29 files changed, 263 insertions, 148 deletions

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 940e50ebfafa..0af5250d914f 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -444,6 +444,7 @@ config X86_INTEL_MID
         bool "Intel MID platform support"
         depends on X86_32
         depends on X86_EXTENDED_PLATFORM
+        depends on X86_PLATFORM_DEVICES
         depends on PCI
         depends on PCI_GOANY
         depends on X86_IO_APIC
@@ -1051,9 +1052,9 @@ config MICROCODE_INTEL
           This options enables microcode patch loading support for Intel
           processors.
 
-          For latest news and information on obtaining all the required
-          Intel ingredients for this driver, check:
-          <http://www.urbanmyth.org/microcode/>.
+          For the current Intel microcode data package go to
+          <https://downloadcenter.intel.com> and search for
+          'Linux Processor Microcode Data File'.
 
 config MICROCODE_AMD
         bool "AMD microcode loading support"
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 0f3621ed1db6..321a52ccf63a 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -184,6 +184,7 @@ config HAVE_MMIOTRACE_SUPPORT
 config X86_DECODER_SELFTEST
         bool "x86 instruction decoder selftest"
         depends on DEBUG_KERNEL && KPROBES
+        depends on !COMPILE_TEST
         ---help---
          Perform x86 instruction decoder selftests at build time.
          This option is useful for checking the sanity of x86 instruction
diff --git a/arch/x86/include/asm/amd_nb.h b/arch/x86/include/asm/amd_nb.h
index a54ee1d054d9..aaac3b2fb746 100644
--- a/arch/x86/include/asm/amd_nb.h
+++ b/arch/x86/include/asm/amd_nb.h
@@ -19,7 +19,7 @@ extern int amd_cache_northbridges(void);
 extern void amd_flush_garts(void);
 extern int amd_numa_init(void);
 extern int amd_get_subcaches(int);
-extern int amd_set_subcaches(int, int);
+extern int amd_set_subcaches(int, unsigned long);
 
 struct amd_l3_cache {
         unsigned indices;
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
index 3b978c472d08..3d6b9f81cc68 100644
--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -132,6 +132,8 @@ extern void __init efi_map_region_fixed(efi_memory_desc_t *md);
 extern void efi_sync_low_kernel_mappings(void);
 extern void efi_setup_page_tables(void);
 extern void __init old_map_region(efi_memory_desc_t *md);
+extern void __init runtime_code_page_mkexec(void);
+extern void __init efi_runtime_mkexec(void);
 
 struct efi_setup_data {
         u64 fw_vendor;
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index bbc8b12fa443..5ad38ad07890 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -445,10 +445,20 @@ static inline int pte_same(pte_t a, pte_t b)
         return a.pte == b.pte;
 }
 
+static inline int pteval_present(pteval_t pteval)
+{
+        /*
+         * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this
+         * way clearly states that the intent is that protnone and numa
+         * hinting ptes are considered present for the purposes of
+         * pagetable operations like zapping, protection changes, gup etc.
+         */
+        return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA);
+}
+
 static inline int pte_present(pte_t a)
 {
-        return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE |
-                               _PAGE_NUMA);
+        return pteval_present(pte_flags(a));
 }
 
 #define pte_accessible pte_accessible
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index e6d90babc245..04905bfc508b 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -62,7 +62,7 @@ static inline void __flush_tlb_all(void)
 
 static inline void __flush_tlb_one(unsigned long addr)
 {
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ONE);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
         __flush_tlb_single(addr);
 }
 
@@ -93,13 +93,13 @@ static inline void __flush_tlb_one(unsigned long addr)
  */
 static inline void __flush_tlb_up(void)
 {
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
         __flush_tlb();
 }
 
 static inline void flush_tlb_all(void)
 {
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
         __flush_tlb_all();
 }
 
diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h
index 787e1bb5aafc..3e276eb23d1b 100644
--- a/arch/x86/include/asm/xen/page.h
+++ b/arch/x86/include/asm/xen/page.h
@@ -52,8 +52,7 @@ extern unsigned long set_phys_range_identity(unsigned long pfn_s,
 extern int m2p_add_override(unsigned long mfn, struct page *page,
                             struct gnttab_map_grant_ref *kmap_op);
 extern int m2p_remove_override(struct page *page,
-                               struct gnttab_map_grant_ref *kmap_op,
-                               unsigned long mfn);
+                                struct gnttab_map_grant_ref *kmap_op);
 extern struct page *m2p_find_override(unsigned long mfn);
 extern unsigned long m2p_find_override_pfn(unsigned long mfn, unsigned long pfn);
 
@@ -122,7 +121,7 @@ static inline unsigned long mfn_to_pfn(unsigned long mfn)
                 pfn = m2p_find_override_pfn(mfn, ~0);
         }
 
-        /*
+        /* 
          * pfn is ~0 if there are no entries in the m2p for mfn or if the
          * entry doesn't map back to the mfn and m2p_override doesn't have a
          * valid entry for it.
diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
index 59554dca96ec..dec8de4e1663 100644
--- a/arch/x86/kernel/amd_nb.c
+++ b/arch/x86/kernel/amd_nb.c
@@ -179,7 +179,7 @@ int amd_get_subcaches(int cpu)
         return (mask >> (4 * cuid)) & 0xf;
 }
 
-int amd_set_subcaches(int cpu, int mask)
+int amd_set_subcaches(int cpu, unsigned long mask)
 {
         static unsigned int reset, ban;
         struct amd_northbridge *nb = node_to_amd_nb(amd_get_nb_id(cpu));
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index d3153e281d72..c67ffa686064 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -767,10 +767,7 @@ static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size)
 
 static void cpu_set_tlb_flushall_shift(struct cpuinfo_x86 *c)
 {
-        tlb_flushall_shift = 5;
-
-        if (c->x86 <= 0x11)
-                tlb_flushall_shift = 4;
+        tlb_flushall_shift = 6;
 }
 
 static void cpu_detect_tlb_amd(struct cpuinfo_x86 *c)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 24b6fd10625a..8e28bf2fc3ef 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -284,8 +284,13 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
         raw_local_save_flags(eflags);
         BUG_ON(eflags & X86_EFLAGS_AC);
 
-        if (cpu_has(c, X86_FEATURE_SMAP))
+        if (cpu_has(c, X86_FEATURE_SMAP)) {
+#ifdef CONFIG_X86_SMAP
                 set_in_cr4(X86_CR4_SMAP);
+#else
+                clear_in_cr4(X86_CR4_SMAP);
+#endif
+        }
 }
 
 /*
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 3db61c644e44..5cd9bfabd645 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -640,21 +640,17 @@ static void intel_tlb_flushall_shift_set(struct cpuinfo_x86 *c)
         case 0x61d: /* six-core 45 nm xeon "Dunnington" */
                 tlb_flushall_shift = -1;
                 break;
+        case 0x63a: /* Ivybridge */
+                tlb_flushall_shift = 2;
+                break;
         case 0x61a: /* 45 nm nehalem, "Bloomfield" */
         case 0x61e: /* 45 nm nehalem, "Lynnfield" */
         case 0x625: /* 32 nm nehalem, "Clarkdale" */
         case 0x62c: /* 32 nm nehalem, "Gulftown" */
         case 0x62e: /* 45 nm nehalem-ex, "Beckton" */
         case 0x62f: /* 32 nm Xeon E7 */
-                tlb_flushall_shift = 6;
-                break;
         case 0x62a: /* SandyBridge */
         case 0x62d: /* SandyBridge, "Romely-EP" */
-                tlb_flushall_shift = 5;
-                break;
-        case 0x63a: /* Ivybridge */
-                tlb_flushall_shift = 1;
-                break;
         default:
                 tlb_flushall_shift = 6;
         }
diff --git a/arch/x86/kernel/cpu/microcode/amd_early.c b/arch/x86/kernel/cpu/microcode/amd_early.c
index 8384c0fa206f..617a9e284245 100644
--- a/arch/x86/kernel/cpu/microcode/amd_early.c
+++ b/arch/x86/kernel/cpu/microcode/amd_early.c
@@ -285,6 +285,15 @@ static void __init collect_cpu_sig_on_bsp(void *arg)
 
         uci->cpu_sig.sig = cpuid_eax(0x00000001);
 }
+
+static void __init get_bsp_sig(void)
+{
+        unsigned int bsp = boot_cpu_data.cpu_index;
+        struct ucode_cpu_info *uci = ucode_cpu_info + bsp;
+
+        if (!uci->cpu_sig.sig)
+                smp_call_function_single(bsp, collect_cpu_sig_on_bsp, NULL, 1);
+}
 #else
 void load_ucode_amd_ap(void)
 {
@@ -337,31 +346,37 @@ void load_ucode_amd_ap(void)
 
 int __init save_microcode_in_initrd_amd(void)
 {
+        unsigned long cont;
         enum ucode_state ret;
         u32 eax;
 
-#ifdef CONFIG_X86_32
-        unsigned int bsp = boot_cpu_data.cpu_index;
-        struct ucode_cpu_info *uci = ucode_cpu_info + bsp;
-
-        if (!uci->cpu_sig.sig)
-                smp_call_function_single(bsp, collect_cpu_sig_on_bsp, NULL, 1);
+        if (!container)
+                return -EINVAL;
 
+#ifdef CONFIG_X86_32
+        get_bsp_sig();
+        cont = (unsigned long)container;
+#else
         /*
-         * Take into account the fact that the ramdisk might get relocated
-         * and therefore we need to recompute the container's position in
-         * virtual memory space.
+         * We need the physical address of the container for both bitness since
+         * boot_params.hdr.ramdisk_image is a physical address.
          */
-        container = (u8 *)(__va((u32)relocated_ramdisk) +
-                           ((u32)container - boot_params.hdr.ramdisk_image));
+        cont = __pa(container);
 #endif
+
+        /*
+         * Take into account the fact that the ramdisk might get relocated and
+         * therefore we need to recompute the container's position in virtual
+         * memory space.
+         */
+        if (relocated_ramdisk)
+                container = (u8 *)(__va(relocated_ramdisk) +
+                             (cont - boot_params.hdr.ramdisk_image));
+
         if (ucode_new_rev)
                 pr_info("microcode: updated early to new patch_level=0x%08x\n",
                         ucode_new_rev);
 
-        if (!container)
-                return -EINVAL;
-
         eax   = cpuid_eax(0x00000001);
         eax   = ((eax >> 8) & 0xf) + ((eax >> 20) & 0xff);
 
diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c
index ce2d0a2c3e4f..0e25a1bc5ab5 100644
--- a/arch/x86/kernel/cpu/mtrr/generic.c
+++ b/arch/x86/kernel/cpu/mtrr/generic.c
@@ -683,7 +683,7 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
         }
 
         /* Flush all TLBs via a mov %cr3, %reg; mov %reg, %cr3 */
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
         __flush_tlb();
 
         /* Save MTRR state */
@@ -697,7 +697,7 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
 static void post_set(void) __releases(set_atomicity_lock)
 {
         /* Flush TLBs (no need to flush caches - they are disabled) */
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
         __flush_tlb();
 
         /* Intel (P6) standard MTRRs */
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index d4bdd253fea7..e6253195a301 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -77,8 +77,7 @@ within(unsigned long addr, unsigned long start, unsigned long end)
         return addr >= start && addr < end;
 }
 
-static int
-do_ftrace_mod_code(unsigned long ip, const void *new_code)
+static unsigned long text_ip_addr(unsigned long ip)
 {
         /*
          * On x86_64, kernel text mappings are mapped read-only with
@@ -91,7 +90,7 @@ do_ftrace_mod_code(unsigned long ip, const void *new_code)
         if (within(ip, (unsigned long)_text, (unsigned long)_etext))
                 ip = (unsigned long)__va(__pa_symbol(ip));
 
-        return probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE);
+        return ip;
 }
 
 static const unsigned char *ftrace_nop_replace(void)
@@ -123,8 +122,10 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
         if (memcmp(replaced, old_code, MCOUNT_INSN_SIZE) != 0)
                 return -EINVAL;
 
+        ip = text_ip_addr(ip);
+
         /* replace the text with the new text */
-        if (do_ftrace_mod_code(ip, new_code))
+        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
                 return -EPERM;
 
         sync_core();
@@ -221,37 +222,51 @@ int ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr,
         return -EINVAL;
 }
 
-int ftrace_update_ftrace_func(ftrace_func_t func)
+static unsigned long ftrace_update_func;
+
+static int update_ftrace_func(unsigned long ip, void *new)
 {
-        unsigned long ip = (unsigned long)(&ftrace_call);
-        unsigned char old[MCOUNT_INSN_SIZE], *new;
+        unsigned char old[MCOUNT_INSN_SIZE];
         int ret;
 
-        memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
-        new = ftrace_call_replace(ip, (unsigned long)func);
+        memcpy(old, (void *)ip, MCOUNT_INSN_SIZE);
+
+        ftrace_update_func = ip;
+        /* Make sure the breakpoints see the ftrace_update_func update */
+        smp_wmb();
 
         /* See comment above by declaration of modifying_ftrace_code */
         atomic_inc(&modifying_ftrace_code);
 
         ret = ftrace_modify_code(ip, old, new);
 
+        atomic_dec(&modifying_ftrace_code);
+
+        return ret;
+}
+
+int ftrace_update_ftrace_func(ftrace_func_t func)
+{
+        unsigned long ip = (unsigned long)(&ftrace_call);
+        unsigned char *new;
+        int ret;
+
+        new = ftrace_call_replace(ip, (unsigned long)func);
+        ret = update_ftrace_func(ip, new);
+
         /* Also update the regs callback function */
         if (!ret) {
                 ip = (unsigned long)(&ftrace_regs_call);
-                memcpy(old, &ftrace_regs_call, MCOUNT_INSN_SIZE);
                 new = ftrace_call_replace(ip, (unsigned long)func);
-                ret = ftrace_modify_code(ip, old, new);
+                ret = update_ftrace_func(ip, new);
         }
 
-        atomic_dec(&modifying_ftrace_code);
-
         return ret;
 }
 
 static int is_ftrace_caller(unsigned long ip)
 {
-        if (ip == (unsigned long)(&ftrace_call) ||
-                ip == (unsigned long)(&ftrace_regs_call))
+        if (ip == ftrace_update_func)
                 return 1;
 
         return 0;
@@ -677,45 +692,41 @@ int __init ftrace_dyn_arch_init(void *data)
 #ifdef CONFIG_DYNAMIC_FTRACE
 extern void ftrace_graph_call(void);
 
-static int ftrace_mod_jmp(unsigned long ip,
-                          int old_offset, int new_offset)
+static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr)
 {
-        unsigned char code[MCOUNT_INSN_SIZE];
+        static union ftrace_code_union calc;
 
-        if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
-                return -EFAULT;
+        /* Jmp not a call (ignore the .e8) */
+        calc.e8         = 0xe9;
+        calc.offset     = ftrace_calc_offset(ip + MCOUNT_INSN_SIZE, addr);
 
-        if (code[0] != 0xe9 || old_offset != *(int *)(&code[1]))
-                return -EINVAL;
+        /*
+         * ftrace external locks synchronize the access to the static variable.
+         */
+        return calc.code;
+}
 
-        *(int *)(&code[1]) = new_offset;
+static int ftrace_mod_jmp(unsigned long ip, void *func)
+{
+        unsigned char *new;
 
-        if (do_ftrace_mod_code(ip, &code))
-                return -EPERM;
+        new = ftrace_jmp_replace(ip, (unsigned long)func);
 
-        return 0;
+        return update_ftrace_func(ip, new);
 }
 
 int ftrace_enable_ftrace_graph_caller(void)
 {
         unsigned long ip = (unsigned long)(&ftrace_graph_call);
-        int old_offset, new_offset;
 
-        old_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
-        new_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
-
-        return ftrace_mod_jmp(ip, old_offset, new_offset);
+        return ftrace_mod_jmp(ip, &ftrace_graph_caller);
 }
 
 int ftrace_disable_ftrace_graph_caller(void)
 {
         unsigned long ip = (unsigned long)(&ftrace_graph_call);
-        int old_offset, new_offset;
-
-        old_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
-        new_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
 
-        return ftrace_mod_jmp(ip, old_offset, new_offset);
+        return ftrace_mod_jmp(ip, &ftrace_stub);
 }
 
 #endif /* !CONFIG_DYNAMIC_FTRACE */
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index dbb60878b744..d99f31d9a750 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -266,6 +266,14 @@ __visible void smp_trace_x86_platform_ipi(struct pt_regs *regs)
 EXPORT_SYMBOL_GPL(vector_used_by_percpu_irq);
 
 #ifdef CONFIG_HOTPLUG_CPU
+
+/* These two declarations are only used in check_irq_vectors_for_cpu_disable()
+ * below, which is protected by stop_machine().  Putting them on the stack
+ * results in a stack frame overflow.  Dynamically allocating could result in a
+ * failure so declare these two cpumasks as global.
+ */
+static struct cpumask affinity_new, online_new;
+
 /*
  * This cpu is going to be removed and its vectors migrated to the remaining
  * online cpus.  Check to see if there are enough vectors in the remaining cpus.
@@ -277,7 +285,6 @@ int check_irq_vectors_for_cpu_disable(void)
         unsigned int this_cpu, vector, this_count, count;
         struct irq_desc *desc;
         struct irq_data *data;
-        struct cpumask affinity_new, online_new;
 
         this_cpu = smp_processor_id();
         cpumask_copy(&online_new, cpu_online_mask);
diff --git a/arch/x86/kernel/quirks.c b/arch/x86/kernel/quirks.c
index 04ee1e2e4c02..7c6acd4b8995 100644
--- a/arch/x86/kernel/quirks.c
+++ b/arch/x86/kernel/quirks.c
@@ -571,3 +571,40 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_NB_F5,
                         quirk_amd_nb_node);
 
 #endif
+
+#ifdef CONFIG_PCI
+/*
+ * Processor does not ensure DRAM scrub read/write sequence
+ * is atomic wrt accesses to CC6 save state area. Therefore
+ * if a concurrent scrub read/write access is to same address
+ * the entry may appear as if it is not written. This quirk
+ * applies to Fam16h models 00h-0Fh
+ *
+ * See "Revision Guide" for AMD F16h models 00h-0fh,
+ * document 51810 rev. 3.04, Nov 2013
+ */
+static void amd_disable_seq_and_redirect_scrub(struct pci_dev *dev)
+{
+        u32 val;
+
+        /*
+         * Suggested workaround:
+         * set D18F3x58[4:0] = 00h and set D18F3x5C[0] = 0b
+         */
+        pci_read_config_dword(dev, 0x58, &val);
+        if (val & 0x1F) {
+                val &= ~(0x1F);
+                pci_write_config_dword(dev, 0x58, val);
+        }
+
+        pci_read_config_dword(dev, 0x5C, &val);
+        if (val & BIT(0)) {
+                val &= ~BIT(0);
+                pci_write_config_dword(dev, 0x5c, val);
+        }
+}
+
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_NB_F3,
+                        amd_disable_seq_and_redirect_scrub);
+
+#endif
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 19e5adb49a27..acb3b606613e 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -209,7 +209,7 @@ static inline unsigned long long cycles_2_ns(unsigned long long cyc)
          * dance when its actually needed.
          */
 
-        preempt_disable();
+        preempt_disable_notrace();
         data = this_cpu_read(cyc2ns.head);
         tail = this_cpu_read(cyc2ns.tail);
 
@@ -229,7 +229,7 @@ static inline unsigned long long cycles_2_ns(unsigned long long cyc)
                 if (!--data->__count)
                         this_cpu_write(cyc2ns.tail, data);
         }
-        preempt_enable();
+        preempt_enable_notrace();
 
         return ns;
 }
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 9d591c895803..6dea040cc3a1 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -1001,6 +1001,12 @@ static int fault_in_kernel_space(unsigned long address)
 
 static inline bool smap_violation(int error_code, struct pt_regs *regs)
 {
+        if (!IS_ENABLED(CONFIG_X86_SMAP))
+                return false;
+
+        if (!static_cpu_has(X86_FEATURE_SMAP))
+                return false;
+
         if (error_code & PF_USER)
                 return false;
 
@@ -1087,11 +1093,9 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
         if (unlikely(error_code & PF_RSVD))
                 pgtable_bad(regs, error_code, address);
 
-        if (static_cpu_has(X86_FEATURE_SMAP)) {
-                if (unlikely(smap_violation(error_code, regs))) {
-                        bad_area_nosemaphore(regs, error_code, address);
-                        return;
-                }
+        if (unlikely(smap_violation(error_code, regs))) {
+                bad_area_nosemaphore(regs, error_code, address);
+                return;
         }
 
         /*
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
index 81b2750f3666..27aa0455fab3 100644
--- a/arch/x86/mm/numa.c
+++ b/arch/x86/mm/numa.c
@@ -493,14 +493,6 @@ static int __init numa_register_memblks(struct numa_meminfo *mi)
                 struct numa_memblk *mb = &mi->blk[i];
                 memblock_set_node(mb->start, mb->end - mb->start,
                                   &memblock.memory, mb->nid);
-
-                /*
-                 * At this time, all memory regions reserved by memblock are
-                 * used by the kernel. Set the nid in memblock.reserved will
-                 * mark out all the nodes the kernel resides in.
-                 */
-                memblock_set_node(mb->start, mb->end - mb->start,
-                                  &memblock.reserved, mb->nid);
         }
 
         /*
@@ -565,10 +557,21 @@ static void __init numa_init_array(void)
 static void __init numa_clear_kernel_node_hotplug(void)
 {
         int i, nid;
-        nodemask_t numa_kernel_nodes;
+        nodemask_t numa_kernel_nodes = NODE_MASK_NONE;
         unsigned long start, end;
         struct memblock_type *type = &memblock.reserved;
 
+        /*
+         * At this time, all memory regions reserved by memblock are
+         * used by the kernel. Set the nid in memblock.reserved will
+         * mark out all the nodes the kernel resides in.
+         */
+        for (i = 0; i < numa_meminfo.nr_blks; i++) {
+                struct numa_memblk *mb = &numa_meminfo.blk[i];
+                memblock_set_node(mb->start, mb->end - mb->start,
+                                  &memblock.reserved, mb->nid);
+        }
+
         /* Mark all kernel nodes. */
         for (i = 0; i < type->cnt; i++)
                 node_set(type->regions[i].nid, numa_kernel_nodes);
diff --git a/arch/x86/mm/numa_32.c b/arch/x86/mm/numa_32.c
index 0342d27ca798..47b6436e41c2 100644
--- a/arch/x86/mm/numa_32.c
+++ b/arch/x86/mm/numa_32.c
@@ -52,6 +52,8 @@ void memory_present(int nid, unsigned long start, unsigned long end)
                         nid, start, end);
         printk(KERN_DEBUG "  Setting physnode_map array to node %d for pfns:\n", nid);
         printk(KERN_DEBUG "  ");
+        start = round_down(start, PAGES_PER_SECTION);
+        end = round_up(end, PAGES_PER_SECTION);
         for (pfn = start; pfn < end; pfn += PAGES_PER_SECTION) {
                 physnode_map[pfn / PAGES_PER_SECTION] = nid;
                 printk(KERN_CONT "%lx ", pfn);
diff --git a/arch/x86/mm/srat.c b/arch/x86/mm/srat.c
index 1a25187e151e..1953e9c9391a 100644
--- a/arch/x86/mm/srat.c
+++ b/arch/x86/mm/srat.c
@@ -42,15 +42,25 @@ static __init inline int srat_disabled(void)
         return acpi_numa < 0;
 }
 
-/* Callback for SLIT parsing */
+/*
+ * Callback for SLIT parsing.  pxm_to_node() returns NUMA_NO_NODE for
+ * I/O localities since SRAT does not list them.  I/O localities are
+ * not supported at this point.
+ */
 void __init acpi_numa_slit_init(struct acpi_table_slit *slit)
 {
         int i, j;
 
-        for (i = 0; i < slit->locality_count; i++)
-                for (j = 0; j < slit->locality_count; j++)
+        for (i = 0; i < slit->locality_count; i++) {
+                if (pxm_to_node(i) == NUMA_NO_NODE)
+                        continue;
+                for (j = 0; j < slit->locality_count; j++) {
+                        if (pxm_to_node(j) == NUMA_NO_NODE)
+                                continue;
                         numa_set_distance(pxm_to_node(i), pxm_to_node(j),
                                 slit->entry[slit->locality_count * i + j]);
+                }
+        }
 }
 
 /* Callback for Proximity Domain -> x2APIC mapping */
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index ae699b3bbac8..dd8dda167a24 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -103,7 +103,7 @@ static void flush_tlb_func(void *info)
         if (f->flush_mm != this_cpu_read(cpu_tlbstate.active_mm))
                 return;
 
-        count_vm_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
         if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK) {
                 if (f->flush_end == TLB_FLUSH_ALL)
                         local_flush_tlb();
@@ -131,7 +131,7 @@ void native_flush_tlb_others(const struct cpumask *cpumask,
         info.flush_start = start;
         info.flush_end = end;
 
-        count_vm_event(NR_TLB_REMOTE_FLUSH);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH);
         if (is_uv_system()) {
                 unsigned int cpu;
 
@@ -151,44 +151,19 @@ void flush_tlb_current_task(void)
 
         preempt_disable();
 
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
         local_flush_tlb();
         if (cpumask_any_but(mm_cpumask(mm), smp_processor_id()) < nr_cpu_ids)
                 flush_tlb_others(mm_cpumask(mm), mm, 0UL, TLB_FLUSH_ALL);
         preempt_enable();
 }
 
-/*
- * It can find out the THP large page, or
- * HUGETLB page in tlb_flush when THP disabled
- */
-static inline unsigned long has_large_page(struct mm_struct *mm,
-                                 unsigned long start, unsigned long end)
-{
-        pgd_t *pgd;
-        pud_t *pud;
-        pmd_t *pmd;
-        unsigned long addr = ALIGN(start, HPAGE_SIZE);
-        for (; addr < end; addr += HPAGE_SIZE) {
-                pgd = pgd_offset(mm, addr);
-                if (likely(!pgd_none(*pgd))) {
-                        pud = pud_offset(pgd, addr);
-                        if (likely(!pud_none(*pud))) {
-                                pmd = pmd_offset(pud, addr);
-                                if (likely(!pmd_none(*pmd)))
-                                        if (pmd_large(*pmd))
-                                                return addr;
-                        }
-                }
-        }
-        return 0;
-}
-
 void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
                                 unsigned long end, unsigned long vmflag)
 {
         unsigned long addr;
         unsigned act_entries, tlb_entries = 0;
+        unsigned long nr_base_pages;
 
         preempt_disable();
         if (current->active_mm != mm)
@@ -210,21 +185,20 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
                 tlb_entries = tlb_lli_4k[ENTRIES];
         else
                 tlb_entries = tlb_lld_4k[ENTRIES];
+
         /* Assume all of TLB entries was occupied by this task */
-        act_entries = mm->total_vm > tlb_entries ? tlb_entries : mm->total_vm;
+        act_entries = tlb_entries >> tlb_flushall_shift;
+        act_entries = mm->total_vm > act_entries ? act_entries : mm->total_vm;
+        nr_base_pages = (end - start) >> PAGE_SHIFT;
 
         /* tlb_flushall_shift is on balance point, details in commit log */
-        if ((end - start) >> PAGE_SHIFT > act_entries >> tlb_flushall_shift) {
-                count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        if (nr_base_pages > act_entries) {
+                count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
                 local_flush_tlb();
         } else {
-                if (has_large_page(mm, start, end)) {
-                        local_flush_tlb();
-                        goto flush_all;
-                }
                 /* flush range by one by one 'invlpg' */
                 for (addr = start; addr < end;  addr += PAGE_SIZE) {
-                        count_vm_event(NR_TLB_LOCAL_FLUSH_ONE);
+                        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
                         __flush_tlb_single(addr);
                 }
 
@@ -262,7 +236,7 @@ void flush_tlb_page(struct vm_area_struct *vma, unsigned long start)
 
 static void do_flush_tlb_all(void *info)
 {
-        count_vm_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
         __flush_tlb_all();
         if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_LAZY)
                 leave_mm(smp_processor_id());
@@ -270,7 +244,7 @@ static void do_flush_tlb_all(void *info)
 
 void flush_tlb_all(void)
 {
-        count_vm_event(NR_TLB_REMOTE_FLUSH);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH);
         on_each_cpu(do_flush_tlb_all, NULL, 1);
 }
 
diff --git a/arch/x86/platform/efi/efi-bgrt.c b/arch/x86/platform/efi/efi-bgrt.c
index 7145ec63c520..f15103dff4b4 100644
--- a/arch/x86/platform/efi/efi-bgrt.c
+++ b/arch/x86/platform/efi/efi-bgrt.c
@@ -42,14 +42,15 @@ void __init efi_bgrt_init(void)
 
         if (bgrt_tab->header.length < sizeof(*bgrt_tab))
                 return;
-        if (bgrt_tab->version != 1)
+        if (bgrt_tab->version != 1 || bgrt_tab->status != 1)
                 return;
         if (bgrt_tab->image_type != 0 || !bgrt_tab->image_address)
                 return;
 
         image = efi_lookup_mapped_addr(bgrt_tab->image_address);
         if (!image) {
-                image = ioremap(bgrt_tab->image_address, sizeof(bmp_header));
+                image = early_memremap(bgrt_tab->image_address,
+                                       sizeof(bmp_header));
                 ioremapped = true;
                 if (!image)
                         return;
@@ -57,7 +58,7 @@ void __init efi_bgrt_init(void)
 
         memcpy_fromio(&bmp_header, image, sizeof(bmp_header));
         if (ioremapped)
-                iounmap(image);
+                early_iounmap(image, sizeof(bmp_header));
         bgrt_image_size = bmp_header.size;
 
         bgrt_image = kmalloc(bgrt_image_size, GFP_KERNEL);
@@ -65,7 +66,8 @@ void __init efi_bgrt_init(void)
                 return;
 
         if (ioremapped) {
-                image = ioremap(bgrt_tab->image_address, bmp_header.size);
+                image = early_memremap(bgrt_tab->image_address,
+                                       bmp_header.size);
                 if (!image) {
                         kfree(bgrt_image);
                         bgrt_image = NULL;
@@ -75,5 +77,5 @@ void __init efi_bgrt_init(void)
 
         memcpy_fromio(bgrt_image, image, bgrt_image_size);
         if (ioremapped)
-                iounmap(image);
+                early_iounmap(image, bmp_header.size);
 }
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index d62ec87a2b26..1a201ac7cef8 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -792,7 +792,7 @@ void __init efi_set_executable(efi_memory_desc_t *md, bool executable)
                 set_memory_nx(addr, npages);
 }
 
-static void __init runtime_code_page_mkexec(void)
+void __init runtime_code_page_mkexec(void)
 {
         efi_memory_desc_t *md;
         void *p;
@@ -1069,8 +1069,7 @@ void __init efi_enter_virtual_mode(void)
         efi.update_capsule = virt_efi_update_capsule;
         efi.query_capsule_caps = virt_efi_query_capsule_caps;
 
-        if (efi_enabled(EFI_OLD_MEMMAP) && (__supported_pte_mask & _PAGE_NX))
-                runtime_code_page_mkexec();
+        efi_runtime_mkexec();
 
         kfree(new_memmap);
 
diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
index 249b183cf417..0b74cdf7f816 100644
--- a/arch/x86/platform/efi/efi_32.c
+++ b/arch/x86/platform/efi/efi_32.c
@@ -77,3 +77,9 @@ void efi_call_phys_epilog(void)
 
         local_irq_restore(efi_rt_eflags);
 }
+
+void __init efi_runtime_mkexec(void)
+{
+        if (__supported_pte_mask & _PAGE_NX)
+                runtime_code_page_mkexec();
+}
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
index 6284f158a47d..0c2a234fef1e 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -233,3 +233,12 @@ void __init parse_efi_setup(u64 phys_addr, u32 data_len)
 {
         efi_setup = phys_addr + sizeof(struct setup_data);
 }
+
+void __init efi_runtime_mkexec(void)
+{
+        if (!efi_enabled(EFI_OLD_MEMMAP))
+                return;
+
+        if (__supported_pte_mask & _PAGE_NX)
+                runtime_code_page_mkexec();
+}
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index a4d7b647867f..201d09a7c46b 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1473,6 +1473,18 @@ static void xen_pvh_set_cr_flags(int cpu)
          * X86_CR0_TS, X86_CR0_PE, X86_CR0_ET are set by Xen for HVM guests
          * (which PVH shared codepaths), while X86_CR0_PG is for PVH. */
         write_cr0(read_cr0() | X86_CR0_MP | X86_CR0_NE | X86_CR0_WP | X86_CR0_AM);
+
+        if (!cpu)
+                return;
+        /*
+         * For BSP, PSE PGE are set in probe_page_size_mask(), for APs
+         * set them here. For all, OSFXSR OSXMMEXCPT are set in fpu_init.
+        */
+        if (cpu_has_pse)
+                set_in_cr4(X86_CR4_PSE);
+
+        if (cpu_has_pge)
+                set_in_cr4(X86_CR4_PGE);
 }
 
 /*
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 2423ef04ffea..256282e7888b 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr,
 /* Assume pteval_t is equivalent to all the other *val_t types. */
 static pteval_t pte_mfn_to_pfn(pteval_t val)
 {
-        if (val & _PAGE_PRESENT) {
+        if (pteval_present(val)) {
                 unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
                 unsigned long pfn = mfn_to_pfn(mfn);
 
@@ -381,7 +381,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
 
 static pteval_t pte_pfn_to_mfn(pteval_t val)
 {
-        if (val & _PAGE_PRESENT) {
+        if (pteval_present(val)) {
                 unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
                 pteval_t flags = val & PTE_FLAGS_MASK;
                 unsigned long mfn;
diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c
index 8009acbe41e4..696c694986d0 100644
--- a/arch/x86/xen/p2m.c
+++ b/arch/x86/xen/p2m.c
@@ -899,6 +899,13 @@ int m2p_add_override(unsigned long mfn, struct page *page,
                                         "m2p_add_override: pfn %lx not mapped", pfn))
                         return -EINVAL;
         }
+        WARN_ON(PagePrivate(page));
+        SetPagePrivate(page);
+        set_page_private(page, mfn);
+        page->index = pfn_to_mfn(pfn);
+
+        if (unlikely(!set_phys_to_machine(pfn, FOREIGN_FRAME(mfn))))
+                return -ENOMEM;
 
         if (kmap_op != NULL) {
                 if (!PageHighMem(page)) {
@@ -937,16 +944,19 @@ int m2p_add_override(unsigned long mfn, struct page *page,
 }
 EXPORT_SYMBOL_GPL(m2p_add_override);
 int m2p_remove_override(struct page *page,
-                        struct gnttab_map_grant_ref *kmap_op,
-                        unsigned long mfn)
+                struct gnttab_map_grant_ref *kmap_op)
 {
         unsigned long flags;
+        unsigned long mfn;
         unsigned long pfn;
         unsigned long uninitialized_var(address);
         unsigned level;
         pte_t *ptep = NULL;
 
         pfn = page_to_pfn(page);
+        mfn = get_phys_to_machine(pfn);
+        if (mfn == INVALID_P2M_ENTRY || !(mfn & FOREIGN_FRAME_BIT))
+                return -EINVAL;
 
         if (!PageHighMem(page)) {
                 address = (unsigned long)__va(pfn << PAGE_SHIFT);
@@ -960,7 +970,10 @@ int m2p_remove_override(struct page *page,
         spin_lock_irqsave(&m2p_override_lock, flags);
         list_del(&page->lru);
         spin_unlock_irqrestore(&m2p_override_lock, flags);
+        WARN_ON(!PagePrivate(page));
+        ClearPagePrivate(page);
 
+        set_phys_to_machine(pfn, page->index);
         if (kmap_op != NULL) {
                 if (!PageHighMem(page)) {
                         struct multicall_space mcs;