu_hw_events {
        unsigned long           running[BITS_TO_LONGS(X86_PMC_IDX_MAX)];
        int                     enabled;
-        int                     n_events;
+        int                     n_events; /* the # of events in the below arrays */
-        int                     n_added;
+        int                     n_added;  /* the # last events in the below arrays;
-        int                     n_txn;
+                                             they've never been enabled yet */
+        int                     n_txn;    /* the # last events in the below arrays;
+                                             added in the current transaction */
        int                     assign[X86_PMC_IDX_MAX]; /* event to counter assignment */
        u64                     tags[X86_PMC_IDX_MAX];
        struct perf_event       *event_list[X86_PMC_IDX_MAX]; /* in enabled order */
@@ -409,6 +411,7 @@ struct x86_pmu {
        /*
         * sysfs attrs
         */
+        int             attr_rdpmc_broken;
        int             attr_rdpmc;
        struct attribute **format_attrs;
        struct attribute **event_attrs;
diff --git a/arch/x86/kernel/cpu/perf_event_amd_ibs.c b/arch/x86/kernel/cpu/perf_event_amd_ibs.c
index 4b8e4d3cd6ea..4c36bbe3173a 100644
--- a/arch/x86/kernel/cpu/perf_event_amd_ibs.c
+++ b/arch/x86/kernel/cpu/perf_event_amd_ibs.c
@@ -926,13 +926,13 @@ static __init int amd_ibs_init(void)
                goto out;
        perf_ibs_pm_init();
-        get_online_cpus();
+        cpu_notifier_register_begin();
        ibs_caps = caps;
        /* make ibs_caps visible to other cpus: */
        smp_mb();
-        perf_cpu_notifier(perf_ibs_cpu_notifier);
        smp_call_function(setup_APIC_ibs, NULL, 1);
-        put_online_cpus();
+        __perf_cpu_notifier(perf_ibs_cpu_notifier);
+        cpu_notifier_register_done();
        ret = perf_event_ibs_init();
 out:
diff --git a/arch/x86/kernel/cpu/perf_event_amd_uncore.c b/arch/x86/kernel/cpu/perf_event_amd_uncore.c
index 754291adec33..3bbdf4cd38b9 100644
--- a/arch/x86/kernel/cpu/perf_event_amd_uncore.c
+++ b/arch/x86/kernel/cpu/perf_event_amd_uncore.c
@@ -531,15 +531,16 @@ static int __init amd_uncore_init(void)
        if (ret)
                return -ENODEV;
-        get_online_cpus();
+        cpu_notifier_register_begin();
        /* init cpus already online before registering for hotplug notifier */
        for_each_online_cpu(cpu) {
                amd_uncore_cpu_up_prepare(cpu);
                smp_call_function_single(cpu, init_cpu_already_online, NULL, 1);
        }
-        register_cpu_notifier(&amd_uncore_cpu_notifier_block);
+        __register_cpu_notifier(&amd_uncore_cpu_notifier_block);
-        put_online_cpus();
+        cpu_notifier_register_done();
        return 0;
 }
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
index 0fa4f242f050..aa333d966886 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
@@ -1361,10 +1361,8 @@ static int intel_pmu_handle_irq(struct pt_regs *regs)
        intel_pmu_disable_all();
        handled = intel_pmu_drain_bts_buffer();
        status = intel_pmu_get_status();
-        if (!status) {
+        if (!status)
-                intel_pmu_enable_all(0);
+                goto done;
-                return handled;
-        }
        loops = 0;
 again:
@@ -2310,10 +2308,7 @@ __init int intel_pmu_init(void)
        if (version > 1)
                x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3);
-        /*
+        if (boot_cpu_has(X86_FEATURE_PDCM)) {
-         * v2 and above have a perf capabilities MSR
-         */
-        if (version > 1) {
                u64 capabilities;
                rdmsrl(MSR_IA32_PERF_CAPABILITIES, capabilities);
diff --git a/arch/x86/kernel/cpu/perf_event_intel_rapl.c b/arch/x86/kernel/cpu/perf_event_intel_rapl.c
new file mode 100644
index 000000000000..059218ed5208
--- /dev/null
+++ b/arch/x86/kernel/cpu/perf_event_intel_rapl.c
@@ -0,0 +1,680 @@
+/*
+ * perf_event_intel_rapl.c: support Intel RAPL energy consumption counters
+ * Copyright (C) 2013 Google, Inc., Stephane Eranian
+ *
+ * Intel RAPL interface is specified in the IA-32 Manual Vol3b
+ * section 14.7.1 (September 2013)
+ *
+ * RAPL provides more controls than just reporting energy consumption
+ * however here we only expose the 3 energy consumption free running
+ * counters (pp0, pkg, dram).
+ *
+ * Each of those counters increments in a power unit defined by the
+ * RAPL_POWER_UNIT MSR. On SandyBridge, this unit is 1/(2^16) Joules
+ * but it can vary.
+ *
+ * Counter to rapl events mappings:
+ *
+ *  pp0 counter: consumption of all physical cores (power plane 0)
+ *        event: rapl_energy_cores
+ *    perf code: 0x1
+ *
+ *  pkg counter: consumption of the whole processor package
+ *        event: rapl_energy_pkg
+ *    perf code: 0x2
+ *
+ * dram counter: consumption of the dram domain (servers only)
+ *        event: rapl_energy_dram
+ *    perf code: 0x3
+ *
+ * dram counter: consumption of the builtin-gpu domain (client only)
+ *        event: rapl_energy_gpu
+ *    perf code: 0x4
+ *
+ * We manage those counters as free running (read-only). They may be
+ * use simultaneously by other tools, such as turbostat.
+ *
+ * The events only support system-wide mode counting. There is no
+ * sampling support because it does not make sense and is not
+ * supported by the RAPL hardware.
+ *
+ * Because we want to avoid floating-point operations in the kernel,
+ * the events are all reported in fixed point arithmetic (32.32).
+ * Tools must adjust the counts to convert them to Watts using
+ * the duration of the measurement. Tools may use a function such as
+ * ldexp(raw_count, -32);
+ */
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/perf_event.h>
+#include <asm/cpu_device_id.h>
+#include "perf_event.h"
+/*
+ * RAPL energy status counters
+ */
+#define RAPL_IDX_PP0_NRG_STAT   0       /* all cores */
+#define INTEL_RAPL_PP0          0x1     /* pseudo-encoding */
+#define RAPL_IDX_PKG_NRG_STAT   1       /* entire package */
+#define INTEL_RAPL_PKG          0x2     /* pseudo-encoding */
+#define RAPL_IDX_RAM_NRG_STAT   2       /* DRAM */
+#define INTEL_RAPL_RAM          0x3     /* pseudo-encoding */
+#define RAPL_IDX_PP1_NRG_STAT   3       /* DRAM */
+#define INTEL_RAPL_PP1          0x4     /* pseudo-encoding */
+/* Clients have PP0, PKG */
+#define RAPL_IDX_CLN    (1<<RAPL_IDX_PP0_NRG_STAT|\
+                         1<<RAPL_IDX_PKG_NRG_STAT|\
+                         1<<RAPL_IDX_PP1_NRG_STAT)
+/* Servers have PP0, PKG, RAM */
+#define RAPL_IDX_SRV    (1<<RAPL_IDX_PP0_NRG_STAT|\
+                         1<<RAPL_IDX_PKG_NRG_STAT|\
+                         1<<RAPL_IDX_RAM_NRG_STAT)
+/*
+ * event code: LSB 8 bits, passed in attr->config
+ * any other bit is reserved
+ */
+#define RAPL_EVENT_MASK 0xFFULL
+#define DEFINE_RAPL_FORMAT_ATTR(_var, _name, _format)           \
+static ssize_t __rapl_##_var##_show(struct kobject *kobj,       \
+                                struct kobj_attribute *attr,    \
+                                char *page)                     \
+{                                                               \
+        BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE);             \
+        return sprintf(page, _format "\n");                     \
+}                                                               \
+static struct kobj_attribute format_attr_##_var =               \
+        __ATTR(_name, 0444, __rapl_##_var##_show, NULL)
+#define RAPL_EVENT_DESC(_name, _config)                         \
+{                                                               \
+        .attr   = __ATTR(_name, 0444, rapl_event_show, NULL),   \
+        .config = _config,                                      \
+}
+#define RAPL_CNTR_WIDTH 32 /* 32-bit rapl counters */
+struct rapl_pmu {
+        spinlock_t       lock;
+        int              hw_unit;  /* 1/2^hw_unit Joule */
+        int              n_active; /* number of active events */
+        struct list_head active_list;
+        struct pmu       *pmu; /* pointer to rapl_pmu_class */
+        ktime_t          timer_interval; /* in ktime_t unit */
+        struct hrtimer   hrtimer;
+};
+static struct pmu rapl_pmu_class;
+static cpumask_t rapl_cpu_mask;
+static int rapl_cntr_mask;
+static DEFINE_PER_CPU(struct rapl_pmu *, rapl_pmu);
+static DEFINE_PER_CPU(struct rapl_pmu *, rapl_pmu_to_free);
+static inline u64 rapl_read_counter(struct perf_event *event)
+{
+        u64 raw;
+        rdmsrl(event->hw.event_base, raw);
+        return raw;
+}
+static inline u64 rapl_scale(u64 v)
+{
+        /*
+         * scale delta to smallest unit (1/2^32)
+         * users must then scale back: count * 1/(1e9*2^32) to get Joules
+         * or use ldexp(count, -32).
+         * Watts = Joules/Time delta
+         */
+        return v << (32 - __get_cpu_var(rapl_pmu)->hw_unit);
+}
+static u64 rapl_event_update(struct perf_event *event)
+{
+        struct hw_perf_event *hwc = &event->hw;
+        u64 prev_raw_count, new_raw_count;
+        s64 delta, sdelta;
+        int shift = RAPL_CNTR_WIDTH;
+again:
+        prev_raw_count = local64_read(&hwc->prev_count);
+        rdmsrl(event->hw.event_base, new_raw_count);
+        if (local64_cmpxchg(&hwc->prev_count, prev_raw_count,
+                            new_raw_count) != prev_raw_count) {
+                cpu_relax();
+                goto again;
+        }
+        /*
+         * Now we have the new raw value and have updated the prev
+         * timestamp already. We can now calculate the elapsed delta
+         * (event-)time and add that to the generic event.
+         *
+         * Careful, not all hw sign-extends above the physical width
+         * of the count.
+         */
+        delta = (new_raw_count << shift) - (prev_raw_count << shift);
+        delta >>= shift;
+        sdelta = rapl_scale(delta);
+        local64_add(sdelta, &event->count);
+        return new_raw_count;
+}
+static void rapl_start_hrtimer(struct rapl_pmu *pmu)
+{
+        __hrtimer_start_range_ns(&pmu->hrtimer,
+                        pmu->timer_interval, 0,
+                        HRTIMER_MODE_REL_PINNED, 0);
+}
+static void rapl_stop_hrtimer(struct rapl_pmu *pmu)
+{
+        hrtimer_cancel(&pmu->hrtimer);
+}
+static enum hrtimer_restart rapl_hrtimer_handle(struct hrtimer *hrtimer)
+{
+        struct rapl_pmu *pmu = __get_cpu_var(rapl_pmu);
+        struct perf_event *event;
+        unsigned long flags;
+        if (!pmu->n_active)
+                return HRTIMER_NORESTART;
+        spin_lock_irqsave(&pmu->lock, flags);
+        list_for_each_entry(event, &pmu->active_list, active_entry) {
+                rapl_event_update(event);
+        }
+        spin_unlock_irqrestore(&pmu->lock, flags);
+        hrtimer_forward_now(hrtimer, pmu->timer_interval);
+        return HRTIMER_RESTART;
+}
+static void rapl_hrtimer_init(struct rapl_pmu *pmu)
+{
+        struct hrtimer *hr = &pmu->hrtimer;
+        hrtimer_init(hr, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
+        hr->function = rapl_hrtimer_handle;
+}
+static void __rapl_pmu_event_start(struct rapl_pmu *pmu,
+                                   struct perf_event *event)
+{
+        if (WARN_ON_ONCE(!(event->hw.state & PERF_HES_STOPPED)))
+                return;
+        event->hw.state = 0;
+        list_add_tail(&event->active_entry, &pmu->active_list);
+        local64_set(&event->hw.prev_count, rapl_read_counter(event));
+        pmu->n_active++;
+        if (pmu->n_active == 1)
+                rapl_start_hrtimer(pmu);
+}
+static void rapl_pmu_event_start(struct perf_event *event, int mode)
+{
+        struct rapl_pmu *pmu = __get_cpu_var(rapl_pmu);
+        unsigned long flags;
+        spin_lock_irqsave(&pmu->lock, flags);
+        __rapl_pmu_event_start(pmu, event);
+        spin_unlock_irqrestore(&pmu->lock, flags);
+}
+static void rapl_pmu_event_stop(struct perf_event *event, int mode)
+{
+        struct rapl_pmu *pmu = __get_cpu_var(rapl_pmu);
+        struct hw_perf_event *hwc = &event->hw;
+        unsigned long flags;
+        spin_lock_irqsave(&pmu->lock, flags);
+        /* mark event as deactivated and stopped */
+        if (!(hwc->state & PERF_HES_STOPPED)) {
+                WARN_ON_ONCE(pmu->n_active <= 0);
+                pmu->n_active--;
+                if (pmu->n_active == 0)
+                        rapl_stop_hrtimer(pmu);
+                list_del(&event->active_entry);
+                WARN_ON_ONCE(hwc->state & PERF_HES_STOPPED);
+                hwc->state |= PERF_HES_STOPPED;
+        }
+        /* check if update of sw counter is necessary */
+        if ((mode & PERF_EF_UPDATE) && !(hwc->state & PERF_HES_UPTODATE)) {
+                /*
+                 * Drain the remaining delta count out of a event
+                 * that we are disabling:
+                 */
+                rapl_event_update(event);
+                hwc->state |= PERF_HES_UPTODATE;
+        }
+        spin_unlock_irqrestore(&pmu->lock, flags);
+}
+static int rapl_pmu_event_add(struct perf_event *event, int mode)
+{
+        struct rapl_pmu *pmu = __get_cpu_var(rapl_pmu);
+        struct hw_perf_event *hwc = &event->hw;
+        unsigned long flags;
+        spin_lock_irqsave(&pmu->lock, flags);
+        hwc->state = PERF_HES_UPTODATE | PERF_HES_STOPPED;
+        if (mode & PERF_EF_START)
+                __rapl_pmu_event_start(pmu, event);
+        spin_unlock_irqrestore(&pmu->lock, flags);
+        return 0;
+}
+static void rapl_pmu_event_del(struct perf_event *event, int flags)
+{
+        rapl_pmu_event_stop(event, PERF_EF_UPDATE);
+}
+static int rapl_pmu_event_init(struct perf_event *event)
+{
+        u64 cfg = event->attr.config & RAPL_EVENT_MASK;
+        int bit, msr, ret = 0;
+        /* only look at RAPL events */
+        if (event->attr.type != rapl_pmu_class.type)
+                return -ENOENT;
+        /* check only supported bits are set */
+        if (event->attr.config & ~RAPL_EVENT_MASK)
+                return -EINVAL;
+        /*
+         * check event is known (determines counter)
+         */
+        switch (cfg) {
+        case INTEL_RAPL_PP0:
+                bit = RAPL_IDX_PP0_NRG_STAT;
+                msr = MSR_PP0_ENERGY_STATUS;
+                break;
+        case INTEL_RAPL_PKG:
+                bit = RAPL_IDX_PKG_NRG_STAT;
+                msr = MSR_PKG_ENERGY_STATUS;
+                break;
+        case INTEL_RAPL_RAM:
+                bit = RAPL_IDX_RAM_NRG_STAT;
+                msr = MSR_DRAM_ENERGY_STATUS;
+                break;
+        case INTEL_RAPL_PP1:
+                bit = RAPL_IDX_PP1_NRG_STAT;
+                msr = MSR_PP1_ENERGY_STATUS;
+                break;
+        default:
+                return -EINVAL;
+        }
+        /* check event supported */
+        if (!(rapl_cntr_mask & (1 << bit)))
+                return -EINVAL;
+        /* unsupported modes and filters */
+        if (event->attr.exclude_user   ||
+            event->attr.exclude_kernel ||
+            event->attr.exclude_hv     ||
+            event->attr.exclude_idle   ||
+            event->attr.exclude_host   ||
+            event->attr.exclude_guest  ||
+            event->attr.sample_period) /* no sampling */
+                return -EINVAL;
+        /* must be done before validate_group */
+        event->hw.event_base = msr;
+        event->hw.config = cfg;
+        event->hw.idx = bit;
+        return ret;
+}
+static void rapl_pmu_event_read(struct perf_event *event)
+{
+        rapl_event_update(event);
+}
+static ssize_t rapl_get_attr_cpumask(struct device *dev,
+                                struct device_attribute *attr, char *buf)
+{
+        int n = cpulist_scnprintf(buf, PAGE_SIZE - 2, &rapl_cpu_mask);
+        buf[n++] = '\n';
+        buf[n] = '\0';
+        return n;
+}
+static DEVICE_ATTR(cpumask, S_IRUGO, rapl_get_attr_cpumask, NULL);
+static struct attribute *rapl_pmu_attrs[] = {
+        &dev_attr_cpumask.attr,
+        NULL,
+};
+static struct attribute_group rapl_pmu_attr_group = {
+        .attrs = rapl_pmu_attrs,
+};
+EVENT_ATTR_STR(energy-cores, rapl_cores, "event=0x01");
+EVENT_ATTR_STR(energy-pkg  ,   rapl_pkg, "event=0x02");
+EVENT_ATTR_STR(energy-ram  ,   rapl_ram, "event=0x03");
+EVENT_ATTR_STR(energy-gpu  ,   rapl_gpu, "event=0x04");
+EVENT_ATTR_STR(energy-cores.unit, rapl_cores_unit, "Joules");
+EVENT_ATTR_STR(energy-pkg.unit  ,   rapl_pkg_unit, "Joules");
+EVENT_ATTR_STR(energy-ram.unit  ,   rapl_ram_unit, "Joules");
+EVENT_ATTR_STR(energy-gpu.unit  ,   rapl_gpu_unit, "Joules");
+/*
+ * we compute in 0.23 nJ increments regardless of MSR
+ */
+EVENT_ATTR_STR(energy-cores.scale, rapl_cores_scale, "2.3283064365386962890625e-10");
+EVENT_ATTR_STR(energy-pkg.scale,     rapl_pkg_scale, "2.3283064365386962890625e-10");
+EVENT_ATTR_STR(energy-ram.scale,     rapl_ram_scale, "2.3283064365386962890625e-10");
+EVENT_ATTR_STR(energy-gpu.scale,     rapl_gpu_scale, "2.3283064365386962890625e-10");
+static struct attribute *rapl_events_srv_attr[] = {
+        EVENT_PTR(rapl_cores),
+        EVENT_PTR(rapl_pkg),
+        EVENT_PTR(rapl_ram),
+        EVENT_PTR(rapl_cores_unit),
+        EVENT_PTR(rapl_pkg_unit),
+        EVENT_PTR(rapl_ram_unit),
+        EVENT_PTR(rapl_cores_scale),
+        EVENT_PTR(rapl_pkg_scale),
+        EVENT_PTR(rapl_ram_scale),
+        NULL,
+};
+static struct attribute *rapl_events_cln_attr[] = {
+        EVENT_PTR(rapl_cores),
+        EVENT_PTR(rapl_pkg),
+        EVENT_PTR(rapl_gpu),
+        EVENT_PTR(rapl_cores_unit),
+        EVENT_PTR(rapl_pkg_unit),
+        EVENT_PTR(rapl_gpu_unit),
+        EVENT_PTR(rapl_cores_scale),
+        EVENT_PTR(rapl_pkg_scale),
+        EVENT_PTR(rapl_gpu_scale),
+        NULL,
+};
+static struct attribute_group rapl_pmu_events_group = {
+        .name = "events",
+        .attrs = NULL, /* patched at runtime */
+};
+DEFINE_RAPL_FORMAT_ATTR(event, event, "config:0-7");
+static struct attribute *rapl_formats_attr[] = {
+        &format_attr_event.attr,
+        NULL,
+};
+static struct attribute_group rapl_pmu_format_group = {
+        .name = "format",
+        .attrs = rapl_formats_attr,
+};
+const struct attribute_group *rapl_attr_groups[] = {
+        &rapl_pmu_attr_group,
+        &rapl_pmu_format_group,
+        &rapl_pmu_events_group,
+        NULL,
+};
+static struct pmu rapl_pmu_class = {
+        .attr_groups    = rapl_attr_groups,
+        .task_ctx_nr    = perf_invalid_context, /* system-wide only */
+        .event_init     = rapl_pmu_event_init,
+        .add            = rapl_pmu_event_add, /* must have */
+        .del            = rapl_pmu_event_del, /* must have */
+        .start          = rapl_pmu_event_start,
+        .stop           = rapl_pmu_event_stop,
+        .read           = rapl_pmu_event_read,
+};
+static void rapl_cpu_exit(int cpu)
+{
+        struct rapl_pmu *pmu = per_cpu(rapl_pmu, cpu);
+        int i, phys_id = topology_physical_package_id(cpu);
+        int target = -1;
+        /* find a new cpu on same package */
+        for_each_online_cpu(i) {
+                if (i == cpu)
+                        continue;
+                if (phys_id == topology_physical_package_id(i)) {
+                        target = i;
+                        break;
+                }
+        }
+        /*
+         * clear cpu from cpumask
+         * if was set in cpumask and still some cpu on package,
+         * then move to new cpu
+         */
+        if (cpumask_test_and_clear_cpu(cpu, &rapl_cpu_mask) && target >= 0)
+                cpumask_set_cpu(target, &rapl_cpu_mask);
+        WARN_ON(cpumask_empty(&rapl_cpu_mask));
+        /*
+         * migrate events and context to new cpu
+         */
+        if (target >= 0)
+                perf_pmu_migrate_context(pmu->pmu, cpu, target);
+        /* cancel overflow polling timer for CPU */
+        rapl_stop_hrtimer(pmu);
+}
+static void rapl_cpu_init(int cpu)
+{
+        int i, phys_id = topology_physical_package_id(cpu);
+        /* check if phys_is is already covered */
+        for_each_cpu(i, &rapl_cpu_mask) {
+                if (phys_id == topology_physical_package_id(i))
+                        return;
+        }
+        /* was not found, so add it */
+        cpumask_set_cpu(cpu, &rapl_cpu_mask);
+}
+static int rapl_cpu_prepare(int cpu)
+{
+        struct rapl_pmu *pmu = per_cpu(rapl_pmu, cpu);
+        int phys_id = topology_physical_package_id(cpu);
+        u64 ms;
+        if (pmu)
+                return 0;
+        if (phys_id < 0)
+                return -1;
+        pmu = kzalloc_node(sizeof(*pmu), GFP_KERNEL, cpu_to_node(cpu));
+        if (!pmu)
+                return -1;
+        spin_lock_init(&pmu->lock);
+        INIT_LIST_HEAD(&pmu->active_list);
+        /*
+         * grab power unit as: 1/2^unit Joules
+         *
+         * we cache in local PMU instance
+         */
+        rdmsrl(MSR_RAPL_POWER_UNIT, pmu->hw_unit);
+        pmu->hw_unit = (pmu->hw_unit >> 8) & 0x1FULL;
+        pmu->pmu = &rapl_pmu_class;
+        /*
+         * use reference of 200W for scaling the timeout
+         * to avoid missing counter overflows.
+         * 200W = 200 Joules/sec
+         * divide interval by 2 to avoid lockstep (2 * 100)
+         * if hw unit is 32, then we use 2 ms 1/200/2
+         */
+        if (pmu->hw_unit < 32)
+                ms = (1000 / (2 * 100)) * (1ULL << (32 - pmu->hw_unit - 1));
+        else
+                ms = 2;
+        pmu->timer_interval = ms_to_ktime(ms);
+        rapl_hrtimer_init(pmu);
+        /* set RAPL pmu for this cpu for now */
+        per_cpu(rapl_pmu, cpu) = pmu;
+        per_cpu(rapl_pmu_to_free, cpu) = NULL;
+        return 0;
+}
+static void rapl_cpu_kfree(int cpu)
+{
+        struct rapl_pmu *pmu = per_cpu(rapl_pmu_to_free, cpu);
+        kfree(pmu);
+        per_cpu(rapl_pmu_to_free, cpu) = NULL;
+}
+static int rapl_cpu_dying(int cpu)
+{
+        struct rapl_pmu *pmu = per_cpu(rapl_pmu, cpu);
+        if (!pmu)
+                return 0;
+        per_cpu(rapl_pmu, cpu) = NULL;
+        per_cpu(rapl_pmu_to_free, cpu) = pmu;
+        return 0;
+}
+static int rapl_cpu_notifier(struct notifier_block *self,
+                             unsigned long action, void *hcpu)
+{
+        unsigned int cpu = (long)hcpu;
+        switch (action & ~CPU_TASKS_FROZEN) {
+        case CPU_UP_PREPARE:
+                rapl_cpu_prepare(cpu);
+                break;
+        case CPU_STARTING:
+                rapl_cpu_init(cpu);
+                break;
+        case CPU_UP_CANCELED:
+        case CPU_DYING:
+                rapl_cpu_dying(cpu);
+                break;
+        case CPU_ONLINE:
+        case CPU_DEAD:
+                rapl_cpu_kfree(cpu);
+                break;
+        case CPU_DOWN_PREPARE:
+                rapl_cpu_exit(cpu);
+                break;
+        default:
+                break;
+        }
+        return NOTIFY_OK;
+}
+static const struct x86_cpu_id rapl_cpu_match[] = {
+        [0] = { .vendor = X86_VENDOR_INTEL, .family = 6 },
+        [1] = {},
+};
+static int __init rapl_pmu_init(void)
+{
+        struct rapl_pmu *pmu;
+        int cpu, ret;
+        /*
+         * check for Intel processor family 6
+         */
+        if (!x86_match_cpu(rapl_cpu_match))
+                return 0;
+        /* check supported CPU */
+        switch (boot_cpu_data.x86_model) {
+        case 42: /* Sandy Bridge */
+        case 58: /* Ivy Bridge */
+        case 60: /* Haswell */
+        case 69: /* Haswell-Celeron */
+                rapl_cntr_mask = RAPL_IDX_CLN;
+                rapl_pmu_events_group.attrs = rapl_events_cln_attr;
+                break;
+        case 45: /* Sandy Bridge-EP */
+        case 62: /* IvyTown */
+                rapl_cntr_mask = RAPL_IDX_SRV;
+                rapl_pmu_events_group.attrs = rapl_events_srv_attr;
+                break;
+        default:
+                /* unsupported */
+                return 0;
+        }
+        cpu_notifier_register_begin();
+        for_each_online_cpu(cpu) {
+                rapl_cpu_prepare(cpu);
+                rapl_cpu_init(cpu);
+        }
+        __perf_cpu_notifier(rapl_cpu_notifier);
+        ret = perf_pmu_register(&rapl_pmu_class, "power", -1);
+        if (WARN_ON(ret)) {
+                pr_info("RAPL PMU detected, registration failed (%d), RAPL PMU disabled\n", ret);
+                cpu_notifier_register_done();
+                return -1;
+        }
+        pmu = __get_cpu_var(rapl_pmu);
+        pr_info("RAPL PMU detected, hw unit 2^-%d Joules,"
+                " API unit is 2^-32 Joules,"
+                " %d fixed counters"
+                " %llu ms ovfl timer\n",
+                pmu->hw_unit,
+                hweight32(rapl_cntr_mask),
+                ktime_to_ms(pmu->timer_interval));
+        cpu_notifier_register_done();
+        return 0;
+}
+device_initcall(rapl_pmu_init);
diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
index 29c248799ced..65bbbea38b9c 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
@@ -66,6 +66,47 @@ DEFINE_UNCORE_FORMAT_ATTR(mask_vnw, mask_vnw, "config2:3-4");
 DEFINE_UNCORE_FORMAT_ATTR(mask0, mask0, "config2:0-31");
 DEFINE_UNCORE_FORMAT_ATTR(mask1, mask1, "config2:32-63");
+static void uncore_pmu_start_hrtimer(struct intel_uncore_box *box);
+static void uncore_pmu_cancel_hrtimer(struct intel_uncore_box *box);
+static void uncore_perf_event_update(struct intel_uncore_box *box, struct perf_event *event);
+static void uncore_pmu_event_read(struct perf_event *event);
+static struct intel_uncore_pmu *uncore_event_to_pmu(struct perf_event *event)
+{
+        return container_of(event->pmu, struct intel_uncore_pmu, pmu);
+}
+static struct intel_uncore_box *
+uncore_pmu_to_box(struct intel_uncore_pmu *pmu, int cpu)
+{
+        struct intel_uncore_box *box;
+        box = *per_cpu_ptr(pmu->box, cpu);
+        if (box)
+                return box;
+        raw_spin_lock(&uncore_box_lock);
+        list_for_each_entry(box, &pmu->box_list, list) {
+                if (box->phys_id == topology_physical_package_id(cpu)) {
+                        atomic_inc(&box->refcnt);
+                        *per_cpu_ptr(pmu->box, cpu) = box;
+                        break;
+                }
+        }
+        raw_spin_unlock(&uncore_box_lock);
+        return *per_cpu_ptr(pmu->box, cpu);
+}
+static struct intel_uncore_box *uncore_event_to_box(struct perf_event *event)
+{
+        /*
+         * perf core schedules event on the basis of cpu, uncore events are
+         * collected by one of the cpus inside a physical package.
+         */
+        return uncore_pmu_to_box(uncore_event_to_pmu(event), smp_processor_id());
+}
 static u64 uncore_msr_read_counter(struct intel_uncore_box *box, struct perf_event *event)
 {
        u64 count;
@@ -501,8 +542,11 @@ static struct extra_reg snbep_uncore_cbox_extra_regs[] = {
        SNBEP_CBO_EVENT_EXTRA_REG(SNBEP_CBO_PMON_CTL_TID_EN,
                                  SNBEP_CBO_PMON_CTL_TID_EN, 0x1),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0334, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4334, 0xffff, 0x6),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0534, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4534, 0xffff, 0x6),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0934, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4934, 0xffff, 0x6),
        SNBEP_CBO_EVENT_EXTRA_REG(0x4134, 0xffff, 0x6),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0135, 0xffff, 0x8),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0335, 0xffff, 0x8),
@@ -1178,10 +1222,15 @@ static struct extra_reg ivt_uncore_cbox_extra_regs[] = {
        SNBEP_CBO_EVENT_EXTRA_REG(SNBEP_CBO_PMON_CTL_TID_EN,
                                  SNBEP_CBO_PMON_CTL_TID_EN, 0x1),
        SNBEP_CBO_EVENT_EXTRA_REG(0x1031, 0x10ff, 0x2),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x1134, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4134, 0xffff, 0xc),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x5134, 0xffff, 0xc),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0334, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4334, 0xffff, 0xc),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0534, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4534, 0xffff, 0xc),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0934, 0xffff, 0x4),
-        SNBEP_CBO_EVENT_EXTRA_REG(0x4134, 0xffff, 0xc),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4934, 0xffff, 0xc),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0135, 0xffff, 0x10),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0335, 0xffff, 0x10),
        SNBEP_CBO_EVENT_EXTRA_REG(0x2135, 0xffff, 0x10),
@@ -1631,6 +1680,349 @@ static struct intel_uncore_type *snb_msr_uncores[] = {
        &snb_uncore_cbox,
        NULL,
 };
+enum {
+        SNB_PCI_UNCORE_IMC,
+};
+static struct uncore_event_desc snb_uncore_imc_events[] = {
+        INTEL_UNCORE_EVENT_DESC(data_reads,  "event=0x01"),
+        INTEL_UNCORE_EVENT_DESC(data_reads.scale, "6.103515625e-5"),
+        INTEL_UNCORE_EVENT_DESC(data_reads.unit, "MiB"),
+        INTEL_UNCORE_EVENT_DESC(data_writes, "event=0x02"),
+        INTEL_UNCORE_EVENT_DESC(data_writes.scale, "6.103515625e-5"),
+        INTEL_UNCORE_EVENT_DESC(data_writes.unit, "MiB"),
+        { /* end: all zeroes */ },
+};
+#define SNB_UNCORE_PCI_IMC_EVENT_MASK           0xff
+#define SNB_UNCORE_PCI_IMC_BAR_OFFSET           0x48
+/* page size multiple covering all config regs */
+#define SNB_UNCORE_PCI_IMC_MAP_SIZE             0x6000
+#define SNB_UNCORE_PCI_IMC_DATA_READS           0x1
+#define SNB_UNCORE_PCI_IMC_DATA_READS_BASE      0x5050
+#define SNB_UNCORE_PCI_IMC_DATA_WRITES          0x2
+#define SNB_UNCORE_PCI_IMC_DATA_WRITES_BASE     0x5054
+#define SNB_UNCORE_PCI_IMC_CTR_BASE             SNB_UNCORE_PCI_IMC_DATA_READS_BASE
+static struct attribute *snb_uncore_imc_formats_attr[] = {
+        &format_attr_event.attr,
+        NULL,
+};
+static struct attribute_group snb_uncore_imc_format_group = {
+        .name = "format",
+        .attrs = snb_uncore_imc_formats_attr,
+};
+static void snb_uncore_imc_init_box(struct intel_uncore_box *box)
+{
+        struct pci_dev *pdev = box->pci_dev;
+        int where = SNB_UNCORE_PCI_IMC_BAR_OFFSET;
+        resource_size_t addr;
+        u32 pci_dword;
+        pci_read_config_dword(pdev, where, &pci_dword);
+        addr = pci_dword;
+#ifdef CONFIG_PHYS_ADDR_T_64BIT
+        pci_read_config_dword(pdev, where + 4, &pci_dword);
+        addr |= ((resource_size_t)pci_dword << 32);
+#endif
+        addr &= ~(PAGE_SIZE - 1);
+        box->io_addr = ioremap(addr, SNB_UNCORE_PCI_IMC_MAP_SIZE);
+        box->hrtimer_duration = UNCORE_SNB_IMC_HRTIMER_INTERVAL;
+}
+static void snb_uncore_imc_enable_box(struct intel_uncore_box *box)
+{}
+static void snb_uncore_imc_disable_box(struct intel_uncore_box *box)
+{}
+static void snb_uncore_imc_enable_event(struct intel_uncore_box *box, struct perf_event *event)
+{}
+static void snb_uncore_imc_disable_event(struct intel_uncore_box *box, struct perf_event *event)
+{}
+static u64 snb_uncore_imc_read_counter(struct intel_uncore_box *box, struct perf_event *event)
+{
+        struct hw_perf_event *hwc = &event->hw;
+        return (u64)*(unsigned int *)(box->io_addr + hwc->event_base);
+}
+/*
+ * custom event_init() function because we define our own fixed, free
+ * running counters, so we do not want to conflict with generic uncore
+ * logic. Also simplifies processing
+ */
+static int snb_uncore_imc_event_init(struct perf_event *event)
+{
+        struct intel_uncore_pmu *pmu;
+        struct intel_uncore_box *box;
+        struct hw_perf_event *hwc = &event->hw;
+        u64 cfg = event->attr.config & SNB_UNCORE_PCI_IMC_EVENT_MASK;
+        int idx, base;
+        if (event->attr.type != event->pmu->type)
+                return -ENOENT;
+        pmu = uncore_event_to_pmu(event);
+        /* no device found for this pmu */
+        if (pmu->func_id < 0)
+                return -ENOENT;
+        /* Sampling not supported yet */
+        if (hwc->sample_period)
+                return -EINVAL;
+        /* unsupported modes and filters */
+        if (event->attr.exclude_user   ||
+            event->attr.exclude_kernel ||
+            event->attr.exclude_hv     ||
+            event->attr.exclude_idle   ||
+            event->attr.exclude_host   ||
+            event->attr.exclude_guest  ||
+            event->attr.sample_period) /* no sampling */
+                return -EINVAL;
+        /*
+         * Place all uncore events for a particular physical package
+         * onto a single cpu
+         */
+        if (event->cpu < 0)
+                return -EINVAL;
+        /* check only supported bits are set */
+        if (event->attr.config & ~SNB_UNCORE_PCI_IMC_EVENT_MASK)
+                return -EINVAL;
+        box = uncore_pmu_to_box(pmu, event->cpu);
+        if (!box || box->cpu < 0)
+                return -EINVAL;
+        event->cpu = box->cpu;
+        event->hw.idx = -1;
+        event->hw.last_tag = ~0ULL;
+        event->hw.extra_reg.idx = EXTRA_REG_NONE;
+        event->hw.branch_reg.idx = EXTRA_REG_NONE;
+        /*
+         * check event is known (whitelist, determines counter)
+         */
+        switch (cfg) {
+        case SNB_UNCORE_PCI_IMC_DATA_READS:
+                base = SNB_UNCORE_PCI_IMC_DATA_READS_BASE;
+                idx = UNCORE_PMC_IDX_FIXED;
+                break;
+        case SNB_UNCORE_PCI_IMC_DATA_WRITES:
+                base = SNB_UNCORE_PCI_IMC_DATA_WRITES_BASE;
+                idx = UNCORE_PMC_IDX_FIXED + 1;
+                break;
+        default:
+                return -EINVAL;
+        }
+        /* must be done before validate_group */
+        event->hw.event_base = base;
+        event->hw.config = cfg;
+        event->hw.idx = idx;
+        /* no group validation needed, we have free running counters */
+        return 0;
+}
+static int snb_uncore_imc_hw_config(struct intel_uncore_box *box, struct perf_event *event)
+{
+        return 0;
+}
+static void snb_uncore_imc_event_start(struct perf_event *event, int flags)
+{
+        struct intel_uncore_box *box = uncore_event_to_box(event);
+        u64 count;
+        if (WARN_ON_ONCE(!(event->hw.state & PERF_HES_STOPPED)))
+                return;
+        event->hw.state = 0;
+        box->n_active++;
+        list_add_tail(&event->active_entry, &box->active_list);
+        count = snb_uncore_imc_read_counter(box, event);
+        local64_set(&event->hw.prev_count, count);
+        if (box->n_active == 1)
+                uncore_pmu_start_hrtimer(box);
+}
+static void snb_uncore_imc_event_stop(struct perf_event *event, int flags)
+{
+        struct intel_uncore_box *box = uncore_event_to_box(event);
+        struct hw_perf_event *hwc = &event->hw;
+        if (!(hwc->state & PERF_HES_STOPPED)) {
+                box->n_active--;
+                WARN_ON_ONCE(hwc->state & PERF_HES_STOPPED);
+                hwc->state |= PERF_HES_STOPPED;
+                list_del(&event->active_entry);
+                if (box->n_active == 0)
+                        uncore_pmu_cancel_hrtimer(box);
+        }
+        if ((flags & PERF_EF_UPDATE) && !(hwc->state & PERF_HES_UPTODATE)) {
+                /*
+                 * Drain the remaining delta count out of a event
+                 * that we are disabling:
+                 */
+                uncore_perf_event_update(box, event);
+                hwc->state |= PERF_HES_UPTODATE;
+        }
+}
+static int snb_uncore_imc_event_add(struct perf_event *event, int flags)
+{
+        struct intel_uncore_box *box = uncore_event_to_box(event);
+        struct hw_perf_event *hwc = &event->hw;
+        if (!box)
+                return -ENODEV;
+        hwc->state = PERF_HES_UPTODATE | PERF_HES_STOPPED;
+        if (!(flags & PERF_EF_START))
+                hwc->state |= PERF_HES_ARCH;
+        snb_uncore_imc_event_start(event, 0);
+        box->n_events++;
+        return 0;
+}
+static void snb_uncore_imc_event_del(struct perf_event *event, int flags)
+{
+        struct intel_uncore_box *box = uncore_event_to_box(event);
+        int i;
+        snb_uncore_imc_event_stop(event, PERF_EF_UPDATE);
+        for (i = 0; i < box->n_events; i++) {
+                if (event == box->event_list[i]) {
+                        --box->n_events;
+                        break;
+                }
+        }
+}
+static int snb_pci2phy_map_init(int devid)
+{
+        struct pci_dev *dev = NULL;
+        int bus;
+        dev = pci_get_device(PCI_VENDOR_ID_INTEL, devid, dev);
+        if (!dev)
+                return -ENOTTY;
+        bus = dev->bus->number;
+        pcibus_to_physid[bus] = 0;
+        pci_dev_put(dev);
+        return 0;
+}
+static struct pmu snb_uncore_imc_pmu = {
+        .task_ctx_nr    = perf_invalid_context,
+        .event_init     = snb_uncore_imc_event_init,
+        .add            = snb_uncore_imc_event_add,
+        .del            = snb_uncore_imc_event_del,
+        .start          = snb_uncore_imc_event_start,
+        .stop           = snb_uncore_imc_event_stop,
+        .read           = uncore_pmu_event_read,
+};
+static struct intel_uncore_ops snb_uncore_imc_ops = {
+        .init_box       = snb_uncore_imc_init_box,
+        .enable_box     = snb_uncore_imc_enable_box,
+        .disable_box    = snb_uncore_imc_disable_box,
+        .disable_event  = snb_uncore_imc_disable_event,
+        .enable_event   = snb_uncore_imc_enable_event,
+        .hw_config      = snb_uncore_imc_hw_config,
+        .read_counter   = snb_uncore_imc_read_counter,
+};
+static struct intel_uncore_type snb_uncore_imc = {
+        .name           = "imc",
+        .num_counters   = 2,
+        .num_boxes      = 1,
+        .fixed_ctr_bits = 32,
+        .fixed_ctr      = SNB_UNCORE_PCI_IMC_CTR_BASE,
+        .event_descs    = snb_uncore_imc_events,
+        .format_group   = &snb_uncore_imc_format_group,
+        .perf_ctr       = SNB_UNCORE_PCI_IMC_DATA_READS_BASE,
+        .event_mask     = SNB_UNCORE_PCI_IMC_EVENT_MASK,
+        .ops            = &snb_uncore_imc_ops,
+        .pmu            = &snb_uncore_imc_pmu,
+};
+static struct intel_uncore_type *snb_pci_uncores[] = {
+        [SNB_PCI_UNCORE_IMC]    = &snb_uncore_imc,
+        NULL,
+};
+static DEFINE_PCI_DEVICE_TABLE(snb_uncore_pci_ids) = {
+        { /* IMC */
+                PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_SNB_IMC),
+                .driver_data = UNCORE_PCI_DEV_DATA(SNB_PCI_UNCORE_IMC, 0),
+        },
+        { /* end: all zeroes */ },
+};
+static DEFINE_PCI_DEVICE_TABLE(ivb_uncore_pci_ids) = {
+        { /* IMC */
+                PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_IVB_IMC),
+                .driver_data = UNCORE_PCI_DEV_DATA(SNB_PCI_UNCORE_IMC, 0),
+        },
+        { /* end: all zeroes */ },
+};
+static DEFINE_PCI_DEVICE_TABLE(hsw_uncore_pci_ids) = {
+        { /* IMC */
+                PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_HSW_IMC),
+                .driver_data = UNCORE_PCI_DEV_DATA(SNB_PCI_UNCORE_IMC, 0),
+        },
+        { /* end: all zeroes */ },
+};
+static struct pci_driver snb_uncore_pci_driver = {
+        .name           = "snb_uncore",
+        .id_table       = snb_uncore_pci_ids,
+};
+static struct pci_driver ivb_uncore_pci_driver = {
+        .name           = "ivb_uncore",
+        .id_table       = ivb_uncore_pci_ids,
+};
+static struct pci_driver hsw_uncore_pci_driver = {
+        .name           = "hsw_uncore",
+        .id_table       = hsw_uncore_pci_ids,
+};
 /* end of Sandy Bridge uncore support */
 /* Nehalem uncore support */
@@ -2781,6 +3173,7 @@ again:
 static enum hrtimer_restart uncore_pmu_hrtimer(struct hrtimer *hrtimer)
 {
        struct intel_uncore_box *box;
+        struct perf_event *event;
        unsigned long flags;
        int bit;
@@ -2793,19 +3186,27 @@ static enum hrtimer_restart uncore_pmu_hrtimer(struct hrtimer *hrtimer)
         */
        local_irq_save(flags);
+        /*
+         * handle boxes with an active event list as opposed to active
+         * counters
+         */
+        list_for_each_entry(event, &box->active_list, active_entry) {
+                uncore_perf_event_update(box, event);
+        }
        for_each_set_bit(bit, box->active_mask, UNCORE_PMC_IDX_MAX)
                uncore_perf_event_update(box, box->events[bit]);
        local_irq_restore(flags);
-        hrtimer_forward_now(hrtimer, ns_to_ktime(UNCORE_PMU_HRTIMER_INTERVAL));
+        hrtimer_forward_now(hrtimer, ns_to_ktime(box->hrtimer_duration));
        return HRTIMER_RESTART;
 }
 static void uncore_pmu_start_hrtimer(struct intel_uncore_box *box)
 {
        __hrtimer_start_range_ns(&box->hrtimer,
-                        ns_to_ktime(UNCORE_PMU_HRTIMER_INTERVAL), 0,
+                        ns_to_ktime(box->hrtimer_duration), 0,
                        HRTIMER_MODE_REL_PINNED, 0);
 }
@@ -2839,43 +3240,12 @@ static struct intel_uncore_box *uncore_alloc_box(struct intel_uncore_type *type,
        box->cpu = -1;
        box->phys_id = -1;
-        return box;
+        /* set default hrtimer timeout */
-}
+        box->hrtimer_duration = UNCORE_PMU_HRTIMER_INTERVAL;
-static struct intel_uncore_box *
-uncore_pmu_to_box(struct intel_uncore_pmu *pmu, int cpu)
-{
-        struct intel_uncore_box *box;
-        box = *per_cpu_ptr(pmu->box, cpu);
-        if (box)
-                return box;
-        raw_spin_lock(&uncore_box_lock);
-        list_for_each_entry(box, &pmu->box_list, list) {
-                if (box->phys_id == topology_physical_package_id(cpu)) {
-                        atomic_inc(&box->refcnt);
-                        *per_cpu_ptr(pmu->box, cpu) = box;
-                        break;
-                }
-        }
-        raw_spin_unlock(&uncore_box_lock);
-        return *per_cpu_ptr(pmu->box, cpu);
-}
-static struct intel_uncore_pmu *uncore_event_to_pmu(struct perf_event *event)
+        INIT_LIST_HEAD(&box->active_list);
-{
-        return container_of(event->pmu, struct intel_uncore_pmu, pmu);
-}
-static struct intel_uncore_box *uncore_event_to_box(struct perf_event *event)
+        return box;
-{
-        /*
-         * perf core schedules event on the basis of cpu, uncore events are
-         * collected by one of the cpus inside a physical package.
-         */
-        return uncore_pmu_to_box(uncore_event_to_pmu(event), smp_processor_id());
 }
 static int
@@ -3271,16 +3641,21 @@ static int __init uncore_pmu_register(struct intel_uncore_pmu *pmu)
 {
        int ret;
-        pmu->pmu = (struct pmu) {
+        if (!pmu->type->pmu) {
-                .attr_groups    = pmu->type->attr_groups,
+                pmu->pmu = (struct pmu) {
-                .task_ctx_nr    = perf_invalid_context,
+                        .attr_groups    = pmu->type->attr_groups,
-                .event_init     = uncore_pmu_event_init,
+                        .task_ctx_nr    = perf_invalid_context,
-                .add            = uncore_pmu_event_add,
+                        .event_init     = uncore_pmu_event_init,
-                .del            = uncore_pmu_event_del,
+                        .add            = uncore_pmu_event_add,
-                .start          = uncore_pmu_event_start,
+                        .del            = uncore_pmu_event_del,
-                .stop           = uncore_pmu_event_stop,
+                        .start          = uncore_pmu_event_start,
-                .read           = uncore_pmu_event_read,
+                        .stop           = uncore_pmu_event_stop,
-        };
+                        .read           = uncore_pmu_event_read,
+                };
+        } else {
+                pmu->pmu = *pmu->type->pmu;
+                pmu->pmu.attr_groups = pmu->type->attr_groups;
+        }
        if (pmu->type->num_boxes == 1) {
                if (strlen(pmu->type->name) > 0)
@@ -3326,6 +3701,8 @@ static int __init uncore_type_init(struct intel_uncore_type *type)
        if (!pmus)
                return -ENOMEM;
+        type->pmus = pmus;
        type->unconstrainted = (struct event_constraint)
                __EVENT_CONSTRAINT(0, (1ULL << type->num_counters) - 1,
                                0, type->num_counters, 0, 0);
@@ -3361,7 +3738,6 @@ static int __init uncore_type_init(struct intel_uncore_type *type)
        }
        type->pmu_group = &uncore_pmu_attr_group;
-        type->pmus = pmus;
        return 0;
 fail:
        uncore_type_exit(type);
@@ -3493,6 +3869,28 @@ static int __init uncore_pci_init(void)
                pci_uncores = ivt_pci_uncores;
                uncore_pci_driver = &ivt_uncore_pci_driver;
                break;
+        case 42: /* Sandy Bridge */
+                ret = snb_pci2phy_map_init(PCI_DEVICE_ID_INTEL_SNB_IMC);
+                if (ret)
+                        return ret;
+                pci_uncores = snb_pci_uncores;
+                uncore_pci_driver = &snb_uncore_pci_driver;
+                break;
+        case 58: /* Ivy Bridge */
+                ret = snb_pci2phy_map_init(PCI_DEVICE_ID_INTEL_IVB_IMC);
+                if (ret)
+                        return ret;
+                pci_uncores = snb_pci_uncores;
+                uncore_pci_driver = &ivb_uncore_pci_driver;
+                break;
+        case 60: /* Haswell */
+        case 69: /* Haswell Celeron */
+                ret = snb_pci2phy_map_init(PCI_DEVICE_ID_INTEL_HSW_IMC);
+                if (ret)
+                        return ret;
+                pci_uncores = snb_pci_uncores;
+                uncore_pci_driver = &hsw_uncore_pci_driver;
+                break;
        default:
                return 0;
        }
@@ -3764,7 +4162,7 @@ static void __init uncore_cpu_setup(void *dummy)
 static int __init uncore_cpu_init(void)
 {
-        int ret, cpu, max_cores;
+        int ret, max_cores;
        max_cores = boot_cpu_data.x86_max_cores;
        switch (boot_cpu_data.x86_model) {
@@ -3808,29 +4206,6 @@ static int __init uncore_cpu_init(void)
        if (ret)
                return ret;
-        get_online_cpus();
-        for_each_online_cpu(cpu) {
-                int i, phys_id = topology_physical_package_id(cpu);
-                for_each_cpu(i, &uncore_cpu_mask) {
-                        if (phys_id == topology_physical_package_id(i)) {
-                                phys_id = -1;
-                                break;
-                        }
-                }
-                if (phys_id < 0)
-                        continue;
-                uncore_cpu_prepare(cpu, phys_id);
-                uncore_event_init_cpu(cpu);
-        }
-        on_each_cpu(uncore_cpu_setup, NULL, 1);
-        register_cpu_notifier(&uncore_cpu_nb);
-        put_online_cpus();
        return 0;
 }
@@ -3859,6 +4234,41 @@ static int __init uncore_pmus_register(void)
        return 0;
 }
+static void __init uncore_cpumask_init(void)
+{
+        int cpu;
+        /*
+         * ony invoke once from msr or pci init code
+         */
+        if (!cpumask_empty(&uncore_cpu_mask))
+                return;
+        cpu_notifier_register_begin();
+        for_each_online_cpu(cpu) {
+                int i, phys_id = topology_physical_package_id(cpu);
+                for_each_cpu(i, &uncore_cpu_mask) {
+                        if (phys_id == topology_physical_package_id(i)) {
+                                phys_id = -1;
+                                break;
+                        }
+                }
+                if (phys_id < 0)
+                        continue;
+                uncore_cpu_prepare(cpu, phys_id);
+                uncore_event_init_cpu(cpu);
+        }
+        on_each_cpu(uncore_cpu_setup, NULL, 1);
+        __register_cpu_notifier(&uncore_cpu_nb);
+        cpu_notifier_register_done();
+}
 static int __init intel_uncore_init(void)
 {
        int ret;
@@ -3877,6 +4287,7 @@ static int __init intel_uncore_init(void)
                uncore_pci_exit();
                goto fail;
        }
+        uncore_cpumask_init();
        uncore_pmus_register();
        return 0;
diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.h b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
index a80ab71a883d..90236f0c94a9 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.h
+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
@@ -6,6 +6,7 @@
 #define UNCORE_PMU_NAME_LEN             32
 #define UNCORE_PMU_HRTIMER_INTERVAL     (60LL * NSEC_PER_SEC)
+#define UNCORE_SNB_IMC_HRTIMER_INTERVAL (5ULL * NSEC_PER_SEC)
 #define UNCORE_FIXED_EVENT              0xff
 #define UNCORE_PMC_IDX_MAX_GENERIC      8
@@ -440,6 +441,7 @@ struct intel_uncore_type {
        struct intel_uncore_ops *ops;
        struct uncore_event_desc *event_descs;
        const struct attribute_group *attr_groups[4];
+        struct pmu *pmu; /* for custom pmu ops */
 };
 #define pmu_group attr_groups[0]
@@ -488,8 +490,11 @@ struct intel_uncore_box {
        u64 tags[UNCORE_PMC_IDX_MAX];
        struct pci_dev *pci_dev;
        struct intel_uncore_pmu *pmu;
+        u64 hrtimer_duration; /* hrtimer timeout for this box */
        struct hrtimer hrtimer;
        struct list_head list;
+        struct list_head active_list;
+        void *io_addr;
        struct intel_uncore_extra_reg shared_regs[0];
 };
diff --git a/arch/x86/kernel/cpu/perf_event_p4.c b/arch/x86/kernel/cpu/perf_event_p4.c
index 3486e6660357..5d466b7d8609 100644
--- a/arch/x86/kernel/cpu/perf_event_p4.c
+++ b/arch/x86/kernel/cpu/perf_event_p4.c
@@ -1257,7 +1257,24 @@ again:
                        pass++;
                        goto again;
                }
+                /*
+                 * Perf does test runs to see if a whole group can be assigned
+                 * together succesfully.  There can be multiple rounds of this.
+                 * Unfortunately, p4_pmu_swap_config_ts touches the hwc->config
+                 * bits, such that the next round of group assignments will
+                 * cause the above p4_should_swap_ts to pass instead of fail.
+                 * This leads to counters exclusive to thread0 being used by
+                 * thread1.
+                 *
+                 * Solve this with a cheap hack, reset the idx back to -1 to
+                 * force a new lookup (p4_next_cntr) to get the right counter
+                 * for the right thread.
+                 *
+                 * This probably doesn't comply with the general spirit of how
+                 * perf wants to work, but P4 is special. :-(
+                 */
+                if (p4_should_swap_ts(hwc->config, cpu))
+                        hwc->idx = -1;
                p4_pmu_swap_config_ts(hwc, cpu);
                if (assign)
                        assign[i] = cntr_idx;
@@ -1322,6 +1339,7 @@ static __initconst const struct x86_pmu p4_pmu = {
 __init int p4_pmu_init(void)
 {
        unsigned int low, high;
+        int i, reg;
        /* If we get stripped -- indexing fails */
        BUILD_BUG_ON(ARCH_P4_MAX_CCCR > INTEL_PMC_MAX_GENERIC);
@@ -1340,5 +1358,19 @@ __init int p4_pmu_init(void)
        x86_pmu = p4_pmu;
+        /*
+         * Even though the counters are configured to interrupt a particular
+         * logical processor when an overflow happens, testing has shown that
+         * on kdump kernels (which uses a single cpu), thread1's counter
+         * continues to run and will report an NMI on thread0.  Due to the
+         * overflow bug, this leads to a stream of unknown NMIs.
+         *
+         * Solve this by zero'ing out the registers to mimic a reset.
+         */
+        for (i = 0; i < x86_pmu.num_counters; i++) {
+                reg = x86_pmu_config_addr(i);
+                wrmsrl_safe(reg, 0ULL);
+        }
        return 0;
 }
diff --git a/arch/x86/kernel/cpu/perf_event_p6.c b/arch/x86/kernel/cpu/perf_event_p6.c
index b1e2fe115323..7c1a0c07b607 100644
--- a/arch/x86/kernel/cpu/perf_event_p6.c
+++ b/arch/x86/kernel/cpu/perf_event_p6.c
@@ -231,31 +231,49 @@ static __initconst const struct x86_pmu p6_pmu = {
 };
+static __init void p6_pmu_rdpmc_quirk(void)
+{
+        if (boot_cpu_data.x86_mask < 9) {
+                /*
+                 * PPro erratum 26; fixed in stepping 9 and above.
+                 */
+                pr_warn("Userspace RDPMC support disabled due to a CPU erratum\n");
+                x86_pmu.attr_rdpmc_broken = 1;
+                x86_pmu.attr_rdpmc = 0;
+        }
+}
 __init int p6_pmu_init(void)
 {
+        x86_pmu = p6_pmu;
        switch (boot_cpu_data.x86_model) {
-        case 1:
+        case  1: /* Pentium Pro */
-        case 3:  /* Pentium Pro */
+                x86_add_quirk(p6_pmu_rdpmc_quirk);
-        case 5:
+                break;
-        case 6:  /* Pentium II */
-        case 7:
+        case  3: /* Pentium II - Klamath */
-        case 8:
+        case  5: /* Pentium II - Deschutes */
-        case 11: /* Pentium III */
+        case  6: /* Pentium II - Mendocino */
-        case 9:
-        case 13:
-                /* Pentium M */
                break;
+        case  7: /* Pentium III - Katmai */
+        case  8: /* Pentium III - Coppermine */
+        case 10: /* Pentium III Xeon */
+        case 11: /* Pentium III - Tualatin */
+                break;
+        case  9: /* Pentium M - Banias */
+        case 13: /* Pentium M - Dothan */
+                break;
        default:
-                pr_cont("unsupported p6 CPU model %d ",
+                pr_cont("unsupported p6 CPU model %d ", boot_cpu_data.x86_model);
-                        boot_cpu_data.x86_model);
                return -ENODEV;
        }
-        x86_pmu = p6_pmu;
        memcpy(hw_cache_event_ids, p6_hw_cache_event_ids,
                sizeof(hw_cache_event_ids));
        return 0;
 }
diff --git a/arch/x86/kernel/cpu/rdrand.c b/arch/x86/kernel/cpu/rdrand.c
index 88db010845cb..384df5105fbc 100644
--- a/arch/x86/kernel/cpu/rdrand.c
+++ b/arch/x86/kernel/cpu/rdrand.c
@@ -31,20 +31,6 @@ static int __init x86_rdrand_setup(char *s)
 }
 __setup("nordrand", x86_rdrand_setup);
-/* We can't use arch_get_random_long() here since alternatives haven't run */
-static inline int rdrand_long(unsigned long *v)
-{
-        int ok;
-        asm volatile("1: " RDRAND_LONG "\n\t"
-                     "jc 2f\n\t"
-                     "decl %0\n\t"
-                     "jnz 1b\n\t"
-                     "2:"
-                     : "=r" (ok), "=a" (*v)
-                     : "0" (RDRAND_RETRY_LOOPS));
-        return ok;
-}
 /*
 * Force a reseed cycle; we are architecturally guaranteed a reseed
 * after no more than 512 128-bit chunks of random data.  This also
diff --git a/arch/x86/kernel/cpu/transmeta.c b/arch/x86/kernel/cpu/transmeta.c
index aa0430d69b90..3fa0e5ad86b4 100644
--- a/arch/x86/kernel/cpu/transmeta.c
+++ b/arch/x86/kernel/cpu/transmeta.c
@@ -1,6 +1,5 @@
 #include <linux/kernel.h>
 #include <linux/mm.h>
-#include <linux/init.h>
 #include <asm/processor.h>
 #include <asm/msr.h>
 #include "cpu.h"
diff --git a/arch/x86/kernel/cpu/umc.c b/arch/x86/kernel/cpu/umc.c
index 75c5ad5d35cc..ef9c2a0078bd 100644
--- a/arch/x86/kernel/cpu/umc.c
+++ b/arch/x86/kernel/cpu/umc.c
@@ -1,5 +1,4 @@
 #include <linux/kernel.h>
-#include <linux/init.h>
 #include <asm/processor.h>
 #include "cpu.h"
diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c
index 7d9481c743f8..3225ae6c5180 100644
--- a/arch/x86/kernel/cpuid.c
+++ b/arch/x86/kernel/cpuid.c
@@ -198,14 +198,15 @@ static int __init cpuid_init(void)
                goto out_chrdev;
        }
        cpuid_class->devnode = cpuid_devnode;
-        get_online_cpus();
+        cpu_notifier_register_begin();
        for_each_online_cpu(i) {
                err = cpuid_device_create(i);
                if (err != 0)
                        goto out_class;
        }
-        register_hotcpu_notifier(&cpuid_class_cpu_notifier);
+        __register_hotcpu_notifier(&cpuid_class_cpu_notifier);
-        put_online_cpus();
+        cpu_notifier_register_done();
        err = 0;
        goto out;
@@ -215,7 +216,7 @@ out_class:
        for_each_online_cpu(i) {
                cpuid_device_destroy(i);
        }
-        put_online_cpus();
+        cpu_notifier_register_done();
        class_destroy(cpuid_class);
 out_chrdev:
        __unregister_chrdev(CPUID_MAJOR, 0, NR_CPUS, "cpu/cpuid");
@@ -227,13 +228,13 @@ static void __exit cpuid_exit(void)
 {
        int cpu = 0;
-        get_online_cpus();
+        cpu_notifier_register_begin();
        for_each_online_cpu(cpu)
                cpuid_device_destroy(cpu);
        class_destroy(cpuid_class);
        __unregister_chrdev(CPUID_MAJOR, 0, NR_CPUS, "cpu/cpuid");
-        unregister_hotcpu_notifier(&cpuid_class_cpu_notifier);
+        __unregister_hotcpu_notifier(&cpuid_class_cpu_notifier);
-        put_online_cpus();
+        cpu_notifier_register_done();
 }
 module_init(cpuid_init);
diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
index 18677a90d6a3..507de8066594 100644
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
@@ -7,7 +7,6 @@
 *
 */
-#include <linux/init.h>
 #include <linux/types.h>
 #include <linux/kernel.h>
 #include <linux/smp.h>
@@ -58,9 +57,7 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
 {
 #ifdef CONFIG_X86_32
        struct pt_regs fixed_regs;
-#endif
-#ifdef CONFIG_X86_32
        if (!user_mode_vm(regs)) {
                crash_fixup_ss_esp(&fixed_regs, regs);
                regs = &fixed_regs;
diff --git a/arch/x86/kernel/doublefault.c b/arch/x86/kernel/doublefault.c
index 5d3fe8d36e4a..f6dfd9334b67 100644
--- a/arch/x86/kernel/doublefault.c
+++ b/arch/x86/kernel/doublefault.c
@@ -1,6 +1,5 @@
 #include <linux/mm.h>
 #include <linux/sched.h>
-#include <linux/init.h>
 #include <linux/init_task.h>
 #include <linux/fs.h>
diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c
index f2a1770ca176..5abd4cd4230c 100644
--- a/arch/x86/kernel/dumpstack_32.c
+++ b/arch/x86/kernel/dumpstack_32.c
@@ -16,12 +16,35 @@
 #include <asm/stacktrace.h>
+static void *is_irq_stack(void *p, void *irq)
+{
+        if (p < irq || p >= (irq + THREAD_SIZE))
+                return NULL;
+        return irq + THREAD_SIZE;
+}
+static void *is_hardirq_stack(unsigned long *stack, int cpu)
+{
+        void *irq = per_cpu(hardirq_stack, cpu);
+        return is_irq_stack(stack, irq);
+}
+static void *is_softirq_stack(unsigned long *stack, int cpu)
+{
+        void *irq = per_cpu(softirq_stack, cpu);
+        return is_irq_stack(stack, irq);
+}
 void dump_trace(struct task_struct *task, struct pt_regs *regs,
                unsigned long *stack, unsigned long bp,
                const struct stacktrace_ops *ops, void *data)
 {
+        const unsigned cpu = get_cpu();
        int graph = 0;
+        u32 *prev_esp;
        if (!task)
                task = current;
@@ -30,7 +53,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                unsigned long dummy;
                stack = &dummy;
-                if (task && task != current)
+                if (task != current)
                        stack = (unsigned long *)task->thread.sp;
        }
@@ -39,18 +62,31 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
        for (;;) {
                struct thread_info *context;
+                void *end_stack;
+                end_stack = is_hardirq_stack(stack, cpu);
+                if (!end_stack)
+                        end_stack = is_softirq_stack(stack, cpu);
-                context = (struct thread_info *)
+                context = task_thread_info(task);
-                        ((unsigned long)stack & (~(THREAD_SIZE - 1)));
+                bp = ops->walk_stack(context, stack, bp, ops, data,
-                bp = ops->walk_stack(context, stack, bp, ops, data, NULL, &graph);
+                                     end_stack, &graph);
-                stack = (unsigned long *)context->previous_esp;
+                /* Stop if not on irq stack */
+                if (!end_stack)
+                        break;
+                /* The previous esp is saved on the bottom of the stack */
+                prev_esp = (u32 *)(end_stack - THREAD_SIZE);
+                stack = (unsigned long *)*prev_esp;
                if (!stack)
                        break;
                if (ops->stack(data, "IRQ") < 0)
                        break;
                touch_nmi_watchdog();
        }
+        put_cpu();
 }
 EXPORT_SYMBOL(dump_trace);
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
index addb207dab92..1abcb50b48ae 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -104,6 +104,44 @@ in_irq_stack(unsigned long *stack, unsigned long *irq_stack,
        return (stack >= irq_stack && stack < irq_stack_end);
 }
+static const unsigned long irq_stack_size =
+        (IRQ_STACK_SIZE - 64) / sizeof(unsigned long);
+enum stack_type {
+        STACK_IS_UNKNOWN,
+        STACK_IS_NORMAL,
+        STACK_IS_EXCEPTION,
+        STACK_IS_IRQ,
+};
+static enum stack_type
+analyze_stack(int cpu, struct task_struct *task, unsigned long *stack,
+              unsigned long **stack_end, unsigned long *irq_stack,
+              unsigned *used, char **id)
+{
+        unsigned long addr;
+        addr = ((unsigned long)stack & (~(THREAD_SIZE - 1)));
+        if ((unsigned long)task_stack_page(task) == addr)
+                return STACK_IS_NORMAL;
+        *stack_end = in_exception_stack(cpu, (unsigned long)stack,
+                                        used, id);
+        if (*stack_end)
+                return STACK_IS_EXCEPTION;
+        if (!irq_stack)
+                return STACK_IS_NORMAL;
+        *stack_end = irq_stack;
+        irq_stack = irq_stack - irq_stack_size;
+        if (in_irq_stack(stack, irq_stack, *stack_end))
+                return STACK_IS_IRQ;
+        return STACK_IS_UNKNOWN;
+}
 /*
 * x86-64 can have up to three kernel stacks:
 * process stack
@@ -116,12 +154,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                const struct stacktrace_ops *ops, void *data)
 {
        const unsigned cpu = get_cpu();
-        unsigned long *irq_stack_end =
-                (unsigned long *)per_cpu(irq_stack_ptr, cpu);
-        unsigned used = 0;
        struct thread_info *tinfo;
-        int graph = 0;
+        unsigned long *irq_stack = (unsigned long *)per_cpu(irq_stack_ptr, cpu);
        unsigned long dummy;
+        unsigned used = 0;
+        int graph = 0;
+        int done = 0;
        if (!task)
                task = current;
@@ -143,49 +181,61 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
         * exceptions
         */
        tinfo = task_thread_info(task);
-        for (;;) {
+        while (!done) {
+                unsigned long *stack_end;
+                enum stack_type stype;
                char *id;
-                unsigned long *estack_end;
-                estack_end = in_exception_stack(cpu, (unsigned long)stack,
-                                                &used, &id);
-                if (estack_end) {
+                stype = analyze_stack(cpu, task, stack, &stack_end,
+                                      irq_stack, &used, &id);
+                /* Default finish unless specified to continue */
+                done = 1;
+                switch (stype) {
+                /* Break out early if we are on the thread stack */
+                case STACK_IS_NORMAL:
+                        break;
+                case STACK_IS_EXCEPTION:
                        if (ops->stack(data, id) < 0)
                                break;
                        bp = ops->walk_stack(tinfo, stack, bp, ops,
-                                             data, estack_end, &graph);
+                                             data, stack_end, &graph);
                        ops->stack(data, "<EOE>");
                        /*
                         * We link to the next stack via the
                         * second-to-last pointer (index -2 to end) in the
                         * exception stack:
                         */
-                        stack = (unsigned long *) estack_end[-2];
+                        stack = (unsigned long *) stack_end[-2];
-                        continue;
+                        done = 0;
-                }
+                        break;
-                if (irq_stack_end) {
-                        unsigned long *irq_stack;
+                case STACK_IS_IRQ:
-                        irq_stack = irq_stack_end -
-                                (IRQ_STACK_SIZE - 64) / sizeof(*irq_stack);
+                        if (ops->stack(data, "IRQ") < 0)
+                                break;
-                        if (in_irq_stack(stack, irq_stack, irq_stack_end)) {
+                        bp = ops->walk_stack(tinfo, stack, bp,
-                                if (ops->stack(data, "IRQ") < 0)
+                                     ops, data, stack_end, &graph);
-                                        break;
+                        /*
-                                bp = ops->walk_stack(tinfo, stack, bp,
+                         * We link to the next stack (which would be
-                                        ops, data, irq_stack_end, &graph);
+                         * the process stack normally) the last
-                                /*
+                         * pointer (index -1 to end) in the IRQ stack:
-                                 * We link to the next stack (which would be
+                         */
-                                 * the process stack normally) the last
+                        stack = (unsigned long *) (stack_end[-1]);
-                                 * pointer (index -1 to end) in the IRQ stack:
+                        irq_stack = NULL;
-                                 */
+                        ops->stack(data, "EOI");
-                                stack = (unsigned long *) (irq_stack_end[-1]);
+                        done = 0;
-                                irq_stack_end = NULL;
+                        break;
-                                ops->stack(data, "EOI");
-                                continue;
+                case STACK_IS_UNKNOWN:
-                        }
+                        ops->stack(data, "UNK");
+                        break;
                }
-                break;
        }
        /*
diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
index 174da5fc5a7b..988c00a1f60d 100644
--- a/arch/x86/kernel/e820.c
+++ b/arch/x86/kernel/e820.c
@@ -1120,7 +1120,7 @@ void __init memblock_find_dma_reserve(void)
                nr_pages += end_pfn - start_pfn;
        }
-        for_each_free_mem_range(u, MAX_NUMNODES, &start, &end, NULL) {
+        for_each_free_mem_range(u, NUMA_NO_NODE, &start, &end, NULL) {
                start_pfn = min_t(unsigned long, PFN_UP(start), MAX_DMA_PFN);
                end_pfn = min_t(unsigned long, PFN_DOWN(end), MAX_DMA_PFN);
                if (start_pfn < end_pfn)
diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c
index bc4a088f9023..b0cc3809723d 100644
--- a/arch/x86/kernel/early-quirks.c
+++ b/arch/x86/kernel/early-quirks.c
@@ -203,18 +203,15 @@ static void __init intel_remapping_check(int num, int slot, int func)
        revision = read_pci_config_byte(num, slot, func, PCI_REVISION_ID);
        /*
-         * Revision 13 of all triggering devices id in this quirk have
+         * Revision <= 13 of all triggering devices id in this quirk
-         * a problem draining interrupts when irq remapping is enabled,
+         * have a problem draining interrupts when irq remapping is
-         * and should be flagged as broken.  Additionally revisions 0x12
+         * enabled, and should be flagged as broken. Additionally
-         * and 0x22 of device id 0x3405 has this problem.
+         * revision 0x22 of device id 0x3405 has this problem.
         */
-        if (revision == 0x13)
+        if (revision <= 0x13)
                set_irq_remapping_broken();
-        else if ((device == 0x3405) &&
+        else if (device == 0x3405 && revision == 0x22)
-            ((revision == 0x12) ||
-             (revision == 0x22)))
                set_irq_remapping_broken();
 }
 /*
@@ -228,7 +225,7 @@ static void __init intel_remapping_check(int num, int slot, int func)
 *
 * And yes, so far on current devices the base addr is always under 4G.
 */
-static u32 __init intel_stolen_base(int num, int slot, int func)
+static u32 __init intel_stolen_base(int num, int slot, int func, size_t stolen_size)
 {
        u32 base;
@@ -247,6 +244,114 @@ static u32 __init intel_stolen_base(int num, int slot, int func)
 #define MB(x)   (KB (KB (x)))
 #define GB(x)   (MB (KB (x)))
+static size_t __init i830_tseg_size(void)
+{
+        u8 tmp = read_pci_config_byte(0, 0, 0, I830_ESMRAMC);
+        if (!(tmp & TSEG_ENABLE))
+                return 0;
+        if (tmp & I830_TSEG_SIZE_1M)
+                return MB(1);
+        else
+                return KB(512);
+}
+static size_t __init i845_tseg_size(void)
+{
+        u8 tmp = read_pci_config_byte(0, 0, 0, I845_ESMRAMC);
+        if (!(tmp & TSEG_ENABLE))
+                return 0;
+        switch (tmp & I845_TSEG_SIZE_MASK) {
+        case I845_TSEG_SIZE_512K:
+                return KB(512);
+        case I845_TSEG_SIZE_1M:
+                return MB(1);
+        default:
+                WARN_ON(1);
+                return 0;
+        }
+}
+static size_t __init i85x_tseg_size(void)
+{
+        u8 tmp = read_pci_config_byte(0, 0, 0, I85X_ESMRAMC);
+        if (!(tmp & TSEG_ENABLE))
+                return 0;
+        return MB(1);
+}
+static size_t __init i830_mem_size(void)
+{
+        return read_pci_config_byte(0, 0, 0, I830_DRB3) * MB(32);
+}
+static size_t __init i85x_mem_size(void)
+{
+        return read_pci_config_byte(0, 0, 1, I85X_DRB3) * MB(32);
+}
+/*
+ * On 830/845/85x the stolen memory base isn't available in any
+ * register. We need to calculate it as TOM-TSEG_SIZE-stolen_size.
+ */
+static u32 __init i830_stolen_base(int num, int slot, int func, size_t stolen_size)
+{
+        return i830_mem_size() - i830_tseg_size() - stolen_size;
+}
+static u32 __init i845_stolen_base(int num, int slot, int func, size_t stolen_size)
+{
+        return i830_mem_size() - i845_tseg_size() - stolen_size;
+}
+static u32 __init i85x_stolen_base(int num, int slot, int func, size_t stolen_size)
+{
+        return i85x_mem_size() - i85x_tseg_size() - stolen_size;
+}
+static u32 __init i865_stolen_base(int num, int slot, int func, size_t stolen_size)
+{
+        /*
+         * FIXME is the graphics stolen memory region
+         * always at TOUD? Ie. is it always the last
+         * one to be allocated by the BIOS?
+         */
+        return read_pci_config_16(0, 0, 0, I865_TOUD) << 16;
+}
+static size_t __init i830_stolen_size(int num, int slot, int func)
+{
+        size_t stolen_size;
+        u16 gmch_ctrl;
+        gmch_ctrl = read_pci_config_16(0, 0, 0, I830_GMCH_CTRL);
+        switch (gmch_ctrl & I830_GMCH_GMS_MASK) {
+        case I830_GMCH_GMS_STOLEN_512:
+                stolen_size = KB(512);
+                break;
+        case I830_GMCH_GMS_STOLEN_1024:
+                stolen_size = MB(1);
+                break;
+        case I830_GMCH_GMS_STOLEN_8192:
+                stolen_size = MB(8);
+                break;
+        case I830_GMCH_GMS_LOCAL:
+                /* local memory isn't part of the normal address space */
+                stolen_size = 0;
+                break;
+        default:
+                return 0;
+        }
+        return stolen_size;
+}
 static size_t __init gen3_stolen_size(int num, int slot, int func)
 {
        size_t stolen_size;
@@ -313,7 +418,7 @@ static size_t __init gen6_stolen_size(int num, int slot, int func)
        return gmch_ctrl << 25; /* 32 MB units */
 }
-static inline size_t gen8_stolen_size(int num, int slot, int func)
+static size_t gen8_stolen_size(int num, int slot, int func)
 {
        u16 gmch_ctrl;
@@ -323,31 +428,74 @@ static inline size_t gen8_stolen_size(int num, int slot, int func)
        return gmch_ctrl << 25; /* 32 MB units */
 }
-typedef size_t (*stolen_size_fn)(int num, int slot, int func);
+struct intel_stolen_funcs {
+        size_t (*size)(int num, int slot, int func);
+        u32 (*base)(int num, int slot, int func, size_t size);
+};
+static const struct intel_stolen_funcs i830_stolen_funcs = {
+        .base = i830_stolen_base,
+        .size = i830_stolen_size,
+};
+static const struct intel_stolen_funcs i845_stolen_funcs = {
+        .base = i845_stolen_base,
+        .size = i830_stolen_size,
+};
+static const struct intel_stolen_funcs i85x_stolen_funcs = {
+        .base = i85x_stolen_base,
+        .size = gen3_stolen_size,
+};
+static const struct intel_stolen_funcs i865_stolen_funcs = {
+        .base = i865_stolen_base,
+        .size = gen3_stolen_size,
+};
+static const struct intel_stolen_funcs gen3_stolen_funcs = {
+        .base = intel_stolen_base,
+        .size = gen3_stolen_size,
+};
+static const struct intel_stolen_funcs gen6_stolen_funcs = {
+        .base = intel_stolen_base,
+        .size = gen6_stolen_size,
+};
+static const struct intel_stolen_funcs gen8_stolen_funcs = {
+        .base = intel_stolen_base,
+        .size = gen8_stolen_size,
+};
 static struct pci_device_id intel_stolen_ids[] __initdata = {
-        INTEL_I915G_IDS(gen3_stolen_size),
+        INTEL_I830_IDS(&i830_stolen_funcs),
-        INTEL_I915GM_IDS(gen3_stolen_size),
+        INTEL_I845G_IDS(&i845_stolen_funcs),
-        INTEL_I945G_IDS(gen3_stolen_size),
+        INTEL_I85X_IDS(&i85x_stolen_funcs),
-        INTEL_I945GM_IDS(gen3_stolen_size),
+        INTEL_I865G_IDS(&i865_stolen_funcs),
-        INTEL_VLV_M_IDS(gen6_stolen_size),
+        INTEL_I915G_IDS(&gen3_stolen_funcs),
-        INTEL_VLV_D_IDS(gen6_stolen_size),
+        INTEL_I915GM_IDS(&gen3_stolen_funcs),
-        INTEL_PINEVIEW_IDS(gen3_stolen_size),
+        INTEL_I945G_IDS(&gen3_stolen_funcs),
-        INTEL_I965G_IDS(gen3_stolen_size),
+        INTEL_I945GM_IDS(&gen3_stolen_funcs),
-        INTEL_G33_IDS(gen3_stolen_size),
+        INTEL_VLV_M_IDS(&gen6_stolen_funcs),
-        INTEL_I965GM_IDS(gen3_stolen_size),
+        INTEL_VLV_D_IDS(&gen6_stolen_funcs),
-        INTEL_GM45_IDS(gen3_stolen_size),
+        INTEL_PINEVIEW_IDS(&gen3_stolen_funcs),
-        INTEL_G45_IDS(gen3_stolen_size),
+        INTEL_I965G_IDS(&gen3_stolen_funcs),
-        INTEL_IRONLAKE_D_IDS(gen3_stolen_size),
+        INTEL_G33_IDS(&gen3_stolen_funcs),
-        INTEL_IRONLAKE_M_IDS(gen3_stolen_size),
+        INTEL_I965GM_IDS(&gen3_stolen_funcs),
-        INTEL_SNB_D_IDS(gen6_stolen_size),
+        INTEL_GM45_IDS(&gen3_stolen_funcs),
-        INTEL_SNB_M_IDS(gen6_stolen_size),
+        INTEL_G45_IDS(&gen3_stolen_funcs),
-        INTEL_IVB_M_IDS(gen6_stolen_size),
+        INTEL_IRONLAKE_D_IDS(&gen3_stolen_funcs),
-        INTEL_IVB_D_IDS(gen6_stolen_size),
+        INTEL_IRONLAKE_M_IDS(&gen3_stolen_funcs),
-        INTEL_HSW_D_IDS(gen6_stolen_size),
+        INTEL_SNB_D_IDS(&gen6_stolen_funcs),
-        INTEL_HSW_M_IDS(gen6_stolen_size),
+        INTEL_SNB_M_IDS(&gen6_stolen_funcs),
-        INTEL_BDW_M_IDS(gen8_stolen_size),
+        INTEL_IVB_M_IDS(&gen6_stolen_funcs),
-        INTEL_BDW_D_IDS(gen8_stolen_size)
+        INTEL_IVB_D_IDS(&gen6_stolen_funcs),
+        INTEL_HSW_D_IDS(&gen6_stolen_funcs),
+        INTEL_HSW_M_IDS(&gen6_stolen_funcs),
+        INTEL_BDW_M_IDS(&gen8_stolen_funcs),
+        INTEL_BDW_D_IDS(&gen8_stolen_funcs)
 };
 static void __init intel_graphics_stolen(int num, int slot, int func)
@@ -364,11 +512,13 @@ static void __init intel_graphics_stolen(int num, int slot, int func)
        for (i = 0; i < ARRAY_SIZE(intel_stolen_ids); i++) {
                if (intel_stolen_ids[i].device == device) {
-                        stolen_size_fn stolen_size =
+                        const struct intel_stolen_funcs *stolen_funcs =
-                                (stolen_size_fn)intel_stolen_ids[i].driver_data;
+                                (const struct intel_stolen_funcs *)intel_stolen_ids[i].driver_data;
-                        size = stolen_size(num, slot, func);
+                        size = stolen_funcs->size(num, slot, func);
-                        start = intel_stolen_base(num, slot, func);
+                        start = stolen_funcs->base(num, slot, func, size);
                        if (size && start) {
+                                printk(KERN_INFO "Reserving Intel graphics stolen memory at 0x%x-0x%x\n",
+                                       start, start + (u32)size - 1);
                                /* Mark this space as reserved */
                                e820_add_region(start, size, E820_RESERVED);
                                sanitize_e820_map(e820.map,
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index d4bdd253fea7..52819e816f87 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -77,8 +77,7 @@ within(unsigned long addr, unsigned long start, unsigned long end)
        return addr >= start && addr < end;
 }
-static int
+static unsigned long text_ip_addr(unsigned long ip)
-do_ftrace_mod_code(unsigned long ip, const void *new_code)
 {
        /*
         * On x86_64, kernel text mappings are mapped read-only with
@@ -91,7 +90,7 @@ do_ftrace_mod_code(unsigned long ip, const void *new_code)
        if (within(ip, (unsigned long)_text, (unsigned long)_etext))
                ip = (unsigned long)__va(__pa_symbol(ip));
-        return probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE);
+        return ip;
 }
 static const unsigned char *ftrace_nop_replace(void)
@@ -123,8 +122,10 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
        if (memcmp(replaced, old_code, MCOUNT_INSN_SIZE) != 0)
                return -EINVAL;
+        ip = text_ip_addr(ip);
        /* replace the text with the new text */
-        if (do_ftrace_mod_code(ip, new_code))
+        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
                return -EPERM;
        sync_core();
@@ -221,37 +222,51 @@ int ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr,
        return -EINVAL;
 }
-int ftrace_update_ftrace_func(ftrace_func_t func)
+static unsigned long ftrace_update_func;
+static int update_ftrace_func(unsigned long ip, void *new)
 {
-        unsigned long ip = (unsigned long)(&ftrace_call);
+        unsigned char old[MCOUNT_INSN_SIZE];
-        unsigned char old[MCOUNT_INSN_SIZE], *new;
        int ret;
-        memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
+        memcpy(old, (void *)ip, MCOUNT_INSN_SIZE);
-        new = ftrace_call_replace(ip, (unsigned long)func);
+        ftrace_update_func = ip;
+        /* Make sure the breakpoints see the ftrace_update_func update */
+        smp_wmb();
        /* See comment above by declaration of modifying_ftrace_code */
        atomic_inc(&modifying_ftrace_code);
        ret = ftrace_modify_code(ip, old, new);
+        atomic_dec(&modifying_ftrace_code);
+        return ret;
+}
+int ftrace_update_ftrace_func(ftrace_func_t func)
+{
+        unsigned long ip = (unsigned long)(&ftrace_call);
+        unsigned char *new;
+        int ret;
+        new = ftrace_call_replace(ip, (unsigned long)func);
+        ret = update_ftrace_func(ip, new);
        /* Also update the regs callback function */
        if (!ret) {
                ip = (unsigned long)(&ftrace_regs_call);
-                memcpy(old, &ftrace_regs_call, MCOUNT_INSN_SIZE);
                new = ftrace_call_replace(ip, (unsigned long)func);
-                ret = ftrace_modify_code(ip, old, new);
+                ret = update_ftrace_func(ip, new);
        }
-        atomic_dec(&modifying_ftrace_code);
        return ret;
 }
 static int is_ftrace_caller(unsigned long ip)
 {
-        if (ip == (unsigned long)(&ftrace_call) ||
+        if (ip == ftrace_update_func)
-                ip == (unsigned long)(&ftrace_regs_call))
                return 1;
        return 0;
@@ -293,7 +308,10 @@ static int ftrace_write(unsigned long ip, const char *val, int size)
        if (within(ip, (unsigned long)_text, (unsigned long)_etext))
                ip = (unsigned long)__va(__pa_symbol(ip));
-        return probe_kernel_write((void *)ip, val, size);
+        if (probe_kernel_write((void *)ip, val, size))
+                return -EPERM;
+        return 0;
 }
 static int add_break(unsigned long ip, const char *old)
@@ -308,10 +326,7 @@ static int add_break(unsigned long ip, const char *old)
        if (memcmp(replaced, old, MCOUNT_INSN_SIZE) != 0)
                return -EINVAL;
-        if (ftrace_write(ip, &brk, 1))
+        return ftrace_write(ip, &brk, 1);
-                return -EPERM;
-        return 0;
 }
 static int add_brk_on_call(struct dyn_ftrace *rec, unsigned long addr)
@@ -410,7 +425,7 @@ static int remove_breakpoint(struct dyn_ftrace *rec)
        /* If this does not have a breakpoint, we are done */
        if (ins[0] != brk)
-                return -1;
+                return 0;
        nop = ftrace_nop_replace();
@@ -440,7 +455,7 @@ static int remove_breakpoint(struct dyn_ftrace *rec)
        }
 update:
-        return probe_kernel_write((void *)ip, &nop[0], 1);
+        return ftrace_write(ip, nop, 1);
 }
 static int add_update_code(unsigned long ip, unsigned const char *new)
@@ -448,9 +463,7 @@ static int add_update_code(unsigned long ip, unsigned const char *new)
        /* skip breakpoint */
        ip++;
        new++;
-        if (ftrace_write(ip, new, MCOUNT_INSN_SIZE - 1))
+        return ftrace_write(ip, new, MCOUNT_INSN_SIZE - 1);
-                return -EPERM;
-        return 0;
 }
 static int add_update_call(struct dyn_ftrace *rec, unsigned long addr)
@@ -505,10 +518,7 @@ static int finish_update_call(struct dyn_ftrace *rec, unsigned long addr)
        new = ftrace_call_replace(ip, addr);
-        if (ftrace_write(ip, new, 1))
+        return ftrace_write(ip, new, 1);
-                return -EPERM;
-        return 0;
 }
 static int finish_update_nop(struct dyn_ftrace *rec)
@@ -518,9 +528,7 @@ static int finish_update_nop(struct dyn_ftrace *rec)
        new = ftrace_nop_replace();
-        if (ftrace_write(ip, new, 1))
+        return ftrace_write(ip, new, 1);
-                return -EPERM;
-        return 0;
 }
 static int finish_update(struct dyn_ftrace *rec, int enable)
@@ -617,8 +625,14 @@ void ftrace_replace_code(int enable)
        printk(KERN_WARNING "Failed on %s (%d):\n", report, count);
        for_ftrace_rec_iter(iter) {
                rec = ftrace_rec_iter_record(iter);
-                remove_breakpoint(rec);
+                /*
+                 * Breakpoints are handled only when this function is in
+                 * progress. The system could not work with them.
+                 */
+                if (remove_breakpoint(rec))
+                        BUG();
        }
+        run_sync();
 }
 static int
@@ -640,16 +654,19 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code,
        run_sync();
        ret = ftrace_write(ip, new_code, 1);
-        if (ret) {
+        /*
-                ret = -EPERM;
+         * The breakpoint is handled only when this function is in progress.
-                goto out;
+         * The system could not work if we could not remove it.
-        }
+         */
-        run_sync();
+        BUG_ON(ret);
 out:
+        run_sync();
        return ret;
 fail_update:
-        probe_kernel_write((void *)ip, &old_code[0], 1);
+        /* Also here the system could not work with the breakpoint */
+        if (ftrace_write(ip, old_code, 1))
+                BUG();
        goto out;
 }
@@ -663,11 +680,8 @@ void arch_ftrace_update_code(int command)
        atomic_dec(&modifying_ftrace_code);
 }
-int __init ftrace_dyn_arch_init(void *data)
+int __init ftrace_dyn_arch_init(void)
 {
-        /* The return code is retured via data */
-        *(unsigned long *)data = 0;
        return 0;
 }
 #endif
@@ -677,45 +691,41 @@ int __init ftrace_dyn_arch_init(void *data)
 #ifdef CONFIG_DYNAMIC_FTRACE
 extern void ftrace_graph_call(void);
-static int ftrace_mod_jmp(unsigned long ip,
+static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr)
-                          int old_offset, int new_offset)
 {
-        unsigned char code[MCOUNT_INSN_SIZE];
+        static union ftrace_code_union calc;
-        if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
+        /* Jmp not a call (ignore the .e8) */
-                return -EFAULT;
+        calc.e8         = 0xe9;
+        calc.offset     = ftrace_calc_offset(ip + MCOUNT_INSN_SIZE, addr);
-        if (code[0] != 0xe9 || old_offset != *(int *)(&code[1]))
+        /*
-                return -EINVAL;
+         * ftrace external locks synchronize the access to the static variable.
+         */
+        return calc.code;
+}
-        *(int *)(&code[1]) = new_offset;
+static int ftrace_mod_jmp(unsigned long ip, void *func)
+{
+        unsigned char *new;
-        if (do_ftrace_mod_code(ip, &code))
+        new = ftrace_jmp_replace(ip, (unsigned long)func);
-                return -EPERM;
-        return 0;
+        return update_ftrace_func(ip, new);
 }
 int ftrace_enable_ftrace_graph_caller(void)
 {
        unsigned long ip = (unsigned long)(&ftrace_graph_call);
-        int old_offset, new_offset;
-        old_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
-        new_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
-        return ftrace_mod_jmp(ip, old_offset, new_offset);
+        return ftrace_mod_jmp(ip, &ftrace_graph_caller);
 }
 int ftrace_disable_ftrace_graph_caller(void)
 {
        unsigned long ip = (unsigned long)(&ftrace_graph_call);
-        int old_offset, new_offset;
-        old_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
-        new_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
-        return ftrace_mod_jmp(ip, old_offset, new_offset);
+        return ftrace_mod_jmp(ip, &ftrace_stub);
 }
 #endif /* !CONFIG_DYNAMIC_FTRACE */
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index 81ba27679f18..f36bd42d6f0c 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -544,6 +544,10 @@ ENDPROC(early_idt_handlers)
        /* This is global to keep gas from relaxing the jumps */
 ENTRY(early_idt_handler)
        cld
+        cmpl $2,(%esp)          # X86_TRAP_NMI
+        je is_nmi               # Ignore NMI
        cmpl $2,%ss:early_recursion_flag
        je hlt_loop
        incl %ss:early_recursion_flag
@@ -594,8 +598,9 @@ ex_entry:
        pop %edx
        pop %ecx
        pop %eax
-        addl $8,%esp            /* drop vector number and error code */
        decl %ss:early_recursion_flag
+is_nmi:
+        addl $8,%esp            /* drop vector number and error code */
        iret
 ENDPROC(early_idt_handler)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index e1aabdb314c8..a468c0a65c42 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -343,6 +343,9 @@ early_idt_handlers:
 ENTRY(early_idt_handler)
        cld
+        cmpl $2,(%rsp)          # X86_TRAP_NMI
+        je is_nmi               # Ignore NMI
        cmpl $2,early_recursion_flag(%rip)
        jz  1f
        incl early_recursion_flag(%rip)
@@ -405,8 +408,9 @@ ENTRY(early_idt_handler)
        popq %rdx
        popq %rcx
        popq %rax
-        addq $16,%rsp           # drop vector number and error code
        decl early_recursion_flag(%rip)
+is_nmi:
+        addq $16,%rsp           # drop vector number and error code
        INTERRUPT_RETURN
 ENDPROC(early_idt_handler)
diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
index da85a8e830a1..8d80ae011603 100644
--- a/arch/x86/kernel/hpet.c
+++ b/arch/x86/kernel/hpet.c
@@ -521,7 +521,7 @@ static int hpet_setup_irq(struct hpet_dev *dev)
 {
        if (request_irq(dev->irq, hpet_interrupt_handler,
-                        IRQF_TIMER | IRQF_DISABLED | IRQF_NOBALANCING,
+                        IRQF_TIMER | IRQF_NOBALANCING,
                        dev->name, dev))
                return -1;
@@ -699,7 +699,7 @@ static int hpet_cpuhp_notify(struct notifier_block *n,
                /* FIXME: add schedule_work_on() */
                schedule_delayed_work_on(cpu, &work.work, 0);
                wait_for_completion(&work.complete);
-                destroy_timer_on_stack(&work.work.timer);
+                destroy_delayed_work_on_stack(&work.work);
                break;
        case CPU_DEAD:
                if (hdev) {
@@ -752,9 +752,7 @@ static struct clocksource clocksource_hpet = {
        .mask           = HPET_MASK,
        .flags          = CLOCK_SOURCE_IS_CONTINUOUS,
        .resume         = hpet_resume_counter,
-#ifdef CONFIG_X86_64
        .archdata       = { .vclock_mode = VCLOCK_HPET },
-#endif
 };
 static int hpet_clocksource_register(void)
@@ -943,12 +941,14 @@ static __init int hpet_late_init(void)
        if (boot_cpu_has(X86_FEATURE_ARAT))
                return 0;
+        cpu_notifier_register_begin();
        for_each_online_cpu(cpu) {
                hpet_cpuhp_notify(NULL, CPU_ONLINE, (void *)(long)cpu);
        }
        /* This notifier should be called after workqueue is ready */
-        hotcpu_notifier(hpet_cpuhp_notify, -20);
+        __hotcpu_notifier(hpet_cpuhp_notify, -20);
+        cpu_notifier_register_done();
        return 0;
 }
diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c
index f66ff162dce8..a67b47c31314 100644
--- a/arch/x86/kernel/hw_breakpoint.c
+++ b/arch/x86/kernel/hw_breakpoint.c
@@ -38,7 +38,6 @@
 #include <linux/kernel.h>
 #include <linux/module.h>
 #include <linux/sched.h>
-#include <linux/init.h>
 #include <linux/smp.h>
 #include <asm/hw_breakpoint.h>
diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
index e8368c6dd2a2..d5dd80814419 100644
--- a/arch/x86/kernel/i387.c
+++ b/arch/x86/kernel/i387.c
@@ -86,10 +86,19 @@ EXPORT_SYMBOL(__kernel_fpu_begin);
 void __kernel_fpu_end(void)
 {
-        if (use_eager_fpu())
+        if (use_eager_fpu()) {
-                math_state_restore();
+                /*
-        else
+                 * For eager fpu, most the time, tsk_used_math() is true.
+                 * Restore the user math as we are done with the kernel usage.
+                 * At few instances during thread exit, signal handling etc,
+                 * tsk_used_math() is false. Those few places will take proper
+                 * actions, so we don't need to restore the math here.
+                 */
+                if (likely(tsk_used_math(current)))
+                        math_state_restore();
+        } else {
                stts();
+        }
 }
 EXPORT_SYMBOL(__kernel_fpu_end);
diff --git a/arch/x86/kernel/iosf_mbi.c b/arch/x86/kernel/iosf_mbi.c
new file mode 100644
index 000000000000..c3aae6672843
--- /dev/null
+++ b/arch/x86/kernel/iosf_mbi.c
@@ -0,0 +1,226 @@
+/*
+ * IOSF-SB MailBox Interface Driver
+ * Copyright (c) 2013, Intel Corporation.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ *
+ * The IOSF-SB is a fabric bus available on Atom based SOC's that uses a
+ * mailbox interface (MBI) to communicate with mutiple devices. This
+ * driver implements access to this interface for those platforms that can
+ * enumerate the device using PCI.
+ */
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/spinlock.h>
+#include <linux/pci.h>
+#include <asm/iosf_mbi.h>
+static DEFINE_SPINLOCK(iosf_mbi_lock);
+static inline u32 iosf_mbi_form_mcr(u8 op, u8 port, u8 offset)
+{
+        return (op << 24) | (port << 16) | (offset << 8) | MBI_ENABLE;
+}
+static struct pci_dev *mbi_pdev;        /* one mbi device */
+static int iosf_mbi_pci_read_mdr(u32 mcrx, u32 mcr, u32 *mdr)
+{
+        int result;
+        if (!mbi_pdev)
+                return -ENODEV;
+        if (mcrx) {
+                result = pci_write_config_dword(mbi_pdev, MBI_MCRX_OFFSET,
+                                                mcrx);
+                if (result < 0)
+                        goto fail_read;
+        }
+        result = pci_write_config_dword(mbi_pdev, MBI_MCR_OFFSET, mcr);
+        if (result < 0)
+                goto fail_read;
+        result = pci_read_config_dword(mbi_pdev, MBI_MDR_OFFSET, mdr);
+        if (result < 0)
+                goto fail_read;
+        return 0;
+fail_read:
+        dev_err(&mbi_pdev->dev, "PCI config access failed with %d\n", result);
+        return result;
+}
+static int iosf_mbi_pci_write_mdr(u32 mcrx, u32 mcr, u32 mdr)
+{
+        int result;
+        if (!mbi_pdev)
+                return -ENODEV;
+        result = pci_write_config_dword(mbi_pdev, MBI_MDR_OFFSET, mdr);
+        if (result < 0)
+                goto fail_write;
+        if (mcrx) {
+                result = pci_write_config_dword(mbi_pdev, MBI_MCRX_OFFSET,
+                                                mcrx);
+                if (result < 0)
+                        goto fail_write;
+        }
+        result = pci_write_config_dword(mbi_pdev, MBI_MCR_OFFSET, mcr);
+        if (result < 0)
+                goto fail_write;
+        return 0;
+fail_write:
+        dev_err(&mbi_pdev->dev, "PCI config access failed with %d\n", result);
+        return result;
+}
+int iosf_mbi_read(u8 port, u8 opcode, u32 offset, u32 *mdr)
+{
+        u32 mcr, mcrx;
+        unsigned long flags;
+        int ret;
+        /*Access to the GFX unit is handled by GPU code */
+        if (port == BT_MBI_UNIT_GFX) {
+                WARN_ON(1);
+                return -EPERM;
+        }
+        mcr = iosf_mbi_form_mcr(opcode, port, offset & MBI_MASK_LO);
+        mcrx = offset & MBI_MASK_HI;
+        spin_lock_irqsave(&iosf_mbi_lock, flags);
+        ret = iosf_mbi_pci_read_mdr(mcrx, mcr, mdr);
+        spin_unlock_irqrestore(&iosf_mbi_lock, flags);
+        return ret;
+}
+EXPORT_SYMBOL(iosf_mbi_read);
+int iosf_mbi_write(u8 port, u8 opcode, u32 offset, u32 mdr)
+{
+        u32 mcr, mcrx;
+        unsigned long flags;
+        int ret;
+        /*Access to the GFX unit is handled by GPU code */
+        if (port == BT_MBI_UNIT_GFX) {
+                WARN_ON(1);
+                return -EPERM;
+        }
+        mcr = iosf_mbi_form_mcr(opcode, port, offset & MBI_MASK_LO);
+        mcrx = offset & MBI_MASK_HI;
+        spin_lock_irqsave(&iosf_mbi_lock, flags);
+        ret = iosf_mbi_pci_write_mdr(mcrx, mcr, mdr);
+        spin_unlock_irqrestore(&iosf_mbi_lock, flags);
+        return ret;
+}
+EXPORT_SYMBOL(iosf_mbi_write);
+int iosf_mbi_modify(u8 port, u8 opcode, u32 offset, u32 mdr, u32 mask)
+{
+        u32 mcr, mcrx;
+        u32 value;
+        unsigned long flags;
+        int ret;
+        /*Access to the GFX unit is handled by GPU code */
+        if (port == BT_MBI_UNIT_GFX) {
+                WARN_ON(1);
+                return -EPERM;
+        }
+        mcr = iosf_mbi_form_mcr(opcode, port, offset & MBI_MASK_LO);
+        mcrx = offset & MBI_MASK_HI;
+        spin_lock_irqsave(&iosf_mbi_lock, flags);
+        /* Read current mdr value */
+        ret = iosf_mbi_pci_read_mdr(mcrx, mcr & MBI_RD_MASK, &value);
+        if (ret < 0) {
+                spin_unlock_irqrestore(&iosf_mbi_lock, flags);
+                return ret;
+        }
+        /* Apply mask */
+        value &= ~mask;
+        mdr &= mask;
+        value |= mdr;
+        /* Write back */
+        ret = iosf_mbi_pci_write_mdr(mcrx, mcr | MBI_WR_MASK, value);
+        spin_unlock_irqrestore(&iosf_mbi_lock, flags);
+        return ret;
+}
+EXPORT_SYMBOL(iosf_mbi_modify);
+static int iosf_mbi_probe(struct pci_dev *pdev,
+                          const struct pci_device_id *unused)
+{
+        int ret;
+        ret = pci_enable_device(pdev);
+        if (ret < 0) {
+                dev_err(&pdev->dev, "error: could not enable device\n");
+                return ret;
+        }
+        mbi_pdev = pci_dev_get(pdev);
+        return 0;
+}
+static DEFINE_PCI_DEVICE_TABLE(iosf_mbi_pci_ids) = {
+        { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x0F00) },
+        { 0, },
+};
+MODULE_DEVICE_TABLE(pci, iosf_mbi_pci_ids);
+static struct pci_driver iosf_mbi_pci_driver = {
+        .name           = "iosf_mbi_pci",
+        .probe          = iosf_mbi_probe,
+        .id_table       = iosf_mbi_pci_ids,
+};
+static int __init iosf_mbi_init(void)
+{
+        return pci_register_driver(&iosf_mbi_pci_driver);
+}
+static void __exit iosf_mbi_exit(void)
+{
+        pci_unregister_driver(&iosf_mbi_pci_driver);
+        if (mbi_pdev) {
+                pci_dev_put(mbi_pdev);
+                mbi_pdev = NULL;
+        }
+}
+module_init(iosf_mbi_init);
+module_exit(iosf_mbi_exit);
+MODULE_AUTHOR("David E. Box <david.e.box@linux.intel.com>");
+MODULE_DESCRIPTION("IOSF Mailbox Interface accessor");
+MODULE_LICENSE("GPL v2");
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index 22d0687e7fda..283a76a9cc40 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -125,6 +125,12 @@ int arch_show_interrupts(struct seq_file *p, int prec)
                seq_printf(p, "%10u ", per_cpu(mce_poll_count, j));
        seq_printf(p, "  Machine check polls\n");
 #endif
+#if IS_ENABLED(CONFIG_HYPERV) || defined(CONFIG_XEN)
+        seq_printf(p, "%*s: ", prec, "THR");
+        for_each_online_cpu(j)
+                seq_printf(p, "%10u ", irq_stats(j)->irq_hv_callback_count);
+        seq_printf(p, "  Hypervisor callback interrupts\n");
+#endif
        seq_printf(p, "%*s: %10u\n", prec, "ERR", atomic_read(&irq_err_count));
 #if defined(CONFIG_X86_IO_APIC)
        seq_printf(p, "%*s: %10u\n", prec, "MIS", atomic_read(&irq_mis_count));
@@ -193,9 +199,13 @@ __visible unsigned int __irq_entry do_IRQ(struct pt_regs *regs)
        if (!handle_irq(irq, regs)) {
                ack_APIC_irq();
-                if (printk_ratelimit())
+                if (irq != VECTOR_RETRIGGERED) {
-                        pr_emerg("%s: %d.%d No irq handler for vector (irq %d)\n",
+                        pr_emerg_ratelimited("%s: %d.%d No irq handler for vector (irq %d)\n",
-                                __func__, smp_processor_id(), vector, irq);
+                                             __func__, smp_processor_id(),
+                                             vector, irq);
+                } else {
+                        __this_cpu_write(vector_irq[vector], VECTOR_UNDEFINED);
+                }
        }
        irq_exit();
@@ -262,6 +272,83 @@ __visible void smp_trace_x86_platform_ipi(struct pt_regs *regs)
 EXPORT_SYMBOL_GPL(vector_used_by_percpu_irq);
 #ifdef CONFIG_HOTPLUG_CPU
+/* These two declarations are only used in check_irq_vectors_for_cpu_disable()
+ * below, which is protected by stop_machine().  Putting them on the stack
+ * results in a stack frame overflow.  Dynamically allocating could result in a
+ * failure so declare these two cpumasks as global.
+ */
+static struct cpumask affinity_new, online_new;
+/*
+ * This cpu is going to be removed and its vectors migrated to the remaining
+ * online cpus.  Check to see if there are enough vectors in the remaining cpus.
+ * This function is protected by stop_machine().
+ */
+int check_irq_vectors_for_cpu_disable(void)
+{
+        int irq, cpu;
+        unsigned int this_cpu, vector, this_count, count;
+        struct irq_desc *desc;
+        struct irq_data *data;
+        this_cpu = smp_processor_id();
+        cpumask_copy(&online_new, cpu_online_mask);
+        cpu_clear(this_cpu, online_new);
+        this_count = 0;
+        for (vector = FIRST_EXTERNAL_VECTOR; vector < NR_VECTORS; vector++) {
+                irq = __this_cpu_read(vector_irq[vector]);
+                if (irq >= 0) {
+                        desc = irq_to_desc(irq);
+                        data = irq_desc_get_irq_data(desc);
+                        cpumask_copy(&affinity_new, data->affinity);
+                        cpu_clear(this_cpu, affinity_new);
+                        /* Do not count inactive or per-cpu irqs. */
+                        if (!irq_has_action(irq) || irqd_is_per_cpu(data))
+                                continue;
+                        /*
+                         * A single irq may be mapped to multiple
+                         * cpu's vector_irq[] (for example IOAPIC cluster
+                         * mode).  In this case we have two
+                         * possibilities:
+                         *
+                         * 1) the resulting affinity mask is empty; that is
+                         * this the down'd cpu is the last cpu in the irq's
+                         * affinity mask, or
+                         *
+                         * 2) the resulting affinity mask is no longer
+                         * a subset of the online cpus but the affinity
+                         * mask is not zero; that is the down'd cpu is the
+                         * last online cpu in a user set affinity mask.
+                         */
+                        if (cpumask_empty(&affinity_new) ||
+                            !cpumask_subset(&affinity_new, &online_new))
+                                this_count++;
+                }
+        }
+        count = 0;
+        for_each_online_cpu(cpu) {
+                if (cpu == this_cpu)
+                        continue;
+                for (vector = FIRST_EXTERNAL_VECTOR; vector < NR_VECTORS;
+                     vector++) {
+                        if (per_cpu(vector_irq, cpu)[vector] < 0)
+                                count++;
+                }
+        }
+        if (count < this_count) {
+                pr_warn("CPU %d disable failed: CPU has %u vectors assigned and there are only %u available.\n",
+                        this_cpu, this_count, count);
+                return -ERANGE;
+        }
+        return 0;
+}
 /* A cpu has been removed from cpu_online_mask.  Reset irq affinities. */
 void fixup_irqs(void)
 {
@@ -344,7 +431,7 @@ void fixup_irqs(void)
        for (vector = FIRST_EXTERNAL_VECTOR; vector < NR_VECTORS; vector++) {
                unsigned int irr;
-                if (__this_cpu_read(vector_irq[vector]) < 0)
+                if (__this_cpu_read(vector_irq[vector]) <= VECTOR_UNDEFINED)
                        continue;
                irr = apic_read(APIC_IRR + (vector / 32 * 0x10));
@@ -355,11 +442,14 @@ void fixup_irqs(void)
                        data = irq_desc_get_irq_data(desc);
                        chip = irq_data_get_irq_chip(data);
                        raw_spin_lock(&desc->lock);
-                        if (chip->irq_retrigger)
+                        if (chip->irq_retrigger) {
                                chip->irq_retrigger(data);
+                                __this_cpu_write(vector_irq[vector], VECTOR_RETRIGGERED);
+                        }
                        raw_spin_unlock(&desc->lock);
                }
-                __this_cpu_write(vector_irq[vector], -1);
+                if (__this_cpu_read(vector_irq[vector]) != VECTOR_RETRIGGERED)
+                        __this_cpu_write(vector_irq[vector], VECTOR_UNDEFINED);
        }
 }
 #endif
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
index d7fcbedc9c43..63ce838e5a54 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -55,16 +55,8 @@ static inline int check_stack_overflow(void) { return 0; }
 static inline void print_stack_overflow(void) { }
 #endif
-/*
+DEFINE_PER_CPU(struct irq_stack *, hardirq_stack);
- * per-CPU IRQ handling contexts (thread information and stack)
+DEFINE_PER_CPU(struct irq_stack *, softirq_stack);
- */
-union irq_ctx {
-        struct thread_info      tinfo;
-        u32                     stack[THREAD_SIZE/sizeof(u32)];
-} __attribute__((aligned(THREAD_SIZE)));
-static DEFINE_PER_CPU(union irq_ctx *, hardirq_ctx);
-static DEFINE_PER_CPU(union irq_ctx *, softirq_ctx);
 static void call_on_stack(void *func, void *stack)
 {
@@ -77,14 +69,26 @@ static void call_on_stack(void *func, void *stack)
                     : "memory", "cc", "edx", "ecx", "eax");
 }
+/* how to get the current stack pointer from C */
+#define current_stack_pointer ({                \
+        unsigned long sp;                       \
+        asm("mov %%esp,%0" : "=g" (sp));        \
+        sp;                                     \
+})
+static inline void *current_stack(void)
+{
+        return (void *)(current_stack_pointer & ~(THREAD_SIZE - 1));
+}
 static inline int
 execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
 {
-        union irq_ctx *curctx, *irqctx;
+        struct irq_stack *curstk, *irqstk;
-        u32 *isp, arg1, arg2;
+        u32 *isp, *prev_esp, arg1, arg2;
-        curctx = (union irq_ctx *) current_thread_info();
+        curstk = (struct irq_stack *) current_stack();
-        irqctx = __this_cpu_read(hardirq_ctx);
+        irqstk = __this_cpu_read(hardirq_stack);
        /*
         * this is where we switch to the IRQ stack. However, if we are
@@ -92,13 +96,14 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
         * handler) we can't do that and just have to keep using the
         * current stack (which is the irq stack already after all)
         */
-        if (unlikely(curctx == irqctx))
+        if (unlikely(curstk == irqstk))
                return 0;
-        /* build the stack frame on the IRQ stack */
+        isp = (u32 *) ((char *)irqstk + sizeof(*irqstk));
-        isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
-        irqctx->tinfo.task = curctx->tinfo.task;
+        /* Save the next esp at the bottom of the stack */
-        irqctx->tinfo.previous_esp = current_stack_pointer;
+        prev_esp = (u32 *)irqstk;
+        *prev_esp = current_stack_pointer;
        if (unlikely(overflow))
                call_on_stack(print_stack_overflow, isp);
@@ -118,46 +123,40 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
 */
 void irq_ctx_init(int cpu)
 {
-        union irq_ctx *irqctx;
+        struct irq_stack *irqstk;
-        if (per_cpu(hardirq_ctx, cpu))
+        if (per_cpu(hardirq_stack, cpu))
                return;
-        irqctx = page_address(alloc_pages_node(cpu_to_node(cpu),
+        irqstk = page_address(alloc_pages_node(cpu_to_node(cpu),
                                               THREADINFO_GFP,
                                               THREAD_SIZE_ORDER));
-        memset(&irqctx->tinfo, 0, sizeof(struct thread_info));
+        per_cpu(hardirq_stack, cpu) = irqstk;
-        irqctx->tinfo.cpu               = cpu;
-        irqctx->tinfo.addr_limit        = MAKE_MM_SEG(0);
-        per_cpu(hardirq_ctx, cpu) = irqctx;
-        irqctx = page_address(alloc_pages_node(cpu_to_node(cpu),
+        irqstk = page_address(alloc_pages_node(cpu_to_node(cpu),
                                               THREADINFO_GFP,
                                               THREAD_SIZE_ORDER));
-        memset(&irqctx->tinfo, 0, sizeof(struct thread_info));
+        per_cpu(softirq_stack, cpu) = irqstk;
-        irqctx->tinfo.cpu               = cpu;
-        irqctx->tinfo.addr_limit        = MAKE_MM_SEG(0);
-        per_cpu(softirq_ctx, cpu) = irqctx;
        printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n",
-               cpu, per_cpu(hardirq_ctx, cpu),  per_cpu(softirq_ctx, cpu));
+               cpu, per_cpu(hardirq_stack, cpu),  per_cpu(softirq_stack, cpu));
 }
 void do_softirq_own_stack(void)
 {
-        struct thread_info *curctx;
+        struct thread_info *curstk;
-        union irq_ctx *irqctx;
+        struct irq_stack *irqstk;
-        u32 *isp;
+        u32 *isp, *prev_esp;
-        curctx = current_thread_info();
+        curstk = current_stack();
-        irqctx = __this_cpu_read(softirq_ctx);
+        irqstk = __this_cpu_read(softirq_stack);
-        irqctx->tinfo.task = curctx->task;
-        irqctx->tinfo.previous_esp = current_stack_pointer;
        /* build the stack frame on the softirq stack */
-        isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
+        isp = (u32 *) ((char *)irqstk + sizeof(*irqstk));
+        /* Push the previous esp onto the stack */
+        prev_esp = (u32 *)irqstk;
+        *prev_esp = current_stack_pointer;
        call_on_stack(__do_softirq, isp);
 }
diff --git a/arch/x86/kernel/irqinit.c b/arch/x86/kernel/irqinit.c
index a2a1fbc594ff..7f50156542fb 100644
--- a/arch/x86/kernel/irqinit.c
+++ b/arch/x86/kernel/irqinit.c
@@ -52,7 +52,7 @@ static struct irqaction irq2 = {
 };
 DEFINE_PER_CPU(vector_irq_t, vector_irq) = {
-        [0 ... NR_VECTORS - 1] = -1,
+        [0 ... NR_VECTORS - 1] = VECTOR_UNDEFINED,
 };
 int vector_used_by_percpu_irq(unsigned int vector)
@@ -60,7 +60,7 @@ int vector_used_by_percpu_irq(unsigned int vector)
        int cpu;
        for_each_online_cpu(cpu) {
-                if (per_cpu(vector_irq, cpu)[vector] != -1)
+                if (per_cpu(vector_irq, cpu)[vector] > VECTOR_UNDEFINED)
                        return 1;
        }
diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
index 836f8322960e..7ec1d5f8d283 100644
--- a/arch/x86/kernel/kgdb.c
+++ b/arch/x86/kernel/kgdb.c
@@ -39,7 +39,6 @@
 #include <linux/sched.h>
 #include <linux/delay.h>
 #include <linux/kgdb.h>
-#include <linux/init.h>
 #include <linux/smp.h>
 #include <linux/nmi.h>
 #include <linux/hw_breakpoint.h>
diff --git a/arch/x86/kernel/ksysfs.c b/arch/x86/kernel/ksysfs.c
new file mode 100644
index 000000000000..c2bedaea11f7
--- /dev/null
+++ b/arch/x86/kernel/ksysfs.c
@@ -0,0 +1,340 @@
+/*
+ * Architecture specific sysfs attributes in /sys/kernel
+ *
+ * Copyright (C) 2007, Intel Corp.
+ *      Huang Ying <ying.huang@intel.com>
+ * Copyright (C) 2013, 2013 Red Hat, Inc.
+ *      Dave Young <dyoung@redhat.com>
+ *
+ * This file is released under the GPLv2
+ */
+#include <linux/kobject.h>
+#include <linux/string.h>
+#include <linux/sysfs.h>
+#include <linux/init.h>
+#include <linux/stat.h>
+#include <linux/slab.h>
+#include <linux/mm.h>
+#include <asm/io.h>
+#include <asm/setup.h>
+static ssize_t version_show(struct kobject *kobj,
+                            struct kobj_attribute *attr, char *buf)
+{
+        return sprintf(buf, "0x%04x\n", boot_params.hdr.version);
+}
+static struct kobj_attribute boot_params_version_attr = __ATTR_RO(version);
+static ssize_t boot_params_data_read(struct file *fp, struct kobject *kobj,
+                                     struct bin_attribute *bin_attr,
+                                     char *buf, loff_t off, size_t count)
+{
+        memcpy(buf, (void *)&boot_params + off, count);
+        return count;
+}
+static struct bin_attribute boot_params_data_attr = {
+        .attr = {
+                .name = "data",
+                .mode = S_IRUGO,
+        },
+        .read = boot_params_data_read,
+        .size = sizeof(boot_params),
+};
+static struct attribute *boot_params_version_attrs[] = {
+        &boot_params_version_attr.attr,
+        NULL,
+};
+static struct bin_attribute *boot_params_data_attrs[] = {
+        &boot_params_data_attr,
+        NULL,
+};
+static struct attribute_group boot_params_attr_group = {
+        .attrs = boot_params_version_attrs,
+        .bin_attrs = boot_params_data_attrs,
+};
+static int kobj_to_setup_data_nr(struct kobject *kobj, int *nr)
+{
+        const char *name;
+        name = kobject_name(kobj);
+        return kstrtoint(name, 10, nr);
+}
+static int get_setup_data_paddr(int nr, u64 *paddr)
+{
+        int i = 0;
+        struct setup_data *data;
+        u64 pa_data = boot_params.hdr.setup_data;
+        while (pa_data) {
+                if (nr == i) {
+                        *paddr = pa_data;
+                        return 0;
+                }
+                data = ioremap_cache(pa_data, sizeof(*data));
+                if (!data)
+                        return -ENOMEM;
+                pa_data = data->next;
+                iounmap(data);
+                i++;
+        }
+        return -EINVAL;
+}
+static int __init get_setup_data_size(int nr, size_t *size)
+{
+        int i = 0;
+        struct setup_data *data;
+        u64 pa_data = boot_params.hdr.setup_data;
+        while (pa_data) {
+                data = ioremap_cache(pa_data, sizeof(*data));
+                if (!data)
+                        return -ENOMEM;
+                if (nr == i) {
+                        *size = data->len;
+                        iounmap(data);
+                        return 0;
+                }
+                pa_data = data->next;
+                iounmap(data);
+                i++;
+        }
+        return -EINVAL;
+}
+static ssize_t type_show(struct kobject *kobj,
+                         struct kobj_attribute *attr, char *buf)
+{
+        int nr, ret;
+        u64 paddr;
+        struct setup_data *data;
+        ret = kobj_to_setup_data_nr(kobj, &nr);
+        if (ret)
+                return ret;
+        ret = get_setup_data_paddr(nr, &paddr);
+        if (ret)
+                return ret;
+        data = ioremap_cache(paddr, sizeof(*data));
+        if (!data)
+                return -ENOMEM;
+        ret = sprintf(buf, "0x%x\n", data->type);
+        iounmap(data);
+        return ret;
+}
+static ssize_t setup_data_data_read(struct file *fp,
+                                    struct kobject *kobj,
+                                    struct bin_attribute *bin_attr,
+                                    char *buf,
+                                    loff_t off, size_t count)
+{
+        int nr, ret = 0;
+        u64 paddr;
+        struct setup_data *data;
+        void *p;
+        ret = kobj_to_setup_data_nr(kobj, &nr);
+        if (ret)
+                return ret;
+        ret = get_setup_data_paddr(nr, &paddr);
+        if (ret)
+                return ret;
+        data = ioremap_cache(paddr, sizeof(*data));
+        if (!data)
+                return -ENOMEM;
+        if (off > data->len) {
+                ret = -EINVAL;
+                goto out;
+        }
+        if (count > data->len - off)
+                count = data->len - off;
+        if (!count)
+                goto out;
+        ret = count;
+        p = ioremap_cache(paddr + sizeof(*data), data->len);
+        if (!p) {
+                ret = -ENOMEM;
+                goto out;
+        }
+        memcpy(buf, p + off, count);
+        iounmap(p);
+out:
+        iounmap(data);
+        return ret;
+}
+static struct kobj_attribute type_attr = __ATTR_RO(type);
+static struct bin_attribute data_attr = {
+        .attr = {
+                .name = "data",
+                .mode = S_IRUGO,
+        },
+        .read = setup_data_data_read,
+};
+static struct attribute *setup_data_type_attrs[] = {
+        &type_attr.attr,
+        NULL,
+};
+static struct bin_attribute *setup_data_data_attrs[] = {
+        &data_attr,
+        NULL,
+};
+static struct attribute_group setup_data_attr_group = {
+        .attrs = setup_data_type_attrs,
+        .bin_attrs = setup_data_data_attrs,
+};
+static int __init create_setup_data_node(struct kobject *parent,
+                                         struct kobject **kobjp, int nr)
+{
+        int ret = 0;
+        size_t size;
+        struct kobject *kobj;
+        char name[16]; /* should be enough for setup_data nodes numbers */
+        snprintf(name, 16, "%d", nr);
+        kobj = kobject_create_and_add(name, parent);
+        if (!kobj)
+                return -ENOMEM;
+        ret = get_setup_data_size(nr, &size);
+        if (ret)
+                goto out_kobj;
+        data_attr.size = size;
+        ret = sysfs_create_group(kobj, &setup_data_attr_group);
+        if (ret)
+                goto out_kobj;
+        *kobjp = kobj;
+        return 0;
+out_kobj:
+        kobject_put(kobj);
+        return ret;
+}
+static void __init cleanup_setup_data_node(struct kobject *kobj)
+{
+        sysfs_remove_group(kobj, &setup_data_attr_group);
+        kobject_put(kobj);
+}
+static int __init get_setup_data_total_num(u64 pa_data, int *nr)
+{
+        int ret = 0;
+        struct setup_data *data;
+        *nr = 0;
+        while (pa_data) {
+                *nr += 1;
+                data = ioremap_cache(pa_data, sizeof(*data));
+                if (!data) {
+                        ret = -ENOMEM;
+                        goto out;
+                }
+                pa_data = data->next;
+                iounmap(data);
+        }
+out:
+        return ret;
+}
+static int __init create_setup_data_nodes(struct kobject *parent)
+{
+        struct kobject *setup_data_kobj, **kobjp;
+        u64 pa_data;
+        int i, j, nr, ret = 0;
+        pa_data = boot_params.hdr.setup_data;
+        if (!pa_data)
+                return 0;
+        setup_data_kobj = kobject_create_and_add("setup_data", parent);
+        if (!setup_data_kobj) {
+                ret = -ENOMEM;
+                goto out;
+        }
+        ret = get_setup_data_total_num(pa_data, &nr);
+        if (ret)
+                goto out_setup_data_kobj;
+        kobjp = kmalloc(sizeof(*kobjp) * nr, GFP_KERNEL);
+        if (!kobjp) {
+                ret = -ENOMEM;
+                goto out_setup_data_kobj;
+        }
+        for (i = 0; i < nr; i++) {
+                ret = create_setup_data_node(setup_data_kobj, kobjp + i, i);
+                if (ret)
+                        goto out_clean_nodes;
+        }
+        kfree(kobjp);
+        return 0;
+out_clean_nodes:
+        for (j = i - 1; j > 0; j--)
+                cleanup_setup_data_node(*(kobjp + j));
+        kfree(kobjp);
+out_setup_data_kobj:
+        kobject_put(setup_data_kobj);
+out:
+        return ret;
+}
+static int __init boot_params_ksysfs_init(void)
+{
+        int ret;
+        struct kobject *boot_params_kobj;
+        boot_params_kobj = kobject_create_and_add("boot_params",
+                                                  kernel_kobj);
+        if (!boot_params_kobj) {
+                ret = -ENOMEM;
+                goto out;
+        }
+        ret = sysfs_create_group(boot_params_kobj, &boot_params_attr_group);
+        if (ret)
+                goto out_boot_params_kobj;
+        ret = create_setup_data_nodes(boot_params_kobj);
+        if (ret)
+                goto out_create_group;
+        return 0;
+out_create_group:
+        sysfs_remove_group(boot_params_kobj, &boot_params_attr_group);
+out_boot_params_kobj:
+        kobject_put(boot_params_kobj);
+out:
+        return ret;
+}
+arch_initcall(boot_params_ksysfs_init);
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
index 6dd802c6d780..0331cb389d68 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -417,7 +417,6 @@ void kvm_disable_steal_time(void)
 #ifdef CONFIG_SMP
 static void __init kvm_smp_prepare_boot_cpu(void)
 {
-        WARN_ON(kvm_register_clock("primary cpu clock"));
        kvm_guest_cpu_init();
        native_smp_prepare_boot_cpu();
        kvm_spinlock_init();
@@ -500,6 +499,38 @@ void __init kvm_guest_init(void)
 #endif
 }
+static noinline uint32_t __kvm_cpuid_base(void)
+{
+        if (boot_cpu_data.cpuid_level < 0)
+                return 0;       /* So we don't blow up on old processors */
+        if (cpu_has_hypervisor)
+                return hypervisor_cpuid_base("KVMKVMKVM\0\0\0", 0);
+        return 0;
+}
+static inline uint32_t kvm_cpuid_base(void)
+{
+        static int kvm_cpuid_base = -1;
+        if (kvm_cpuid_base == -1)
+                kvm_cpuid_base = __kvm_cpuid_base();
+        return kvm_cpuid_base;
+}
+bool kvm_para_available(void)
+{
+        return kvm_cpuid_base() != 0;
+}
+EXPORT_SYMBOL_GPL(kvm_para_available);
+unsigned int kvm_arch_para_features(void)
+{
+        return cpuid_eax(kvm_cpuid_base() | KVM_CPUID_FEATURES);
+}
 static uint32_t __init kvm_detect(void)
 {
        return kvm_cpuid_base();
@@ -673,7 +704,7 @@ static cpumask_t waiting_cpus;
 /* Track spinlock on which a cpu is waiting */
 static DEFINE_PER_CPU(struct kvm_lock_waiting, klock_waiting);
-static void kvm_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
+__visible void kvm_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
 {
        struct kvm_lock_waiting *w;
        int cpu;
diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
index e6041094ff26..d9156ceecdff 100644
--- a/arch/x86/kernel/kvmclock.c
+++ b/arch/x86/kernel/kvmclock.c
@@ -242,7 +242,7 @@ void __init kvmclock_init(void)
        hv_clock = __va(mem);
        memset(hv_clock, 0, size);
-        if (kvm_register_clock("boot clock")) {
+        if (kvm_register_clock("primary cpu clock")) {
                hv_clock = NULL;
                memblock_free(mem, size);
                return;
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index ebc987398923..af1d14a9ebda 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -229,6 +229,17 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
                }
        }
+        /*
+         * On x86-64 we do not support 16-bit segments due to
+         * IRET leaking the high bits of the kernel stack address.
+         */
+#ifdef CONFIG_X86_64
+        if (!ldt_info.seg_32bit) {
+                error = -EINVAL;
+                goto out_unlock;
+        }
+#endif
        fill_ldt(&ldt, &ldt_info);
        if (oldmode)
                ldt.avl = 0;
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index 5b19e4d78b00..1667b1de8d5d 100644
--- a/arch/x86/kernel/machine_kexec_32.c
+++ b/arch/x86/kernel/machine_kexec_32.c
@@ -9,7 +9,6 @@
 #include <linux/mm.h>
 #include <linux/kexec.h>
 #include <linux/delay.h>
-#include <linux/init.h>
 #include <linux/numa.h>
 #include <linux/ftrace.h>
 #include <linux/suspend.h>
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 4eabc160696f..679cef0791cd 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -279,5 +279,7 @@ void arch_crash_save_vmcoreinfo(void)
        VMCOREINFO_SYMBOL(node_data);
        VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
 #endif
+        vmcoreinfo_append_str("KERNELOFFSET=%lx\n",
+                              (unsigned long)&_text - __START_KERNEL);
 }
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
index 18be189368bb..e69f9882bf95 100644
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
@@ -28,6 +28,7 @@
 #include <linux/mm.h>
 #include <linux/gfp.h>
 #include <linux/jump_label.h>
+#include <linux/random.h>
 #include <asm/page.h>
 #include <asm/pgtable.h>
@@ -43,13 +44,52 @@ do {							\
 } while (0)
 #endif
+#ifdef CONFIG_RANDOMIZE_BASE
+static unsigned long module_load_offset;
+static int randomize_modules = 1;
+/* Mutex protects the module_load_offset. */
+static DEFINE_MUTEX(module_kaslr_mutex);
+static int __init parse_nokaslr(char *p)
+{
+        randomize_modules = 0;
+        return 0;
+}
+early_param("nokaslr", parse_nokaslr);
+static unsigned long int get_module_load_offset(void)
+{
+        if (randomize_modules) {
+                mutex_lock(&module_kaslr_mutex);
+                /*
+                 * Calculate the module_load_offset the first time this
+                 * code is called. Once calculated it stays the same until
+                 * reboot.
+                 */
+                if (module_load_offset == 0)
+                        module_load_offset =
+                                (get_random_int() % 1024 + 1) * PAGE_SIZE;
+                mutex_unlock(&module_kaslr_mutex);
+        }
+        return module_load_offset;
+}
+#else
+static unsigned long int get_module_load_offset(void)
+{
+        return 0;
+}
+#endif
 void *module_alloc(unsigned long size)
 {
        if (PAGE_ALIGN(size) > MODULES_LEN)
                return NULL;
-        return __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END,
+        return __vmalloc_node_range(size, 1,
-                                GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
+                                    MODULES_VADDR + get_module_load_offset(),
-                                NUMA_NO_NODE, __builtin_return_address(0));
+                                    MODULES_END, GFP_KERNEL | __GFP_HIGHMEM,
+                                    PAGE_KERNEL_EXEC, NUMA_NO_NODE,
+                                    __builtin_return_address(0));
 }
 #ifdef CONFIG_X86_32
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index 05266b5aae22..c9603ac80de5 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -259,14 +259,15 @@ static int __init msr_init(void)
                goto out_chrdev;
        }
        msr_class->devnode = msr_devnode;
-        get_online_cpus();
+        cpu_notifier_register_begin();
        for_each_online_cpu(i) {
                err = msr_device_create(i);
                if (err != 0)
                        goto out_class;
        }
-        register_hotcpu_notifier(&msr_class_cpu_notifier);
+        __register_hotcpu_notifier(&msr_class_cpu_notifier);
-        put_online_cpus();
+        cpu_notifier_register_done();
        err = 0;
        goto out;
@@ -275,7 +276,7 @@ out_class:
        i = 0;
        for_each_online_cpu(i)
                msr_device_destroy(i);
-        put_online_cpus();
+        cpu_notifier_register_done();
        class_destroy(msr_class);
 out_chrdev:
        __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr");
@@ -286,13 +287,14 @@ out:
 static void __exit msr_exit(void)
 {
        int cpu = 0;
-        get_online_cpus();
+        cpu_notifier_register_begin();
        for_each_online_cpu(cpu)
                msr_device_destroy(cpu);
        class_destroy(msr_class);
        __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr");
-        unregister_hotcpu_notifier(&msr_class_cpu_notifier);
+        __unregister_hotcpu_notifier(&msr_class_cpu_notifier);
-        put_online_cpus();
+        cpu_notifier_register_done();
 }
 module_init(msr_init);
diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
index 6fcb49ce50a1..b4872b999a71 100644
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
@@ -87,6 +87,7 @@ __setup("unknown_nmi_panic", setup_unknown_nmi_panic);
 #define nmi_to_desc(type) (&nmi_desc[type])
 static u64 nmi_longest_ns = 1 * NSEC_PER_MSEC;
 static int __init nmi_warning_debugfs(void)
 {
        debugfs_create_u64("nmi_longest_ns", 0644,
@@ -95,6 +96,20 @@ static int __init nmi_warning_debugfs(void)
 }
 fs_initcall(nmi_warning_debugfs);
+static void nmi_max_handler(struct irq_work *w)
+{
+        struct nmiaction *a = container_of(w, struct nmiaction, irq_work);
+        int remainder_ns, decimal_msecs;
+        u64 whole_msecs = ACCESS_ONCE(a->max_duration);
+        remainder_ns = do_div(whole_msecs, (1000 * 1000));
+        decimal_msecs = remainder_ns / 1000;
+        printk_ratelimited(KERN_INFO
+                "INFO: NMI handler (%ps) took too long to run: %lld.%03d msecs\n",
+                a->handler, whole_msecs, decimal_msecs);
+}
 static int __kprobes nmi_handle(unsigned int type, struct pt_regs *regs, bool b2b)
 {
        struct nmi_desc *desc = nmi_to_desc(type);
@@ -110,26 +125,20 @@ static int __kprobes nmi_handle(unsigned int type, struct pt_regs *regs, bool b2
         * to handle those situations.
         */
        list_for_each_entry_rcu(a, &desc->head, list) {
-                u64 before, delta, whole_msecs;
+                int thishandled;
-                int remainder_ns, decimal_msecs, thishandled;
+                u64 delta;
-                before = sched_clock();
+                delta = sched_clock();
                thishandled = a->handler(type, regs);
                handled += thishandled;
-                delta = sched_clock() - before;
+                delta = sched_clock() - delta;
                trace_nmi_handler(a->handler, (int)delta, thishandled);
-                if (delta < nmi_longest_ns)
+                if (delta < nmi_longest_ns || delta < a->max_duration)
                        continue;
-                nmi_longest_ns = delta;
+                a->max_duration = delta;
-                whole_msecs = delta;
+                irq_work_queue(&a->irq_work);
-                remainder_ns = do_div(whole_msecs, (1000 * 1000));
-                decimal_msecs = remainder_ns / 1000;
-                printk_ratelimited(KERN_INFO
-                        "INFO: NMI handler (%ps) took too long to run: "
-                        "%lld.%03d msecs\n", a->handler, whole_msecs,
-                        decimal_msecs);
        }
        rcu_read_unlock();
@@ -146,6 +155,8 @@ int __register_nmi_handler(unsigned int type, struct nmiaction *action)
        if (!action->handler)
                return -EINVAL;
+        init_irq_work(&action->irq_work, nmi_max_handler);
        spin_lock_irqsave(&desc->lock, flags);
        /*
diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c
index 299d49302e7d..0497f719977d 100644
--- a/arch/x86/kernel/pci-calgary_64.c
+++ b/arch/x86/kernel/pci-calgary_64.c
@@ -1207,23 +1207,31 @@ error:
        return ret;
 }
-static inline int __init determine_tce_table_size(u64 ram)
+static inline int __init determine_tce_table_size(void)
 {
        int ret;
        if (specified_table_size != TCE_TABLE_SIZE_UNSPECIFIED)
                return specified_table_size;
-        /*
+        if (is_kdump_kernel() && saved_max_pfn) {
-         * Table sizes are from 0 to 7 (TCE_TABLE_SIZE_64K to
+                /*
-         * TCE_TABLE_SIZE_8M). Table size 0 has 8K entries and each
+                 * Table sizes are from 0 to 7 (TCE_TABLE_SIZE_64K to
-         * larger table size has twice as many entries, so shift the
+                 * TCE_TABLE_SIZE_8M). Table size 0 has 8K entries and each
-         * max ram address by 13 to divide by 8K and then look at the
+                 * larger table size has twice as many entries, so shift the
-         * order of the result to choose between 0-7.
+                 * max ram address by 13 to divide by 8K and then look at the
-         */
+                 * order of the result to choose between 0-7.
-        ret = get_order(ram >> 13);
+                 */
-        if (ret > TCE_TABLE_SIZE_8M)
+                ret = get_order((saved_max_pfn * PAGE_SIZE) >> 13);
+                if (ret > TCE_TABLE_SIZE_8M)
+                        ret = TCE_TABLE_SIZE_8M;
+        } else {
+                /*
+                 * Use 8M by default (suggested by Muli) if it's not
+                 * kdump kernel and saved_max_pfn isn't set.
+                 */
                ret = TCE_TABLE_SIZE_8M;
+        }
        return ret;
 }
@@ -1418,8 +1426,7 @@ int __init detect_calgary(void)
                return -ENOMEM;
        }
-        specified_table_size = determine_tce_table_size((is_kdump_kernel() ?
+        specified_table_size = determine_tce_table_size();
-                                        saved_max_pfn : max_pfn) * PAGE_SIZE);
        for (bus = 0; bus < MAX_PHB_BUS_NUM; bus++) {
                struct calgary_bus_info *info = &bus_info[bus];
diff --git a/arch/x86/kernel/pci-dma.c b/arch/x86/kernel/pci-dma.c
index 872079a67e4d..f7d0672481fd 100644
--- a/arch/x86/kernel/pci-dma.c
+++ b/arch/x86/kernel/pci-dma.c
@@ -100,8 +100,10 @@ void *dma_generic_alloc_coherent(struct device *dev, size_t size,
        flag |= __GFP_ZERO;
 again:
        page = NULL;
-        if (!(flag & GFP_ATOMIC))
+        /* CMA can be used only in the context which permits sleeping */
+        if (flag & __GFP_WAIT)
                page = dma_alloc_from_contiguous(dev, count, get_order(size));
+        /* fallback */
        if (!page)
                page = alloc_pages_node(dev_to_node(dev), flag, get_order(size));
        if (!page)
diff --git a/arch/x86/kernel/pci-nommu.c b/arch/x86/kernel/pci-nommu.c
index 871be4a84c7d..da15918d1c81 100644
--- a/arch/x86/kernel/pci-nommu.c
+++ b/arch/x86/kernel/pci-nommu.c
@@ -3,7 +3,6 @@
 #include <linux/dma-mapping.h>
 #include <linux/scatterlist.h>
 #include <linux/string.h>
-#include <linux/init.h>
 #include <linux/gfp.h>
 #include <linux/pci.h>
 #include <linux/mm.h>
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 3fb8d95ab8b5..4505e2a950d8 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -298,10 +298,7 @@ void arch_cpu_idle_dead(void)
 */
 void arch_cpu_idle(void)
 {
-        if (cpuidle_idle_call())
+        x86_idle();
-                x86_idle();
-        else
-                local_irq_enable();
 }
 /*
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index 6f1236c29c4b..7bc86bbe7485 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -24,7 +24,6 @@
 #include <linux/interrupt.h>
 #include <linux/delay.h>
 #include <linux/reboot.h>
-#include <linux/init.h>
 #include <linux/mc146818rtc.h>
 #include <linux/module.h>
 #include <linux/kallsyms.h>
@@ -315,6 +314,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
         */
        arch_end_context_switch(next_p);
+        this_cpu_write(kernel_stack,
+                  (unsigned long)task_stack_page(next_p) +
+                  THREAD_SIZE - KERNEL_STACK_OFFSET);
        /*
         * Restore %gs if needed (which is common)
         */
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 7461f50d5bb1..678c0ada3b3c 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -184,14 +184,14 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
 {
        unsigned long context = (unsigned long)regs & ~(THREAD_SIZE - 1);
        unsigned long sp = (unsigned long)&regs->sp;
-        struct thread_info *tinfo;
+        u32 *prev_esp;
        if (context == (sp & ~(THREAD_SIZE - 1)))
                return sp;
-        tinfo = (struct thread_info *)context;
+        prev_esp = (u32 *)(context);
-        if (tinfo->previous_esp)
+        if (prev_esp)
-                return tinfo->previous_esp;
+                return (unsigned long)prev_esp;
        return (unsigned long)regs;
 }
diff --git a/arch/x86/kernel/quirks.c b/arch/x86/kernel/quirks.c
index 04ee1e2e4c02..ff898bbf579d 100644
--- a/arch/x86/kernel/quirks.c
+++ b/arch/x86/kernel/quirks.c
@@ -529,7 +529,7 @@ static void quirk_amd_nb_node(struct pci_dev *dev)
                return;
        pci_read_config_dword(nb_ht, 0x60, &val);
-        node = val & 7;
+        node = pcibus_to_node(dev->bus) | (val & 7);
        /*
         * Some hardware may return an invalid node ID,
         * so check it first:
@@ -571,3 +571,40 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_NB_F5,
                        quirk_amd_nb_node);
 #endif
+#ifdef CONFIG_PCI
+/*
+ * Processor does not ensure DRAM scrub read/write sequence
+ * is atomic wrt accesses to CC6 save state area. Therefore
+ * if a concurrent scrub read/write access is to same address
+ * the entry may appear as if it is not written. This quirk
+ * applies to Fam16h models 00h-0Fh
+ *
+ * See "Revision Guide" for AMD F16h models 00h-0fh,
+ * document 51810 rev. 3.04, Nov 2013
+ */
+static void amd_disable_seq_and_redirect_scrub(struct pci_dev *dev)
+{
+        u32 val;
+        /*
+         * Suggested workaround:
+         * set D18F3x58[4:0] = 00h and set D18F3x5C[0] = 0b
+         */
+        pci_read_config_dword(dev, 0x58, &val);
+        if (val & 0x1F) {
+                val &= ~(0x1F);
+                pci_write_config_dword(dev, 0x58, val);
+        }
+        pci_read_config_dword(dev, 0x5C, &val);
+        if (val & BIT(0)) {
+                val &= ~BIT(0);
+                pci_write_config_dword(dev, 0x5c, val);
+        }
+}
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_NB_F3,
+                        amd_disable_seq_and_redirect_scrub);
+#endif
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index c752cb43e52f..654b46574b91 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -464,9 +464,12 @@ void __attribute__((weak)) mach_reboot_fixups(void)
 * 2) If still alive, write to the keyboard controller
 * 3) If still alive, write to the ACPI reboot register again
 * 4) If still alive, write to the keyboard controller again
+ * 5) If still alive, call the EFI runtime service to reboot
+ * 6) If still alive, write to the PCI IO port 0xCF9 to reboot
+ * 7) If still alive, inform BIOS to do a proper reboot
 *
 * If the machine is still alive at this stage, it gives up. We default to
- * following the same pattern, except that if we're still alive after (4) we'll
+ * following the same pattern, except that if we're still alive after (7) we'll
 * try to force a triple fault and then cycle between hitting the keyboard
 * controller and doing that
 */
@@ -502,7 +505,7 @@ static void native_machine_emergency_restart(void)
                                attempt = 1;
                                reboot_type = BOOT_ACPI;
                        } else {
-                                reboot_type = BOOT_TRIPLE;
+                                reboot_type = BOOT_EFI;
                        }
                        break;
@@ -510,13 +513,15 @@ static void native_machine_emergency_restart(void)
                        load_idt(&no_idt);
                        __asm__ __volatile__("int3");
+                        /* We're probably dead after this, but... */
                        reboot_type = BOOT_KBD;
                        break;
                case BOOT_BIOS:
                        machine_real_restart(MRR_BIOS);
-                        reboot_type = BOOT_KBD;
+                        /* We're probably dead after this, but... */
+                        reboot_type = BOOT_TRIPLE;
                        break;
                case BOOT_ACPI:
@@ -530,7 +535,7 @@ static void native_machine_emergency_restart(void)
                                                 EFI_RESET_WARM :
                                                 EFI_RESET_COLD,
                                                 EFI_SUCCESS, 0, NULL);
-                        reboot_type = BOOT_KBD;
+                        reboot_type = BOOT_CF9_COND;
                        break;
                case BOOT_CF9:
@@ -548,7 +553,7 @@ static void native_machine_emergency_restart(void)
                                outb(cf9|reboot_code, 0xcf9);
                                udelay(50);
                        }
-                        reboot_type = BOOT_KBD;
+                        reboot_type = BOOT_BIOS;
                        break;
                }
        }
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index cb233bc9dee3..09c76d265550 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -295,6 +295,8 @@ static void __init reserve_brk(void)
        _brk_start = 0;
 }
+u64 relocated_ramdisk;
 #ifdef CONFIG_BLK_DEV_INITRD
 static u64 __init get_ramdisk_image(void)
@@ -321,25 +323,24 @@ static void __init relocate_initrd(void)
        u64 ramdisk_image = get_ramdisk_image();
        u64 ramdisk_size  = get_ramdisk_size();
        u64 area_size     = PAGE_ALIGN(ramdisk_size);
-        u64 ramdisk_here;
        unsigned long slop, clen, mapaddr;
        char *p, *q;
        /* We need to move the initrd down into directly mapped mem */
-        ramdisk_here = memblock_find_in_range(0, PFN_PHYS(max_pfn_mapped),
+        relocated_ramdisk = memblock_find_in_range(0, PFN_PHYS(max_pfn_mapped),
-                                                 area_size, PAGE_SIZE);
+                                                   area_size, PAGE_SIZE);
-        if (!ramdisk_here)
+        if (!relocated_ramdisk)
                panic("Cannot find place for new RAMDISK of size %lld\n",
-                         ramdisk_size);
+                      ramdisk_size);
        /* Note: this includes all the mem currently occupied by
           the initrd, we rely on that fact to keep the data intact. */
-        memblock_reserve(ramdisk_here, area_size);
+        memblock_reserve(relocated_ramdisk, area_size);
-        initrd_start = ramdisk_here + PAGE_OFFSET;
+        initrd_start = relocated_ramdisk + PAGE_OFFSET;
        initrd_end   = initrd_start + ramdisk_size;
        printk(KERN_INFO "Allocated new RAMDISK: [mem %#010llx-%#010llx]\n",
-                         ramdisk_here, ramdisk_here + ramdisk_size - 1);
+               relocated_ramdisk, relocated_ramdisk + ramdisk_size - 1);
        q = (char *)initrd_start;
@@ -363,7 +364,7 @@ static void __init relocate_initrd(void)
        printk(KERN_INFO "Move RAMDISK from [mem %#010llx-%#010llx] to"
                " [mem %#010llx-%#010llx]\n",
                ramdisk_image, ramdisk_image + ramdisk_size - 1,
-                ramdisk_here, ramdisk_here + ramdisk_size - 1);
+                relocated_ramdisk, relocated_ramdisk + ramdisk_size - 1);
 }
 static void __init early_reserve_initrd(void)
@@ -447,6 +448,9 @@ static void __init parse_setup_data(void)
                case SETUP_DTB:
                        add_dtb(pa_data);
                        break;
+                case SETUP_EFI:
+                        parse_efi_setup(pa_data, data_len);
+                        break;
                default:
                        break;
                }
@@ -824,6 +828,20 @@ static void __init trim_low_memory_range(void)
 }
        
 /*
+ * Dump out kernel offset information on panic.
+ */
+static int
+dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p)
+{
+        pr_emerg("Kernel Offset: 0x%lx from 0x%lx "
+                 "(relocation range: 0x%lx-0x%lx)\n",
+                 (unsigned long)&_text - __START_KERNEL, __START_KERNEL,
+                 __START_KERNEL_map, MODULES_VADDR-1);
+        return 0;
+}
+/*
 * Determine if we were loaded by an EFI loader.  If so, then we have also been
 * passed the efi memmap, systab, etc., so we should use these data structures
 * for initialization.  Note, the efi init code path is determined by the
@@ -851,7 +869,6 @@ void __init setup_arch(char **cmdline_p)
 #ifdef CONFIG_X86_32
        memcpy(&boot_cpu_data, &new_cpu_data, sizeof(new_cpu_data));
-        visws_early_detect();
        /*
         * copy kernel address range established so far and switch
@@ -908,11 +925,11 @@ void __init setup_arch(char **cmdline_p)
 #ifdef CONFIG_EFI
        if (!strncmp((char *)&boot_params.efi_info.efi_loader_signature,
                     "EL32", 4)) {
-                set_bit(EFI_BOOT, &x86_efi_facility);
+                set_bit(EFI_BOOT, &efi.flags);
        } else if (!strncmp((char *)&boot_params.efi_info.efi_loader_signature,
                     "EL64", 4)) {
-                set_bit(EFI_BOOT, &x86_efi_facility);
+                set_bit(EFI_BOOT, &efi.flags);
-                set_bit(EFI_64BIT, &x86_efi_facility);
+                set_bit(EFI_64BIT, &efi.flags);
        }
        if (efi_enabled(EFI_BOOT))
@@ -924,8 +941,6 @@ void __init setup_arch(char **cmdline_p)
        iomem_resource.end = (1ULL << boot_cpu_data.x86_phys_bits) - 1;
        setup_memory_map();
        parse_setup_data();
-        /* update the e820_saved too */
-        e820_reserve_setup_data();
        copy_edd();
@@ -987,6 +1002,8 @@ void __init setup_arch(char **cmdline_p)
                early_dump_pci_devices();
 #endif
+        /* update the e820_saved too */
+        e820_reserve_setup_data();
        finish_e820_parsing();
        if (efi_enabled(EFI_BOOT))
@@ -1221,14 +1238,8 @@ void __init setup_arch(char **cmdline_p)
        register_refined_jiffies(CLOCK_TICK_RATE);
 #ifdef CONFIG_EFI
-        /* Once setup is done above, unmap the EFI memory map on
+        if (efi_enabled(EFI_BOOT))
-         * mismatched firmware/kernel archtectures since there is no
+                efi_apply_memmap_quirks();
-         * support for runtime services.
-         */
-        if (efi_enabled(EFI_BOOT) && !efi_is_native()) {
-                pr_info("efi: Setup done, disabling due to 32/64-bit mismatch\n");
-                efi_unmap_memmap();
-        }
 #endif
 }
@@ -1248,3 +1259,15 @@ void __init i386_reserve_resources(void)
 }
 #endif /* CONFIG_X86_32 */
+static struct notifier_block kernel_offset_notifier = {
+        .notifier_call = dump_kernel_offset
+};
+static int __init register_kernel_offset_dumper(void)
+{
+        atomic_notifier_chain_register(&panic_notifier_list,
+                                        &kernel_offset_notifier);
+        return 0;
+}
+__initcall(register_kernel_offset_dumper);
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 85dc05a3aa02..34826934d4a7 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -122,8 +122,9 @@ static void smp_callin(void)
         * Since CPU0 is not wakened up by INIT, it doesn't wait for the IPI.
         */
        cpuid = smp_processor_id();
-        if (apic->wait_for_init_deassert && cpuid != 0)
+        if (apic->wait_for_init_deassert && cpuid)
-                apic->wait_for_init_deassert(&init_deasserted);
+                while (!atomic_read(&init_deasserted))
+                        cpu_relax();
        /*
         * (This works even if the APIC is not enabled.)
@@ -701,11 +702,15 @@ wakeup_cpu_via_init_nmi(int cpu, unsigned long start_ip, int apicid,
        int id;
        int boot_error;
+        preempt_disable();
        /*
         * Wake up AP by INIT, INIT, STARTUP sequence.
         */
-        if (cpu)
+        if (cpu) {
-                return wakeup_secondary_cpu_via_init(apicid, start_ip);
+                boot_error = wakeup_secondary_cpu_via_init(apicid, start_ip);
+                goto out;
+        }
        /*
         * Wake up BSP by nmi.
@@ -725,6 +730,9 @@ wakeup_cpu_via_init_nmi(int cpu, unsigned long start_ip, int apicid,
                boot_error = wakeup_secondary_cpu_via_nmi(id, start_ip);
        }
+out:
+        preempt_enable();
        return boot_error;
 }
@@ -758,10 +766,10 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
 #else
        clear_tsk_thread_flag(idle, TIF_FORK);
        initial_gs = per_cpu_offset(cpu);
+#endif
        per_cpu(kernel_stack, cpu) =
                (unsigned long)task_stack_page(idle) -
                KERNEL_STACK_OFFSET + THREAD_SIZE;
-#endif
        early_gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
        initial_code = (unsigned long)start_secondary;
        stack_start  = idle->thread.sp;
@@ -1312,6 +1320,12 @@ void cpu_disable_common(void)
 int native_cpu_disable(void)
 {
+        int ret;
+        ret = check_irq_vectors_for_cpu_disable();
+        if (ret)
+                return ret;
        clear_local_APIC();
        cpu_disable_common();
@@ -1373,7 +1387,7 @@ static inline void mwait_play_dead(void)
        if (!this_cpu_has(X86_FEATURE_MWAIT))
                return;
-        if (!this_cpu_has(X86_FEATURE_CLFLSH))
+        if (!this_cpu_has(X86_FEATURE_CLFLUSH))
                return;
        if (__this_cpu_read(cpu_info.cpuid_level) < CPUID_MWAIT_LEAF)
                return;
@@ -1417,7 +1431,9 @@ static inline void mwait_play_dead(void)
                 * The WBINVD is insufficient due to the spurious-wakeup
                 * case where we return around the loop.
                 */
+                mb();
                clflush(mwait_ptr);
+                mb();
                __monitor(mwait_ptr, 0, 0);
                mb();
                __mwait(eax, 0);
diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c
index 24d3c91e9812..bf7ef5ce29df 100644
--- a/arch/x86/kernel/time.c
+++ b/arch/x86/kernel/time.c
@@ -23,7 +23,7 @@
 #include <asm/time.h>
 #ifdef CONFIG_X86_64
-DEFINE_VVAR(volatile unsigned long, jiffies) = INITIAL_JIFFIES;
+__visible DEFINE_VVAR(volatile unsigned long, jiffies) = INITIAL_JIFFIES;
 #endif
 unsigned long profile_pc(struct pt_regs *regs)
@@ -62,7 +62,7 @@ static irqreturn_t timer_interrupt(int irq, void *dev_id)
 static struct irqaction irq0  = {
        .handler = timer_interrupt,
-        .flags = IRQF_DISABLED | IRQF_NOBALANCING | IRQF_IRQPOLL | IRQF_TIMER,
+        .flags = IRQF_NOBALANCING | IRQF_IRQPOLL | IRQF_TIMER,
        .name = "timer"
 };
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index b857ed890b4c..57409f6b8c62 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -211,21 +211,17 @@ dotraplinkage void do_##name(struct pt_regs *regs, long error_code)	\
        exception_exit(prev_state);                                     \
 }
-DO_ERROR_INFO(X86_TRAP_DE, SIGFPE, "divide error", divide_error, FPE_INTDIV,
+DO_ERROR_INFO(X86_TRAP_DE,     SIGFPE,  "divide error",                 divide_error,                FPE_INTDIV, regs->ip )
-                regs->ip)
+DO_ERROR     (X86_TRAP_OF,     SIGSEGV, "overflow",                     overflow                                          )
-DO_ERROR(X86_TRAP_OF, SIGSEGV, "overflow", overflow)
+DO_ERROR     (X86_TRAP_BR,     SIGSEGV, "bounds",                       bounds                                            )
-DO_ERROR(X86_TRAP_BR, SIGSEGV, "bounds", bounds)
+DO_ERROR_INFO(X86_TRAP_UD,     SIGILL,  "invalid opcode",               invalid_op,                  ILL_ILLOPN, regs->ip )
-DO_ERROR_INFO(X86_TRAP_UD, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN,
+DO_ERROR     (X86_TRAP_OLD_MF, SIGFPE,  "coprocessor segment overrun",  coprocessor_segment_overrun                       )
-                regs->ip)
+DO_ERROR     (X86_TRAP_TS,     SIGSEGV, "invalid TSS",                  invalid_TSS                                       )
-DO_ERROR(X86_TRAP_OLD_MF, SIGFPE, "coprocessor segment overrun",
+DO_ERROR     (X86_TRAP_NP,     SIGBUS,  "segment not present",          segment_not_present                               )
-                coprocessor_segment_overrun)
-DO_ERROR(X86_TRAP_TS, SIGSEGV, "invalid TSS", invalid_TSS)
-DO_ERROR(X86_TRAP_NP, SIGBUS, "segment not present", segment_not_present)
 #ifdef CONFIG_X86_32
-DO_ERROR(X86_TRAP_SS, SIGBUS, "stack segment", stack_segment)
+DO_ERROR     (X86_TRAP_SS,     SIGBUS,  "stack segment",                stack_segment                                     )
 #endif
-DO_ERROR_INFO(X86_TRAP_AC, SIGBUS, "alignment check", alignment_check,
+DO_ERROR_INFO(X86_TRAP_AC,     SIGBUS,  "alignment check",              alignment_check,             BUS_ADRALN, 0        )
-                BUS_ADRALN, 0)
 #ifdef CONFIG_X86_64
 /* Runs on IST stack */
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 930e5d48f560..57e5ce126d5a 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -11,6 +11,7 @@
 #include <linux/clocksource.h>
 #include <linux/percpu.h>
 #include <linux/timex.h>
+#include <linux/static_key.h>
 #include <asm/hpet.h>
 #include <asm/timer.h>
@@ -37,13 +38,244 @@ static int __read_mostly tsc_unstable;
   erroneous rdtsc usage on !cpu_has_tsc processors */
 static int __read_mostly tsc_disabled = -1;
+static struct static_key __use_tsc = STATIC_KEY_INIT;
 int tsc_clocksource_reliable;
+/*
+ * Use a ring-buffer like data structure, where a writer advances the head by
+ * writing a new data entry and a reader advances the tail when it observes a
+ * new entry.
+ *
+ * Writers are made to wait on readers until there's space to write a new
+ * entry.
+ *
+ * This means that we can always use an {offset, mul} pair to compute a ns
+ * value that is 'roughly' in the right direction, even if we're writing a new
+ * {offset, mul} pair during the clock read.
+ *
+ * The down-side is that we can no longer guarantee strict monotonicity anymore
+ * (assuming the TSC was that to begin with), because while we compute the
+ * intersection point of the two clock slopes and make sure the time is
+ * continuous at the point of switching; we can no longer guarantee a reader is
+ * strictly before or after the switch point.
+ *
+ * It does mean a reader no longer needs to disable IRQs in order to avoid
+ * CPU-Freq updates messing with his times, and similarly an NMI reader will
+ * no longer run the risk of hitting half-written state.
+ */
+struct cyc2ns {
+        struct cyc2ns_data data[2];     /*  0 + 2*24 = 48 */
+        struct cyc2ns_data *head;       /* 48 + 8    = 56 */
+        struct cyc2ns_data *tail;       /* 56 + 8    = 64 */
+}; /* exactly fits one cacheline */
+static DEFINE_PER_CPU_ALIGNED(struct cyc2ns, cyc2ns);
+struct cyc2ns_data *cyc2ns_read_begin(void)
+{
+        struct cyc2ns_data *head;
+        preempt_disable();
+        head = this_cpu_read(cyc2ns.head);
+        /*
+         * Ensure we observe the entry when we observe the pointer to it.
+         * matches the wmb from cyc2ns_write_end().
+         */
+        smp_read_barrier_depends();
+        head->__count++;
+        barrier();
+        return head;
+}
+void cyc2ns_read_end(struct cyc2ns_data *head)
+{
+        barrier();
+        /*
+         * If we're the outer most nested read; update the tail pointer
+         * when we're done. This notifies possible pending writers
+         * that we've observed the head pointer and that the other
+         * entry is now free.
+         */
+        if (!--head->__count) {
+                /*
+                 * x86-TSO does not reorder writes with older reads;
+                 * therefore once this write becomes visible to another
+                 * cpu, we must be finished reading the cyc2ns_data.
+                 *
+                 * matches with cyc2ns_write_begin().
+                 */
+                this_cpu_write(cyc2ns.tail, head);
+        }
+        preempt_enable();
+}
+/*
+ * Begin writing a new @data entry for @cpu.
+ *
+ * Assumes some sort of write side lock; currently 'provided' by the assumption
+ * that cpufreq will call its notifiers sequentially.
+ */
+static struct cyc2ns_data *cyc2ns_write_begin(int cpu)
+{
+        struct cyc2ns *c2n = &per_cpu(cyc2ns, cpu);
+        struct cyc2ns_data *data = c2n->data;
+        if (data == c2n->head)
+                data++;
+        /* XXX send an IPI to @cpu in order to guarantee a read? */
+        /*
+         * When we observe the tail write from cyc2ns_read_end(),
+         * the cpu must be done with that entry and its safe
+         * to start writing to it.
+         */
+        while (c2n->tail == data)
+                cpu_relax();
+        return data;
+}
+static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
+{
+        struct cyc2ns *c2n = &per_cpu(cyc2ns, cpu);
+        /*
+         * Ensure the @data writes are visible before we publish the
+         * entry. Matches the data-depencency in cyc2ns_read_begin().
+         */
+        smp_wmb();
+        ACCESS_ONCE(c2n->head) = data;
+}
+/*
+ * Accelerators for sched_clock()
+ * convert from cycles(64bits) => nanoseconds (64bits)
+ *  basic equation:
+ *              ns = cycles / (freq / ns_per_sec)
+ *              ns = cycles * (ns_per_sec / freq)
+ *              ns = cycles * (10^9 / (cpu_khz * 10^3))
+ *              ns = cycles * (10^6 / cpu_khz)
+ *
+ *      Then we use scaling math (suggested by george@mvista.com) to get:
+ *              ns = cycles * (10^6 * SC / cpu_khz) / SC
+ *              ns = cycles * cyc2ns_scale / SC
+ *
+ *      And since SC is a constant power of two, we can convert the div
+ *  into a shift.
+ *
+ *  We can use khz divisor instead of mhz to keep a better precision, since
+ *  cyc2ns_scale is limited to 10^6 * 2^10, which fits in 32 bits.
+ *  (mathieu.desnoyers@polymtl.ca)
+ *
+ *                      -johnstul@us.ibm.com "math is hard, lets go shopping!"
+ */
+#define CYC2NS_SCALE_FACTOR 10 /* 2^10, carefully chosen */
+static void cyc2ns_data_init(struct cyc2ns_data *data)
+{
+        data->cyc2ns_mul = 0;
+        data->cyc2ns_shift = CYC2NS_SCALE_FACTOR;
+        data->cyc2ns_offset = 0;
+        data->__count = 0;
+}
+static void cyc2ns_init(int cpu)
+{
+        struct cyc2ns *c2n = &per_cpu(cyc2ns, cpu);
+        cyc2ns_data_init(&c2n->data[0]);
+        cyc2ns_data_init(&c2n->data[1]);
+        c2n->head = c2n->data;
+        c2n->tail = c2n->data;
+}
+static inline unsigned long long cycles_2_ns(unsigned long long cyc)
+{
+        struct cyc2ns_data *data, *tail;
+        unsigned long long ns;
+        /*
+         * See cyc2ns_read_*() for details; replicated in order to avoid
+         * an extra few instructions that came with the abstraction.
+         * Notable, it allows us to only do the __count and tail update
+         * dance when its actually needed.
+         */
+        preempt_disable_notrace();
+        data = this_cpu_read(cyc2ns.head);
+        tail = this_cpu_read(cyc2ns.tail);
+        if (likely(data == tail)) {
+                ns = data->cyc2ns_offset;
+                ns += mul_u64_u32_shr(cyc, data->cyc2ns_mul, CYC2NS_SCALE_FACTOR);
+        } else {
+                data->__count++;
+                barrier();
+                ns = data->cyc2ns_offset;
+                ns += mul_u64_u32_shr(cyc, data->cyc2ns_mul, CYC2NS_SCALE_FACTOR);
+                barrier();
+                if (!--data->__count)
+                        this_cpu_write(cyc2ns.tail, data);
+        }
+        preempt_enable_notrace();
+        return ns;
+}
+/* XXX surely we already have this someplace in the kernel?! */
+#define DIV_ROUND(n, d) (((n) + ((d) / 2)) / (d))
+static void set_cyc2ns_scale(unsigned long cpu_khz, int cpu)
+{
+        unsigned long long tsc_now, ns_now;
+        struct cyc2ns_data *data;
+        unsigned long flags;
+        local_irq_save(flags);
+        sched_clock_idle_sleep_event();
+        if (!cpu_khz)
+                goto done;
+        data = cyc2ns_write_begin(cpu);
+        rdtscll(tsc_now);
+        ns_now = cycles_2_ns(tsc_now);
+        /*
+         * Compute a new multiplier as per the above comment and ensure our
+         * time function is continuous; see the comment near struct
+         * cyc2ns_data.
+         */
+        data->cyc2ns_mul = DIV_ROUND(NSEC_PER_MSEC << CYC2NS_SCALE_FACTOR, cpu_khz);
+        data->cyc2ns_shift = CYC2NS_SCALE_FACTOR;
+        data->cyc2ns_offset = ns_now -
+                mul_u64_u32_shr(tsc_now, data->cyc2ns_mul, CYC2NS_SCALE_FACTOR);
+        cyc2ns_write_end(cpu, data);
+done:
+        sched_clock_idle_wakeup_event(0);
+        local_irq_restore(flags);
+}
 /*
 * Scheduler clock - returns current time in nanosec units.
 */
 u64 native_sched_clock(void)
 {
-        u64 this_offset;
+        u64 tsc_now;
        /*
         * Fall back to jiffies if there's no TSC available:
@@ -53,16 +285,16 @@ u64 native_sched_clock(void)
         *   very important for it to be as fast as the platform
         *   can achieve it. )
         */
-        if (unlikely(tsc_disabled)) {
+        if (!static_key_false(&__use_tsc)) {
                /* No locking but a rare wrong value is not a big deal: */
                return (jiffies_64 - INITIAL_JIFFIES) * (1000000000 / HZ);
        }
        /* read the Time Stamp Counter: */
-        rdtscll(this_offset);
+        rdtscll(tsc_now);
        /* return the value in ns */
-        return __cycles_2_ns(this_offset);
+        return cycles_2_ns(tsc_now);
 }
 /* We need to define a real function for sched_clock, to override the
@@ -419,6 +651,13 @@ unsigned long native_calibrate_tsc(void)
        unsigned long flags, latch, ms, fast_calibrate;
        int hpet = is_hpet_enabled(), i, loopmin;
+        /* Calibrate TSC using MSR for Intel Atom SoCs */
+        local_irq_save(flags);
+        fast_calibrate = try_msr_calibrate_tsc();
+        local_irq_restore(flags);
+        if (fast_calibrate)
+                return fast_calibrate;
        local_irq_save(flags);
        fast_calibrate = quick_pit_calibrate();
        local_irq_restore(flags);
@@ -589,61 +828,11 @@ int recalibrate_cpu_khz(void)
 EXPORT_SYMBOL(recalibrate_cpu_khz);
-/* Accelerators for sched_clock()
- * convert from cycles(64bits) => nanoseconds (64bits)
- *  basic equation:
- *              ns = cycles / (freq / ns_per_sec)
- *              ns = cycles * (ns_per_sec / freq)
- *              ns = cycles * (10^9 / (cpu_khz * 10^3))
- *              ns = cycles * (10^6 / cpu_khz)
- *
- *      Then we use scaling math (suggested by george@mvista.com) to get:
- *              ns = cycles * (10^6 * SC / cpu_khz) / SC
- *              ns = cycles * cyc2ns_scale / SC
- *
- *      And since SC is a constant power of two, we can convert the div
- *  into a shift.
- *
- *  We can use khz divisor instead of mhz to keep a better precision, since
- *  cyc2ns_scale is limited to 10^6 * 2^10, which fits in 32 bits.
- *  (mathieu.desnoyers@polymtl.ca)
- *
- *                      -johnstul@us.ibm.com "math is hard, lets go shopping!"
- */
-DEFINE_PER_CPU(unsigned long, cyc2ns);
-DEFINE_PER_CPU(unsigned long long, cyc2ns_offset);
-static void set_cyc2ns_scale(unsigned long cpu_khz, int cpu)
-{
-        unsigned long long tsc_now, ns_now, *offset;
-        unsigned long flags, *scale;
-        local_irq_save(flags);
-        sched_clock_idle_sleep_event();
-        scale = &per_cpu(cyc2ns, cpu);
-        offset = &per_cpu(cyc2ns_offset, cpu);
-        rdtscll(tsc_now);
-        ns_now = __cycles_2_ns(tsc_now);
-        if (cpu_khz) {
-                *scale = ((NSEC_PER_MSEC << CYC2NS_SCALE_FACTOR) +
-                                cpu_khz / 2) / cpu_khz;
-                *offset = ns_now - mult_frac(tsc_now, *scale,
-                                             (1UL << CYC2NS_SCALE_FACTOR));
-        }
-        sched_clock_idle_wakeup_event(0);
-        local_irq_restore(flags);
-}
 static unsigned long long cyc2ns_suspend;
 void tsc_save_sched_clock_state(void)
 {
-        if (!sched_clock_stable)
+        if (!sched_clock_stable())
                return;
        cyc2ns_suspend = sched_clock();
@@ -663,16 +852,26 @@ void tsc_restore_sched_clock_state(void)
        unsigned long flags;
        int cpu;
-        if (!sched_clock_stable)
+        if (!sched_clock_stable())
                return;
        local_irq_save(flags);
-        __this_cpu_write(cyc2ns_offset, 0);
+        /*
+         * We're comming out of suspend, there's no concurrency yet; don't
+         * bother being nice about the RCU stuff, just write to both
+         * data fields.
+         */
+        this_cpu_write(cyc2ns.data[0].cyc2ns_offset, 0);
+        this_cpu_write(cyc2ns.data[1].cyc2ns_offset, 0);
        offset = cyc2ns_suspend - sched_clock();
-        for_each_possible_cpu(cpu)
+        for_each_possible_cpu(cpu) {
-                per_cpu(cyc2ns_offset, cpu) = offset;
+                per_cpu(cyc2ns.data[0].cyc2ns_offset, cpu) = offset;
+                per_cpu(cyc2ns.data[1].cyc2ns_offset, cpu) = offset;
+        }
        local_irq_restore(flags);
 }
@@ -715,8 +914,7 @@ static int time_cpufreq_notifier(struct notifier_block *nb, unsigned long val,
                tsc_khz_ref = tsc_khz;
        }
        if ((val == CPUFREQ_PRECHANGE  && freq->old < freq->new) ||
-                        (val == CPUFREQ_POSTCHANGE && freq->old > freq->new) ||
+                        (val == CPUFREQ_POSTCHANGE && freq->old > freq->new)) {
-                        (val == CPUFREQ_RESUMECHANGE)) {
                *lpj = cpufreq_scale(loops_per_jiffy_ref, ref_freq, freq->new);
                tsc_khz = cpufreq_scale(tsc_khz_ref, ref_freq, freq->new);
@@ -786,16 +984,14 @@ static struct clocksource clocksource_tsc = {
        .mask                   = CLOCKSOURCE_MASK(64),
        .flags                  = CLOCK_SOURCE_IS_CONTINUOUS |
                                  CLOCK_SOURCE_MUST_VERIFY,
-#ifdef CONFIG_X86_64
        .archdata               = { .vclock_mode = VCLOCK_TSC },
-#endif
 };
 void mark_tsc_unstable(char *reason)
 {
        if (!tsc_unstable) {
                tsc_unstable = 1;
-                sched_clock_stable = 0;
+                clear_sched_clock_stable();
                disable_sched_clock_irqtime();
                pr_info("Marking TSC unstable due to %s\n", reason);
                /* Change only the rating, when not registered */
@@ -995,14 +1191,18 @@ void __init tsc_init(void)
         * speed as the bootup CPU. (cpufreq notifiers will fix this
         * up if their speed diverges)
         */
-        for_each_possible_cpu(cpu)
+        for_each_possible_cpu(cpu) {
+                cyc2ns_init(cpu);
                set_cyc2ns_scale(cpu_khz, cpu);
+        }
        if (tsc_disabled > 0)
                return;
        /* now allow native_sched_clock() to use rdtsc */
        tsc_disabled = 0;
+        static_key_slow_inc(&__use_tsc);
        if (!no_sched_irq_time)
                enable_sched_clock_irqtime();
diff --git a/arch/x86/kernel/tsc_msr.c b/arch/x86/kernel/tsc_msr.c
new file mode 100644
index 000000000000..92ae6acac8a7
--- /dev/null
+++ b/arch/x86/kernel/tsc_msr.c
@@ -0,0 +1,127 @@
+/*
+ * tsc_msr.c - MSR based TSC calibration on Intel Atom SoC platforms.
+ *
+ * TSC in Intel Atom SoC runs at a constant rate which can be figured
+ * by this formula:
+ * <maximum core-clock to bus-clock ratio> * <maximum resolved frequency>
+ * See Intel 64 and IA-32 System Programming Guid section 16.12 and 30.11.5
+ * for details.
+ * Especially some Intel Atom SoCs don't have PIT(i8254) or HPET, so MSR
+ * based calibration is the only option.
+ *
+ *
+ * Copyright (C) 2013 Intel Corporation
+ * Author: Bin Gao <bin.gao@intel.com>
+ *
+ * This file is released under the GPLv2.
+ */
+#include <linux/kernel.h>
+#include <asm/processor.h>
+#include <asm/setup.h>
+#include <asm/apic.h>
+#include <asm/param.h>
+/* CPU reference clock frequency: in KHz */
+#define FREQ_83         83200
+#define FREQ_100        99840
+#define FREQ_133        133200
+#define FREQ_166        166400
+#define MAX_NUM_FREQS   8
+/*
+ * According to Intel 64 and IA-32 System Programming Guide,
+ * if MSR_PERF_STAT[31] is set, the maximum resolved bus ratio can be
+ * read in MSR_PLATFORM_ID[12:8], otherwise in MSR_PERF_STAT[44:40].
+ * Unfortunately some Intel Atom SoCs aren't quite compliant to this,
+ * so we need manually differentiate SoC families. This is what the
+ * field msr_plat does.
+ */
+struct freq_desc {
+        u8 x86_family;  /* CPU family */
+        u8 x86_model;   /* model */
+        u8 msr_plat;    /* 1: use MSR_PLATFORM_INFO, 0: MSR_IA32_PERF_STATUS */
+        u32 freqs[MAX_NUM_FREQS];
+};
+static struct freq_desc freq_desc_tables[] = {
+        /* PNW */
+        { 6, 0x27, 0, { 0, 0, 0, 0, 0, FREQ_100, 0, FREQ_83 } },
+        /* CLV+ */
+        { 6, 0x35, 0, { 0, FREQ_133, 0, 0, 0, FREQ_100, 0, FREQ_83 } },
+        /* TNG */
+        { 6, 0x4a, 1, { 0, FREQ_100, FREQ_133, 0, 0, 0, 0, 0 } },
+        /* VLV2 */
+        { 6, 0x37, 1, { FREQ_83, FREQ_100, FREQ_133, FREQ_166, 0, 0, 0, 0 } },
+        /* ANN */
+        { 6, 0x5a, 1, { FREQ_83, FREQ_100, FREQ_133, FREQ_100, 0, 0, 0, 0 } },
+};
+static int match_cpu(u8 family, u8 model)
+{
+        int i;
+        for (i = 0; i < ARRAY_SIZE(freq_desc_tables); i++) {
+                if ((family == freq_desc_tables[i].x86_family) &&
+                        (model == freq_desc_tables[i].x86_model))
+                        return i;
+        }
+        return -1;
+}
+/* Map CPU reference clock freq ID(0-7) to CPU reference clock freq(KHz) */
+#define id_to_freq(cpu_index, freq_id) \
+        (freq_desc_tables[cpu_index].freqs[freq_id])
+/*
+ * Do MSR calibration only for known/supported CPUs.
+ *
+ * Returns the calibration value or 0 if MSR calibration failed.
+ */
+unsigned long try_msr_calibrate_tsc(void)
+{
+        u32 lo, hi, ratio, freq_id, freq;
+        unsigned long res;
+        int cpu_index;
+        cpu_index = match_cpu(boot_cpu_data.x86, boot_cpu_data.x86_model);
+        if (cpu_index < 0)
+                return 0;
+        if (freq_desc_tables[cpu_index].msr_plat) {
+                rdmsr(MSR_PLATFORM_INFO, lo, hi);
+                ratio = (lo >> 8) & 0x1f;
+        } else {
+                rdmsr(MSR_IA32_PERF_STATUS, lo, hi);
+                ratio = (hi >> 8) & 0x1f;
+        }
+        pr_info("Maximum core-clock to bus-clock ratio: 0x%x\n", ratio);
+        if (!ratio)
+                goto fail;
+        /* Get FSB FREQ ID */
+        rdmsr(MSR_FSB_FREQ, lo, hi);
+        freq_id = lo & 0x7;
+        freq = id_to_freq(cpu_index, freq_id);
+        pr_info("Resolved frequency ID: %u, frequency: %u KHz\n",
+                                freq_id, freq);
+        if (!freq)
+                goto fail;
+        /* TSC frequency = maximum resolved freq * maximum resolved bus ratio */
+        res = freq * ratio;
+        pr_info("TSC runs at %lu KHz\n", res);
+#ifdef CONFIG_X86_LOCAL_APIC
+        lapic_timer_frequency = (freq * 1000) / HZ;
+        pr_info("lapic_timer_frequency = %d\n", lapic_timer_frequency);
+#endif
+        return res;
+fail:
+        pr_warn("Fast TSC calibration using MSR failed\n");
+        return 0;
+}
diff --git a/arch/x86/kernel/tsc_sync.c b/arch/x86/kernel/tsc_sync.c
index adfdf56a3714..26488487bc61 100644
--- a/arch/x86/kernel/tsc_sync.c
+++ b/arch/x86/kernel/tsc_sync.c
@@ -16,7 +16,6 @@
 */
 #include <linux/spinlock.h>
 #include <linux/kernel.h>
-#include <linux/init.h>
 #include <linux/smp.h>
 #include <linux/nmi.h>
 #include <asm/tsc.h>
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index da6b35a98260..49edf2dd3613 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -147,7 +147,6 @@ SECTIONS
                _edata = .;
        } :data
-#ifdef CONFIG_X86_64
        . = ALIGN(PAGE_SIZE);
        __vvar_page = .;
@@ -165,12 +164,15 @@ SECTIONS
 #undef __VVAR_KERNEL_LDS
 #undef EMIT_VVAR
+                /*
+                 * Pad the rest of the page with zeros.  Otherwise the loader
+                 * can leave garbage here.
+                 */
+                . = __vvar_beginning_hack + PAGE_SIZE;
        } :data
       . = ALIGN(__vvar_page + PAGE_SIZE, PAGE_SIZE);
-#endif /* CONFIG_X86_64 */
        /* Init code and data - will be freed after init */
        . = ALIGN(PAGE_SIZE);
        .init.begin : AT(ADDR(.init.begin) - LOAD_OFFSET) {
diff --git a/arch/x86/kernel/vsmp_64.c b/arch/x86/kernel/vsmp_64.c
index 992f890283e9..f6584a90aba3 100644
--- a/arch/x86/kernel/vsmp_64.c
+++ b/arch/x86/kernel/vsmp_64.c
@@ -33,7 +33,7 @@
 * and vice versa.
 */
-static unsigned long vsmp_save_fl(void)
+asmlinkage unsigned long vsmp_save_fl(void)
 {
        unsigned long flags = native_save_fl();
@@ -43,7 +43,7 @@ static unsigned long vsmp_save_fl(void)
 }
 PV_CALLEE_SAVE_REGS_THUNK(vsmp_save_fl);
-static void vsmp_restore_fl(unsigned long flags)
+__visible void vsmp_restore_fl(unsigned long flags)
 {
        if (flags & X86_EFLAGS_IF)
                flags &= ~X86_EFLAGS_AC;
@@ -53,7 +53,7 @@ static void vsmp_restore_fl(unsigned long flags)
 }
 PV_CALLEE_SAVE_REGS_THUNK(vsmp_restore_fl);
-static void vsmp_irq_disable(void)
+asmlinkage void vsmp_irq_disable(void)
 {
        unsigned long flags = native_save_fl();
@@ -61,7 +61,7 @@ static void vsmp_irq_disable(void)
 }
 PV_CALLEE_SAVE_REGS_THUNK(vsmp_irq_disable);
-static void vsmp_irq_enable(void)
+asmlinkage void vsmp_irq_enable(void)
 {
        unsigned long flags = native_save_fl();
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 1f96f9347ed9..8b3b3eb3cead 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -47,14 +47,12 @@
 #include <asm/segment.h>
 #include <asm/desc.h>
 #include <asm/topology.h>
-#include <asm/vgtod.h>
 #include <asm/traps.h>
 #define CREATE_TRACE_POINTS
 #include "vsyscall_trace.h"
 DEFINE_VVAR(int, vgetcpu_mode);
-DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data);
 static enum { EMULATE, NATIVE, NONE } vsyscall_mode = EMULATE;
@@ -77,48 +75,6 @@ static int __init vsyscall_setup(char *str)
 }
 early_param("vsyscall", vsyscall_setup);
-void update_vsyscall_tz(void)
-{
-        vsyscall_gtod_data.sys_tz = sys_tz;
-}
-void update_vsyscall(struct timekeeper *tk)
-{
-        struct vsyscall_gtod_data *vdata = &vsyscall_gtod_data;
-        write_seqcount_begin(&vdata->seq);
-        /* copy vsyscall data */
-        vdata->clock.vclock_mode        = tk->clock->archdata.vclock_mode;
-        vdata->clock.cycle_last         = tk->clock->cycle_last;
-        vdata->clock.mask               = tk->clock->mask;
-        vdata->clock.mult               = tk->mult;
-        vdata->clock.shift              = tk->shift;
-        vdata->wall_time_sec            = tk->xtime_sec;
-        vdata->wall_time_snsec          = tk->xtime_nsec;
-        vdata->monotonic_time_sec       = tk->xtime_sec
-                                        + tk->wall_to_monotonic.tv_sec;
-        vdata->monotonic_time_snsec     = tk->xtime_nsec
-                                        + (tk->wall_to_monotonic.tv_nsec
-                                                << tk->shift);
-        while (vdata->monotonic_time_snsec >=
-                                        (((u64)NSEC_PER_SEC) << tk->shift)) {
-                vdata->monotonic_time_snsec -=
-                                        ((u64)NSEC_PER_SEC) << tk->shift;
-                vdata->monotonic_time_sec++;
-        }
-        vdata->wall_time_coarse.tv_sec  = tk->xtime_sec;
-        vdata->wall_time_coarse.tv_nsec = (long)(tk->xtime_nsec >> tk->shift);
-        vdata->monotonic_time_coarse    = timespec_add(vdata->wall_time_coarse,
-                                                        tk->wall_to_monotonic);
-        write_seqcount_end(&vdata->seq);
-}
 static void warn_bad_vsyscall(const char *level, struct pt_regs *regs,
                              const char *message)
 {
@@ -374,7 +330,6 @@ void __init map_vsyscall(void)
 {
        extern char __vsyscall_page;
        unsigned long physaddr_vsyscall = __pa_symbol(&__vsyscall_page);
-        extern char __vvar_page;
        unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page);
        __set_fixmap(VSYSCALL_FIRST_PAGE, physaddr_vsyscall,
@@ -393,9 +348,13 @@ static int __init vsyscall_init(void)
 {
        BUG_ON(VSYSCALL_ADDR(0) != __fix_to_virt(VSYSCALL_FIRST_PAGE));
+        cpu_notifier_register_begin();
        on_each_cpu(cpu_vsyscall_init, NULL, 1);
        /* notifier priority > KVM */
-        hotcpu_notifier(cpu_vsyscall_notifier, 30);
+        __hotcpu_notifier(cpu_vsyscall_notifier, 30);
+        cpu_notifier_register_done();
        return 0;
 }
diff --git a/arch/x86/kernel/vsyscall_gtod.c b/arch/x86/kernel/vsyscall_gtod.c
new file mode 100644
index 000000000000..f9c6e56e14b5
--- /dev/null
+++ b/arch/x86/kernel/vsyscall_gtod.c
@@ -0,0 +1,69 @@
+/*
+ *  Copyright (C) 2001 Andrea Arcangeli <andrea@suse.de> SuSE
+ *  Copyright 2003 Andi Kleen, SuSE Labs.
+ *
+ *  Modified for x86 32 bit architecture by
+ *  Stefani Seibold <stefani@seibold.net>
+ *  sponsored by Rohde & Schwarz GmbH & Co. KG Munich/Germany
+ *
+ *  Thanks to hpa@transmeta.com for some useful hint.
+ *  Special thanks to Ingo Molnar for his early experience with
+ *  a different vsyscall implementation for Linux/IA32 and for the name.
+ *
+ */
+#include <linux/timekeeper_internal.h>
+#include <asm/vgtod.h>
+#include <asm/vvar.h>
+DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data);
+void update_vsyscall_tz(void)
+{
+        vsyscall_gtod_data.tz_minuteswest = sys_tz.tz_minuteswest;
+        vsyscall_gtod_data.tz_dsttime = sys_tz.tz_dsttime;
+}
+void update_vsyscall(struct timekeeper *tk)
+{
+        struct vsyscall_gtod_data *vdata = &vsyscall_gtod_data;
+        gtod_write_begin(vdata);
+        /* copy vsyscall data */
+        vdata->vclock_mode      = tk->clock->archdata.vclock_mode;
+        vdata->cycle_last       = tk->clock->cycle_last;
+        vdata->mask             = tk->clock->mask;
+        vdata->mult             = tk->mult;
+        vdata->shift            = tk->shift;
+        vdata->wall_time_sec            = tk->xtime_sec;
+        vdata->wall_time_snsec          = tk->xtime_nsec;
+        vdata->monotonic_time_sec       = tk->xtime_sec
+                                        + tk->wall_to_monotonic.tv_sec;
+        vdata->monotonic_time_snsec     = tk->xtime_nsec
+                                        + (tk->wall_to_monotonic.tv_nsec
+                                                << tk->shift);
+        while (vdata->monotonic_time_snsec >=
+                                        (((u64)NSEC_PER_SEC) << tk->shift)) {
+                vdata->monotonic_time_snsec -=
+                                        ((u64)NSEC_PER_SEC) << tk->shift;
+                vdata->monotonic_time_sec++;
+        }
+        vdata->wall_time_coarse_sec     = tk->xtime_sec;
+        vdata->wall_time_coarse_nsec    = (long)(tk->xtime_nsec >> tk->shift);
+        vdata->monotonic_time_coarse_sec =
+                vdata->wall_time_coarse_sec + tk->wall_to_monotonic.tv_sec;
+        vdata->monotonic_time_coarse_nsec =
+                vdata->wall_time_coarse_nsec + tk->wall_to_monotonic.tv_nsec;
+        while (vdata->monotonic_time_coarse_nsec >= NSEC_PER_SEC) {
+                vdata->monotonic_time_coarse_nsec -= NSEC_PER_SEC;
+                vdata->monotonic_time_coarse_sec++;
+        }
+        gtod_write_end(vdata);
+}
diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
index 021783b1f46a..e48b674639cc 100644
--- a/arch/x86/kernel/x86_init.c
+++ b/arch/x86/kernel/x86_init.c
@@ -136,9 +136,9 @@ void arch_teardown_msi_irq(unsigned int irq)
        x86_msi.teardown_msi_irq(irq);
 }
-void arch_restore_msi_irqs(struct pci_dev *dev, int irq)
+void arch_restore_msi_irqs(struct pci_dev *dev)
 {
-        x86_msi.restore_msi_irqs(dev, irq);
+        x86_msi.restore_msi_irqs(dev);
 }
 u32 arch_msi_mask_irq(struct msi_desc *desc, u32 mask, u32 flag)
 {
diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
index 422fd8223470..a4b451c6addf 100644
--- a/arch/x86/kernel/xsave.c
+++ b/arch/x86/kernel/xsave.c
@@ -562,6 +562,16 @@ static void __init xstate_enable_boot_cpu(void)
        if (cpu_has_xsaveopt && eagerfpu != DISABLE)
                eagerfpu = ENABLE;
+        if (pcntxt_mask & XSTATE_EAGER) {
+                if (eagerfpu == DISABLE) {
+                        pr_err("eagerfpu not present, disabling some xstate features: 0x%llx\n",
+                                        pcntxt_mask & XSTATE_EAGER);
+                        pcntxt_mask &= ~XSTATE_EAGER;
+                } else {
+                        eagerfpu = ENABLE;
+                }
+        }
        pr_info("enabled xstate_bv 0x%llx, cntxt size 0x%x\n",
                pcntxt_mask, xstate_size);
 }
diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index b89c5db2b832..287e4c85fff9 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -80,7 +80,7 @@ config KVM_MMU_AUDIT
        depends on KVM && TRACEPOINTS
        ---help---
         This option adds a R/W kVM module parameter 'mmu_audit', which allows
-         audit  KVM MMU at runtime.
+         auditing of KVM MMU events at runtime.
 config KVM_DEVICE_ASSIGNMENT
        bool "KVM legacy PCI device assignment support"
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index c6976257eff5..bea60671ef8a 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -28,7 +28,7 @@ static u32 xstate_required_size(u64 xstate_bv)
        int feature_bit = 0;
        u32 ret = XSAVE_HDR_SIZE + XSAVE_HDR_OFFSET;
-        xstate_bv &= ~XSTATE_FPSSE;
+        xstate_bv &= XSTATE_EXTEND_MASK;
        while (xstate_bv) {
                if (xstate_bv & 0x1) {
                        u32 eax, ebx, ecx, edx;
@@ -43,6 +43,16 @@ static u32 xstate_required_size(u64 xstate_bv)
        return ret;
 }
+u64 kvm_supported_xcr0(void)
+{
+        u64 xcr0 = KVM_SUPPORTED_XCR0 & host_xcr0;
+        if (!kvm_x86_ops->mpx_supported())
+                xcr0 &= ~(XSTATE_BNDREGS | XSTATE_BNDCSR);
+        return xcr0;
+}
 void kvm_update_cpuid(struct kvm_vcpu *vcpu)
 {
        struct kvm_cpuid_entry2 *best;
@@ -73,9 +83,9 @@ void kvm_update_cpuid(struct kvm_vcpu *vcpu)
        } else {
                vcpu->arch.guest_supported_xcr0 =
                        (best->eax | ((u64)best->edx << 32)) &
-                        host_xcr0 & KVM_SUPPORTED_XCR0;
+                        kvm_supported_xcr0();
-                vcpu->arch.guest_xstate_size =
+                vcpu->arch.guest_xstate_size = best->ebx =
-                        xstate_required_size(vcpu->arch.guest_supported_xcr0);
+                        xstate_required_size(vcpu->arch.xcr0);
        }
        kvm_pmu_cpuid_update(vcpu);
@@ -210,13 +220,6 @@ static void do_cpuid_1_ent(struct kvm_cpuid_entry2 *entry, u32 function,
        entry->flags = 0;
 }
-static bool supported_xcr0_bit(unsigned bit)
-{
-        u64 mask = ((u64)1 << bit);
-        return mask & KVM_SUPPORTED_XCR0 & host_xcr0;
-}
 #define F(x) bit(X86_FEATURE_##x)
 static int __do_cpuid_ent_emulated(struct kvm_cpuid_entry2 *entry,
@@ -256,6 +259,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 #endif
        unsigned f_rdtscp = kvm_x86_ops->rdtscp_supported() ? F(RDTSCP) : 0;
        unsigned f_invpcid = kvm_x86_ops->invpcid_supported() ? F(INVPCID) : 0;
+        unsigned f_mpx = kvm_x86_ops->mpx_supported() ? F(MPX) : 0;
        /* cpuid 1.edx */
        const u32 kvm_supported_word0_x86_features =
@@ -263,7 +267,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
                F(TSC) | F(MSR) | F(PAE) | F(MCE) |
                F(CX8) | F(APIC) | 0 /* Reserved */ | F(SEP) |
                F(MTRR) | F(PGE) | F(MCA) | F(CMOV) |
-                F(PAT) | F(PSE36) | 0 /* PSN */ | F(CLFLSH) |
+                F(PAT) | F(PSE36) | 0 /* PSN */ | F(CLFLUSH) |
                0 /* Reserved, DS, ACPI */ | F(MMX) |
                F(FXSR) | F(XMM) | F(XMM2) | F(SELFSNOOP) |
                0 /* HTT, TM, Reserved, PBE */;
@@ -303,7 +307,8 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
        /* cpuid 7.0.ebx */
        const u32 kvm_supported_word9_x86_features =
                F(FSGSBASE) | F(BMI1) | F(HLE) | F(AVX2) | F(SMEP) |
-                F(BMI2) | F(ERMS) | f_invpcid | F(RTM);
+                F(BMI2) | F(ERMS) | f_invpcid | F(RTM) | f_mpx | F(RDSEED) |
+                F(ADX);
        /* all calls to cpuid_count() should be made on the same cpu */
        get_cpu();
@@ -436,16 +441,18 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
        }
        case 0xd: {
                int idx, i;
+                u64 supported = kvm_supported_xcr0();
-                entry->eax &= host_xcr0 & KVM_SUPPORTED_XCR0;
+                entry->eax &= supported;
-                entry->edx &= (host_xcr0 & KVM_SUPPORTED_XCR0) >> 32;
+                entry->edx &= supported >> 32;
                entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
                for (idx = 1, i = 1; idx < 64; ++idx) {
+                        u64 mask = ((u64)1 << idx);
                        if (*nent >= maxnent)
                                goto out;
                        do_cpuid_1_ent(&entry[i], function, idx);
-                        if (entry[i].eax == 0 || !supported_xcr0_bit(idx))
+                        if (entry[i].eax == 0 || !(supported & mask))
                                continue;
                        entry[i].flags |=
                               KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index f1e4895174b2..a2a1bb7ed8c1 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -72,4 +72,12 @@ static inline bool guest_cpuid_has_pcid(struct kvm_vcpu *vcpu)
        return best && (best->ecx & bit(X86_FEATURE_PCID));
 }
+static inline bool guest_cpuid_has_x2apic(struct kvm_vcpu *vcpu)
+{
+        struct kvm_cpuid_entry2 *best;
+        best = kvm_find_cpuid_entry(vcpu, 1, 0);
+        return best && (best->ecx & bit(X86_FEATURE_X2APIC));
+}
 #endif
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 07ffca0a89e9..205b17eed93c 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3668,6 +3668,10 @@ static const struct gprefix pfx_vmovntpx = {
        I(0, em_mov), N, N, N,
 };
+static const struct gprefix pfx_0f_28_0f_29 = {
+        I(Aligned, em_mov), I(Aligned, em_mov), N, N,
+};
 static const struct escape escape_d9 = { {
        N, N, N, N, N, N, N, I(DstMem, em_fnstcw),
 }, {
@@ -3870,7 +3874,9 @@ static const struct opcode twobyte_table[256] = {
        IIP(ModRM | SrcMem | Priv | Op3264, em_cr_write, cr_write, check_cr_write),
        IIP(ModRM | SrcMem | Priv | Op3264, em_dr_write, dr_write, check_dr_write),
        N, N, N, N,
-        N, N, N, GP(ModRM | DstMem | SrcReg | Sse | Mov | Aligned, &pfx_vmovntpx),
+        GP(ModRM | DstReg | SrcMem | Mov | Sse, &pfx_0f_28_0f_29),
+        GP(ModRM | DstMem | SrcReg | Mov | Sse, &pfx_0f_28_0f_29),
+        N, GP(ModRM | DstMem | SrcReg | Sse | Mov | Aligned, &pfx_vmovntpx),
        N, N, N, N,
        /* 0x30 - 0x3F */
        II(ImplicitOps | Priv, em_wrmsr, wrmsr),
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index 412a5aa0ef94..518d86471b76 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -37,6 +37,7 @@
 #include "irq.h"
 #include "i8254.h"
+#include "x86.h"
 #ifndef CONFIG_X86_64
 #define mod_64(x, y) ((x) - (y) * div64_u64(x, y))
@@ -349,6 +350,23 @@ static void create_pit_timer(struct kvm *kvm, u32 val, int is_period)
        atomic_set(&ps->pending, 0);
        ps->irq_ack = 1;
+        /*
+         * Do not allow the guest to program periodic timers with small
+         * interval, since the hrtimers are not throttled by the host
+         * scheduler.
+         */
+        if (ps->is_periodic) {
+                s64 min_period = min_timer_period_us * 1000LL;
+                if (ps->period < min_period) {
+                        pr_info_ratelimited(
+                            "kvm: requested %lld ns "
+                            "i8254 timer period limited to %lld ns\n",
+                            ps->period, min_period);
+                        ps->period = min_period;
+                }
+        }
        hrtimer_start(&ps->timer, ktime_add_ns(ktime_get(), interval),
                      HRTIMER_MODE_ABS);
 }
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 775702f649ca..9736529ade08 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -71,9 +71,6 @@
 #define VEC_POS(v) ((v) & (32 - 1))
 #define REG_POS(v) (((v) >> 5) << 4)
-static unsigned int min_timer_period_us = 500;
-module_param(min_timer_period_us, uint, S_IRUGO | S_IWUSR);
 static inline void apic_set_reg(struct kvm_lapic *apic, int reg_off, u32 val)
 {
        *((u32 *) (apic->regs + reg_off)) = val;
@@ -435,7 +432,7 @@ static bool pv_eoi_get_pending(struct kvm_vcpu *vcpu)
        u8 val;
        if (pv_eoi_get_user(vcpu, &val) < 0)
                apic_debug("Can't read EOI MSR value: 0x%llx\n",
-                           (unsigned long long)vcpi->arch.pv_eoi.msr_val);
+                           (unsigned long long)vcpu->arch.pv_eoi.msr_val);
        return val & 0x1;
 }
@@ -443,7 +440,7 @@ static void pv_eoi_set_pending(struct kvm_vcpu *vcpu)
 {
        if (pv_eoi_put_user(vcpu, KVM_PV_EOI_ENABLED) < 0) {
                apic_debug("Can't set EOI MSR value: 0x%llx\n",
-                           (unsigned long long)vcpi->arch.pv_eoi.msr_val);
+                           (unsigned long long)vcpu->arch.pv_eoi.msr_val);
                return;
        }
        __set_bit(KVM_APIC_PV_EOI_PENDING, &vcpu->arch.apic_attention);
@@ -453,7 +450,7 @@ static void pv_eoi_clr_pending(struct kvm_vcpu *vcpu)
 {
        if (pv_eoi_put_user(vcpu, KVM_PV_EOI_DISABLED) < 0) {
                apic_debug("Can't clear EOI MSR value: 0x%llx\n",
-                           (unsigned long long)vcpi->arch.pv_eoi.msr_val);
+                           (unsigned long long)vcpu->arch.pv_eoi.msr_val);
                return;
        }
        __clear_bit(KVM_APIC_PV_EOI_PENDING, &vcpu->arch.apic_attention);
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index c8b0d0d2da5c..6a11845fd8b9 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -65,7 +65,7 @@ bool kvm_irq_delivery_to_apic_fast(struct kvm *kvm, struct kvm_lapic *src,
                struct kvm_lapic_irq *irq, int *r, unsigned long *dest_map);
 u64 kvm_get_apic_base(struct kvm_vcpu *vcpu);
-void kvm_set_apic_base(struct kvm_vcpu *vcpu, u64 data);
+int kvm_set_apic_base(struct kvm_vcpu *vcpu, struct msr_data *msr_info);
 void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu,
                struct kvm_lapic_state *s);
 int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 40772ef0f2b1..f5704d9e5ddc 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2659,6 +2659,9 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
        int emulate = 0;
        gfn_t pseudo_gfn;
+        if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
+                return 0;
        for_each_shadow_entry(vcpu, (u64)gfn << PAGE_SHIFT, iterator) {
                if (iterator.level == level) {
                        mmu_set_spte(vcpu, iterator.sptep, ACC_ALL,
@@ -2669,6 +2672,7 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
                        break;
                }
+                drop_large_spte(vcpu, iterator.sptep);
                if (!is_shadow_present_pte(*iterator.sptep)) {
                        u64 base_addr = iterator.addr;
@@ -2829,6 +2833,9 @@ static bool fast_page_fault(struct kvm_vcpu *vcpu, gva_t gva, int level,
        bool ret = false;
        u64 spte = 0ull;
+        if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
+                return false;
        if (!page_fault_can_be_fast(error_code))
                return false;
@@ -3224,6 +3231,9 @@ static u64 walk_shadow_page_get_mmio_spte(struct kvm_vcpu *vcpu, u64 addr)
        struct kvm_shadow_walk_iterator iterator;
        u64 spte = 0ull;
+        if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
+                return spte;
        walk_shadow_page_lockless_begin(vcpu);
        for_each_shadow_entry_lockless(vcpu, addr, iterator, spte)
                if (!is_shadow_present_pte(spte))
@@ -3319,7 +3329,7 @@ static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn)
        arch.direct_map = vcpu->arch.mmu.direct_map;
        arch.cr3 = vcpu->arch.mmu.get_cr3(vcpu);
-        return kvm_setup_async_pf(vcpu, gva, gfn, &arch);
+        return kvm_setup_async_pf(vcpu, gva, gfn_to_hva(vcpu->kvm, gfn), &arch);
 }
 static bool can_do_async_pf(struct kvm_vcpu *vcpu)
@@ -4510,6 +4520,9 @@ int kvm_mmu_get_spte_hierarchy(struct kvm_vcpu *vcpu, u64 addr, u64 sptes[4])
        u64 spte;
        int nr_sptes = 0;
+        if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
+                return nr_sptes;
        walk_shadow_page_lockless_begin(vcpu);
        for_each_shadow_entry_lockless(vcpu, addr, iterator, spte) {
                sptes[iterator.level-1] = spte;
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index ad75d77999d0..b1e6c1bf68d3 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -569,6 +569,9 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
        if (FNAME(gpte_changed)(vcpu, gw, top_level))
                goto out_gpte_changed;
+        if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
+                goto out_gpte_changed;
        for (shadow_walk_init(&it, vcpu, addr);
             shadow_walk_okay(&it) && it.level > gw->level;
             shadow_walk_next(&it)) {
@@ -820,6 +823,11 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
         */
        mmu_topup_memory_caches(vcpu);
+        if (!VALID_PAGE(vcpu->arch.mmu.root_hpa)) {
+                WARN_ON(1);
+                return;
+        }
        spin_lock(&vcpu->kvm->mmu_lock);
        for_each_shadow_entry(vcpu, gva, iterator) {
                level = iterator.level;
@@ -905,7 +913,8 @@ static gpa_t FNAME(gva_to_gpa_nested)(struct kvm_vcpu *vcpu, gva_t vaddr,
 *   and kvm_mmu_notifier_invalidate_range_start detect the mapping page isn't
 *   used by guest then tlbs are not flushed, so guest is allowed to access the
 *   freed pages.
- *   And we increase kvm->tlbs_dirty to delay tlbs flush in this case.
+ *   We set tlbs_dirty to let the notifier know this change and delay the flush
+ *   until such a case actually happens.
 */
 static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
 {
@@ -934,7 +943,7 @@ static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
                        return -EINVAL;
                if (FNAME(prefetch_invalid_gpte)(vcpu, sp, &sp->spt[i], gpte)) {
-                        vcpu->kvm->tlbs_dirty++;
+                        vcpu->kvm->tlbs_dirty = true;
                        continue;
                }
@@ -949,7 +958,7 @@ static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
                if (gfn != sp->gfns[i]) {
                        drop_spte(vcpu->kvm, &sp->spt[i]);
-                        vcpu->kvm->tlbs_dirty++;
+                        vcpu->kvm->tlbs_dirty = true;
                        continue;
                }
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index c7168a5cff1b..7f4f9c2badae 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -34,6 +34,7 @@
 #include <asm/perf_event.h>
 #include <asm/tlbflush.h>
 #include <asm/desc.h>
+#include <asm/debugreg.h>
 #include <asm/kvm_para.h>
 #include <asm/virtext.h>
@@ -303,20 +304,35 @@ static inline bool is_cr_intercept(struct vcpu_svm *svm, int bit)
        return vmcb->control.intercept_cr & (1U << bit);
 }
-static inline void set_dr_intercept(struct vcpu_svm *svm, int bit)
+static inline void set_dr_intercepts(struct vcpu_svm *svm)
 {
        struct vmcb *vmcb = get_host_vmcb(svm);
-        vmcb->control.intercept_dr |= (1U << bit);
+        vmcb->control.intercept_dr = (1 << INTERCEPT_DR0_READ)
+                | (1 << INTERCEPT_DR1_READ)
+                | (1 << INTERCEPT_DR2_READ)
+                | (1 << INTERCEPT_DR3_READ)
+                | (1 << INTERCEPT_DR4_READ)
+                | (1 << INTERCEPT_DR5_READ)
+                | (1 << INTERCEPT_DR6_READ)
+                | (1 << INTERCEPT_DR7_READ)
+                | (1 << INTERCEPT_DR0_WRITE)
+                | (1 << INTERCEPT_DR1_WRITE)
+                | (1 << INTERCEPT_DR2_WRITE)
+                | (1 << INTERCEPT_DR3_WRITE)
+                | (1 << INTERCEPT_DR4_WRITE)
+                | (1 << INTERCEPT_DR5_WRITE)
+                | (1 << INTERCEPT_DR6_WRITE)
+                | (1 << INTERCEPT_DR7_WRITE);
        recalc_intercepts(svm);
 }
-static inline void clr_dr_intercept(struct vcpu_svm *svm, int bit)
+static inline void clr_dr_intercepts(struct vcpu_svm *svm)
 {
        struct vmcb *vmcb = get_host_vmcb(svm);
-        vmcb->control.intercept_dr &= ~(1U << bit);
+        vmcb->control.intercept_dr = 0;
        recalc_intercepts(svm);
 }
@@ -1080,23 +1096,7 @@ static void init_vmcb(struct vcpu_svm *svm)
        set_cr_intercept(svm, INTERCEPT_CR4_WRITE);
        set_cr_intercept(svm, INTERCEPT_CR8_WRITE);
-        set_dr_intercept(svm, INTERCEPT_DR0_READ);
+        set_dr_intercepts(svm);
-        set_dr_intercept(svm, INTERCEPT_DR1_READ);
-        set_dr_intercept(svm, INTERCEPT_DR2_READ);
-        set_dr_intercept(svm, INTERCEPT_DR3_READ);
-        set_dr_intercept(svm, INTERCEPT_DR4_READ);
-        set_dr_intercept(svm, INTERCEPT_DR5_READ);
-        set_dr_intercept(svm, INTERCEPT_DR6_READ);
-        set_dr_intercept(svm, INTERCEPT_DR7_READ);
-        set_dr_intercept(svm, INTERCEPT_DR0_WRITE);
-        set_dr_intercept(svm, INTERCEPT_DR1_WRITE);
-        set_dr_intercept(svm, INTERCEPT_DR2_WRITE);
-        set_dr_intercept(svm, INTERCEPT_DR3_WRITE);
-        set_dr_intercept(svm, INTERCEPT_DR4_WRITE);
-        set_dr_intercept(svm, INTERCEPT_DR5_WRITE);
-        set_dr_intercept(svm, INTERCEPT_DR6_WRITE);
-        set_dr_intercept(svm, INTERCEPT_DR7_WRITE);
        set_exception_intercept(svm, PF_VECTOR);
        set_exception_intercept(svm, UD_VECTOR);
@@ -1671,6 +1671,34 @@ static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd)
        mark_dirty(svm->vmcb, VMCB_ASID);
 }
+static u64 svm_get_dr6(struct kvm_vcpu *vcpu)
+{
+        return to_svm(vcpu)->vmcb->save.dr6;
+}
+static void svm_set_dr6(struct kvm_vcpu *vcpu, unsigned long value)
+{
+        struct vcpu_svm *svm = to_svm(vcpu);
+        svm->vmcb->save.dr6 = value;
+        mark_dirty(svm->vmcb, VMCB_DR);
+}
+static void svm_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
+{
+        struct vcpu_svm *svm = to_svm(vcpu);
+        get_debugreg(vcpu->arch.db[0], 0);
+        get_debugreg(vcpu->arch.db[1], 1);
+        get_debugreg(vcpu->arch.db[2], 2);
+        get_debugreg(vcpu->arch.db[3], 3);
+        vcpu->arch.dr6 = svm_get_dr6(vcpu);
+        vcpu->arch.dr7 = svm->vmcb->save.dr7;
+        vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT;
+        set_dr_intercepts(svm);
+}
 static void svm_set_dr7(struct kvm_vcpu *vcpu, unsigned long value)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
@@ -2829,6 +2857,7 @@ static int iret_interception(struct vcpu_svm *svm)
        clr_intercept(svm, INTERCEPT_IRET);
        svm->vcpu.arch.hflags |= HF_IRET_MASK;
        svm->nmi_iret_rip = kvm_rip_read(&svm->vcpu);
+        kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
        return 1;
 }
@@ -2961,6 +2990,17 @@ static int dr_interception(struct vcpu_svm *svm)
        unsigned long val;
        int err;
+        if (svm->vcpu.guest_debug == 0) {
+                /*
+                 * No more DR vmexits; force a reload of the debug registers
+                 * and reenter on this instruction.  The next vmexit will
+                 * retrieve the full state of the debug registers.
+                 */
+                clr_dr_intercepts(svm);
+                svm->vcpu.arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT;
+                return 1;
+        }
        if (!boot_cpu_has(X86_FEATURE_DECODEASSISTS))
                return emulate_on_interception(svm);
@@ -2989,10 +3029,8 @@ static int cr8_write_interception(struct vcpu_svm *svm)
        u8 cr8_prev = kvm_get_cr8(&svm->vcpu);
        /* instruction emulation calls kvm_set_cr8() */
        r = cr_interception(svm);
-        if (irqchip_in_kernel(svm->vcpu.kvm)) {
+        if (irqchip_in_kernel(svm->vcpu.kvm))
-                clr_cr_intercept(svm, INTERCEPT_CR8_WRITE);
                return r;
-        }
        if (cr8_prev <= kvm_get_cr8(&svm->vcpu))
                return r;
        kvm_run->exit_reason = KVM_EXIT_SET_TPR;
@@ -3554,6 +3592,8 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
        if (is_guest_mode(vcpu) && (vcpu->arch.hflags & HF_VINTR_MASK))
                return;
+        clr_cr_intercept(svm, INTERCEPT_CR8_WRITE);
        if (irr == -1)
                return;
@@ -3636,7 +3676,7 @@ static int svm_interrupt_allowed(struct kvm_vcpu *vcpu)
        return ret;
 }
-static int enable_irq_window(struct kvm_vcpu *vcpu)
+static void enable_irq_window(struct kvm_vcpu *vcpu)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
@@ -3650,16 +3690,15 @@ static int enable_irq_window(struct kvm_vcpu *vcpu)
                svm_set_vintr(svm);
                svm_inject_irq(svm, 0x0);
        }
-        return 0;
 }
-static int enable_nmi_window(struct kvm_vcpu *vcpu)
+static void enable_nmi_window(struct kvm_vcpu *vcpu)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
        if ((svm->vcpu.arch.hflags & (HF_NMI_MASK | HF_IRET_MASK))
            == HF_NMI_MASK)
-                return 0; /* IRET will cause a vm exit */
+                return; /* IRET will cause a vm exit */
        /*
         * Something prevents NMI from been injected. Single step over possible
@@ -3668,7 +3707,6 @@ static int enable_nmi_window(struct kvm_vcpu *vcpu)
        svm->nmi_singlestep = true;
        svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
        update_db_bp_intercept(vcpu);
-        return 0;
 }
 static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
@@ -4051,6 +4089,11 @@ static bool svm_invpcid_supported(void)
        return false;
 }
+static bool svm_mpx_supported(void)
+{
+        return false;
+}
 static bool svm_has_wbinvd_exit(void)
 {
        return true;
@@ -4286,7 +4329,10 @@ static struct kvm_x86_ops svm_x86_ops = {
        .set_idt = svm_set_idt,
        .get_gdt = svm_get_gdt,
        .set_gdt = svm_set_gdt,
+        .get_dr6 = svm_get_dr6,
+        .set_dr6 = svm_set_dr6,
        .set_dr7 = svm_set_dr7,
+        .sync_dirty_debug_regs = svm_sync_dirty_debug_regs,
        .cache_reg = svm_cache_reg,
        .get_rflags = svm_get_rflags,
        .set_rflags = svm_set_rflags,
@@ -4330,6 +4376,7 @@ static struct kvm_x86_ops svm_x86_ops = {
        .rdtscp_supported = svm_rdtscp_supported,
        .invpcid_supported = svm_invpcid_supported,
+        .mpx_supported = svm_mpx_supported,
        .set_supported_cpuid = svm_set_supported_cpuid,
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index da7837e1349d..1320e0f8e611 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -31,6 +31,7 @@
 #include <linux/ftrace_event.h>
 #include <linux/slab.h>
 #include <linux/tboot.h>
+#include <linux/hrtimer.h>
 #include "kvm_cache_regs.h"
 #include "x86.h"
@@ -42,6 +43,7 @@
 #include <asm/i387.h>
 #include <asm/xcr.h>
 #include <asm/perf_event.h>
+#include <asm/debugreg.h>
 #include <asm/kexec.h>
 #include "trace.h"
@@ -110,6 +112,8 @@ module_param(nested, bool, S_IRUGO);
 #define RMODE_GUEST_OWNED_EFLAGS_BITS (~(X86_EFLAGS_IOPL | X86_EFLAGS_VM))
+#define VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE 5
 /*
 * These 2 parameters are used to config the controls for Pause-Loop Exiting:
 * ple_gap:    upper bound on the amount of time between two successive
@@ -202,6 +206,7 @@ struct __packed vmcs12 {
        u64 guest_pdptr1;
        u64 guest_pdptr2;
        u64 guest_pdptr3;
+        u64 guest_bndcfgs;
        u64 host_ia32_pat;
        u64 host_ia32_efer;
        u64 host_ia32_perf_global_ctrl;
@@ -374,6 +379,9 @@ struct nested_vmx {
         */
        struct page *apic_access_page;
        u64 msr_ia32_feature_control;
+        struct hrtimer preemption_timer;
+        bool preemption_timer_expired;
 };
 #define POSTED_INTR_ON  0
@@ -418,6 +426,8 @@ struct vcpu_vmx {
        u64                   msr_host_kernel_gs_base;
        u64                   msr_guest_kernel_gs_base;
 #endif
+        u32 vm_entry_controls_shadow;
+        u32 vm_exit_controls_shadow;
        /*
         * loaded_vmcs points to the VMCS currently used in this vcpu. For a
         * non-nested (L1) guest, it always points to vmcs01. For a nested
@@ -439,6 +449,7 @@ struct vcpu_vmx {
 #endif
                int           gs_ldt_reload_needed;
                int           fs_reload_needed;
+                u64           msr_host_bndcfgs;
        } host_state;
        struct {
                int vm86_active;
@@ -531,6 +542,7 @@ static const unsigned long shadow_read_write_fields[] = {
        GUEST_CS_LIMIT,
        GUEST_CS_BASE,
        GUEST_ES_BASE,
+        GUEST_BNDCFGS,
        CR0_GUEST_HOST_MASK,
        CR0_READ_SHADOW,
        CR4_READ_SHADOW,
@@ -586,6 +598,7 @@ static const unsigned short vmcs_field_to_offset_table[] = {
        FIELD64(GUEST_PDPTR1, guest_pdptr1),
        FIELD64(GUEST_PDPTR2, guest_pdptr2),
        FIELD64(GUEST_PDPTR3, guest_pdptr3),
+        FIELD64(GUEST_BNDCFGS, guest_bndcfgs),
        FIELD64(HOST_IA32_PAT, host_ia32_pat),
        FIELD64(HOST_IA32_EFER, host_ia32_efer),
        FIELD64(HOST_IA32_PERF_GLOBAL_CTRL, host_ia32_perf_global_ctrl),
@@ -716,6 +729,7 @@ static unsigned long nested_ept_get_cr3(struct kvm_vcpu *vcpu);
 static u64 construct_eptp(unsigned long root_hpa);
 static void kvm_cpu_vmxon(u64 addr);
 static void kvm_cpu_vmxoff(void);
+static bool vmx_mpx_supported(void);
 static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr);
 static void vmx_set_segment(struct kvm_vcpu *vcpu,
                            struct kvm_segment *var, int seg);
@@ -726,6 +740,7 @@ static u32 vmx_segment_access_rights(struct kvm_segment *var);
 static void vmx_sync_pir_to_irr_dummy(struct kvm_vcpu *vcpu);
 static void copy_vmcs12_to_shadow(struct vcpu_vmx *vmx);
 static void copy_shadow_to_vmcs12(struct vcpu_vmx *vmx);
+static bool vmx_mpx_supported(void);
 static DEFINE_PER_CPU(struct vmcs *, vmxarea);
 static DEFINE_PER_CPU(struct vmcs *, current_vmcs);
@@ -1045,6 +1060,12 @@ static inline bool nested_cpu_has_virtual_nmis(struct vmcs12 *vmcs12)
        return vmcs12->pin_based_vm_exec_control & PIN_BASED_VIRTUAL_NMIS;
 }
+static inline bool nested_cpu_has_preemption_timer(struct vmcs12 *vmcs12)
+{
+        return vmcs12->pin_based_vm_exec_control &
+                PIN_BASED_VMX_PREEMPTION_TIMER;
+}
 static inline int nested_cpu_has_ept(struct vmcs12 *vmcs12)
 {
        return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_EPT);
@@ -1056,7 +1077,9 @@ static inline bool is_exception(u32 intr_info)
                == (INTR_TYPE_HARD_EXCEPTION | INTR_INFO_VALID_MASK);
 }
-static void nested_vmx_vmexit(struct kvm_vcpu *vcpu);
+static void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason,
+                              u32 exit_intr_info,
+                              unsigned long exit_qualification);
 static void nested_vmx_entry_failure(struct kvm_vcpu *vcpu,
                        struct vmcs12 *vmcs12,
                        u32 reason, unsigned long qualification);
@@ -1326,6 +1349,62 @@ static void vmcs_set_bits(unsigned long field, u32 mask)
        vmcs_writel(field, vmcs_readl(field) | mask);
 }
+static inline void vm_entry_controls_init(struct vcpu_vmx *vmx, u32 val)
+{
+        vmcs_write32(VM_ENTRY_CONTROLS, val);
+        vmx->vm_entry_controls_shadow = val;
+}
+static inline void vm_entry_controls_set(struct vcpu_vmx *vmx, u32 val)
+{
+        if (vmx->vm_entry_controls_shadow != val)
+                vm_entry_controls_init(vmx, val);
+}
+static inline u32 vm_entry_controls_get(struct vcpu_vmx *vmx)
+{
+        return vmx->vm_entry_controls_shadow;
+}
+static inline void vm_entry_controls_setbit(struct vcpu_vmx *vmx, u32 val)
+{
+        vm_entry_controls_set(vmx, vm_entry_controls_get(vmx) | val);
+}
+static inline void vm_entry_controls_clearbit(struct vcpu_vmx *vmx, u32 val)
+{
+        vm_entry_controls_set(vmx, vm_entry_controls_get(vmx) & ~val);
+}
+static inline void vm_exit_controls_init(struct vcpu_vmx *vmx, u32 val)
+{
+        vmcs_write32(VM_EXIT_CONTROLS, val);
+        vmx->vm_exit_controls_shadow = val;
+}
+static inline void vm_exit_controls_set(struct vcpu_vmx *vmx, u32 val)
+{
+        if (vmx->vm_exit_controls_shadow != val)
+                vm_exit_controls_init(vmx, val);
+}
+static inline u32 vm_exit_controls_get(struct vcpu_vmx *vmx)
+{
+        return vmx->vm_exit_controls_shadow;
+}
+static inline void vm_exit_controls_setbit(struct vcpu_vmx *vmx, u32 val)
+{
+        vm_exit_controls_set(vmx, vm_exit_controls_get(vmx) | val);
+}
+static inline void vm_exit_controls_clearbit(struct vcpu_vmx *vmx, u32 val)
+{
+        vm_exit_controls_set(vmx, vm_exit_controls_get(vmx) & ~val);
+}
 static void vmx_segment_cache_clear(struct vcpu_vmx *vmx)
 {
        vmx->segment_cache.bitmask = 0;
@@ -1410,11 +1489,11 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
        vmcs_write32(EXCEPTION_BITMAP, eb);
 }
-static void clear_atomic_switch_msr_special(unsigned long entry,
+static void clear_atomic_switch_msr_special(struct vcpu_vmx *vmx,
-                unsigned long exit)
+                unsigned long entry, unsigned long exit)
 {
-        vmcs_clear_bits(VM_ENTRY_CONTROLS, entry);
+        vm_entry_controls_clearbit(vmx, entry);
-        vmcs_clear_bits(VM_EXIT_CONTROLS, exit);
+        vm_exit_controls_clearbit(vmx, exit);
 }
 static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr)
@@ -1425,14 +1504,15 @@ static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr)
        switch (msr) {
        case MSR_EFER:
                if (cpu_has_load_ia32_efer) {
-                        clear_atomic_switch_msr_special(VM_ENTRY_LOAD_IA32_EFER,
+                        clear_atomic_switch_msr_special(vmx,
+                                        VM_ENTRY_LOAD_IA32_EFER,
                                        VM_EXIT_LOAD_IA32_EFER);
                        return;
                }
                break;
        case MSR_CORE_PERF_GLOBAL_CTRL:
                if (cpu_has_load_perf_global_ctrl) {
-                        clear_atomic_switch_msr_special(
+                        clear_atomic_switch_msr_special(vmx,
                                        VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL,
                                        VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL);
                        return;
@@ -1453,14 +1533,15 @@ static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr)
        vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->nr);
 }
-static void add_atomic_switch_msr_special(unsigned long entry,
+static void add_atomic_switch_msr_special(struct vcpu_vmx *vmx,
-                unsigned long exit, unsigned long guest_val_vmcs,
+                unsigned long entry, unsigned long exit,
-                unsigned long host_val_vmcs, u64 guest_val, u64 host_val)
+                unsigned long guest_val_vmcs, unsigned long host_val_vmcs,
+                u64 guest_val, u64 host_val)
 {
        vmcs_write64(guest_val_vmcs, guest_val);
        vmcs_write64(host_val_vmcs, host_val);
-        vmcs_set_bits(VM_ENTRY_CONTROLS, entry);
+        vm_entry_controls_setbit(vmx, entry);
-        vmcs_set_bits(VM_EXIT_CONTROLS, exit);
+        vm_exit_controls_setbit(vmx, exit);
 }
 static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
@@ -1472,7 +1553,8 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
        switch (msr) {
        case MSR_EFER:
                if (cpu_has_load_ia32_efer) {
-                        add_atomic_switch_msr_special(VM_ENTRY_LOAD_IA32_EFER,
+                        add_atomic_switch_msr_special(vmx,
+                                        VM_ENTRY_LOAD_IA32_EFER,
                                        VM_EXIT_LOAD_IA32_EFER,
                                        GUEST_IA32_EFER,
                                        HOST_IA32_EFER,
@@ -1482,7 +1564,7 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
                break;
        case MSR_CORE_PERF_GLOBAL_CTRL:
                if (cpu_has_load_perf_global_ctrl) {
-                        add_atomic_switch_msr_special(
+                        add_atomic_switch_msr_special(vmx,
                                        VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL,
                                        VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL,
                                        GUEST_IA32_PERF_GLOBAL_CTRL,
@@ -1647,6 +1729,8 @@ static void vmx_save_host_state(struct kvm_vcpu *vcpu)
        if (is_long_mode(&vmx->vcpu))
                wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
 #endif
+        if (boot_cpu_has(X86_FEATURE_MPX))
+                rdmsrl(MSR_IA32_BNDCFGS, vmx->host_state.msr_host_bndcfgs);
        for (i = 0; i < vmx->save_nmsrs; ++i)
                kvm_set_shared_msr(vmx->guest_msrs[i].index,
                                   vmx->guest_msrs[i].data,
@@ -1684,6 +1768,8 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx)
 #ifdef CONFIG_X86_64
        wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
 #endif
+        if (vmx->host_state.msr_host_bndcfgs)
+                wrmsrl(MSR_IA32_BNDCFGS, vmx->host_state.msr_host_bndcfgs);
        /*
         * If the FPU is not active (through the host task or
         * the guest vcpu), then restore the cr0.TS bit.
@@ -1906,7 +1992,9 @@ static int nested_vmx_check_exception(struct kvm_vcpu *vcpu, unsigned nr)
        if (!(vmcs12->exception_bitmap & (1u << nr)))
                return 0;
-        nested_vmx_vmexit(vcpu);
+        nested_vmx_vmexit(vcpu, to_vmx(vcpu)->exit_reason,
+                          vmcs_read32(VM_EXIT_INTR_INFO),
+                          vmcs_readl(EXIT_QUALIFICATION));
        return 1;
 }
@@ -2183,9 +2271,9 @@ static __init void nested_vmx_setup_ctls_msrs(void)
         */
        nested_vmx_pinbased_ctls_low |= PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR;
        nested_vmx_pinbased_ctls_high &= PIN_BASED_EXT_INTR_MASK |
-                PIN_BASED_NMI_EXITING | PIN_BASED_VIRTUAL_NMIS |
+                PIN_BASED_NMI_EXITING | PIN_BASED_VIRTUAL_NMIS;
+        nested_vmx_pinbased_ctls_high |= PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR |
                PIN_BASED_VMX_PREEMPTION_TIMER;
-        nested_vmx_pinbased_ctls_high |= PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR;
        /*
         * Exit controls
@@ -2200,15 +2288,12 @@ static __init void nested_vmx_setup_ctls_msrs(void)
 #ifdef CONFIG_X86_64
                VM_EXIT_HOST_ADDR_SPACE_SIZE |
 #endif
-                VM_EXIT_LOAD_IA32_PAT | VM_EXIT_SAVE_IA32_PAT |
+                VM_EXIT_LOAD_IA32_PAT | VM_EXIT_SAVE_IA32_PAT;
+        nested_vmx_exit_ctls_high |= VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR |
+                VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER |
                VM_EXIT_SAVE_VMX_PREEMPTION_TIMER;
-        if (!(nested_vmx_pinbased_ctls_high & PIN_BASED_VMX_PREEMPTION_TIMER) ||
+        if (vmx_mpx_supported())
-            !(nested_vmx_exit_ctls_high & VM_EXIT_SAVE_VMX_PREEMPTION_TIMER)) {
+                nested_vmx_exit_ctls_high |= VM_EXIT_CLEAR_BNDCFGS;
-                nested_vmx_exit_ctls_high &= ~VM_EXIT_SAVE_VMX_PREEMPTION_TIMER;
-                nested_vmx_pinbased_ctls_high &= ~PIN_BASED_VMX_PREEMPTION_TIMER;
-        }
-        nested_vmx_exit_ctls_high |= (VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR |
-                VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER);
        /* entry controls */
        rdmsr(MSR_IA32_VMX_ENTRY_CTLS,
@@ -2222,6 +2307,8 @@ static __init void nested_vmx_setup_ctls_msrs(void)
                VM_ENTRY_LOAD_IA32_PAT;
        nested_vmx_entry_ctls_high |= (VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR |
                                       VM_ENTRY_LOAD_IA32_EFER);
+        if (vmx_mpx_supported())
+                nested_vmx_entry_ctls_high |= VM_ENTRY_LOAD_BNDCFGS;
        /* cpu-based controls */
        rdmsr(MSR_IA32_VMX_PROCBASED_CTLS,
@@ -2277,8 +2364,9 @@ static __init void nested_vmx_setup_ctls_msrs(void)
        /* miscellaneous data */
        rdmsr(MSR_IA32_VMX_MISC, nested_vmx_misc_low, nested_vmx_misc_high);
-        nested_vmx_misc_low &= VMX_MISC_PREEMPTION_TIMER_RATE_MASK |
+        nested_vmx_misc_low &= VMX_MISC_SAVE_EFER_LMA;
-                VMX_MISC_SAVE_EFER_LMA;
+        nested_vmx_misc_low |= VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE |
+                VMX_MISC_ACTIVITY_HLT;
        nested_vmx_misc_high = 0;
 }
@@ -2295,32 +2383,10 @@ static inline u64 vmx_control_msr(u32 low, u32 high)
        return low | ((u64)high << 32);
 }
-/*
+/* Returns 0 on success, non-0 otherwise. */
- * If we allow our guest to use VMX instructions (i.e., nested VMX), we should
- * also let it use VMX-specific MSRs.
- * vmx_get_vmx_msr() and vmx_set_vmx_msr() return 1 when we handled a
- * VMX-specific MSR, or 0 when we haven't (and the caller should handle it
- * like all other MSRs).
- */
 static int vmx_get_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
 {
-        if (!nested_vmx_allowed(vcpu) && msr_index >= MSR_IA32_VMX_BASIC &&
-                     msr_index <= MSR_IA32_VMX_TRUE_ENTRY_CTLS) {
-                /*
-                 * According to the spec, processors which do not support VMX
-                 * should throw a #GP(0) when VMX capability MSRs are read.
-                 */
-                kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
-                return 1;
-        }
        switch (msr_index) {
-        case MSR_IA32_FEATURE_CONTROL:
-                if (nested_vmx_allowed(vcpu)) {
-                        *pdata = to_vmx(vcpu)->nested.msr_ia32_feature_control;
-                        break;
-                }
-                return 0;
        case MSR_IA32_VMX_BASIC:
                /*
                 * This MSR reports some information about VMX support. We
@@ -2387,34 +2453,9 @@ static int vmx_get_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
                *pdata = nested_vmx_ept_caps;
                break;
        default:
-                return 0;
-        }
-        return 1;
-}
-static int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
-{
-        u32 msr_index = msr_info->index;
-        u64 data = msr_info->data;
-        bool host_initialized = msr_info->host_initiated;
-        if (!nested_vmx_allowed(vcpu))
-                return 0;
-        if (msr_index == MSR_IA32_FEATURE_CONTROL) {
-                if (!host_initialized &&
-                                to_vmx(vcpu)->nested.msr_ia32_feature_control
-                                & FEATURE_CONTROL_LOCKED)
-                        return 0;
-                to_vmx(vcpu)->nested.msr_ia32_feature_control = data;
                return 1;
        }
-        /*
-         * No need to treat VMX capability MSRs specially: If we don't handle
-         * them, handle_wrmsr will #GP(0), which is correct (they are readonly)
-         */
        return 0;
 }
@@ -2460,13 +2501,25 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
        case MSR_IA32_SYSENTER_ESP:
                data = vmcs_readl(GUEST_SYSENTER_ESP);
                break;
+        case MSR_IA32_BNDCFGS:
+                if (!vmx_mpx_supported())
+                        return 1;
+                data = vmcs_read64(GUEST_BNDCFGS);
+                break;
+        case MSR_IA32_FEATURE_CONTROL:
+                if (!nested_vmx_allowed(vcpu))
+                        return 1;
+                data = to_vmx(vcpu)->nested.msr_ia32_feature_control;
+                break;
+        case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
+                if (!nested_vmx_allowed(vcpu))
+                        return 1;
+                return vmx_get_vmx_msr(vcpu, msr_index, pdata);
        case MSR_TSC_AUX:
                if (!to_vmx(vcpu)->rdtscp_enabled)
                        return 1;
                /* Otherwise falls through */
        default:
-                if (vmx_get_vmx_msr(vcpu, msr_index, pdata))
-                        return 0;
                msr = find_msr_entry(to_vmx(vcpu), msr_index);
                if (msr) {
                        data = msr->data;
@@ -2479,6 +2532,8 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
        return 0;
 }
+static void vmx_leave_nested(struct kvm_vcpu *vcpu);
 /*
 * Writes msr value into into the appropriate "register".
 * Returns 0 on success, non-0 otherwise.
@@ -2519,6 +2574,11 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
        case MSR_IA32_SYSENTER_ESP:
                vmcs_writel(GUEST_SYSENTER_ESP, data);
                break;
+        case MSR_IA32_BNDCFGS:
+                if (!vmx_mpx_supported())
+                        return 1;
+                vmcs_write64(GUEST_BNDCFGS, data);
+                break;
        case MSR_IA32_TSC:
                kvm_write_tsc(vcpu, msr_info);
                break;
@@ -2533,6 +2593,17 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
        case MSR_IA32_TSC_ADJUST:
                ret = kvm_set_msr_common(vcpu, msr_info);
                break;
+        case MSR_IA32_FEATURE_CONTROL:
+                if (!nested_vmx_allowed(vcpu) ||
+                    (to_vmx(vcpu)->nested.msr_ia32_feature_control &
+                     FEATURE_CONTROL_LOCKED && !msr_info->host_initiated))
+                        return 1;
+                vmx->nested.msr_ia32_feature_control = data;
+                if (msr_info->host_initiated && data == 0)
+                        vmx_leave_nested(vcpu);
+                break;
+        case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
+                return 1; /* they are read-only */
        case MSR_TSC_AUX:
                if (!vmx->rdtscp_enabled)
                        return 1;
@@ -2541,8 +2612,6 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
                        return 1;
                /* Otherwise falls through */
        default:
-                if (vmx_set_vmx_msr(vcpu, msr_info))
-                        break;
                msr = find_msr_entry(vmx, msr_index);
                if (msr) {
                        msr->data = data;
@@ -2795,12 +2864,12 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
                      vmx_capability.ept, vmx_capability.vpid);
        }
-        min = 0;
+        min = VM_EXIT_SAVE_DEBUG_CONTROLS;
 #ifdef CONFIG_X86_64
        min |= VM_EXIT_HOST_ADDR_SPACE_SIZE;
 #endif
        opt = VM_EXIT_SAVE_IA32_PAT | VM_EXIT_LOAD_IA32_PAT |
-                VM_EXIT_ACK_INTR_ON_EXIT;
+                VM_EXIT_ACK_INTR_ON_EXIT | VM_EXIT_CLEAR_BNDCFGS;
        if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_EXIT_CTLS,
                                &_vmexit_control) < 0)
                return -EIO;
@@ -2816,8 +2885,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
                !(_vmexit_control & VM_EXIT_ACK_INTR_ON_EXIT))
                _pin_based_exec_control &= ~PIN_BASED_POSTED_INTR;
-        min = 0;
+        min = VM_ENTRY_LOAD_DEBUG_CONTROLS;
-        opt = VM_ENTRY_LOAD_IA32_PAT;
+        opt = VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS;
        if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_ENTRY_CTLS,
                                &_vmentry_control) < 0)
                return -EIO;
@@ -3182,14 +3251,10 @@ static void vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer)
        vmx_load_host_state(to_vmx(vcpu));
        vcpu->arch.efer = efer;
        if (efer & EFER_LMA) {
-                vmcs_write32(VM_ENTRY_CONTROLS,
+                vm_entry_controls_setbit(to_vmx(vcpu), VM_ENTRY_IA32E_MODE);
-                             vmcs_read32(VM_ENTRY_CONTROLS) |
-                             VM_ENTRY_IA32E_MODE);
                msr->data = efer;
        } else {
-                vmcs_write32(VM_ENTRY_CONTROLS,
+                vm_entry_controls_clearbit(to_vmx(vcpu), VM_ENTRY_IA32E_MODE);
-                             vmcs_read32(VM_ENTRY_CONTROLS) &
-                             ~VM_ENTRY_IA32E_MODE);
                msr->data = efer & ~EFER_LME;
        }
@@ -3217,9 +3282,7 @@ static void enter_lmode(struct kvm_vcpu *vcpu)
 static void exit_lmode(struct kvm_vcpu *vcpu)
 {
-        vmcs_write32(VM_ENTRY_CONTROLS,
+        vm_entry_controls_clearbit(to_vmx(vcpu), VM_ENTRY_IA32E_MODE);
-                     vmcs_read32(VM_ENTRY_CONTROLS)
-                     & ~VM_ENTRY_IA32E_MODE);
        vmx_set_efer(vcpu, vcpu->arch.efer & ~EFER_LMA);
 }
@@ -4192,6 +4255,10 @@ static u32 vmx_pin_based_exec_ctrl(struct vcpu_vmx *vmx)
 static u32 vmx_exec_control(struct vcpu_vmx *vmx)
 {
        u32 exec_control = vmcs_config.cpu_based_exec_ctrl;
+        if (vmx->vcpu.arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)
+                exec_control &= ~CPU_BASED_MOV_DR_EXITING;
        if (!vm_need_tpr_shadow(vmx->vcpu.kvm)) {
                exec_control &= ~CPU_BASED_TPR_SHADOW;
 #ifdef CONFIG_X86_64
@@ -4346,10 +4413,11 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
                ++vmx->nmsrs;
        }
-        vmcs_write32(VM_EXIT_CONTROLS, vmcs_config.vmexit_ctrl);
+        vm_exit_controls_init(vmx, vmcs_config.vmexit_ctrl);
        /* 22.2.1, 20.8.1 */
-        vmcs_write32(VM_ENTRY_CONTROLS, vmcs_config.vmentry_ctrl);
+        vm_entry_controls_init(vmx, vmcs_config.vmentry_ctrl);
        vmcs_writel(CR0_GUEST_HOST_MASK, ~0UL);
        set_cr4_guest_host_mask(vmx);
@@ -4360,7 +4428,7 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
 static void vmx_vcpu_reset(struct kvm_vcpu *vcpu)
 {
        struct vcpu_vmx *vmx = to_vmx(vcpu);
-        u64 msr;
+        struct msr_data apic_base_msr;
        vmx->rmode.vm86_active = 0;
@@ -4368,10 +4436,11 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu)
        vmx->vcpu.arch.regs[VCPU_REGS_RDX] = get_rdx_init_val();
        kvm_set_cr8(&vmx->vcpu, 0);
-        msr = 0xfee00000 | MSR_IA32_APICBASE_ENABLE;
+        apic_base_msr.data = 0xfee00000 | MSR_IA32_APICBASE_ENABLE;
        if (kvm_vcpu_is_bsp(&vmx->vcpu))
-                msr |= MSR_IA32_APICBASE_BSP;
+                apic_base_msr.data |= MSR_IA32_APICBASE_BSP;
-        kvm_set_apic_base(&vmx->vcpu, msr);
+        apic_base_msr.host_initiated = true;
+        kvm_set_apic_base(&vmx->vcpu, &apic_base_msr);
        vmx_segment_cache_clear(vmx);
@@ -4463,39 +4532,28 @@ static bool nested_exit_on_nmi(struct kvm_vcpu *vcpu)
                PIN_BASED_NMI_EXITING;
 }
-static int enable_irq_window(struct kvm_vcpu *vcpu)
+static void enable_irq_window(struct kvm_vcpu *vcpu)
 {
        u32 cpu_based_vm_exec_control;
-        if (is_guest_mode(vcpu) && nested_exit_on_intr(vcpu))
-                /*
-                 * We get here if vmx_interrupt_allowed() said we can't
-                 * inject to L1 now because L2 must run. The caller will have
-                 * to make L2 exit right after entry, so we can inject to L1
-                 * more promptly.
-                 */
-                return -EBUSY;
        cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
        cpu_based_vm_exec_control |= CPU_BASED_VIRTUAL_INTR_PENDING;
        vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control);
-        return 0;
 }
-static int enable_nmi_window(struct kvm_vcpu *vcpu)
+static void enable_nmi_window(struct kvm_vcpu *vcpu)
 {
        u32 cpu_based_vm_exec_control;
-        if (!cpu_has_virtual_nmis())
+        if (!cpu_has_virtual_nmis() ||
-                return enable_irq_window(vcpu);
+            vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_STI) {
+                enable_irq_window(vcpu);
-        if (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_STI)
+                return;
-                return enable_irq_window(vcpu);
+        }
        cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
        cpu_based_vm_exec_control |= CPU_BASED_VIRTUAL_NMI_PENDING;
        vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control);
-        return 0;
 }
 static void vmx_inject_irq(struct kvm_vcpu *vcpu)
@@ -4587,25 +4645,8 @@ static void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
 static int vmx_nmi_allowed(struct kvm_vcpu *vcpu)
 {
-        if (is_guest_mode(vcpu)) {
+        if (to_vmx(vcpu)->nested.nested_run_pending)
-                struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
+                return 0;
-                if (to_vmx(vcpu)->nested.nested_run_pending)
-                        return 0;
-                if (nested_exit_on_nmi(vcpu)) {
-                        nested_vmx_vmexit(vcpu);
-                        vmcs12->vm_exit_reason = EXIT_REASON_EXCEPTION_NMI;
-                        vmcs12->vm_exit_intr_info = NMI_VECTOR |
-                                INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK;
-                        /*
-                         * The NMI-triggered VM exit counts as injection:
-                         * clear this one and block further NMIs.
-                         */
-                        vcpu->arch.nmi_pending = 0;
-                        vmx_set_nmi_mask(vcpu, true);
-                        return 0;
-                }
-        }
        if (!cpu_has_virtual_nmis() && to_vmx(vcpu)->soft_vnmi_blocked)
                return 0;
@@ -4617,23 +4658,8 @@ static int vmx_nmi_allowed(struct kvm_vcpu *vcpu)
 static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu)
 {
-        if (is_guest_mode(vcpu)) {
+        return (!to_vmx(vcpu)->nested.nested_run_pending &&
-                struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
+                vmcs_readl(GUEST_RFLAGS) & X86_EFLAGS_IF) &&
-                if (to_vmx(vcpu)->nested.nested_run_pending)
-                        return 0;
-                if (nested_exit_on_intr(vcpu)) {
-                        nested_vmx_vmexit(vcpu);
-                        vmcs12->vm_exit_reason =
-                                EXIT_REASON_EXTERNAL_INTERRUPT;
-                        vmcs12->vm_exit_intr_info = 0;
-                        /*
-                         * fall through to normal code, but now in L1, not L2
-                         */
-                }
-        }
-        return (vmcs_readl(GUEST_RFLAGS) & X86_EFLAGS_IF) &&
                !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
                        (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS));
 }
@@ -4812,7 +4838,8 @@ static int handle_exception(struct kvm_vcpu *vcpu)
                dr6 = vmcs_readl(EXIT_QUALIFICATION);
                if (!(vcpu->guest_debug &
                      (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) {
-                        vcpu->arch.dr6 = dr6 | DR6_FIXED_1;
+                        vcpu->arch.dr6 &= ~15;
+                        vcpu->arch.dr6 |= dr6;
                        kvm_queue_exception(vcpu, DB_VECTOR);
                        return 1;
                }
@@ -5075,19 +5102,66 @@ static int handle_dr(struct kvm_vcpu *vcpu)
                }
        }
+        if (vcpu->guest_debug == 0) {
+                u32 cpu_based_vm_exec_control;
+                cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
+                cpu_based_vm_exec_control &= ~CPU_BASED_MOV_DR_EXITING;
+                vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control);
+                /*
+                 * No more DR vmexits; force a reload of the debug registers
+                 * and reenter on this instruction.  The next vmexit will
+                 * retrieve the full state of the debug registers.
+                 */
+                vcpu->arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT;
+                return 1;
+        }
        exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
        dr = exit_qualification & DEBUG_REG_ACCESS_NUM;
        reg = DEBUG_REG_ACCESS_REG(exit_qualification);
        if (exit_qualification & TYPE_MOV_FROM_DR) {
                unsigned long val;
-                if (!kvm_get_dr(vcpu, dr, &val))
-                        kvm_register_write(vcpu, reg, val);
+                if (kvm_get_dr(vcpu, dr, &val))
+                        return 1;
+                kvm_register_write(vcpu, reg, val);
        } else
-                kvm_set_dr(vcpu, dr, vcpu->arch.regs[reg]);
+                if (kvm_set_dr(vcpu, dr, vcpu->arch.regs[reg]))
+                        return 1;
        skip_emulated_instruction(vcpu);
        return 1;
 }
+static u64 vmx_get_dr6(struct kvm_vcpu *vcpu)
+{
+        return vcpu->arch.dr6;
+}
+static void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val)
+{
+}
+static void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
+{
+        u32 cpu_based_vm_exec_control;
+        get_debugreg(vcpu->arch.db[0], 0);
+        get_debugreg(vcpu->arch.db[1], 1);
+        get_debugreg(vcpu->arch.db[2], 2);
+        get_debugreg(vcpu->arch.db[3], 3);
+        get_debugreg(vcpu->arch.dr6, 6);
+        vcpu->arch.dr7 = vmcs_readl(GUEST_DR7);
+        vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT;
+        cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
+        cpu_based_vm_exec_control |= CPU_BASED_MOV_DR_EXITING;
+        vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control);
+}
 static void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val)
 {
        vmcs_writel(GUEST_DR7, val);
@@ -5687,6 +5761,18 @@ static void nested_vmx_failValid(struct kvm_vcpu *vcpu,
         */
 }
+static enum hrtimer_restart vmx_preemption_timer_fn(struct hrtimer *timer)
+{
+        struct vcpu_vmx *vmx =
+                container_of(timer, struct vcpu_vmx, nested.preemption_timer);
+        vmx->nested.preemption_timer_expired = true;
+        kvm_make_request(KVM_REQ_EVENT, &vmx->vcpu);
+        kvm_vcpu_kick(&vmx->vcpu);
+        return HRTIMER_NORESTART;
+}
 /*
 * Emulate the VMXON instruction.
 * Currently, we just remember that VMX is active, and do not save or even
@@ -5751,6 +5837,10 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
        INIT_LIST_HEAD(&(vmx->nested.vmcs02_pool));
        vmx->nested.vmcs02_num = 0;
+        hrtimer_init(&vmx->nested.preemption_timer, CLOCK_MONOTONIC,
+                     HRTIMER_MODE_REL);
+        vmx->nested.preemption_timer.function = vmx_preemption_timer_fn;
        vmx->nested.vmxon = true;
        skip_emulated_instruction(vcpu);
@@ -6460,11 +6550,8 @@ static bool nested_vmx_exit_handled_io(struct kvm_vcpu *vcpu,
        int size;
        u8 b;
-        if (nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING))
-                return 1;
        if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS))
-                return 0;
+                return nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING);
        exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
@@ -6628,6 +6715,13 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
        struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
        u32 exit_reason = vmx->exit_reason;
+        trace_kvm_nested_vmexit(kvm_rip_read(vcpu), exit_reason,
+                                vmcs_readl(EXIT_QUALIFICATION),
+                                vmx->idt_vectoring_info,
+                                intr_info,
+                                vmcs_read32(VM_EXIT_INTR_ERROR_CODE),
+                                KVM_ISA_VMX);
        if (vmx->nested.nested_run_pending)
                return 0;
@@ -6644,7 +6738,7 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
                else if (is_page_fault(intr_info))
                        return enable_ept;
                else if (is_no_device(intr_info) &&
-                         !(nested_read_cr0(vmcs12) & X86_CR0_TS))
+                         !(vmcs12->guest_cr0 & X86_CR0_TS))
                        return 0;
                return vmcs12->exception_bitmap &
                                (1u << (intr_info & INTR_INFO_VECTOR_MASK));
@@ -6723,9 +6817,6 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
                 * table is L0's fault.
                 */
                return 0;
-        case EXIT_REASON_PREEMPTION_TIMER:
-                return vmcs12->pin_based_vm_exec_control &
-                        PIN_BASED_VMX_PREEMPTION_TIMER;
        case EXIT_REASON_WBINVD:
                return nested_cpu_has2(vmcs12, SECONDARY_EXEC_WBINVD_EXITING);
        case EXIT_REASON_XSETBV:
@@ -6741,27 +6832,6 @@ static void vmx_get_exit_info(struct kvm_vcpu *vcpu, u64 *info1, u64 *info2)
        *info2 = vmcs_read32(VM_EXIT_INTR_INFO);
 }
-static void nested_adjust_preemption_timer(struct kvm_vcpu *vcpu)
-{
-        u64 delta_tsc_l1;
-        u32 preempt_val_l1, preempt_val_l2, preempt_scale;
-        if (!(get_vmcs12(vcpu)->pin_based_vm_exec_control &
-                        PIN_BASED_VMX_PREEMPTION_TIMER))
-                return;
-        preempt_scale = native_read_msr(MSR_IA32_VMX_MISC) &
-                        MSR_IA32_VMX_MISC_PREEMPTION_TIMER_SCALE;
-        preempt_val_l2 = vmcs_read32(VMX_PREEMPTION_TIMER_VALUE);
-        delta_tsc_l1 = vmx_read_l1_tsc(vcpu, native_read_tsc())
-                - vcpu->arch.last_guest_tsc;
-        preempt_val_l1 = delta_tsc_l1 >> preempt_scale;
-        if (preempt_val_l2 <= preempt_val_l1)
-                preempt_val_l2 = 0;
-        else
-                preempt_val_l2 -= preempt_val_l1;
-        vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, preempt_val_l2);
-}
 /*
 * The guest has exited.  See if we can fix it or if we need userspace
 * assistance.
@@ -6777,7 +6847,9 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
                return handle_invalid_guest_state(vcpu);
        if (is_guest_mode(vcpu) && nested_vmx_exit_handled(vcpu)) {
-                nested_vmx_vmexit(vcpu);
+                nested_vmx_vmexit(vcpu, exit_reason,
+                                  vmcs_read32(VM_EXIT_INTR_INFO),
+                                  vmcs_readl(EXIT_QUALIFICATION));
                return 1;
        }
@@ -7006,6 +7078,12 @@ static void vmx_handle_external_intr(struct kvm_vcpu *vcpu)
                local_irq_enable();
 }
+static bool vmx_mpx_supported(void)
+{
+        return (vmcs_config.vmexit_ctrl & VM_EXIT_CLEAR_BNDCFGS) &&
+                (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS);
+}
 static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx)
 {
        u32 exit_intr_info;
@@ -7172,8 +7250,6 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
        atomic_switch_perf_msrs(vmx);
        debugctlmsr = get_debugctlmsr();
-        if (is_guest_mode(vcpu) && !vmx->nested.nested_run_pending)
-                nested_adjust_preemption_timer(vcpu);
        vmx->__launched = vmx->loaded_vmcs->launched;
        asm(
                /* Store host registers */
@@ -7332,8 +7408,8 @@ static void vmx_free_vcpu(struct kvm_vcpu *vcpu)
        struct vcpu_vmx *vmx = to_vmx(vcpu);
        free_vpid(vmx);
-        free_nested(vmx);
        free_loaded_vmcs(vmx->loaded_vmcs);
+        free_nested(vmx);
        kfree(vmx->guest_msrs);
        kvm_vcpu_uninit(vcpu);
        kmem_cache_free(kvm_vcpu_cache, vmx);
@@ -7518,15 +7594,14 @@ static void vmx_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry)
 static void nested_ept_inject_page_fault(struct kvm_vcpu *vcpu,
                struct x86_exception *fault)
 {
-        struct vmcs12 *vmcs12;
+        struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
-        nested_vmx_vmexit(vcpu);
+        u32 exit_reason;
-        vmcs12 = get_vmcs12(vcpu);
        if (fault->error_code & PFERR_RSVD_MASK)
-                vmcs12->vm_exit_reason = EXIT_REASON_EPT_MISCONFIG;
+                exit_reason = EXIT_REASON_EPT_MISCONFIG;
        else
-                vmcs12->vm_exit_reason = EXIT_REASON_EPT_VIOLATION;
+                exit_reason = EXIT_REASON_EPT_VIOLATION;
-        vmcs12->exit_qualification = vcpu->arch.exit_qualification;
+        nested_vmx_vmexit(vcpu, exit_reason, 0, vcpu->arch.exit_qualification);
        vmcs12->guest_physical_address = fault->address;
 }
@@ -7564,11 +7639,35 @@ static void vmx_inject_page_fault_nested(struct kvm_vcpu *vcpu,
        /* TODO: also check PFEC_MATCH/MASK, not just EB.PF. */
        if (vmcs12->exception_bitmap & (1u << PF_VECTOR))
-                nested_vmx_vmexit(vcpu);
+                nested_vmx_vmexit(vcpu, to_vmx(vcpu)->exit_reason,
+                                  vmcs_read32(VM_EXIT_INTR_INFO),
+                                  vmcs_readl(EXIT_QUALIFICATION));
        else
                kvm_inject_page_fault(vcpu, fault);
 }
+static void vmx_start_preemption_timer(struct kvm_vcpu *vcpu)
+{
+        u64 preemption_timeout = get_vmcs12(vcpu)->vmx_preemption_timer_value;
+        struct vcpu_vmx *vmx = to_vmx(vcpu);
+        if (vcpu->arch.virtual_tsc_khz == 0)
+                return;
+        /* Make sure short timeouts reliably trigger an immediate vmexit.
+         * hrtimer_start does not guarantee this. */
+        if (preemption_timeout <= 1) {
+                vmx_preemption_timer_fn(&vmx->nested.preemption_timer);
+                return;
+        }
+        preemption_timeout <<= VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE;
+        preemption_timeout *= 1000000;
+        do_div(preemption_timeout, vcpu->arch.virtual_tsc_khz);
+        hrtimer_start(&vmx->nested.preemption_timer,
+                      ns_to_ktime(preemption_timeout), HRTIMER_MODE_REL);
+}
 /*
 * prepare_vmcs02 is called when the L1 guest hypervisor runs its nested
 * L2 guest. L1 has a vmcs for L2 (vmcs12), and this function "merges" it
@@ -7582,7 +7681,6 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
 {
        struct vcpu_vmx *vmx = to_vmx(vcpu);
        u32 exec_control;
-        u32 exit_control;
        vmcs_write16(GUEST_ES_SELECTOR, vmcs12->guest_es_selector);
        vmcs_write16(GUEST_CS_SELECTOR, vmcs12->guest_cs_selector);
@@ -7640,13 +7738,14 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
        vmcs_write64(VMCS_LINK_POINTER, -1ull);
-        vmcs_write32(PIN_BASED_VM_EXEC_CONTROL,
+        exec_control = vmcs12->pin_based_vm_exec_control;
-                (vmcs_config.pin_based_exec_ctrl |
+        exec_control |= vmcs_config.pin_based_exec_ctrl;
-                 vmcs12->pin_based_vm_exec_control));
+        exec_control &= ~PIN_BASED_VMX_PREEMPTION_TIMER;
+        vmcs_write32(PIN_BASED_VM_EXEC_CONTROL, exec_control);
-        if (vmcs12->pin_based_vm_exec_control & PIN_BASED_VMX_PREEMPTION_TIMER)
+        vmx->nested.preemption_timer_expired = false;
-                vmcs_write32(VMX_PREEMPTION_TIMER_VALUE,
+        if (nested_cpu_has_preemption_timer(vmcs12))
-                             vmcs12->vmx_preemption_timer_value);
+                vmx_start_preemption_timer(vcpu);
        /*
         * Whether page-faults are trapped is determined by a combination of
@@ -7674,7 +7773,7 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
                enable_ept ? vmcs12->page_fault_error_code_match : 0);
        if (cpu_has_secondary_exec_ctrls()) {
-                u32 exec_control = vmx_secondary_exec_control(vmx);
+                exec_control = vmx_secondary_exec_control(vmx);
                if (!vmx->rdtscp_enabled)
                        exec_control &= ~SECONDARY_EXEC_RDTSCP;
                /* Take the following fields only from vmcs12 */
@@ -7706,6 +7805,11 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
                        else
                                vmcs_write64(APIC_ACCESS_ADDR,
                                  page_to_phys(vmx->nested.apic_access_page));
+                } else if (vm_need_virtualize_apic_accesses(vmx->vcpu.kvm)) {
+                        exec_control |=
+                                SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
+                        vmcs_write64(APIC_ACCESS_ADDR,
+                                page_to_phys(vcpu->kvm->arch.apic_access_page));
                }
                vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
@@ -7756,15 +7860,12 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
         * we should use its exit controls. Note that VM_EXIT_LOAD_IA32_EFER
         * bits are further modified by vmx_set_efer() below.
         */
-        exit_control = vmcs_config.vmexit_ctrl;
+        vmcs_write32(VM_EXIT_CONTROLS, vmcs_config.vmexit_ctrl);
-        if (vmcs12->pin_based_vm_exec_control & PIN_BASED_VMX_PREEMPTION_TIMER)
-                exit_control |= VM_EXIT_SAVE_VMX_PREEMPTION_TIMER;
-        vmcs_write32(VM_EXIT_CONTROLS, exit_control);
        /* vmcs12's VM_ENTRY_LOAD_IA32_EFER and VM_ENTRY_IA32E_MODE are
         * emulated by vmx_set_efer(), below.
         */
-        vmcs_write32(VM_ENTRY_CONTROLS,
+        vm_entry_controls_init(vmx, 
                (vmcs12->vm_entry_controls & ~VM_ENTRY_LOAD_IA32_EFER &
                        ~VM_ENTRY_IA32E_MODE) |
                (vmcs_config.vmentry_ctrl & ~VM_ENTRY_IA32E_MODE));
@@ -7778,6 +7879,9 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
        set_cr4_guest_host_mask(vmx);
+        if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)
+                vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs);
        if (vmcs12->cpu_based_vm_exec_control & CPU_BASED_USE_TSC_OFFSETING)
                vmcs_write64(TSC_OFFSET,
                        vmx->nested.vmcs01_tsc_offset + vmcs12->tsc_offset);
@@ -7882,7 +7986,8 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
                return 1;
        }
-        if (vmcs12->guest_activity_state != GUEST_ACTIVITY_ACTIVE) {
+        if (vmcs12->guest_activity_state != GUEST_ACTIVITY_ACTIVE &&
+            vmcs12->guest_activity_state != GUEST_ACTIVITY_HLT) {
                nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
                return 1;
        }
@@ -7994,8 +8099,6 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
        enter_guest_mode(vcpu);
-        vmx->nested.nested_run_pending = 1;
        vmx->nested.vmcs01_tsc_offset = vmcs_read64(TSC_OFFSET);
        cpu = get_cpu();
@@ -8011,6 +8114,11 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
        prepare_vmcs02(vcpu, vmcs12);
+        if (vmcs12->guest_activity_state == GUEST_ACTIVITY_HLT)
+                return kvm_emulate_halt(vcpu);
+        vmx->nested.nested_run_pending = 1;
        /*
         * Note no nested_vmx_succeed or nested_vmx_fail here. At this point
         * we are no longer running L1, and VMLAUNCH/VMRESUME has not yet
@@ -8099,6 +8207,58 @@ static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu,
        }
 }
+static int vmx_check_nested_events(struct kvm_vcpu *vcpu, bool external_intr)
+{
+        struct vcpu_vmx *vmx = to_vmx(vcpu);
+        if (nested_cpu_has_preemption_timer(get_vmcs12(vcpu)) &&
+            vmx->nested.preemption_timer_expired) {
+                if (vmx->nested.nested_run_pending)
+                        return -EBUSY;
+                nested_vmx_vmexit(vcpu, EXIT_REASON_PREEMPTION_TIMER, 0, 0);
+                return 0;
+        }
+        if (vcpu->arch.nmi_pending && nested_exit_on_nmi(vcpu)) {
+                if (vmx->nested.nested_run_pending ||
+                    vcpu->arch.interrupt.pending)
+                        return -EBUSY;
+                nested_vmx_vmexit(vcpu, EXIT_REASON_EXCEPTION_NMI,
+                                  NMI_VECTOR | INTR_TYPE_NMI_INTR |
+                                  INTR_INFO_VALID_MASK, 0);
+                /*
+                 * The NMI-triggered VM exit counts as injection:
+                 * clear this one and block further NMIs.
+                 */
+                vcpu->arch.nmi_pending = 0;
+                vmx_set_nmi_mask(vcpu, true);
+                return 0;
+        }
+        if ((kvm_cpu_has_interrupt(vcpu) || external_intr) &&
+            nested_exit_on_intr(vcpu)) {
+                if (vmx->nested.nested_run_pending)
+                        return -EBUSY;
+                nested_vmx_vmexit(vcpu, EXIT_REASON_EXTERNAL_INTERRUPT, 0, 0);
+        }
+        return 0;
+}
+static u32 vmx_get_preemption_timer_value(struct kvm_vcpu *vcpu)
+{
+        ktime_t remaining =
+                hrtimer_get_remaining(&to_vmx(vcpu)->nested.preemption_timer);
+        u64 value;
+        if (ktime_to_ns(remaining) <= 0)
+                return 0;
+        value = ktime_to_ns(remaining) * vcpu->arch.virtual_tsc_khz;
+        do_div(value, 1000000);
+        return value >> VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE;
+}
 /*
 * prepare_vmcs12 is part of what we need to do when the nested L2 guest exits
 * and we want to prepare to run its L1 parent. L1 keeps a vmcs for L2 (vmcs12),
@@ -8110,7 +8270,9 @@ static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu,
 * exit-information fields only. Other fields are modified by L1 with VMWRITE,
 * which already writes to vmcs12 directly.
 */
-static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
+static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
+                           u32 exit_reason, u32 exit_intr_info,
+                           unsigned long exit_qualification)
 {
        /* update guest state fields: */
        vmcs12->guest_cr0 = vmcs12_guest_cr0(vcpu, vmcs12);
@@ -8162,11 +8324,18 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
                vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
        vmcs12->guest_pending_dbg_exceptions =
                vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS);
+        if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED)
+                vmcs12->guest_activity_state = GUEST_ACTIVITY_HLT;
+        else
+                vmcs12->guest_activity_state = GUEST_ACTIVITY_ACTIVE;
-        if ((vmcs12->pin_based_vm_exec_control & PIN_BASED_VMX_PREEMPTION_TIMER) &&
+        if (nested_cpu_has_preemption_timer(vmcs12)) {
-            (vmcs12->vm_exit_controls & VM_EXIT_SAVE_VMX_PREEMPTION_TIMER))
+                if (vmcs12->vm_exit_controls &
-                vmcs12->vmx_preemption_timer_value =
+                    VM_EXIT_SAVE_VMX_PREEMPTION_TIMER)
-                        vmcs_read32(VMX_PREEMPTION_TIMER_VALUE);
+                        vmcs12->vmx_preemption_timer_value =
+                                vmx_get_preemption_timer_value(vcpu);
+                hrtimer_cancel(&to_vmx(vcpu)->nested.preemption_timer);
+        }
        /*
         * In some cases (usually, nested EPT), L2 is allowed to change its
@@ -8186,7 +8355,7 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
        vmcs12->vm_entry_controls =
                (vmcs12->vm_entry_controls & ~VM_ENTRY_IA32E_MODE) |
-                (vmcs_read32(VM_ENTRY_CONTROLS) & VM_ENTRY_IA32E_MODE);
+                (vm_entry_controls_get(to_vmx(vcpu)) & VM_ENTRY_IA32E_MODE);
        /* TODO: These cannot have changed unless we have MSR bitmaps and
         * the relevant bit asks not to trap the change */
@@ -8198,13 +8367,15 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
        vmcs12->guest_sysenter_cs = vmcs_read32(GUEST_SYSENTER_CS);
        vmcs12->guest_sysenter_esp = vmcs_readl(GUEST_SYSENTER_ESP);
        vmcs12->guest_sysenter_eip = vmcs_readl(GUEST_SYSENTER_EIP);
+        if (vmx_mpx_supported())
+                vmcs12->guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
        /* update exit information fields: */
-        vmcs12->vm_exit_reason  = to_vmx(vcpu)->exit_reason;
+        vmcs12->vm_exit_reason = exit_reason;
-        vmcs12->exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
+        vmcs12->exit_qualification = exit_qualification;
-        vmcs12->vm_exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
+        vmcs12->vm_exit_intr_info = exit_intr_info;
        if ((vmcs12->vm_exit_intr_info &
             (INTR_INFO_VALID_MASK | INTR_INFO_DELIVER_CODE_MASK)) ==
            (INTR_INFO_VALID_MASK | INTR_INFO_DELIVER_CODE_MASK))
@@ -8307,6 +8478,10 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu,
        vmcs_writel(GUEST_IDTR_BASE, vmcs12->host_idtr_base);
        vmcs_writel(GUEST_GDTR_BASE, vmcs12->host_gdtr_base);
+        /* If not VM_EXIT_CLEAR_BNDCFGS, the L2 value propagates to L1.  */
+        if (vmcs12->vm_exit_controls & VM_EXIT_CLEAR_BNDCFGS)
+                vmcs_write64(GUEST_BNDCFGS, 0);
        if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PAT) {
                vmcs_write64(GUEST_IA32_PAT, vmcs12->host_ia32_pat);
                vcpu->arch.pat = vmcs12->host_ia32_pat;
@@ -8370,7 +8545,9 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu,
 * and modify vmcs12 to make it see what it would expect to see there if
 * L2 was its real guest. Must only be called when in L2 (is_guest_mode())
 */
-static void nested_vmx_vmexit(struct kvm_vcpu *vcpu)
+static void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason,
+                              u32 exit_intr_info,
+                              unsigned long exit_qualification)
 {
        struct vcpu_vmx *vmx = to_vmx(vcpu);
        int cpu;
@@ -8380,7 +8557,15 @@ static void nested_vmx_vmexit(struct kvm_vcpu *vcpu)
        WARN_ON_ONCE(vmx->nested.nested_run_pending);
        leave_guest_mode(vcpu);
-        prepare_vmcs12(vcpu, vmcs12);
+        prepare_vmcs12(vcpu, vmcs12, exit_reason, exit_intr_info,
+                       exit_qualification);
+        trace_kvm_nested_vmexit_inject(vmcs12->vm_exit_reason,
+                                       vmcs12->exit_qualification,
+                                       vmcs12->idt_vectoring_info_field,
+                                       vmcs12->vm_exit_intr_info,
+                                       vmcs12->vm_exit_intr_error_code,
+                                       KVM_ISA_VMX);
        cpu = get_cpu();
        vmx->loaded_vmcs = &vmx->vmcs01;
@@ -8389,6 +8574,8 @@ static void nested_vmx_vmexit(struct kvm_vcpu *vcpu)
        vcpu->cpu = cpu;
        put_cpu();
+        vm_entry_controls_init(vmx, vmcs_read32(VM_ENTRY_CONTROLS));
+        vm_exit_controls_init(vmx, vmcs_read32(VM_EXIT_CONTROLS));
        vmx_segment_cache_clear(vmx);
        /* if no vmcs02 cache requested, remove the one we used */
@@ -8421,6 +8608,19 @@ static void nested_vmx_vmexit(struct kvm_vcpu *vcpu)
                nested_vmx_succeed(vcpu);
        if (enable_shadow_vmcs)
                vmx->nested.sync_shadow_vmcs = true;
+        /* in case we halted in L2 */
+        vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
+}
+/*
+ * Forcibly leave nested mode in order to be able to reset the VCPU later on.
+ */
+static void vmx_leave_nested(struct kvm_vcpu *vcpu)
+{
+        if (is_guest_mode(vcpu))
+                nested_vmx_vmexit(vcpu, -1, 0, 0);
+        free_nested(to_vmx(vcpu));
 }
 /*
@@ -8486,7 +8686,10 @@ static struct kvm_x86_ops vmx_x86_ops = {
        .set_idt = vmx_set_idt,
        .get_gdt = vmx_get_gdt,
        .set_gdt = vmx_set_gdt,
+        .get_dr6 = vmx_get_dr6,
+        .set_dr6 = vmx_set_dr6,
        .set_dr7 = vmx_set_dr7,
+        .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs,
        .cache_reg = vmx_cache_reg,
        .get_rflags = vmx_get_rflags,
        .set_rflags = vmx_set_rflags,
@@ -8548,6 +8751,9 @@ static struct kvm_x86_ops vmx_x86_ops = {
        .check_intercept = vmx_check_intercept,
        .handle_external_intr = vmx_handle_external_intr,
+        .mpx_supported = vmx_mpx_supported,
+        .check_nested_events = vmx_check_nested_events,
 };
 static int __init vmx_init(void)
@@ -8635,6 +8841,8 @@ static int __init vmx_init(void)
        vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_CS, false);
        vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_ESP, false);
        vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_EIP, false);
+        vmx_disable_intercept_for_msr(MSR_IA32_BNDCFGS, true);
        memcpy(vmx_msr_bitmap_legacy_x2apic,
                        vmx_msr_bitmap_legacy, PAGE_SIZE);
        memcpy(vmx_msr_bitmap_longmode_x2apic,
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5d004da1e35d..9d1b5cd4d34c 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -94,6 +94,9 @@ EXPORT_SYMBOL_GPL(kvm_x86_ops);
 static bool ignore_msrs = 0;
 module_param(ignore_msrs, bool, S_IRUGO | S_IWUSR);
+unsigned int min_timer_period_us = 500;
+module_param(min_timer_period_us, uint, S_IRUGO | S_IWUSR);
 bool kvm_has_tsc_control;
 EXPORT_SYMBOL_GPL(kvm_has_tsc_control);
 u32  kvm_max_guest_tsc_khz;
@@ -254,10 +257,26 @@ u64 kvm_get_apic_base(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_get_apic_base);
-void kvm_set_apic_base(struct kvm_vcpu *vcpu, u64 data)
+int kvm_set_apic_base(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
-{
+{
-        /* TODO: reserve bits check */
+        u64 old_state = vcpu->arch.apic_base &
-        kvm_lapic_set_base(vcpu, data);
+                (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE);
+        u64 new_state = msr_info->data &
+                (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE);
+        u64 reserved_bits = ((~0ULL) << cpuid_maxphyaddr(vcpu)) |
+                0x2ff | (guest_cpuid_has_x2apic(vcpu) ? 0 : X2APIC_ENABLE);
+        if (!msr_info->host_initiated &&
+            ((msr_info->data & reserved_bits) != 0 ||
+             new_state == X2APIC_ENABLE ||
+             (new_state == MSR_IA32_APICBASE_ENABLE &&
+              old_state == (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE)) ||
+             (new_state == (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE) &&
+              old_state == 0)))
+                return 1;
+        kvm_lapic_set_base(vcpu, msr_info->data);
+        return 0;
 }
 EXPORT_SYMBOL_GPL(kvm_set_apic_base);
@@ -576,13 +595,13 @@ static void kvm_put_guest_xcr0(struct kvm_vcpu *vcpu)
 int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
 {
-        u64 xcr0;
+        u64 xcr0 = xcr;
+        u64 old_xcr0 = vcpu->arch.xcr0;
        u64 valid_bits;
        /* Only support XCR_XFEATURE_ENABLED_MASK(xcr0) now  */
        if (index != XCR_XFEATURE_ENABLED_MASK)
                return 1;
-        xcr0 = xcr;
        if (!(xcr0 & XSTATE_FP))
                return 1;
        if ((xcr0 & XSTATE_YMM) && !(xcr0 & XSTATE_SSE))
@@ -597,8 +616,14 @@ int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
        if (xcr0 & ~valid_bits)
                return 1;
+        if ((!(xcr0 & XSTATE_BNDREGS)) != (!(xcr0 & XSTATE_BNDCSR)))
+                return 1;
        kvm_put_guest_xcr0(vcpu);
        vcpu->arch.xcr0 = xcr0;
+        if ((xcr0 ^ old_xcr0) & XSTATE_EXTEND_MASK)
+                kvm_update_cpuid(vcpu);
        return 0;
 }
@@ -719,6 +744,12 @@ unsigned long kvm_get_cr8(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_get_cr8);
+static void kvm_update_dr6(struct kvm_vcpu *vcpu)
+{
+        if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP))
+                kvm_x86_ops->set_dr6(vcpu, vcpu->arch.dr6);
+}
 static void kvm_update_dr7(struct kvm_vcpu *vcpu)
 {
        unsigned long dr7;
@@ -728,7 +759,9 @@ static void kvm_update_dr7(struct kvm_vcpu *vcpu)
        else
                dr7 = vcpu->arch.dr7;
        kvm_x86_ops->set_dr7(vcpu, dr7);
-        vcpu->arch.switch_db_regs = (dr7 & DR7_BP_EN_MASK);
+        vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_BP_ENABLED;
+        if (dr7 & DR7_BP_EN_MASK)
+                vcpu->arch.switch_db_regs |= KVM_DEBUGREG_BP_ENABLED;
 }
 static int __kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
@@ -747,6 +780,7 @@ static int __kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
                if (val & 0xffffffff00000000ULL)
                        return -1; /* #GP */
                vcpu->arch.dr6 = (val & DR6_VOLATILE) | DR6_FIXED_1;
+                kvm_update_dr6(vcpu);
                break;
        case 5:
                if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
@@ -788,7 +822,10 @@ static int _kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val)
                        return 1;
                /* fall through */
        case 6:
-                *val = vcpu->arch.dr6;
+                if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)
+                        *val = vcpu->arch.dr6;
+                else
+                        *val = kvm_x86_ops->get_dr6(vcpu);
                break;
        case 5:
                if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
@@ -836,11 +873,12 @@ EXPORT_SYMBOL_GPL(kvm_rdpmc);
 * kvm-specific. Those are put in the beginning of the list.
 */
-#define KVM_SAVE_MSRS_BEGIN     10
+#define KVM_SAVE_MSRS_BEGIN     12
 static u32 msrs_to_save[] = {
        MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
        MSR_KVM_SYSTEM_TIME_NEW, MSR_KVM_WALL_CLOCK_NEW,
        HV_X64_MSR_GUEST_OS_ID, HV_X64_MSR_HYPERCALL,
+        HV_X64_MSR_TIME_REF_COUNT, HV_X64_MSR_REFERENCE_TSC,
        HV_X64_MSR_APIC_ASSIST_PAGE, MSR_KVM_ASYNC_PF_EN, MSR_KVM_STEAL_TIME,
        MSR_KVM_PV_EOI_EN,
        MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
@@ -849,7 +887,7 @@ static u32 msrs_to_save[] = {
        MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR,
 #endif
        MSR_IA32_TSC, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA,
-        MSR_IA32_FEATURE_CONTROL
+        MSR_IA32_FEATURE_CONTROL, MSR_IA32_BNDCFGS
 };
 static unsigned num_msrs_to_save;
@@ -1275,8 +1313,6 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, struct msr_data *msr)
        kvm->arch.last_tsc_write = data;
        kvm->arch.last_tsc_khz = vcpu->arch.virtual_tsc_khz;
-        /* Reset of TSC must disable overshoot protection below */
-        vcpu->arch.hv_clock.tsc_timestamp = 0;
        vcpu->arch.last_guest_tsc = data;
        /* Keep track of which generation this VCPU has synchronized to */
@@ -1484,7 +1520,7 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
        unsigned long flags, this_tsc_khz;
        struct kvm_vcpu_arch *vcpu = &v->arch;
        struct kvm_arch *ka = &v->kvm->arch;
-        s64 kernel_ns, max_kernel_ns;
+        s64 kernel_ns;
        u64 tsc_timestamp, host_tsc;
        struct pvclock_vcpu_time_info guest_hv_clock;
        u8 pvclock_flags;
@@ -1543,37 +1579,6 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
        if (!vcpu->pv_time_enabled)
                return 0;
-        /*
-         * Time as measured by the TSC may go backwards when resetting the base
-         * tsc_timestamp.  The reason for this is that the TSC resolution is
-         * higher than the resolution of the other clock scales.  Thus, many
-         * possible measurments of the TSC correspond to one measurement of any
-         * other clock, and so a spread of values is possible.  This is not a
-         * problem for the computation of the nanosecond clock; with TSC rates
-         * around 1GHZ, there can only be a few cycles which correspond to one
-         * nanosecond value, and any path through this code will inevitably
-         * take longer than that.  However, with the kernel_ns value itself,
-         * the precision may be much lower, down to HZ granularity.  If the
-         * first sampling of TSC against kernel_ns ends in the low part of the
-         * range, and the second in the high end of the range, we can get:
-         *
-         * (TSC - offset_low) * S + kns_old > (TSC - offset_high) * S + kns_new
-         *
-         * As the sampling errors potentially range in the thousands of cycles,
-         * it is possible such a time value has already been observed by the
-         * guest.  To protect against this, we must compute the system time as
-         * observed by the guest and ensure the new system time is greater.
-         */
-        max_kernel_ns = 0;
-        if (vcpu->hv_clock.tsc_timestamp) {
-                max_kernel_ns = vcpu->last_guest_tsc -
-                                vcpu->hv_clock.tsc_timestamp;
-                max_kernel_ns = pvclock_scale_delta(max_kernel_ns,
-                                    vcpu->hv_clock.tsc_to_system_mul,
-                                    vcpu->hv_clock.tsc_shift);
-                max_kernel_ns += vcpu->last_kernel_ns;
-        }
        if (unlikely(vcpu->hw_tsc_khz != this_tsc_khz)) {
                kvm_get_time_scale(NSEC_PER_SEC / 1000, this_tsc_khz,
                                   &vcpu->hv_clock.tsc_shift,
@@ -1581,18 +1586,9 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
                vcpu->hw_tsc_khz = this_tsc_khz;
        }
-        /* with a master <monotonic time, tsc value> tuple,
-         * pvclock clock reads always increase at the (scaled) rate
-         * of guest TSC - no need to deal with sampling errors.
-         */
-        if (!use_master_clock) {
-                if (max_kernel_ns > kernel_ns)
-                        kernel_ns = max_kernel_ns;
-        }
        /* With all the info we got, fill in the values */
        vcpu->hv_clock.tsc_timestamp = tsc_timestamp;
        vcpu->hv_clock.system_time = kernel_ns + v->kvm->arch.kvmclock_offset;
-        vcpu->last_kernel_ns = kernel_ns;
        vcpu->last_guest_tsc = tsc_timestamp;
        /*
@@ -1634,14 +1630,21 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 * the others.
 *
 * So in those cases, request a kvmclock update for all vcpus.
- * The worst case for a remote vcpu to update its kvmclock
+ * We need to rate-limit these requests though, as they can
- * is then bounded by maximum nohz sleep latency.
+ * considerably slow guests that have a large number of vcpus.
+ * The time for a remote vcpu to update its kvmclock is bound
+ * by the delay we use to rate-limit the updates.
 */
-static void kvm_gen_kvmclock_update(struct kvm_vcpu *v)
+#define KVMCLOCK_UPDATE_DELAY msecs_to_jiffies(100)
+static void kvmclock_update_fn(struct work_struct *work)
 {
        int i;
-        struct kvm *kvm = v->kvm;
+        struct delayed_work *dwork = to_delayed_work(work);
+        struct kvm_arch *ka = container_of(dwork, struct kvm_arch,
+                                           kvmclock_update_work);
+        struct kvm *kvm = container_of(ka, struct kvm, arch);
        struct kvm_vcpu *vcpu;
        kvm_for_each_vcpu(i, vcpu, kvm) {
@@ -1650,6 +1653,29 @@ static void kvm_gen_kvmclock_update(struct kvm_vcpu *v)
        }
 }
+static void kvm_gen_kvmclock_update(struct kvm_vcpu *v)
+{
+        struct kvm *kvm = v->kvm;
+        set_bit(KVM_REQ_CLOCK_UPDATE, &v->requests);
+        schedule_delayed_work(&kvm->arch.kvmclock_update_work,
+                                        KVMCLOCK_UPDATE_DELAY);
+}
+#define KVMCLOCK_SYNC_PERIOD (300 * HZ)
+static void kvmclock_sync_fn(struct work_struct *work)
+{
+        struct delayed_work *dwork = to_delayed_work(work);
+        struct kvm_arch *ka = container_of(dwork, struct kvm_arch,
+                                           kvmclock_sync_work);
+        struct kvm *kvm = container_of(ka, struct kvm, arch);
+        schedule_delayed_work(&kvm->arch.kvmclock_update_work, 0);
+        schedule_delayed_work(&kvm->arch.kvmclock_sync_work,
+                                        KVMCLOCK_SYNC_PERIOD);
+}
 static bool msr_mtrr_valid(unsigned msr)
 {
        switch (msr) {
@@ -1826,6 +1852,8 @@ static bool kvm_hv_msr_partition_wide(u32 msr)
        switch (msr) {
        case HV_X64_MSR_GUEST_OS_ID:
        case HV_X64_MSR_HYPERCALL:
+        case HV_X64_MSR_REFERENCE_TSC:
+        case HV_X64_MSR_TIME_REF_COUNT:
                r = true;
                break;
        }
@@ -1865,6 +1893,21 @@ static int set_msr_hyperv_pw(struct kvm_vcpu *vcpu, u32 msr, u64 data)
                if (__copy_to_user((void __user *)addr, instructions, 4))
                        return 1;
                kvm->arch.hv_hypercall = data;
+                mark_page_dirty(kvm, gfn);
+                break;
+        }
+        case HV_X64_MSR_REFERENCE_TSC: {
+                u64 gfn;
+                HV_REFERENCE_TSC_PAGE tsc_ref;
+                memset(&tsc_ref, 0, sizeof(tsc_ref));
+                kvm->arch.hv_tsc_page = data;
+                if (!(data & HV_X64_MSR_TSC_REFERENCE_ENABLE))
+                        break;
+                gfn = data >> HV_X64_MSR_TSC_REFERENCE_ADDRESS_SHIFT;
+                if (kvm_write_guest(kvm, data,
+                        &tsc_ref, sizeof(tsc_ref)))
+                        return 1;
+                mark_page_dirty(kvm, gfn);
                break;
        }
        default:
@@ -1879,19 +1922,21 @@ static int set_msr_hyperv(struct kvm_vcpu *vcpu, u32 msr, u64 data)
 {
        switch (msr) {
        case HV_X64_MSR_APIC_ASSIST_PAGE: {
+                u64 gfn;
                unsigned long addr;
                if (!(data & HV_X64_MSR_APIC_ASSIST_PAGE_ENABLE)) {
                        vcpu->arch.hv_vapic = data;
                        break;
                }
-                addr = gfn_to_hva(vcpu->kvm, data >>
+                gfn = data >> HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_SHIFT;
-                                  HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_SHIFT);
+                addr = gfn_to_hva(vcpu->kvm, gfn);
                if (kvm_is_error_hva(addr))
                        return 1;
                if (__clear_user((void __user *)addr, PAGE_SIZE))
                        return 1;
                vcpu->arch.hv_vapic = data;
+                mark_page_dirty(vcpu->kvm, gfn);
                break;
        }
        case HV_X64_MSR_EOI:
@@ -2017,8 +2062,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
        case 0x200 ... 0x2ff:
                return set_msr_mtrr(vcpu, msr, data);
        case MSR_IA32_APICBASE:
-                kvm_set_apic_base(vcpu, data);
+                return kvm_set_apic_base(vcpu, msr_info);
-                break;
        case APIC_BASE_MSR ... APIC_BASE_MSR + 0x3ff:
                return kvm_x2apic_msr_write(vcpu, msr, data);
        case MSR_IA32_TSCDEADLINE:
@@ -2291,6 +2335,14 @@ static int get_msr_hyperv_pw(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
        case HV_X64_MSR_HYPERCALL:
                data = kvm->arch.hv_hypercall;
                break;
+        case HV_X64_MSR_TIME_REF_COUNT: {
+                data =
+                     div_u64(get_kernel_ns() + kvm->arch.kvmclock_offset, 100);
+                break;
+        }
+        case HV_X64_MSR_REFERENCE_TSC:
+                data = kvm->arch.hv_tsc_page;
+                break;
        default:
                vcpu_unimpl(vcpu, "Hyper-V unhandled rdmsr: 0x%x\n", msr);
                return 1;
@@ -2308,9 +2360,12 @@ static int get_msr_hyperv(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
        case HV_X64_MSR_VP_INDEX: {
                int r;
                struct kvm_vcpu *v;
-                kvm_for_each_vcpu(r, v, vcpu->kvm)
+                kvm_for_each_vcpu(r, v, vcpu->kvm) {
-                        if (v == vcpu)
+                        if (v == vcpu) {
                                data = r;
+                                break;
+                        }
+                }
                break;
        }
        case HV_X64_MSR_EOI:
@@ -2601,6 +2656,8 @@ int kvm_dev_ioctl_check_extension(long ext)
        case KVM_CAP_GET_TSC_KHZ:
        case KVM_CAP_KVMCLOCK_CTRL:
        case KVM_CAP_READONLY_MEM:
+        case KVM_CAP_HYPERV_TIME:
+        case KVM_CAP_IOAPIC_POLARITY_IGNORED:
 #ifdef CONFIG_KVM_DEVICE_ASSIGNMENT
        case KVM_CAP_ASSIGN_DEV_IRQ:
        case KVM_CAP_PCI_2_3:
@@ -2972,8 +3029,11 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
 static void kvm_vcpu_ioctl_x86_get_debugregs(struct kvm_vcpu *vcpu,
                                             struct kvm_debugregs *dbgregs)
 {
+        unsigned long val;
        memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
-        dbgregs->dr6 = vcpu->arch.dr6;
+        _kvm_get_dr(vcpu, 6, &val);
+        dbgregs->dr6 = val;
        dbgregs->dr7 = vcpu->arch.dr7;
        dbgregs->flags = 0;
        memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
@@ -2987,7 +3047,9 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
        memcpy(vcpu->arch.db, dbgregs->db, sizeof(vcpu->arch.db));
        vcpu->arch.dr6 = dbgregs->dr6;
+        kvm_update_dr6(vcpu);
        vcpu->arch.dr7 = dbgregs->dr7;
+        kvm_update_dr7(vcpu);
        return 0;
 }
@@ -3022,9 +3084,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
                 * CPUID leaf 0xD, index 0, EDX:EAX.  This is for compatibility
                 * with old userspace.
                 */
-                if (xstate_bv & ~KVM_SUPPORTED_XCR0)
+                if (xstate_bv & ~kvm_supported_xcr0())
-                        return -EINVAL;
-                if (xstate_bv & ~host_xcr0)
                        return -EINVAL;
                memcpy(&vcpu->arch.guest_fpu.state->xsave,
                        guest_xsave->region, vcpu->arch.guest_xstate_size);
@@ -3877,6 +3937,23 @@ static void kvm_init_msr_list(void)
        for (i = j = KVM_SAVE_MSRS_BEGIN; i < ARRAY_SIZE(msrs_to_save); i++) {
                if (rdmsr_safe(msrs_to_save[i], &dummy[0], &dummy[1]) < 0)
                        continue;
+                /*
+                 * Even MSRs that are valid in the host may not be exposed
+                 * to the guests in some cases.  We could work around this
+                 * in VMX with the generic MSR save/load machinery, but it
+                 * is not really worthwhile since it will really only
+                 * happen with nested virtualization.
+                 */
+                switch (msrs_to_save[i]) {
+                case MSR_IA32_BNDCFGS:
+                        if (!kvm_x86_ops->mpx_supported())
+                                continue;
+                        break;
+                default:
+                        break;
+                }
                if (j < i)
                        msrs_to_save[j] = msrs_to_save[i];
                j++;
@@ -4373,6 +4450,7 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
        if (!exchanged)
                return X86EMUL_CMPXCHG_FAILED;
+        mark_page_dirty(vcpu->kvm, gpa >> PAGE_SHIFT);
        kvm_mmu_pte_write(vcpu, gpa, new, bytes);
        return X86EMUL_CONTINUE;
@@ -5344,7 +5422,8 @@ static void kvm_timer_init(void)
        int cpu;
        max_tsc_khz = tsc_khz;
-        register_hotcpu_notifier(&kvmclock_cpu_notifier_block);
+        cpu_notifier_register_begin();
        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
 #ifdef CONFIG_CPU_FREQ
                struct cpufreq_policy policy;
@@ -5361,6 +5440,10 @@ static void kvm_timer_init(void)
        pr_debug("kvm: max_tsc_khz = %ld\n", max_tsc_khz);
        for_each_online_cpu(cpu)
                smp_call_function_single(cpu, tsc_khz_changed, NULL, 1);
+        __register_hotcpu_notifier(&kvmclock_cpu_notifier_block);
+        cpu_notifier_register_done();
 }
 static DEFINE_PER_CPU(struct kvm_vcpu *, current_vcpu);
@@ -5516,9 +5599,10 @@ int kvm_arch_init(void *opaque)
                goto out_free_percpu;
        kvm_set_mmio_spte_mask();
-        kvm_init_msr_list();
        kvm_x86_ops = ops;
+        kvm_init_msr_list();
        kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK,
                        PT_DIRTY_MASK, PT64_NX_MASK, 0);
@@ -5761,8 +5845,10 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu)
        kvm_x86_ops->update_cr8_intercept(vcpu, tpr, max_irr);
 }
-static void inject_pending_event(struct kvm_vcpu *vcpu)
+static int inject_pending_event(struct kvm_vcpu *vcpu, bool req_int_win)
 {
+        int r;
        /* try to reinject previous events if any */
        if (vcpu->arch.exception.pending) {
                trace_kvm_inj_exception(vcpu->arch.exception.nr,
@@ -5772,17 +5858,23 @@ static void inject_pending_event(struct kvm_vcpu *vcpu)
                                          vcpu->arch.exception.has_error_code,
                                          vcpu->arch.exception.error_code,
                                          vcpu->arch.exception.reinject);
-                return;
+                return 0;
        }
        if (vcpu->arch.nmi_injected) {
                kvm_x86_ops->set_nmi(vcpu);
-                return;
+                return 0;
        }
        if (vcpu->arch.interrupt.pending) {
                kvm_x86_ops->set_irq(vcpu);
-                return;
+                return 0;
+        }
+        if (is_guest_mode(vcpu) && kvm_x86_ops->check_nested_events) {
+                r = kvm_x86_ops->check_nested_events(vcpu, req_int_win);
+                if (r != 0)
+                        return r;
        }
        /* try to inject new event if pending */
@@ -5799,6 +5891,7 @@ static void inject_pending_event(struct kvm_vcpu *vcpu)
                        kvm_x86_ops->set_irq(vcpu);
                }
        }
+        return 0;
 }
 static void process_nmi(struct kvm_vcpu *vcpu)
@@ -5834,6 +5927,11 @@ static void vcpu_scan_ioapic(struct kvm_vcpu *vcpu)
        kvm_apic_update_tmr(vcpu, tmr);
 }
+/*
+ * Returns 1 to let __vcpu_run() continue the guest execution loop without
+ * exiting to the userspace.  Otherwise, the value will be returned to the
+ * userspace.
+ */
 static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 {
        int r;
@@ -5898,15 +5996,13 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
                        goto out;
                }
-                inject_pending_event(vcpu);
+                if (inject_pending_event(vcpu, req_int_win) != 0)
+                        req_immediate_exit = true;
                /* enable NMI/IRQ window open exits if needed */
-                if (vcpu->arch.nmi_pending)
+                else if (vcpu->arch.nmi_pending)
-                        req_immediate_exit =
+                        kvm_x86_ops->enable_nmi_window(vcpu);
-                                kvm_x86_ops->enable_nmi_window(vcpu) != 0;
                else if (kvm_cpu_has_injectable_intr(vcpu) || req_int_win)
-                        req_immediate_exit =
+                        kvm_x86_ops->enable_irq_window(vcpu);
-                                kvm_x86_ops->enable_irq_window(vcpu) != 0;
                if (kvm_lapic_enabled(vcpu)) {
                        /*
@@ -5966,12 +6062,28 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
                set_debugreg(vcpu->arch.eff_db[1], 1);
                set_debugreg(vcpu->arch.eff_db[2], 2);
                set_debugreg(vcpu->arch.eff_db[3], 3);
+                set_debugreg(vcpu->arch.dr6, 6);
        }
        trace_kvm_entry(vcpu->vcpu_id);
        kvm_x86_ops->run(vcpu);
        /*
+         * Do this here before restoring debug registers on the host.  And
+         * since we do this before handling the vmexit, a DR access vmexit
+         * can (a) read the correct value of the debug registers, (b) set
+         * KVM_DEBUGREG_WONT_EXIT again.
+         */
+        if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) {
+                int i;
+                WARN_ON(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP);
+                kvm_x86_ops->sync_dirty_debug_regs(vcpu);
+                for (i = 0; i < KVM_NR_DB_REGS; i++)
+                        vcpu->arch.eff_db[i] = vcpu->arch.db[i];
+        }
+        /*
         * If the guest has used debug registers, at least dr7
         * will be disabled while returning to the host.
         * If we don't have active breakpoints in the host, we don't
@@ -6089,7 +6201,7 @@ static int __vcpu_run(struct kvm_vcpu *vcpu)
                }
                if (need_resched()) {
                        srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
-                        kvm_resched(vcpu);
+                        cond_resched();
                        vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
                }
        }
@@ -6160,7 +6272,7 @@ static int complete_emulated_mmio(struct kvm_vcpu *vcpu)
                frag->len -= len;
        }
-        if (vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments) {
+        if (vcpu->mmio_cur_fragment >= vcpu->mmio_nr_fragments) {
                vcpu->mmio_needed = 0;
                /* FIXME: return into emulator if single-stepping.  */
@@ -6401,6 +6513,7 @@ EXPORT_SYMBOL_GPL(kvm_task_switch);
 int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
                                  struct kvm_sregs *sregs)
 {
+        struct msr_data apic_base_msr;
        int mmu_reset_needed = 0;
        int pending_vec, max_bits, idx;
        struct desc_ptr dt;
@@ -6424,7 +6537,9 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
        mmu_reset_needed |= vcpu->arch.efer != sregs->efer;
        kvm_x86_ops->set_efer(vcpu, sregs->efer);
-        kvm_set_apic_base(vcpu, sregs->apic_base);
+        apic_base_msr.data = sregs->apic_base;
+        apic_base_msr.host_initiated = true;
+        kvm_set_apic_base(vcpu, &apic_base_msr);
        mmu_reset_needed |= kvm_read_cr0(vcpu) != sregs->cr0;
        kvm_x86_ops->set_cr0(vcpu, sregs->cr0);
@@ -6682,6 +6797,7 @@ int kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu)
 {
        int r;
        struct msr_data msr;
+        struct kvm *kvm = vcpu->kvm;
        r = vcpu_load(vcpu);
        if (r)
@@ -6692,6 +6808,9 @@ int kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu)
        kvm_write_tsc(vcpu, &msr);
        vcpu_put(vcpu);
+        schedule_delayed_work(&kvm->arch.kvmclock_sync_work,
+                                        KVMCLOCK_SYNC_PERIOD);
        return r;
 }
@@ -6717,6 +6836,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu)
        memset(vcpu->arch.db, 0, sizeof(vcpu->arch.db));
        vcpu->arch.dr6 = DR6_FIXED_1;
+        kvm_update_dr6(vcpu);
        vcpu->arch.dr7 = DR7_FIXED_1;
        kvm_update_dr7(vcpu);
@@ -6983,6 +7103,9 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
        pvclock_update_vm_gtod_copy(kvm);
+        INIT_DELAYED_WORK(&kvm->arch.kvmclock_update_work, kvmclock_update_fn);
+        INIT_DELAYED_WORK(&kvm->arch.kvmclock_sync_work, kvmclock_sync_fn);
        return 0;
 }
@@ -7020,6 +7143,8 @@ static void kvm_free_vcpus(struct kvm *kvm)
 void kvm_arch_sync_events(struct kvm *kvm)
 {
+        cancel_delayed_work_sync(&kvm->arch.kvmclock_sync_work);
+        cancel_delayed_work_sync(&kvm->arch.kvmclock_update_work);
        kvm_free_all_assigned_devices(kvm);
        kvm_free_pit(kvm);
 }
@@ -7218,6 +7343,9 @@ void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
 int kvm_arch_vcpu_runnable(struct kvm_vcpu *vcpu)
 {
+        if (is_guest_mode(vcpu) && kvm_x86_ops->check_nested_events)
+                kvm_x86_ops->check_nested_events(vcpu, false);
        return (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE &&
                !vcpu->arch.apf.halted)
                || !list_empty_careful(&vcpu->async_pf.done)
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 587fb9ede436..8c97bac9a895 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -122,8 +122,13 @@ int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt,
        gva_t addr, void *val, unsigned int bytes,
        struct x86_exception *exception);
-#define KVM_SUPPORTED_XCR0      (XSTATE_FP | XSTATE_SSE | XSTATE_YMM)
+#define KVM_SUPPORTED_XCR0     (XSTATE_FP | XSTATE_SSE | XSTATE_YMM \
+                                | XSTATE_BNDREGS | XSTATE_BNDCSR)
 extern u64 host_xcr0;
+extern u64 kvm_supported_xcr0(void);
+extern unsigned int min_timer_period_us;
 extern struct static_key kvm_no_apic_vcpu;
 #endif
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index bdf8532494fe..ad1fb5f53925 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -233,13 +233,13 @@ static void lguest_end_context_switch(struct task_struct *next)
 * flags word contains all kind of stuff, but in practice Linux only cares
 * about the interrupt flag.  Our "save_flags()" just returns that.
 */
-static unsigned long save_fl(void)
+asmlinkage unsigned long lguest_save_fl(void)
 {
        return lguest_data.irq_enabled;
 }
 /* Interrupts go off... */
-static void irq_disable(void)
+asmlinkage void lguest_irq_disable(void)
 {
        lguest_data.irq_enabled = 0;
 }
@@ -253,8 +253,8 @@ static void irq_disable(void)
 * PV_CALLEE_SAVE_REGS_THUNK(), which pushes %eax onto the stack, calls the
 * C function, then restores it.
 */
-PV_CALLEE_SAVE_REGS_THUNK(save_fl);
+PV_CALLEE_SAVE_REGS_THUNK(lguest_save_fl);
-PV_CALLEE_SAVE_REGS_THUNK(irq_disable);
+PV_CALLEE_SAVE_REGS_THUNK(lguest_irq_disable);
 /*:*/
 /* These are in i386_head.S */
@@ -1291,9 +1291,9 @@ __init void lguest_init(void)
         */
        /* Interrupt-related operations */
-        pv_irq_ops.save_fl = PV_CALLEE_SAVE(save_fl);
+        pv_irq_ops.save_fl = PV_CALLEE_SAVE(lguest_save_fl);
        pv_irq_ops.restore_fl = __PV_IS_CALLEE_SAVE(lg_restore_fl);
-        pv_irq_ops.irq_disable = PV_CALLEE_SAVE(irq_disable);
+        pv_irq_ops.irq_disable = PV_CALLEE_SAVE(lguest_irq_disable);
        pv_irq_ops.irq_enable = __PV_IS_CALLEE_SAVE(lg_irq_enable);
        pv_irq_ops.safe_halt = lguest_safe_halt;
diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
index 992d63bb154f..eabcb6e6a900 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -24,7 +24,7 @@ lib-$(CONFIG_SMP) += rwlock.o
 lib-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += rwsem.o
 lib-$(CONFIG_INSTRUCTION_DECODER) += insn.o inat.o
-obj-y += msr.o msr-reg.o msr-reg-export.o
+obj-y += msr.o msr-reg.o msr-reg-export.o hash.o
 ifeq ($(CONFIG_X86_32),y)
        obj-y += atomic64_32.o
diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S
index a30ca15be21c..dee945d55594 100644
--- a/arch/x86/lib/copy_user_64.S
+++ b/arch/x86/lib/copy_user_64.S
@@ -186,7 +186,7 @@ ENTRY(copy_user_generic_unrolled)
 30:     shll $6,%ecx
        addl %ecx,%edx
        jmp 60f
-40:     lea (%rdx,%rcx,8),%rdx
+40:     leal (%rdx,%rcx,8),%edx
        jmp 60f
 50:     movl %ecx,%edx
 60:     jmp copy_user_handle_tail /* ecx is zerorest also */
@@ -236,8 +236,6 @@ ENDPROC(copy_user_generic_unrolled)
 ENTRY(copy_user_generic_string)
        CFI_STARTPROC
        ASM_STAC
-        andl %edx,%edx
-        jz 4f
        cmpl $8,%edx
        jb 2f           /* less than 8 bytes, go to byte copy loop */
        ALIGN_DESTINATION
@@ -249,12 +247,12 @@ ENTRY(copy_user_generic_string)
 2:      movl %edx,%ecx
 3:      rep
        movsb
-4:      xorl %eax,%eax
+        xorl %eax,%eax
        ASM_CLAC
        ret
        .section .fixup,"ax"
-11:     lea (%rdx,%rcx,8),%rcx
+11:     leal (%rdx,%rcx,8),%ecx
 12:     movl %ecx,%edx          /* ecx is zerorest also */
        jmp copy_user_handle_tail
        .previous
@@ -279,12 +277,10 @@ ENDPROC(copy_user_generic_string)
 ENTRY(copy_user_enhanced_fast_string)
        CFI_STARTPROC
        ASM_STAC
-        andl %edx,%edx
-        jz 2f
        movl %edx,%ecx
 1:      rep
        movsb
-2:      xorl %eax,%eax
+        xorl %eax,%eax
        ASM_CLAC
        ret
diff --git a/arch/x86/lib/delay.c b/arch/x86/lib/delay.c
index 7c3bee636e2f..39d6a3db0b96 100644
--- a/arch/x86/lib/delay.c
+++ b/arch/x86/lib/delay.c
@@ -16,7 +16,6 @@
 #include <linux/timex.h>
 #include <linux/preempt.h>
 #include <linux/delay.h>
-#include <linux/init.h>
 #include <asm/processor.h>
 #include <asm/delay.h>
diff --git a/arch/x86/lib/hash.c b/arch/x86/lib/hash.c
new file mode 100644
index 000000000000..ff4fa51a5b1f
--- /dev/null
+++ b/arch/x86/lib/hash.c
@@ -0,0 +1,92 @@
+/*
+ * Some portions derived from code covered by the following notice:
+ *
+ * Copyright (c) 2010-2013 Intel Corporation. All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <linux/hash.h>
+#include <linux/init.h>
+#include <asm/processor.h>
+#include <asm/cpufeature.h>
+#include <asm/hash.h>
+static inline u32 crc32_u32(u32 crc, u32 val)
+{
+#ifdef CONFIG_AS_CRC32
+        asm ("crc32l %1,%0\n" : "+r" (crc) : "rm" (val));
+#else
+        asm (".byte 0xf2, 0x0f, 0x38, 0xf1, 0xc1" : "+a" (crc) : "c" (val));
+#endif
+        return crc;
+}
+static u32 intel_crc4_2_hash(const void *data, u32 len, u32 seed)
+{
+        const u32 *p32 = (const u32 *) data;
+        u32 i, tmp = 0;
+        for (i = 0; i < len / 4; i++)
+                seed = crc32_u32(seed, *p32++);
+        switch (len & 3) {
+        case 3:
+                tmp |= *((const u8 *) p32 + 2) << 16;
+                /* fallthrough */
+        case 2:
+                tmp |= *((const u8 *) p32 + 1) << 8;
+                /* fallthrough */
+        case 1:
+                tmp |= *((const u8 *) p32);
+                seed = crc32_u32(seed, tmp);
+                break;
+        }
+        return seed;
+}
+static u32 intel_crc4_2_hash2(const u32 *data, u32 len, u32 seed)
+{
+        const u32 *p32 = (const u32 *) data;
+        u32 i;
+        for (i = 0; i < len; i++)
+                seed = crc32_u32(seed, *p32++);
+        return seed;
+}
+void __init setup_arch_fast_hash(struct fast_hash_ops *ops)
+{
+        if (cpu_has_xmm4_2) {
+                ops->hash  = intel_crc4_2_hash;
+                ops->hash2 = intel_crc4_2_hash2;
+        }
+}
diff --git a/arch/x86/lib/memcpy_32.c b/arch/x86/lib/memcpy_32.c
index e78761d6b7f8..a404b4b75533 100644
--- a/arch/x86/lib/memcpy_32.c
+++ b/arch/x86/lib/memcpy_32.c
@@ -4,7 +4,7 @@
 #undef memcpy
 #undef memset
-void *memcpy(void *to, const void *from, size_t n)
+__visible void *memcpy(void *to, const void *from, size_t n)
 {
 #ifdef CONFIG_X86_USE_3DNOW
        return __memcpy3d(to, from, n);
@@ -14,13 +14,13 @@ void *memcpy(void *to, const void *from, size_t n)
 }
 EXPORT_SYMBOL(memcpy);
-void *memset(void *s, int c, size_t count)
+__visible void *memset(void *s, int c, size_t count)
 {
        return __memset(s, c, count);
 }
 EXPORT_SYMBOL(memset);
-void *memmove(void *dest, const void *src, size_t n)
+__visible void *memmove(void *dest, const void *src, size_t n)
 {
        int d0,d1,d2,d3,d4,d5;
        char *ret = dest;
diff --git a/arch/x86/lib/msr.c b/arch/x86/lib/msr.c
index 8f8eebdca7d4..db9db446b71a 100644
--- a/arch/x86/lib/msr.c
+++ b/arch/x86/lib/msr.c
@@ -8,7 +8,7 @@ struct msr *msrs_alloc(void)
        msrs = alloc_percpu(struct msr);
        if (!msrs) {
-                pr_warning("%s: error allocating msrs\n", __func__);
+                pr_warn("%s: error allocating msrs\n", __func__);
                return NULL;
        }
@@ -21,3 +21,90 @@ void msrs_free(struct msr *msrs)
        free_percpu(msrs);
 }
 EXPORT_SYMBOL(msrs_free);
+/**
+ * Read an MSR with error handling
+ *
+ * @msr: MSR to read
+ * @m: value to read into
+ *
+ * It returns read data only on success, otherwise it doesn't change the output
+ * argument @m.
+ *
+ */
+int msr_read(u32 msr, struct msr *m)
+{
+        int err;
+        u64 val;
+        err = rdmsrl_safe(msr, &val);
+        if (!err)
+                m->q = val;
+        return err;
+}
+/**
+ * Write an MSR with error handling
+ *
+ * @msr: MSR to write
+ * @m: value to write
+ */
+int msr_write(u32 msr, struct msr *m)
+{
+        return wrmsrl_safe(msr, m->q);
+}
+static inline int __flip_bit(u32 msr, u8 bit, bool set)
+{
+        struct msr m, m1;
+        int err = -EINVAL;
+        if (bit > 63)
+                return err;
+        err = msr_read(msr, &m);
+        if (err)
+                return err;
+        m1 = m;
+        if (set)
+                m1.q |=  BIT_64(bit);
+        else
+                m1.q &= ~BIT_64(bit);
+        if (m1.q == m.q)
+                return 0;
+        err = msr_write(msr, &m);
+        if (err)
+                return err;
+        return 1;
+}
+/**
+ * Set @bit in a MSR @msr.
+ *
+ * Retval:
+ * < 0: An error was encountered.
+ * = 0: Bit was already set.
+ * > 0: Hardware accepted the MSR write.
+ */
+int msr_set_bit(u32 msr, u8 bit)
+{
+        return __flip_bit(msr, bit, true);
+}
+/**
+ * Clear @bit in a MSR @msr.
+ *
+ * Retval:
+ * < 0: An error was encountered.
+ * = 0: Bit was already cleared.
+ * > 0: Hardware accepted the MSR write.
+ */
+int msr_clear_bit(u32 msr, u8 bit)
+{
+        return __flip_bit(msr, bit, false);
+}
diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt
index 533a85e3a07e..1a2be7c6895d 100644
--- a/arch/x86/lib/x86-opcode-map.txt
+++ b/arch/x86/lib/x86-opcode-map.txt
@@ -346,8 +346,8 @@ AVXcode: 1
 17: vmovhps Mq,Vq (v1) | vmovhpd Mq,Vq (66),(v1)
 18: Grp16 (1A)
 19:
-1a:
+1a: BNDCL Ev,Gv | BNDCU Ev,Gv | BNDMOV Gv,Ev | BNDLDX Gv,Ev,Gv
-1b:
+1b: BNDCN Ev,Gv | BNDMOV Ev,Gv | BNDMK Gv,Ev | BNDSTX Ev,GV,Gv
 1c:
 1d:
 1e:
diff --git a/arch/x86/math-emu/errors.c b/arch/x86/math-emu/errors.c
index 59d353d2c599..a5449089cd9f 100644
--- a/arch/x86/math-emu/errors.c
+++ b/arch/x86/math-emu/errors.c
@@ -330,11 +330,6 @@ asmlinkage void FPU_exception(int n)
        RE_ENTRANT_CHECK_OFF;
        if ((~control_word & n & CW_Exceptions) || (n == EX_INTERNAL)) {
-#ifdef PRINT_MESSAGES
-                /* My message from the sponsor */
-                printk(FPU_VERSION " " __DATE__ " (C) W. Metzenthen.\n");
-#endif /* PRINT_MESSAGES */
                /* Get a name string for error reporting */
                for (i = 0; exception_names[i].type; i++)
                        if ((exception_names[i].type & n) ==
diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
index 0002a3a33081..20621d753d5f 100644
--- a/arch/x86/mm/dump_pagetables.c
+++ b/arch/x86/mm/dump_pagetables.c
@@ -30,6 +30,7 @@ struct pg_state {
        unsigned long start_address;
        unsigned long current_address;
        const struct addr_marker *marker;
+        bool to_dmesg;
 };
 struct addr_marker {
@@ -88,10 +89,28 @@ static struct addr_marker address_markers[] = {
 #define PUD_LEVEL_MULT (PTRS_PER_PMD * PMD_LEVEL_MULT)
 #define PGD_LEVEL_MULT (PTRS_PER_PUD * PUD_LEVEL_MULT)
+#define pt_dump_seq_printf(m, to_dmesg, fmt, args...)           \
+({                                                              \
+        if (to_dmesg)                                   \
+                printk(KERN_INFO fmt, ##args);                  \
+        else                                                    \
+                if (m)                                          \
+                        seq_printf(m, fmt, ##args);             \
+})
+#define pt_dump_cont_printf(m, to_dmesg, fmt, args...)          \
+({                                                              \
+        if (to_dmesg)                                   \
+                printk(KERN_CONT fmt, ##args);                  \
+        else                                                    \
+                if (m)                                          \
+                        seq_printf(m, fmt, ##args);             \
+})
 /*
 * Print a readable form of a pgprot_t to the seq_file
 */
-static void printk_prot(struct seq_file *m, pgprot_t prot, int level)
+static void printk_prot(struct seq_file *m, pgprot_t prot, int level, bool dmsg)
 {
        pgprotval_t pr = pgprot_val(prot);
        static const char * const level_name[] =
@@ -99,47 +118,47 @@ static void printk_prot(struct seq_file *m, pgprot_t prot, int level)
        if (!pgprot_val(prot)) {
                /* Not present */
-                seq_printf(m, "                          ");
+                pt_dump_cont_printf(m, dmsg, "                          ");
        } else {
                if (pr & _PAGE_USER)
-                        seq_printf(m, "USR ");
+                        pt_dump_cont_printf(m, dmsg, "USR ");
                else
-                        seq_printf(m, "    ");
+                        pt_dump_cont_printf(m, dmsg, "    ");
                if (pr & _PAGE_RW)
-                        seq_printf(m, "RW ");
+                        pt_dump_cont_printf(m, dmsg, "RW ");
                else
-                        seq_printf(m, "ro ");
+                        pt_dump_cont_printf(m, dmsg, "ro ");
                if (pr & _PAGE_PWT)
-                        seq_printf(m, "PWT ");
+                        pt_dump_cont_printf(m, dmsg, "PWT ");
                else
-                        seq_printf(m, "    ");
+                        pt_dump_cont_printf(m, dmsg, "    ");
                if (pr & _PAGE_PCD)
-                        seq_printf(m, "PCD ");
+                        pt_dump_cont_printf(m, dmsg, "PCD ");
                else
-                        seq_printf(m, "    ");
+                        pt_dump_cont_printf(m, dmsg, "    ");
                /* Bit 9 has a different meaning on level 3 vs 4 */
                if (level <= 3) {
                        if (pr & _PAGE_PSE)
-                                seq_printf(m, "PSE ");
+                                pt_dump_cont_printf(m, dmsg, "PSE ");
                        else
-                                seq_printf(m, "    ");
+                                pt_dump_cont_printf(m, dmsg, "    ");
                } else {
                        if (pr & _PAGE_PAT)
-                                seq_printf(m, "pat ");
+                                pt_dump_cont_printf(m, dmsg, "pat ");
                        else
-                                seq_printf(m, "    ");
+                                pt_dump_cont_printf(m, dmsg, "    ");
                }
                if (pr & _PAGE_GLOBAL)
-                        seq_printf(m, "GLB ");
+                        pt_dump_cont_printf(m, dmsg, "GLB ");
                else
-                        seq_printf(m, "    ");
+                        pt_dump_cont_printf(m, dmsg, "    ");
                if (pr & _PAGE_NX)
-                        seq_printf(m, "NX ");
+                        pt_dump_cont_printf(m, dmsg, "NX ");
                else
-                        seq_printf(m, "x  ");
+                        pt_dump_cont_printf(m, dmsg, "x  ");
        }
-        seq_printf(m, "%s\n", level_name[level]);
+        pt_dump_cont_printf(m, dmsg, "%s\n", level_name[level]);
 }
 /*
@@ -178,7 +197,8 @@ static void note_page(struct seq_file *m, struct pg_state *st,
                st->current_prot = new_prot;
                st->level = level;
                st->marker = address_markers;
-                seq_printf(m, "---[ %s ]---\n", st->marker->name);
+                pt_dump_seq_printf(m, st->to_dmesg, "---[ %s ]---\n",
+                                   st->marker->name);
        } else if (prot != cur || level != st->level ||
                   st->current_address >= st->marker[1].start_address) {
                const char *unit = units;
@@ -188,17 +208,17 @@ static void note_page(struct seq_file *m, struct pg_state *st,
                /*
                 * Now print the actual finished series
                 */
-                seq_printf(m, "0x%0*lx-0x%0*lx   ",
+                pt_dump_seq_printf(m, st->to_dmesg,  "0x%0*lx-0x%0*lx   ",
-                           width, st->start_address,
+                                   width, st->start_address,
-                           width, st->current_address);
+                                   width, st->current_address);
                delta = (st->current_address - st->start_address) >> 10;
                while (!(delta & 1023) && unit[1]) {
                        delta >>= 10;
                        unit++;
                }
-                seq_printf(m, "%9lu%c ", delta, *unit);
+                pt_dump_cont_printf(m, st->to_dmesg, "%9lu%c ", delta, *unit);
-                printk_prot(m, st->current_prot, st->level);
+                printk_prot(m, st->current_prot, st->level, st->to_dmesg);
                /*
                 * We print markers for special areas of address space,
@@ -207,7 +227,8 @@ static void note_page(struct seq_file *m, struct pg_state *st,
                 */
                if (st->current_address >= st->marker[1].start_address) {
                        st->marker++;
-                        seq_printf(m, "---[ %s ]---\n", st->marker->name);
+                        pt_dump_seq_printf(m, st->to_dmesg, "---[ %s ]---\n",
+                                           st->marker->name);
                }
                st->start_address = st->current_address;
@@ -296,7 +317,7 @@ static void walk_pud_level(struct seq_file *m, struct pg_state *st, pgd_t addr,
 #define pgd_none(a)  pud_none(__pud(pgd_val(a)))
 #endif
-static void walk_pgd_level(struct seq_file *m)
+void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd)
 {
 #ifdef CONFIG_X86_64
        pgd_t *start = (pgd_t *) &init_level4_pgt;
@@ -304,9 +325,12 @@ static void walk_pgd_level(struct seq_file *m)
        pgd_t *start = swapper_pg_dir;
 #endif
        int i;
-        struct pg_state st;
+        struct pg_state st = {};
-        memset(&st, 0, sizeof(st));
+        if (pgd) {
+                start = pgd;
+                st.to_dmesg = true;
+        }
        for (i = 0; i < PTRS_PER_PGD; i++) {
                st.current_address = normalize_addr(i * PGD_LEVEL_MULT);
@@ -331,7 +355,7 @@ static void walk_pgd_level(struct seq_file *m)
 static int ptdump_show(struct seq_file *m, void *v)
 {
-        walk_pgd_level(m);
+        ptdump_walk_pgd_level(m, NULL);
        return 0;
 }
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 9d591c895803..8e5722992677 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -584,8 +584,13 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
        if (error_code & PF_INSTR) {
                unsigned int level;
+                pgd_t *pgd;
+                pte_t *pte;
-                pte_t *pte = lookup_address(address, &level);
+                pgd = __va(read_cr3() & PHYSICAL_PAGE_MASK);
+                pgd += pgd_index(address);
+                pte = lookup_address_in_pgd(pgd, address, &level);
                if (pte && pte_present(*pte) && !pte_exec(*pte))
                        printk(nx_warning, from_kuid(&init_user_ns, current_uid()));
@@ -1001,6 +1006,12 @@ static int fault_in_kernel_space(unsigned long address)
 static inline bool smap_violation(int error_code, struct pt_regs *regs)
 {
+        if (!IS_ENABLED(CONFIG_X86_SMAP))
+                return false;
+        if (!static_cpu_has(X86_FEATURE_SMAP))
+                return false;
        if (error_code & PF_USER)
                return false;
@@ -1014,13 +1025,17 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
 * This routine handles page faults.  It determines the address,
 * and the problem, and then passes it off to one of the appropriate
 * routines.
+ *
+ * This function must have noinline because both callers
+ * {,trace_}do_page_fault() have notrace on. Having this an actual function
+ * guarantees there's a function trace entry.
 */
-static void __kprobes
+static void __kprobes noinline
-__do_page_fault(struct pt_regs *regs, unsigned long error_code)
+__do_page_fault(struct pt_regs *regs, unsigned long error_code,
+                unsigned long address)
 {
        struct vm_area_struct *vma;
        struct task_struct *tsk;
-        unsigned long address;
        struct mm_struct *mm;
        int fault;
        unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE;
@@ -1028,9 +1043,6 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
        tsk = current;
        mm = tsk->mm;
-        /* Get the faulting address: */
-        address = read_cr2();
        /*
         * Detect and handle instructions that would cause a page fault for
         * both a tracked kernel page and a userspace page.
@@ -1087,11 +1099,9 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
        if (unlikely(error_code & PF_RSVD))
                pgtable_bad(regs, error_code, address);
-        if (static_cpu_has(X86_FEATURE_SMAP)) {
+        if (unlikely(smap_violation(error_code, regs))) {
-                if (unlikely(smap_violation(error_code, regs))) {
+                bad_area_nosemaphore(regs, error_code, address);
-                        bad_area_nosemaphore(regs, error_code, address);
+                return;
-                        return;
-                }
        }
        /*
@@ -1244,32 +1254,50 @@ good_area:
        up_read(&mm->mmap_sem);
 }
-dotraplinkage void __kprobes
+dotraplinkage void __kprobes notrace
 do_page_fault(struct pt_regs *regs, unsigned long error_code)
 {
+        unsigned long address = read_cr2(); /* Get the faulting address */
        enum ctx_state prev_state;
+        /*
+         * We must have this function tagged with __kprobes, notrace and call
+         * read_cr2() before calling anything else. To avoid calling any kind
+         * of tracing machinery before we've observed the CR2 value.
+         *
+         * exception_{enter,exit}() contain all sorts of tracepoints.
+         */
        prev_state = exception_enter();
-        __do_page_fault(regs, error_code);
+        __do_page_fault(regs, error_code, address);
        exception_exit(prev_state);
 }
-static void trace_page_fault_entries(struct pt_regs *regs,
+#ifdef CONFIG_TRACING
+static void trace_page_fault_entries(unsigned long address, struct pt_regs *regs,
                                     unsigned long error_code)
 {
        if (user_mode(regs))
-                trace_page_fault_user(read_cr2(), regs, error_code);
+                trace_page_fault_user(address, regs, error_code);
        else
-                trace_page_fault_kernel(read_cr2(), regs, error_code);
+                trace_page_fault_kernel(address, regs, error_code);
 }
-dotraplinkage void __kprobes
+dotraplinkage void __kprobes notrace
 trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
 {
+        /*
+         * The exception_enter and tracepoint processing could
+         * trigger another page faults (user space callchain
+         * reading) and destroy the original cr2 value, so read
+         * the faulting address now.
+         */
+        unsigned long address = read_cr2();
        enum ctx_state prev_state;
        prev_state = exception_enter();
-        trace_page_fault_entries(regs, error_code);
+        trace_page_fault_entries(address, regs, error_code);
-        __do_page_fault(regs, error_code);
+        __do_page_fault(regs, error_code, address);
        exception_exit(prev_state);
 }
+#endif /* CONFIG_TRACING */
diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
index 0596e8e0cc19..207d9aef662d 100644
--- a/arch/x86/mm/gup.c
+++ b/arch/x86/mm/gup.c
@@ -108,8 +108,8 @@ static noinline int gup_pte_range(pmd_t pmd, unsigned long addr,
 static inline void get_head_page_multiple(struct page *page, int nr)
 {
-        VM_BUG_ON(page != compound_head(page));
+        VM_BUG_ON_PAGE(page != compound_head(page), page);
-        VM_BUG_ON(page_count(page) == 0);
+        VM_BUG_ON_PAGE(page_count(page) == 0, page);
        atomic_add(nr, &page->_count);
        SetPageReferenced(page);
 }
@@ -135,7 +135,7 @@ static noinline int gup_huge_pmd(pmd_t pmd, unsigned long addr,
        head = pte_page(pte);
        page = head + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
        do {
-                VM_BUG_ON(compound_head(page) != head);
+                VM_BUG_ON_PAGE(compound_head(page) != head, page);
                pages[*nr] = page;
                if (PageTail(page))
                        get_huge_page_tail(page);
@@ -212,7 +212,7 @@ static noinline int gup_huge_pud(pud_t pud, unsigned long addr,
        head = pte_page(pte);
        page = head + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
        do {
-                VM_BUG_ON(compound_head(page) != head);
+                VM_BUG_ON_PAGE(compound_head(page) != head, page);
                pages[*nr] = page;
                if (PageTail(page))
                        get_huge_page_tail(page);
diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
index 9d980d88b747..8c9f647ff9e1 100644
--- a/arch/x86/mm/hugetlbpage.c
+++ b/arch/x86/mm/hugetlbpage.c
@@ -87,9 +87,7 @@ int pmd_huge_support(void)
 }
 #endif
-/* x86_64 also uses this file */
+#ifdef CONFIG_HUGETLB_PAGE
-#ifdef HAVE_ARCH_HUGETLB_UNMAPPED_AREA
 static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
                unsigned long addr, unsigned long len,
                unsigned long pgoff, unsigned long flags)
@@ -99,7 +97,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
        info.flags = 0;
        info.length = len;
-        info.low_limit = TASK_UNMAPPED_BASE;
+        info.low_limit = current->mm->mmap_legacy_base;
        info.high_limit = TASK_SIZE;
        info.align_mask = PAGE_MASK & ~huge_page_mask(h);
        info.align_offset = 0;
@@ -172,8 +170,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
                return hugetlb_get_unmapped_area_topdown(file, addr, len,
                                pgoff, flags);
 }
+#endif /* CONFIG_HUGETLB_PAGE */
-#endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/
 #ifdef CONFIG_X86_64
 static __init int setup_hugepagesz(char *opt)
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index 4287f1ffba7e..e39504878aec 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -665,7 +665,7 @@ void __init initmem_init(void)
        high_memory = (void *) __va(max_low_pfn * PAGE_SIZE - 1) + 1;
 #endif
-        memblock_set_node(0, (phys_addr_t)ULLONG_MAX, 0);
+        memblock_set_node(0, (phys_addr_t)ULLONG_MAX, &memblock.memory, 0);
        sparse_memory_present_with_active_regions(0);
 #ifdef CONFIG_FLATMEM
@@ -806,6 +806,9 @@ void __init mem_init(void)
        BUILD_BUG_ON(VMALLOC_START                      >= VMALLOC_END);
 #undef high_memory
 #undef __FIXADDR_TOP
+#ifdef CONFIG_RANDOMIZE_BASE
+        BUILD_BUG_ON(CONFIG_RANDOMIZE_BASE_MAX_OFFSET > KERNEL_IMAGE_SIZE);
+#endif
 #ifdef CONFIG_HIGHMEM
        BUG_ON(PKMAP_BASE + LAST_PKMAP*PAGE_SIZE        > FIXADDR_START);
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 104d56a9245f..f35c66c5959a 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -643,7 +643,7 @@ kernel_physical_mapping_init(unsigned long start,
 #ifndef CONFIG_NUMA
 void __init initmem_init(void)
 {
-        memblock_set_node(0, (phys_addr_t)ULLONG_MAX, 0);
+        memblock_set_node(0, (phys_addr_t)ULLONG_MAX, &memblock.memory, 0);
 }
 #endif
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index 799580cabc78..597ac155c91c 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -328,17 +328,6 @@ void unxlate_dev_mem_ptr(unsigned long phys, void *addr)
        return;
 }
-static int __initdata early_ioremap_debug;
-static int __init early_ioremap_debug_setup(char *str)
-{
-        early_ioremap_debug = 1;
-        return 0;
-}
-early_param("early_ioremap_debug", early_ioremap_debug_setup);
-static __initdata int after_paging_init;
 static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss;
 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
@@ -362,18 +351,11 @@ bool __init is_early_ioremap_ptep(pte_t *ptep)
        return ptep >= &bm_pte[0] && ptep < &bm_pte[PAGE_SIZE/sizeof(pte_t)];
 }
-static unsigned long slot_virt[FIX_BTMAPS_SLOTS] __initdata;
 void __init early_ioremap_init(void)
 {
        pmd_t *pmd;
-        int i;
-        if (early_ioremap_debug)
+        early_ioremap_setup();
-                printk(KERN_INFO "early_ioremap_init()\n");
-        for (i = 0; i < FIX_BTMAPS_SLOTS; i++)
-                slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
        pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
        memset(bm_pte, 0, sizeof(bm_pte));
@@ -402,13 +384,8 @@ void __init early_ioremap_init(void)
        }
 }
-void __init early_ioremap_reset(void)
+void __init __early_set_fixmap(enum fixed_addresses idx,
-{
+                               phys_addr_t phys, pgprot_t flags)
-        after_paging_init = 1;
-}
-static void __init __early_set_fixmap(enum fixed_addresses idx,
-                                      phys_addr_t phys, pgprot_t flags)
 {
        unsigned long addr = __fix_to_virt(idx);
        pte_t *pte;
@@ -425,198 +402,3 @@ static void __init __early_set_fixmap(enum fixed_addresses idx,
                pte_clear(&init_mm, addr, pte);
        __flush_tlb_one(addr);
 }
-static inline void __init early_set_fixmap(enum fixed_addresses idx,
-                                           phys_addr_t phys, pgprot_t prot)
-{
-        if (after_paging_init)
-                __set_fixmap(idx, phys, prot);
-        else
-                __early_set_fixmap(idx, phys, prot);
-}
-static inline void __init early_clear_fixmap(enum fixed_addresses idx)
-{
-        if (after_paging_init)
-                clear_fixmap(idx);
-        else
-                __early_set_fixmap(idx, 0, __pgprot(0));
-}
-static void __iomem *prev_map[FIX_BTMAPS_SLOTS] __initdata;
-static unsigned long prev_size[FIX_BTMAPS_SLOTS] __initdata;
-void __init fixup_early_ioremap(void)
-{
-        int i;
-        for (i = 0; i < FIX_BTMAPS_SLOTS; i++) {
-                if (prev_map[i]) {
-                        WARN_ON(1);
-                        break;
-                }
-        }
-        early_ioremap_init();
-}
-static int __init check_early_ioremap_leak(void)
-{
-        int count = 0;
-        int i;
-        for (i = 0; i < FIX_BTMAPS_SLOTS; i++)
-                if (prev_map[i])
-                        count++;
-        if (!count)
-                return 0;
-        WARN(1, KERN_WARNING
-               "Debug warning: early ioremap leak of %d areas detected.\n",
-                count);
-        printk(KERN_WARNING
-                "please boot with early_ioremap_debug and report the dmesg.\n");
-        return 1;
-}
-late_initcall(check_early_ioremap_leak);
-static void __init __iomem *
-__early_ioremap(resource_size_t phys_addr, unsigned long size, pgprot_t prot)
-{
-        unsigned long offset;
-        resource_size_t last_addr;
-        unsigned int nrpages;
-        enum fixed_addresses idx;
-        int i, slot;
-        WARN_ON(system_state != SYSTEM_BOOTING);
-        slot = -1;
-        for (i = 0; i < FIX_BTMAPS_SLOTS; i++) {
-                if (!prev_map[i]) {
-                        slot = i;
-                        break;
-                }
-        }
-        if (slot < 0) {
-                printk(KERN_INFO "%s(%08llx, %08lx) not found slot\n",
-                       __func__, (u64)phys_addr, size);
-                WARN_ON(1);
-                return NULL;
-        }
-        if (early_ioremap_debug) {
-                printk(KERN_INFO "%s(%08llx, %08lx) [%d] => ",
-                       __func__, (u64)phys_addr, size, slot);
-                dump_stack();
-        }
-        /* Don't allow wraparound or zero size */
-        last_addr = phys_addr + size - 1;
-        if (!size || last_addr < phys_addr) {
-                WARN_ON(1);
-                return NULL;
-        }
-        prev_size[slot] = size;
-        /*
-         * Mappings have to be page-aligned
-         */
-        offset = phys_addr & ~PAGE_MASK;
-        phys_addr &= PAGE_MASK;
-        size = PAGE_ALIGN(last_addr + 1) - phys_addr;
-        /*
-         * Mappings have to fit in the FIX_BTMAP area.
-         */
-        nrpages = size >> PAGE_SHIFT;
-        if (nrpages > NR_FIX_BTMAPS) {
-                WARN_ON(1);
-                return NULL;
-        }
-        /*
-         * Ok, go for it..
-         */
-        idx = FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*slot;
-        while (nrpages > 0) {
-                early_set_fixmap(idx, phys_addr, prot);
-                phys_addr += PAGE_SIZE;
-                --idx;
-                --nrpages;
-        }
-        if (early_ioremap_debug)
-                printk(KERN_CONT "%08lx + %08lx\n", offset, slot_virt[slot]);
-        prev_map[slot] = (void __iomem *)(offset + slot_virt[slot]);
-        return prev_map[slot];
-}
-/* Remap an IO device */
-void __init __iomem *
-early_ioremap(resource_size_t phys_addr, unsigned long size)
-{
-        return __early_ioremap(phys_addr, size, PAGE_KERNEL_IO);
-}
-/* Remap memory */
-void __init __iomem *
-early_memremap(resource_size_t phys_addr, unsigned long size)
-{
-        return __early_ioremap(phys_addr, size, PAGE_KERNEL);
-}
-void __init early_iounmap(void __iomem *addr, unsigned long size)
-{
-        unsigned long virt_addr;
-        unsigned long offset;
-        unsigned int nrpages;
-        enum fixed_addresses idx;
-        int i, slot;
-        slot = -1;
-        for (i = 0; i < FIX_BTMAPS_SLOTS; i++) {
-                if (prev_map[i] == addr) {
-                        slot = i;
-                        break;
-                }
-        }
-        if (slot < 0) {
-                printk(KERN_INFO "early_iounmap(%p, %08lx) not found slot\n",
-                         addr, size);
-                WARN_ON(1);
-                return;
-        }
-        if (prev_size[slot] != size) {
-                printk(KERN_INFO "early_iounmap(%p, %08lx) [%d] size not consistent %08lx\n",
-                         addr, size, slot, prev_size[slot]);
-                WARN_ON(1);
-                return;
-        }
-        if (early_ioremap_debug) {
-                printk(KERN_INFO "early_iounmap(%p, %08lx) [%d]\n", addr,
-                       size, slot);
-                dump_stack();
-        }
-        virt_addr = (unsigned long)addr;
-        if (virt_addr < fix_to_virt(FIX_BTMAP_BEGIN)) {
-                WARN_ON(1);
-                return;
-        }
-        offset = virt_addr & ~PAGE_MASK;
-        nrpages = PAGE_ALIGN(offset + size) >> PAGE_SHIFT;
-        idx = FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*slot;
-        while (nrpages > 0) {
-                early_clear_fixmap(idx);
-                --idx;
-                --nrpages;
-        }
-        prev_map[slot] = NULL;
-}
diff --git a/arch/x86/mm/kmemcheck/kmemcheck.c b/arch/x86/mm/kmemcheck/kmemcheck.c
index d87dd6d042d6..dd89a13f1051 100644
--- a/arch/x86/mm/kmemcheck/kmemcheck.c
+++ b/arch/x86/mm/kmemcheck/kmemcheck.c
@@ -78,10 +78,16 @@ early_initcall(kmemcheck_init);
 */
 static int __init param_kmemcheck(char *str)
 {
+        int val;
+        int ret;
        if (!str)
                return -EINVAL;
-        sscanf(str, "%d", &kmemcheck_enabled);
+        ret = kstrtoint(str, 0, &val);
+        if (ret)
+                return ret;
+        kmemcheck_enabled = val;
        return 0;
 }
diff --git a/arch/x86/mm/kmmio.c b/arch/x86/mm/kmmio.c
index e5d5e2ce9f77..637ab34ed632 100644
--- a/arch/x86/mm/kmmio.c
+++ b/arch/x86/mm/kmmio.c
@@ -11,7 +11,6 @@
 #include <linux/rculist.h>
 #include <linux/spinlock.h>
 #include <linux/hash.h>
-#include <linux/init.h>
 #include <linux/module.h>
 #include <linux/kernel.h>
 #include <linux/uaccess.h>
diff --git a/arch/x86/mm/memtest.c b/arch/x86/mm/memtest.c
index 8dabbed409ee..1e9da795767a 100644
--- a/arch/x86/mm/memtest.c
+++ b/arch/x86/mm/memtest.c
@@ -74,7 +74,7 @@ static void __init do_one_pass(u64 pattern, u64 start, u64 end)
        u64 i;
        phys_addr_t this_start, this_end;
-        for_each_free_mem_range(i, MAX_NUMNODES, &this_start, &this_end, NULL) {
+        for_each_free_mem_range(i, NUMA_NO_NODE, &this_start, &this_end, NULL) {
                this_start = clamp_t(phys_addr_t, this_start, start, end);
                this_end = clamp_t(phys_addr_t, this_end, start, end);
                if (this_start < this_end) {
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
index 24aec58d6afd..1d045f9c390f 100644
--- a/arch/x86/mm/numa.c
+++ b/arch/x86/mm/numa.c
@@ -211,9 +211,13 @@ static void __init setup_node_data(int nid, u64 start, u64 end)
         */
        nd_pa = memblock_alloc_nid(nd_size, SMP_CACHE_BYTES, nid);
        if (!nd_pa) {
-                pr_err("Cannot find %zu bytes in node %d\n",
+                nd_pa = __memblock_alloc_base(nd_size, SMP_CACHE_BYTES,
-                       nd_size, nid);
+                                              MEMBLOCK_ALLOC_ACCESSIBLE);
-                return;
+                if (!nd_pa) {
+                        pr_err("Cannot find %zu bytes in node %d\n",
+                               nd_size, nid);
+                        return;
+                }
        }
        nd = __va(nd_pa);
@@ -487,7 +491,8 @@ static int __init numa_register_memblks(struct numa_meminfo *mi)
        for (i = 0; i < mi->nr_blks; i++) {
                struct numa_memblk *mb = &mi->blk[i];
-                memblock_set_node(mb->start, mb->end - mb->start, mb->nid);
+                memblock_set_node(mb->start, mb->end - mb->start,
+                                  &memblock.memory, mb->nid);
        }
        /*
@@ -549,6 +554,41 @@ static void __init numa_init_array(void)
        }
 }
+static void __init numa_clear_kernel_node_hotplug(void)
+{
+        int i, nid;
+        nodemask_t numa_kernel_nodes = NODE_MASK_NONE;
+        unsigned long start, end;
+        struct memblock_type *type = &memblock.reserved;
+        /*
+         * At this time, all memory regions reserved by memblock are
+         * used by the kernel. Set the nid in memblock.reserved will
+         * mark out all the nodes the kernel resides in.
+         */
+        for (i = 0; i < numa_meminfo.nr_blks; i++) {
+                struct numa_memblk *mb = &numa_meminfo.blk[i];
+                memblock_set_node(mb->start, mb->end - mb->start,
+                                  &memblock.reserved, mb->nid);
+        }
+        /* Mark all kernel nodes. */
+        for (i = 0; i < type->cnt; i++)
+                node_set(type->regions[i].nid, numa_kernel_nodes);
+        /* Clear MEMBLOCK_HOTPLUG flag for memory in kernel nodes. */
+        for (i = 0; i < numa_meminfo.nr_blks; i++) {
+                nid = numa_meminfo.blk[i].nid;
+                if (!node_isset(nid, numa_kernel_nodes))
+                        continue;
+                start = numa_meminfo.blk[i].start;
+                end = numa_meminfo.blk[i].end;
+                memblock_clear_hotplug(start, end - start);
+        }
+}
 static int __init numa_init(int (*init_func)(void))
 {
        int i;
@@ -561,7 +601,12 @@ static int __init numa_init(int (*init_func)(void))
        nodes_clear(node_possible_map);
        nodes_clear(node_online_map);
        memset(&numa_meminfo, 0, sizeof(numa_meminfo));
-        WARN_ON(memblock_set_node(0, ULLONG_MAX, MAX_NUMNODES));
+        WARN_ON(memblock_set_node(0, ULLONG_MAX, &memblock.memory,
+                                  MAX_NUMNODES));
+        WARN_ON(memblock_set_node(0, ULLONG_MAX, &memblock.reserved,
+                                  MAX_NUMNODES));
+        /* In case that parsing SRAT failed. */
+        WARN_ON(memblock_clear_hotplug(0, ULLONG_MAX));
        numa_reset_distance();
        ret = init_func();
@@ -597,6 +642,16 @@ static int __init numa_init(int (*init_func)(void))
                        numa_clear_node(i);
        }
        numa_init_array();
+        /*
+         * At very early time, the kernel have to use some memory such as
+         * loading the kernel image. We cannot prevent this anyway. So any
+         * node the kernel resides in should be un-hotpluggable.
+         *
+         * And when we come here, numa_init() won't fail.
+         */
+        numa_clear_kernel_node_hotplug();
        return 0;
 }
@@ -632,10 +687,6 @@ static int __init dummy_numa_init(void)
 void __init x86_numa_init(void)
 {
        if (!numa_off) {
-#ifdef CONFIG_X86_NUMAQ
-                if (!numa_init(numaq_numa_init))
-                        return;
-#endif
 #ifdef CONFIG_ACPI_NUMA
                if (!numa_init(x86_acpi_numa_init))
                        return;
diff --git a/arch/x86/mm/numa_32.c b/arch/x86/mm/numa_32.c
index 0342d27ca798..47b6436e41c2 100644
--- a/arch/x86/mm/numa_32.c
+++ b/arch/x86/mm/numa_32.c
@@ -52,6 +52,8 @@ void memory_present(int nid, unsigned long start, unsigned long end)
                        nid, start, end);
        printk(KERN_DEBUG "  Setting physnode_map array to node %d for pfns:\n", nid);
        printk(KERN_DEBUG "  ");
+        start = round_down(start, PAGES_PER_SECTION);
+        end = round_up(end, PAGES_PER_SECTION);
        for (pfn = start; pfn < end; pfn += PAGES_PER_SECTION) {
                physnode_map[pfn / PAGES_PER_SECTION] = nid;
                printk(KERN_CONT "%lx ", pfn);
diff --git a/arch/x86/mm/pageattr-test.c b/arch/x86/mm/pageattr-test.c
index d0b1773d9d2e..461bc8289024 100644
--- a/arch/x86/mm/pageattr-test.c
+++ b/arch/x86/mm/pageattr-test.c
@@ -8,7 +8,6 @@
 #include <linux/kthread.h>
 #include <linux/random.h>
 #include <linux/kernel.h>
-#include <linux/init.h>
 #include <linux/mm.h>
 #include <asm/cacheflush.h>
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index bb32480c2d71..ae242a7c11c7 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -30,6 +30,7 @@
 */
 struct cpa_data {
        unsigned long   *vaddr;
+        pgd_t           *pgd;
        pgprot_t        mask_set;
        pgprot_t        mask_clr;
        int             numpages;
@@ -125,8 +126,8 @@ within(unsigned long addr, unsigned long start, unsigned long end)
 * @vaddr:      virtual start address
 * @size:       number of bytes to flush
 *
- * clflush is an unordered instruction which needs fencing with mfence
+ * clflushopt is an unordered instruction which needs fencing with mfence or
- * to avoid ordering issues.
+ * sfence to avoid ordering issues.
 */
 void clflush_cache_range(void *vaddr, unsigned int size)
 {
@@ -135,11 +136,11 @@ void clflush_cache_range(void *vaddr, unsigned int size)
        mb();
        for (; vaddr < vend; vaddr += boot_cpu_data.x86_clflush_size)
-                clflush(vaddr);
+                clflushopt(vaddr);
        /*
         * Flush any possible final partial cacheline:
         */
-        clflush(vend);
+        clflushopt(vend);
        mb();
 }
@@ -323,16 +324,12 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
 }
 /*
- * Lookup the page table entry for a virtual address. Return a pointer
+ * Lookup the page table entry for a virtual address in a specific pgd.
- * to the entry and the level of the mapping.
+ * Return a pointer to the entry and the level of the mapping.
- *
- * Note: We return pud and pmd either when the entry is marked large
- * or when the present bit is not set. Otherwise we would return a
- * pointer to a nonexisting mapping.
 */
-pte_t *lookup_address(unsigned long address, unsigned int *level)
+pte_t *lookup_address_in_pgd(pgd_t *pgd, unsigned long address,
+                             unsigned int *level)
 {
-        pgd_t *pgd = pgd_offset_k(address);
        pud_t *pud;
        pmd_t *pmd;
@@ -361,8 +358,31 @@ pte_t *lookup_address(unsigned long address, unsigned int *level)
        return pte_offset_kernel(pmd, address);
 }
+/*
+ * Lookup the page table entry for a virtual address. Return a pointer
+ * to the entry and the level of the mapping.
+ *
+ * Note: We return pud and pmd either when the entry is marked large
+ * or when the present bit is not set. Otherwise we would return a
+ * pointer to a nonexisting mapping.
+ */
+pte_t *lookup_address(unsigned long address, unsigned int *level)
+{
+        return lookup_address_in_pgd(pgd_offset_k(address), address, level);
+}
 EXPORT_SYMBOL_GPL(lookup_address);
+static pte_t *_lookup_address_cpa(struct cpa_data *cpa, unsigned long address,
+                                  unsigned int *level)
+{
+        if (cpa->pgd)
+                return lookup_address_in_pgd(cpa->pgd + pgd_index(address),
+                                               address, level);
+        return lookup_address(address, level);
+}
 /*
 * This is necessary because __pa() does not work on some
 * kinds of memory, like vmalloc() or the alloc_remap()
@@ -437,7 +457,7 @@ try_preserve_large_page(pte_t *kpte, unsigned long address,
         * Check for races, another CPU might have split this page
         * up already:
         */
-        tmp = lookup_address(address, &level);
+        tmp = _lookup_address_cpa(cpa, address, &level);
        if (tmp != kpte)
                goto out_unlock;
@@ -543,7 +563,8 @@ out_unlock:
 }
 static int
-__split_large_page(pte_t *kpte, unsigned long address, struct page *base)
+__split_large_page(struct cpa_data *cpa, pte_t *kpte, unsigned long address,
+                   struct page *base)
 {
        pte_t *pbase = (pte_t *)page_address(base);
        unsigned long pfn, pfninc = 1;
@@ -556,7 +577,7 @@ __split_large_page(pte_t *kpte, unsigned long address, struct page *base)
         * Check for races, another CPU might have split this page
         * up for us already:
         */
-        tmp = lookup_address(address, &level);
+        tmp = _lookup_address_cpa(cpa, address, &level);
        if (tmp != kpte) {
                spin_unlock(&pgd_lock);
                return 1;
@@ -632,7 +653,8 @@ __split_large_page(pte_t *kpte, unsigned long address, struct page *base)
        return 0;
 }
-static int split_large_page(pte_t *kpte, unsigned long address)
+static int split_large_page(struct cpa_data *cpa, pte_t *kpte,
+                            unsigned long address)
 {
        struct page *base;
@@ -644,15 +666,402 @@ static int split_large_page(pte_t *kpte, unsigned long address)
        if (!base)
                return -ENOMEM;
-        if (__split_large_page(kpte, address, base))
+        if (__split_large_page(cpa, kpte, address, base))
                __free_page(base);
        return 0;
 }
+static bool try_to_free_pte_page(pte_t *pte)
+{
+        int i;
+        for (i = 0; i < PTRS_PER_PTE; i++)
+                if (!pte_none(pte[i]))
+                        return false;
+        free_page((unsigned long)pte);
+        return true;
+}
+static bool try_to_free_pmd_page(pmd_t *pmd)
+{
+        int i;
+        for (i = 0; i < PTRS_PER_PMD; i++)
+                if (!pmd_none(pmd[i]))
+                        return false;
+        free_page((unsigned long)pmd);
+        return true;
+}
+static bool try_to_free_pud_page(pud_t *pud)
+{
+        int i;
+        for (i = 0; i < PTRS_PER_PUD; i++)
+                if (!pud_none(pud[i]))
+                        return false;
+        free_page((unsigned long)pud);
+        return true;
+}
+static bool unmap_pte_range(pmd_t *pmd, unsigned long start, unsigned long end)
+{
+        pte_t *pte = pte_offset_kernel(pmd, start);
+        while (start < end) {
+                set_pte(pte, __pte(0));
+                start += PAGE_SIZE;
+                pte++;
+        }
+        if (try_to_free_pte_page((pte_t *)pmd_page_vaddr(*pmd))) {
+                pmd_clear(pmd);
+                return true;
+        }
+        return false;
+}
+static void __unmap_pmd_range(pud_t *pud, pmd_t *pmd,
+                              unsigned long start, unsigned long end)
+{
+        if (unmap_pte_range(pmd, start, end))
+                if (try_to_free_pmd_page((pmd_t *)pud_page_vaddr(*pud)))
+                        pud_clear(pud);
+}
+static void unmap_pmd_range(pud_t *pud, unsigned long start, unsigned long end)
+{
+        pmd_t *pmd = pmd_offset(pud, start);
+        /*
+         * Not on a 2MB page boundary?
+         */
+        if (start & (PMD_SIZE - 1)) {
+                unsigned long next_page = (start + PMD_SIZE) & PMD_MASK;
+                unsigned long pre_end = min_t(unsigned long, end, next_page);
+                __unmap_pmd_range(pud, pmd, start, pre_end);
+                start = pre_end;
+                pmd++;
+        }
+        /*
+         * Try to unmap in 2M chunks.
+         */
+        while (end - start >= PMD_SIZE) {
+                if (pmd_large(*pmd))
+                        pmd_clear(pmd);
+                else
+                        __unmap_pmd_range(pud, pmd, start, start + PMD_SIZE);
+                start += PMD_SIZE;
+                pmd++;
+        }
+        /*
+         * 4K leftovers?
+         */
+        if (start < end)
+                return __unmap_pmd_range(pud, pmd, start, end);
+        /*
+         * Try again to free the PMD page if haven't succeeded above.
+         */
+        if (!pud_none(*pud))
+                if (try_to_free_pmd_page((pmd_t *)pud_page_vaddr(*pud)))
+                        pud_clear(pud);
+}
+static void unmap_pud_range(pgd_t *pgd, unsigned long start, unsigned long end)
+{
+        pud_t *pud = pud_offset(pgd, start);
+        /*
+         * Not on a GB page boundary?
+         */
+        if (start & (PUD_SIZE - 1)) {
+                unsigned long next_page = (start + PUD_SIZE) & PUD_MASK;
+                unsigned long pre_end   = min_t(unsigned long, end, next_page);
+                unmap_pmd_range(pud, start, pre_end);
+                start = pre_end;
+                pud++;
+        }
+        /*
+         * Try to unmap in 1G chunks?
+         */
+        while (end - start >= PUD_SIZE) {
+                if (pud_large(*pud))
+                        pud_clear(pud);
+                else
+                        unmap_pmd_range(pud, start, start + PUD_SIZE);
+                start += PUD_SIZE;
+                pud++;
+        }
+        /*
+         * 2M leftovers?
+         */
+        if (start < end)
+                unmap_pmd_range(pud, start, end);
+        /*
+         * No need to try to free the PUD page because we'll free it in
+         * populate_pgd's error path
+         */
+}
+static void unmap_pgd_range(pgd_t *root, unsigned long addr, unsigned long end)
+{
+        pgd_t *pgd_entry = root + pgd_index(addr);
+        unmap_pud_range(pgd_entry, addr, end);
+        if (try_to_free_pud_page((pud_t *)pgd_page_vaddr(*pgd_entry)))
+                pgd_clear(pgd_entry);
+}
+static int alloc_pte_page(pmd_t *pmd)
+{
+        pte_t *pte = (pte_t *)get_zeroed_page(GFP_KERNEL | __GFP_NOTRACK);
+        if (!pte)
+                return -1;
+        set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
+        return 0;
+}
+static int alloc_pmd_page(pud_t *pud)
+{
+        pmd_t *pmd = (pmd_t *)get_zeroed_page(GFP_KERNEL | __GFP_NOTRACK);
+        if (!pmd)
+                return -1;
+        set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE));
+        return 0;
+}
+static void populate_pte(struct cpa_data *cpa,
+                         unsigned long start, unsigned long end,
+                         unsigned num_pages, pmd_t *pmd, pgprot_t pgprot)
+{
+        pte_t *pte;
+        pte = pte_offset_kernel(pmd, start);
+        while (num_pages-- && start < end) {
+                /* deal with the NX bit */
+                if (!(pgprot_val(pgprot) & _PAGE_NX))
+                        cpa->pfn &= ~_PAGE_NX;
+                set_pte(pte, pfn_pte(cpa->pfn >> PAGE_SHIFT, pgprot));
+                start    += PAGE_SIZE;
+                cpa->pfn += PAGE_SIZE;
+                pte++;
+        }
+}
+static int populate_pmd(struct cpa_data *cpa,
+                        unsigned long start, unsigned long end,
+                        unsigned num_pages, pud_t *pud, pgprot_t pgprot)
+{
+        unsigned int cur_pages = 0;
+        pmd_t *pmd;
+        /*
+         * Not on a 2M boundary?
+         */
+        if (start & (PMD_SIZE - 1)) {
+                unsigned long pre_end = start + (num_pages << PAGE_SHIFT);
+                unsigned long next_page = (start + PMD_SIZE) & PMD_MASK;
+                pre_end   = min_t(unsigned long, pre_end, next_page);
+                cur_pages = (pre_end - start) >> PAGE_SHIFT;
+                cur_pages = min_t(unsigned int, num_pages, cur_pages);
+                /*
+                 * Need a PTE page?
+                 */
+                pmd = pmd_offset(pud, start);
+                if (pmd_none(*pmd))
+                        if (alloc_pte_page(pmd))
+                                return -1;
+                populate_pte(cpa, start, pre_end, cur_pages, pmd, pgprot);
+                start = pre_end;
+        }
+        /*
+         * We mapped them all?
+         */
+        if (num_pages == cur_pages)
+                return cur_pages;
+        while (end - start >= PMD_SIZE) {
+                /*
+                 * We cannot use a 1G page so allocate a PMD page if needed.
+                 */
+                if (pud_none(*pud))
+                        if (alloc_pmd_page(pud))
+                                return -1;
+                pmd = pmd_offset(pud, start);
+                set_pmd(pmd, __pmd(cpa->pfn | _PAGE_PSE | massage_pgprot(pgprot)));
+                start     += PMD_SIZE;
+                cpa->pfn  += PMD_SIZE;
+                cur_pages += PMD_SIZE >> PAGE_SHIFT;
+        }
+        /*
+         * Map trailing 4K pages.
+         */
+        if (start < end) {
+                pmd = pmd_offset(pud, start);
+                if (pmd_none(*pmd))
+                        if (alloc_pte_page(pmd))
+                                return -1;
+                populate_pte(cpa, start, end, num_pages - cur_pages,
+                             pmd, pgprot);
+        }
+        return num_pages;
+}
+static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd,
+                        pgprot_t pgprot)
+{
+        pud_t *pud;
+        unsigned long end;
+        int cur_pages = 0;
+        end = start + (cpa->numpages << PAGE_SHIFT);
+        /*
+         * Not on a Gb page boundary? => map everything up to it with
+         * smaller pages.
+         */
+        if (start & (PUD_SIZE - 1)) {
+                unsigned long pre_end;
+                unsigned long next_page = (start + PUD_SIZE) & PUD_MASK;
+                pre_end   = min_t(unsigned long, end, next_page);
+                cur_pages = (pre_end - start) >> PAGE_SHIFT;
+                cur_pages = min_t(int, (int)cpa->numpages, cur_pages);
+                pud = pud_offset(pgd, start);
+                /*
+                 * Need a PMD page?
+                 */
+                if (pud_none(*pud))
+                        if (alloc_pmd_page(pud))
+                                return -1;
+                cur_pages = populate_pmd(cpa, start, pre_end, cur_pages,
+                                         pud, pgprot);
+                if (cur_pages < 0)
+                        return cur_pages;
+                start = pre_end;
+        }
+        /* We mapped them all? */
+        if (cpa->numpages == cur_pages)
+                return cur_pages;
+        pud = pud_offset(pgd, start);
+        /*
+         * Map everything starting from the Gb boundary, possibly with 1G pages
+         */
+        while (end - start >= PUD_SIZE) {
+                set_pud(pud, __pud(cpa->pfn | _PAGE_PSE | massage_pgprot(pgprot)));
+                start     += PUD_SIZE;
+                cpa->pfn  += PUD_SIZE;
+                cur_pages += PUD_SIZE >> PAGE_SHIFT;
+                pud++;
+        }
+        /* Map trailing leftover */
+        if (start < end) {
+                int tmp;
+                pud = pud_offset(pgd, start);
+                if (pud_none(*pud))
+                        if (alloc_pmd_page(pud))
+                                return -1;
+                tmp = populate_pmd(cpa, start, end, cpa->numpages - cur_pages,
+                                   pud, pgprot);
+                if (tmp < 0)
+                        return cur_pages;
+                cur_pages += tmp;
+        }
+        return cur_pages;
+}
+/*
+ * Restrictions for kernel page table do not necessarily apply when mapping in
+ * an alternate PGD.
+ */
+static int populate_pgd(struct cpa_data *cpa, unsigned long addr)
+{
+        pgprot_t pgprot = __pgprot(_KERNPG_TABLE);
+        pud_t *pud = NULL;      /* shut up gcc */
+        pgd_t *pgd_entry;
+        int ret;
+        pgd_entry = cpa->pgd + pgd_index(addr);
+        /*
+         * Allocate a PUD page and hand it down for mapping.
+         */
+        if (pgd_none(*pgd_entry)) {
+                pud = (pud_t *)get_zeroed_page(GFP_KERNEL | __GFP_NOTRACK);
+                if (!pud)
+                        return -1;
+                set_pgd(pgd_entry, __pgd(__pa(pud) | _KERNPG_TABLE));
+        }
+        pgprot_val(pgprot) &= ~pgprot_val(cpa->mask_clr);
+        pgprot_val(pgprot) |=  pgprot_val(cpa->mask_set);
+        ret = populate_pud(cpa, addr, pgd_entry, pgprot);
+        if (ret < 0) {
+                unmap_pgd_range(cpa->pgd, addr,
+                                addr + (cpa->numpages << PAGE_SHIFT));
+                return ret;
+        }
+        cpa->numpages = ret;
+        return 0;
+}
 static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
                               int primary)
 {
+        if (cpa->pgd)
+                return populate_pgd(cpa, vaddr);
        /*
         * Ignore all non primary paths.
         */
@@ -697,7 +1106,7 @@ static int __change_page_attr(struct cpa_data *cpa, int primary)
        else
                address = *cpa->vaddr;
 repeat:
-        kpte = lookup_address(address, &level);
+        kpte = _lookup_address_cpa(cpa, address, &level);
        if (!kpte)
                return __cpa_process_fault(cpa, address, primary);
@@ -761,7 +1170,7 @@ repeat:
        /*
         * We have to split the large page:
         */
-        err = split_large_page(kpte, address);
+        err = split_large_page(cpa, kpte, address);
        if (!err) {
                /*
                 * Do a global flush tlb after splitting the large page
@@ -910,6 +1319,8 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages,
        int ret, cache, checkalias;
        unsigned long baddr = 0;
+        memset(&cpa, 0, sizeof(cpa));
        /*
         * Check, if we are requested to change a not supported
         * feature:
@@ -982,10 +1393,10 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages,
        cache = cache_attr(mask_set);
        /*
-         * On success we use clflush, when the CPU supports it to
+         * On success we use CLFLUSH, when the CPU supports it to
-         * avoid the wbindv. If the CPU does not support it and in the
+         * avoid the WBINVD. If the CPU does not support it and in the
         * error case we fall back to cpa_flush_all (which uses
-         * wbindv):
+         * WBINVD):
         */
        if (!ret && cpu_has_clflush) {
                if (cpa.flags & (CPA_PAGES_ARRAY | CPA_ARRAY)) {
@@ -1356,6 +1767,7 @@ static int __set_pages_p(struct page *page, int numpages)
 {
        unsigned long tempaddr = (unsigned long) page_address(page);
        struct cpa_data cpa = { .vaddr = &tempaddr,
+                                .pgd = NULL,
                                .numpages = numpages,
                                .mask_set = __pgprot(_PAGE_PRESENT | _PAGE_RW),
                                .mask_clr = __pgprot(0),
@@ -1374,6 +1786,7 @@ static int __set_pages_np(struct page *page, int numpages)
 {
        unsigned long tempaddr = (unsigned long) page_address(page);
        struct cpa_data cpa = { .vaddr = &tempaddr,
+                                .pgd = NULL,
                                .numpages = numpages,
                                .mask_set = __pgprot(0),
                                .mask_clr = __pgprot(_PAGE_PRESENT | _PAGE_RW),
@@ -1434,6 +1847,42 @@ bool kernel_page_present(struct page *page)
 #endif /* CONFIG_DEBUG_PAGEALLOC */
+int kernel_map_pages_in_pgd(pgd_t *pgd, u64 pfn, unsigned long address,
+                            unsigned numpages, unsigned long page_flags)
+{
+        int retval = -EINVAL;
+        struct cpa_data cpa = {
+                .vaddr = &address,
+                .pfn = pfn,
+                .pgd = pgd,
+                .numpages = numpages,
+                .mask_set = __pgprot(0),
+                .mask_clr = __pgprot(0),
+                .flags = 0,
+        };
+        if (!(__supported_pte_mask & _PAGE_NX))
+                goto out;
+        if (!(page_flags & _PAGE_NX))
+                cpa.mask_clr = __pgprot(_PAGE_NX);
+        cpa.mask_set = __pgprot(_PAGE_PRESENT | page_flags);
+        retval = __change_page_attr_set_clr(&cpa, 0);
+        __flush_tlb_all();
+out:
+        return retval;
+}
+void kernel_unmap_pages_in_pgd(pgd_t *root, unsigned long address,
+                               unsigned numpages)
+{
+        unmap_pgd_range(root, address, address + (numpages << PAGE_SHIFT));
+}
 /*
 * The testcases use internal knowledge of the implementation that shouldn't
 * be exposed to the rest of the kernel. Include these directly here.
diff --git a/arch/x86/mm/pgtable_32.c b/arch/x86/mm/pgtable_32.c
index a69bcb8c7621..4dd8cf652579 100644
--- a/arch/x86/mm/pgtable_32.c
+++ b/arch/x86/mm/pgtable_32.c
@@ -127,7 +127,7 @@ static int __init parse_reservetop(char *arg)
        address = memparse(arg, &arg);
        reserve_top_address(address);
-        fixup_early_ioremap();
+        early_ioremap_init();
        return 0;
 }
 early_param("reservetop", parse_reservetop);
diff --git a/arch/x86/mm/srat.c b/arch/x86/mm/srat.c
index 266ca912f62e..66338a60aa6e 100644
--- a/arch/x86/mm/srat.c
+++ b/arch/x86/mm/srat.c
@@ -42,15 +42,31 @@ static __init inline int srat_disabled(void)
        return acpi_numa < 0;
 }
-/* Callback for SLIT parsing */
+/*
+ * Callback for SLIT parsing.  pxm_to_node() returns NUMA_NO_NODE for
+ * I/O localities since SRAT does not list them.  I/O localities are
+ * not supported at this point.
+ */
 void __init acpi_numa_slit_init(struct acpi_table_slit *slit)
 {
        int i, j;
-        for (i = 0; i < slit->locality_count; i++)
+        for (i = 0; i < slit->locality_count; i++) {
-                for (j = 0; j < slit->locality_count; j++)
+                const int from_node = pxm_to_node(i);
-                        numa_set_distance(pxm_to_node(i), pxm_to_node(j),
+                if (from_node == NUMA_NO_NODE)
+                        continue;
+                for (j = 0; j < slit->locality_count; j++) {
+                        const int to_node = pxm_to_node(j);
+                        if (to_node == NUMA_NO_NODE)
+                                continue;
+                        numa_set_distance(from_node, to_node,
                                slit->entry[slit->locality_count * i + j]);
+                }
+        }
 }
 /* Callback for Proximity Domain -> x2APIC mapping */
@@ -181,6 +197,11 @@ acpi_numa_memory_affinity_init(struct acpi_srat_mem_affinity *ma)
                (unsigned long long) start, (unsigned long long) end - 1,
                hotpluggable ? " hotplug" : "");
+        /* Mark hotplug range in memblock. */
+        if (hotpluggable && memblock_mark_hotplug(start, ma->length))
+                pr_warn("SRAT: Failed to mark hotplug range [mem %#010Lx-%#010Lx] in memblock\n",
+                        (unsigned long long)start, (unsigned long long)end - 1);
        return 0;
 out_err_bad_srat:
        bad_srat();
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index ae699b3bbac8..dd8dda167a24 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -103,7 +103,7 @@ static void flush_tlb_func(void *info)
        if (f->flush_mm != this_cpu_read(cpu_tlbstate.active_mm))
                return;
-        count_vm_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
        if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK) {
                if (f->flush_end == TLB_FLUSH_ALL)
                        local_flush_tlb();
@@ -131,7 +131,7 @@ void native_flush_tlb_others(const struct cpumask *cpumask,
        info.flush_start = start;
        info.flush_end = end;
-        count_vm_event(NR_TLB_REMOTE_FLUSH);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH);
        if (is_uv_system()) {
                unsigned int cpu;
@@ -151,44 +151,19 @@ void flush_tlb_current_task(void)
        preempt_disable();
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        local_flush_tlb();
        if (cpumask_any_but(mm_cpumask(mm), smp_processor_id()) < nr_cpu_ids)
                flush_tlb_others(mm_cpumask(mm), mm, 0UL, TLB_FLUSH_ALL);
        preempt_enable();
 }
-/*
- * It can find out the THP large page, or
- * HUGETLB page in tlb_flush when THP disabled
- */
-static inline unsigned long has_large_page(struct mm_struct *mm,
-                                 unsigned long start, unsigned long end)
-{
-        pgd_t *pgd;
-        pud_t *pud;
-        pmd_t *pmd;
-        unsigned long addr = ALIGN(start, HPAGE_SIZE);
-        for (; addr < end; addr += HPAGE_SIZE) {
-                pgd = pgd_offset(mm, addr);
-                if (likely(!pgd_none(*pgd))) {
-                        pud = pud_offset(pgd, addr);
-                        if (likely(!pud_none(*pud))) {
-                                pmd = pmd_offset(pud, addr);
-                                if (likely(!pmd_none(*pmd)))
-                                        if (pmd_large(*pmd))
-                                                return addr;
-                        }
-                }
-        }
-        return 0;
-}
 void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
                                unsigned long end, unsigned long vmflag)
 {
        unsigned long addr;
        unsigned act_entries, tlb_entries = 0;
+        unsigned long nr_base_pages;
        preempt_disable();
        if (current->active_mm != mm)
@@ -210,21 +185,20 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
                tlb_entries = tlb_lli_4k[ENTRIES];
        else
                tlb_entries = tlb_lld_4k[ENTRIES];
        /* Assume all of TLB entries was occupied by this task */
-        act_entries = mm->total_vm > tlb_entries ? tlb_entries : mm->total_vm;
+        act_entries = tlb_entries >> tlb_flushall_shift;
+        act_entries = mm->total_vm > act_entries ? act_entries : mm->total_vm;
+        nr_base_pages = (end - start) >> PAGE_SHIFT;
        /* tlb_flushall_shift is on balance point, details in commit log */
-        if ((end - start) >> PAGE_SHIFT > act_entries >> tlb_flushall_shift) {
+        if (nr_base_pages > act_entries) {
-                count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+                count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
                local_flush_tlb();
        } else {
-                if (has_large_page(mm, start, end)) {
-                        local_flush_tlb();
-                        goto flush_all;
-                }
                /* flush range by one by one 'invlpg' */
                for (addr = start; addr < end;  addr += PAGE_SIZE) {
-                        count_vm_event(NR_TLB_LOCAL_FLUSH_ONE);
+                        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
                        __flush_tlb_single(addr);
                }
@@ -262,7 +236,7 @@ void flush_tlb_page(struct vm_area_struct *vma, unsigned long start)
 static void do_flush_tlb_all(void *info)
 {
-        count_vm_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
        __flush_tlb_all();
        if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_LAZY)
                leave_mm(smp_processor_id());
@@ -270,7 +244,7 @@ static void do_flush_tlb_all(void *info)
 void flush_tlb_all(void)
 {
-        count_vm_event(NR_TLB_REMOTE_FLUSH);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH);
        on_each_cpu(do_flush_tlb_all, NULL, 1);
 }
diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S
index 877b9a1b2152..01495755701b 100644
--- a/arch/x86/net/bpf_jit.S
+++ b/arch/x86/net/bpf_jit.S
@@ -140,7 +140,7 @@ bpf_slow_path_byte_msh:
        push    %r9;                                            \
        push    SKBDATA;                                        \
 /* rsi already has offset */                                    \
-        mov     $SIZE,%ecx;     /* size */                      \
+        mov     $SIZE,%edx;     /* size */                      \
        call    bpf_internal_load_pointer_neg_helper;           \
        test    %rax,%rax;                                      \
        pop     SKBDATA;                                        \
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index 4ed75dd81d05..dc017735bb91 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -553,13 +553,13 @@ void bpf_jit_compile(struct sk_filter *fp)
                                }
                                break;
                        case BPF_S_ANC_RXHASH:
-                                BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, rxhash) != 4);
+                                BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, hash) != 4);
-                                if (is_imm8(offsetof(struct sk_buff, rxhash))) {
+                                if (is_imm8(offsetof(struct sk_buff, hash))) {
                                        /* mov off8(%rdi),%eax */
-                                        EMIT3(0x8b, 0x47, offsetof(struct sk_buff, rxhash));
+                                        EMIT3(0x8b, 0x47, offsetof(struct sk_buff, hash));
                                } else {
                                        EMIT2(0x8b, 0x87);
-                                        EMIT(offsetof(struct sk_buff, rxhash), 4);
+                                        EMIT(offsetof(struct sk_buff, hash), 4);
                                }
                                break;
                        case BPF_S_ANC_QUEUE:
@@ -772,6 +772,7 @@ cond_branch:			f_offset = addrs[i + filter[i].jf] - addrs[i];
                bpf_flush_icache(header, image + proglen);
                set_memory_ro((unsigned long)header, header->pages);
                fp->bpf_func = (void *)image;
+                fp->jited = 1;
        }
 out:
        kfree(addrs);
@@ -791,7 +792,7 @@ static void bpf_jit_free_deferred(struct work_struct *work)
 void bpf_jit_free(struct sk_filter *fp)
 {
-        if (fp->bpf_func != sk_run_filter) {
+        if (fp->jited) {
                INIT_WORK(&fp->work, bpf_jit_free_deferred);
                schedule_work(&fp->work);
        } else {
diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
index 6890d8498e0b..379e8bd0deea 100644
--- a/arch/x86/oprofile/nmi_int.c
+++ b/arch/x86/oprofile/nmi_int.c
@@ -494,14 +494,19 @@ static int nmi_setup(void)
        if (err)
                goto fail;
+        cpu_notifier_register_begin();
+        /* Use get/put_online_cpus() to protect 'nmi_enabled' */
        get_online_cpus();
-        register_cpu_notifier(&oprofile_cpu_nb);
        nmi_enabled = 1;
        /* make nmi_enabled visible to the nmi handler: */
        smp_mb();
        on_each_cpu(nmi_cpu_setup, NULL, 1);
+        __register_cpu_notifier(&oprofile_cpu_nb);
        put_online_cpus();
+        cpu_notifier_register_done();
        return 0;
 fail:
        free_msrs();
@@ -512,12 +517,18 @@ static void nmi_shutdown(void)
 {
        struct op_msrs *msrs;
+        cpu_notifier_register_begin();
+        /* Use get/put_online_cpus() to protect 'nmi_enabled' & 'ctr_running' */
        get_online_cpus();
-        unregister_cpu_notifier(&oprofile_cpu_nb);
        on_each_cpu(nmi_cpu_shutdown, NULL, 1);
        nmi_enabled = 0;
        ctr_running = 0;
+        __unregister_cpu_notifier(&oprofile_cpu_nb);
        put_online_cpus();
+        cpu_notifier_register_done();
        /* make variables visible to the nmi handler: */
        smp_mb();
        unregister_nmi_handler(NMI_LOCAL, "oprofile");
diff --git a/arch/x86/pci/Makefile b/arch/x86/pci/Makefile
index e063eed0f912..5c6fc3577a49 100644
--- a/arch/x86/pci/Makefile
+++ b/arch/x86/pci/Makefile
@@ -13,9 +13,6 @@ obj-y				+= legacy.o irq.o
 obj-$(CONFIG_STA2X11)           += sta2x11-fixup.o
-obj-$(CONFIG_X86_VISWS)         += visws.o
-obj-$(CONFIG_X86_NUMAQ)         += numaq_32.o
 obj-$(CONFIG_X86_NUMACHIP)      += numachip.o
 obj-$(CONFIG_X86_INTEL_MID)     += intel_mid_pci.o
diff --git a/arch/x86/pci/acpi.c b/arch/x86/pci/acpi.c
index 4f25ec077552..01edac6c5e18 100644
--- a/arch/x86/pci/acpi.c
+++ b/arch/x86/pci/acpi.c
@@ -218,9 +218,8 @@ static void teardown_mcfg_map(struct pci_root_info *info)
 }
 #endif
-static acpi_status
+static acpi_status resource_to_addr(struct acpi_resource *resource,
-resource_to_addr(struct acpi_resource *resource,
+                                    struct acpi_resource_address64 *addr)
-                        struct acpi_resource_address64 *addr)
 {
        acpi_status status;
        struct acpi_resource_memory24 *memory24;
@@ -265,8 +264,7 @@ resource_to_addr(struct acpi_resource *resource,
        return AE_ERROR;
 }
-static acpi_status
+static acpi_status count_resource(struct acpi_resource *acpi_res, void *data)
-count_resource(struct acpi_resource *acpi_res, void *data)
 {
        struct pci_root_info *info = data;
        struct acpi_resource_address64 addr;
@@ -278,8 +276,7 @@ count_resource(struct acpi_resource *acpi_res, void *data)
        return AE_OK;
 }
-static acpi_status
+static acpi_status setup_resource(struct acpi_resource *acpi_res, void *data)
-setup_resource(struct acpi_resource *acpi_res, void *data)
 {
        struct pci_root_info *info = data;
        struct resource *res;
@@ -435,9 +432,9 @@ static void release_pci_root_info(struct pci_host_bridge *bridge)
        __release_pci_root_info(info);
 }
-static void
+static void probe_pci_root_info(struct pci_root_info *info,
-probe_pci_root_info(struct pci_root_info *info, struct acpi_device *device,
+                                struct acpi_device *device,
-                    int busnum, int domain)
+                                int busnum, int domain)
 {
        size_t size;
@@ -473,16 +470,13 @@ probe_pci_root_info(struct pci_root_info *info, struct acpi_device *device,
 struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root)
 {
        struct acpi_device *device = root->device;
-        struct pci_root_info *info = NULL;
+        struct pci_root_info *info;
        int domain = root->segment;
        int busnum = root->secondary.start;
        LIST_HEAD(resources);
-        struct pci_bus *bus = NULL;
+        struct pci_bus *bus;
        struct pci_sysdata *sd;
        int node;
-#ifdef CONFIG_ACPI_NUMA
-        int pxm;
-#endif
        if (pci_ignore_seg)
                domain = 0;
@@ -494,19 +488,12 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root)
                return NULL;
        }
-        node = -1;
+        node = acpi_get_node(device->handle);
-#ifdef CONFIG_ACPI_NUMA
+        if (node == NUMA_NO_NODE)
-        pxm = acpi_get_pxm(device->handle);
+                node = x86_pci_root_bus_node(busnum);
-        if (pxm >= 0)
-                node = pxm_to_node(pxm);
-        if (node != -1)
-                set_mp_bus_to_node(busnum, node);
-        else
-#endif
-                node = get_mp_bus_to_node(busnum);
-        if (node != -1 && !node_online(node))
+        if (node != NUMA_NO_NODE && !node_online(node))
-                node = -1;
+                node = NUMA_NO_NODE;
        info = kzalloc(sizeof(*info), GFP_KERNEL);
        if (!info) {
@@ -519,15 +506,12 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root)
        sd->domain = domain;
        sd->node = node;
        sd->companion = device;
-        /*
-         * Maybe the desired pci bus has been already scanned. In such case
-         * it is unnecessary to scan the pci bus with the given domain,busnum.
-         */
        bus = pci_find_bus(domain, busnum);
        if (bus) {
                /*
-                 * If the desired bus exits, the content of bus->sysdata will
+                 * If the desired bus has been scanned already, replace
-                 * be replaced by sd.
+                 * its bus->sysdata.
                 */
                memcpy(bus->sysdata, sd, sizeof(*sd));
                kfree(info);
@@ -572,15 +556,8 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root)
                        pcie_bus_configure_settings(child);
        }
-        if (bus && node != -1) {
+        if (bus && node != NUMA_NO_NODE)
-#ifdef CONFIG_ACPI_NUMA
-                if (pxm >= 0)
-                        dev_printk(KERN_DEBUG, &bus->dev,
-                                   "on NUMA node %d (pxm %d)\n", node, pxm);
-#else
                dev_printk(KERN_DEBUG, &bus->dev, "on NUMA node %d\n", node);
-#endif
-        }
        return bus;
 }
diff --git a/arch/x86/pci/amd_bus.c b/arch/x86/pci/amd_bus.c
index a48be98e9ded..e88f4c53d7f6 100644
--- a/arch/x86/pci/amd_bus.c
+++ b/arch/x86/pci/amd_bus.c
@@ -44,15 +44,6 @@ static struct pci_root_info __init *find_pci_root_info(int node, int link)
        return NULL;
 }
-static void __init set_mp_bus_range_to_node(int min_bus, int max_bus, int node)
-{
-#ifdef CONFIG_NUMA
-        int j;
-        for (j = min_bus; j <= max_bus; j++)
-                set_mp_bus_to_node(j, node);
-#endif
-}
 /**
 * early_fill_mp_bus_to_node()
 * called before pcibios_scan_root and pci_scan_bus
@@ -117,7 +108,6 @@ static int __init early_fill_mp_bus_info(void)
                min_bus = (reg >> 16) & 0xff;
                max_bus = (reg >> 24) & 0xff;
                node = (reg >> 4) & 0x07;
-                set_mp_bus_range_to_node(min_bus, max_bus, node);
                link = (reg >> 8) & 0x03;
                info = alloc_pci_root_info(min_bus, max_bus, node, link);
@@ -380,10 +370,13 @@ static int __init pci_io_ecs_init(void)
        if (early_pci_allowed())
                pci_enable_pci_io_ecs();
-        register_cpu_notifier(&amd_cpu_notifier);
+        cpu_notifier_register_begin();
        for_each_online_cpu(cpu)
                amd_cpu_notify(&amd_cpu_notifier, (unsigned long)CPU_ONLINE,
                               (void *)(long)cpu);
+        __register_cpu_notifier(&amd_cpu_notifier);
+        cpu_notifier_register_done();
        pci_probe |= PCI_HAS_IO_ECS;
        return 0;
diff --git a/arch/x86/pci/bus_numa.c b/arch/x86/pci/bus_numa.c
index c2735feb2508..f3a2cfc14125 100644
--- a/arch/x86/pci/bus_numa.c
+++ b/arch/x86/pci/bus_numa.c
@@ -10,9 +10,6 @@ static struct pci_root_info *x86_find_pci_root_info(int bus)
 {
        struct pci_root_info *info;
-        if (list_empty(&pci_root_infos))
-                return NULL;
        list_for_each_entry(info, &pci_root_infos, list)
                if (info->busn.start == bus)
                        return info;
@@ -20,6 +17,16 @@ static struct pci_root_info *x86_find_pci_root_info(int bus)
        return NULL;
 }
+int x86_pci_root_bus_node(int bus)
+{
+        struct pci_root_info *info = x86_find_pci_root_info(bus);
+        if (!info)
+                return NUMA_NO_NODE;
+        return info->node;
+}
 void x86_pci_root_bus_resources(int bus, struct list_head *resources)
 {
        struct pci_root_info *info = x86_find_pci_root_info(bus);
diff --git a/arch/x86/pci/common.c b/arch/x86/pci/common.c
index 981c2dbd72cc..059a76c29739 100644
--- a/arch/x86/pci/common.c
+++ b/arch/x86/pci/common.c
@@ -456,19 +456,25 @@ void __init dmi_check_pciprobe(void)
        dmi_check_system(pciprobe_dmi_table);
 }
-struct pci_bus *pcibios_scan_root(int busnum)
+void pcibios_scan_root(int busnum)
 {
-        struct pci_bus *bus = NULL;
+        struct pci_bus *bus;
+        struct pci_sysdata *sd;
+        LIST_HEAD(resources);
-        while ((bus = pci_find_next_bus(bus)) != NULL) {
+        sd = kzalloc(sizeof(*sd), GFP_KERNEL);
-                if (bus->number == busnum) {
+        if (!sd) {
-                        /* Already scanned */
+                printk(KERN_ERR "PCI: OOM, skipping PCI bus %02x\n", busnum);
-                        return bus;
+                return;
-                }
+        }
+        sd->node = x86_pci_root_bus_node(busnum);
+        x86_pci_root_bus_resources(busnum, &resources);
+        printk(KERN_DEBUG "PCI: Probing PCI hardware (bus %02x)\n", busnum);
+        bus = pci_scan_root_bus(NULL, busnum, &pci_root_ops, sd, &resources);
+        if (!bus) {
+                pci_free_resource_list(&resources);
+                kfree(sd);
        }
-        return pci_scan_bus_on_node(busnum, &pci_root_ops,
-                                        get_mp_bus_to_node(busnum));
 }
 void __init pcibios_set_cache_line_size(void)
@@ -561,7 +567,6 @@ char * __init pcibios_setup(char *str)
                pci_probe |= PCI_PROBE_NOEARLY;
                return NULL;
        }
-#ifndef CONFIG_X86_VISWS
        else if (!strcmp(str, "usepirqmask")) {
                pci_probe |= PCI_USE_PIRQ_MASK;
                return NULL;
@@ -571,9 +576,7 @@ char * __init pcibios_setup(char *str)
        } else if (!strncmp(str, "lastbus=", 8)) {
                pcibios_last_bus = simple_strtol(str+8, NULL, 0);
                return NULL;
-        }
+        } else if (!strcmp(str, "rom")) {
-#endif
-        else if (!strcmp(str, "rom")) {
                pci_probe |= PCI_ASSIGN_ROMS;
                return NULL;
        } else if (!strcmp(str, "norom")) {
@@ -677,105 +680,3 @@ int pci_ext_cfg_avail(void)
        else
                return 0;
 }
-struct pci_bus *pci_scan_bus_on_node(int busno, struct pci_ops *ops, int node)
-{
-        LIST_HEAD(resources);
-        struct pci_bus *bus = NULL;
-        struct pci_sysdata *sd;
-        /*
-         * Allocate per-root-bus (not per bus) arch-specific data.
-         * TODO: leak; this memory is never freed.
-         * It's arguable whether it's worth the trouble to care.
-         */
-        sd = kzalloc(sizeof(*sd), GFP_KERNEL);
-        if (!sd) {
-                printk(KERN_ERR "PCI: OOM, skipping PCI bus %02x\n", busno);
-                return NULL;
-        }
-        sd->node = node;
-        x86_pci_root_bus_resources(busno, &resources);
-        printk(KERN_DEBUG "PCI: Probing PCI hardware (bus %02x)\n", busno);
-        bus = pci_scan_root_bus(NULL, busno, ops, sd, &resources);
-        if (!bus) {
-                pci_free_resource_list(&resources);
-                kfree(sd);
-        }
-        return bus;
-}
-struct pci_bus *pci_scan_bus_with_sysdata(int busno)
-{
-        return pci_scan_bus_on_node(busno, &pci_root_ops, -1);
-}
-/*
- * NUMA info for PCI busses
- *
- * Early arch code is responsible for filling in reasonable values here.
- * A node id of "-1" means "use current node".  In other words, if a bus
- * has a -1 node id, it's not tightly coupled to any particular chunk
- * of memory (as is the case on some Nehalem systems).
- */
-#ifdef CONFIG_NUMA
-#define BUS_NR 256
-#ifdef CONFIG_X86_64
-static int mp_bus_to_node[BUS_NR] = {
-        [0 ... BUS_NR - 1] = -1
-};
-void set_mp_bus_to_node(int busnum, int node)
-{
-        if (busnum >= 0 &&  busnum < BUS_NR)
-                mp_bus_to_node[busnum] = node;
-}
-int get_mp_bus_to_node(int busnum)
-{
-        int node = -1;
-        if (busnum < 0 || busnum > (BUS_NR - 1))
-                return node;
-        node = mp_bus_to_node[busnum];
-        /*
-         * let numa_node_id to decide it later in dma_alloc_pages
-         * if there is no ram on that node
-         */
-        if (node != -1 && !node_online(node))
-                node = -1;
-        return node;
-}
-#else /* CONFIG_X86_32 */
-static int mp_bus_to_node[BUS_NR] = {
-        [0 ... BUS_NR - 1] = -1
-};
-void set_mp_bus_to_node(int busnum, int node)
-{
-        if (busnum >= 0 &&  busnum < BUS_NR)
-        mp_bus_to_node[busnum] = (unsigned char) node;
-}
-int get_mp_bus_to_node(int busnum)
-{
-        int node;
-        if (busnum < 0 || busnum > (BUS_NR - 1))
-                return 0;
-        node = mp_bus_to_node[busnum];
-        return node;
-}
-#endif /* CONFIG_X86_32 */
-#endif /* CONFIG_NUMA */
diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c
index b046e070e088..94ae9ae9574f 100644
--- a/arch/x86/pci/fixup.c
+++ b/arch/x86/pci/fixup.c
@@ -5,7 +5,6 @@
 #include <linux/delay.h>
 #include <linux/dmi.h>
 #include <linux/pci.h>
-#include <linux/init.h>
 #include <linux/vgaarb.h>
 #include <asm/pci_x86.h>
@@ -26,9 +25,9 @@ static void pci_fixup_i450nx(struct pci_dev *d)
                dev_dbg(&d->dev, "i450NX PXB %d: %02x/%02x/%02x\n", pxb, busno,
                        suba, subb);
                if (busno)
-                        pci_scan_bus_with_sysdata(busno);       /* Bus A */
+                        pcibios_scan_root(busno);       /* Bus A */
                if (suba < subb)
-                        pci_scan_bus_with_sysdata(suba+1);      /* Bus B */
+                        pcibios_scan_root(suba+1);      /* Bus B */
        }
        pcibios_last_bus = -1;
 }
@@ -43,7 +42,7 @@ static void pci_fixup_i450gx(struct pci_dev *d)
        u8 busno;
        pci_read_config_byte(d, 0x4a, &busno);
        dev_info(&d->dev, "i440KX/GX host bridge; secondary bus %02x\n", busno);
-        pci_scan_bus_with_sysdata(busno);
+        pcibios_scan_root(busno);
        pcibios_last_bus = -1;
 }
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82454GX, pci_fixup_i450gx);
@@ -314,9 +313,10 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL,	PCI_DEVICE_ID_INTEL_MCH_PC1,	pcie_r
 * IORESOURCE_ROM_SHADOW is used to associate the boot video
 * card with this copy. On laptops this copy has to be used since
 * the main ROM may be compressed or combined with another image.
- * See pci_map_rom() for use of this flag. IORESOURCE_ROM_SHADOW
+ * See pci_map_rom() for use of this flag. Before marking the device
- * is marked here since the boot video device will be the only enabled
+ * with IORESOURCE_ROM_SHADOW check if a vga_default_device is already set
- * video device at this point.
+ * by either arch cde or vga-arbitration, if so only apply the fixup to this
+ * already determined primary video card.
 */
 static void pci_fixup_video(struct pci_dev *pdev)
@@ -347,12 +347,13 @@ static void pci_fixup_video(struct pci_dev *pdev)
                }
                bus = bus->parent;
        }
-        pci_read_config_word(pdev, PCI_COMMAND, &config);
+        if (!vga_default_device() || pdev == vga_default_device()) {
-        if (config & (PCI_COMMAND_IO | PCI_COMMAND_MEMORY)) {
+                pci_read_config_word(pdev, PCI_COMMAND, &config);
-                pdev->resource[PCI_ROM_RESOURCE].flags |= IORESOURCE_ROM_SHADOW;
+                if (config & (PCI_COMMAND_IO | PCI_COMMAND_MEMORY)) {
-                dev_printk(KERN_DEBUG, &pdev->dev, "Boot video device\n");
+                        pdev->resource[PCI_ROM_RESOURCE].flags |= IORESOURCE_ROM_SHADOW;
-                if (!vga_default_device())
+                        dev_printk(KERN_DEBUG, &pdev->dev, "Boot video device\n");
                        vga_set_default_device(pdev);
+                }
        }
 }
 DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_ANY_ID, PCI_ANY_ID,
diff --git a/arch/x86/pci/intel_mid_pci.c b/arch/x86/pci/intel_mid_pci.c
index 51384ca727ad..84b9d672843d 100644
--- a/arch/x86/pci/intel_mid_pci.c
+++ b/arch/x86/pci/intel_mid_pci.c
@@ -31,6 +31,7 @@
 #include <asm/pci_x86.h>
 #include <asm/hw_irq.h>
 #include <asm/io_apic.h>
+#include <asm/intel-mid.h>
 #define PCIE_CAP_OFFSET 0x100
@@ -219,7 +220,10 @@ static int intel_mid_pci_irq_enable(struct pci_dev *dev)
        irq_attr.ioapic = mp_find_ioapic(dev->irq);
        irq_attr.ioapic_pin = dev->irq;
        irq_attr.trigger = 1; /* level */
-        irq_attr.polarity = 1; /* active low */
+        if (intel_mid_identify_cpu() == INTEL_MID_CPU_CHIP_TANGIER)
+                irq_attr.polarity = 0; /* active high */
+        else
+                irq_attr.polarity = 1; /* active low */
        io_apic_set_pci_routing(&dev->dev, dev->irq, &irq_attr);
        return 0;
diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c
index 372e9b8989b3..84112f55dd7a 100644
--- a/arch/x86/pci/irq.c
+++ b/arch/x86/pci/irq.c
@@ -136,13 +136,9 @@ static void __init pirq_peer_trick(void)
                busmap[e->bus] = 1;
        }
        for (i = 1; i < 256; i++) {
-                int node;
                if (!busmap[i] || pci_find_bus(0, i))
                        continue;
-                node = get_mp_bus_to_node(i);
+                pcibios_scan_root(i);
-                if (pci_scan_bus_on_node(i, &pci_root_ops, node))
-                        printk(KERN_INFO "PCI: Discovered primary peer "
-                               "bus %02x [IRQ]\n", i);
        }
        pcibios_last_bus = -1;
 }
diff --git a/arch/x86/pci/legacy.c b/arch/x86/pci/legacy.c
index 4db96fb1c232..5b662c0faf8c 100644
--- a/arch/x86/pci/legacy.c
+++ b/arch/x86/pci/legacy.c
@@ -37,19 +37,17 @@ int __init pci_legacy_init(void)
 void pcibios_scan_specific_bus(int busn)
 {
        int devfn;
-        long node;
        u32 l;
        if (pci_find_bus(0, busn))
                return;
-        node = get_mp_bus_to_node(busn);
        for (devfn = 0; devfn < 256; devfn += 8) {
                if (!raw_pci_read(0, busn, devfn, PCI_VENDOR_ID, 2, &l) &&
                    l != 0x0000 && l != 0xffff) {
                        DBG("Found device at %02x:%02x [%04x]\n", busn, devfn, l);
                        printk(KERN_INFO "PCI: Discovered peer bus %02x\n", busn);
-                        pci_scan_bus_on_node(busn, &pci_root_ops, node);
+                        pcibios_scan_root(busn);
                        return;
                }
        }
diff --git a/arch/x86/pci/mmconfig-shared.c b/arch/x86/pci/mmconfig-shared.c
index 082e88129712..248642f4bab7 100644
--- a/arch/x86/pci/mmconfig-shared.c
+++ b/arch/x86/pci/mmconfig-shared.c
@@ -12,7 +12,6 @@
 #include <linux/pci.h>
 #include <linux/init.h>
-#include <linux/acpi.h>
 #include <linux/sfi_acpi.h>
 #include <linux/bitmap.h>
 #include <linux/dmi.h>
diff --git a/arch/x86/pci/mmconfig_32.c b/arch/x86/pci/mmconfig_32.c
index 5c90975cdf0f..43984bc1665a 100644
--- a/arch/x86/pci/mmconfig_32.c
+++ b/arch/x86/pci/mmconfig_32.c
@@ -14,7 +14,6 @@
 #include <linux/rcupdate.h>
 #include <asm/e820.h>
 #include <asm/pci_x86.h>
-#include <acpi/acpi.h>
 /* Assume systems with more busses have correct MCFG */
 #define mmcfg_virt_addr ((void __iomem *) fix_to_virt(FIX_PCIE_MCFG))
diff --git a/arch/x86/pci/numaq_32.c b/arch/x86/pci/numaq_32.c
deleted file mode 100644
index 72c229f9ebcf..000000000000
--- a/arch/x86/pci/numaq_32.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * numaq_32.c - Low-level PCI access for NUMA-Q machines
- */
-#include <linux/pci.h>
-#include <linux/init.h>
-#include <linux/nodemask.h>
-#include <asm/apic.h>
-#include <asm/mpspec.h>
-#include <asm/pci_x86.h>
-#include <asm/numaq.h>
-#define BUS2QUAD(global) (mp_bus_id_to_node[global])
-#define BUS2LOCAL(global) (mp_bus_id_to_local[global])
-#define QUADLOCAL2BUS(quad,local) (quad_local_to_mp_bus_id[quad][local])
-#define PCI_CONF1_MQ_ADDRESS(bus, devfn, reg) \
-        (0x80000000 | (BUS2LOCAL(bus) << 16) | (devfn << 8) | (reg & ~3))
-static void write_cf8(unsigned bus, unsigned devfn, unsigned reg)
-{
-        unsigned val = PCI_CONF1_MQ_ADDRESS(bus, devfn, reg);
-        if (xquad_portio)
-                writel(val, XQUAD_PORT_ADDR(0xcf8, BUS2QUAD(bus)));
-        else
-                outl(val, 0xCF8);
-}
-static int pci_conf1_mq_read(unsigned int seg, unsigned int bus,
-                             unsigned int devfn, int reg, int len, u32 *value)
-{
-        unsigned long flags;
-        void *adr __iomem = XQUAD_PORT_ADDR(0xcfc, BUS2QUAD(bus));
-        WARN_ON(seg);
-        if (!value || (bus >= MAX_MP_BUSSES) || (devfn > 255) || (reg > 255))
-                return -EINVAL;
-        raw_spin_lock_irqsave(&pci_config_lock, flags);
-        write_cf8(bus, devfn, reg);
-        switch (len) {
-        case 1:
-                if (xquad_portio)
-                        *value = readb(adr + (reg & 3));
-                else
-                        *value = inb(0xCFC + (reg & 3));
-                break;
-        case 2:
-                if (xquad_portio)
-                        *value = readw(adr + (reg & 2));
-                else
-                        *value = inw(0xCFC + (reg & 2));
-                break;
-        case 4:
-                if (xquad_portio)
-                        *value = readl(adr);
-                else
-                        *value = inl(0xCFC);
-                break;
-        }
-        raw_spin_unlock_irqrestore(&pci_config_lock, flags);
-        return 0;
-}
-static int pci_conf1_mq_write(unsigned int seg, unsigned int bus,
-                              unsigned int devfn, int reg, int len, u32 value)
-{
-        unsigned long flags;
-        void *adr __iomem = XQUAD_PORT_ADDR(0xcfc, BUS2QUAD(bus));
-        WARN_ON(seg);
-        if ((bus >= MAX_MP_BUSSES) || (devfn > 255) || (reg > 255)) 
-                return -EINVAL;
-        raw_spin_lock_irqsave(&pci_config_lock, flags);
-        write_cf8(bus, devfn, reg);
-        switch (len) {
-        case 1:
-                if (xquad_portio)
-                        writeb(value, adr + (reg & 3));
-                else
-                        outb((u8)value, 0xCFC + (reg & 3));
-                break;
-        case 2:
-                if (xquad_portio)
-                        writew(value, adr + (reg & 2));
-                else
-                        outw((u16)value, 0xCFC + (reg & 2));
-                break;
-        case 4:
-                if (xquad_portio)
-                        writel(value, adr + reg);
-                else
-                        outl((u32)value, 0xCFC);
-                break;
-        }
-        raw_spin_unlock_irqrestore(&pci_config_lock, flags);
-        return 0;
-}
-#undef PCI_CONF1_MQ_ADDRESS
-static const struct pci_raw_ops pci_direct_conf1_mq = {
-        .read   = pci_conf1_mq_read,
-        .write  = pci_conf1_mq_write
-};
-static void pci_fixup_i450nx(struct pci_dev *d)
-{
-        /*
-         * i450NX -- Find and scan all secondary buses on all PXB's.
-         */
-        int pxb, reg;
-        u8 busno, suba, subb;
-        int quad = BUS2QUAD(d->bus->number);
-        dev_info(&d->dev, "searching for i450NX host bridges\n");
-        reg = 0xd0;
-        for(pxb=0; pxb<2; pxb++) {
-                pci_read_config_byte(d, reg++, &busno);
-                pci_read_config_byte(d, reg++, &suba);
-                pci_read_config_byte(d, reg++, &subb);
-                dev_dbg(&d->dev, "i450NX PXB %d: %02x/%02x/%02x\n",
-                        pxb, busno, suba, subb);
-                if (busno) {
-                        /* Bus A */
-                        pci_scan_bus_with_sysdata(QUADLOCAL2BUS(quad, busno));
-                }
-                if (suba < subb) {
-                        /* Bus B */
-                        pci_scan_bus_with_sysdata(QUADLOCAL2BUS(quad, suba+1));
-                }
-        }
-        pcibios_last_bus = -1;
-}
-DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82451NX, pci_fixup_i450nx);
-int __init pci_numaq_init(void)
-{
-        int quad;
-        raw_pci_ops = &pci_direct_conf1_mq;
-        pcibios_scan_root(0);
-        if (num_online_nodes() > 1)
-                for_each_online_node(quad) {
-                        if (quad == 0)
-                                continue;
-                        printk("Scanning PCI bus %d for quad %d\n", 
-                                QUADLOCAL2BUS(quad,0), quad);
-                        pci_scan_bus_with_sysdata(QUADLOCAL2BUS(quad, 0));
-                }
-        return 0;
-}
diff --git a/arch/x86/pci/visws.c b/arch/x86/pci/visws.c
deleted file mode 100644
index 3e6d2a6db866..000000000000
--- a/arch/x86/pci/visws.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- *      Low-Level PCI Support for SGI Visual Workstation
- *
- *      (c) 1999--2000 Martin Mares <mj@ucw.cz>
- */
-#include <linux/kernel.h>
-#include <linux/pci.h>
-#include <linux/init.h>
-#include <asm/setup.h>
-#include <asm/pci_x86.h>
-#include <asm/visws/cobalt.h>
-#include <asm/visws/lithium.h>
-static int pci_visws_enable_irq(struct pci_dev *dev) { return 0; }
-static void pci_visws_disable_irq(struct pci_dev *dev) { }
-/* int (*pcibios_enable_irq)(struct pci_dev *dev) = &pci_visws_enable_irq; */
-/* void (*pcibios_disable_irq)(struct pci_dev *dev) = &pci_visws_disable_irq; */
-/* void __init pcibios_penalize_isa_irq(int irq, int active) {} */
-unsigned int pci_bus0, pci_bus1;
-static int __init visws_map_irq(const struct pci_dev *dev, u8 slot, u8 pin)
-{
-        int irq, bus = dev->bus->number;
-        pin--;
-        /* Nothing useful at PIIX4 pin 1 */
-        if (bus == pci_bus0 && slot == 4 && pin == 0)
-                return -1;
-        /* PIIX4 USB is on Bus 0, Slot 4, Line 3 */
-        if (bus == pci_bus0 && slot == 4 && pin == 3) {
-                irq = CO_IRQ(CO_APIC_PIIX4_USB);
-                goto out;
-        }
-        /* First pin spread down 1 APIC entry per slot */
-        if (pin == 0) {
-                irq = CO_IRQ((bus == pci_bus0 ? CO_APIC_PCIB_BASE0 :
-                                                CO_APIC_PCIA_BASE0) + slot);
-                goto out;
-        }
-        /* lines 1,2,3 from any slot is shared in this twirly pattern */
-        if (bus == pci_bus1) {
-                /* lines 1-3 from devices 0 1 rotate over 2 apic entries */
-                irq = CO_IRQ(CO_APIC_PCIA_BASE123 + ((slot + (pin - 1)) % 2));
-        } else { /* bus == pci_bus0 */
-                /* lines 1-3 from devices 0-3 rotate over 3 apic entries */
-                if (slot == 0)
-                        slot = 3; /* same pattern */
-                irq = CO_IRQ(CO_APIC_PCIA_BASE123 + ((3 - slot) + (pin - 1) % 3));
-        }
-out:
-        printk(KERN_DEBUG "PCI: Bus %d Slot %d Line %d -> IRQ %d\n", bus, slot, pin, irq);
-        return irq;
-}
-int __init pci_visws_init(void)
-{
-        pcibios_enable_irq = &pci_visws_enable_irq;
-        pcibios_disable_irq = &pci_visws_disable_irq;
-        /* The VISWS supports configuration access type 1 only */
-        pci_probe = (pci_probe | PCI_PROBE_CONF1) &
-                    ~(PCI_PROBE_BIOS | PCI_PROBE_CONF2);
-        pci_bus0 = li_pcib_read16(LI_PCI_BUSNUM) & 0xff;
-        pci_bus1 = li_pcia_read16(LI_PCI_BUSNUM) & 0xff;
-        printk(KERN_INFO "PCI: Lithium bridge A bus: %u, "
-                "bridge B (PIIX4) bus: %u\n", pci_bus1, pci_bus0);
-        raw_pci_ops = &pci_direct_conf1;
-        pci_scan_bus_with_sysdata(pci_bus0);
-        pci_scan_bus_with_sysdata(pci_bus1);
-        pci_fixup_irqs(pci_common_swizzle, visws_map_irq);
-        pcibios_resource_survey();
-        /* Request bus scan */
-        return 1;
-}
diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c
index 5eee4959785d..905956f16465 100644
--- a/arch/x86/pci/xen.c
+++ b/arch/x86/pci/xen.c
@@ -178,6 +178,7 @@ static int xen_setup_msi_irqs(struct pci_dev *dev, int nvec, int type)
        i = 0;
        list_for_each_entry(msidesc, &dev->msi_list, list) {
                irq = xen_bind_pirq_msi_to_irq(dev, msidesc, v[i],
+                                               (type == PCI_CAP_ID_MSI) ? nvec : 1,
                                               (type == PCI_CAP_ID_MSIX) ?
                                               "pcifront-msi-x" :
                                               "pcifront-msi",
@@ -245,6 +246,7 @@ static int xen_hvm_setup_msi_irqs(struct pci_dev *dev, int nvec, int type)
                                "xen: msi already bound to pirq=%d\n", pirq);
                }
                irq = xen_bind_pirq_msi_to_irq(dev, msidesc, pirq,
+                                               (type == PCI_CAP_ID_MSI) ? nvec : 1,
                                               (type == PCI_CAP_ID_MSIX) ?
                                               "msi-x" : "msi",
                                               DOMID_SELF);
@@ -269,9 +271,6 @@ static int xen_initdom_setup_msi_irqs(struct pci_dev *dev, int nvec, int type)
        int ret = 0;
        struct msi_desc *msidesc;
-        if (type == PCI_CAP_ID_MSI && nvec > 1)
-                return 1;
        list_for_each_entry(msidesc, &dev->msi_list, list) {
                struct physdev_map_pirq map_irq;
                domid_t domid;
@@ -291,7 +290,10 @@ static int xen_initdom_setup_msi_irqs(struct pci_dev *dev, int nvec, int type)
                              (pci_domain_nr(dev->bus) << 16);
                map_irq.devfn = dev->devfn;
-                if (type == PCI_CAP_ID_MSIX) {
+                if (type == PCI_CAP_ID_MSI && nvec > 1) {
+                        map_irq.type = MAP_PIRQ_TYPE_MULTI_MSI;
+                        map_irq.entry_nr = nvec;
+                } else if (type == PCI_CAP_ID_MSIX) {
                        int pos;
                        u32 table_offset, bir;
@@ -308,6 +310,16 @@ static int xen_initdom_setup_msi_irqs(struct pci_dev *dev, int nvec, int type)
                if (pci_seg_supported)
                        ret = HYPERVISOR_physdev_op(PHYSDEVOP_map_pirq,
                                                    &map_irq);
+                if (type == PCI_CAP_ID_MSI && nvec > 1 && ret) {
+                        /*
+                         * If MAP_PIRQ_TYPE_MULTI_MSI is not available
+                         * there's nothing else we can do in this case.
+                         * Just set ret > 0 so driver can retry with
+                         * single MSI.
+                         */
+                        ret = 1;
+                        goto out;
+                }
                if (ret == -EINVAL && !pci_domain_nr(dev->bus)) {
                        map_irq.type = MAP_PIRQ_TYPE_MSI;
                        map_irq.index = -1;
@@ -324,11 +336,10 @@ static int xen_initdom_setup_msi_irqs(struct pci_dev *dev, int nvec, int type)
                        goto out;
                }
-                ret = xen_bind_pirq_msi_to_irq(dev, msidesc,
+                ret = xen_bind_pirq_msi_to_irq(dev, msidesc, map_irq.pirq,
-                                               map_irq.pirq,
+                                               (type == PCI_CAP_ID_MSI) ? nvec : 1,
-                                               (type == PCI_CAP_ID_MSIX) ?
+                                               (type == PCI_CAP_ID_MSIX) ? "msi-x" : "msi",
-                                               "msi-x" : "msi",
+                                               domid);
-                                                domid);
                if (ret < 0)
                        goto out;
        }
@@ -337,7 +348,7 @@ out:
        return ret;
 }
-static void xen_initdom_restore_msi_irqs(struct pci_dev *dev, int irq)
+static void xen_initdom_restore_msi_irqs(struct pci_dev *dev)
 {
        int ret = 0;
diff --git a/arch/x86/platform/Makefile b/arch/x86/platform/Makefile
index 20342d4c82ce..85afde1fa3e5 100644
--- a/arch/x86/platform/Makefile
+++ b/arch/x86/platform/Makefile
@@ -9,5 +9,4 @@ obj-y	+= olpc/
 obj-y   += scx200/
 obj-y   += sfi/
 obj-y   += ts5500/
-obj-y   += visws/
 obj-y   += uv/
diff --git a/arch/x86/platform/efi/Makefile b/arch/x86/platform/efi/Makefile
index b7b0b35c1981..d51045afcaaf 100644
--- a/arch/x86/platform/efi/Makefile
+++ b/arch/x86/platform/efi/Makefile
@@ -1,3 +1,4 @@
 obj-$(CONFIG_EFI)               += efi.o efi_$(BITS).o efi_stub_$(BITS).o
 obj-$(CONFIG_ACPI_BGRT) += efi-bgrt.o
 obj-$(CONFIG_EARLY_PRINTK_EFI)  += early_printk.o
+obj-$(CONFIG_EFI_MIXED)         += efi_thunk_$(BITS).o
diff --git a/arch/x86/platform/efi/efi-bgrt.c b/arch/x86/platform/efi/efi-bgrt.c
index 7145ec63c520..f15103dff4b4 100644
--- a/arch/x86/platform/efi/efi-bgrt.c
+++ b/arch/x86/platform/efi/efi-bgrt.c
@@ -42,14 +42,15 @@ void __init efi_bgrt_init(void)
        if (bgrt_tab->header.length < sizeof(*bgrt_tab))
                return;
-        if (bgrt_tab->version != 1)
+        if (bgrt_tab->version != 1 || bgrt_tab->status != 1)
                return;
        if (bgrt_tab->image_type != 0 || !bgrt_tab->image_address)
                return;
        image = efi_lookup_mapped_addr(bgrt_tab->image_address);
        if (!image) {
-                image = ioremap(bgrt_tab->image_address, sizeof(bmp_header));
+                image = early_memremap(bgrt_tab->image_address,
+                                       sizeof(bmp_header));
                ioremapped = true;
                if (!image)
                        return;
@@ -57,7 +58,7 @@ void __init efi_bgrt_init(void)
        memcpy_fromio(&bmp_header, image, sizeof(bmp_header));
        if (ioremapped)
-                iounmap(image);
+                early_iounmap(image, sizeof(bmp_header));
        bgrt_image_size = bmp_header.size;
        bgrt_image = kmalloc(bgrt_image_size, GFP_KERNEL);
@@ -65,7 +66,8 @@ void __init efi_bgrt_init(void)
                return;
        if (ioremapped) {
-                image = ioremap(bgrt_tab->image_address, bmp_header.size);
+                image = early_memremap(bgrt_tab->image_address,
+                                       bmp_header.size);
                if (!image) {
                        kfree(bgrt_image);
                        bgrt_image = NULL;
@@ -75,5 +77,5 @@ void __init efi_bgrt_init(void)
        memcpy_fromio(bgrt_image, image, bgrt_image_size);
        if (ioremapped)
-                iounmap(image);
+                early_iounmap(image, bmp_header.size);
 }
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index cceb813044ef..3781dd39e8bd 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -12,6 +12,8 @@
 *      Bibo Mao <bibo.mao@intel.com>
 *      Chandramouli Narayanan <mouli@linux.intel.com>
 *      Huang Ying <ying.huang@intel.com>
+ * Copyright (C) 2013 SuSE Labs
+ *      Borislav Petkov <bp@suse.de> - runtime services VA mapping
 *
 * Copied from efi_32.c to eliminate the duplicated code between EFI
 * 32/64 support code. --ying 2007-10-26
@@ -50,8 +52,9 @@
 #include <asm/tlbflush.h>
 #include <asm/x86_init.h>
 #include <asm/rtc.h>
+#include <asm/uv/uv.h>
-#define EFI_DEBUG       1
+#define EFI_DEBUG
 #define EFI_MIN_RESERVE 5120
@@ -65,25 +68,16 @@ struct efi_memory_map memmap;
 static struct efi efi_phys __initdata;
 static efi_system_table_t efi_systab __initdata;
-unsigned long x86_efi_facility;
+static efi_config_table_type_t arch_tables[] __initdata = {
-static __initdata efi_config_table_type_t arch_tables[] = {
 #ifdef CONFIG_X86_UV
        {UV_SYSTEM_TABLE_GUID, "UVsystab", &efi.uv_systab},
 #endif
        {NULL_GUID, NULL, NULL},
 };
-/*
+u64 efi_setup;          /* efi setup_data physical address */
- * Returns 1 if 'facility' is enabled, 0 otherwise.
- */
-int efi_enabled(int facility)
-{
-        return test_bit(facility, &x86_efi_facility) != 0;
-}
-EXPORT_SYMBOL(efi_enabled);
-static bool __initdata disable_runtime = false;
+static bool disable_runtime __initdata = false;
 static int __init setup_noefi(char *arg)
 {
        disable_runtime = true;
@@ -110,7 +104,6 @@ static int __init setup_storage_paranoia(char *arg)
 }
 early_param("efi_no_storage_paranoia", setup_storage_paranoia);
 static efi_status_t virt_efi_get_time(efi_time_t *tm, efi_time_cap_t *tc)
 {
        unsigned long flags;
@@ -253,27 +246,12 @@ static efi_status_t __init phys_efi_set_virtual_address_map(
        return status;
 }
-static efi_status_t __init phys_efi_get_time(efi_time_t *tm,
-                                             efi_time_cap_t *tc)
-{
-        unsigned long flags;
-        efi_status_t status;
-        spin_lock_irqsave(&rtc_lock, flags);
-        efi_call_phys_prelog();
-        status = efi_call_phys2(efi_phys.get_time, virt_to_phys(tm),
-                                virt_to_phys(tc));
-        efi_call_phys_epilog();
-        spin_unlock_irqrestore(&rtc_lock, flags);
-        return status;
-}
 int efi_set_rtc_mmss(const struct timespec *now)
 {
        unsigned long nowtime = now->tv_sec;
-        efi_status_t    status;
+        efi_status_t    status;
-        efi_time_t      eft;
+        efi_time_t      eft;
-        efi_time_cap_t  cap;
+        efi_time_cap_t  cap;
        struct rtc_time tm;
        status = efi.get_time(&eft, &cap);
@@ -291,9 +269,8 @@ int efi_set_rtc_mmss(const struct timespec *now)
                eft.second = tm.tm_sec;
                eft.nanosecond = 0;
        } else {
-                printk(KERN_ERR
+                pr_err("%s: Invalid EFI RTC value: write of %lx to EFI RTC failed\n",
-                       "%s: Invalid EFI RTC value: write of %lx to EFI RTC failed\n",
+                       __func__, nowtime);
-                       __FUNCTION__, nowtime);
                return -1;
        }
@@ -398,9 +375,9 @@ int __init efi_memblock_x86_reserve_range(void)
        return 0;
 }
-#if EFI_DEBUG
 static void __init print_efi_memmap(void)
 {
+#ifdef EFI_DEBUG
        efi_memory_desc_t *md;
        void *p;
        int i;
@@ -409,14 +386,13 @@ static void __init print_efi_memmap(void)
             p < memmap.map_end;
             p += memmap.desc_size, i++) {
                md = p;
-                pr_info("mem%02u: type=%u, attr=0x%llx, "
+                pr_info("mem%02u: type=%u, attr=0x%llx, range=[0x%016llx-0x%016llx) (%lluMB)\n",
-                        "range=[0x%016llx-0x%016llx) (%lluMB)\n",
                        i, md->type, md->attribute, md->phys_addr,
                        md->phys_addr + (md->num_pages << EFI_PAGE_SHIFT),
                        (md->num_pages >> (20 - EFI_PAGE_SHIFT)));
        }
-}
 #endif  /*  EFI_DEBUG  */
+}
 void __init efi_reserve_boot_services(void)
 {
@@ -436,15 +412,14 @@ void __init efi_reserve_boot_services(void)
                 * - Not within any part of the kernel
                 * - Not the bios reserved area
                */
-                if ((start+size >= __pa_symbol(_text)
+                if ((start + size > __pa_symbol(_text)
                                && start <= __pa_symbol(_end)) ||
                        !e820_all_mapped(start, start+size, E820_RAM) ||
                        memblock_is_region_reserved(start, size)) {
                        /* Could not reserve, skip it */
                        md->num_pages = 0;
-                        memblock_dbg("Could not reserve boot range "
+                        memblock_dbg("Could not reserve boot range [0x%010llx-0x%010llx]\n",
-                                        "[0x%010llx-0x%010llx]\n",
+                                     start, start+size-1);
-                                                start, start+size-1);
                } else
                        memblock_reserve(start, size);
        }
@@ -452,7 +427,7 @@ void __init efi_reserve_boot_services(void)
 void __init efi_unmap_memmap(void)
 {
-        clear_bit(EFI_MEMMAP, &x86_efi_facility);
+        clear_bit(EFI_MEMMAP, &efi.flags);
        if (memmap.map) {
                early_iounmap(memmap.map, memmap.nr_map * memmap.desc_size);
                memmap.map = NULL;
@@ -463,9 +438,6 @@ void __init efi_free_boot_services(void)
 {
        void *p;
-        if (!efi_is_native())
-                return;
        for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
                efi_memory_desc_t *md = p;
                unsigned long long start = md->phys_addr;
@@ -489,18 +461,27 @@ static int __init efi_systab_init(void *phys)
 {
        if (efi_enabled(EFI_64BIT)) {
                efi_system_table_64_t *systab64;
+                struct efi_setup_data *data = NULL;
                u64 tmp = 0;
+                if (efi_setup) {
+                        data = early_memremap(efi_setup, sizeof(*data));
+                        if (!data)
+                                return -ENOMEM;
+                }
                systab64 = early_ioremap((unsigned long)phys,
                                         sizeof(*systab64));
                if (systab64 == NULL) {
                        pr_err("Couldn't map the system table!\n");
+                        if (data)
+                                early_iounmap(data, sizeof(*data));
                        return -ENOMEM;
                }
                efi_systab.hdr = systab64->hdr;
-                efi_systab.fw_vendor = systab64->fw_vendor;
+                efi_systab.fw_vendor = data ? (unsigned long)data->fw_vendor :
-                tmp |= systab64->fw_vendor;
+                                              systab64->fw_vendor;
+                tmp |= data ? data->fw_vendor : systab64->fw_vendor;
                efi_systab.fw_revision = systab64->fw_revision;
                efi_systab.con_in_handle = systab64->con_in_handle;
                tmp |= systab64->con_in_handle;
@@ -514,15 +495,20 @@ static int __init efi_systab_init(void *phys)
                tmp |= systab64->stderr_handle;
                efi_systab.stderr = systab64->stderr;
                tmp |= systab64->stderr;
-                efi_systab.runtime = (void *)(unsigned long)systab64->runtime;
+                efi_systab.runtime = data ?
-                tmp |= systab64->runtime;
+                                     (void *)(unsigned long)data->runtime :
+                                     (void *)(unsigned long)systab64->runtime;
+                tmp |= data ? data->runtime : systab64->runtime;
                efi_systab.boottime = (void *)(unsigned long)systab64->boottime;
                tmp |= systab64->boottime;
                efi_systab.nr_tables = systab64->nr_tables;
-                efi_systab.tables = systab64->tables;
+                efi_systab.tables = data ? (unsigned long)data->tables :
-                tmp |= systab64->tables;
+                                           systab64->tables;
+                tmp |= data ? data->tables : systab64->tables;
                early_iounmap(systab64, sizeof(*systab64));
+                if (data)
+                        early_iounmap(data, sizeof(*data));
 #ifdef CONFIG_X86_32
                if (tmp >> 32) {
                        pr_err("EFI data located above 4GB, disabling EFI.\n");
@@ -566,45 +552,82 @@ static int __init efi_systab_init(void *phys)
                return -EINVAL;
        }
        if ((efi.systab->hdr.revision >> 16) == 0)
-                pr_err("Warning: System table version "
+                pr_err("Warning: System table version %d.%02d, expected 1.00 or greater!\n",
-                       "%d.%02d, expected 1.00 or greater!\n",
                       efi.systab->hdr.revision >> 16,
                       efi.systab->hdr.revision & 0xffff);
+        set_bit(EFI_SYSTEM_TABLES, &efi.flags);
        return 0;
 }
-static int __init efi_runtime_init(void)
+static int __init efi_runtime_init32(void)
 {
-        efi_runtime_services_t *runtime;
+        efi_runtime_services_32_t *runtime;
+        runtime = early_ioremap((unsigned long)efi.systab->runtime,
+                        sizeof(efi_runtime_services_32_t));
+        if (!runtime) {
+                pr_err("Could not map the runtime service table!\n");
+                return -ENOMEM;
+        }
        /*
-         * Check out the runtime services table. We need to map
+         * We will only need *early* access to the following two
-         * the runtime services table so that we can grab the physical
+         * EFI runtime services before set_virtual_address_map
-         * address of several of the EFI runtime functions, needed to
+         * is invoked.
-         * set the firmware into virtual mode.
         */
+        efi_phys.set_virtual_address_map =
+                        (efi_set_virtual_address_map_t *)
+                        (unsigned long)runtime->set_virtual_address_map;
+        early_iounmap(runtime, sizeof(efi_runtime_services_32_t));
+        return 0;
+}
+static int __init efi_runtime_init64(void)
+{
+        efi_runtime_services_64_t *runtime;
        runtime = early_ioremap((unsigned long)efi.systab->runtime,
-                                sizeof(efi_runtime_services_t));
+                        sizeof(efi_runtime_services_64_t));
        if (!runtime) {
                pr_err("Could not map the runtime service table!\n");
                return -ENOMEM;
        }
        /*
-         * We will only need *early* access to the following
+         * We will only need *early* access to the following two
-         * two EFI runtime services before set_virtual_address_map
+         * EFI runtime services before set_virtual_address_map
         * is invoked.
         */
-        efi_phys.get_time = (efi_get_time_t *)runtime->get_time;
        efi_phys.set_virtual_address_map =
-                (efi_set_virtual_address_map_t *)
+                        (efi_set_virtual_address_map_t *)
-                runtime->set_virtual_address_map;
+                        (unsigned long)runtime->set_virtual_address_map;
+        early_iounmap(runtime, sizeof(efi_runtime_services_64_t));
+        return 0;
+}
+static int __init efi_runtime_init(void)
+{
+        int rv;
        /*
-         * Make efi_get_time can be called before entering
+         * Check out the runtime services table. We need to map
-         * virtual mode.
+         * the runtime services table so that we can grab the physical
+         * address of several of the EFI runtime functions, needed to
+         * set the firmware into virtual mode.
         */
-        efi.get_time = phys_efi_get_time;
+        if (efi_enabled(EFI_64BIT))
-        early_iounmap(runtime, sizeof(efi_runtime_services_t));
+                rv = efi_runtime_init64();
+        else
+                rv = efi_runtime_init32();
+        if (rv)
+                return rv;
+        set_bit(EFI_RUNTIME_SERVICES, &efi.flags);
        return 0;
 }
@@ -623,9 +646,67 @@ static int __init efi_memmap_init(void)
        if (add_efi_memmap)
                do_add_efi_memmap();
+        set_bit(EFI_MEMMAP, &efi.flags);
        return 0;
 }
+/*
+ * A number of config table entries get remapped to virtual addresses
+ * after entering EFI virtual mode. However, the kexec kernel requires
+ * their physical addresses therefore we pass them via setup_data and
+ * correct those entries to their respective physical addresses here.
+ *
+ * Currently only handles smbios which is necessary for some firmware
+ * implementation.
+ */
+static int __init efi_reuse_config(u64 tables, int nr_tables)
+{
+        int i, sz, ret = 0;
+        void *p, *tablep;
+        struct efi_setup_data *data;
+        if (!efi_setup)
+                return 0;
+        if (!efi_enabled(EFI_64BIT))
+                return 0;
+        data = early_memremap(efi_setup, sizeof(*data));
+        if (!data) {
+                ret = -ENOMEM;
+                goto out;
+        }
+        if (!data->smbios)
+                goto out_memremap;
+        sz = sizeof(efi_config_table_64_t);
+        p = tablep = early_memremap(tables, nr_tables * sz);
+        if (!p) {
+                pr_err("Could not map Configuration table!\n");
+                ret = -ENOMEM;
+                goto out_memremap;
+        }
+        for (i = 0; i < efi.systab->nr_tables; i++) {
+                efi_guid_t guid;
+                guid = ((efi_config_table_64_t *)p)->guid;
+                if (!efi_guidcmp(guid, SMBIOS_TABLE_GUID))
+                        ((efi_config_table_64_t *)p)->table = data->smbios;
+                p += sz;
+        }
+        early_iounmap(tablep, nr_tables * sz);
+out_memremap:
+        early_iounmap(data, sizeof(*data));
+out:
+        return ret;
+}
 void __init efi_init(void)
 {
        efi_char16_t *c16;
@@ -649,7 +730,11 @@ void __init efi_init(void)
        if (efi_systab_init(efi_phys.systab))
                return;
-        set_bit(EFI_SYSTEM_TABLES, &x86_efi_facility);
+        set_bit(EFI_SYSTEM_TABLES, &efi.flags);
+        efi.config_table = (unsigned long)efi.systab->tables;
+        efi.fw_vendor    = (unsigned long)efi.systab->fw_vendor;
+        efi.runtime      = (unsigned long)efi.systab->runtime;
        /*
         * Show what we know for posterity
@@ -667,32 +752,29 @@ void __init efi_init(void)
                efi.systab->hdr.revision >> 16,
                efi.systab->hdr.revision & 0xffff, vendor);
-        if (efi_config_init(arch_tables))
+        if (efi_reuse_config(efi.systab->tables, efi.systab->nr_tables))
                return;
-        set_bit(EFI_CONFIG_TABLES, &x86_efi_facility);
+        if (efi_config_init(arch_tables))
+                return;
        /*
         * Note: We currently don't support runtime services on an EFI
         * that doesn't match the kernel 32/64-bit mode.
         */
-        if (!efi_is_native())
+        if (!efi_runtime_supported())
                pr_info("No EFI runtime due to 32/64-bit mismatch with kernel\n");
        else {
                if (disable_runtime || efi_runtime_init())
                        return;
-                set_bit(EFI_RUNTIME_SERVICES, &x86_efi_facility);
        }
        if (efi_memmap_init())
                return;
-        set_bit(EFI_MEMMAP, &x86_efi_facility);
+        set_bit(EFI_MEMMAP, &efi.flags);
-#if EFI_DEBUG
        print_efi_memmap();
-#endif
 }
 void __init efi_late_init(void)
@@ -715,7 +797,7 @@ void __init efi_set_executable(efi_memory_desc_t *md, bool executable)
                set_memory_nx(addr, npages);
 }
-static void __init runtime_code_page_mkexec(void)
+void __init runtime_code_page_mkexec(void)
 {
        efi_memory_desc_t *md;
        void *p;
@@ -741,36 +823,54 @@ void efi_memory_uc(u64 addr, unsigned long size)
        set_memory_uc(addr, npages);
 }
-/*
+void __init old_map_region(efi_memory_desc_t *md)
- * This function will switch the EFI runtime services to virtual mode.
- * Essentially, look through the EFI memmap and map every region that
- * has the runtime attribute bit set in its memory descriptor and update
- * that memory descriptor with the virtual address obtained from ioremap().
- * This enables the runtime services to be called without having to
- * thunk back into physical mode for every invocation.
- */
-void __init efi_enter_virtual_mode(void)
 {
-        efi_memory_desc_t *md, *prev_md = NULL;
+        u64 start_pfn, end_pfn, end;
-        efi_status_t status;
        unsigned long size;
-        u64 end, systab, start_pfn, end_pfn;
+        void *va;
-        void *p, *va, *new_memmap = NULL;
-        int count = 0;
-        efi.systab = NULL;
+        start_pfn = PFN_DOWN(md->phys_addr);
+        size      = md->num_pages << PAGE_SHIFT;
+        end       = md->phys_addr + size;
+        end_pfn   = PFN_UP(end);
-        /*
+        if (pfn_range_is_mapped(start_pfn, end_pfn)) {
-         * We don't do virtual mode, since we don't do runtime services, on
+                va = __va(md->phys_addr);
-         * non-native EFI
-         */
-        if (!efi_is_native()) {
+                if (!(md->attribute & EFI_MEMORY_WB))
-                efi_unmap_memmap();
+                        efi_memory_uc((u64)(unsigned long)va, size);
-                return;
+        } else
-        }
+                va = efi_ioremap(md->phys_addr, size,
+                                 md->type, md->attribute);
+        md->virt_addr = (u64) (unsigned long) va;
+        if (!va)
+                pr_err("ioremap of 0x%llX failed!\n",
+                       (unsigned long long)md->phys_addr);
+}
+static void native_runtime_setup(void)
+{
+        efi.get_time = virt_efi_get_time;
+        efi.set_time = virt_efi_set_time;
+        efi.get_wakeup_time = virt_efi_get_wakeup_time;
+        efi.set_wakeup_time = virt_efi_set_wakeup_time;
+        efi.get_variable = virt_efi_get_variable;
+        efi.get_next_variable = virt_efi_get_next_variable;
+        efi.set_variable = virt_efi_set_variable;
+        efi.get_next_high_mono_count = virt_efi_get_next_high_mono_count;
+        efi.reset_system = virt_efi_reset_system;
+        efi.query_variable_info = virt_efi_query_variable_info;
+        efi.update_capsule = virt_efi_update_capsule;
+        efi.query_capsule_caps = virt_efi_query_capsule_caps;
+}
+/* Merge contiguous regions of the same type and attribute */
+static void __init efi_merge_regions(void)
+{
+        void *p;
+        efi_memory_desc_t *md, *prev_md = NULL;
-        /* Merge contiguous regions of the same type and attribute */
        for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
                u64 prev_size;
                md = p;
@@ -796,6 +896,84 @@ void __init efi_enter_virtual_mode(void)
                }
                prev_md = md;
        }
+}
+static void __init get_systab_virt_addr(efi_memory_desc_t *md)
+{
+        unsigned long size;
+        u64 end, systab;
+        size = md->num_pages << EFI_PAGE_SHIFT;
+        end = md->phys_addr + size;
+        systab = (u64)(unsigned long)efi_phys.systab;
+        if (md->phys_addr <= systab && systab < end) {
+                systab += md->virt_addr - md->phys_addr;
+                efi.systab = (efi_system_table_t *)(unsigned long)systab;
+        }
+}
+static void __init save_runtime_map(void)
+{
+#ifdef CONFIG_KEXEC
+        efi_memory_desc_t *md;
+        void *tmp, *p, *q = NULL;
+        int count = 0;
+        for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
+                md = p;
+                if (!(md->attribute & EFI_MEMORY_RUNTIME) ||
+                    (md->type == EFI_BOOT_SERVICES_CODE) ||
+                    (md->type == EFI_BOOT_SERVICES_DATA))
+                        continue;
+                tmp = krealloc(q, (count + 1) * memmap.desc_size, GFP_KERNEL);
+                if (!tmp)
+                        goto out;
+                q = tmp;
+                memcpy(q + count * memmap.desc_size, md, memmap.desc_size);
+                count++;
+        }
+        efi_runtime_map_setup(q, count, memmap.desc_size);
+        return;
+out:
+        kfree(q);
+        pr_err("Error saving runtime map, efi runtime on kexec non-functional!!\n");
+#endif
+}
+static void *realloc_pages(void *old_memmap, int old_shift)
+{
+        void *ret;
+        ret = (void *)__get_free_pages(GFP_KERNEL, old_shift + 1);
+        if (!ret)
+                goto out;
+        /*
+         * A first-time allocation doesn't have anything to copy.
+         */
+        if (!old_memmap)
+                return ret;
+        memcpy(ret, old_memmap, PAGE_SIZE << old_shift);
+out:
+        free_pages((unsigned long)old_memmap, old_shift);
+        return ret;
+}
+/*
+ * Map the efi memory ranges of the runtime services and update new_mmap with
+ * virtual addresses.
+ */
+static void * __init efi_map_regions(int *count, int *pg_shift)
+{
+        void *p, *new_memmap = NULL;
+        unsigned long left = 0;
+        efi_memory_desc_t *md;
        for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
                md = p;
@@ -807,52 +985,150 @@ void __init efi_enter_virtual_mode(void)
                                continue;
                }
-                size = md->num_pages << EFI_PAGE_SHIFT;
+                efi_map_region(md);
-                end = md->phys_addr + size;
+                get_systab_virt_addr(md);
-                start_pfn = PFN_DOWN(md->phys_addr);
+                if (left < memmap.desc_size) {
-                end_pfn = PFN_UP(end);
+                        new_memmap = realloc_pages(new_memmap, *pg_shift);
-                if (pfn_range_is_mapped(start_pfn, end_pfn)) {
+                        if (!new_memmap)
-                        va = __va(md->phys_addr);
+                                return NULL;
-                        if (!(md->attribute & EFI_MEMORY_WB))
+                        left += PAGE_SIZE << *pg_shift;
-                                efi_memory_uc((u64)(unsigned long)va, size);
+                        (*pg_shift)++;
-                } else
-                        va = efi_ioremap(md->phys_addr, size,
-                                         md->type, md->attribute);
-                md->virt_addr = (u64) (unsigned long) va;
-                if (!va) {
-                        pr_err("ioremap of 0x%llX failed!\n",
-                               (unsigned long long)md->phys_addr);
-                        continue;
                }
-                systab = (u64) (unsigned long) efi_phys.systab;
+                memcpy(new_memmap + (*count * memmap.desc_size), md,
-                if (md->phys_addr <= systab && systab < end) {
-                        systab += md->virt_addr - md->phys_addr;
-                        efi.systab = (efi_system_table_t *) (unsigned long) systab;
-                }
-                new_memmap = krealloc(new_memmap,
-                                      (count + 1) * memmap.desc_size,
-                                      GFP_KERNEL);
-                memcpy(new_memmap + (count * memmap.desc_size), md,
                       memmap.desc_size);
-                count++;
+                left -= memmap.desc_size;
+                (*count)++;
+        }
+        return new_memmap;
+}
+static void __init kexec_enter_virtual_mode(void)
+{
+#ifdef CONFIG_KEXEC
+        efi_memory_desc_t *md;
+        void *p;
+        efi.systab = NULL;
+        /*
+         * We don't do virtual mode, since we don't do runtime services, on
+         * non-native EFI
+         */
+        if (!efi_is_native()) {
+                efi_unmap_memmap();
+                return;
+        }
+        /*
+        * Map efi regions which were passed via setup_data. The virt_addr is a
+        * fixed addr which was used in first kernel of a kexec boot.
+        */
+        for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
+                md = p;
+                efi_map_region_fixed(md); /* FIXME: add error handling */
+                get_systab_virt_addr(md);
+        }
+        save_runtime_map();
+        BUG_ON(!efi.systab);
+        efi_sync_low_kernel_mappings();
+        /*
+         * Now that EFI is in virtual mode, update the function
+         * pointers in the runtime service table to the new virtual addresses.
+         *
+         * Call EFI services through wrapper functions.
+         */
+        efi.runtime_version = efi_systab.hdr.revision;
+        native_runtime_setup();
+        efi.set_virtual_address_map = NULL;
+        if (efi_enabled(EFI_OLD_MEMMAP) && (__supported_pte_mask & _PAGE_NX))
+                runtime_code_page_mkexec();
+        /* clean DUMMY object */
+        efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID,
+                         EFI_VARIABLE_NON_VOLATILE |
+                         EFI_VARIABLE_BOOTSERVICE_ACCESS |
+                         EFI_VARIABLE_RUNTIME_ACCESS,
+                         0, NULL);
+#endif
+}
+/*
+ * This function will switch the EFI runtime services to virtual mode.
+ * Essentially, we look through the EFI memmap and map every region that
+ * has the runtime attribute bit set in its memory descriptor into the
+ * ->trampoline_pgd page table using a top-down VA allocation scheme.
+ *
+ * The old method which used to update that memory descriptor with the
+ * virtual address obtained from ioremap() is still supported when the
+ * kernel is booted with efi=old_map on its command line. Same old
+ * method enabled the runtime services to be called without having to
+ * thunk back into physical mode for every invocation.
+ *
+ * The new method does a pagetable switch in a preemption-safe manner
+ * so that we're in a different address space when calling a runtime
+ * function. For function arguments passing we do copy the PGDs of the
+ * kernel page table into ->trampoline_pgd prior to each call.
+ *
+ * Specially for kexec boot, efi runtime maps in previous kernel should
+ * be passed in via setup_data. In that case runtime ranges will be mapped
+ * to the same virtual addresses as the first kernel, see
+ * kexec_enter_virtual_mode().
+ */
+static void __init __efi_enter_virtual_mode(void)
+{
+        int count = 0, pg_shift = 0;
+        void *new_memmap = NULL;
+        efi_status_t status;
+        efi.systab = NULL;
+        efi_merge_regions();
+        new_memmap = efi_map_regions(&count, &pg_shift);
+        if (!new_memmap) {
+                pr_err("Error reallocating memory, EFI runtime non-functional!\n");
+                return;
        }
+        save_runtime_map();
        BUG_ON(!efi.systab);
-        status = phys_efi_set_virtual_address_map(
+        if (efi_setup_page_tables(__pa(new_memmap), 1 << pg_shift))
-                memmap.desc_size * count,
+                return;
-                memmap.desc_size,
-                memmap.desc_version,
+        efi_sync_low_kernel_mappings();
-                (efi_memory_desc_t *)__pa(new_memmap));
+        efi_dump_pagetable();
+        if (efi_is_native()) {
+                status = phys_efi_set_virtual_address_map(
+                                memmap.desc_size * count,
+                                memmap.desc_size,
+                                memmap.desc_version,
+                                (efi_memory_desc_t *)__pa(new_memmap));
+        } else {
+                status = efi_thunk_set_virtual_address_map(
+                                efi_phys.set_virtual_address_map,
+                                memmap.desc_size * count,
+                                memmap.desc_size,
+                                memmap.desc_version,
+                                (efi_memory_desc_t *)__pa(new_memmap));
+        }
        if (status != EFI_SUCCESS) {
-                pr_alert("Unable to switch EFI into virtual mode "
+                pr_alert("Unable to switch EFI into virtual mode (status=%lx)!\n",
-                         "(status=%lx)!\n", status);
+                         status);
                panic("EFI call to SetVirtualAddressMap() failed!");
        }
@@ -863,23 +1139,43 @@ void __init efi_enter_virtual_mode(void)
         * Call EFI services through wrapper functions.
         */
        efi.runtime_version = efi_systab.hdr.revision;
-        efi.get_time = virt_efi_get_time;
-        efi.set_time = virt_efi_set_time;
+        if (efi_is_native())
-        efi.get_wakeup_time = virt_efi_get_wakeup_time;
+                native_runtime_setup();
-        efi.set_wakeup_time = virt_efi_set_wakeup_time;
+        else
-        efi.get_variable = virt_efi_get_variable;
+                efi_thunk_runtime_setup();
-        efi.get_next_variable = virt_efi_get_next_variable;
-        efi.set_variable = virt_efi_set_variable;
-        efi.get_next_high_mono_count = virt_efi_get_next_high_mono_count;
-        efi.reset_system = virt_efi_reset_system;
        efi.set_virtual_address_map = NULL;
-        efi.query_variable_info = virt_efi_query_variable_info;
-        efi.update_capsule = virt_efi_update_capsule;
-        efi.query_capsule_caps = virt_efi_query_capsule_caps;
-        if (__supported_pte_mask & _PAGE_NX)
-                runtime_code_page_mkexec();
-        kfree(new_memmap);
+        efi_runtime_mkexec();
+        /*
+         * We mapped the descriptor array into the EFI pagetable above but we're
+         * not unmapping it here. Here's why:
+         *
+         * We're copying select PGDs from the kernel page table to the EFI page
+         * table and when we do so and make changes to those PGDs like unmapping
+         * stuff from them, those changes appear in the kernel page table and we
+         * go boom.
+         *
+         * From setup_real_mode():
+         *
+         * ...
+         * trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd;
+         *
+         * In this particular case, our allocation is in PGD 0 of the EFI page
+         * table but we've copied that PGD from PGD[272] of the EFI page table:
+         *
+         *      pgd_index(__PAGE_OFFSET = 0xffff880000000000) = 272
+         *
+         * where the direct memory mapping in kernel space is.
+         *
+         * new_memmap's VA comes from that direct mapping and thus clearing it,
+         * it would get cleared in the kernel page table too.
+         *
+         * efi_cleanup_page_tables(__pa(new_memmap), 1 << pg_shift);
+         */
+        free_pages((unsigned long)new_memmap, pg_shift);
        /* clean DUMMY object */
        efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID,
@@ -889,6 +1185,14 @@ void __init efi_enter_virtual_mode(void)
                         0, NULL);
 }
+void __init efi_enter_virtual_mode(void)
+{
+        if (efi_setup)
+                kexec_enter_virtual_mode();
+        else
+                __efi_enter_virtual_mode();
+}
 /*
 * Convenience functions to obtain memory types and attributes
 */
@@ -926,9 +1230,8 @@ u64 efi_mem_attributes(unsigned long phys_addr)
 }
 /*
- * Some firmware has serious problems when using more than 50% of the EFI
+ * Some firmware implementations refuse to boot if there's insufficient space
- * variable store, i.e. it triggers bugs that can brick machines. Ensure that
+ * in the variable store. Ensure that we never use more than a safe limit.
- * we never use more than this safe limit.
 *
 * Return EFI_SUCCESS if it is safe to write 'size' bytes to the variable
 * store.
@@ -947,10 +1250,9 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
                return status;
        /*
-         * Some firmware implementations refuse to boot if there's insufficient
+         * We account for that by refusing the write if permitting it would
-         * space in the variable store. We account for that by refusing the
+         * reduce the available space to under 5KB. This figure was provided by
-         * write if permitting it would reduce the available space to under
+         * Samsung, so should be safe.
-         * 5KB. This figure was provided by Samsung, so should be safe.
         */
        if ((remaining_size - size < EFI_MIN_RESERVE) &&
                !efi_no_storage_paranoia) {
@@ -1006,3 +1308,34 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
        return EFI_SUCCESS;
 }
 EXPORT_SYMBOL_GPL(efi_query_variable_store);
+static int __init parse_efi_cmdline(char *str)
+{
+        if (*str == '=')
+                str++;
+        if (!strncmp(str, "old_map", 7))
+                set_bit(EFI_OLD_MEMMAP, &efi.flags);
+        return 0;
+}
+early_param("efi", parse_efi_cmdline);
+void __init efi_apply_memmap_quirks(void)
+{
+        /*
+         * Once setup is done earlier, unmap the EFI memory map on mismatched
+         * firmware/kernel architectures since there is no support for runtime
+         * services.
+         */
+        if (!efi_runtime_supported()) {
+                pr_info("efi: Setup done, disabling due to 32/64-bit mismatch\n");
+                efi_unmap_memmap();
+        }
+        /*
+         * UV doesn't support the new EFI pagetable mapping yet.
+         */
+        if (is_uv_system())
+                set_bit(EFI_OLD_MEMMAP, &efi.flags);
+}
diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
index 40e446941dd7..9ee3491e31fb 100644
--- a/arch/x86/platform/efi/efi_32.c
+++ b/arch/x86/platform/efi/efi_32.c
@@ -37,9 +37,24 @@
 * claim EFI runtime service handler exclusively and to duplicate a memory in
 * low memory space say 0 - 3G.
 */
 static unsigned long efi_rt_eflags;
+void efi_sync_low_kernel_mappings(void) {}
+void __init efi_dump_pagetable(void) {}
+int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
+{
+        return 0;
+}
+void efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages) {}
+void __init efi_map_region(efi_memory_desc_t *md)
+{
+        old_map_region(md);
+}
+void __init efi_map_region_fixed(efi_memory_desc_t *md) {}
+void __init parse_efi_setup(u64 phys_addr, u32 data_len) {}
 void efi_call_phys_prelog(void)
 {
        struct desc_ptr gdt_descr;
@@ -67,3 +82,9 @@ void efi_call_phys_epilog(void)
        local_irq_restore(efi_rt_eflags);
 }
+void __init efi_runtime_mkexec(void)
+{
+        if (__supported_pte_mask & _PAGE_NX)
+                runtime_code_page_mkexec();
+}
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
index 39a0e7f1f0a3..290d397e1dd9 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -38,10 +38,30 @@
 #include <asm/efi.h>
 #include <asm/cacheflush.h>
 #include <asm/fixmap.h>
+#include <asm/realmode.h>
+#include <asm/time.h>
 static pgd_t *save_pgd __initdata;
 static unsigned long efi_flags __initdata;
+/*
+ * We allocate runtime services regions bottom-up, starting from -4G, i.e.
+ * 0xffff_ffff_0000_0000 and limit EFI VA mapping space to 64G.
+ */
+static u64 efi_va       = -4 * (1UL << 30);
+#define EFI_VA_END      (-68 * (1UL << 30))
+/*
+ * Scratch space used for switching the pagetable in the EFI stub
+ */
+struct efi_scratch {
+        u64 r15;
+        u64 prev_cr3;
+        pgd_t *efi_pgt;
+        bool use_pgd;
+        u64 phys_stack;
+} __packed;
 static void __init early_code_mapping_set_exec(int executable)
 {
        efi_memory_desc_t *md;
@@ -65,6 +85,9 @@ void __init efi_call_phys_prelog(void)
        int pgd;
        int n_pgds;
+        if (!efi_enabled(EFI_OLD_MEMMAP))
+                return;
        early_code_mapping_set_exec(1);
        local_irq_save(efi_flags);
@@ -86,6 +109,10 @@ void __init efi_call_phys_epilog(void)
         */
        int pgd;
        int n_pgds = DIV_ROUND_UP((max_pfn << PAGE_SHIFT) , PGDIR_SIZE);
+        if (!efi_enabled(EFI_OLD_MEMMAP))
+                return;
        for (pgd = 0; pgd < n_pgds; pgd++)
                set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), save_pgd[pgd]);
        kfree(save_pgd);
@@ -94,6 +121,158 @@ void __init efi_call_phys_epilog(void)
        early_code_mapping_set_exec(0);
 }
+/*
+ * Add low kernel mappings for passing arguments to EFI functions.
+ */
+void efi_sync_low_kernel_mappings(void)
+{
+        unsigned num_pgds;
+        pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd);
+        if (efi_enabled(EFI_OLD_MEMMAP))
+                return;
+        num_pgds = pgd_index(MODULES_END - 1) - pgd_index(PAGE_OFFSET);
+        memcpy(pgd + pgd_index(PAGE_OFFSET),
+                init_mm.pgd + pgd_index(PAGE_OFFSET),
+                sizeof(pgd_t) * num_pgds);
+}
+int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
+{
+        unsigned long text;
+        struct page *page;
+        unsigned npages;
+        pgd_t *pgd;
+        if (efi_enabled(EFI_OLD_MEMMAP))
+                return 0;
+        efi_scratch.efi_pgt = (pgd_t *)(unsigned long)real_mode_header->trampoline_pgd;
+        pgd = __va(efi_scratch.efi_pgt);
+        /*
+         * It can happen that the physical address of new_memmap lands in memory
+         * which is not mapped in the EFI page table. Therefore we need to go
+         * and ident-map those pages containing the map before calling
+         * phys_efi_set_virtual_address_map().
+         */
+        if (kernel_map_pages_in_pgd(pgd, pa_memmap, pa_memmap, num_pages, _PAGE_NX)) {
+                pr_err("Error ident-mapping new memmap (0x%lx)!\n", pa_memmap);
+                return 1;
+        }
+        efi_scratch.use_pgd = true;
+        /*
+         * When making calls to the firmware everything needs to be 1:1
+         * mapped and addressable with 32-bit pointers. Map the kernel
+         * text and allocate a new stack because we can't rely on the
+         * stack pointer being < 4GB.
+         */
+        if (!IS_ENABLED(CONFIG_EFI_MIXED))
+                return 0;
+        page = alloc_page(GFP_KERNEL|__GFP_DMA32);
+        if (!page)
+                panic("Unable to allocate EFI runtime stack < 4GB\n");
+        efi_scratch.phys_stack = virt_to_phys(page_address(page));
+        efi_scratch.phys_stack += PAGE_SIZE; /* stack grows down */
+        npages = (_end - _text) >> PAGE_SHIFT;
+        text = __pa(_text);
+        if (kernel_map_pages_in_pgd(pgd, text >> PAGE_SHIFT, text, npages, 0)) {
+                pr_err("Failed to map kernel text 1:1\n");
+                return 1;
+        }
+        return 0;
+}
+void efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages)
+{
+        pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd);
+        kernel_unmap_pages_in_pgd(pgd, pa_memmap, num_pages);
+}
+static void __init __map_region(efi_memory_desc_t *md, u64 va)
+{
+        pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd);
+        unsigned long pf = 0;
+        if (!(md->attribute & EFI_MEMORY_WB))
+                pf |= _PAGE_PCD;
+        if (kernel_map_pages_in_pgd(pgd, md->phys_addr, va, md->num_pages, pf))
+                pr_warn("Error mapping PA 0x%llx -> VA 0x%llx!\n",
+                           md->phys_addr, va);
+}
+void __init efi_map_region(efi_memory_desc_t *md)
+{
+        unsigned long size = md->num_pages << PAGE_SHIFT;
+        u64 pa = md->phys_addr;
+        if (efi_enabled(EFI_OLD_MEMMAP))
+                return old_map_region(md);
+        /*
+         * Make sure the 1:1 mappings are present as a catch-all for b0rked
+         * firmware which doesn't update all internal pointers after switching
+         * to virtual mode and would otherwise crap on us.
+         */
+        __map_region(md, md->phys_addr);
+        /*
+         * Enforce the 1:1 mapping as the default virtual address when
+         * booting in EFI mixed mode, because even though we may be
+         * running a 64-bit kernel, the firmware may only be 32-bit.
+         */
+        if (!efi_is_native () && IS_ENABLED(CONFIG_EFI_MIXED)) {
+                md->virt_addr = md->phys_addr;
+                return;
+        }
+        efi_va -= size;
+        /* Is PA 2M-aligned? */
+        if (!(pa & (PMD_SIZE - 1))) {
+                efi_va &= PMD_MASK;
+        } else {
+                u64 pa_offset = pa & (PMD_SIZE - 1);
+                u64 prev_va = efi_va;
+                /* get us the same offset within this 2M page */
+                efi_va = (efi_va & PMD_MASK) + pa_offset;
+                if (efi_va > prev_va)
+                        efi_va -= PMD_SIZE;
+        }
+        if (efi_va < EFI_VA_END) {
+                pr_warn(FW_WARN "VA address range overflow!\n");
+                return;
+        }
+        /* Do the VA map */
+        __map_region(md, efi_va);
+        md->virt_addr = efi_va;
+}
+/*
+ * kexec kernel will use efi_map_region_fixed to map efi runtime memory ranges.
+ * md->virt_addr is the original virtual address which had been mapped in kexec
+ * 1st kernel.
+ */
+void __init efi_map_region_fixed(efi_memory_desc_t *md)
+{
+        __map_region(md, md->virt_addr);
+}
 void __iomem *__init efi_ioremap(unsigned long phys_addr, unsigned long size,
                                 u32 type, u64 attribute)
 {
@@ -113,3 +292,313 @@ void __iomem *__init efi_ioremap(unsigned long phys_addr, unsigned long size,
        return (void __iomem *)__va(phys_addr);
 }
+void __init parse_efi_setup(u64 phys_addr, u32 data_len)
+{
+        efi_setup = phys_addr + sizeof(struct setup_data);
+}
+void __init efi_runtime_mkexec(void)
+{
+        if (!efi_enabled(EFI_OLD_MEMMAP))
+                return;
+        if (__supported_pte_mask & _PAGE_NX)
+                runtime_code_page_mkexec();
+}
+void __init efi_dump_pagetable(void)
+{
+#ifdef CONFIG_EFI_PGT_DUMP
+        pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd);
+        ptdump_walk_pgd_level(NULL, pgd);
+#endif
+}
+#ifdef CONFIG_EFI_MIXED
+extern efi_status_t efi64_thunk(u32, ...);
+#define runtime_service32(func)                                          \
+({                                                                       \
+        u32 table = (u32)(unsigned long)efi.systab;                      \
+        u32 *rt, *___f;                                                  \
+                                                                         \
+        rt = (u32 *)(table + offsetof(efi_system_table_32_t, runtime));  \
+        ___f = (u32 *)(*rt + offsetof(efi_runtime_services_32_t, func)); \
+        *___f;                                                           \
+})
+/*
+ * Switch to the EFI page tables early so that we can access the 1:1
+ * runtime services mappings which are not mapped in any other page
+ * tables. This function must be called before runtime_service32().
+ *
+ * Also, disable interrupts because the IDT points to 64-bit handlers,
+ * which aren't going to function correctly when we switch to 32-bit.
+ */
+#define efi_thunk(f, ...)                                               \
+({                                                                      \
+        efi_status_t __s;                                               \
+        unsigned long flags;                                            \
+        u32 func;                                                       \
+                                                                        \
+        efi_sync_low_kernel_mappings();                                 \
+        local_irq_save(flags);                                          \
+                                                                        \
+        efi_scratch.prev_cr3 = read_cr3();                              \
+        write_cr3((unsigned long)efi_scratch.efi_pgt);                  \
+        __flush_tlb_all();                                              \
+                                                                        \
+        func = runtime_service32(f);                                    \
+        __s = efi64_thunk(func, __VA_ARGS__);                   \
+                                                                        \
+        write_cr3(efi_scratch.prev_cr3);                                \
+        __flush_tlb_all();                                              \
+        local_irq_restore(flags);                                       \
+                                                                        \
+        __s;                                                            \
+})
+efi_status_t efi_thunk_set_virtual_address_map(
+        void *phys_set_virtual_address_map,
+        unsigned long memory_map_size,
+        unsigned long descriptor_size,
+        u32 descriptor_version,
+        efi_memory_desc_t *virtual_map)
+{
+        efi_status_t status;
+        unsigned long flags;
+        u32 func;
+        efi_sync_low_kernel_mappings();
+        local_irq_save(flags);
+        efi_scratch.prev_cr3 = read_cr3();
+        write_cr3((unsigned long)efi_scratch.efi_pgt);
+        __flush_tlb_all();
+        func = (u32)(unsigned long)phys_set_virtual_address_map;
+        status = efi64_thunk(func, memory_map_size, descriptor_size,
+                             descriptor_version, virtual_map);
+        write_cr3(efi_scratch.prev_cr3);
+        __flush_tlb_all();
+        local_irq_restore(flags);
+        return status;
+}
+static efi_status_t efi_thunk_get_time(efi_time_t *tm, efi_time_cap_t *tc)
+{
+        efi_status_t status;
+        u32 phys_tm, phys_tc;
+        spin_lock(&rtc_lock);
+        phys_tm = virt_to_phys(tm);
+        phys_tc = virt_to_phys(tc);
+        status = efi_thunk(get_time, phys_tm, phys_tc);
+        spin_unlock(&rtc_lock);
+        return status;
+}
+static efi_status_t efi_thunk_set_time(efi_time_t *tm)
+{
+        efi_status_t status;
+        u32 phys_tm;
+        spin_lock(&rtc_lock);
+        phys_tm = virt_to_phys(tm);
+        status = efi_thunk(set_time, phys_tm);
+        spin_unlock(&rtc_lock);
+        return status;
+}
+static efi_status_t
+efi_thunk_get_wakeup_time(efi_bool_t *enabled, efi_bool_t *pending,
+                          efi_time_t *tm)
+{
+        efi_status_t status;
+        u32 phys_enabled, phys_pending, phys_tm;
+        spin_lock(&rtc_lock);
+        phys_enabled = virt_to_phys(enabled);
+        phys_pending = virt_to_phys(pending);
+        phys_tm = virt_to_phys(tm);
+        status = efi_thunk(get_wakeup_time, phys_enabled,
+                             phys_pending, phys_tm);
+        spin_unlock(&rtc_lock);
+        return status;
+}
+static efi_status_t
+efi_thunk_set_wakeup_time(efi_bool_t enabled, efi_time_t *tm)
+{
+        efi_status_t status;
+        u32 phys_tm;
+        spin_lock(&rtc_lock);
+        phys_tm = virt_to_phys(tm);
+        status = efi_thunk(set_wakeup_time, enabled, phys_tm);
+        spin_unlock(&rtc_lock);
+        return status;
+}
+static efi_status_t
+efi_thunk_get_variable(efi_char16_t *name, efi_guid_t *vendor,
+                       u32 *attr, unsigned long *data_size, void *data)
+{
+        efi_status_t status;
+        u32 phys_name, phys_vendor, phys_attr;
+        u32 phys_data_size, phys_data;
+        phys_data_size = virt_to_phys(data_size);
+        phys_vendor = virt_to_phys(vendor);
+        phys_name = virt_to_phys(name);
+        phys_attr = virt_to_phys(attr);
+        phys_data = virt_to_phys(data);
+        status = efi_thunk(get_variable, phys_name, phys_vendor,
+                           phys_attr, phys_data_size, phys_data);
+        return status;
+}
+static efi_status_t
+efi_thunk_set_variable(efi_char16_t *name, efi_guid_t *vendor,
+                       u32 attr, unsigned long data_size, void *data)
+{
+        u32 phys_name, phys_vendor, phys_data;
+        efi_status_t status;
+        phys_name = virt_to_phys(name);
+        phys_vendor = virt_to_phys(vendor);
+        phys_data = virt_to_phys(data);
+        /* If data_size is > sizeof(u32) we've got problems */
+        status = efi_thunk(set_variable, phys_name, phys_vendor,
+                           attr, data_size, phys_data);
+        return status;
+}
+static efi_status_t
+efi_thunk_get_next_variable(unsigned long *name_size,
+                            efi_char16_t *name,
+                            efi_guid_t *vendor)
+{
+        efi_status_t status;
+        u32 phys_name_size, phys_name, phys_vendor;
+        phys_name_size = virt_to_phys(name_size);
+        phys_vendor = virt_to_phys(vendor);
+        phys_name = virt_to_phys(name);
+        status = efi_thunk(get_next_variable, phys_name_size,
+                           phys_name, phys_vendor);
+        return status;
+}
+static efi_status_t
+efi_thunk_get_next_high_mono_count(u32 *count)
+{
+        efi_status_t status;
+        u32 phys_count;
+        phys_count = virt_to_phys(count);
+        status = efi_thunk(get_next_high_mono_count, phys_count);
+        return status;
+}
+static void
+efi_thunk_reset_system(int reset_type, efi_status_t status,
+                       unsigned long data_size, efi_char16_t *data)
+{
+        u32 phys_data;
+        phys_data = virt_to_phys(data);
+        efi_thunk(reset_system, reset_type, status, data_size, phys_data);
+}
+static efi_status_t
+efi_thunk_update_capsule(efi_capsule_header_t **capsules,
+                         unsigned long count, unsigned long sg_list)
+{
+        /*
+         * To properly support this function we would need to repackage
+         * 'capsules' because the firmware doesn't understand 64-bit
+         * pointers.
+         */
+        return EFI_UNSUPPORTED;
+}
+static efi_status_t
+efi_thunk_query_variable_info(u32 attr, u64 *storage_space,
+                              u64 *remaining_space,
+                              u64 *max_variable_size)
+{
+        efi_status_t status;
+        u32 phys_storage, phys_remaining, phys_max;
+        if (efi.runtime_version < EFI_2_00_SYSTEM_TABLE_REVISION)
+                return EFI_UNSUPPORTED;
+        phys_storage = virt_to_phys(storage_space);
+        phys_remaining = virt_to_phys(remaining_space);
+        phys_max = virt_to_phys(max_variable_size);
+        status = efi_thunk(query_variable_info, attr, phys_storage,
+                           phys_remaining, phys_max);
+        return status;
+}
+static efi_status_t
+efi_thunk_query_capsule_caps(efi_capsule_header_t **capsules,
+                             unsigned long count, u64 *max_size,
+                             int *reset_type)
+{
+        /*
+         * To properly support this function we would need to repackage
+         * 'capsules' because the firmware doesn't understand 64-bit
+         * pointers.
+         */
+        return EFI_UNSUPPORTED;
+}
+void efi_thunk_runtime_setup(void)
+{
+        efi.get_time = efi_thunk_get_time;
+        efi.set_time = efi_thunk_set_time;
+        efi.get_wakeup_time = efi_thunk_get_wakeup_time;
+        efi.set_wakeup_time = efi_thunk_set_wakeup_time;
+        efi.get_variable = efi_thunk_get_variable;
+        efi.get_next_variable = efi_thunk_get_next_variable;
+        efi.set_variable = efi_thunk_set_variable;
+        efi.get_next_high_mono_count = efi_thunk_get_next_high_mono_count;
+        efi.reset_system = efi_thunk_reset_system;
+        efi.query_variable_info = efi_thunk_query_variable_info;
+        efi.update_capsule = efi_thunk_update_capsule;
+        efi.query_capsule_caps = efi_thunk_query_capsule_caps;
+}
+#endif /* CONFIG_EFI_MIXED */
diff --git a/arch/x86/platform/efi/efi_stub_64.S b/arch/x86/platform/efi/efi_stub_64.S
index 4c07ccab8146..e0984ef0374b 100644
--- a/arch/x86/platform/efi/efi_stub_64.S
+++ b/arch/x86/platform/efi/efi_stub_64.S
@@ -7,6 +7,10 @@
 */
 #include <linux/linkage.h>
+#include <asm/segment.h>
+#include <asm/msr.h>
+#include <asm/processor-flags.h>
+#include <asm/page_types.h>
 #define SAVE_XMM                        \
        mov %rsp, %rax;                 \
@@ -34,10 +38,47 @@
        mov %rsi, %cr0;                 \
        mov (%rsp), %rsp
+        /* stolen from gcc */
+        .macro FLUSH_TLB_ALL
+        movq %r15, efi_scratch(%rip)
+        movq %r14, efi_scratch+8(%rip)
+        movq %cr4, %r15
+        movq %r15, %r14
+        andb $0x7f, %r14b
+        movq %r14, %cr4
+        movq %r15, %cr4
+        movq efi_scratch+8(%rip), %r14
+        movq efi_scratch(%rip), %r15
+        .endm
+        .macro SWITCH_PGT
+        cmpb $0, efi_scratch+24(%rip)
+        je 1f
+        movq %r15, efi_scratch(%rip)            # r15
+        # save previous CR3
+        movq %cr3, %r15
+        movq %r15, efi_scratch+8(%rip)          # prev_cr3
+        movq efi_scratch+16(%rip), %r15         # EFI pgt
+        movq %r15, %cr3
+        1:
+        .endm
+        .macro RESTORE_PGT
+        cmpb $0, efi_scratch+24(%rip)
+        je 2f
+        movq efi_scratch+8(%rip), %r15
+        movq %r15, %cr3
+        movq efi_scratch(%rip), %r15
+        FLUSH_TLB_ALL
+        2:
+        .endm
 ENTRY(efi_call0)
        SAVE_XMM
        subq $32, %rsp
+        SWITCH_PGT
        call *%rdi
+        RESTORE_PGT
        addq $32, %rsp
        RESTORE_XMM
        ret
@@ -47,7 +88,9 @@ ENTRY(efi_call1)
        SAVE_XMM
        subq $32, %rsp
        mov  %rsi, %rcx
+        SWITCH_PGT
        call *%rdi
+        RESTORE_PGT
        addq $32, %rsp
        RESTORE_XMM
        ret
@@ -57,7 +100,9 @@ ENTRY(efi_call2)
        SAVE_XMM
        subq $32, %rsp
        mov  %rsi, %rcx
+        SWITCH_PGT
        call *%rdi
+        RESTORE_PGT
        addq $32, %rsp
        RESTORE_XMM
        ret
@@ -68,7 +113,9 @@ ENTRY(efi_call3)
        subq $32, %rsp
        mov  %rcx, %r8
        mov  %rsi, %rcx
+        SWITCH_PGT
        call *%rdi
+        RESTORE_PGT
        addq $32, %rsp
        RESTORE_XMM
        ret
@@ -80,7 +127,9 @@ ENTRY(efi_call4)
        mov %r8, %r9
        mov %rcx, %r8
        mov %rsi, %rcx
+        SWITCH_PGT
        call *%rdi
+        RESTORE_PGT
        addq $32, %rsp
        RESTORE_XMM
        ret
@@ -93,7 +142,9 @@ ENTRY(efi_call5)
        mov %r8, %r9
        mov %rcx, %r8
        mov %rsi, %rcx
+        SWITCH_PGT
        call *%rdi
+        RESTORE_PGT
        addq $48, %rsp
        RESTORE_XMM
        ret
@@ -109,8 +160,177 @@ ENTRY(efi_call6)
        mov %r8, %r9
        mov %rcx, %r8
        mov %rsi, %rcx
+        SWITCH_PGT
        call *%rdi
+        RESTORE_PGT
        addq $48, %rsp
        RESTORE_XMM
        ret
 ENDPROC(efi_call6)
+#ifdef CONFIG_EFI_MIXED
+/*
+ * We run this function from the 1:1 mapping.
+ *
+ * This function must be invoked with a 1:1 mapped stack.
+ */
+ENTRY(__efi64_thunk)
+        movl    %ds, %eax
+        push    %rax
+        movl    %es, %eax
+        push    %rax
+        movl    %ss, %eax
+        push    %rax
+        subq    $32, %rsp
+        movl    %esi, 0x0(%rsp)
+        movl    %edx, 0x4(%rsp)
+        movl    %ecx, 0x8(%rsp)
+        movq    %r8, %rsi
+        movl    %esi, 0xc(%rsp)
+        movq    %r9, %rsi
+        movl    %esi,  0x10(%rsp)
+        sgdt    save_gdt(%rip)
+        leaq    1f(%rip), %rbx
+        movq    %rbx, func_rt_ptr(%rip)
+        /* Switch to gdt with 32-bit segments */
+        movl    64(%rsp), %eax
+        lgdt    (%rax)
+        leaq    efi_enter32(%rip), %rax
+        pushq   $__KERNEL_CS
+        pushq   %rax
+        lretq
+1:      addq    $32, %rsp
+        lgdt    save_gdt(%rip)
+        pop     %rbx
+        movl    %ebx, %ss
+        pop     %rbx
+        movl    %ebx, %es
+        pop     %rbx
+        movl    %ebx, %ds
+        /*
+         * Convert 32-bit status code into 64-bit.
+         */
+        test    %rax, %rax
+        jz      1f
+        movl    %eax, %ecx
+        andl    $0x0fffffff, %ecx
+        andl    $0xf0000000, %eax
+        shl     $32, %rax
+        or      %rcx, %rax
+1:
+        ret
+ENDPROC(__efi64_thunk)
+ENTRY(efi_exit32)
+        movq    func_rt_ptr(%rip), %rax
+        push    %rax
+        mov     %rdi, %rax
+        ret
+ENDPROC(efi_exit32)
+        .code32
+/*
+ * EFI service pointer must be in %edi.
+ *
+ * The stack should represent the 32-bit calling convention.
+ */
+ENTRY(efi_enter32)
+        movl    $__KERNEL_DS, %eax
+        movl    %eax, %ds
+        movl    %eax, %es
+        movl    %eax, %ss
+        /* Reload pgtables */
+        movl    %cr3, %eax
+        movl    %eax, %cr3
+        /* Disable paging */
+        movl    %cr0, %eax
+        btrl    $X86_CR0_PG_BIT, %eax
+        movl    %eax, %cr0
+        /* Disable long mode via EFER */
+        movl    $MSR_EFER, %ecx
+        rdmsr
+        btrl    $_EFER_LME, %eax
+        wrmsr
+        call    *%edi
+        /* We must preserve return value */
+        movl    %eax, %edi
+        /*
+         * Some firmware will return with interrupts enabled. Be sure to
+         * disable them before we switch GDTs.
+         */
+        cli
+        movl    68(%esp), %eax
+        movl    %eax, 2(%eax)
+        lgdtl   (%eax)
+        movl    %cr4, %eax
+        btsl    $(X86_CR4_PAE_BIT), %eax
+        movl    %eax, %cr4
+        movl    %cr3, %eax
+        movl    %eax, %cr3
+        movl    $MSR_EFER, %ecx
+        rdmsr
+        btsl    $_EFER_LME, %eax
+        wrmsr
+        xorl    %eax, %eax
+        lldt    %ax
+        movl    72(%esp), %eax
+        pushl   $__KERNEL_CS
+        pushl   %eax
+        /* Enable paging */
+        movl    %cr0, %eax
+        btsl    $X86_CR0_PG_BIT, %eax
+        movl    %eax, %cr0
+        lret
+ENDPROC(efi_enter32)
+        .data
+        .balign 8
+        .global efi32_boot_gdt
+efi32_boot_gdt: .word   0
+                .quad   0
+save_gdt:       .word   0
+                .quad   0
+func_rt_ptr:    .quad   0
+        .global efi_gdt64
+efi_gdt64:
+        .word   efi_gdt64_end - efi_gdt64
+        .long   0                       /* Filled out by user */
+        .word   0
+        .quad   0x0000000000000000      /* NULL descriptor */
+        .quad   0x00af9a000000ffff      /* __KERNEL_CS */
+        .quad   0x00cf92000000ffff      /* __KERNEL_DS */
+        .quad   0x0080890000000000      /* TS descriptor */
+        .quad   0x0000000000000000      /* TS continued */
+efi_gdt64_end:
+#endif /* CONFIG_EFI_MIXED */
+        .data
+ENTRY(efi_scratch)
+        .fill 3,8,0
+        .byte 0
+        .quad 0
diff --git a/arch/x86/platform/efi/efi_thunk_64.S b/arch/x86/platform/efi/efi_thunk_64.S
new file mode 100644
index 000000000000..8806fa73e6e6
--- /dev/null
+++ b/arch/x86/platform/efi/efi_thunk_64.S
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2014 Intel Corporation; author Matt Fleming
+ */
+#include <linux/linkage.h>
+#include <asm/page_types.h>
+        .text
+        .code64
+ENTRY(efi64_thunk)
+        push    %rbp
+        push    %rbx
+        /*
+         * Switch to 1:1 mapped 32-bit stack pointer.
+         */
+        movq    %rsp, efi_saved_sp(%rip)
+        movq    efi_scratch+25(%rip), %rsp
+        /*
+         * Calculate the physical address of the kernel text.
+         */
+        movq    $__START_KERNEL_map, %rax
+        subq    phys_base(%rip), %rax
+        /*
+         * Push some physical addresses onto the stack. This is easier
+         * to do now in a code64 section while the assembler can address
+         * 64-bit values. Note that all the addresses on the stack are
+         * 32-bit.
+         */
+        subq    $16, %rsp
+        leaq    efi_exit32(%rip), %rbx
+        subq    %rax, %rbx
+        movl    %ebx, 8(%rsp)
+        leaq    efi_gdt64(%rip), %rbx
+        subq    %rax, %rbx
+        movl    %ebx, 2(%ebx)
+        movl    %ebx, 4(%rsp)
+        leaq    efi_gdt32(%rip), %rbx
+        subq    %rax, %rbx
+        movl    %ebx, 2(%ebx)
+        movl    %ebx, (%rsp)
+        leaq    __efi64_thunk(%rip), %rbx
+        subq    %rax, %rbx
+        call    *%rbx
+        movq    efi_saved_sp(%rip), %rsp
+        pop     %rbx
+        pop     %rbp
+        retq
+ENDPROC(efi64_thunk)
+        .data
+efi_gdt32:
+        .word   efi_gdt32_end - efi_gdt32
+        .long   0                       /* Filled out above */
+        .word   0
+        .quad   0x0000000000000000      /* NULL descriptor */
+        .quad   0x00cf9a000000ffff      /* __KERNEL_CS */
+        .quad   0x00cf93000000ffff      /* __KERNEL_DS */
+efi_gdt32_end:
+efi_saved_sp:           .quad 0
diff --git a/arch/x86/platform/intel-mid/Makefile b/arch/x86/platform/intel-mid/Makefile
index 01cc29ea5ff7..0a8ee703b9fa 100644
--- a/arch/x86/platform/intel-mid/Makefile
+++ b/arch/x86/platform/intel-mid/Makefile
@@ -1,6 +1,6 @@
-obj-$(CONFIG_X86_INTEL_MID) += intel-mid.o
+obj-$(CONFIG_X86_INTEL_MID) += intel-mid.o intel_mid_vrtc.o mfld.o mrfl.o
-obj-$(CONFIG_X86_INTEL_MID) += intel_mid_vrtc.o
 obj-$(CONFIG_EARLY_PRINTK_INTEL_MID) += early_printk_intel_mid.o
 # SFI specific code
 ifdef CONFIG_X86_INTEL_MID
 obj-$(CONFIG_SFI) += sfi.o device_libs/
diff --git a/arch/x86/platform/intel-mid/device_libs/platform_emc1403.c b/arch/x86/platform/intel-mid/device_libs/platform_emc1403.c
index 0d942c1d26d5..69a783689d21 100644
--- a/arch/x86/platform/intel-mid/device_libs/platform_emc1403.c
+++ b/arch/x86/platform/intel-mid/device_libs/platform_emc1403.c
@@ -22,7 +22,9 @@ static void __init *emc1403_platform_data(void *info)
        int intr = get_gpio_by_name("thermal_int");
        int intr2nd = get_gpio_by_name("thermal_alert");
-        if (intr == -1 || intr2nd == -1)
+        if (intr < 0)
+                return NULL;
+        if (intr2nd < 0)
                return NULL;
        i2c_info->irq = intr + INTEL_MID_IRQ_OFFSET;
diff --git a/arch/x86/platform/intel-mid/device_libs/platform_gpio_keys.c b/arch/x86/platform/intel-mid/device_libs/platform_gpio_keys.c
index a013a4834bbe..dccae6b0413f 100644
--- a/arch/x86/platform/intel-mid/device_libs/platform_gpio_keys.c
+++ b/arch/x86/platform/intel-mid/device_libs/platform_gpio_keys.c
@@ -66,7 +66,7 @@ static int __init pb_keys_init(void)
                gb[i].gpio = get_gpio_by_name(gb[i].desc);
                pr_debug("info[%2d]: name = %s, gpio = %d\n", i, gb[i].desc,
                                        gb[i].gpio);
-                if (gb[i].gpio == -1)
+                if (gb[i].gpio < 0)
                        continue;
                if (i != good)
diff --git a/arch/x86/platform/intel-mid/device_libs/platform_ipc.h b/arch/x86/platform/intel-mid/device_libs/platform_ipc.h
index 8f568dd79605..79bb09d4f718 100644
--- a/arch/x86/platform/intel-mid/device_libs/platform_ipc.h
+++ b/arch/x86/platform/intel-mid/device_libs/platform_ipc.h
@@ -12,6 +12,7 @@
 #ifndef _PLATFORM_IPC_H_
 #define _PLATFORM_IPC_H_
-extern void __init ipc_device_handler(struct sfi_device_table_entry *pentry,
+void __init
-                        struct devs_id *dev) __attribute__((weak));
+ipc_device_handler(struct sfi_device_table_entry *pentry, struct devs_id *dev);
 #endif
diff --git a/arch/x86/platform/intel-mid/device_libs/platform_lis331.c b/arch/x86/platform/intel-mid/device_libs/platform_lis331.c
index 15278c11f714..54226de7541a 100644
--- a/arch/x86/platform/intel-mid/device_libs/platform_lis331.c
+++ b/arch/x86/platform/intel-mid/device_libs/platform_lis331.c
@@ -21,7 +21,9 @@ static void __init *lis331dl_platform_data(void *info)
        int intr = get_gpio_by_name("accel_int");
        int intr2nd = get_gpio_by_name("accel_2");
-        if (intr == -1 || intr2nd == -1)
+        if (intr < 0)
+                return NULL;
+        if (intr2nd < 0)
                return NULL;
        i2c_info->irq = intr + INTEL_MID_IRQ_OFFSET;
diff --git a/arch/x86/platform/intel-mid/device_libs/platform_max7315.c b/arch/x86/platform/intel-mid/device_libs/platform_max7315.c
index 94ade10024ae..2c8acbc1e9ad 100644
--- a/arch/x86/platform/intel-mid/device_libs/platform_max7315.c
+++ b/arch/x86/platform/intel-mid/device_libs/platform_max7315.c
@@ -48,7 +48,7 @@ static void __init *max7315_platform_data(void *info)
        gpio_base = get_gpio_by_name(base_pin_name);
        intr = get_gpio_by_name(intr_pin_name);
-        if (gpio_base == -1)
+        if (gpio_base < 0)
                return NULL;
        max7315->gpio_base = gpio_base;
        if (intr != -1) {
diff --git a/arch/x86/platform/intel-mid/device_libs/platform_mpu3050.c b/arch/x86/platform/intel-mid/device_libs/platform_mpu3050.c
index dd28d63c84fb..cfe9a47a1e87 100644
--- a/arch/x86/platform/intel-mid/device_libs/platform_mpu3050.c
+++ b/arch/x86/platform/intel-mid/device_libs/platform_mpu3050.c
@@ -19,7 +19,7 @@ static void *mpu3050_platform_data(void *info)
        struct i2c_board_info *i2c_info = info;
        int intr = get_gpio_by_name("mpu3050_int");
-        if (intr == -1)
+        if (intr < 0)
                return NULL;
        i2c_info->irq = intr + INTEL_MID_IRQ_OFFSET;
diff --git a/arch/x86/platform/intel-mid/device_libs/platform_msic.h b/arch/x86/platform/intel-mid/device_libs/platform_msic.h
index 917eb56d77da..b7be1d041da2 100644
--- a/arch/x86/platform/intel-mid/device_libs/platform_msic.h
+++ b/arch/x86/platform/intel-mid/device_libs/platform_msic.h
@@ -14,6 +14,6 @@
 extern struct intel_msic_platform_data msic_pdata;
-extern void *msic_generic_platform_data(void *info,
+void *msic_generic_platform_data(void *info, enum intel_msic_block block);
-                        enum intel_msic_block block) __attribute__((weak));
 #endif
diff --git a/arch/x86/platform/intel-mid/device_libs/platform_pmic_gpio.c b/arch/x86/platform/intel-mid/device_libs/platform_pmic_gpio.c
index d87182a09263..65c2a9a19db4 100644
--- a/arch/x86/platform/intel-mid/device_libs/platform_pmic_gpio.c
+++ b/arch/x86/platform/intel-mid/device_libs/platform_pmic_gpio.c
@@ -26,7 +26,7 @@ static void __init *pmic_gpio_platform_data(void *info)
        static struct intel_pmic_gpio_platform_data pmic_gpio_pdata;
        int gpio_base = get_gpio_by_name("pmic_gpio_base");
-        if (gpio_base == -1)
+        if (gpio_base < 0)
                gpio_base = 64;
        pmic_gpio_pdata.gpio_base = gpio_base;
        pmic_gpio_pdata.irq_base = gpio_base + INTEL_MID_IRQ_OFFSET;
diff --git a/arch/x86/platform/intel-mid/device_libs/platform_tca6416.c b/arch/x86/platform/intel-mid/device_libs/platform_tca6416.c
index 22881c9a6737..33be0b3be6e1 100644
--- a/arch/x86/platform/intel-mid/device_libs/platform_tca6416.c
+++ b/arch/x86/platform/intel-mid/device_libs/platform_tca6416.c
@@ -34,10 +34,10 @@ static void *tca6416_platform_data(void *info)
        gpio_base = get_gpio_by_name(base_pin_name);
        intr = get_gpio_by_name(intr_pin_name);
-        if (gpio_base == -1)
+        if (gpio_base < 0)
                return NULL;
        tca6416.gpio_base = gpio_base;
-        if (intr != -1) {
+        if (intr >= 0) {
                i2c_info->irq = intr + INTEL_MID_IRQ_OFFSET;
                tca6416.irq_base = gpio_base + INTEL_MID_IRQ_OFFSET;
        } else {
diff --git a/arch/x86/platform/intel-mid/early_printk_intel_mid.c b/arch/x86/platform/intel-mid/early_printk_intel_mid.c
index 4f702f554f6e..e0bd082a80e0 100644
--- a/arch/x86/platform/intel-mid/early_printk_intel_mid.c
+++ b/arch/x86/platform/intel-mid/early_printk_intel_mid.c
@@ -22,7 +22,6 @@
 #include <linux/console.h>
 #include <linux/kernel.h>
 #include <linux/delay.h>
-#include <linux/init.h>
 #include <linux/io.h>
 #include <asm/fixmap.h>
diff --git a/arch/x86/platform/intel-mid/intel-mid.c b/arch/x86/platform/intel-mid/intel-mid.c
index f90e290f689f..1bbedc4b0f88 100644
--- a/arch/x86/platform/intel-mid/intel-mid.c
+++ b/arch/x86/platform/intel-mid/intel-mid.c
@@ -35,6 +35,8 @@
 #include <asm/apb_timer.h>
 #include <asm/reboot.h>
+#include "intel_mid_weak_decls.h"
 /*
 * the clockevent devices on Moorestown/Medfield can be APBT or LAPIC clock,
 * cmdline option x86_intel_mid_timer can be used to override the configuration
@@ -58,12 +60,16 @@
 enum intel_mid_timer_options intel_mid_timer_options;
+/* intel_mid_ops to store sub arch ops */
+struct intel_mid_ops *intel_mid_ops;
+/* getter function for sub arch ops*/
+static void *(*get_intel_mid_ops[])(void) = INTEL_MID_OPS_INIT;
 enum intel_mid_cpu_type __intel_mid_cpu_chip;
 EXPORT_SYMBOL_GPL(__intel_mid_cpu_chip);
 static void intel_mid_power_off(void)
 {
-}
+};
 static void intel_mid_reboot(void)
 {
@@ -72,32 +78,6 @@ static void intel_mid_reboot(void)
 static unsigned long __init intel_mid_calibrate_tsc(void)
 {
-        unsigned long fast_calibrate;
-        u32 lo, hi, ratio, fsb;
-        rdmsr(MSR_IA32_PERF_STATUS, lo, hi);
-        pr_debug("IA32 perf status is 0x%x, 0x%0x\n", lo, hi);
-        ratio = (hi >> 8) & 0x1f;
-        pr_debug("ratio is %d\n", ratio);
-        if (!ratio) {
-                pr_err("read a zero ratio, should be incorrect!\n");
-                pr_err("force tsc ratio to 16 ...\n");
-                ratio = 16;
-        }
-        rdmsr(MSR_FSB_FREQ, lo, hi);
-        if ((lo & 0x7) == 0x7)
-                fsb = PENWELL_FSB_FREQ_83SKU;
-        else
-                fsb = PENWELL_FSB_FREQ_100SKU;
-        fast_calibrate = ratio * fsb;
-        pr_debug("read penwell tsc %lu khz\n", fast_calibrate);
-        lapic_timer_frequency = fsb * 1000 / HZ;
-        /* mark tsc clocksource as reliable */
-        set_cpu_cap(&boot_cpu_data, X86_FEATURE_TSC_RELIABLE);
-        if (fast_calibrate)
-                return fast_calibrate;
        return 0;
 }
@@ -125,13 +105,37 @@ static void __init intel_mid_time_init(void)
 static void intel_mid_arch_setup(void)
 {
-        if (boot_cpu_data.x86 == 6 && boot_cpu_data.x86_model == 0x27)
+        if (boot_cpu_data.x86 != 6) {
-                __intel_mid_cpu_chip = INTEL_MID_CPU_CHIP_PENWELL;
-        else {
                pr_err("Unknown Intel MID CPU (%d:%d), default to Penwell\n",
                        boot_cpu_data.x86, boot_cpu_data.x86_model);
                __intel_mid_cpu_chip = INTEL_MID_CPU_CHIP_PENWELL;
+                goto out;
        }
+        switch (boot_cpu_data.x86_model) {
+        case 0x35:
+                __intel_mid_cpu_chip = INTEL_MID_CPU_CHIP_CLOVERVIEW;
+                break;
+        case 0x3C:
+        case 0x4A:
+                __intel_mid_cpu_chip = INTEL_MID_CPU_CHIP_TANGIER;
+                break;
+        case 0x27:
+        default:
+                __intel_mid_cpu_chip = INTEL_MID_CPU_CHIP_PENWELL;
+                break;
+        }
+        if (__intel_mid_cpu_chip < MAX_CPU_OPS(get_intel_mid_ops))
+                intel_mid_ops = get_intel_mid_ops[__intel_mid_cpu_chip]();
+        else {
+                intel_mid_ops = get_intel_mid_ops[INTEL_MID_CPU_CHIP_PENWELL]();
+                pr_info("ARCH: Uknown SoC, assuming PENWELL!\n");
+        }
+out:
+        if (intel_mid_ops->arch_setup)
+                intel_mid_ops->arch_setup();
 }
 /* MID systems don't have i8042 controller */
diff --git a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
new file mode 100644
index 000000000000..46aa25c8ce06
--- /dev/null
+++ b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
@@ -0,0 +1,19 @@
+/*
+ * intel_mid_weak_decls.h: Weak declarations of intel-mid.c
+ *
+ * (C) Copyright 2013 Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2
+ * of the License.
+ */
+/* __attribute__((weak)) makes these declarations overridable */
+/* For every CPU addition a new get_<cpuname>_ops interface needs
+ * to be added.
+ */
+extern void *get_penwell_ops(void) __attribute__((weak));
+extern void *get_cloverview_ops(void) __attribute__((weak));
+extern void *get_tangier_ops(void) __attribute__((weak));
diff --git a/arch/x86/platform/intel-mid/mfld.c b/arch/x86/platform/intel-mid/mfld.c
new file mode 100644
index 000000000000..23381d2174ae
--- /dev/null
+++ b/arch/x86/platform/intel-mid/mfld.c
@@ -0,0 +1,75 @@
+/*
+ * mfld.c: Intel Medfield platform setup code
+ *
+ * (C) Copyright 2013 Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2
+ * of the License.
+ */
+#include <linux/init.h>
+#include <asm/apic.h>
+#include <asm/intel-mid.h>
+#include <asm/intel_mid_vrtc.h>
+#include "intel_mid_weak_decls.h"
+static void penwell_arch_setup(void);
+/* penwell arch ops */
+static struct intel_mid_ops penwell_ops = {
+        .arch_setup = penwell_arch_setup,
+};
+static void mfld_power_off(void)
+{
+}
+static unsigned long __init mfld_calibrate_tsc(void)
+{
+        unsigned long fast_calibrate;
+        u32 lo, hi, ratio, fsb;
+        rdmsr(MSR_IA32_PERF_STATUS, lo, hi);
+        pr_debug("IA32 perf status is 0x%x, 0x%0x\n", lo, hi);
+        ratio = (hi >> 8) & 0x1f;
+        pr_debug("ratio is %d\n", ratio);
+        if (!ratio) {
+                pr_err("read a zero ratio, should be incorrect!\n");
+                pr_err("force tsc ratio to 16 ...\n");
+                ratio = 16;
+        }
+        rdmsr(MSR_FSB_FREQ, lo, hi);
+        if ((lo & 0x7) == 0x7)
+                fsb = FSB_FREQ_83SKU;
+        else
+                fsb = FSB_FREQ_100SKU;
+        fast_calibrate = ratio * fsb;
+        pr_debug("read penwell tsc %lu khz\n", fast_calibrate);
+        lapic_timer_frequency = fsb * 1000 / HZ;
+        /* mark tsc clocksource as reliable */
+        set_cpu_cap(&boot_cpu_data, X86_FEATURE_TSC_RELIABLE);
+        if (fast_calibrate)
+                return fast_calibrate;
+        return 0;
+}
+static void __init penwell_arch_setup(void)
+{
+        x86_platform.calibrate_tsc = mfld_calibrate_tsc;
+        pm_power_off = mfld_power_off;
+}
+void *get_penwell_ops(void)
+{
+        return &penwell_ops;
+}
+void *get_cloverview_ops(void)
+{
+        return &penwell_ops;
+}
diff --git a/arch/x86/platform/intel-mid/mrfl.c b/arch/x86/platform/intel-mid/mrfl.c
new file mode 100644
index 000000000000..aaca91753d32
--- /dev/null
+++ b/arch/x86/platform/intel-mid/mrfl.c
@@ -0,0 +1,103 @@
+/*
+ * mrfl.c: Intel Merrifield platform specific setup code
+ *
+ * (C) Copyright 2013 Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2
+ * of the License.
+ */
+#include <linux/init.h>
+#include <asm/apic.h>
+#include <asm/intel-mid.h>
+#include "intel_mid_weak_decls.h"
+static unsigned long __init tangier_calibrate_tsc(void)
+{
+        unsigned long fast_calibrate;
+        u32 lo, hi, ratio, fsb, bus_freq;
+        /* *********************** */
+        /* Compute TSC:Ratio * FSB */
+        /* *********************** */
+        /* Compute Ratio */
+        rdmsr(MSR_PLATFORM_INFO, lo, hi);
+        pr_debug("IA32 PLATFORM_INFO is 0x%x : %x\n", hi, lo);
+        ratio = (lo >> 8) & 0xFF;
+        pr_debug("ratio is %d\n", ratio);
+        if (!ratio) {
+                pr_err("Read a zero ratio, force tsc ratio to 4 ...\n");
+                ratio = 4;
+        }
+        /* Compute FSB */
+        rdmsr(MSR_FSB_FREQ, lo, hi);
+        pr_debug("Actual FSB frequency detected by SOC 0x%x : %x\n",
+                        hi, lo);
+        bus_freq = lo & 0x7;
+        pr_debug("bus_freq = 0x%x\n", bus_freq);
+        if (bus_freq == 0)
+                fsb = FSB_FREQ_100SKU;
+        else if (bus_freq == 1)
+                fsb = FSB_FREQ_100SKU;
+        else if (bus_freq == 2)
+                fsb = FSB_FREQ_133SKU;
+        else if (bus_freq == 3)
+                fsb = FSB_FREQ_167SKU;
+        else if (bus_freq == 4)
+                fsb = FSB_FREQ_83SKU;
+        else if (bus_freq == 5)
+                fsb = FSB_FREQ_400SKU;
+        else if (bus_freq == 6)
+                fsb = FSB_FREQ_267SKU;
+        else if (bus_freq == 7)
+                fsb = FSB_FREQ_333SKU;
+        else {
+                BUG();
+                pr_err("Invalid bus_freq! Setting to minimal value!\n");
+                fsb = FSB_FREQ_100SKU;
+        }
+        /* TSC = FSB Freq * Resolved HFM Ratio */
+        fast_calibrate = ratio * fsb;
+        pr_debug("calculate tangier tsc %lu KHz\n", fast_calibrate);
+        /* ************************************ */
+        /* Calculate Local APIC Timer Frequency */
+        /* ************************************ */
+        lapic_timer_frequency = (fsb * 1000) / HZ;
+        pr_debug("Setting lapic_timer_frequency = %d\n",
+                        lapic_timer_frequency);
+        /* mark tsc clocksource as reliable */
+        set_cpu_cap(&boot_cpu_data, X86_FEATURE_TSC_RELIABLE);
+        if (fast_calibrate)
+                return fast_calibrate;
+        return 0;
+}
+static void __init tangier_arch_setup(void)
+{
+        x86_platform.calibrate_tsc = tangier_calibrate_tsc;
+}
+/* tangier arch ops */
+static struct intel_mid_ops tangier_ops = {
+        .arch_setup = tangier_arch_setup,
+};
+void *get_tangier_ops(void)
+{
+        return &tangier_ops;
+}
diff --git a/arch/x86/platform/intel-mid/sfi.c b/arch/x86/platform/intel-mid/sfi.c
index c84c1ca396bf..994c40bd7cb7 100644
--- a/arch/x86/platform/intel-mid/sfi.c
+++ b/arch/x86/platform/intel-mid/sfi.c
@@ -224,7 +224,7 @@ int get_gpio_by_name(const char *name)
                if (!strncmp(name, pentry->pin_name, SFI_NAME_LEN))
                        return pentry->pin_no;
        }
-        return -1;
+        return -EINVAL;
 }
 void __init intel_scu_device_register(struct platform_device *pdev)
@@ -250,7 +250,7 @@ static void __init intel_scu_spi_device_register(struct spi_board_info *sdev)
                        sdev->modalias);
                return;
        }
-        memcpy(new_dev, sdev, sizeof(*sdev));
+        *new_dev = *sdev;
        spi_devs[spi_next_dev++] = new_dev;
 }
@@ -271,7 +271,7 @@ static void __init intel_scu_i2c_device_register(int bus,
                        idev->type);
                return;
        }
-        memcpy(new_dev, idev, sizeof(*idev));
+        *new_dev = *idev;
        i2c_bus[i2c_next_dev] = bus;
        i2c_devs[i2c_next_dev++] = new_dev;
@@ -337,6 +337,8 @@ static void __init sfi_handle_ipc_dev(struct sfi_device_table_entry *pentry,
        pr_debug("IPC bus, name = %16.16s, irq = 0x%2x\n",
                pentry->name, pentry->irq);
        pdata = intel_mid_sfi_get_pdata(dev, pentry);
+        if (IS_ERR(pdata))
+                return;
        pdev = platform_device_alloc(pentry->name, 0);
        if (pdev == NULL) {
@@ -370,6 +372,8 @@ static void __init sfi_handle_spi_dev(struct sfi_device_table_entry *pentry,
                spi_info.chip_select);
        pdata = intel_mid_sfi_get_pdata(dev, &spi_info);
+        if (IS_ERR(pdata))
+                return;
        spi_info.platform_data = pdata;
        if (dev->delay)
@@ -395,6 +399,8 @@ static void __init sfi_handle_i2c_dev(struct sfi_device_table_entry *pentry,
                i2c_info.addr);
        pdata = intel_mid_sfi_get_pdata(dev, &i2c_info);
        i2c_info.platform_data = pdata;
+        if (IS_ERR(pdata))
+                return;
        if (dev->delay)
                intel_scu_i2c_device_register(pentry->host_num, &i2c_info);
@@ -443,13 +449,35 @@ static int __init sfi_parse_devs(struct sfi_table_header *table)
                         * so we have to enable them one by one here
                         */
                        ioapic = mp_find_ioapic(irq);
-                        irq_attr.ioapic = ioapic;
+                        if (ioapic >= 0) {
-                        irq_attr.ioapic_pin = irq;
+                                irq_attr.ioapic = ioapic;
-                        irq_attr.trigger = 1;
+                                irq_attr.ioapic_pin = irq;
-                        irq_attr.polarity = 1;
+                                irq_attr.trigger = 1;
-                        io_apic_set_pci_routing(NULL, irq, &irq_attr);
+                                if (intel_mid_identify_cpu() ==
-                } else
+                                                INTEL_MID_CPU_CHIP_TANGIER) {
+                                        if (!strncmp(pentry->name,
+                                                        "r69001-ts-i2c", 13))
+                                                /* active low */
+                                                irq_attr.polarity = 1;
+                                        else if (!strncmp(pentry->name,
+                                                        "synaptics_3202", 14))
+                                                /* active low */
+                                                irq_attr.polarity = 1;
+                                        else if (irq == 41)
+                                                /* fast_int_1 */
+                                                irq_attr.polarity = 1;
+                                        else
+                                                /* active high */
+                                                irq_attr.polarity = 0;
+                                } else {
+                                        /* PNW and CLV go with active low */
+                                        irq_attr.polarity = 1;
+                                }
+                                io_apic_set_pci_routing(NULL, irq, &irq_attr);
+                        }
+                } else {
                        irq = 0; /* No irq */
+                }
                dev = get_device_id(pentry->type, pentry->name);
diff --git a/arch/x86/platform/iris/iris.c b/arch/x86/platform/iris/iris.c
index e6cb80f620af..4d171e8640ef 100644
--- a/arch/x86/platform/iris/iris.c
+++ b/arch/x86/platform/iris/iris.c
@@ -27,7 +27,6 @@
 #include <linux/kernel.h>
 #include <linux/errno.h>
 #include <linux/delay.h>
-#include <linux/init.h>
 #include <linux/pm.h>
 #include <asm/io.h>
diff --git a/arch/x86/platform/olpc/olpc-xo15-sci.c b/arch/x86/platform/olpc/olpc-xo15-sci.c
index 649a12befba9..08e350e757dc 100644
--- a/arch/x86/platform/olpc/olpc-xo15-sci.c
+++ b/arch/x86/platform/olpc/olpc-xo15-sci.c
@@ -15,8 +15,7 @@
 #include <linux/power_supply.h>
 #include <linux/olpc-ec.h>
-#include <acpi/acpi_bus.h>
+#include <linux/acpi.h>
-#include <acpi/acpi_drivers.h>
 #include <asm/olpc.h>
 #define DRV_NAME                        "olpc-xo15-sci"
diff --git a/arch/x86/platform/ts5500/ts5500.c b/arch/x86/platform/ts5500/ts5500.c
index 39febb214e8c..9471b9456f25 100644
--- a/arch/x86/platform/ts5500/ts5500.c
+++ b/arch/x86/platform/ts5500/ts5500.c
@@ -88,7 +88,7 @@ struct ts5500_sbc {
 static const struct {
        const char * const string;
        const ssize_t offset;
-} ts5500_signatures[] __initdata = {
+} ts5500_signatures[] __initconst = {
        { "TS-5x00 AMD Elan", 0xb14 },
 };
diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c
index efe4d7220397..dfe605ac1bcd 100644
--- a/arch/x86/platform/uv/tlb_uv.c
+++ b/arch/x86/platform/uv/tlb_uv.c
@@ -433,15 +433,49 @@ static void reset_with_ipi(struct pnmask *distribution, struct bau_control *bcp)
        return;
 }
-static inline unsigned long cycles_2_us(unsigned long long cyc)
+/*
+ * Not to be confused with cycles_2_ns() from tsc.c; this gives a relative
+ * number, not an absolute. It converts a duration in cycles to a duration in
+ * ns.
+ */
+static inline unsigned long long cycles_2_ns(unsigned long long cyc)
 {
+        struct cyc2ns_data *data = cyc2ns_read_begin();
        unsigned long long ns;
-        unsigned long us;
-        int cpu = smp_processor_id();
-        ns =  (cyc * per_cpu(cyc2ns, cpu)) >> CYC2NS_SCALE_FACTOR;
+        ns = mul_u64_u32_shr(cyc, data->cyc2ns_mul, data->cyc2ns_shift);
-        us = ns / 1000;
-        return us;
+        cyc2ns_read_end(data);
+        return ns;
+}
+/*
+ * The reverse of the above; converts a duration in ns to a duration in cycles.
+ */ 
+static inline unsigned long long ns_2_cycles(unsigned long long ns)
+{
+        struct cyc2ns_data *data = cyc2ns_read_begin();
+        unsigned long long cyc;
+        cyc = (ns << data->cyc2ns_shift) / data->cyc2ns_mul;
+        cyc2ns_read_end(data);
+        return cyc;
+}
+static inline unsigned long cycles_2_us(unsigned long long cyc)
+{
+        return cycles_2_ns(cyc) / NSEC_PER_USEC;
+}
+static inline cycles_t sec_2_cycles(unsigned long sec)
+{
+        return ns_2_cycles(sec * NSEC_PER_SEC);
+}
+static inline unsigned long long usec_2_cycles(unsigned long usec)
+{
+        return ns_2_cycles(usec * NSEC_PER_USEC);
 }
 /*
@@ -668,16 +702,6 @@ static int wait_completion(struct bau_desc *bau_desc,
                                                                bcp, try);
 }
-static inline cycles_t sec_2_cycles(unsigned long sec)
-{
-        unsigned long ns;
-        cycles_t cyc;
-        ns = sec * 1000000000;
-        cyc = (ns << CYC2NS_SCALE_FACTOR)/(per_cpu(cyc2ns, smp_processor_id()));
-        return cyc;
-}
 /*
 * Our retries are blocked by all destination sw ack resources being
 * in use, and a timeout is pending. In that case hardware immediately
@@ -1327,16 +1351,6 @@ static void ptc_seq_stop(struct seq_file *file, void *data)
 {
 }
-static inline unsigned long long usec_2_cycles(unsigned long microsec)
-{
-        unsigned long ns;
-        unsigned long long cyc;
-        ns = microsec * 1000;
-        cyc = (ns << CYC2NS_SCALE_FACTOR)/(per_cpu(cyc2ns, smp_processor_id()));
-        return cyc;
-}
 /*
 * Display the statistics thru /proc/sgi_uv/ptc_statistics
 * 'data' points to the cpu number
diff --git a/arch/x86/platform/uv/uv_nmi.c b/arch/x86/platform/uv/uv_nmi.c
index 8eeccba73130..be27da60dc8f 100644
--- a/arch/x86/platform/uv/uv_nmi.c
+++ b/arch/x86/platform/uv/uv_nmi.c
@@ -74,7 +74,6 @@ static atomic_t	uv_in_nmi;
 static atomic_t uv_nmi_cpu = ATOMIC_INIT(-1);
 static atomic_t uv_nmi_cpus_in_nmi = ATOMIC_INIT(-1);
 static atomic_t uv_nmi_slave_continue;
-static atomic_t uv_nmi_kexec_failed;
 static cpumask_var_t uv_nmi_cpu_mask;
 /* Values for uv_nmi_slave_continue */
@@ -149,7 +148,8 @@ module_param_named(retry_count, uv_nmi_retry_count, int, 0644);
 *  "dump"      - dump process stack for each cpu
 *  "ips"       - dump IP info for each cpu
 *  "kdump"     - do crash dump
- *  "kdb"       - enter KDB/KGDB (default)
+ *  "kdb"       - enter KDB (default)
+ *  "kgdb"      - enter KGDB
 */
 static char uv_nmi_action[8] = "kdb";
 module_param_string(action, uv_nmi_action, sizeof(uv_nmi_action), 0644);
@@ -504,6 +504,7 @@ static void uv_nmi_touch_watchdogs(void)
 }
 #if defined(CONFIG_KEXEC)
+static atomic_t uv_nmi_kexec_failed;
 static void uv_nmi_kdump(int cpu, int master, struct pt_regs *regs)
 {
        /* Call crash to dump system state */
@@ -537,18 +538,45 @@ static inline void uv_nmi_kdump(int cpu, int master, struct pt_regs *regs)
 }
 #endif /* !CONFIG_KEXEC */
+#ifdef CONFIG_KGDB
 #ifdef CONFIG_KGDB_KDB
-/* Call KDB from NMI handler */
+static inline int uv_nmi_kdb_reason(void)
-static void uv_call_kdb(int cpu, struct pt_regs *regs, int master)
 {
-        int ret;
+        return KDB_REASON_SYSTEM_NMI;
+}
+#else /* !CONFIG_KGDB_KDB */
+static inline int uv_nmi_kdb_reason(void)
+{
+        /* Insure user is expecting to attach gdb remote */
+        if (uv_nmi_action_is("kgdb"))
+                return 0;
+        pr_err("UV: NMI error: KDB is not enabled in this kernel\n");
+        return -1;
+}
+#endif /* CONFIG_KGDB_KDB */
+/*
+ * Call KGDB/KDB from NMI handler
+ *
+ * Note that if both KGDB and KDB are configured, then the action of 'kgdb' or
+ * 'kdb' has no affect on which is used.  See the KGDB documention for further
+ * information.
+ */
+static void uv_call_kgdb_kdb(int cpu, struct pt_regs *regs, int master)
+{
        if (master) {
+                int reason = uv_nmi_kdb_reason();
+                int ret;
+                if (reason < 0)
+                        return;
                /* call KGDB NMI handler as MASTER */
-                ret = kgdb_nmicallin(cpu, X86_TRAP_NMI, regs,
+                ret = kgdb_nmicallin(cpu, X86_TRAP_NMI, regs, reason,
-                                        &uv_nmi_slave_continue);
+                                &uv_nmi_slave_continue);
                if (ret) {
-                        pr_alert("KDB returned error, is kgdboc set?\n");
+                        pr_alert("KGDB returned error, is kgdboc set?\n");
                        atomic_set(&uv_nmi_slave_continue, SLAVE_EXIT);
                }
        } else {
@@ -567,12 +595,12 @@ static void uv_call_kdb(int cpu, struct pt_regs *regs, int master)
        uv_nmi_sync_exit(master);
 }
-#else /* !CONFIG_KGDB_KDB */
+#else /* !CONFIG_KGDB */
-static inline void uv_call_kdb(int cpu, struct pt_regs *regs, int master)
+static inline void uv_call_kgdb_kdb(int cpu, struct pt_regs *regs, int master)
 {
-        pr_err("UV: NMI error: KGDB/KDB is not enabled in this kernel\n");
+        pr_err("UV: NMI error: KGDB is not enabled in this kernel\n");
 }
-#endif /* !CONFIG_KGDB_KDB */
+#endif /* !CONFIG_KGDB */
 /*
 * UV NMI handler
@@ -606,9 +634,9 @@ int uv_handle_nmi(unsigned int reason, struct pt_regs *regs)
        if (uv_nmi_action_is("ips") || uv_nmi_action_is("dump"))
                uv_nmi_dump_state(cpu, regs, master);
-        /* Call KDB if enabled */
+        /* Call KGDB/KDB if enabled */
-        else if (uv_nmi_action_is("kdb"))
+        else if (uv_nmi_action_is("kdb") || uv_nmi_action_is("kgdb"))
-                uv_call_kdb(cpu, regs, master);
+                uv_call_kgdb_kdb(cpu, regs, master);
        /* Clear per_cpu "in nmi" flag */
        atomic_set(&uv_cpu_nmi.state, UV_NMI_STATE_OUT);
@@ -634,7 +662,7 @@ int uv_handle_nmi(unsigned int reason, struct pt_regs *regs)
 /*
 * NMI handler for pulling in CPUs when perf events are grabbing our NMI
 */
-int uv_handle_nmi_ping(unsigned int reason, struct pt_regs *regs)
+static int uv_handle_nmi_ping(unsigned int reason, struct pt_regs *regs)
 {
        int ret;
@@ -651,7 +679,7 @@ int uv_handle_nmi_ping(unsigned int reason, struct pt_regs *regs)
        return ret;
 }
-void uv_register_nmi_notifier(void)
+static void uv_register_nmi_notifier(void)
 {
        if (register_nmi_handler(NMI_UNKNOWN, uv_handle_nmi, 0, "uv"))
                pr_warn("UV: NMI handler failed to register\n");
@@ -695,6 +723,5 @@ void uv_nmi_setup(void)
                uv_hub_nmi_per(cpu) = uv_hub_nmi_list[nid];
        }
        BUG_ON(!alloc_cpumask_var(&uv_nmi_cpu_mask, GFP_KERNEL));
+        uv_register_nmi_notifier();
 }
diff --git a/arch/x86/platform/visws/Makefile b/arch/x86/platform/visws/Makefile
deleted file mode 100644
index 91bc17ab2fd5..000000000000
--- a/arch/x86/platform/visws/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-obj-$(CONFIG_X86_VISWS) += visws_quirks.o
diff --git a/arch/x86/platform/visws/visws_quirks.c b/arch/x86/platform/visws/visws_quirks.c
deleted file mode 100644
index 94d8a39332ec..000000000000
--- a/arch/x86/platform/visws/visws_quirks.c
+++ /dev/null
@@ -1,608 +0,0 @@
-/*
- *  SGI Visual Workstation support and quirks, unmaintained.
- *
- *  Split out from setup.c by davej@suse.de
- *
- *      Copyright (C) 1999 Bent Hagemark, Ingo Molnar
- *
- *  SGI Visual Workstation interrupt controller
- *
- *  The Cobalt system ASIC in the Visual Workstation contains a "Cobalt" APIC
- *  which serves as the main interrupt controller in the system.  Non-legacy
- *  hardware in the system uses this controller directly.  Legacy devices
- *  are connected to the PIIX4 which in turn has its 8259(s) connected to
- *  a of the Cobalt APIC entry.
- *
- *  09/02/2000 - Updated for 2.4 by jbarnes@sgi.com
- *
- *  25/11/2002 - Updated for 2.5 by Andrey Panin <pazke@orbita1.ru>
- */
-#include <linux/interrupt.h>
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/smp.h>
-#include <asm/visws/cobalt.h>
-#include <asm/visws/piix4.h>
-#include <asm/io_apic.h>
-#include <asm/fixmap.h>
-#include <asm/reboot.h>
-#include <asm/setup.h>
-#include <asm/apic.h>
-#include <asm/e820.h>
-#include <asm/time.h>
-#include <asm/io.h>
-#include <linux/kernel_stat.h>
-#include <asm/i8259.h>
-#include <asm/irq_vectors.h>
-#include <asm/visws/lithium.h>
-#include <linux/sched.h>
-#include <linux/kernel.h>
-#include <linux/pci.h>
-#include <linux/pci_ids.h>
-extern int no_broadcast;
-char visws_board_type   = -1;
-char visws_board_rev    = -1;
-static void __init visws_time_init(void)
-{
-        printk(KERN_INFO "Starting Cobalt Timer system clock\n");
-        /* Set the countdown value */
-        co_cpu_write(CO_CPU_TIMEVAL, CO_TIME_HZ/HZ);
-        /* Start the timer */
-        co_cpu_write(CO_CPU_CTRL, co_cpu_read(CO_CPU_CTRL) | CO_CTRL_TIMERUN);
-        /* Enable (unmask) the timer interrupt */
-        co_cpu_write(CO_CPU_CTRL, co_cpu_read(CO_CPU_CTRL) & ~CO_CTRL_TIMEMASK);
-        setup_default_timer_irq();
-}
-/* Replaces the default init_ISA_irqs in the generic setup */
-static void __init visws_pre_intr_init(void);
-/* Quirk for machine specific memory setup. */
-#define MB (1024 * 1024)
-unsigned long sgivwfb_mem_phys;
-unsigned long sgivwfb_mem_size;
-EXPORT_SYMBOL(sgivwfb_mem_phys);
-EXPORT_SYMBOL(sgivwfb_mem_size);
-long long mem_size __initdata = 0;
-static char * __init visws_memory_setup(void)
-{
-        long long gfx_mem_size = 8 * MB;
-        mem_size = boot_params.alt_mem_k;
-        if (!mem_size) {
-                printk(KERN_WARNING "Bootloader didn't set memory size, upgrade it !\n");
-                mem_size = 128 * MB;
-        }
-        /*
-         * this hardcodes the graphics memory to 8 MB
-         * it really should be sized dynamically (or at least
-         * set as a boot param)
-         */
-        if (!sgivwfb_mem_size) {
-                printk(KERN_WARNING "Defaulting to 8 MB framebuffer size\n");
-                sgivwfb_mem_size = 8 * MB;
-        }
-        /*
-         * Trim to nearest MB
-         */
-        sgivwfb_mem_size &= ~((1 << 20) - 1);
-        sgivwfb_mem_phys = mem_size - gfx_mem_size;
-        e820_add_region(0, LOWMEMSIZE(), E820_RAM);
-        e820_add_region(HIGH_MEMORY, mem_size - sgivwfb_mem_size - HIGH_MEMORY, E820_RAM);
-        e820_add_region(sgivwfb_mem_phys, sgivwfb_mem_size, E820_RESERVED);
-        return "PROM";
-}
-static void visws_machine_emergency_restart(void)
-{
-        /*
-         * Visual Workstations restart after this
-         * register is poked on the PIIX4
-         */
-        outb(PIIX4_RESET_VAL, PIIX4_RESET_PORT);
-}
-static void visws_machine_power_off(void)
-{
-        unsigned short pm_status;
-/*      extern unsigned int pci_bus0; */
-        while ((pm_status = inw(PMSTS_PORT)) & 0x100)
-                outw(pm_status, PMSTS_PORT);
-        outw(PM_SUSPEND_ENABLE, PMCNTRL_PORT);
-        mdelay(10);
-#define PCI_CONF1_ADDRESS(bus, devfn, reg) \
-        (0x80000000 | (bus << 16) | (devfn << 8) | (reg & ~3))
-/*      outl(PCI_CONF1_ADDRESS(pci_bus0, SPECIAL_DEV, SPECIAL_REG), 0xCF8); */
-        outl(PIIX_SPECIAL_STOP, 0xCFC);
-}
-static void __init visws_get_smp_config(unsigned int early)
-{
-}
-/*
- * The Visual Workstation is Intel MP compliant in the hardware
- * sense, but it doesn't have a BIOS(-configuration table).
- * No problem for Linux.
- */
-static void __init MP_processor_info(struct mpc_cpu *m)
-{
-        int ver, logical_apicid;
-        physid_mask_t apic_cpus;
-        if (!(m->cpuflag & CPU_ENABLED))
-                return;
-        logical_apicid = m->apicid;
-        printk(KERN_INFO "%sCPU #%d %u:%u APIC version %d\n",
-               m->cpuflag & CPU_BOOTPROCESSOR ? "Bootup " : "",
-               m->apicid, (m->cpufeature & CPU_FAMILY_MASK) >> 8,
-               (m->cpufeature & CPU_MODEL_MASK) >> 4, m->apicver);
-        if (m->cpuflag & CPU_BOOTPROCESSOR)
-                boot_cpu_physical_apicid = m->apicid;
-        ver = m->apicver;
-        if ((ver >= 0x14 && m->apicid >= 0xff) || m->apicid >= 0xf) {
-                printk(KERN_ERR "Processor #%d INVALID. (Max ID: %d).\n",
-                        m->apicid, MAX_LOCAL_APIC);
-                return;
-        }
-        apic->apicid_to_cpu_present(m->apicid, &apic_cpus);
-        physids_or(phys_cpu_present_map, phys_cpu_present_map, apic_cpus);
-        /*
-         * Validate version
-         */
-        if (ver == 0x0) {
-                printk(KERN_ERR "BIOS bug, APIC version is 0 for CPU#%d! "
-                        "fixing up to 0x10. (tell your hw vendor)\n",
-                        m->apicid);
-                ver = 0x10;
-        }
-        apic_version[m->apicid] = ver;
-}
-static void __init visws_find_smp_config(void)
-{
-        struct mpc_cpu *mp = phys_to_virt(CO_CPU_TAB_PHYS);
-        unsigned short ncpus = readw(phys_to_virt(CO_CPU_NUM_PHYS));
-        if (ncpus > CO_CPU_MAX) {
-                printk(KERN_WARNING "find_visws_smp: got cpu count of %d at %p\n",
-                        ncpus, mp);
-                ncpus = CO_CPU_MAX;
-        }
-        if (ncpus > setup_max_cpus)
-                ncpus = setup_max_cpus;
-#ifdef CONFIG_X86_LOCAL_APIC
-        smp_found_config = 1;
-#endif
-        while (ncpus--)
-                MP_processor_info(mp++);
-        mp_lapic_addr = APIC_DEFAULT_PHYS_BASE;
-}
-static void visws_trap_init(void);
-void __init visws_early_detect(void)
-{
-        int raw;
-        visws_board_type = (char)(inb_p(PIIX_GPI_BD_REG) & PIIX_GPI_BD_REG)
-                                                         >> PIIX_GPI_BD_SHIFT;
-        if (visws_board_type < 0)
-                return;
-        /*
-         * Override the default platform setup functions
-         */
-        x86_init.resources.memory_setup = visws_memory_setup;
-        x86_init.mpparse.get_smp_config = visws_get_smp_config;
-        x86_init.mpparse.find_smp_config = visws_find_smp_config;
-        x86_init.irqs.pre_vector_init = visws_pre_intr_init;
-        x86_init.irqs.trap_init = visws_trap_init;
-        x86_init.timers.timer_init = visws_time_init;
-        x86_init.pci.init = pci_visws_init;
-        x86_init.pci.init_irq = x86_init_noop;
-        /*
-         * Install reboot quirks:
-         */
-        pm_power_off                    = visws_machine_power_off;
-        machine_ops.emergency_restart   = visws_machine_emergency_restart;
-        /*
-         * Do not use broadcast IPIs:
-         */
-        no_broadcast = 0;
-#ifdef CONFIG_X86_IO_APIC
-        /*
-         * Turn off IO-APIC detection and initialization:
-         */
-        skip_ioapic_setup               = 1;
-#endif
-        /*
-         * Get Board rev.
-         * First, we have to initialize the 307 part to allow us access
-         * to the GPIO registers.  Let's map them at 0x0fc0 which is right
-         * after the PIIX4 PM section.
-         */
-        outb_p(SIO_DEV_SEL, SIO_INDEX);
-        outb_p(SIO_GP_DEV, SIO_DATA);   /* Talk to GPIO regs. */
-        outb_p(SIO_DEV_MSB, SIO_INDEX);
-        outb_p(SIO_GP_MSB, SIO_DATA);   /* MSB of GPIO base address */
-        outb_p(SIO_DEV_LSB, SIO_INDEX);
-        outb_p(SIO_GP_LSB, SIO_DATA);   /* LSB of GPIO base address */
-        outb_p(SIO_DEV_ENB, SIO_INDEX);
-        outb_p(1, SIO_DATA);            /* Enable GPIO registers. */
-        /*
-         * Now, we have to map the power management section to write
-         * a bit which enables access to the GPIO registers.
-         * What lunatic came up with this shit?
-         */
-        outb_p(SIO_DEV_SEL, SIO_INDEX);
-        outb_p(SIO_PM_DEV, SIO_DATA);   /* Talk to GPIO regs. */
-        outb_p(SIO_DEV_MSB, SIO_INDEX);
-        outb_p(SIO_PM_MSB, SIO_DATA);   /* MSB of PM base address */
-        outb_p(SIO_DEV_LSB, SIO_INDEX);
-        outb_p(SIO_PM_LSB, SIO_DATA);   /* LSB of PM base address */
-        outb_p(SIO_DEV_ENB, SIO_INDEX);
-        outb_p(1, SIO_DATA);            /* Enable PM registers. */
-        /*
-         * Now, write the PM register which enables the GPIO registers.
-         */
-        outb_p(SIO_PM_FER2, SIO_PM_INDEX);
-        outb_p(SIO_PM_GP_EN, SIO_PM_DATA);
-        /*
-         * Now, initialize the GPIO registers.
-         * We want them all to be inputs which is the
-         * power on default, so let's leave them alone.
-         * So, let's just read the board rev!
-         */
-        raw = inb_p(SIO_GP_DATA1);
-        raw &= 0x7f;    /* 7 bits of valid board revision ID. */
-        if (visws_board_type == VISWS_320) {
-                if (raw < 0x6) {
-                        visws_board_rev = 4;
-                } else if (raw < 0xc) {
-                        visws_board_rev = 5;
-                } else {
-                        visws_board_rev = 6;
-                }
-        } else if (visws_board_type == VISWS_540) {
-                        visws_board_rev = 2;
-                } else {
-                        visws_board_rev = raw;
-                }
-        printk(KERN_INFO "Silicon Graphics Visual Workstation %s (rev %d) detected\n",
-               (visws_board_type == VISWS_320 ? "320" :
-               (visws_board_type == VISWS_540 ? "540" :
-                "unknown")), visws_board_rev);
-}
-#define A01234 (LI_INTA_0 | LI_INTA_1 | LI_INTA_2 | LI_INTA_3 | LI_INTA_4)
-#define BCD (LI_INTB | LI_INTC | LI_INTD)
-#define ALLDEVS (A01234 | BCD)
-static __init void lithium_init(void)
-{
-        set_fixmap(FIX_LI_PCIA, LI_PCI_A_PHYS);
-        set_fixmap(FIX_LI_PCIB, LI_PCI_B_PHYS);
-        if ((li_pcia_read16(PCI_VENDOR_ID) != PCI_VENDOR_ID_SGI) ||
-            (li_pcia_read16(PCI_DEVICE_ID) != PCI_DEVICE_ID_SGI_LITHIUM)) {
-                printk(KERN_EMERG "Lithium hostbridge %c not found\n", 'A');
-/*              panic("This machine is not SGI Visual Workstation 320/540"); */
-        }
-        if ((li_pcib_read16(PCI_VENDOR_ID) != PCI_VENDOR_ID_SGI) ||
-            (li_pcib_read16(PCI_DEVICE_ID) != PCI_DEVICE_ID_SGI_LITHIUM)) {
-                printk(KERN_EMERG "Lithium hostbridge %c not found\n", 'B');
-/*              panic("This machine is not SGI Visual Workstation 320/540"); */
-        }
-        li_pcia_write16(LI_PCI_INTEN, ALLDEVS);
-        li_pcib_write16(LI_PCI_INTEN, ALLDEVS);
-}
-static __init void cobalt_init(void)
-{
-        /*
-         * On normal SMP PC this is used only with SMP, but we have to
-         * use it and set it up here to start the Cobalt clock
-         */
-        set_fixmap(FIX_APIC_BASE, APIC_DEFAULT_PHYS_BASE);
-        setup_local_APIC();
-        printk(KERN_INFO "Local APIC Version %#x, ID %#x\n",
-                (unsigned int)apic_read(APIC_LVR),
-                (unsigned int)apic_read(APIC_ID));
-        set_fixmap(FIX_CO_CPU, CO_CPU_PHYS);
-        set_fixmap(FIX_CO_APIC, CO_APIC_PHYS);
-        printk(KERN_INFO "Cobalt Revision %#lx, APIC ID %#lx\n",
-                co_cpu_read(CO_CPU_REV), co_apic_read(CO_APIC_ID));
-        /* Enable Cobalt APIC being careful to NOT change the ID! */
-        co_apic_write(CO_APIC_ID, co_apic_read(CO_APIC_ID) | CO_APIC_ENABLE);
-        printk(KERN_INFO "Cobalt APIC enabled: ID reg %#lx\n",
-                co_apic_read(CO_APIC_ID));
-}
-static void __init visws_trap_init(void)
-{
-        lithium_init();
-        cobalt_init();
-}
-/*
- * IRQ controller / APIC support:
- */
-static DEFINE_SPINLOCK(cobalt_lock);
-/*
- * Set the given Cobalt APIC Redirection Table entry to point
- * to the given IDT vector/index.
- */
-static inline void co_apic_set(int entry, int irq)
-{
-        co_apic_write(CO_APIC_LO(entry), CO_APIC_LEVEL | (irq + FIRST_EXTERNAL_VECTOR));
-        co_apic_write(CO_APIC_HI(entry), 0);
-}
-/*
- * Cobalt (IO)-APIC functions to handle PCI devices.
- */
-static inline int co_apic_ide0_hack(void)
-{
-        extern char visws_board_type;
-        extern char visws_board_rev;
-        if (visws_board_type == VISWS_320 && visws_board_rev == 5)
-                return 5;
-        return CO_APIC_IDE0;
-}
-static int is_co_apic(unsigned int irq)
-{
-        if (IS_CO_APIC(irq))
-                return CO_APIC(irq);
-        switch (irq) {
-                case 0: return CO_APIC_CPU;
-                case CO_IRQ_IDE0: return co_apic_ide0_hack();
-                case CO_IRQ_IDE1: return CO_APIC_IDE1;
-                default: return -1;
-        }
-}
-/*
- * This is the SGI Cobalt (IO-)APIC:
- */
-static void enable_cobalt_irq(struct irq_data *data)
-{
-        co_apic_set(is_co_apic(data->irq), data->irq);
-}
-static void disable_cobalt_irq(struct irq_data *data)
-{
-        int entry = is_co_apic(data->irq);
-        co_apic_write(CO_APIC_LO(entry), CO_APIC_MASK);
-        co_apic_read(CO_APIC_LO(entry));
-}
-static void ack_cobalt_irq(struct irq_data *data)
-{
-        unsigned long flags;
-        spin_lock_irqsave(&cobalt_lock, flags);
-        disable_cobalt_irq(data);
-        apic_write(APIC_EOI, APIC_EOI_ACK);
-        spin_unlock_irqrestore(&cobalt_lock, flags);
-}
-static struct irq_chip cobalt_irq_type = {
-        .name           = "Cobalt-APIC",
-        .irq_enable     = enable_cobalt_irq,
-        .irq_disable    = disable_cobalt_irq,
-        .irq_ack        = ack_cobalt_irq,
-};
-/*
- * This is the PIIX4-based 8259 that is wired up indirectly to Cobalt
- * -- not the manner expected by the code in i8259.c.
- *
- * there is a 'master' physical interrupt source that gets sent to
- * the CPU. But in the chipset there are various 'virtual' interrupts
- * waiting to be handled. We represent this to Linux through a 'master'
- * interrupt controller type, and through a special virtual interrupt-
- * controller. Device drivers only see the virtual interrupt sources.
- */
-static unsigned int startup_piix4_master_irq(struct irq_data *data)
-{
-        legacy_pic->init(0);
-        enable_cobalt_irq(data);
-        return 0;
-}
-static struct irq_chip piix4_master_irq_type = {
-        .name           = "PIIX4-master",
-        .irq_startup    = startup_piix4_master_irq,
-        .irq_ack        = ack_cobalt_irq,
-};
-static void pii4_mask(struct irq_data *data) { }
-static struct irq_chip piix4_virtual_irq_type = {
-        .name           = "PIIX4-virtual",
-        .irq_mask       = pii4_mask,
-};
-/*
- * PIIX4-8259 master/virtual functions to handle interrupt requests
- * from legacy devices: floppy, parallel, serial, rtc.
- *
- * None of these get Cobalt APIC entries, neither do they have IDT
- * entries. These interrupts are purely virtual and distributed from
- * the 'master' interrupt source: CO_IRQ_8259.
- *
- * When the 8259 interrupts its handler figures out which of these
- * devices is interrupting and dispatches to its handler.
- *
- * CAREFUL: devices see the 'virtual' interrupt only. Thus disable/
- * enable_irq gets the right irq. This 'master' irq is never directly
- * manipulated by any driver.
- */
-static irqreturn_t piix4_master_intr(int irq, void *dev_id)
-{
-        unsigned long flags;
-        int realirq;
-        raw_spin_lock_irqsave(&i8259A_lock, flags);
-        /* Find out what's interrupting in the PIIX4 master 8259 */
-        outb(0x0c, 0x20);               /* OCW3 Poll command */
-        realirq = inb(0x20);
-        /*
-         * Bit 7 == 0 means invalid/spurious
-         */
-        if (unlikely(!(realirq & 0x80)))
-                goto out_unlock;
-        realirq &= 7;
-        if (unlikely(realirq == 2)) {
-                outb(0x0c, 0xa0);
-                realirq = inb(0xa0);
-                if (unlikely(!(realirq & 0x80)))
-                        goto out_unlock;
-                realirq = (realirq & 7) + 8;
-        }
-        /* mask and ack interrupt */
-        cached_irq_mask |= 1 << realirq;
-        if (unlikely(realirq > 7)) {
-                inb(0xa1);
-                outb(cached_slave_mask, 0xa1);
-                outb(0x60 + (realirq & 7), 0xa0);
-                outb(0x60 + 2, 0x20);
-        } else {
-                inb(0x21);
-                outb(cached_master_mask, 0x21);
-                outb(0x60 + realirq, 0x20);
-        }
-        raw_spin_unlock_irqrestore(&i8259A_lock, flags);
-        /*
-         * handle this 'virtual interrupt' as a Cobalt one now.
-         */
-        generic_handle_irq(realirq);
-        return IRQ_HANDLED;
-out_unlock:
-        raw_spin_unlock_irqrestore(&i8259A_lock, flags);
-        return IRQ_NONE;
-}
-static struct irqaction master_action = {
-        .handler =      piix4_master_intr,
-        .name =         "PIIX4-8259",
-        .flags =        IRQF_NO_THREAD,
-};
-static struct irqaction cascade_action = {
-        .handler =      no_action,
-        .name =         "cascade",
-        .flags =        IRQF_NO_THREAD,
-};
-static inline void set_piix4_virtual_irq_type(void)
-{
-        piix4_virtual_irq_type.irq_enable = i8259A_chip.irq_unmask;
-        piix4_virtual_irq_type.irq_disable = i8259A_chip.irq_mask;
-        piix4_virtual_irq_type.irq_unmask = i8259A_chip.irq_unmask;
-}
-static void __init visws_pre_intr_init(void)
-{
-        int i;
-        set_piix4_virtual_irq_type();
-        for (i = 0; i < CO_IRQ_APIC0 + CO_APIC_LAST + 1; i++) {
-                struct irq_chip *chip = NULL;
-                if (i == 0)
-                        chip = &cobalt_irq_type;
-                else if (i == CO_IRQ_IDE0)
-                        chip = &cobalt_irq_type;
-                else if (i == CO_IRQ_IDE1)
-                        chip = &cobalt_irq_type;
-                else if (i == CO_IRQ_8259)
-                        chip = &piix4_master_irq_type;
-                else if (i < CO_IRQ_APIC0)
-                        chip = &piix4_virtual_irq_type;
-                else if (IS_CO_APIC(i))
-                        chip = &cobalt_irq_type;
-                if (chip)
-                        irq_set_chip(i, chip);
-        }
-        setup_irq(CO_IRQ_8259, &master_action);
-        setup_irq(2, &cascade_action);
-}
diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
index a44f457e70a1..bad628a620c4 100644
--- a/arch/x86/realmode/init.c
+++ b/arch/x86/realmode/init.c
@@ -29,12 +29,10 @@ void __init reserve_real_mode(void)
 void __init setup_real_mode(void)
 {
        u16 real_mode_seg;
-        u32 *rel;
+        const u32 *rel;
        u32 count;
-        u32 *ptr;
-        u16 *seg;
-        int i;
        unsigned char *base;
+        unsigned long phys_base;
        struct trampoline_header *trampoline_header;
        size_t size = PAGE_ALIGN(real_mode_blob_end - real_mode_blob);
 #ifdef CONFIG_X86_64
@@ -46,23 +44,23 @@ void __init setup_real_mode(void)
        memcpy(base, real_mode_blob, size);
-        real_mode_seg = __pa(base) >> 4;
+        phys_base = __pa(base);
+        real_mode_seg = phys_base >> 4;
        rel = (u32 *) real_mode_relocs;
        /* 16-bit segment relocations. */
-        count = rel[0];
+        count = *rel++;
-        rel = &rel[1];
+        while (count--) {
-        for (i = 0; i < count; i++) {
+                u16 *seg = (u16 *) (base + *rel++);
-                seg = (u16 *) (base + rel[i]);
                *seg = real_mode_seg;
        }
        /* 32-bit linear relocations. */
-        count = rel[i];
+        count = *rel++;
-        rel =  &rel[i + 1];
+        while (count--) {
-        for (i = 0; i < count; i++) {
+                u32 *ptr = (u32 *) (base + *rel++);
-                ptr = (u32 *) (base + rel[i]);
+                *ptr += phys_base;
-                *ptr += __pa(base);
        }
        /* Must be perfomed *after* relocation. */
diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile
index 9cac82588cbc..3497f14e4dea 100644
--- a/arch/x86/realmode/rm/Makefile
+++ b/arch/x86/realmode/rm/Makefile
@@ -64,20 +64,7 @@ $(obj)/realmode.relocs: $(obj)/realmode.elf FORCE
 # ---------------------------------------------------------------------------
-# How to compile the 16-bit code.  Note we always compile for -march=i386,
+KBUILD_CFLAGS   := $(LINUXINCLUDE) $(REALMODE_CFLAGS) -D_SETUP -D_WAKEUP \
-# that way we can complain to the user if the CPU is insufficient.
+                   -I$(srctree)/arch/x86/boot
-KBUILD_CFLAGS   := $(LINUXINCLUDE) -m32 -g -Os -D_SETUP -D__KERNEL__ -D_WAKEUP \
-                   -I$(srctree)/arch/x86/boot \
-                   -DDISABLE_BRANCH_PROFILING \
-                   -Wall -Wstrict-prototypes \
-                   -march=i386 -mregparm=3 \
-                   -include $(srctree)/$(src)/../../boot/code16gcc.h \
-                   -fno-strict-aliasing -fomit-frame-pointer -fno-pic \
-                   -mno-mmx -mno-sse \
-                   $(call cc-option, -ffreestanding) \
-                   $(call cc-option, -fno-toplevel-reorder,\
-                   $(call cc-option, -fno-unit-at-a-time)) \
-                   $(call cc-option, -fno-stack-protector) \
-                   $(call cc-option, -mpreferred-stack-boundary=2)
 KBUILD_AFLAGS   := $(KBUILD_CFLAGS) -D__ASSEMBLY__
 GCOV_PROFILE := n
diff --git a/arch/x86/realmode/rm/reboot.S b/arch/x86/realmode/rm/reboot.S
index f932ea61d1c8..d66c607bdc58 100644
--- a/arch/x86/realmode/rm/reboot.S
+++ b/arch/x86/realmode/rm/reboot.S
@@ -1,5 +1,4 @@
 #include <linux/linkage.h>
-#include <linux/init.h>
 #include <asm/segment.h>
 #include <asm/page_types.h>
 #include <asm/processor-flags.h>
diff --git a/arch/x86/realmode/rm/trampoline_32.S b/arch/x86/realmode/rm/trampoline_32.S
index c1b2791183e7..48ddd76bc4c3 100644
--- a/arch/x86/realmode/rm/trampoline_32.S
+++ b/arch/x86/realmode/rm/trampoline_32.S
@@ -20,7 +20,6 @@
 */
 #include <linux/linkage.h>
-#include <linux/init.h>
 #include <asm/segment.h>
 #include <asm/page_types.h>
 #include "realmode.h"
diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S
index bb360dc39d21..dac7b20d2f9d 100644
--- a/arch/x86/realmode/rm/trampoline_64.S
+++ b/arch/x86/realmode/rm/trampoline_64.S
@@ -25,7 +25,6 @@
 */
 #include <linux/linkage.h>
-#include <linux/init.h>
 #include <asm/pgtable_types.h>
 #include <asm/page_types.h>
 #include <asm/msr.h>
diff --git a/arch/x86/syscalls/syscall_32.tbl b/arch/x86/syscalls/syscall_32.tbl
index aabfb8380a1c..96bc506ac6de 100644
--- a/arch/x86/syscalls/syscall_32.tbl
+++ b/arch/x86/syscalls/syscall_32.tbl
@@ -357,3 +357,5 @@
 348     i386    process_vm_writev       sys_process_vm_writev           compat_sys_process_vm_writev
 349     i386    kcmp                    sys_kcmp
 350     i386    finit_module            sys_finit_module
+351     i386    sched_setattr           sys_sched_setattr
+352     i386    sched_getattr           sys_sched_getattr
diff --git a/arch/x86/syscalls/syscall_64.tbl b/arch/x86/syscalls/syscall_64.tbl
index 38ae65dfd14f..04376ac3d9ef 100644
--- a/arch/x86/syscalls/syscall_64.tbl
+++ b/arch/x86/syscalls/syscall_64.tbl
@@ -320,6 +320,9 @@
 311     64      process_vm_writev       sys_process_vm_writev
 312     common  kcmp                    sys_kcmp
 313     common  finit_module            sys_finit_module
+314     common  sched_setattr           sys_sched_setattr
+315     common  sched_getattr           sys_sched_getattr
+316     common  renameat2               sys_renameat2
 #
 # x32-specific system call numbers start at 512 to avoid cache impact
diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
index f7bab68a4b83..bbb1d2259ecf 100644
--- a/arch/x86/tools/relocs.c
+++ b/arch/x86/tools/relocs.c
@@ -69,8 +69,8 @@ static const char * const sym_regex_kernel[S_NSYMTYPES] = {
        "__per_cpu_load|"
        "init_per_cpu__.*|"
        "__end_rodata_hpage_align|"
-        "__vvar_page|"
 #endif
+        "__vvar_page|"
        "_end)$"
 };
@@ -722,15 +722,25 @@ static void percpu_init(void)
 /*
 * Check to see if a symbol lies in the .data..percpu section.
- * For some as yet not understood reason the "__init_begin"
+ *
- * symbol which immediately preceeds the .data..percpu section
+ * The linker incorrectly associates some symbols with the
- * also shows up as it it were part of it so we do an explict
+ * .data..percpu section so we also need to check the symbol
- * check for that symbol name and ignore it.
+ * name to make sure that we classify the symbol correctly.
+ *
+ * The GNU linker incorrectly associates:
+ *      __init_begin
+ *      __per_cpu_load
+ *
+ * The "gold" linker incorrectly associates:
+ *      init_per_cpu__irq_stack_union
+ *      init_per_cpu__gdt_page
 */
 static int is_percpu_sym(ElfW(Sym) *sym, const char *symname)
 {
        return (sym->st_shndx == per_cpu_shndx) &&
-                strcmp(symname, "__init_begin");
+                strcmp(symname, "__init_begin") &&
+                strcmp(symname, "__per_cpu_load") &&
+                strncmp(symname, "init_per_cpu_", 13);
 }
@@ -1015,6 +1025,29 @@ static void emit_relocs(int as_text, int use_real_mode)
        }
 }
+/*
+ * As an aid to debugging problems with different linkers
+ * print summary information about the relocs.
+ * Since different linkers tend to emit the sections in
+ * different orders we use the section names in the output.
+ */
+static int do_reloc_info(struct section *sec, Elf_Rel *rel, ElfW(Sym) *sym,
+                                const char *symname)
+{
+        printf("%s\t%s\t%s\t%s\n",
+                sec_name(sec->shdr.sh_info),
+                rel_type(ELF_R_TYPE(rel->r_info)),
+                symname,
+                sec_name(sym->st_shndx));
+        return 0;
+}
+static void print_reloc_info(void)
+{
+        printf("reloc section\treloc type\tsymbol\tsymbol section\n");
+        walk_relocs(do_reloc_info);
+}
 #if ELF_BITS == 64
 # define process process_64
 #else
@@ -1022,7 +1055,8 @@ static void emit_relocs(int as_text, int use_real_mode)
 #endif
 void process(FILE *fp, int use_real_mode, int as_text,
-             int show_absolute_syms, int show_absolute_relocs)
+             int show_absolute_syms, int show_absolute_relocs,
+             int show_reloc_info)
 {
        regex_init(use_real_mode);
        read_ehdr(fp);
@@ -1040,5 +1074,9 @@ void process(FILE *fp, int use_real_mode, int as_text,
                print_absolute_relocs();
                return;
        }
+        if (show_reloc_info) {
+                print_reloc_info();
+                return;
+        }
        emit_relocs(as_text, use_real_mode);
 }
diff --git a/arch/x86/tools/relocs.h b/arch/x86/tools/relocs.h
index 07cdb1eca4fa..f59590645b68 100644
--- a/arch/x86/tools/relocs.h
+++ b/arch/x86/tools/relocs.h
@@ -29,8 +29,9 @@ enum symtype {
 };
 void process_32(FILE *fp, int use_real_mode, int as_text,
-                int show_absolute_syms, int show_absolute_relocs);
+                int show_absolute_syms, int show_absolute_relocs,
+                int show_reloc_info);
 void process_64(FILE *fp, int use_real_mode, int as_text,
-                int show_absolute_syms, int show_absolute_relocs);
+                int show_absolute_syms, int show_absolute_relocs,
+                int show_reloc_info);
 #endif /* RELOCS_H */
diff --git a/arch/x86/tools/relocs_common.c b/arch/x86/tools/relocs_common.c
index 44d396823a53..acab636bcb34 100644
--- a/arch/x86/tools/relocs_common.c
+++ b/arch/x86/tools/relocs_common.c
@@ -11,12 +11,13 @@ void die(char *fmt, ...)
 static void usage(void)
 {
-        die("relocs [--abs-syms|--abs-relocs|--text|--realmode] vmlinux\n");
+        die("relocs [--abs-syms|--abs-relocs|--reloc-info|--text|--realmode]" \
+            " vmlinux\n");
 }
 int main(int argc, char **argv)
 {
-        int show_absolute_syms, show_absolute_relocs;
+        int show_absolute_syms, show_absolute_relocs, show_reloc_info;
        int as_text, use_real_mode;
        const char *fname;
        FILE *fp;
@@ -25,6 +26,7 @@ int main(int argc, char **argv)
        show_absolute_syms = 0;
        show_absolute_relocs = 0;
+        show_reloc_info = 0;
        as_text = 0;
        use_real_mode = 0;
        fname = NULL;
@@ -39,6 +41,10 @@ int main(int argc, char **argv)
                                show_absolute_relocs = 1;
                                continue;
                        }
+                        if (strcmp(arg, "--reloc-info") == 0) {
+                                show_reloc_info = 1;
+                                continue;
+                        }
                        if (strcmp(arg, "--text") == 0) {
                                as_text = 1;
                                continue;
@@ -67,10 +73,12 @@ int main(int argc, char **argv)
        rewind(fp);
        if (e_ident[EI_CLASS] == ELFCLASS64)
                process_64(fp, use_real_mode, as_text,
-                           show_absolute_syms, show_absolute_relocs);
+                           show_absolute_syms, show_absolute_relocs,
+                           show_reloc_info);
        else
                process_32(fp, use_real_mode, as_text,
-                           show_absolute_syms, show_absolute_relocs);
+                           show_absolute_syms, show_absolute_relocs,
+                           show_reloc_info);
        fclose(fp);
        return 0;
 }
diff --git a/arch/x86/um/asm/barrier.h b/arch/x86/um/asm/barrier.h
index 7d01b8c56c00..cc04e67bfd05 100644
--- a/arch/x86/um/asm/barrier.h
+++ b/arch/x86/um/asm/barrier.h
@@ -40,11 +40,7 @@
 #define smp_rmb()       barrier()
 #endif /* CONFIG_X86_PPRO_FENCE */
-#ifdef CONFIG_X86_OOSTORE
-#define smp_wmb()       wmb()
-#else /* CONFIG_X86_OOSTORE */
 #define smp_wmb()       barrier()
-#endif /* CONFIG_X86_OOSTORE */
 #define smp_read_barrier_depends()      read_barrier_depends()
 #define set_mb(var, value) do { (void)xchg(&var, value); } while (0)
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
index fd14be1d1472..c580d1210ffe 100644
--- a/arch/x86/vdso/Makefile
+++ b/arch/x86/vdso/Makefile
@@ -2,6 +2,8 @@
 # Building vDSO images for x86.
 #
+KBUILD_CFLAGS += $(DISABLE_LTO)
 VDSO64-$(CONFIG_X86_64)         := y
 VDSOX32-$(CONFIG_X86_X32_ABI)   := y
 VDSO32-$(CONFIG_X86_32)         := y
@@ -21,7 +23,8 @@ vobjs-$(VDSOX32-y) += $(vobjx32s-compat)
 vobj64s := $(filter-out $(vobjx32s-compat),$(vobjs-y))
 # files to link into kernel
-obj-$(VDSO64-y)                 += vma.o vdso.o
+obj-y                           += vma.o
+obj-$(VDSO64-y)                 += vdso.o
 obj-$(VDSOX32-y)                += vdsox32.o
 obj-$(VDSO32-y)                 += vdso32.o vdso32-setup.o
@@ -35,7 +38,8 @@ export CPPFLAGS_vdso.lds += -P -C
 VDSO_LDFLAGS_vdso.lds = -m64 -Wl,-soname=linux-vdso.so.1 \
                        -Wl,--no-undefined \
-                        -Wl,-z,max-page-size=4096 -Wl,-z,common-page-size=4096
+                        -Wl,-z,max-page-size=4096 -Wl,-z,common-page-size=4096 \
+                        $(DISABLE_LTO)
 $(obj)/vdso.o: $(src)/vdso.S $(obj)/vdso.so
@@ -127,7 +131,7 @@ vdso32.so-$(VDSO32-y)		+= sysenter
 vdso32-images                   = $(vdso32.so-y:%=vdso32-%.so)
 CPPFLAGS_vdso32.lds = $(CPPFLAGS_vdso.lds)
-VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-soname=linux-gate.so.1
+VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-m,elf_i386 -Wl,-soname=linux-gate.so.1
 # This makes sure the $(obj) subdirectory exists even though vdso32/
 # is not a kbuild sub-make subdirectory.
@@ -135,7 +139,7 @@ override obj-dirs = $(dir $(obj)) $(obj)/vdso32/
 targets += vdso32/vdso32.lds
 targets += $(vdso32-images) $(vdso32-images:=.dbg)
-targets += vdso32/note.o $(vdso32.so-y:%=vdso32/%.o)
+targets += vdso32/note.o vdso32/vclock_gettime.o $(vdso32.so-y:%=vdso32/%.o)
 extra-y += $(vdso32-images)
@@ -145,8 +149,19 @@ KBUILD_AFLAGS_32 := $(filter-out -m64,$(KBUILD_AFLAGS))
 $(vdso32-images:%=$(obj)/%.dbg): KBUILD_AFLAGS = $(KBUILD_AFLAGS_32)
 $(vdso32-images:%=$(obj)/%.dbg): asflags-$(CONFIG_X86_64) += -m32
+KBUILD_CFLAGS_32 := $(filter-out -m64,$(KBUILD_CFLAGS))
+KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32))
+KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32))
+KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32))
+KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic
+KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector)
+KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls)
+KBUILD_CFLAGS_32 += -fno-omit-frame-pointer
+$(vdso32-images:%=$(obj)/%.dbg): KBUILD_CFLAGS = $(KBUILD_CFLAGS_32)
 $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
                                 $(obj)/vdso32/vdso32.lds \
+                                 $(obj)/vdso32/vclock_gettime.o \
                                 $(obj)/vdso32/note.o \
                                 $(obj)/vdso32/%.o
        $(call if_changed,vdso)
@@ -181,7 +196,8 @@ quiet_cmd_vdso = VDSO    $@
                       -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \
                 sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
-VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv)
+VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
+                $(LTO_CFLAGS)
 GCOV_PROFILE := n
 #
diff --git a/arch/x86/vdso/vclock_gettime.c b/arch/x86/vdso/vclock_gettime.c
index eb5d7a56f8d4..16d686171e9a 100644
--- a/arch/x86/vdso/vclock_gettime.c
+++ b/arch/x86/vdso/vclock_gettime.c
@@ -4,6 +4,9 @@
 *
 * Fast user context implementation of clock_gettime, gettimeofday, and time.
 *
+ * 32 Bit compat layer by Stefani Seibold <stefani@seibold.net>
+ *  sponsored by Rohde & Schwarz GmbH & Co. KG Munich/Germany
+ *
 * The code should have no internal unresolved relocations.
 * Check with readelf after changing.
 */
@@ -11,56 +14,55 @@
 /* Disable profiling for userspace code: */
 #define DISABLE_BRANCH_PROFILING
-#include <linux/kernel.h>
+#include <uapi/linux/time.h>
-#include <linux/posix-timers.h>
-#include <linux/time.h>
-#include <linux/string.h>
-#include <asm/vsyscall.h>
-#include <asm/fixmap.h>
 #include <asm/vgtod.h>
-#include <asm/timex.h>
 #include <asm/hpet.h>
+#include <asm/vvar.h>
 #include <asm/unistd.h>
-#include <asm/io.h>
+#include <asm/msr.h>
-#include <asm/pvclock.h>
+#include <linux/math64.h>
+#include <linux/time.h>
 #define gtod (&VVAR(vsyscall_gtod_data))
-notrace static cycle_t vread_tsc(void)
+extern int __vdso_clock_gettime(clockid_t clock, struct timespec *ts);
+extern int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz);
+extern time_t __vdso_time(time_t *t);
+#ifdef CONFIG_HPET_TIMER
+static inline u32 read_hpet_counter(const volatile void *addr)
 {
-        cycle_t ret;
+        return *(const volatile u32 *) (addr + HPET_COUNTER);
-        u64 last;
+}
+#endif
-        /*
+#ifndef BUILD_VDSO32
-         * Empirically, a fence (of type that depends on the CPU)
-         * before rdtsc is enough to ensure that rdtsc is ordered
-         * with respect to loads.  The various CPU manuals are unclear
-         * as to whether rdtsc can be reordered with later loads,
-         * but no one has ever seen it happen.
-         */
-        rdtsc_barrier();
-        ret = (cycle_t)vget_cycles();
-        last = VVAR(vsyscall_gtod_data).clock.cycle_last;
+#include <linux/kernel.h>
+#include <asm/vsyscall.h>
+#include <asm/fixmap.h>
+#include <asm/pvclock.h>
-        if (likely(ret >= last))
+static notrace cycle_t vread_hpet(void)
-                return ret;
+{
+        return read_hpet_counter((const void *)fix_to_virt(VSYSCALL_HPET));
+}
-        /*
+notrace static long vdso_fallback_gettime(long clock, struct timespec *ts)
-         * GCC likes to generate cmov here, but this branch is extremely
+{
-         * predictable (it's just a funciton of time and the likely is
+        long ret;
-         * very likely) and there's a data dependence, so force GCC
+        asm("syscall" : "=a" (ret) :
-         * to generate a branch instead.  I don't barrier() because
+            "0" (__NR_clock_gettime), "D" (clock), "S" (ts) : "memory");
-         * we don't actually need a barrier, and if this function
+        return ret;
-         * ever gets inlined it will generate worse code.
-         */
-        asm volatile ("");
-        return last;
 }
-static notrace cycle_t vread_hpet(void)
+notrace static long vdso_fallback_gtod(struct timeval *tv, struct timezone *tz)
 {
-        return readl((const void __iomem *)fix_to_virt(VSYSCALL_HPET) + HPET_COUNTER);
+        long ret;
+        asm("syscall" : "=a" (ret) :
+            "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "memory");
+        return ret;
 }
 #ifdef CONFIG_PARAVIRT_CLOCK
@@ -124,7 +126,7 @@ static notrace cycle_t vread_pvclock(int *mode)
                *mode = VCLOCK_NONE;
        /* refer to tsc.c read_tsc() comment for rationale */
-        last = VVAR(vsyscall_gtod_data).clock.cycle_last;
+        last = gtod->cycle_last;
        if (likely(ret >= last))
                return ret;
@@ -133,11 +135,30 @@ static notrace cycle_t vread_pvclock(int *mode)
 }
 #endif
+#else
+extern u8 hpet_page
+        __attribute__((visibility("hidden")));
+#ifdef CONFIG_HPET_TIMER
+static notrace cycle_t vread_hpet(void)
+{
+        return read_hpet_counter((const void *)(&hpet_page));
+}
+#endif
 notrace static long vdso_fallback_gettime(long clock, struct timespec *ts)
 {
        long ret;
-        asm("syscall" : "=a" (ret) :
-            "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "memory");
+        asm(
+                "mov %%ebx, %%edx \n"
+                "mov %2, %%ebx \n"
+                "call VDSO32_vsyscall \n"
+                "mov %%edx, %%ebx \n"
+                : "=a" (ret)
+                : "0" (__NR_clock_gettime), "g" (clock), "c" (ts)
+                : "memory", "edx");
        return ret;
 }
@@ -145,28 +166,79 @@ notrace static long vdso_fallback_gtod(struct timeval *tv, struct timezone *tz)
 {
        long ret;
-        asm("syscall" : "=a" (ret) :
+        asm(
-            "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "memory");
+                "mov %%ebx, %%edx \n"
+                "mov %2, %%ebx \n"
+                "call VDSO32_vsyscall \n"
+                "mov %%edx, %%ebx \n"
+                : "=a" (ret)
+                : "0" (__NR_gettimeofday), "g" (tv), "c" (tz)
+                : "memory", "edx");
        return ret;
 }
+#ifdef CONFIG_PARAVIRT_CLOCK
+static notrace cycle_t vread_pvclock(int *mode)
+{
+        *mode = VCLOCK_NONE;
+        return 0;
+}
+#endif
+#endif
+notrace static cycle_t vread_tsc(void)
+{
+        cycle_t ret;
+        u64 last;
+        /*
+         * Empirically, a fence (of type that depends on the CPU)
+         * before rdtsc is enough to ensure that rdtsc is ordered
+         * with respect to loads.  The various CPU manuals are unclear
+         * as to whether rdtsc can be reordered with later loads,
+         * but no one has ever seen it happen.
+         */
+        rdtsc_barrier();
+        ret = (cycle_t)__native_read_tsc();
+        last = gtod->cycle_last;
+        if (likely(ret >= last))
+                return ret;
+        /*
+         * GCC likes to generate cmov here, but this branch is extremely
+         * predictable (it's just a funciton of time and the likely is
+         * very likely) and there's a data dependence, so force GCC
+         * to generate a branch instead.  I don't barrier() because
+         * we don't actually need a barrier, and if this function
+         * ever gets inlined it will generate worse code.
+         */
+        asm volatile ("");
+        return last;
+}
 notrace static inline u64 vgetsns(int *mode)
 {
-        long v;
+        u64 v;
        cycles_t cycles;
-        if (gtod->clock.vclock_mode == VCLOCK_TSC)
+        if (gtod->vclock_mode == VCLOCK_TSC)
                cycles = vread_tsc();
-        else if (gtod->clock.vclock_mode == VCLOCK_HPET)
+#ifdef CONFIG_HPET_TIMER
+        else if (gtod->vclock_mode == VCLOCK_HPET)
                cycles = vread_hpet();
+#endif
 #ifdef CONFIG_PARAVIRT_CLOCK
-        else if (gtod->clock.vclock_mode == VCLOCK_PVCLOCK)
+        else if (gtod->vclock_mode == VCLOCK_PVCLOCK)
                cycles = vread_pvclock(mode);
 #endif
        else
                return 0;
-        v = (cycles - gtod->clock.cycle_last) & gtod->clock.mask;
+        v = (cycles - gtod->cycle_last) & gtod->mask;
-        return v * gtod->clock.mult;
+        return v * gtod->mult;
 }
 /* Code size doesn't matter (vdso is 4k anyway) and this is faster. */
@@ -176,106 +248,102 @@ notrace static int __always_inline do_realtime(struct timespec *ts)
        u64 ns;
        int mode;
-        ts->tv_nsec = 0;
        do {
-                seq = raw_read_seqcount_begin(&gtod->seq);
+                seq = gtod_read_begin(gtod);
-                mode = gtod->clock.vclock_mode;
+                mode = gtod->vclock_mode;
                ts->tv_sec = gtod->wall_time_sec;
                ns = gtod->wall_time_snsec;
                ns += vgetsns(&mode);
-                ns >>= gtod->clock.shift;
+                ns >>= gtod->shift;
-        } while (unlikely(read_seqcount_retry(&gtod->seq, seq)));
+        } while (unlikely(gtod_read_retry(gtod, seq)));
+        ts->tv_sec += __iter_div_u64_rem(ns, NSEC_PER_SEC, &ns);
+        ts->tv_nsec = ns;
-        timespec_add_ns(ts, ns);
        return mode;
 }
-notrace static int do_monotonic(struct timespec *ts)
+notrace static int __always_inline do_monotonic(struct timespec *ts)
 {
        unsigned long seq;
        u64 ns;
        int mode;
-        ts->tv_nsec = 0;
        do {
-                seq = raw_read_seqcount_begin(&gtod->seq);
+                seq = gtod_read_begin(gtod);
-                mode = gtod->clock.vclock_mode;
+                mode = gtod->vclock_mode;
                ts->tv_sec = gtod->monotonic_time_sec;
                ns = gtod->monotonic_time_snsec;
                ns += vgetsns(&mode);
-                ns >>= gtod->clock.shift;
+                ns >>= gtod->shift;
-        } while (unlikely(read_seqcount_retry(&gtod->seq, seq)));
+        } while (unlikely(gtod_read_retry(gtod, seq)));
-        timespec_add_ns(ts, ns);
+        ts->tv_sec += __iter_div_u64_rem(ns, NSEC_PER_SEC, &ns);
+        ts->tv_nsec = ns;
        return mode;
 }
-notrace static int do_realtime_coarse(struct timespec *ts)
+notrace static void do_realtime_coarse(struct timespec *ts)
 {
        unsigned long seq;
        do {
-                seq = raw_read_seqcount_begin(&gtod->seq);
+                seq = gtod_read_begin(gtod);
-                ts->tv_sec = gtod->wall_time_coarse.tv_sec;
+                ts->tv_sec = gtod->wall_time_coarse_sec;
-                ts->tv_nsec = gtod->wall_time_coarse.tv_nsec;
+                ts->tv_nsec = gtod->wall_time_coarse_nsec;
-        } while (unlikely(read_seqcount_retry(&gtod->seq, seq)));
+        } while (unlikely(gtod_read_retry(gtod, seq)));
-        return 0;
 }
-notrace static int do_monotonic_coarse(struct timespec *ts)
+notrace static void do_monotonic_coarse(struct timespec *ts)
 {
        unsigned long seq;
        do {
-                seq = raw_read_seqcount_begin(&gtod->seq);
+                seq = gtod_read_begin(gtod);
-                ts->tv_sec = gtod->monotonic_time_coarse.tv_sec;
+                ts->tv_sec = gtod->monotonic_time_coarse_sec;
-                ts->tv_nsec = gtod->monotonic_time_coarse.tv_nsec;
+                ts->tv_nsec = gtod->monotonic_time_coarse_nsec;
-        } while (unlikely(read_seqcount_retry(&gtod->seq, seq)));
+        } while (unlikely(gtod_read_retry(gtod, seq)));
-        return 0;
 }
 notrace int __vdso_clock_gettime(clockid_t clock, struct timespec *ts)
 {
-        int ret = VCLOCK_NONE;
        switch (clock) {
        case CLOCK_REALTIME:
-                ret = do_realtime(ts);
+                if (do_realtime(ts) == VCLOCK_NONE)
+                        goto fallback;
                break;
        case CLOCK_MONOTONIC:
-                ret = do_monotonic(ts);
+                if (do_monotonic(ts) == VCLOCK_NONE)
+                        goto fallback;
                break;
        case CLOCK_REALTIME_COARSE:
-                return do_realtime_coarse(ts);
+                do_realtime_coarse(ts);
+                break;
        case CLOCK_MONOTONIC_COARSE:
-                return do_monotonic_coarse(ts);
+                do_monotonic_coarse(ts);
+                break;
+        default:
+                goto fallback;
        }
-        if (ret == VCLOCK_NONE)
-                return vdso_fallback_gettime(clock, ts);
        return 0;
+fallback:
+        return vdso_fallback_gettime(clock, ts);
 }
 int clock_gettime(clockid_t, struct timespec *)
        __attribute__((weak, alias("__vdso_clock_gettime")));
 notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
 {
-        long ret = VCLOCK_NONE;
        if (likely(tv != NULL)) {
-                BUILD_BUG_ON(offsetof(struct timeval, tv_usec) !=
+                if (unlikely(do_realtime((struct timespec *)tv) == VCLOCK_NONE))
-                             offsetof(struct timespec, tv_nsec) ||
+                        return vdso_fallback_gtod(tv, tz);
-                             sizeof(*tv) != sizeof(struct timespec));
-                ret = do_realtime((struct timespec *)tv);
                tv->tv_usec /= 1000;
        }
        if (unlikely(tz != NULL)) {
-                /* Avoid memcpy. Some old compilers fail to inline it */
+                tz->tz_minuteswest = gtod->tz_minuteswest;
-                tz->tz_minuteswest = gtod->sys_tz.tz_minuteswest;
+                tz->tz_dsttime = gtod->tz_dsttime;
-                tz->tz_dsttime = gtod->sys_tz.tz_dsttime;
        }
-        if (ret == VCLOCK_NONE)
-                return vdso_fallback_gtod(tv, tz);
        return 0;
 }
 int gettimeofday(struct timeval *, struct timezone *)
@@ -287,8 +355,8 @@ int gettimeofday(struct timeval *, struct timezone *)
 */
 notrace time_t __vdso_time(time_t *t)
 {
-        /* This is atomic on x86_64 so we don't need any locks. */
+        /* This is atomic on x86 so we don't need any locks. */
-        time_t result = ACCESS_ONCE(VVAR(vsyscall_gtod_data).wall_time_sec);
+        time_t result = ACCESS_ONCE(gtod->wall_time_sec);
        if (t)
                *t = result;
diff --git a/arch/x86/vdso/vdso-layout.lds.S b/arch/x86/vdso/vdso-layout.lds.S
index 634a2cf62046..2e263f367b13 100644
--- a/arch/x86/vdso/vdso-layout.lds.S
+++ b/arch/x86/vdso/vdso-layout.lds.S
@@ -6,7 +6,25 @@
 SECTIONS
 {
-        . = VDSO_PRELINK + SIZEOF_HEADERS;
+#ifdef BUILD_VDSO32
+#include <asm/vdso32.h>
+        .hpet_sect : {
+                hpet_page = . - VDSO_OFFSET(VDSO_HPET_PAGE);
+        } :text :hpet_sect
+        .vvar_sect : {
+                vvar = . - VDSO_OFFSET(VDSO_VVAR_PAGE);
+        /* Place all vvars at the offsets in asm/vvar.h. */
+#define EMIT_VVAR(name, offset) vvar_ ## name = vvar + offset;
+#define __VVAR_KERNEL_LDS
+#include <asm/vvar.h>
+#undef __VVAR_KERNEL_LDS
+#undef EMIT_VVAR
+        } :text :vvar_sect
+#endif
+        . = SIZEOF_HEADERS;
        .hash           : { *(.hash) }                  :text
        .gnu.hash       : { *(.gnu.hash) }
@@ -44,6 +62,11 @@ SECTIONS
        . = ALIGN(0x100);
        .text           : { *(.text*) }                 :text   =0x90909090
+        /DISCARD/ : {
+                *(.discard)
+                *(.discard.*)
+        }
 }
 /*
@@ -61,4 +84,8 @@ PHDRS
        dynamic         PT_DYNAMIC      FLAGS(4);               /* PF_R */
        note            PT_NOTE         FLAGS(4);               /* PF_R */
        eh_frame_hdr    PT_GNU_EH_FRAME;
+#ifdef BUILD_VDSO32
+        vvar_sect       PT_NULL         FLAGS(4);               /* PF_R */
+        hpet_sect       PT_NULL         FLAGS(4);               /* PF_R */
+#endif
 }
diff --git a/arch/x86/vdso/vdso.S b/arch/x86/vdso/vdso.S
index 01f5e3b4613c..be3f23b09af5 100644
--- a/arch/x86/vdso/vdso.S
+++ b/arch/x86/vdso/vdso.S
@@ -1,22 +1,3 @@
-#include <asm/page_types.h>
+#include <asm/vdso.h>
-#include <linux/linkage.h>
-#include <linux/init.h>
-__PAGE_ALIGNED_DATA
+DEFINE_VDSO_IMAGE(vdso, "arch/x86/vdso/vdso.so")
-        .globl vdso_start, vdso_end
-        .align PAGE_SIZE
-vdso_start:
-        .incbin "arch/x86/vdso/vdso.so"
-vdso_end:
-        .align PAGE_SIZE /* extra data here leaks to userspace. */
-.previous
-        .globl vdso_pages
-        .bss
-        .align 8
-        .type vdso_pages, @object
-vdso_pages:
-        .zero (vdso_end - vdso_start + PAGE_SIZE - 1) / PAGE_SIZE * 8
-        .size vdso_pages, .-vdso_pages
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
index d6bfb876cfb0..00348980a3a6 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -16,6 +16,7 @@
 #include <linux/mm.h>
 #include <linux/err.h>
 #include <linux/module.h>
+#include <linux/slab.h>
 #include <asm/cpufeature.h>
 #include <asm/msr.h>
@@ -25,17 +26,14 @@
 #include <asm/tlbflush.h>
 #include <asm/vdso.h>
 #include <asm/proto.h>
+#include <asm/fixmap.h>
-enum {
+#include <asm/hpet.h>
-        VDSO_DISABLED = 0,
+#include <asm/vvar.h>
-        VDSO_ENABLED = 1,
-        VDSO_COMPAT = 2,
-};
 #ifdef CONFIG_COMPAT_VDSO
-#define VDSO_DEFAULT    VDSO_COMPAT
+#define VDSO_DEFAULT    0
 #else
-#define VDSO_DEFAULT    VDSO_ENABLED
+#define VDSO_DEFAULT    1
 #endif
 #ifdef CONFIG_X86_64
@@ -44,13 +42,6 @@ enum {
 #endif
 /*
- * This is the difference between the prelinked addresses in the vDSO images
- * and the VDSO_HIGH_BASE address where CONFIG_COMPAT_VDSO places the vDSO
- * in the user address space.
- */
-#define VDSO_ADDR_ADJUST        (VDSO_HIGH_BASE - (unsigned long)VDSO32_PRELINK)
-/*
 * Should the kernel map a VDSO page into processes and pass its
 * address down to glibc upon exec()?
 */
@@ -60,6 +51,9 @@ static int __init vdso_setup(char *s)
 {
        vdso_enabled = simple_strtoul(s, NULL, 0);
+        if (vdso_enabled > 1)
+                pr_warn("vdso32 values other than 0 and 1 are no longer allowed; vdso disabled\n");
        return 1;
 }
@@ -76,124 +70,8 @@ __setup_param("vdso=", vdso32_setup, vdso_setup, 0);
 EXPORT_SYMBOL_GPL(vdso_enabled);
 #endif
-static __init void reloc_symtab(Elf32_Ehdr *ehdr,
+static struct page **vdso32_pages;
-                                unsigned offset, unsigned size)
+static unsigned vdso32_size;
-{
-        Elf32_Sym *sym = (void *)ehdr + offset;
-        unsigned nsym = size / sizeof(*sym);
-        unsigned i;
-        for(i = 0; i < nsym; i++, sym++) {
-                if (sym->st_shndx == SHN_UNDEF ||
-                    sym->st_shndx == SHN_ABS)
-                        continue;  /* skip */
-                if (sym->st_shndx > SHN_LORESERVE) {
-                        printk(KERN_INFO "VDSO: unexpected st_shndx %x\n",
-                               sym->st_shndx);
-                        continue;
-                }
-                switch(ELF_ST_TYPE(sym->st_info)) {
-                case STT_OBJECT:
-                case STT_FUNC:
-                case STT_SECTION:
-                case STT_FILE:
-                        sym->st_value += VDSO_ADDR_ADJUST;
-                }
-        }
-}
-static __init void reloc_dyn(Elf32_Ehdr *ehdr, unsigned offset)
-{
-        Elf32_Dyn *dyn = (void *)ehdr + offset;
-        for(; dyn->d_tag != DT_NULL; dyn++)
-                switch(dyn->d_tag) {
-                case DT_PLTGOT:
-                case DT_HASH:
-                case DT_STRTAB:
-                case DT_SYMTAB:
-                case DT_RELA:
-                case DT_INIT:
-                case DT_FINI:
-                case DT_REL:
-                case DT_DEBUG:
-                case DT_JMPREL:
-                case DT_VERSYM:
-                case DT_VERDEF:
-                case DT_VERNEED:
-                case DT_ADDRRNGLO ... DT_ADDRRNGHI:
-                        /* definitely pointers needing relocation */
-                        dyn->d_un.d_ptr += VDSO_ADDR_ADJUST;
-                        break;
-                case DT_ENCODING ... OLD_DT_LOOS-1:
-                case DT_LOOS ... DT_HIOS-1:
-                        /* Tags above DT_ENCODING are pointers if
-                           they're even */
-                        if (dyn->d_tag >= DT_ENCODING &&
-                            (dyn->d_tag & 1) == 0)
-                                dyn->d_un.d_ptr += VDSO_ADDR_ADJUST;
-                        break;
-                case DT_VERDEFNUM:
-                case DT_VERNEEDNUM:
-                case DT_FLAGS_1:
-                case DT_RELACOUNT:
-                case DT_RELCOUNT:
-                case DT_VALRNGLO ... DT_VALRNGHI:
-                        /* definitely not pointers */
-                        break;
-                case OLD_DT_LOOS ... DT_LOOS-1:
-                case DT_HIOS ... DT_VALRNGLO-1:
-                default:
-                        if (dyn->d_tag > DT_ENCODING)
-                                printk(KERN_INFO "VDSO: unexpected DT_tag %x\n",
-                                       dyn->d_tag);
-                        break;
-                }
-}
-static __init void relocate_vdso(Elf32_Ehdr *ehdr)
-{
-        Elf32_Phdr *phdr;
-        Elf32_Shdr *shdr;
-        int i;
-        BUG_ON(memcmp(ehdr->e_ident, ELFMAG, SELFMAG) != 0 ||
-               !elf_check_arch_ia32(ehdr) ||
-               ehdr->e_type != ET_DYN);
-        ehdr->e_entry += VDSO_ADDR_ADJUST;
-        /* rebase phdrs */
-        phdr = (void *)ehdr + ehdr->e_phoff;
-        for (i = 0; i < ehdr->e_phnum; i++) {
-                phdr[i].p_vaddr += VDSO_ADDR_ADJUST;
-                /* relocate dynamic stuff */
-                if (phdr[i].p_type == PT_DYNAMIC)
-                        reloc_dyn(ehdr, phdr[i].p_offset);
-        }
-        /* rebase sections */
-        shdr = (void *)ehdr + ehdr->e_shoff;
-        for(i = 0; i < ehdr->e_shnum; i++) {
-                if (!(shdr[i].sh_flags & SHF_ALLOC))
-                        continue;
-                shdr[i].sh_addr += VDSO_ADDR_ADJUST;
-                if (shdr[i].sh_type == SHT_SYMTAB ||
-                    shdr[i].sh_type == SHT_DYNSYM)
-                        reloc_symtab(ehdr, shdr[i].sh_offset,
-                                     shdr[i].sh_size);
-        }
-}
-static struct page *vdso32_pages[1];
 #ifdef CONFIG_X86_64
@@ -212,12 +90,6 @@ void syscall32_cpu_init(void)
        wrmsrl(MSR_CSTAR, ia32_cstar_target);
 }
-#define compat_uses_vma         1
-static inline void map_compat_vdso(int map)
-{
-}
 #else  /* CONFIG_X86_32 */
 #define vdso32_sysenter()       (boot_cpu_has(X86_FEATURE_SEP))
@@ -241,64 +113,36 @@ void enable_sep_cpu(void)
        put_cpu();      
 }
-static struct vm_area_struct gate_vma;
-static int __init gate_vma_init(void)
-{
-        gate_vma.vm_mm = NULL;
-        gate_vma.vm_start = FIXADDR_USER_START;
-        gate_vma.vm_end = FIXADDR_USER_END;
-        gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
-        gate_vma.vm_page_prot = __P101;
-        return 0;
-}
-#define compat_uses_vma         0
-static void map_compat_vdso(int map)
-{
-        static int vdso_mapped;
-        if (map == vdso_mapped)
-                return;
-        vdso_mapped = map;
-        __set_fixmap(FIX_VDSO, page_to_pfn(vdso32_pages[0]) << PAGE_SHIFT,
-                     map ? PAGE_READONLY_EXEC : PAGE_NONE);
-        /* flush stray tlbs */
-        flush_tlb_all();
-}
 #endif  /* CONFIG_X86_64 */
 int __init sysenter_setup(void)
 {
-        void *syscall_page = (void *)get_zeroed_page(GFP_ATOMIC);
+        char *vdso32_start, *vdso32_end;
-        const void *vsyscall;
+        int npages, i;
-        size_t vsyscall_len;
-        vdso32_pages[0] = virt_to_page(syscall_page);
-#ifdef CONFIG_X86_32
-        gate_vma_init();
-#endif
+#ifdef CONFIG_COMPAT
        if (vdso32_syscall()) {
-                vsyscall = &vdso32_syscall_start;
+                vdso32_start = vdso32_syscall_start;
-                vsyscall_len = &vdso32_syscall_end - &vdso32_syscall_start;
+                vdso32_end = vdso32_syscall_end;
-        } else if (vdso32_sysenter()){
+                vdso32_pages = vdso32_syscall_pages;
-                vsyscall = &vdso32_sysenter_start;
+        } else
-                vsyscall_len = &vdso32_sysenter_end - &vdso32_sysenter_start;
+#endif
+        if (vdso32_sysenter()) {
+                vdso32_start = vdso32_sysenter_start;
+                vdso32_end = vdso32_sysenter_end;
+                vdso32_pages = vdso32_sysenter_pages;
        } else {
-                vsyscall = &vdso32_int80_start;
+                vdso32_start = vdso32_int80_start;
-                vsyscall_len = &vdso32_int80_end - &vdso32_int80_start;
+                vdso32_end = vdso32_int80_end;
+                vdso32_pages = vdso32_int80_pages;
        }
-        memcpy(syscall_page, vsyscall, vsyscall_len);
+        npages = ((vdso32_end - vdso32_start) + PAGE_SIZE - 1) / PAGE_SIZE;
-        relocate_vdso(syscall_page);
+        vdso32_size = npages << PAGE_SHIFT;
+        for (i = 0; i < npages; i++)
+                vdso32_pages[i] = virt_to_page(vdso32_start + i*PAGE_SIZE);
+        patch_vdso32(vdso32_start, vdso32_size);
        return 0;
 }
@@ -309,48 +153,73 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
        struct mm_struct *mm = current->mm;
        unsigned long addr;
        int ret = 0;
-        bool compat;
+        struct vm_area_struct *vma;
 #ifdef CONFIG_X86_X32_ABI
        if (test_thread_flag(TIF_X32))
                return x32_setup_additional_pages(bprm, uses_interp);
 #endif
-        if (vdso_enabled == VDSO_DISABLED)
+        if (vdso_enabled != 1)  /* Other values all mean "disabled" */
                return 0;
        down_write(&mm->mmap_sem);
-        /* Test compat mode once here, in case someone
+        addr = get_unmapped_area(NULL, 0, vdso32_size + VDSO_OFFSET(VDSO_PREV_PAGES), 0, 0);
-           changes it via sysctl */
+        if (IS_ERR_VALUE(addr)) {
-        compat = (vdso_enabled == VDSO_COMPAT);
+                ret = addr;
+                goto up_fail;
+        }
+        addr += VDSO_OFFSET(VDSO_PREV_PAGES);
-        map_compat_vdso(compat);
+        current->mm->context.vdso = (void *)addr;
-        if (compat)
+        /*
-                addr = VDSO_HIGH_BASE;
+         * MAYWRITE to allow gdb to COW and set breakpoints
-        else {
+         */
-                addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
+        ret = install_special_mapping(mm,
-                if (IS_ERR_VALUE(addr)) {
+                        addr,
-                        ret = addr;
+                        vdso32_size,
-                        goto up_fail;
+                        VM_READ|VM_EXEC|
-                }
+                        VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC,
+                        vdso32_pages);
+        if (ret)
+                goto up_fail;
+        vma = _install_special_mapping(mm,
+                        addr -  VDSO_OFFSET(VDSO_PREV_PAGES),
+                        VDSO_OFFSET(VDSO_PREV_PAGES),
+                        VM_READ,
+                        NULL);
+        if (IS_ERR(vma)) {
+                ret = PTR_ERR(vma);
+                goto up_fail;
        }
-        current->mm->context.vdso = (void *)addr;
+        ret = remap_pfn_range(vma,
+                addr - VDSO_OFFSET(VDSO_VVAR_PAGE),
+                __pa_symbol(&__vvar_page) >> PAGE_SHIFT,
+                PAGE_SIZE,
+                PAGE_READONLY);
+        if (ret)
+                goto up_fail;
-        if (compat_uses_vma || !compat) {
+#ifdef CONFIG_HPET_TIMER
-                /*
+        if (hpet_address) {
-                 * MAYWRITE to allow gdb to COW and set breakpoints
+                ret = io_remap_pfn_range(vma,
-                 */
+                        addr - VDSO_OFFSET(VDSO_HPET_PAGE),
-                ret = install_special_mapping(mm, addr, PAGE_SIZE,
+                        hpet_address >> PAGE_SHIFT,
-                                              VM_READ|VM_EXEC|
+                        PAGE_SIZE,
-                                              VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC,
+                        pgprot_noncached(PAGE_READONLY));
-                                              vdso32_pages);
                if (ret)
                        goto up_fail;
        }
+#endif
        current_thread_info()->sysenter_return =
                VDSO32_SYMBOL(addr, SYSENTER_RETURN);
@@ -411,20 +280,12 @@ const char *arch_vma_name(struct vm_area_struct *vma)
 struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
 {
-        /*
-         * Check to see if the corresponding task was created in compat vdso
-         * mode.
-         */
-        if (mm && mm->context.vdso == (void *)VDSO_HIGH_BASE)
-                return &gate_vma;
        return NULL;
 }
 int in_gate_area(struct mm_struct *mm, unsigned long addr)
 {
-        const struct vm_area_struct *vma = get_gate_vma(mm);
+        return 0;
-        return vma && addr >= vma->vm_start && addr < vma->vm_end;
 }
 int in_gate_area_no_mm(unsigned long addr)
diff --git a/arch/x86/vdso/vdso32.S b/arch/x86/vdso/vdso32.S
index 2ce5f82c333b..018bcd9f97b4 100644
--- a/arch/x86/vdso/vdso32.S
+++ b/arch/x86/vdso/vdso32.S
@@ -1,22 +1,9 @@
-#include <linux/init.h>
+#include <asm/vdso.h>
-__INITDATA
+DEFINE_VDSO_IMAGE(vdso32_int80, "arch/x86/vdso/vdso32-int80.so")
-        .globl vdso32_int80_start, vdso32_int80_end
-vdso32_int80_start:
-        .incbin "arch/x86/vdso/vdso32-int80.so"
-vdso32_int80_end:
-        .globl vdso32_syscall_start, vdso32_syscall_end
-vdso32_syscall_start:
 #ifdef CONFIG_COMPAT
-        .incbin "arch/x86/vdso/vdso32-syscall.so"
+DEFINE_VDSO_IMAGE(vdso32_syscall, "arch/x86/vdso/vdso32-syscall.so")
 #endif
-vdso32_syscall_end:
-        .globl vdso32_sysenter_start, vdso32_sysenter_end
-vdso32_sysenter_start:
-        .incbin "arch/x86/vdso/vdso32-sysenter.so"
-vdso32_sysenter_end:
-__FINIT
+DEFINE_VDSO_IMAGE(vdso32_sysenter, "arch/x86/vdso/vdso32-sysenter.so")
diff --git a/arch/x86/vdso/vdso32/vclock_gettime.c b/arch/x86/vdso/vdso32/vclock_gettime.c
new file mode 100644
index 000000000000..175cc72c0f68
--- /dev/null
+++ b/arch/x86/vdso/vdso32/vclock_gettime.c
@@ -0,0 +1,30 @@
+#define BUILD_VDSO32
+#ifndef CONFIG_CC_OPTIMIZE_FOR_SIZE
+#undef CONFIG_OPTIMIZE_INLINING
+#endif
+#undef CONFIG_X86_PPRO_FENCE
+#ifdef CONFIG_X86_64
+/*
+ * in case of a 32 bit VDSO for a 64 bit kernel fake a 32 bit kernel
+ * configuration
+ */
+#undef CONFIG_64BIT
+#undef CONFIG_X86_64
+#undef CONFIG_ILLEGAL_POINTER_VALUE
+#undef CONFIG_SPARSEMEM_VMEMMAP
+#undef CONFIG_NR_CPUS
+#define CONFIG_X86_32 1
+#define CONFIG_PAGE_OFFSET 0
+#define CONFIG_ILLEGAL_POINTER_VALUE 0
+#define CONFIG_NR_CPUS 1
+#define BUILD_VDSO32_64
+#endif
+#include "../vclock_gettime.c"
diff --git a/arch/x86/vdso/vdso32/vdso32.lds.S b/arch/x86/vdso/vdso32/vdso32.lds.S
index 976124bb5f92..aadb8b9994cd 100644
--- a/arch/x86/vdso/vdso32/vdso32.lds.S
+++ b/arch/x86/vdso/vdso32/vdso32.lds.S
@@ -8,7 +8,11 @@
 * values visible using the asm-x86/vdso.h macros from the kernel proper.
 */
+#include <asm/page.h>
+#define BUILD_VDSO32
 #define VDSO_PRELINK 0
 #include "../vdso-layout.lds.S"
 /* The ELF entry point can be used to set the AT_SYSINFO value.  */
@@ -19,6 +23,13 @@ ENTRY(__kernel_vsyscall);
 */
 VERSION
 {
+        LINUX_2.6 {
+        global:
+                __vdso_clock_gettime;
+                __vdso_gettimeofday;
+                __vdso_time;
+        };
        LINUX_2.5 {
        global:
                __kernel_vsyscall;
@@ -31,7 +42,9 @@ VERSION
 /*
 * Symbols we define here called VDSO* get their values into vdso32-syms.h.
 */
-VDSO32_PRELINK          = VDSO_PRELINK;
 VDSO32_vsyscall         = __kernel_vsyscall;
 VDSO32_sigreturn        = __kernel_sigreturn;
 VDSO32_rt_sigreturn     = __kernel_rt_sigreturn;
+VDSO32_clock_gettime    = clock_gettime;
+VDSO32_gettimeofday     = gettimeofday;
+VDSO32_time             = time;
diff --git a/arch/x86/vdso/vdsox32.S b/arch/x86/vdso/vdsox32.S
index d6b9a7f42a8a..f4aa34e7f370 100644
--- a/arch/x86/vdso/vdsox32.S
+++ b/arch/x86/vdso/vdsox32.S
@@ -1,22 +1,3 @@
-#include <asm/page_types.h>
+#include <asm/vdso.h>
-#include <linux/linkage.h>
-#include <linux/init.h>
-__PAGE_ALIGNED_DATA
+DEFINE_VDSO_IMAGE(vdsox32, "arch/x86/vdso/vdsox32.so")
-        .globl vdsox32_start, vdsox32_end
-        .align PAGE_SIZE
-vdsox32_start:
-        .incbin "arch/x86/vdso/vdsox32.so"
-vdsox32_end:
-        .align PAGE_SIZE /* extra data here leaks to userspace. */
-.previous
-        .globl vdsox32_pages
-        .bss
-        .align 8
-        .type vdsox32_pages, @object
-vdsox32_pages:
-        .zero (vdsox32_end - vdsox32_start + PAGE_SIZE - 1) / PAGE_SIZE * 8
-        .size vdsox32_pages, .-vdsox32_pages
diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c
index 431e87544411..1ad102613127 100644
--- a/arch/x86/vdso/vma.c
+++ b/arch/x86/vdso/vma.c
@@ -16,20 +16,22 @@
 #include <asm/vdso.h>
 #include <asm/page.h>
+#if defined(CONFIG_X86_64)
 unsigned int __read_mostly vdso_enabled = 1;
-extern char vdso_start[], vdso_end[];
+DECLARE_VDSO_IMAGE(vdso);
 extern unsigned short vdso_sync_cpuid;
-extern struct page *vdso_pages[];
 static unsigned vdso_size;
 #ifdef CONFIG_X86_X32_ABI
-extern char vdsox32_start[], vdsox32_end[];
+DECLARE_VDSO_IMAGE(vdsox32);
-extern struct page *vdsox32_pages[];
 static unsigned vdsox32_size;
+#endif
+#endif
-static void __init patch_vdsox32(void *vdso, size_t len)
+#if defined(CONFIG_X86_32) || defined(CONFIG_X86_X32_ABI) || \
+        defined(CONFIG_COMPAT)
+void __init patch_vdso32(void *vdso, size_t len)
 {
        Elf32_Ehdr *hdr = vdso;
        Elf32_Shdr *sechdrs, *alt_sec = 0;
@@ -52,7 +54,7 @@ static void __init patch_vdsox32(void *vdso, size_t len)
        }
        /* If we get here, it's probably a bug. */
-        pr_warning("patch_vdsox32: .altinstructions not found\n");
+        pr_warning("patch_vdso32: .altinstructions not found\n");
        return;  /* nothing to patch */
 found:
@@ -61,6 +63,7 @@ found:
 }
 #endif
+#if defined(CONFIG_X86_64)
 static void __init patch_vdso64(void *vdso, size_t len)
 {
        Elf64_Ehdr *hdr = vdso;
@@ -104,7 +107,7 @@ static int __init init_vdso(void)
                vdso_pages[i] = virt_to_page(vdso_start + i*PAGE_SIZE);
 #ifdef CONFIG_X86_X32_ABI
-        patch_vdsox32(vdsox32_start, vdsox32_end - vdsox32_start);
+        patch_vdso32(vdsox32_start, vdsox32_end - vdsox32_start);
        npages = (vdsox32_end - vdsox32_start + PAGE_SIZE - 1) / PAGE_SIZE;
        vdsox32_size = npages << PAGE_SHIFT;
        for (i = 0; i < npages; i++)
@@ -204,3 +207,4 @@ static __init int vdso_setup(char *s)
        return 0;
 }
 __setup("vdso=", vdso_setup);
+#endif
diff --git a/arch/x86/xen/Kconfig b/arch/x86/xen/Kconfig
index 1a3c76505649..e88fda867a33 100644
--- a/arch/x86/xen/Kconfig
+++ b/arch/x86/xen/Kconfig
@@ -7,7 +7,7 @@ config XEN
        depends on PARAVIRT
        select PARAVIRT_CLOCK
        select XEN_HAVE_PVMMU
-        depends on X86_64 || (X86_32 && X86_PAE && !X86_VISWS)
+        depends on X86_64 || (X86_32 && X86_PAE)
        depends on X86_TSC
        help
          This is the Linux Xen port.  Enabling this will allow the
@@ -19,11 +19,6 @@ config XEN_DOM0
        depends on XEN && PCI_XEN && SWIOTLB_XEN
        depends on X86_LOCAL_APIC && X86_IO_APIC && ACPI && PCI
-# Dummy symbol since people have come to rely on the PRIVILEGED_GUEST
-# name in tools.
-config XEN_PRIVILEGED_GUEST
-        def_bool XEN_DOM0
 config XEN_PVHVM
        def_bool y
        depends on XEN && PCI && X86_LOCAL_APIC
@@ -51,3 +46,7 @@ config XEN_DEBUG_FS
          Enable statistics output and various tuning options in debugfs.
          Enabling this option may incur a significant performance overhead.
+config XEN_PVH
+        bool "Support for running as a PVH guest"
+        depends on X86_64 && XEN && XEN_PVHVM
+        def_bool n
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index fa6ade76ef3f..201d09a7c46b 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -262,8 +262,9 @@ static void __init xen_banner(void)
        struct xen_extraversion extra;
        HYPERVISOR_xen_version(XENVER_extraversion, &extra);
-        printk(KERN_INFO "Booting paravirtualized kernel on %s\n",
+        pr_info("Booting paravirtualized kernel %son %s\n",
-               pv_info.name);
+                xen_feature(XENFEAT_auto_translated_physmap) ?
+                        "with PVH extensions " : "", pv_info.name);
        printk(KERN_INFO "Xen version: %d.%d%s%s\n",
               version >> 16, version & 0xffff, extra.extraversion,
               xen_feature(XENFEAT_mmu_pt_update_preserve_ad) ? " (preserve-AD)" : "");
@@ -433,7 +434,7 @@ static void __init xen_init_cpuid_mask(void)
        ax = 1;
        cx = 0;
-        xen_cpuid(&ax, &bx, &cx, &dx);
+        cpuid(1, &ax, &bx, &cx, &dx);
        xsave_mask =
                (1 << (X86_FEATURE_XSAVE % 32)) |
@@ -1142,8 +1143,9 @@ void xen_setup_vcpu_info_placement(void)
                xen_vcpu_setup(cpu);
        /* xen_vcpu_setup managed to place the vcpu_info within the
-           percpu area for all cpus, so make use of it */
+         * percpu area for all cpus, so make use of it. Note that for
-        if (have_vcpu_info_placement) {
+         * PVH we want to use native IRQ mechanism. */
+        if (have_vcpu_info_placement && !xen_pvh_domain()) {
                pv_irq_ops.save_fl = __PV_IS_CALLEE_SAVE(xen_save_fl_direct);
                pv_irq_ops.restore_fl = __PV_IS_CALLEE_SAVE(xen_restore_fl_direct);
                pv_irq_ops.irq_disable = __PV_IS_CALLEE_SAVE(xen_irq_disable_direct);
@@ -1407,9 +1409,49 @@ static void __init xen_boot_params_init_edd(void)
 * Set up the GDT and segment registers for -fstack-protector.  Until
 * we do this, we have to be careful not to call any stack-protected
 * function, which is most of the kernel.
+ *
+ * Note, that it is __ref because the only caller of this after init
+ * is PVH which is not going to use xen_load_gdt_boot or other
+ * __init functions.
 */
-static void __init xen_setup_stackprotector(void)
+static void __ref xen_setup_gdt(int cpu)
 {
+        if (xen_feature(XENFEAT_auto_translated_physmap)) {
+#ifdef CONFIG_X86_64
+                unsigned long dummy;
+                load_percpu_segment(cpu); /* We need to access per-cpu area */
+                switch_to_new_gdt(cpu); /* GDT and GS set */
+                /* We are switching of the Xen provided GDT to our HVM mode
+                 * GDT. The new GDT has  __KERNEL_CS with CS.L = 1
+                 * and we are jumping to reload it.
+                 */
+                asm volatile ("pushq %0\n"
+                              "leaq 1f(%%rip),%0\n"
+                              "pushq %0\n"
+                              "lretq\n"
+                              "1:\n"
+                              : "=&r" (dummy) : "0" (__KERNEL_CS));
+                /*
+                 * While not needed, we also set the %es, %ds, and %fs
+                 * to zero. We don't care about %ss as it is NULL.
+                 * Strictly speaking this is not needed as Xen zeros those
+                 * out (and also MSR_FS_BASE, MSR_GS_BASE, MSR_KERNEL_GS_BASE)
+                 *
+                 * Linux zeros them in cpu_init() and in secondary_startup_64
+                 * (for BSP).
+                 */
+                loadsegment(es, 0);
+                loadsegment(ds, 0);
+                loadsegment(fs, 0);
+#else
+                /* PVH: TODO Implement. */
+                BUG();
+#endif
+                return; /* PVH does not need any PV GDT ops. */
+        }
        pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot;
        pv_cpu_ops.load_gdt = xen_load_gdt_boot;
@@ -1420,6 +1462,58 @@ static void __init xen_setup_stackprotector(void)
        pv_cpu_ops.load_gdt = xen_load_gdt;
 }
+/*
+ * A PV guest starts with default flags that are not set for PVH, set them
+ * here asap.
+ */
+static void xen_pvh_set_cr_flags(int cpu)
+{
+        /* Some of these are setup in 'secondary_startup_64'. The others:
+         * X86_CR0_TS, X86_CR0_PE, X86_CR0_ET are set by Xen for HVM guests
+         * (which PVH shared codepaths), while X86_CR0_PG is for PVH. */
+        write_cr0(read_cr0() | X86_CR0_MP | X86_CR0_NE | X86_CR0_WP | X86_CR0_AM);
+        if (!cpu)
+                return;
+        /*
+         * For BSP, PSE PGE are set in probe_page_size_mask(), for APs
+         * set them here. For all, OSFXSR OSXMMEXCPT are set in fpu_init.
+        */
+        if (cpu_has_pse)
+                set_in_cr4(X86_CR4_PSE);
+        if (cpu_has_pge)
+                set_in_cr4(X86_CR4_PGE);
+}
+/*
+ * Note, that it is ref - because the only caller of this after init
+ * is PVH which is not going to use xen_load_gdt_boot or other
+ * __init functions.
+ */
+void __ref xen_pvh_secondary_vcpu_init(int cpu)
+{
+        xen_setup_gdt(cpu);
+        xen_pvh_set_cr_flags(cpu);
+}
+static void __init xen_pvh_early_guest_init(void)
+{
+        if (!xen_feature(XENFEAT_auto_translated_physmap))
+                return;
+        if (!xen_feature(XENFEAT_hvm_callback_vector))
+                return;
+        xen_have_vector_callback = 1;
+        xen_pvh_set_cr_flags(0);
+#ifdef CONFIG_X86_32
+        BUG(); /* PVH: Implement proper support. */
+#endif
+}
 /* First C function to be called on Xen boot */
 asmlinkage void __init xen_start_kernel(void)
 {
@@ -1431,13 +1525,16 @@ asmlinkage void __init xen_start_kernel(void)
        xen_domain_type = XEN_PV_DOMAIN;
+        xen_setup_features();
+        xen_pvh_early_guest_init();
        xen_setup_machphys_mapping();
        /* Install Xen paravirt ops */
        pv_info = xen_info;
        pv_init_ops = xen_init_ops;
-        pv_cpu_ops = xen_cpu_ops;
        pv_apic_ops = xen_apic_ops;
+        if (!xen_pvh_domain())
+                pv_cpu_ops = xen_cpu_ops;
        x86_init.resources.memory_setup = xen_memory_setup;
        x86_init.oem.arch_setup = xen_arch_setup;
@@ -1469,17 +1566,14 @@ asmlinkage void __init xen_start_kernel(void)
        /* Work out if we support NX */
        x86_configure_nx();
-        xen_setup_features();
        /* Get mfn list */
-        if (!xen_feature(XENFEAT_auto_translated_physmap))
+        xen_build_dynamic_phys_to_machine();
-                xen_build_dynamic_phys_to_machine();
        /*
         * Set up kernel GDT and segment registers, mainly so that
         * -fstack-protector code can be executed.
         */
-        xen_setup_stackprotector();
+        xen_setup_gdt(0);
        xen_init_irq_ops();
        xen_init_cpuid_mask();
@@ -1548,14 +1642,18 @@ asmlinkage void __init xen_start_kernel(void)
        /* set the limit of our address space */
        xen_reserve_top();
-        /* We used to do this in xen_arch_setup, but that is too late on AMD
+        /* PVH: runs at default kernel iopl of 0 */
-         * were early_cpu_init (run before ->arch_setup()) calls early_amd_init
+        if (!xen_pvh_domain()) {
-         * which pokes 0xcf8 port.
+                /*
-         */
+                 * We used to do this in xen_arch_setup, but that is too late
-        set_iopl.iopl = 1;
+                 * on AMD were early_cpu_init (run before ->arch_setup()) calls
-        rc = HYPERVISOR_physdev_op(PHYSDEVOP_set_iopl, &set_iopl);
+                 * early_amd_init which pokes 0xcf8 port.
-        if (rc != 0)
+                 */
-                xen_raw_printk("physdev_op failed %d\n", rc);
+                set_iopl.iopl = 1;
+                rc = HYPERVISOR_physdev_op(PHYSDEVOP_set_iopl, &set_iopl);
+                if (rc != 0)
+                        xen_raw_printk("physdev_op failed %d\n", rc);
+        }
 #ifdef CONFIG_X86_32
        /* set up basic CPUID stuff */
diff --git a/arch/x86/xen/grant-table.c b/arch/x86/xen/grant-table.c
index 3a5f55d51907..c98583588580 100644
--- a/arch/x86/xen/grant-table.c
+++ b/arch/x86/xen/grant-table.c
@@ -125,3 +125,67 @@ void arch_gnttab_unmap(void *shared, unsigned long nr_gframes)
        apply_to_page_range(&init_mm, (unsigned long)shared,
                            PAGE_SIZE * nr_gframes, unmap_pte_fn, NULL);
 }
+#ifdef CONFIG_XEN_PVH
+#include <xen/balloon.h>
+#include <xen/events.h>
+#include <xen/xen.h>
+#include <linux/slab.h>
+static int __init xlated_setup_gnttab_pages(void)
+{
+        struct page **pages;
+        xen_pfn_t *pfns;
+        int rc;
+        unsigned int i;
+        unsigned long nr_grant_frames = gnttab_max_grant_frames();
+        BUG_ON(nr_grant_frames == 0);
+        pages = kcalloc(nr_grant_frames, sizeof(pages[0]), GFP_KERNEL);
+        if (!pages)
+                return -ENOMEM;
+        pfns = kcalloc(nr_grant_frames, sizeof(pfns[0]), GFP_KERNEL);
+        if (!pfns) {
+                kfree(pages);
+                return -ENOMEM;
+        }
+        rc = alloc_xenballooned_pages(nr_grant_frames, pages, 0 /* lowmem */);
+        if (rc) {
+                pr_warn("%s Couldn't balloon alloc %ld pfns rc:%d\n", __func__,
+                        nr_grant_frames, rc);
+                kfree(pages);
+                kfree(pfns);
+                return rc;
+        }
+        for (i = 0; i < nr_grant_frames; i++)
+                pfns[i] = page_to_pfn(pages[i]);
+        rc = arch_gnttab_map_shared(pfns, nr_grant_frames, nr_grant_frames,
+                                    &xen_auto_xlat_grant_frames.vaddr);
+        if (rc) {
+                pr_warn("%s Couldn't map %ld pfns rc:%d\n", __func__,
+                        nr_grant_frames, rc);
+                free_xenballooned_pages(nr_grant_frames, pages);
+                kfree(pages);
+                kfree(pfns);
+                return rc;
+        }
+        kfree(pages);
+        xen_auto_xlat_grant_frames.pfn = pfns;
+        xen_auto_xlat_grant_frames.count = nr_grant_frames;
+        return 0;
+}
+static int __init xen_pvh_gnttab_setup(void)
+{
+        if (!xen_pvh_domain())
+                return -ENODEV;
+        return xlated_setup_gnttab_pages();
+}
+/* Call it _before_ __gnttab_init as we need to initialize the
+ * xen_auto_xlat_grant_frames first. */
+core_initcall(xen_pvh_gnttab_setup);
+#endif
diff --git a/arch/x86/xen/irq.c b/arch/x86/xen/irq.c
index 0da7f863056f..08f763de26fe 100644
--- a/arch/x86/xen/irq.c
+++ b/arch/x86/xen/irq.c
@@ -5,6 +5,7 @@
 #include <xen/interface/xen.h>
 #include <xen/interface/sched.h>
 #include <xen/interface/vcpu.h>
+#include <xen/features.h>
 #include <xen/events.h>
 #include <asm/xen/hypercall.h>
@@ -22,7 +23,7 @@ void xen_force_evtchn_callback(void)
        (void)HYPERVISOR_xen_version(0, NULL);
 }
-static unsigned long xen_save_fl(void)
+asmlinkage unsigned long xen_save_fl(void)
 {
        struct vcpu_info *vcpu;
        unsigned long flags;
@@ -40,7 +41,7 @@ static unsigned long xen_save_fl(void)
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_save_fl);
-static void xen_restore_fl(unsigned long flags)
+__visible void xen_restore_fl(unsigned long flags)
 {
        struct vcpu_info *vcpu;
@@ -62,7 +63,7 @@ static void xen_restore_fl(unsigned long flags)
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_restore_fl);
-static void xen_irq_disable(void)
+asmlinkage void xen_irq_disable(void)
 {
        /* There's a one instruction preempt window here.  We need to
           make sure we're don't switch CPUs between getting the vcpu
@@ -73,7 +74,7 @@ static void xen_irq_disable(void)
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_irq_disable);
-static void xen_irq_enable(void)
+asmlinkage void xen_irq_enable(void)
 {
        struct vcpu_info *vcpu;
@@ -128,6 +129,8 @@ static const struct pv_irq_ops xen_irq_ops __initconst = {
 void __init xen_init_irq_ops(void)
 {
-        pv_irq_ops = xen_irq_ops;
+        /* For PVH we use default pv_irq_ops settings. */
+        if (!xen_feature(XENFEAT_hvm_callback_vector))
+                pv_irq_ops = xen_irq_ops;
        x86_init.irqs.intr_init = xen_init_IRQ;
 }
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index ce563be09cc1..86e02eabb640 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -431,7 +431,7 @@ static pteval_t iomap_pte(pteval_t val)
        return val;
 }
-static pteval_t xen_pte_val(pte_t pte)
+__visible pteval_t xen_pte_val(pte_t pte)
 {
        pteval_t pteval = pte.pte;
 #if 0
@@ -448,7 +448,7 @@ static pteval_t xen_pte_val(pte_t pte)
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_pte_val);
-static pgdval_t xen_pgd_val(pgd_t pgd)
+__visible pgdval_t xen_pgd_val(pgd_t pgd)
 {
        return pte_mfn_to_pfn(pgd.pgd);
 }
@@ -479,7 +479,7 @@ void xen_set_pat(u64 pat)
        WARN_ON(pat != 0x0007010600070106ull);
 }
-static pte_t xen_make_pte(pteval_t pte)
+__visible pte_t xen_make_pte(pteval_t pte)
 {
        phys_addr_t addr = (pte & PTE_PFN_MASK);
 #if 0
@@ -514,14 +514,14 @@ static pte_t xen_make_pte(pteval_t pte)
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_make_pte);
-static pgd_t xen_make_pgd(pgdval_t pgd)
+__visible pgd_t xen_make_pgd(pgdval_t pgd)
 {
        pgd = pte_pfn_to_mfn(pgd);
        return native_make_pgd(pgd);
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_make_pgd);
-static pmdval_t xen_pmd_val(pmd_t pmd)
+__visible pmdval_t xen_pmd_val(pmd_t pmd)
 {
        return pte_mfn_to_pfn(pmd.pmd);
 }
@@ -580,7 +580,7 @@ static void xen_pmd_clear(pmd_t *pmdp)
 }
 #endif  /* CONFIG_X86_PAE */
-static pmd_t xen_make_pmd(pmdval_t pmd)
+__visible pmd_t xen_make_pmd(pmdval_t pmd)
 {
        pmd = pte_pfn_to_mfn(pmd);
        return native_make_pmd(pmd);
@@ -588,13 +588,13 @@ static pmd_t xen_make_pmd(pmdval_t pmd)
 PV_CALLEE_SAVE_REGS_THUNK(xen_make_pmd);
 #if PAGETABLE_LEVELS == 4
-static pudval_t xen_pud_val(pud_t pud)
+__visible pudval_t xen_pud_val(pud_t pud)
 {
        return pte_mfn_to_pfn(pud.pud);
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_pud_val);
-static pud_t xen_make_pud(pudval_t pud)
+__visible pud_t xen_make_pud(pudval_t pud)
 {
        pud = pte_pfn_to_mfn(pud);
@@ -1198,44 +1198,40 @@ static void __init xen_cleanhighmap(unsigned long vaddr,
         * instead of somewhere later and be confusing. */
        xen_mc_flush();
 }
-#endif
+static void __init xen_pagetable_p2m_copy(void)
-static void __init xen_pagetable_init(void)
 {
-#ifdef CONFIG_X86_64
        unsigned long size;
        unsigned long addr;
-#endif
+        unsigned long new_mfn_list;
-        paging_init();
-        xen_setup_shared_info();
+        if (xen_feature(XENFEAT_auto_translated_physmap))
-#ifdef CONFIG_X86_64
+                return;
-        if (!xen_feature(XENFEAT_auto_translated_physmap)) {
-                unsigned long new_mfn_list;
+        size = PAGE_ALIGN(xen_start_info->nr_pages * sizeof(unsigned long));
-                size = PAGE_ALIGN(xen_start_info->nr_pages * sizeof(unsigned long));
+        new_mfn_list = xen_revector_p2m_tree();
+        /* No memory or already called. */
-                /* On 32-bit, we get zero so this never gets executed. */
+        if (!new_mfn_list || new_mfn_list == xen_start_info->mfn_list)
-                new_mfn_list = xen_revector_p2m_tree();
+                return;
-                if (new_mfn_list && new_mfn_list != xen_start_info->mfn_list) {
-                        /* using __ka address and sticking INVALID_P2M_ENTRY! */
+        /* using __ka address and sticking INVALID_P2M_ENTRY! */
-                        memset((void *)xen_start_info->mfn_list, 0xff, size);
+        memset((void *)xen_start_info->mfn_list, 0xff, size);
-                        /* We should be in __ka space. */
+        /* We should be in __ka space. */
-                        BUG_ON(xen_start_info->mfn_list < __START_KERNEL_map);
+        BUG_ON(xen_start_info->mfn_list < __START_KERNEL_map);
-                        addr = xen_start_info->mfn_list;
+        addr = xen_start_info->mfn_list;
-                        /* We roundup to the PMD, which means that if anybody at this stage is
+        /* We roundup to the PMD, which means that if anybody at this stage is
-                         * using the __ka address of xen_start_info or xen_start_info->shared_info
+         * using the __ka address of xen_start_info or xen_start_info->shared_info
-                         * they are in going to crash. Fortunatly we have already revectored
+         * they are in going to crash. Fortunatly we have already revectored
-                         * in xen_setup_kernel_pagetable and in xen_setup_shared_info. */
+         * in xen_setup_kernel_pagetable and in xen_setup_shared_info. */
-                        size = roundup(size, PMD_SIZE);
+        size = roundup(size, PMD_SIZE);
-                        xen_cleanhighmap(addr, addr + size);
+        xen_cleanhighmap(addr, addr + size);
-                        size = PAGE_ALIGN(xen_start_info->nr_pages * sizeof(unsigned long));
+        size = PAGE_ALIGN(xen_start_info->nr_pages * sizeof(unsigned long));
-                        memblock_free(__pa(xen_start_info->mfn_list), size);
+        memblock_free(__pa(xen_start_info->mfn_list), size);
-                        /* And revector! Bye bye old array */
+        /* And revector! Bye bye old array */
-                        xen_start_info->mfn_list = new_mfn_list;
+        xen_start_info->mfn_list = new_mfn_list;
-                } else
-                        goto skip;
-        }
        /* At this stage, cleanup_highmap has already cleaned __ka space
         * from _brk_limit way up to the max_pfn_mapped (which is the end of
         * the ramdisk). We continue on, erasing PMD entries that point to page
@@ -1255,7 +1251,15 @@ static void __init xen_pagetable_init(void)
         * anything at this stage. */
        xen_cleanhighmap(MODULES_VADDR, roundup(MODULES_VADDR, PUD_SIZE) - 1);
 #endif
-skip:
+}
+#endif
+static void __init xen_pagetable_init(void)
+{
+        paging_init();
+        xen_setup_shared_info();
+#ifdef CONFIG_X86_64
+        xen_pagetable_p2m_copy();
 #endif
        xen_post_allocator_init();
 }
@@ -1753,6 +1757,10 @@ static void set_page_prot_flags(void *addr, pgprot_t prot, unsigned long flags)
        unsigned long pfn = __pa(addr) >> PAGE_SHIFT;
        pte_t pte = pfn_pte(pfn, prot);
+        /* For PVH no need to set R/O or R/W to pin them or unpin them. */
+        if (xen_feature(XENFEAT_auto_translated_physmap))
+                return;
        if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, flags))
                BUG();
 }
@@ -1863,6 +1871,7 @@ static void __init check_pt_base(unsigned long *pt_base, unsigned long *pt_end,
 * but that's enough to get __va working.  We need to fill in the rest
 * of the physical mapping once some sort of allocator has been set
 * up.
+ * NOTE: for PVH, the page tables are native.
 */
 void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
 {
@@ -1884,17 +1893,18 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
        /* Zap identity mapping */
        init_level4_pgt[0] = __pgd(0);
-        /* Pre-constructed entries are in pfn, so convert to mfn */
+        if (!xen_feature(XENFEAT_auto_translated_physmap)) {
-        /* L4[272] -> level3_ident_pgt
+                /* Pre-constructed entries are in pfn, so convert to mfn */
-         * L4[511] -> level3_kernel_pgt */
+                /* L4[272] -> level3_ident_pgt
-        convert_pfn_mfn(init_level4_pgt);
+                 * L4[511] -> level3_kernel_pgt */
+                convert_pfn_mfn(init_level4_pgt);
-        /* L3_i[0] -> level2_ident_pgt */
-        convert_pfn_mfn(level3_ident_pgt);
+                /* L3_i[0] -> level2_ident_pgt */
-        /* L3_k[510] -> level2_kernel_pgt
+                convert_pfn_mfn(level3_ident_pgt);
-         * L3_i[511] -> level2_fixmap_pgt */
+                /* L3_k[510] -> level2_kernel_pgt
-        convert_pfn_mfn(level3_kernel_pgt);
+                 * L3_i[511] -> level2_fixmap_pgt */
+                convert_pfn_mfn(level3_kernel_pgt);
+        }
        /* We get [511][511] and have Xen's version of level2_kernel_pgt */
        l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
        l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud);
@@ -1918,31 +1928,33 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
        copy_page(level2_fixmap_pgt, l2);
        /* Note that we don't do anything with level1_fixmap_pgt which
         * we don't need. */
+        if (!xen_feature(XENFEAT_auto_translated_physmap)) {
+                /* Make pagetable pieces RO */
+                set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
+                set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
+                set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
+                set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
+                set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO);
+                set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
+                set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
+                /* Pin down new L4 */
+                pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
+                                  PFN_DOWN(__pa_symbol(init_level4_pgt)));
+                /* Unpin Xen-provided one */
+                pin_pagetable_pfn(MMUEXT_UNPIN_TABLE, PFN_DOWN(__pa(pgd)));
-        /* Make pagetable pieces RO */
+                /*
-        set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
+                 * At this stage there can be no user pgd, and no page
-        set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
+                 * structure to attach it to, so make sure we just set kernel
-        set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
+                 * pgd.
-        set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
+                 */
-        set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO);
+                xen_mc_batch();
-        set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
+                __xen_write_cr3(true, __pa(init_level4_pgt));
-        set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
+                xen_mc_issue(PARAVIRT_LAZY_CPU);
+        } else
-        /* Pin down new L4 */
+                native_write_cr3(__pa(init_level4_pgt));
-        pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
-                          PFN_DOWN(__pa_symbol(init_level4_pgt)));
-        /* Unpin Xen-provided one */
-        pin_pagetable_pfn(MMUEXT_UNPIN_TABLE, PFN_DOWN(__pa(pgd)));
-        /*
-         * At this stage there can be no user pgd, and no page
-         * structure to attach it to, so make sure we just set kernel
-         * pgd.
-         */
-        xen_mc_batch();
-        __xen_write_cr3(true, __pa(init_level4_pgt));
-        xen_mc_issue(PARAVIRT_LAZY_CPU);
        /* We can't that easily rip out L3 and L2, as the Xen pagetables are
         * set out this way: [L4], [L1], [L2], [L3], [L1], [L1] ...  for
@@ -2046,7 +2058,6 @@ static void xen_set_fixmap(unsigned idx, phys_addr_t phys, pgprot_t prot)
        case FIX_RO_IDT:
 #ifdef CONFIG_X86_32
        case FIX_WP_TEST:
-        case FIX_VDSO:
 # ifdef CONFIG_HIGHMEM
        case FIX_KMAP_BEGIN ... FIX_KMAP_END:
 # endif
@@ -2103,6 +2114,9 @@ static void xen_set_fixmap(unsigned idx, phys_addr_t phys, pgprot_t prot)
 static void __init xen_post_allocator_init(void)
 {
+        if (xen_feature(XENFEAT_auto_translated_physmap))
+                return;
        pv_mmu_ops.set_pte = xen_set_pte;
        pv_mmu_ops.set_pmd = xen_set_pmd;
        pv_mmu_ops.set_pud = xen_set_pud;
@@ -2207,6 +2221,15 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
 void __init xen_init_mmu_ops(void)
 {
        x86_init.paging.pagetable_init = xen_pagetable_init;
+        /* Optimization - we can use the HVM one but it has no idea which
+         * VCPUs are descheduled - which means that it will needlessly IPI
+         * them. Xen knows so let it do the job.
+         */
+        if (xen_feature(XENFEAT_auto_translated_physmap)) {
+                pv_mmu_ops.flush_tlb_others = xen_flush_tlb_others;
+                return;
+        }
        pv_mmu_ops = xen_mmu_ops;
        memset(dummy_mapping, 0xff, PAGE_SIZE);
diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c
index 2ae8699e8767..85e5d78c9874 100644
--- a/arch/x86/xen/p2m.c
+++ b/arch/x86/xen/p2m.c
@@ -280,6 +280,9 @@ void __ref xen_build_mfn_list_list(void)
 {
        unsigned long pfn;
+        if (xen_feature(XENFEAT_auto_translated_physmap))
+                return;
        /* Pre-initialize p2m_top_mfn to be completely missing */
        if (p2m_top_mfn == NULL) {
                p2m_mid_missing_mfn = extend_brk(PAGE_SIZE, PAGE_SIZE);
@@ -336,6 +339,9 @@ void __ref xen_build_mfn_list_list(void)
 void xen_setup_mfn_list_list(void)
 {
+        if (xen_feature(XENFEAT_auto_translated_physmap))
+                return;
        BUG_ON(HYPERVISOR_shared_info == &xen_dummy_shared_info);
        HYPERVISOR_shared_info->arch.pfn_to_mfn_frame_list_list =
@@ -346,10 +352,15 @@ void xen_setup_mfn_list_list(void)
 /* Set up p2m_top to point to the domain-builder provided p2m pages */
 void __init xen_build_dynamic_phys_to_machine(void)
 {
-        unsigned long *mfn_list = (unsigned long *)xen_start_info->mfn_list;
+        unsigned long *mfn_list;
-        unsigned long max_pfn = min(MAX_DOMAIN_PAGES, xen_start_info->nr_pages);
+        unsigned long max_pfn;
        unsigned long pfn;
+         if (xen_feature(XENFEAT_auto_translated_physmap))
+                return;
+        mfn_list = (unsigned long *)xen_start_info->mfn_list;
+        max_pfn = min(MAX_DOMAIN_PAGES, xen_start_info->nr_pages);
        xen_max_p2m_pfn = max_pfn;
        p2m_missing = extend_brk(PAGE_SIZE, PAGE_SIZE);
@@ -870,6 +881,65 @@ static unsigned long mfn_hash(unsigned long mfn)
        return hash_long(mfn, M2P_OVERRIDE_HASH_SHIFT);
 }
+int set_foreign_p2m_mapping(struct gnttab_map_grant_ref *map_ops,
+                            struct gnttab_map_grant_ref *kmap_ops,
+                            struct page **pages, unsigned int count)
+{
+        int i, ret = 0;
+        bool lazy = false;
+        pte_t *pte;
+        if (xen_feature(XENFEAT_auto_translated_physmap))
+                return 0;
+        if (kmap_ops &&
+            !in_interrupt() &&
+            paravirt_get_lazy_mode() == PARAVIRT_LAZY_NONE) {
+                arch_enter_lazy_mmu_mode();
+                lazy = true;
+        }
+        for (i = 0; i < count; i++) {
+                unsigned long mfn, pfn;
+                /* Do not add to override if the map failed. */
+                if (map_ops[i].status)
+                        continue;
+                if (map_ops[i].flags & GNTMAP_contains_pte) {
+                        pte = (pte_t *) (mfn_to_virt(PFN_DOWN(map_ops[i].host_addr)) +
+                                (map_ops[i].host_addr & ~PAGE_MASK));
+                        mfn = pte_mfn(*pte);
+                } else {
+                        mfn = PFN_DOWN(map_ops[i].dev_bus_addr);
+                }
+                pfn = page_to_pfn(pages[i]);
+                WARN_ON(PagePrivate(pages[i]));
+                SetPagePrivate(pages[i]);
+                set_page_private(pages[i], mfn);
+                pages[i]->index = pfn_to_mfn(pfn);
+                if (unlikely(!set_phys_to_machine(pfn, FOREIGN_FRAME(mfn)))) {
+                        ret = -ENOMEM;
+                        goto out;
+                }
+                if (kmap_ops) {
+                        ret = m2p_add_override(mfn, pages[i], &kmap_ops[i]);
+                        if (ret)
+                                goto out;
+                }
+        }
+out:
+        if (lazy)
+                arch_leave_lazy_mmu_mode();
+        return ret;
+}
+EXPORT_SYMBOL_GPL(set_foreign_p2m_mapping);
 /* Add an MFN override for a particular page */
 int m2p_add_override(unsigned long mfn, struct page *page,
                struct gnttab_map_grant_ref *kmap_op)
@@ -888,13 +958,6 @@ int m2p_add_override(unsigned long mfn, struct page *page,
                                        "m2p_add_override: pfn %lx not mapped", pfn))
                        return -EINVAL;
        }
-        WARN_ON(PagePrivate(page));
-        SetPagePrivate(page);
-        set_page_private(page, mfn);
-        page->index = pfn_to_mfn(pfn);
-        if (unlikely(!set_phys_to_machine(pfn, FOREIGN_FRAME(mfn))))
-                return -ENOMEM;
        if (kmap_op != NULL) {
                if (!PageHighMem(page)) {
@@ -932,20 +995,62 @@ int m2p_add_override(unsigned long mfn, struct page *page,
        return 0;
 }
 EXPORT_SYMBOL_GPL(m2p_add_override);
+int clear_foreign_p2m_mapping(struct gnttab_unmap_grant_ref *unmap_ops,
+                              struct gnttab_map_grant_ref *kmap_ops,
+                              struct page **pages, unsigned int count)
+{
+        int i, ret = 0;
+        bool lazy = false;
+        if (xen_feature(XENFEAT_auto_translated_physmap))
+                return 0;
+        if (kmap_ops &&
+            !in_interrupt() &&
+            paravirt_get_lazy_mode() == PARAVIRT_LAZY_NONE) {
+                arch_enter_lazy_mmu_mode();
+                lazy = true;
+        }
+        for (i = 0; i < count; i++) {
+                unsigned long mfn = get_phys_to_machine(page_to_pfn(pages[i]));
+                unsigned long pfn = page_to_pfn(pages[i]);
+                if (mfn == INVALID_P2M_ENTRY || !(mfn & FOREIGN_FRAME_BIT)) {
+                        ret = -EINVAL;
+                        goto out;
+                }
+                set_page_private(pages[i], INVALID_P2M_ENTRY);
+                WARN_ON(!PagePrivate(pages[i]));
+                ClearPagePrivate(pages[i]);
+                set_phys_to_machine(pfn, pages[i]->index);
+                if (kmap_ops)
+                        ret = m2p_remove_override(pages[i], &kmap_ops[i], mfn);
+                if (ret)
+                        goto out;
+        }
+out:
+        if (lazy)
+                arch_leave_lazy_mmu_mode();
+        return ret;
+}
+EXPORT_SYMBOL_GPL(clear_foreign_p2m_mapping);
 int m2p_remove_override(struct page *page,
-                struct gnttab_map_grant_ref *kmap_op)
+                        struct gnttab_map_grant_ref *kmap_op,
+                        unsigned long mfn)
 {
        unsigned long flags;
-        unsigned long mfn;
        unsigned long pfn;
        unsigned long uninitialized_var(address);
        unsigned level;
        pte_t *ptep = NULL;
        pfn = page_to_pfn(page);
-        mfn = get_phys_to_machine(pfn);
-        if (mfn == INVALID_P2M_ENTRY || !(mfn & FOREIGN_FRAME_BIT))
-                return -EINVAL;
        if (!PageHighMem(page)) {
                address = (unsigned long)__va(pfn << PAGE_SHIFT);
@@ -959,10 +1064,7 @@ int m2p_remove_override(struct page *page,
        spin_lock_irqsave(&m2p_override_lock, flags);
        list_del(&page->lru);
        spin_unlock_irqrestore(&m2p_override_lock, flags);
-        WARN_ON(!PagePrivate(page));
-        ClearPagePrivate(page);
-        set_phys_to_machine(pfn, page->index);
        if (kmap_op != NULL) {
                if (!PageHighMem(page)) {
                        struct multicall_space mcs;
diff --git a/arch/x86/xen/platform-pci-unplug.c b/arch/x86/xen/platform-pci-unplug.c
index 0a7852483ffe..a8261716d58d 100644
--- a/arch/x86/xen/platform-pci-unplug.c
+++ b/arch/x86/xen/platform-pci-unplug.c
@@ -30,10 +30,9 @@
 #define XEN_PLATFORM_ERR_PROTOCOL -2
 #define XEN_PLATFORM_ERR_BLACKLIST -3
-/* store the value of xen_emul_unplug after the unplug is done */
-int xen_platform_pci_unplug;
-EXPORT_SYMBOL_GPL(xen_platform_pci_unplug);
 #ifdef CONFIG_XEN_PVHVM
+/* store the value of xen_emul_unplug after the unplug is done */
+static int xen_platform_pci_unplug;
 static int xen_emul_unplug;
 static int check_platform_magic(void)
@@ -69,6 +68,80 @@ static int check_platform_magic(void)
        return 0;
 }
+bool xen_has_pv_devices()
+{
+        if (!xen_domain())
+                return false;
+        /* PV domains always have them. */
+        if (xen_pv_domain())
+                return true;
+        /* And user has xen_platform_pci=0 set in guest config as
+         * driver did not modify the value. */
+        if (xen_platform_pci_unplug == 0)
+                return false;
+        if (xen_platform_pci_unplug & XEN_UNPLUG_NEVER)
+                return false;
+        if (xen_platform_pci_unplug & XEN_UNPLUG_ALL)
+                return true;
+        /* This is an odd one - we are going to run legacy
+         * and PV drivers at the same time. */
+        if (xen_platform_pci_unplug & XEN_UNPLUG_UNNECESSARY)
+                return true;
+        /* And the caller has to follow with xen_pv_{disk,nic}_devices
+         * to be certain which driver can load. */
+        return false;
+}
+EXPORT_SYMBOL_GPL(xen_has_pv_devices);
+static bool __xen_has_pv_device(int state)
+{
+        /* HVM domains might or might not */
+        if (xen_hvm_domain() && (xen_platform_pci_unplug & state))
+                return true;
+        return xen_has_pv_devices();
+}
+bool xen_has_pv_nic_devices(void)
+{
+        return __xen_has_pv_device(XEN_UNPLUG_ALL_NICS | XEN_UNPLUG_ALL);
+}
+EXPORT_SYMBOL_GPL(xen_has_pv_nic_devices);
+bool xen_has_pv_disk_devices(void)
+{
+        return __xen_has_pv_device(XEN_UNPLUG_ALL_IDE_DISKS |
+                                   XEN_UNPLUG_AUX_IDE_DISKS | XEN_UNPLUG_ALL);
+}
+EXPORT_SYMBOL_GPL(xen_has_pv_disk_devices);
+/*
+ * This one is odd - it determines whether you want to run PV _and_
+ * legacy (IDE) drivers together. This combination is only possible
+ * under HVM.
+ */
+bool xen_has_pv_and_legacy_disk_devices(void)
+{
+        if (!xen_domain())
+                return false;
+        /* N.B. This is only ever used in HVM mode */
+        if (xen_pv_domain())
+                return false;
+        if (xen_platform_pci_unplug & XEN_UNPLUG_UNNECESSARY)
+                return true;
+        return false;
+}
+EXPORT_SYMBOL_GPL(xen_has_pv_and_legacy_disk_devices);
 void xen_unplug_emulated_devices(void)
 {
        int r;
diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
index 68c054f59de6..0982233b9b84 100644
--- a/arch/x86/xen/setup.c
+++ b/arch/x86/xen/setup.c
@@ -27,6 +27,7 @@
 #include <xen/interface/memory.h>
 #include <xen/interface/physdev.h>
 #include <xen/features.h>
+#include "mmu.h"
 #include "xen-ops.h"
 #include "vdso.h"
@@ -34,7 +35,7 @@
 extern const char xen_hypervisor_callback[];
 extern const char xen_failsafe_callback[];
 #ifdef CONFIG_X86_64
-extern const char nmi[];
+extern asmlinkage void nmi(void);
 #endif
 extern void xen_sysenter_target(void);
 extern void xen_syscall_target(void);
@@ -81,6 +82,9 @@ static void __init xen_add_extra_mem(u64 start, u64 size)
        memblock_reserve(start, size);
+        if (xen_feature(XENFEAT_auto_translated_physmap))
+                return;
        xen_max_p2m_pfn = PFN_DOWN(start + size);
        for (pfn = PFN_DOWN(start); pfn < xen_max_p2m_pfn; pfn++) {
                unsigned long mfn = pfn_to_mfn(pfn);
@@ -103,6 +107,7 @@ static unsigned long __init xen_do_chunk(unsigned long start,
                .domid        = DOMID_SELF
        };
        unsigned long len = 0;
+        int xlated_phys = xen_feature(XENFEAT_auto_translated_physmap);
        unsigned long pfn;
        int ret;
@@ -116,7 +121,7 @@ static unsigned long __init xen_do_chunk(unsigned long start,
                                continue;
                        frame = mfn;
                } else {
-                        if (mfn != INVALID_P2M_ENTRY)
+                        if (!xlated_phys && mfn != INVALID_P2M_ENTRY)
                                continue;
                        frame = pfn;
                }
@@ -154,6 +159,13 @@ static unsigned long __init xen_do_chunk(unsigned long start,
 static unsigned long __init xen_release_chunk(unsigned long start,
                                              unsigned long end)
 {
+        /*
+         * Xen already ballooned out the E820 non RAM regions for us
+         * and set them up properly in EPT.
+         */
+        if (xen_feature(XENFEAT_auto_translated_physmap))
+                return end - start;
        return xen_do_chunk(start, end, true);
 }
@@ -222,7 +234,13 @@ static void __init xen_set_identity_and_release_chunk(
         * (except for the ISA region which must be 1:1 mapped) to
         * release the refcounts (in Xen) on the original frames.
         */
-        for (pfn = start_pfn; pfn <= max_pfn_mapped && pfn < end_pfn; pfn++) {
+        /*
+         * PVH E820 matches the hypervisor's P2M which means we need to
+         * account for the proper values of *release and *identity.
+         */
+        for (pfn = start_pfn; !xen_feature(XENFEAT_auto_translated_physmap) &&
+             pfn <= max_pfn_mapped && pfn < end_pfn; pfn++) {
                pte_t pte = __pte_ma(0);
                if (pfn < PFN_UP(ISA_END_ADDRESS))
@@ -559,20 +577,17 @@ void xen_enable_syscall(void)
 void xen_enable_nmi(void)
 {
 #ifdef CONFIG_X86_64
-        if (register_callback(CALLBACKTYPE_nmi, nmi))
+        if (register_callback(CALLBACKTYPE_nmi, (char *)nmi))
                BUG();
 #endif
 }
-void __init xen_arch_setup(void)
+void __init xen_pvmmu_arch_setup(void)
 {
-        xen_panic_handler_init();
        HYPERVISOR_vm_assist(VMASST_CMD_enable, VMASST_TYPE_4gb_segments);
        HYPERVISOR_vm_assist(VMASST_CMD_enable, VMASST_TYPE_writable_pagetables);
-        if (!xen_feature(XENFEAT_auto_translated_physmap))
+        HYPERVISOR_vm_assist(VMASST_CMD_enable,
-                HYPERVISOR_vm_assist(VMASST_CMD_enable,
+                             VMASST_TYPE_pae_extended_cr3);
-                                     VMASST_TYPE_pae_extended_cr3);
        if (register_callback(CALLBACKTYPE_event, xen_hypervisor_callback) ||
            register_callback(CALLBACKTYPE_failsafe, xen_failsafe_callback))
@@ -581,6 +596,15 @@ void __init xen_arch_setup(void)
        xen_enable_sysenter();
        xen_enable_syscall();
        xen_enable_nmi();
+}
+/* This function is not called for HVM domains */
+void __init xen_arch_setup(void)
+{
+        xen_panic_handler_init();
+        if (!xen_feature(XENFEAT_auto_translated_physmap))
+                xen_pvmmu_arch_setup();
 #ifdef CONFIG_ACPI
        if (!(xen_start_info->flags & SIF_INITDOMAIN)) {
                printk(KERN_INFO "ACPI in unprivileged domain disabled\n");
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index c36b325abd83..a18eadd8bb40 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -73,9 +73,11 @@ static void cpu_bringup(void)
        touch_softlockup_watchdog();
        preempt_disable();
-        xen_enable_sysenter();
+        /* PVH runs in ring 0 and allows us to do native syscalls. Yay! */
-        xen_enable_syscall();
+        if (!xen_feature(XENFEAT_supervisor_mode_kernel)) {
+                xen_enable_sysenter();
+                xen_enable_syscall();
+        }
        cpu = smp_processor_id();
        smp_store_cpu_info(cpu);
        cpu_data(cpu).x86_max_cores = 1;
@@ -97,8 +99,14 @@ static void cpu_bringup(void)
        wmb();                  /* make sure everything is out */
 }
-static void cpu_bringup_and_idle(void)
+/* Note: cpu parameter is only relevant for PVH */
+static void cpu_bringup_and_idle(int cpu)
 {
+#ifdef CONFIG_X86_64
+        if (xen_feature(XENFEAT_auto_translated_physmap) &&
+            xen_feature(XENFEAT_supervisor_mode_kernel))
+                xen_pvh_secondary_vcpu_init(cpu);
+#endif
        cpu_bringup();
        cpu_startup_entry(CPUHP_ONLINE);
 }
@@ -274,9 +282,10 @@ static void __init xen_smp_prepare_boot_cpu(void)
        native_smp_prepare_boot_cpu();
        if (xen_pv_domain()) {
-                /* We've switched to the "real" per-cpu gdt, so make sure the
+                if (!xen_feature(XENFEAT_writable_page_tables))
-                   old memory can be recycled */
+                        /* We've switched to the "real" per-cpu gdt, so make
-                make_lowmem_page_readwrite(xen_initial_gdt);
+                         * sure the old memory can be recycled. */
+                        make_lowmem_page_readwrite(xen_initial_gdt);
 #ifdef CONFIG_X86_32
                /*
@@ -360,22 +369,21 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
        gdt = get_cpu_gdt_table(cpu);
-        ctxt->flags = VGCF_IN_KERNEL;
-        ctxt->user_regs.ss = __KERNEL_DS;
 #ifdef CONFIG_X86_32
+        /* Note: PVH is not yet supported on x86_32. */
        ctxt->user_regs.fs = __KERNEL_PERCPU;
        ctxt->user_regs.gs = __KERNEL_STACK_CANARY;
-#else
-        ctxt->gs_base_kernel = per_cpu_offset(cpu);
 #endif
        ctxt->user_regs.eip = (unsigned long)cpu_bringup_and_idle;
        memset(&ctxt->fpu_ctxt, 0, sizeof(ctxt->fpu_ctxt));
-        {
+        if (!xen_feature(XENFEAT_auto_translated_physmap)) {
+                ctxt->flags = VGCF_IN_KERNEL;
                ctxt->user_regs.eflags = 0x1000; /* IOPL_RING1 */
                ctxt->user_regs.ds = __USER_DS;
                ctxt->user_regs.es = __USER_DS;
+                ctxt->user_regs.ss = __KERNEL_DS;
                xen_copy_trap_info(ctxt->trap_ctxt);
@@ -396,18 +404,27 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
 #ifdef CONFIG_X86_32
                ctxt->event_callback_cs     = __KERNEL_CS;
                ctxt->failsafe_callback_cs  = __KERNEL_CS;
+#else
+                ctxt->gs_base_kernel = per_cpu_offset(cpu);
 #endif
                ctxt->event_callback_eip    =
                                        (unsigned long)xen_hypervisor_callback;
                ctxt->failsafe_callback_eip =
                                        (unsigned long)xen_failsafe_callback;
+                ctxt->user_regs.cs = __KERNEL_CS;
+                per_cpu(xen_cr3, cpu) = __pa(swapper_pg_dir);
+#ifdef CONFIG_X86_32
        }
-        ctxt->user_regs.cs = __KERNEL_CS;
+#else
+        } else
+                /* N.B. The user_regs.eip (cpu_bringup_and_idle) is called with
+                 * %rdi having the cpu number - which means are passing in
+                 * as the first parameter the cpu. Subtle!
+                 */
+                ctxt->user_regs.rdi = cpu;
+#endif
        ctxt->user_regs.esp = idle->thread.sp0 - sizeof(struct pt_regs);
-        per_cpu(xen_cr3, cpu) = __pa(swapper_pg_dir);
        ctxt->ctrlreg[3] = xen_pfn_to_cr3(virt_to_mfn(swapper_pg_dir));
        if (HYPERVISOR_vcpu_op(VCPUOP_initialise, cpu, ctxt))
                BUG();
diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
index 0e36cde12f7e..4d3acc34a998 100644
--- a/arch/x86/xen/spinlock.c
+++ b/arch/x86/xen/spinlock.c
@@ -106,7 +106,7 @@ static DEFINE_PER_CPU(struct xen_lock_waiting, lock_waiting);
 static cpumask_t waiting_cpus;
 static bool xen_pvspin = true;
-static void xen_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
+__visible void xen_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
 {
        int irq = __this_cpu_read(lock_kicker_irq);
        struct xen_lock_waiting *w = &__get_cpu_var(lock_waiting);
@@ -183,7 +183,7 @@ static void xen_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
        local_irq_save(flags);
-        kstat_incr_irqs_this_cpu(irq, irq_to_desc(irq));
+        kstat_incr_irq_this_cpu(irq);
 out:
        cpumask_clear_cpu(cpu, &waiting_cpus);
        w->lock = NULL;
diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c
index 12a1ca707b94..7b78f88c1707 100644
--- a/arch/x86/xen/time.c
+++ b/arch/x86/xen/time.c
@@ -446,6 +446,7 @@ void xen_setup_timer(int cpu)
                                      IRQF_PERCPU|IRQF_NOBALANCING|IRQF_TIMER|
                                      IRQF_FORCE_RESUME,
                                      name, NULL);
+        (void)xen_set_irq_priority(irq, XEN_IRQ_PRIORITY_MAX);
        memcpy(evt, xen_clockevent, sizeof(*evt));
diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
index 7faed5869e5b..485b69585540 100644
--- a/arch/x86/xen/xen-head.S
+++ b/arch/x86/xen/xen-head.S
@@ -11,8 +11,28 @@
 #include <asm/page_types.h>
 #include <xen/interface/elfnote.h>
+#include <xen/interface/features.h>
 #include <asm/xen/interface.h>
+#ifdef CONFIG_XEN_PVH
+#define PVH_FEATURES_STR  "|writable_descriptor_tables|auto_translated_physmap|supervisor_mode_kernel"
+/* Note the lack of 'hvm_callback_vector'. Older hypervisor will
+ * balk at this being part of XEN_ELFNOTE_FEATURES, so we put it in
+ * XEN_ELFNOTE_SUPPORTED_FEATURES which older hypervisors will ignore.
+ */
+#define PVH_FEATURES ((1 << XENFEAT_writable_page_tables) | \
+                      (1 << XENFEAT_auto_translated_physmap) | \
+                      (1 << XENFEAT_supervisor_mode_kernel) | \
+                      (1 << XENFEAT_hvm_callback_vector))
+/* The XENFEAT_writable_page_tables is not stricly neccessary as we set that
+ * up regardless whether this CONFIG option is enabled or not, but it
+ * clarifies what the right flags need to be.
+ */
+#else
+#define PVH_FEATURES_STR  ""
+#define PVH_FEATURES (0)
+#endif
        __INIT
 ENTRY(startup_xen)
        cld
@@ -95,7 +115,10 @@ NEXT_HYPERCALL(arch_6)
 #endif
        ELFNOTE(Xen, XEN_ELFNOTE_ENTRY,          _ASM_PTR startup_xen)
        ELFNOTE(Xen, XEN_ELFNOTE_HYPERCALL_PAGE, _ASM_PTR hypercall_page)
-        ELFNOTE(Xen, XEN_ELFNOTE_FEATURES,       .asciz "!writable_page_tables|pae_pgdir_above_4gb")
+        ELFNOTE(Xen, XEN_ELFNOTE_FEATURES,       .ascii "!writable_page_tables|pae_pgdir_above_4gb"; .asciz PVH_FEATURES_STR)
+        ELFNOTE(Xen, XEN_ELFNOTE_SUPPORTED_FEATURES, .long (PVH_FEATURES) |
+                                                (1 << XENFEAT_writable_page_tables) |
+                                                (1 << XENFEAT_dom0))
        ELFNOTE(Xen, XEN_ELFNOTE_PAE_MODE,       .asciz "yes")
        ELFNOTE(Xen, XEN_ELFNOTE_LOADER,         .asciz "generic")
        ELFNOTE(Xen, XEN_ELFNOTE_L1_MFN_VALID,
diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
index 95f8c6142328..1cb6f4c37300 100644
--- a/arch/x86/xen/xen-ops.h
+++ b/arch/x86/xen/xen-ops.h
@@ -123,4 +123,5 @@ __visible void xen_adjust_exception_frame(void);
 extern int xen_panic_handler_init(void);
+void xen_pvh_secondary_vcpu_init(int cpu);
 #endif /* XEN_OPS_H */