136 files changed, 6820 insertions, 3339 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 68f5578fe38e..cf42fc305419 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -46,6 +46,7 @@ config X86
        select HAVE_KERNEL_GZIP
        select HAVE_KERNEL_BZIP2
        select HAVE_KERNEL_LZMA
+        select HAVE_ARCH_KMEMCHECK
 config OUTPUT_FORMAT
        string
@@ -789,10 +790,26 @@ config X86_MCE
          to disable it.  MCE support simply ignores non-MCE processors like
          the 386 and 486, so nearly everyone can say Y here.
+config X86_OLD_MCE
+        depends on X86_32 && X86_MCE
+        bool "Use legacy machine check code (will go away)"
+        default n
+        select X86_ANCIENT_MCE
+        ---help---
+          Use the old i386 machine check code. This is merely intended for
+          testing in a transition period. Try this if you run into any machine
+          check related software problems, but report the problem to
+          linux-kernel.  When in doubt say no.
+config X86_NEW_MCE
+        depends on X86_MCE
+        bool
+        default y if (!X86_OLD_MCE && X86_32) || X86_64
 config X86_MCE_INTEL
        def_bool y
        prompt "Intel MCE features"
-        depends on X86_64 && X86_MCE && X86_LOCAL_APIC
+        depends on X86_NEW_MCE && X86_LOCAL_APIC
        ---help---
           Additional support for intel specific MCE features such as
           the thermal monitor.
@@ -800,19 +817,36 @@ config X86_MCE_INTEL
 config X86_MCE_AMD
        def_bool y
        prompt "AMD MCE features"
-        depends on X86_64 && X86_MCE && X86_LOCAL_APIC
+        depends on X86_NEW_MCE && X86_LOCAL_APIC
        ---help---
           Additional support for AMD specific MCE features such as
           the DRAM Error Threshold.
+config X86_ANCIENT_MCE
+        def_bool n
+        depends on X86_32
+        prompt "Support for old Pentium 5 / WinChip machine checks"
+        ---help---
+          Include support for machine check handling on old Pentium 5 or WinChip
+          systems. These typically need to be enabled explicitely on the command
+          line.
 config X86_MCE_THRESHOLD
        depends on X86_MCE_AMD || X86_MCE_INTEL
        bool
        default y
+config X86_MCE_INJECT
+        depends on X86_NEW_MCE
+        tristate "Machine check injector support"
+        ---help---
+          Provide support for injecting machine checks for testing purposes.
+          If you don't know what a machine check is and you don't do kernel
+          QA it is safe to say n.
 config X86_MCE_NONFATAL
        tristate "Check for non-fatal errors on AMD Athlon/Duron / Intel Pentium 4"
-        depends on X86_32 && X86_MCE
+        depends on X86_OLD_MCE
        ---help---
          Enabling this feature starts a timer that triggers every 5 seconds which
          will look at the machine check registers to see if anything happened.
@@ -825,11 +859,15 @@ config X86_MCE_NONFATAL
 config X86_MCE_P4THERMAL
        bool "check for P4 thermal throttling interrupt."
-        depends on X86_32 && X86_MCE && (X86_UP_APIC || SMP)
+        depends on X86_OLD_MCE && X86_MCE && (X86_UP_APIC || SMP)
        ---help---
          Enabling this feature will cause a message to be printed when the P4
          enters thermal throttling.
+config X86_THERMAL_VECTOR
+        def_bool y
+        depends on X86_MCE_P4THERMAL || X86_MCE_INTEL
 config VM86
        bool "Enable VM86 support" if EMBEDDED
        default y
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index edbd0ca62067..1b68659c41b4 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -81,6 +81,11 @@ ifdef CONFIG_CC_STACKPROTECTOR
        endif
 endif
+# Don't unroll struct assignments with kmemcheck enabled
+ifeq ($(CONFIG_KMEMCHECK),y)
+        KBUILD_CFLAGS += $(call cc-option,-fno-builtin-memcpy)
+endif
 # Stackpointer is addressed different for 32 bit and 64 bit x86
 sp-$(CONFIG_X86_32) := esp
 sp-$(CONFIG_X86_64) := rsp
diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
index ebe7deedd5b4..cfb0010fa940 100644
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -2,6 +2,8 @@
 # Arch-specific CryptoAPI modules.
 #
+obj-$(CONFIG_CRYPTO_FPU) += fpu.o
 obj-$(CONFIG_CRYPTO_AES_586) += aes-i586.o
 obj-$(CONFIG_CRYPTO_TWOFISH_586) += twofish-i586.o
 obj-$(CONFIG_CRYPTO_SALSA20_586) += salsa20-i586.o
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index 02af0af65497..4e663398f77f 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -21,6 +21,22 @@
 #include <asm/i387.h>
 #include <asm/aes.h>
+#if defined(CONFIG_CRYPTO_CTR) || defined(CONFIG_CRYPTO_CTR_MODULE)
+#define HAS_CTR
+#endif
+#if defined(CONFIG_CRYPTO_LRW) || defined(CONFIG_CRYPTO_LRW_MODULE)
+#define HAS_LRW
+#endif
+#if defined(CONFIG_CRYPTO_PCBC) || defined(CONFIG_CRYPTO_PCBC_MODULE)
+#define HAS_PCBC
+#endif
+#if defined(CONFIG_CRYPTO_XTS) || defined(CONFIG_CRYPTO_XTS_MODULE)
+#define HAS_XTS
+#endif
 struct async_aes_ctx {
        struct cryptd_ablkcipher *cryptd_tfm;
 };
@@ -137,6 +153,41 @@ static struct crypto_alg aesni_alg = {
        }
 };
+static void __aes_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+{
+        struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
+        aesni_enc(ctx, dst, src);
+}
+static void __aes_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+{
+        struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
+        aesni_dec(ctx, dst, src);
+}
+static struct crypto_alg __aesni_alg = {
+        .cra_name               = "__aes-aesni",
+        .cra_driver_name        = "__driver-aes-aesni",
+        .cra_priority           = 0,
+        .cra_flags              = CRYPTO_ALG_TYPE_CIPHER,
+        .cra_blocksize          = AES_BLOCK_SIZE,
+        .cra_ctxsize            = sizeof(struct crypto_aes_ctx)+AESNI_ALIGN-1,
+        .cra_alignmask          = 0,
+        .cra_module             = THIS_MODULE,
+        .cra_list               = LIST_HEAD_INIT(__aesni_alg.cra_list),
+        .cra_u  = {
+                .cipher = {
+                        .cia_min_keysize        = AES_MIN_KEY_SIZE,
+                        .cia_max_keysize        = AES_MAX_KEY_SIZE,
+                        .cia_setkey             = aes_set_key,
+                        .cia_encrypt            = __aes_encrypt,
+                        .cia_decrypt            = __aes_decrypt
+                }
+        }
+};
 static int ecb_encrypt(struct blkcipher_desc *desc,
                       struct scatterlist *dst, struct scatterlist *src,
                       unsigned int nbytes)
@@ -277,8 +328,16 @@ static int ablk_set_key(struct crypto_ablkcipher *tfm, const u8 *key,
                        unsigned int key_len)
 {
        struct async_aes_ctx *ctx = crypto_ablkcipher_ctx(tfm);
+        struct crypto_ablkcipher *child = &ctx->cryptd_tfm->base;
+        int err;
-        return crypto_ablkcipher_setkey(&ctx->cryptd_tfm->base, key, key_len);
+        crypto_ablkcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+        crypto_ablkcipher_set_flags(child, crypto_ablkcipher_get_flags(tfm)
+                                    & CRYPTO_TFM_REQ_MASK);
+        err = crypto_ablkcipher_setkey(child, key, key_len);
+        crypto_ablkcipher_set_flags(tfm, crypto_ablkcipher_get_flags(child)
+                                    & CRYPTO_TFM_RES_MASK);
+        return err;
 }
 static int ablk_encrypt(struct ablkcipher_request *req)
@@ -411,6 +470,163 @@ static struct crypto_alg ablk_cbc_alg = {
        },
 };
+#ifdef HAS_CTR
+static int ablk_ctr_init(struct crypto_tfm *tfm)
+{
+        struct cryptd_ablkcipher *cryptd_tfm;
+        cryptd_tfm = cryptd_alloc_ablkcipher("fpu(ctr(__driver-aes-aesni))",
+                                             0, 0);
+        if (IS_ERR(cryptd_tfm))
+                return PTR_ERR(cryptd_tfm);
+        ablk_init_common(tfm, cryptd_tfm);
+        return 0;
+}
+static struct crypto_alg ablk_ctr_alg = {
+        .cra_name               = "ctr(aes)",
+        .cra_driver_name        = "ctr-aes-aesni",
+        .cra_priority           = 400,
+        .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
+        .cra_blocksize          = 1,
+        .cra_ctxsize            = sizeof(struct async_aes_ctx),
+        .cra_alignmask          = 0,
+        .cra_type               = &crypto_ablkcipher_type,
+        .cra_module             = THIS_MODULE,
+        .cra_list               = LIST_HEAD_INIT(ablk_ctr_alg.cra_list),
+        .cra_init               = ablk_ctr_init,
+        .cra_exit               = ablk_exit,
+        .cra_u = {
+                .ablkcipher = {
+                        .min_keysize    = AES_MIN_KEY_SIZE,
+                        .max_keysize    = AES_MAX_KEY_SIZE,
+                        .ivsize         = AES_BLOCK_SIZE,
+                        .setkey         = ablk_set_key,
+                        .encrypt        = ablk_encrypt,
+                        .decrypt        = ablk_decrypt,
+                        .geniv          = "chainiv",
+                },
+        },
+};
+#endif
+#ifdef HAS_LRW
+static int ablk_lrw_init(struct crypto_tfm *tfm)
+{
+        struct cryptd_ablkcipher *cryptd_tfm;
+        cryptd_tfm = cryptd_alloc_ablkcipher("fpu(lrw(__driver-aes-aesni))",
+                                             0, 0);
+        if (IS_ERR(cryptd_tfm))
+                return PTR_ERR(cryptd_tfm);
+        ablk_init_common(tfm, cryptd_tfm);
+        return 0;
+}
+static struct crypto_alg ablk_lrw_alg = {
+        .cra_name               = "lrw(aes)",
+        .cra_driver_name        = "lrw-aes-aesni",
+        .cra_priority           = 400,
+        .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
+        .cra_blocksize          = AES_BLOCK_SIZE,
+        .cra_ctxsize            = sizeof(struct async_aes_ctx),
+        .cra_alignmask          = 0,
+        .cra_type               = &crypto_ablkcipher_type,
+        .cra_module             = THIS_MODULE,
+        .cra_list               = LIST_HEAD_INIT(ablk_lrw_alg.cra_list),
+        .cra_init               = ablk_lrw_init,
+        .cra_exit               = ablk_exit,
+        .cra_u = {
+                .ablkcipher = {
+                        .min_keysize    = AES_MIN_KEY_SIZE + AES_BLOCK_SIZE,
+                        .max_keysize    = AES_MAX_KEY_SIZE + AES_BLOCK_SIZE,
+                        .ivsize         = AES_BLOCK_SIZE,
+                        .setkey         = ablk_set_key,
+                        .encrypt        = ablk_encrypt,
+                        .decrypt        = ablk_decrypt,
+                },
+        },
+};
+#endif
+#ifdef HAS_PCBC
+static int ablk_pcbc_init(struct crypto_tfm *tfm)
+{
+        struct cryptd_ablkcipher *cryptd_tfm;
+        cryptd_tfm = cryptd_alloc_ablkcipher("fpu(pcbc(__driver-aes-aesni))",
+                                             0, 0);
+        if (IS_ERR(cryptd_tfm))
+                return PTR_ERR(cryptd_tfm);
+        ablk_init_common(tfm, cryptd_tfm);
+        return 0;
+}
+static struct crypto_alg ablk_pcbc_alg = {
+        .cra_name               = "pcbc(aes)",
+        .cra_driver_name        = "pcbc-aes-aesni",
+        .cra_priority           = 400,
+        .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
+        .cra_blocksize          = AES_BLOCK_SIZE,
+        .cra_ctxsize            = sizeof(struct async_aes_ctx),
+        .cra_alignmask          = 0,
+        .cra_type               = &crypto_ablkcipher_type,
+        .cra_module             = THIS_MODULE,
+        .cra_list               = LIST_HEAD_INIT(ablk_pcbc_alg.cra_list),
+        .cra_init               = ablk_pcbc_init,
+        .cra_exit               = ablk_exit,
+        .cra_u = {
+                .ablkcipher = {
+                        .min_keysize    = AES_MIN_KEY_SIZE,
+                        .max_keysize    = AES_MAX_KEY_SIZE,
+                        .ivsize         = AES_BLOCK_SIZE,
+                        .setkey         = ablk_set_key,
+                        .encrypt        = ablk_encrypt,
+                        .decrypt        = ablk_decrypt,
+                },
+        },
+};
+#endif
+#ifdef HAS_XTS
+static int ablk_xts_init(struct crypto_tfm *tfm)
+{
+        struct cryptd_ablkcipher *cryptd_tfm;
+        cryptd_tfm = cryptd_alloc_ablkcipher("fpu(xts(__driver-aes-aesni))",
+                                             0, 0);
+        if (IS_ERR(cryptd_tfm))
+                return PTR_ERR(cryptd_tfm);
+        ablk_init_common(tfm, cryptd_tfm);
+        return 0;
+}
+static struct crypto_alg ablk_xts_alg = {
+        .cra_name               = "xts(aes)",
+        .cra_driver_name        = "xts-aes-aesni",
+        .cra_priority           = 400,
+        .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
+        .cra_blocksize          = AES_BLOCK_SIZE,
+        .cra_ctxsize            = sizeof(struct async_aes_ctx),
+        .cra_alignmask          = 0,
+        .cra_type               = &crypto_ablkcipher_type,
+        .cra_module             = THIS_MODULE,
+        .cra_list               = LIST_HEAD_INIT(ablk_xts_alg.cra_list),
+        .cra_init               = ablk_xts_init,
+        .cra_exit               = ablk_exit,
+        .cra_u = {
+                .ablkcipher = {
+                        .min_keysize    = 2 * AES_MIN_KEY_SIZE,
+                        .max_keysize    = 2 * AES_MAX_KEY_SIZE,
+                        .ivsize         = AES_BLOCK_SIZE,
+                        .setkey         = ablk_set_key,
+                        .encrypt        = ablk_encrypt,
+                        .decrypt        = ablk_decrypt,
+                },
+        },
+};
+#endif
 static int __init aesni_init(void)
 {
        int err;
@@ -421,6 +637,8 @@ static int __init aesni_init(void)
        }
        if ((err = crypto_register_alg(&aesni_alg)))
                goto aes_err;
+        if ((err = crypto_register_alg(&__aesni_alg)))
+                goto __aes_err;
        if ((err = crypto_register_alg(&blk_ecb_alg)))
                goto blk_ecb_err;
        if ((err = crypto_register_alg(&blk_cbc_alg)))
@@ -429,9 +647,41 @@ static int __init aesni_init(void)
                goto ablk_ecb_err;
        if ((err = crypto_register_alg(&ablk_cbc_alg)))
                goto ablk_cbc_err;
+#ifdef HAS_CTR
+        if ((err = crypto_register_alg(&ablk_ctr_alg)))
+                goto ablk_ctr_err;
+#endif
+#ifdef HAS_LRW
+        if ((err = crypto_register_alg(&ablk_lrw_alg)))
+                goto ablk_lrw_err;
+#endif
+#ifdef HAS_PCBC
+        if ((err = crypto_register_alg(&ablk_pcbc_alg)))
+                goto ablk_pcbc_err;
+#endif
+#ifdef HAS_XTS
+        if ((err = crypto_register_alg(&ablk_xts_alg)))
+                goto ablk_xts_err;
+#endif
        return err;
+#ifdef HAS_XTS
+ablk_xts_err:
+#endif
+#ifdef HAS_PCBC
+        crypto_unregister_alg(&ablk_pcbc_alg);
+ablk_pcbc_err:
+#endif
+#ifdef HAS_LRW
+        crypto_unregister_alg(&ablk_lrw_alg);
+ablk_lrw_err:
+#endif
+#ifdef HAS_CTR
+        crypto_unregister_alg(&ablk_ctr_alg);
+ablk_ctr_err:
+#endif
+        crypto_unregister_alg(&ablk_cbc_alg);
 ablk_cbc_err:
        crypto_unregister_alg(&ablk_ecb_alg);
 ablk_ecb_err:
@@ -439,6 +689,8 @@ ablk_ecb_err:
 blk_cbc_err:
        crypto_unregister_alg(&blk_ecb_alg);
 blk_ecb_err:
+        crypto_unregister_alg(&__aesni_alg);
+__aes_err:
        crypto_unregister_alg(&aesni_alg);
 aes_err:
        return err;
@@ -446,10 +698,23 @@ aes_err:
 static void __exit aesni_exit(void)
 {
+#ifdef HAS_XTS
+        crypto_unregister_alg(&ablk_xts_alg);
+#endif
+#ifdef HAS_PCBC
+        crypto_unregister_alg(&ablk_pcbc_alg);
+#endif
+#ifdef HAS_LRW
+        crypto_unregister_alg(&ablk_lrw_alg);
+#endif
+#ifdef HAS_CTR
+        crypto_unregister_alg(&ablk_ctr_alg);
+#endif
        crypto_unregister_alg(&ablk_cbc_alg);
        crypto_unregister_alg(&ablk_ecb_alg);
        crypto_unregister_alg(&blk_cbc_alg);
        crypto_unregister_alg(&blk_ecb_alg);
+        crypto_unregister_alg(&__aesni_alg);
        crypto_unregister_alg(&aesni_alg);
 }
diff --git a/arch/x86/crypto/fpu.c b/arch/x86/crypto/fpu.c
new file mode 100644
index 000000000000..5f9781a3815f
--- /dev/null
+++ b/arch/x86/crypto/fpu.c
@@ -0,0 +1,166 @@
+/*
+ * FPU: Wrapper for blkcipher touching fpu
+ *
+ * Copyright (c) Intel Corp.
+ *   Author: Huang Ying <ying.huang@intel.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+#include <crypto/algapi.h>
+#include <linux/err.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <asm/i387.h>
+struct crypto_fpu_ctx {
+        struct crypto_blkcipher *child;
+};
+static int crypto_fpu_setkey(struct crypto_tfm *parent, const u8 *key,
+                             unsigned int keylen)
+{
+        struct crypto_fpu_ctx *ctx = crypto_tfm_ctx(parent);
+        struct crypto_blkcipher *child = ctx->child;
+        int err;
+        crypto_blkcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+        crypto_blkcipher_set_flags(child, crypto_tfm_get_flags(parent) &
+                                   CRYPTO_TFM_REQ_MASK);
+        err = crypto_blkcipher_setkey(child, key, keylen);
+        crypto_tfm_set_flags(parent, crypto_blkcipher_get_flags(child) &
+                                     CRYPTO_TFM_RES_MASK);
+        return err;
+}
+static int crypto_fpu_encrypt(struct blkcipher_desc *desc_in,
+                              struct scatterlist *dst, struct scatterlist *src,
+                              unsigned int nbytes)
+{
+        int err;
+        struct crypto_fpu_ctx *ctx = crypto_blkcipher_ctx(desc_in->tfm);
+        struct crypto_blkcipher *child = ctx->child;
+        struct blkcipher_desc desc = {
+                .tfm = child,
+                .info = desc_in->info,
+                .flags = desc_in->flags,
+        };
+        kernel_fpu_begin();
+        err = crypto_blkcipher_crt(desc.tfm)->encrypt(&desc, dst, src, nbytes);
+        kernel_fpu_end();
+        return err;
+}
+static int crypto_fpu_decrypt(struct blkcipher_desc *desc_in,
+                              struct scatterlist *dst, struct scatterlist *src,
+                              unsigned int nbytes)
+{
+        int err;
+        struct crypto_fpu_ctx *ctx = crypto_blkcipher_ctx(desc_in->tfm);
+        struct crypto_blkcipher *child = ctx->child;
+        struct blkcipher_desc desc = {
+                .tfm = child,
+                .info = desc_in->info,
+                .flags = desc_in->flags,
+        };
+        kernel_fpu_begin();
+        err = crypto_blkcipher_crt(desc.tfm)->decrypt(&desc, dst, src, nbytes);
+        kernel_fpu_end();
+        return err;
+}
+static int crypto_fpu_init_tfm(struct crypto_tfm *tfm)
+{
+        struct crypto_instance *inst = crypto_tfm_alg_instance(tfm);
+        struct crypto_spawn *spawn = crypto_instance_ctx(inst);
+        struct crypto_fpu_ctx *ctx = crypto_tfm_ctx(tfm);
+        struct crypto_blkcipher *cipher;
+        cipher = crypto_spawn_blkcipher(spawn);
+        if (IS_ERR(cipher))
+                return PTR_ERR(cipher);
+        ctx->child = cipher;
+        return 0;
+}
+static void crypto_fpu_exit_tfm(struct crypto_tfm *tfm)
+{
+        struct crypto_fpu_ctx *ctx = crypto_tfm_ctx(tfm);
+        crypto_free_blkcipher(ctx->child);
+}
+static struct crypto_instance *crypto_fpu_alloc(struct rtattr **tb)
+{
+        struct crypto_instance *inst;
+        struct crypto_alg *alg;
+        int err;
+        err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
+        if (err)
+                return ERR_PTR(err);
+        alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_BLKCIPHER,
+                                  CRYPTO_ALG_TYPE_MASK);
+        if (IS_ERR(alg))
+                return ERR_CAST(alg);
+        inst = crypto_alloc_instance("fpu", alg);
+        if (IS_ERR(inst))
+                goto out_put_alg;
+        inst->alg.cra_flags = alg->cra_flags;
+        inst->alg.cra_priority = alg->cra_priority;
+        inst->alg.cra_blocksize = alg->cra_blocksize;
+        inst->alg.cra_alignmask = alg->cra_alignmask;
+        inst->alg.cra_type = alg->cra_type;
+        inst->alg.cra_blkcipher.ivsize = alg->cra_blkcipher.ivsize;
+        inst->alg.cra_blkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
+        inst->alg.cra_blkcipher.max_keysize = alg->cra_blkcipher.max_keysize;
+        inst->alg.cra_ctxsize = sizeof(struct crypto_fpu_ctx);
+        inst->alg.cra_init = crypto_fpu_init_tfm;
+        inst->alg.cra_exit = crypto_fpu_exit_tfm;
+        inst->alg.cra_blkcipher.setkey = crypto_fpu_setkey;
+        inst->alg.cra_blkcipher.encrypt = crypto_fpu_encrypt;
+        inst->alg.cra_blkcipher.decrypt = crypto_fpu_decrypt;
+out_put_alg:
+        crypto_mod_put(alg);
+        return inst;
+}
+static void crypto_fpu_free(struct crypto_instance *inst)
+{
+        crypto_drop_spawn(crypto_instance_ctx(inst));
+        kfree(inst);
+}
+static struct crypto_template crypto_fpu_tmpl = {
+        .name = "fpu",
+        .alloc = crypto_fpu_alloc,
+        .free = crypto_fpu_free,
+        .module = THIS_MODULE,
+};
+static int __init crypto_fpu_module_init(void)
+{
+        return crypto_register_template(&crypto_fpu_tmpl);
+}
+static void __exit crypto_fpu_module_exit(void)
+{
+        crypto_unregister_template(&crypto_fpu_tmpl);
+}
+module_init(crypto_fpu_module_init);
+module_exit(crypto_fpu_module_exit);
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("FPU block cipher wrapper");
diff --git a/arch/x86/include/asm/atomic_32.h b/arch/x86/include/asm/atomic_32.h
index aff9f1fcdcd7..8cb9c814e120 100644
--- a/arch/x86/include/asm/atomic_32.h
+++ b/arch/x86/include/asm/atomic_32.h
@@ -483,5 +483,5 @@ atomic64_add_negative(unsigned long long delta, atomic64_t *ptr)
        return old_val < 0;
 }
-#include <asm-generic/atomic.h>
+#include <asm-generic/atomic-long.h>
 #endif /* _ASM_X86_ATOMIC_32_H */
diff --git a/arch/x86/include/asm/atomic_64.h b/arch/x86/include/asm/atomic_64.h
index 8c21731984da..0d6360220007 100644
--- a/arch/x86/include/asm/atomic_64.h
+++ b/arch/x86/include/asm/atomic_64.h
@@ -455,5 +455,5 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2)
 #define smp_mb__before_atomic_inc()     barrier()
 #define smp_mb__after_atomic_inc()      barrier()
-#include <asm-generic/atomic.h>
+#include <asm-generic/atomic-long.h>
 #endif /* _ASM_X86_ATOMIC_64_H */
diff --git a/arch/x86/include/asm/bitsperlong.h b/arch/x86/include/asm/bitsperlong.h
new file mode 100644
index 000000000000..b0ae1c4dc791
--- /dev/null
+++ b/arch/x86/include/asm/bitsperlong.h
@@ -0,0 +1,13 @@
+#ifndef __ASM_X86_BITSPERLONG_H
+#define __ASM_X86_BITSPERLONG_H
+#ifdef __x86_64__
+# define __BITS_PER_LONG 64
+#else
+# define __BITS_PER_LONG 32
+#endif
+#include <asm-generic/bitsperlong.h>
+#endif /* __ASM_X86_BITSPERLONG_H */
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 19af42138f78..4a28d22d4793 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -116,6 +116,8 @@
 #define X86_FEATURE_XMM4_1      (4*32+19) /* "sse4_1" SSE-4.1 */
 #define X86_FEATURE_XMM4_2      (4*32+20) /* "sse4_2" SSE-4.2 */
 #define X86_FEATURE_X2APIC      (4*32+21) /* x2APIC */
+#define X86_FEATURE_MOVBE       (4*32+22) /* MOVBE instruction */
+#define X86_FEATURE_POPCNT      (4*32+23) /* POPCNT instruction */
 #define X86_FEATURE_AES         (4*32+25) /* AES instructions */
 #define X86_FEATURE_XSAVE       (4*32+26) /* XSAVE/XRSTOR/XSETBV/XGETBV */
 #define X86_FEATURE_OSXSAVE     (4*32+27) /* "" XSAVE enabled in the OS */
diff --git a/arch/x86/include/asm/dma-mapping.h b/arch/x86/include/asm/dma-mapping.h
index f82fdc412c64..b93405b228b4 100644
--- a/arch/x86/include/asm/dma-mapping.h
+++ b/arch/x86/include/asm/dma-mapping.h
@@ -6,6 +6,7 @@
 * Documentation/DMA-API.txt for documentation.
 */
+#include <linux/kmemcheck.h>
 #include <linux/scatterlist.h>
 #include <linux/dma-debug.h>
 #include <linux/dma-attrs.h>
@@ -60,6 +61,7 @@ dma_map_single(struct device *hwdev, void *ptr, size_t size,
        dma_addr_t addr;
        BUG_ON(!valid_dma_direction(dir));
+        kmemcheck_mark_initialized(ptr, size);
        addr = ops->map_page(hwdev, virt_to_page(ptr),
                             (unsigned long)ptr & ~PAGE_MASK, size,
                             dir, NULL);
@@ -87,8 +89,12 @@ dma_map_sg(struct device *hwdev, struct scatterlist *sg,
 {
        struct dma_map_ops *ops = get_dma_ops(hwdev);
        int ents;
+        struct scatterlist *s;
+        int i;
        BUG_ON(!valid_dma_direction(dir));
+        for_each_sg(sg, s, nents, i)
+                kmemcheck_mark_initialized(sg_virt(s), s->length);
        ents = ops->map_sg(hwdev, sg, nents, dir, NULL);
        debug_dma_map_sg(hwdev, sg, nents, ents, dir);
@@ -200,6 +206,7 @@ static inline dma_addr_t dma_map_page(struct device *dev, struct page *page,
        dma_addr_t addr;
        BUG_ON(!valid_dma_direction(dir));
+        kmemcheck_mark_initialized(page_address(page) + offset, size);
        addr = ops->map_page(dev, page, offset, size, dir, NULL);
        debug_dma_map_page(dev, page, offset, size, dir, addr, false);
diff --git a/arch/x86/include/asm/entry_arch.h b/arch/x86/include/asm/entry_arch.h
index d750a10ccad6..ff8cbfa07851 100644
--- a/arch/x86/include/asm/entry_arch.h
+++ b/arch/x86/include/asm/entry_arch.h
@@ -14,6 +14,7 @@ BUILD_INTERRUPT(reschedule_interrupt,RESCHEDULE_VECTOR)
 BUILD_INTERRUPT(call_function_interrupt,CALL_FUNCTION_VECTOR)
 BUILD_INTERRUPT(call_function_single_interrupt,CALL_FUNCTION_SINGLE_VECTOR)
 BUILD_INTERRUPT(irq_move_cleanup_interrupt,IRQ_MOVE_CLEANUP_VECTOR)
+BUILD_INTERRUPT(reboot_interrupt,REBOOT_VECTOR)
 BUILD_INTERRUPT3(invalidate_interrupt0,INVALIDATE_TLB_VECTOR_START+0,
                 smp_invalidate_interrupt)
@@ -52,8 +53,16 @@ BUILD_INTERRUPT(spurious_interrupt,SPURIOUS_APIC_VECTOR)
 BUILD_INTERRUPT(perf_pending_interrupt, LOCAL_PENDING_VECTOR)
 #endif
-#ifdef CONFIG_X86_MCE_P4THERMAL
+#ifdef CONFIG_X86_THERMAL_VECTOR
 BUILD_INTERRUPT(thermal_interrupt,THERMAL_APIC_VECTOR)
 #endif
+#ifdef CONFIG_X86_MCE_THRESHOLD
+BUILD_INTERRUPT(threshold_interrupt,THRESHOLD_APIC_VECTOR)
+#endif
+#ifdef CONFIG_X86_NEW_MCE
+BUILD_INTERRUPT(mce_self_interrupt,MCE_SELF_VECTOR)
+#endif
 #endif
diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h
index 9ebc5c255032..82e3e8f01043 100644
--- a/arch/x86/include/asm/hardirq.h
+++ b/arch/x86/include/asm/hardirq.h
@@ -22,7 +22,7 @@ typedef struct {
 #endif
 #ifdef CONFIG_X86_MCE
        unsigned int irq_thermal_count;
-# ifdef CONFIG_X86_64
+# ifdef CONFIG_X86_MCE_THRESHOLD
        unsigned int irq_threshold_count;
 # endif
 #endif
diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h
index 6df45f639666..ba180d93b08c 100644
--- a/arch/x86/include/asm/hw_irq.h
+++ b/arch/x86/include/asm/hw_irq.h
@@ -34,6 +34,7 @@ extern void perf_pending_interrupt(void);
 extern void spurious_interrupt(void);
 extern void thermal_interrupt(void);
 extern void reschedule_interrupt(void);
+extern void mce_self_interrupt(void);
 extern void invalidate_interrupt(void);
 extern void invalidate_interrupt0(void);
@@ -46,6 +47,7 @@ extern void invalidate_interrupt6(void);
 extern void invalidate_interrupt7(void);
 extern void irq_move_cleanup_interrupt(void);
+extern void reboot_interrupt(void);
 extern void threshold_interrupt(void);
 extern void call_function_interrupt(void);
diff --git a/arch/x86/include/asm/irq_vectors.h b/arch/x86/include/asm/irq_vectors.h
index e997be98c9b9..5b21f0ec3df2 100644
--- a/arch/x86/include/asm/irq_vectors.h
+++ b/arch/x86/include/asm/irq_vectors.h
@@ -25,6 +25,7 @@
 */
 #define NMI_VECTOR                      0x02
+#define MCE_VECTOR                      0x12
 /*
 * IDT vectors usable for external interrupt sources start
@@ -87,13 +88,8 @@
 #define CALL_FUNCTION_VECTOR            0xfc
 #define CALL_FUNCTION_SINGLE_VECTOR     0xfb
 #define THERMAL_APIC_VECTOR             0xfa
+#define THRESHOLD_APIC_VECTOR           0xf9
-#ifdef CONFIG_X86_32
+#define REBOOT_VECTOR                   0xf8
-/* 0xf8 - 0xf9 : free */
-#else
-# define THRESHOLD_APIC_VECTOR          0xf9
-# define UV_BAU_MESSAGE                 0xf8
-#endif
 /* f0-f7 used for spreading out TLB flushes: */
 #define INVALIDATE_TLB_VECTOR_END       0xf7
@@ -117,6 +113,13 @@
 */
 #define LOCAL_PENDING_VECTOR            0xec
+#define UV_BAU_MESSAGE                  0xec
+/*
+ * Self IPI vector for machine checks
+ */
+#define MCE_SELF_VECTOR                 0xeb
 /*
 * First APIC vector available to drivers: (vectors 0x30-0xee) we
 * start at 0x31(0x41) to spread out vectors evenly between priority
diff --git a/arch/x86/include/asm/kmap_types.h b/arch/x86/include/asm/kmap_types.h
index 5759c165a5cf..9e00a731a7fb 100644
--- a/arch/x86/include/asm/kmap_types.h
+++ b/arch/x86/include/asm/kmap_types.h
@@ -2,28 +2,11 @@
 #define _ASM_X86_KMAP_TYPES_H
 #if defined(CONFIG_X86_32) && defined(CONFIG_DEBUG_HIGHMEM)
-# define D(n) __KM_FENCE_##n ,
+#define  __WITH_KM_FENCE
-#else
-# define D(n)
 #endif
-enum km_type {
+#include <asm-generic/kmap_types.h>
-D(0)    KM_BOUNCE_READ,
-D(1)    KM_SKB_SUNRPC_DATA,
-D(2)    KM_SKB_DATA_SOFTIRQ,
-D(3)    KM_USER0,
-D(4)    KM_USER1,
-D(5)    KM_BIO_SRC_IRQ,
-D(6)    KM_BIO_DST_IRQ,
-D(7)    KM_PTE0,
-D(8)    KM_PTE1,
-D(9)    KM_IRQ0,
-D(10)   KM_IRQ1,
-D(11)   KM_SOFTIRQ0,
-D(12)   KM_SOFTIRQ1,
-D(13)   KM_TYPE_NR
-};
-#undef D
+#undef __WITH_KM_FENCE
 #endif /* _ASM_X86_KMAP_TYPES_H */
diff --git a/arch/x86/include/asm/kmemcheck.h b/arch/x86/include/asm/kmemcheck.h
new file mode 100644
index 000000000000..ed01518f297e
--- /dev/null
+++ b/arch/x86/include/asm/kmemcheck.h
@@ -0,0 +1,42 @@
+#ifndef ASM_X86_KMEMCHECK_H
+#define ASM_X86_KMEMCHECK_H
+#include <linux/types.h>
+#include <asm/ptrace.h>
+#ifdef CONFIG_KMEMCHECK
+bool kmemcheck_active(struct pt_regs *regs);
+void kmemcheck_show(struct pt_regs *regs);
+void kmemcheck_hide(struct pt_regs *regs);
+bool kmemcheck_fault(struct pt_regs *regs,
+        unsigned long address, unsigned long error_code);
+bool kmemcheck_trap(struct pt_regs *regs);
+#else
+static inline bool kmemcheck_active(struct pt_regs *regs)
+{
+        return false;
+}
+static inline void kmemcheck_show(struct pt_regs *regs)
+{
+}
+static inline void kmemcheck_hide(struct pt_regs *regs)
+{
+}
+static inline bool kmemcheck_fault(struct pt_regs *regs,
+        unsigned long address, unsigned long error_code)
+{
+        return false;
+}
+static inline bool kmemcheck_trap(struct pt_regs *regs)
+{
+        return false;
+}
+#endif /* CONFIG_KMEMCHECK */
+#endif
diff --git a/arch/x86/include/asm/kvm.h b/arch/x86/include/asm/kvm.h
index dc3f6cf11704..125be8b19568 100644
--- a/arch/x86/include/asm/kvm.h
+++ b/arch/x86/include/asm/kvm.h
@@ -16,6 +16,7 @@
 #define __KVM_HAVE_MSI
 #define __KVM_HAVE_USER_NMI
 #define __KVM_HAVE_GUEST_DEBUG
+#define __KVM_HAVE_MSIX
 /* Architectural interrupt line count. */
 #define KVM_NR_INTERRUPTS 256
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index f0faf58044ff..eabdc1cfab5c 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -185,6 +185,7 @@ union kvm_mmu_page_role {
                unsigned access:3;
                unsigned invalid:1;
                unsigned cr4_pge:1;
+                unsigned nxe:1;
        };
 };
@@ -212,7 +213,6 @@ struct kvm_mmu_page {
        int multimapped;         /* More than one parent_pte? */
        int root_count;          /* Currently serving as active root */
        bool unsync;
-        bool global;
        unsigned int unsync_children;
        union {
                u64 *parent_pte;               /* !multimapped */
@@ -261,13 +261,11 @@ struct kvm_mmu {
        union kvm_mmu_page_role base_role;
        u64 *pae_root;
+        u64 rsvd_bits_mask[2][4];
 };
 struct kvm_vcpu_arch {
        u64 host_tsc;
-        int interrupt_window_open;
-        unsigned long irq_summary; /* bit vector: 1 per word in irq_pending */
-        DECLARE_BITMAP(irq_pending, KVM_NR_INTERRUPTS);
        /*
         * rip and regs accesses must go through
         * kvm_{register,rip}_{read,write} functions.
@@ -286,6 +284,7 @@ struct kvm_vcpu_arch {
        u64 shadow_efer;
        u64 apic_base;
        struct kvm_lapic *apic;    /* kernel irqchip context */
+        int32_t apic_arb_prio;
        int mp_state;
        int sipi_vector;
        u64 ia32_misc_enable_msr;
@@ -320,6 +319,8 @@ struct kvm_vcpu_arch {
        struct kvm_pio_request pio;
        void *pio_data;
+        u8 event_exit_inst_len;
        struct kvm_queued_exception {
                bool pending;
                bool has_error_code;
@@ -329,11 +330,12 @@ struct kvm_vcpu_arch {
        struct kvm_queued_interrupt {
                bool pending;
+                bool soft;
                u8 nr;
        } interrupt;
        struct {
-                int active;
+                int vm86_active;
                u8 save_iopl;
                struct kvm_save_segment {
                        u16 selector;
@@ -356,9 +358,9 @@ struct kvm_vcpu_arch {
        unsigned int time_offset;
        struct page *time_page;
+        bool singlestep; /* guest is single stepped by KVM */
        bool nmi_pending;
        bool nmi_injected;
-        bool nmi_window_open;
        struct mtrr_state_type mtrr_state;
        u32 pat;
@@ -392,15 +394,14 @@ struct kvm_arch{
         */
        struct list_head active_mmu_pages;
        struct list_head assigned_dev_head;
-        struct list_head oos_global_pages;
        struct iommu_domain *iommu_domain;
+        int iommu_flags;
        struct kvm_pic *vpic;
        struct kvm_ioapic *vioapic;
        struct kvm_pit *vpit;
        struct hlist_head irq_ack_notifier_list;
        int vapics_in_nmi_mode;
-        int round_robin_prev_vcpu;
        unsigned int tss_addr;
        struct page *apic_access_page;
@@ -423,7 +424,6 @@ struct kvm_vm_stat {
        u32 mmu_recycled;
        u32 mmu_cache_miss;
        u32 mmu_unsync;
-        u32 mmu_unsync_global;
        u32 remote_tlb_flush;
        u32 lpages;
 };
@@ -443,7 +443,6 @@ struct kvm_vcpu_stat {
        u32 halt_exits;
        u32 halt_wakeup;
        u32 request_irq_exits;
-        u32 request_nmi_exits;
        u32 irq_exits;
        u32 host_state_reload;
        u32 efer_reload;
@@ -511,20 +510,22 @@ struct kvm_x86_ops {
        void (*run)(struct kvm_vcpu *vcpu, struct kvm_run *run);
        int (*handle_exit)(struct kvm_run *run, struct kvm_vcpu *vcpu);
        void (*skip_emulated_instruction)(struct kvm_vcpu *vcpu);
+        void (*set_interrupt_shadow)(struct kvm_vcpu *vcpu, int mask);
+        u32 (*get_interrupt_shadow)(struct kvm_vcpu *vcpu, int mask);
        void (*patch_hypercall)(struct kvm_vcpu *vcpu,
                                unsigned char *hypercall_addr);
-        int (*get_irq)(struct kvm_vcpu *vcpu);
+        void (*set_irq)(struct kvm_vcpu *vcpu);
-        void (*set_irq)(struct kvm_vcpu *vcpu, int vec);
+        void (*set_nmi)(struct kvm_vcpu *vcpu);
        void (*queue_exception)(struct kvm_vcpu *vcpu, unsigned nr,
                                bool has_error_code, u32 error_code);
-        bool (*exception_injected)(struct kvm_vcpu *vcpu);
+        int (*interrupt_allowed)(struct kvm_vcpu *vcpu);
-        void (*inject_pending_irq)(struct kvm_vcpu *vcpu);
+        int (*nmi_allowed)(struct kvm_vcpu *vcpu);
-        void (*inject_pending_vectors)(struct kvm_vcpu *vcpu,
+        void (*enable_nmi_window)(struct kvm_vcpu *vcpu);
-                                       struct kvm_run *run);
+        void (*enable_irq_window)(struct kvm_vcpu *vcpu);
+        void (*update_cr8_intercept)(struct kvm_vcpu *vcpu, int tpr, int irr);
        int (*set_tss_addr)(struct kvm *kvm, unsigned int addr);
        int (*get_tdp_level)(void);
-        int (*get_mt_mask_shift)(void);
+        u64 (*get_mt_mask)(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio);
 };
 extern struct kvm_x86_ops *kvm_x86_ops;
@@ -538,7 +539,7 @@ int kvm_mmu_setup(struct kvm_vcpu *vcpu);
 void kvm_mmu_set_nonpresent_ptes(u64 trap_pte, u64 notrap_pte);
 void kvm_mmu_set_base_ptes(u64 base_pte);
 void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask,
-                u64 dirty_mask, u64 nx_mask, u64 x_mask, u64 mt_mask);
+                u64 dirty_mask, u64 nx_mask, u64 x_mask);
 int kvm_mmu_reset_context(struct kvm_vcpu *vcpu);
 void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot);
@@ -552,6 +553,7 @@ int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa,
                          const void *val, int bytes);
 int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes,
                  gpa_t addr, unsigned long *ret);
+u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn);
 extern bool tdp_enabled;
@@ -563,6 +565,7 @@ enum emulation_result {
 #define EMULTYPE_NO_DECODE          (1 << 0)
 #define EMULTYPE_TRAP_UD            (1 << 1)
+#define EMULTYPE_SKIP               (1 << 2)
 int emulate_instruction(struct kvm_vcpu *vcpu, struct kvm_run *run,
                        unsigned long cr2, u16 error_code, int emulation_type);
 void kvm_report_emulation_failure(struct kvm_vcpu *cvpu, const char *context);
@@ -638,7 +641,6 @@ void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu);
 int kvm_mmu_load(struct kvm_vcpu *vcpu);
 void kvm_mmu_unload(struct kvm_vcpu *vcpu);
 void kvm_mmu_sync_roots(struct kvm_vcpu *vcpu);
-void kvm_mmu_sync_global(struct kvm_vcpu *vcpu);
 int kvm_emulate_hypercall(struct kvm_vcpu *vcpu);
@@ -769,6 +771,8 @@ enum {
 #define HF_GIF_MASK             (1 << 0)
 #define HF_HIF_MASK             (1 << 1)
 #define HF_VINTR_MASK           (1 << 2)
+#define HF_NMI_MASK             (1 << 3)
+#define HF_IRET_MASK            (1 << 4)
 /*
 * Hardware virtualization extension instructions may fault if a
@@ -791,5 +795,6 @@ asmlinkage void kvm_handle_fault_on_reboot(void);
 #define KVM_ARCH_WANT_MMU_NOTIFIER
 int kvm_unmap_hva(struct kvm *kvm, unsigned long hva);
 int kvm_age_hva(struct kvm *kvm, unsigned long hva);
+int cpuid_maxphyaddr(struct kvm_vcpu *vcpu);
 #endif /* _ASM_X86_KVM_HOST_H */
diff --git a/arch/x86/include/asm/kvm_x86_emulate.h b/arch/x86/include/asm/kvm_x86_emulate.h
index 6a159732881a..b7ed2c423116 100644
--- a/arch/x86/include/asm/kvm_x86_emulate.h
+++ b/arch/x86/include/asm/kvm_x86_emulate.h
@@ -143,6 +143,9 @@ struct decode_cache {
        struct fetch_cache fetch;
 };
+#define X86_SHADOW_INT_MOV_SS  1
+#define X86_SHADOW_INT_STI     2
 struct x86_emulate_ctxt {
        /* Register state before/after emulation. */
        struct kvm_vcpu *vcpu;
@@ -152,6 +155,9 @@ struct x86_emulate_ctxt {
        int mode;
        u32 cs_base;
+        /* interruptibility state, as a result of execution of STI or MOV SS */
+        int interruptibility;
        /* decode cache */
        struct decode_cache decode;
 };
diff --git a/arch/x86/include/asm/lguest.h b/arch/x86/include/asm/lguest.h
index 1caf57628b9c..313389cd50d2 100644
--- a/arch/x86/include/asm/lguest.h
+++ b/arch/x86/include/asm/lguest.h
@@ -17,8 +17,13 @@
 /* Pages for switcher itself, then two pages per cpu */
 #define TOTAL_SWITCHER_PAGES (SHARED_SWITCHER_PAGES + 2 * nr_cpu_ids)
-/* We map at -4M for ease of mapping into the guest (one PTE page). */
+/* We map at -4M (-2M when PAE is activated) for ease of mapping
+ * into the guest (one PTE page). */
+#ifdef CONFIG_X86_PAE
+#define SWITCHER_ADDR 0xFFE00000
+#else
 #define SWITCHER_ADDR 0xFFC00000
+#endif
 /* Found in switcher.S */
 extern unsigned long default_idt_entries[];
diff --git a/arch/x86/include/asm/lguest_hcall.h b/arch/x86/include/asm/lguest_hcall.h
index faae1996487b..d31c4a684078 100644
--- a/arch/x86/include/asm/lguest_hcall.h
+++ b/arch/x86/include/asm/lguest_hcall.h
@@ -12,11 +12,13 @@
 #define LHCALL_TS               8
 #define LHCALL_SET_CLOCKEVENT   9
 #define LHCALL_HALT             10
+#define LHCALL_SET_PMD          13
 #define LHCALL_SET_PTE          14
-#define LHCALL_SET_PMD          15
+#define LHCALL_SET_PGD          15
 #define LHCALL_LOAD_TLS         16
 #define LHCALL_NOTIFY           17
 #define LHCALL_LOAD_GDT_ENTRY   18
+#define LHCALL_SEND_INTERRUPTS  19
 #define LGUEST_TRAP_ENTRY 0x1F
@@ -32,10 +34,10 @@
 * operations?  There are two ways: the direct way is to make a "hypercall",
 * to make requests of the Host Itself.
 *
- * We use the KVM hypercall mechanism. Eighteen hypercalls are
+ * We use the KVM hypercall mechanism. Seventeen hypercalls are
 * available: the hypercall number is put in the %eax register, and the
- * arguments (when required) are placed in %ebx, %ecx and %edx.  If a return
+ * arguments (when required) are placed in %ebx, %ecx, %edx and %esi.
- * value makes sense, it's returned in %eax.
+ * If a return value makes sense, it's returned in %eax.
 *
 * Grossly invalid calls result in Sudden Death at the hands of the vengeful
 * Host, rather than returning failure.  This reflects Winston Churchill's
@@ -47,8 +49,9 @@
 #define LHCALL_RING_SIZE 64
 struct hcall_args {
-        /* These map directly onto eax, ebx, ecx, edx in struct lguest_regs */
+        /* These map directly onto eax, ebx, ecx, edx and esi
-        unsigned long arg0, arg1, arg2, arg3;
+         * in struct lguest_regs */
+        unsigned long arg0, arg1, arg2, arg3, arg4;
 };
 #endif /* !__ASSEMBLY__ */
diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h
index 4f8c199584e7..540a466e50f5 100644
--- a/arch/x86/include/asm/mce.h
+++ b/arch/x86/include/asm/mce.h
@@ -1,8 +1,6 @@
 #ifndef _ASM_X86_MCE_H
 #define _ASM_X86_MCE_H
-#ifdef __x86_64__
 #include <linux/types.h>
 #include <asm/ioctls.h>
@@ -10,21 +8,35 @@
 * Machine Check support for x86
 */
-#define MCG_CTL_P        (1UL<<8)   /* MCG_CAP register available */
+#define MCG_BANKCNT_MASK        0xff         /* Number of Banks */
-#define MCG_EXT_P        (1ULL<<9)   /* Extended registers available */
+#define MCG_CTL_P               (1ULL<<8)    /* MCG_CAP register available */
-#define MCG_CMCI_P       (1ULL<<10)  /* CMCI supported */
+#define MCG_EXT_P               (1ULL<<9)    /* Extended registers available */
+#define MCG_CMCI_P              (1ULL<<10)   /* CMCI supported */
-#define MCG_STATUS_RIPV  (1UL<<0)   /* restart ip valid */
+#define MCG_EXT_CNT_MASK        0xff0000     /* Number of Extended registers */
-#define MCG_STATUS_EIPV  (1UL<<1)   /* ip points to correct instruction */
+#define MCG_EXT_CNT_SHIFT       16
-#define MCG_STATUS_MCIP  (1UL<<2)   /* machine check in progress */
+#define MCG_EXT_CNT(c)          (((c) & MCG_EXT_CNT_MASK) >> MCG_EXT_CNT_SHIFT)
+#define MCG_SER_P               (1ULL<<24)   /* MCA recovery/new status bits */
-#define MCI_STATUS_VAL   (1UL<<63)  /* valid error */
-#define MCI_STATUS_OVER  (1UL<<62)  /* previous errors lost */
+#define MCG_STATUS_RIPV  (1ULL<<0)   /* restart ip valid */
-#define MCI_STATUS_UC    (1UL<<61)  /* uncorrected error */
+#define MCG_STATUS_EIPV  (1ULL<<1)   /* ip points to correct instruction */
-#define MCI_STATUS_EN    (1UL<<60)  /* error enabled */
+#define MCG_STATUS_MCIP  (1ULL<<2)   /* machine check in progress */
-#define MCI_STATUS_MISCV (1UL<<59)  /* misc error reg. valid */
-#define MCI_STATUS_ADDRV (1UL<<58)  /* addr reg. valid */
+#define MCI_STATUS_VAL   (1ULL<<63)  /* valid error */
-#define MCI_STATUS_PCC   (1UL<<57)  /* processor context corrupt */
+#define MCI_STATUS_OVER  (1ULL<<62)  /* previous errors lost */
+#define MCI_STATUS_UC    (1ULL<<61)  /* uncorrected error */
+#define MCI_STATUS_EN    (1ULL<<60)  /* error enabled */
+#define MCI_STATUS_MISCV (1ULL<<59)  /* misc error reg. valid */
+#define MCI_STATUS_ADDRV (1ULL<<58)  /* addr reg. valid */
+#define MCI_STATUS_PCC   (1ULL<<57)  /* processor context corrupt */
+#define MCI_STATUS_S     (1ULL<<56)  /* Signaled machine check */
+#define MCI_STATUS_AR    (1ULL<<55)  /* Action required */
+/* MISC register defines */
+#define MCM_ADDR_SEGOFF  0      /* segment offset */
+#define MCM_ADDR_LINEAR  1      /* linear address */
+#define MCM_ADDR_PHYS    2      /* physical address */
+#define MCM_ADDR_MEM     3      /* memory address */
+#define MCM_ADDR_GENERIC 7      /* generic */
 /* Fields are zero when not available */
 struct mce {
@@ -34,13 +46,19 @@ struct mce {
        __u64 mcgstatus;
        __u64 ip;
        __u64 tsc;      /* cpu time stamp counter */
-        __u64 res1;     /* for future extension */
+        __u64 time;     /* wall time_t when error was detected */
-        __u64 res2;     /* dito. */
+        __u8  cpuvendor;        /* cpu vendor as encoded in system.h */
+        __u8  pad1;
+        __u16 pad2;
+        __u32 cpuid;    /* CPUID 1 EAX */
        __u8  cs;               /* code segment */
        __u8  bank;     /* machine check bank */
-        __u8  cpu;      /* cpu that raised the error */
+        __u8  cpu;      /* cpu number; obsolete; use extcpu now */
        __u8  finished;   /* entry is valid */
-        __u32 pad;
+        __u32 extcpu;   /* linux cpu number that detected the error */
+        __u32 socketid; /* CPU socket ID */
+        __u32 apicid;   /* CPU initial apic ID */
+        __u64 mcgcap;   /* MCGCAP MSR: machine check capabilities of CPU */
 };
 /*
@@ -57,7 +75,7 @@ struct mce_log {
        unsigned len;       /* = MCE_LOG_LEN */
        unsigned next;
        unsigned flags;
-        unsigned pad0;
+        unsigned recordlen;     /* length of struct mce */
        struct mce entry[MCE_LOG_LEN];
 };
@@ -82,19 +100,16 @@ struct mce_log {
 #define K8_MCE_THRESHOLD_BANK_5    (MCE_THRESHOLD_BASE + 5 * 9)
 #define K8_MCE_THRESHOLD_DRAM_ECC  (MCE_THRESHOLD_BANK_4 + 0)
-#endif /* __x86_64__ */
 #ifdef __KERNEL__
-#ifdef CONFIG_X86_32
 extern int mce_disabled;
-#else /* CONFIG_X86_32 */
 #include <asm/atomic.h>
+#include <linux/percpu.h>
 void mce_setup(struct mce *m);
 void mce_log(struct mce *m);
-DECLARE_PER_CPU(struct sys_device, device_mce);
+DECLARE_PER_CPU(struct sys_device, mce_dev);
 extern void (*threshold_cpu_callback)(unsigned long action, unsigned int cpu);
 /*
@@ -104,6 +119,8 @@ extern void (*threshold_cpu_callback)(unsigned long action, unsigned int cpu);
 #define MAX_NR_BANKS (MCE_EXTENDED_BANK - 1)
 #ifdef CONFIG_X86_MCE_INTEL
+extern int mce_cmci_disabled;
+extern int mce_ignore_ce;
 void mce_intel_feature_init(struct cpuinfo_x86 *c);
 void cmci_clear(void);
 void cmci_reenable(void);
@@ -123,13 +140,16 @@ void mce_amd_feature_init(struct cpuinfo_x86 *c);
 static inline void mce_amd_feature_init(struct cpuinfo_x86 *c) { }
 #endif
-extern int mce_available(struct cpuinfo_x86 *c);
+int mce_available(struct cpuinfo_x86 *c);
+DECLARE_PER_CPU(unsigned, mce_exception_count);
+DECLARE_PER_CPU(unsigned, mce_poll_count);
 void mce_log_therm_throt_event(__u64 status);
 extern atomic_t mce_entry;
-extern void do_machine_check(struct pt_regs *, long);
+void do_machine_check(struct pt_regs *, long);
 typedef DECLARE_BITMAP(mce_banks_t, MAX_NR_BANKS);
 DECLARE_PER_CPU(mce_banks_t, mce_poll_banks);
@@ -139,14 +159,16 @@ enum mcp_flags {
        MCP_UC = (1 << 1),              /* log uncorrected errors */
        MCP_DONTLOG = (1 << 2),         /* only clear, don't log */
 };
-extern void machine_check_poll(enum mcp_flags flags, mce_banks_t *b);
+void machine_check_poll(enum mcp_flags flags, mce_banks_t *b);
-extern int mce_notify_user(void);
+int mce_notify_irq(void);
+void mce_notify_process(void);
-#endif /* !CONFIG_X86_32 */
+DECLARE_PER_CPU(struct mce, injectm);
+extern struct file_operations mce_chrdev_ops;
 #ifdef CONFIG_X86_MCE
-extern void mcheck_init(struct cpuinfo_x86 *c);
+void mcheck_init(struct cpuinfo_x86 *c);
 #else
 #define mcheck_init(c) do { } while (0)
 #endif
diff --git a/arch/x86/include/asm/mman.h b/arch/x86/include/asm/mman.h
index 90bc4108a4fd..751af2550ed9 100644
--- a/arch/x86/include/asm/mman.h
+++ b/arch/x86/include/asm/mman.h
@@ -1,7 +1,7 @@
 #ifndef _ASM_X86_MMAN_H
 #define _ASM_X86_MMAN_H
-#include <asm-generic/mman.h>
+#include <asm-generic/mman-common.h>
 #define MAP_32BIT       0x40            /* only give out 32bit addresses */
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 4d58d04fca83..1692fb5050e3 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -207,7 +207,14 @@
 #define MSR_IA32_THERM_CONTROL          0x0000019a
 #define MSR_IA32_THERM_INTERRUPT        0x0000019b
+#define THERM_INT_LOW_ENABLE            (1 << 0)
+#define THERM_INT_HIGH_ENABLE           (1 << 1)
 #define MSR_IA32_THERM_STATUS           0x0000019c
+#define THERM_STATUS_PROCHOT            (1 << 0)
 #define MSR_IA32_MISC_ENABLE            0x000001a0
 /* MISC_ENABLE bits: architectural */
diff --git a/arch/x86/include/asm/msr.h b/arch/x86/include/asm/msr.h
index 638bf6241807..22603764e7db 100644
--- a/arch/x86/include/asm/msr.h
+++ b/arch/x86/include/asm/msr.h
@@ -12,6 +12,17 @@
 #include <asm/asm.h>
 #include <asm/errno.h>
+#include <asm/cpumask.h>
+struct msr {
+        union {
+                struct {
+                        u32 l;
+                        u32 h;
+                };
+                u64 q;
+        };
+};
 static inline unsigned long long native_read_tscp(unsigned int *aux)
 {
@@ -216,6 +227,8 @@ do {                                                            \
 #ifdef CONFIG_SMP
 int rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h);
 int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h);
+void rdmsr_on_cpus(const cpumask_t *mask, u32 msr_no, struct msr *msrs);
+void wrmsr_on_cpus(const cpumask_t *mask, u32 msr_no, struct msr *msrs);
 int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h);
 int wrmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h);
 #else  /*  CONFIG_SMP  */
@@ -229,6 +242,16 @@ static inline int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
        wrmsr(msr_no, l, h);
        return 0;
 }
+static inline void rdmsr_on_cpus(const cpumask_t *m, u32 msr_no,
+                                struct msr *msrs)
+{
+       rdmsr_on_cpu(0, msr_no, &(msrs[0].l), &(msrs[0].h));
+}
+static inline void wrmsr_on_cpus(const cpumask_t *m, u32 msr_no,
+                                struct msr *msrs)
+{
+       wrmsr_on_cpu(0, msr_no, msrs[0].l, msrs[0].h);
+}
 static inline int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no,
                                    u32 *l, u32 *h)
 {
diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h
index 89ed9d70b0aa..625c3f0e741a 100644
--- a/arch/x86/include/asm/page.h
+++ b/arch/x86/include/asm/page.h
@@ -56,7 +56,7 @@ extern bool __virt_addr_valid(unsigned long kaddr);
 #endif  /* __ASSEMBLY__ */
 #include <asm-generic/memory_model.h>
-#include <asm-generic/page.h>
+#include <asm-generic/getorder.h>
 #define __HAVE_ARCH_GATE_AREA 1
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index 18ef7ebf2631..3cc06e3fceb8 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -317,6 +317,11 @@ static inline int pte_present(pte_t a)
        return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE);
 }
+static inline int pte_hidden(pte_t pte)
+{
+        return pte_flags(pte) & _PAGE_HIDDEN;
+}
 static inline int pmd_present(pmd_t pmd)
 {
        return pmd_flags(pmd) & _PAGE_PRESENT;
diff --git a/arch/x86/include/asm/pgtable_32_types.h b/arch/x86/include/asm/pgtable_32_types.h
index 2733fad45f98..5e67c1532314 100644
--- a/arch/x86/include/asm/pgtable_32_types.h
+++ b/arch/x86/include/asm/pgtable_32_types.h
@@ -46,6 +46,10 @@ extern bool __vmalloc_start_set; /* set once high_memory is set */
 # define VMALLOC_END    (FIXADDR_START - 2 * PAGE_SIZE)
 #endif
+#define MODULES_VADDR   VMALLOC_START
+#define MODULES_END     VMALLOC_END
+#define MODULES_LEN     (MODULES_VADDR - MODULES_END)
 #define MAXMEM  (VMALLOC_END - PAGE_OFFSET - __VMALLOC_RESERVE)
 #endif /* _ASM_X86_PGTABLE_32_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 4d258ad76a0f..54cb697f4900 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -18,7 +18,7 @@
 #define _PAGE_BIT_GLOBAL        8       /* Global TLB entry PPro+ */
 #define _PAGE_BIT_UNUSED1       9       /* available for programmer */
 #define _PAGE_BIT_IOMAP         10      /* flag used to indicate IO mapping */
-#define _PAGE_BIT_UNUSED3       11
+#define _PAGE_BIT_HIDDEN        11      /* hidden by kmemcheck */
 #define _PAGE_BIT_PAT_LARGE     12      /* On 2MB or 1GB pages */
 #define _PAGE_BIT_SPECIAL       _PAGE_BIT_UNUSED1
 #define _PAGE_BIT_CPA_TEST      _PAGE_BIT_UNUSED1
@@ -41,13 +41,18 @@
 #define _PAGE_GLOBAL    (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
 #define _PAGE_UNUSED1   (_AT(pteval_t, 1) << _PAGE_BIT_UNUSED1)
 #define _PAGE_IOMAP     (_AT(pteval_t, 1) << _PAGE_BIT_IOMAP)
-#define _PAGE_UNUSED3   (_AT(pteval_t, 1) << _PAGE_BIT_UNUSED3)
 #define _PAGE_PAT       (_AT(pteval_t, 1) << _PAGE_BIT_PAT)
 #define _PAGE_PAT_LARGE (_AT(pteval_t, 1) << _PAGE_BIT_PAT_LARGE)
 #define _PAGE_SPECIAL   (_AT(pteval_t, 1) << _PAGE_BIT_SPECIAL)
 #define _PAGE_CPA_TEST  (_AT(pteval_t, 1) << _PAGE_BIT_CPA_TEST)
 #define __HAVE_ARCH_PTE_SPECIAL
+#ifdef CONFIG_KMEMCHECK
+#define _PAGE_HIDDEN    (_AT(pteval_t, 1) << _PAGE_BIT_HIDDEN)
+#else
+#define _PAGE_HIDDEN    (_AT(pteval_t, 0))
+#endif
 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
 #define _PAGE_NX        (_AT(pteval_t, 1) << _PAGE_BIT_NX)
 #else
diff --git a/arch/x86/include/asm/signal.h b/arch/x86/include/asm/signal.h
index 7761a5d554bb..598457cbd0f8 100644
--- a/arch/x86/include/asm/signal.h
+++ b/arch/x86/include/asm/signal.h
@@ -117,7 +117,7 @@ typedef unsigned long sigset_t;
 #define MINSIGSTKSZ     2048
 #define SIGSTKSZ        8192
-#include <asm-generic/signal.h>
+#include <asm-generic/signal-defs.h>
 #ifndef __ASSEMBLY__
diff --git a/arch/x86/include/asm/string_32.h b/arch/x86/include/asm/string_32.h
index 0e0e3ba827f7..c86f452256de 100644
--- a/arch/x86/include/asm/string_32.h
+++ b/arch/x86/include/asm/string_32.h
@@ -177,10 +177,18 @@ static inline void *__memcpy3d(void *to, const void *from, size_t len)
 *      No 3D Now!
 */
+#ifndef CONFIG_KMEMCHECK
 #define memcpy(t, f, n)                         \
        (__builtin_constant_p((n))              \
         ? __constant_memcpy((t), (f), (n))     \
         : __memcpy((t), (f), (n)))
+#else
+/*
+ * kmemcheck becomes very happy if we use the REP instructions unconditionally,
+ * because it means that we know both memory operands in advance.
+ */
+#define memcpy(t, f, n) __memcpy((t), (f), (n))
+#endif
 #endif
diff --git a/arch/x86/include/asm/string_64.h b/arch/x86/include/asm/string_64.h
index 2afe164bf1e6..19e2c468fc2c 100644
--- a/arch/x86/include/asm/string_64.h
+++ b/arch/x86/include/asm/string_64.h
@@ -27,6 +27,7 @@ static __always_inline void *__inline_memcpy(void *to, const void *from, size_t
   function. */
 #define __HAVE_ARCH_MEMCPY 1
+#ifndef CONFIG_KMEMCHECK
 #if (__GNUC__ == 4 && __GNUC_MINOR__ >= 3) || __GNUC__ > 4
 extern void *memcpy(void *to, const void *from, size_t len);
 #else
@@ -42,6 +43,13 @@ extern void *__memcpy(void *to, const void *from, size_t len);
        __ret;                                                  \
 })
 #endif
+#else
+/*
+ * kmemcheck becomes very happy if we use the REP instructions unconditionally,
+ * because it means that we know both memory operands in advance.
+ */
+#define memcpy(dst, src, len) __inline_memcpy((dst), (src), (len))
+#endif
 #define __HAVE_ARCH_MEMSET
 void *memset(void *s, int c, size_t n);
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index 82ada75f3ebf..85574b7c1bc1 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -225,6 +225,7 @@ struct __attribute__ ((__packed__)) vmcb {
 #define SVM_EVTINJ_VALID_ERR (1 << 11)
 #define SVM_EXITINTINFO_VEC_MASK SVM_EVTINJ_VEC_MASK
+#define SVM_EXITINTINFO_TYPE_MASK SVM_EVTINJ_TYPE_MASK
 #define SVM_EXITINTINFO_TYPE_INTR SVM_EVTINJ_TYPE_INTR
 #define SVM_EXITINTINFO_TYPE_NMI SVM_EVTINJ_TYPE_NMI
diff --git a/arch/x86/include/asm/termios.h b/arch/x86/include/asm/termios.h
index f72956331c49..c4ee8056baca 100644
--- a/arch/x86/include/asm/termios.h
+++ b/arch/x86/include/asm/termios.h
@@ -67,6 +67,7 @@ static inline int user_termio_to_kernel_termios(struct ktermios *termios,
        SET_LOW_TERMIOS_BITS(termios, termio, c_oflag);
        SET_LOW_TERMIOS_BITS(termios, termio, c_cflag);
        SET_LOW_TERMIOS_BITS(termios, termio, c_lflag);
+        get_user(termios->c_line, &termio->c_line);
        return copy_from_user(termios->c_cc, termio->c_cc, NCC);
 }
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 602c769fc98c..b0783520988b 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -154,9 +154,9 @@ struct thread_info {
 /* thread information allocation */
 #ifdef CONFIG_DEBUG_STACK_USAGE
-#define THREAD_FLAGS (GFP_KERNEL | __GFP_ZERO)
+#define THREAD_FLAGS (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO)
 #else
-#define THREAD_FLAGS GFP_KERNEL
+#define THREAD_FLAGS (GFP_KERNEL | __GFP_NOTRACK)
 #endif
 #define __HAVE_ARCH_THREAD_INFO_ALLOCATOR
diff --git a/arch/x86/include/asm/timex.h b/arch/x86/include/asm/timex.h
index b5c9d45c981f..1375cfc93960 100644
--- a/arch/x86/include/asm/timex.h
+++ b/arch/x86/include/asm/timex.h
@@ -4,9 +4,7 @@
 #include <asm/processor.h>
 #include <asm/tsc.h>
-/* The PIT ticks at this frequency (in HZ): */
+/* Assume we use the PIT time source for the clock tick */
-#define PIT_TICK_RATE           1193182
 #define CLOCK_TICK_RATE         PIT_TICK_RATE
 #define ARCH_HAS_READ_CURRENT_TIMER
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index a5ecc9c33e92..7f3eba08e7de 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -172,6 +172,6 @@ static inline void flush_tlb_kernel_range(unsigned long start,
        flush_tlb_all();
 }
-extern void zap_low_mappings(void);
+extern void zap_low_mappings(bool early);
 #endif /* _ASM_X86_TLBFLUSH_H */
diff --git a/arch/x86/include/asm/types.h b/arch/x86/include/asm/types.h
index e6f736320077..09b97745772f 100644
--- a/arch/x86/include/asm/types.h
+++ b/arch/x86/include/asm/types.h
@@ -14,12 +14,6 @@ typedef unsigned short umode_t;
 */
 #ifdef __KERNEL__
-#ifdef CONFIG_X86_32
-# define BITS_PER_LONG 32
-#else
-# define BITS_PER_LONG 64
-#endif
 #ifndef __ASSEMBLY__
 typedef u64 dma64_addr_t;
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 498f944010b9..11be5ad2e0e9 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -247,6 +247,7 @@ enum vmcs_field {
 #define EXIT_REASON_MSR_READ            31
 #define EXIT_REASON_MSR_WRITE           32
 #define EXIT_REASON_MWAIT_INSTRUCTION   36
+#define EXIT_REASON_MCE_DURING_VMENTRY   41
 #define EXIT_REASON_TPR_BELOW_THRESHOLD 43
 #define EXIT_REASON_APIC_ACCESS         44
 #define EXIT_REASON_EPT_VIOLATION       48
diff --git a/arch/x86/include/asm/xor.h b/arch/x86/include/asm/xor.h
index 11b3bb86e17b..7fcf6f3dbcc3 100644
--- a/arch/x86/include/asm/xor.h
+++ b/arch/x86/include/asm/xor.h
@@ -1,5 +1,10 @@
+#ifdef CONFIG_KMEMCHECK
+/* kmemcheck doesn't handle MMX/SSE/SSE2 instructions */
+# include <asm-generic/xor.h>
+#else
 #ifdef CONFIG_X86_32
 # include "xor_32.h"
 #else
 # include "xor_64.h"
 #endif
+#endif
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 4f78bd682125..f3477bb84566 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -73,7 +73,7 @@ obj-$(CONFIG_KEXEC)		+= machine_kexec_$(BITS).o
 obj-$(CONFIG_KEXEC)             += relocate_kernel_$(BITS).o crash.o
 obj-$(CONFIG_CRASH_DUMP)        += crash_dump_$(BITS).o
 obj-$(CONFIG_KPROBES)           += kprobes.o
-obj-$(CONFIG_MODULES)           += module_$(BITS).o
+obj-$(CONFIG_MODULES)           += module.o
 obj-$(CONFIG_EFI)               += efi.o efi_$(BITS).o efi_stub_$(BITS).o
 obj-$(CONFIG_DOUBLEFAULT)       += doublefault_32.o
 obj-$(CONFIG_KGDB)              += kgdb.o
diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
index 7c243a2c5115..ca93638ba430 100644
--- a/arch/x86/kernel/acpi/sleep.c
+++ b/arch/x86/kernel/acpi/sleep.c
@@ -104,7 +104,7 @@ int acpi_save_state_mem(void)
        initial_gs = per_cpu_offset(smp_processor_id());
 #endif
        initial_code = (unsigned long)wakeup_long64;
-        saved_magic = 0x123456789abcdef0;
+       saved_magic = 0x123456789abcdef0L;
 #endif /* CONFIG_64BIT */
        return 0;
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 076d3881f3da..8c7c042ecad1 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -899,7 +899,7 @@ void clear_local_APIC(void)
        }
        /* lets not touch this if we didn't frob it */
-#if defined(CONFIG_X86_MCE_P4THERMAL) || defined(CONFIG_X86_MCE_INTEL)
+#ifdef CONFIG_X86_THERMAL_VECTOR
        if (maxlvt >= 5) {
                v = apic_read(APIC_LVTTHMR);
                apic_write(APIC_LVTTHMR, v | APIC_LVT_MASKED);
@@ -2017,7 +2017,7 @@ static int lapic_suspend(struct sys_device *dev, pm_message_t state)
        apic_pm_state.apic_lvterr = apic_read(APIC_LVTERR);
        apic_pm_state.apic_tmict = apic_read(APIC_TMICT);
        apic_pm_state.apic_tdcr = apic_read(APIC_TDCR);
-#if defined(CONFIG_X86_MCE_P4THERMAL) || defined(CONFIG_X86_MCE_INTEL)
+#ifdef CONFIG_X86_THERMAL_VECTOR
        if (maxlvt >= 5)
                apic_pm_state.apic_thmr = apic_read(APIC_LVTTHMR);
 #endif
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index 1946fac42ab3..ef8d9290c7ea 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -177,16 +177,18 @@ int __init arch_early_irq_init(void)
        struct irq_cfg *cfg;
        struct irq_desc *desc;
        int count;
+        int node;
        int i;
        cfg = irq_cfgx;
        count = ARRAY_SIZE(irq_cfgx);
+        node= cpu_to_node(boot_cpu_id);
        for (i = 0; i < count; i++) {
                desc = irq_to_desc(i);
                desc->chip_data = &cfg[i];
-                alloc_bootmem_cpumask_var(&cfg[i].domain);
+                zalloc_cpumask_var_node(&cfg[i].domain, GFP_NOWAIT, node);
-                alloc_bootmem_cpumask_var(&cfg[i].old_domain);
+                zalloc_cpumask_var_node(&cfg[i].old_domain, GFP_NOWAIT, node);
                if (i < NR_IRQS_LEGACY)
                        cpumask_setall(cfg[i].domain);
        }
diff --git a/arch/x86/kernel/apic/nmi.c b/arch/x86/kernel/apic/nmi.c
index a691302dc3ff..b3025b43b63a 100644
--- a/arch/x86/kernel/apic/nmi.c
+++ b/arch/x86/kernel/apic/nmi.c
@@ -66,7 +66,7 @@ static inline unsigned int get_nmi_count(int cpu)
 static inline int mce_in_progress(void)
 {
-#if defined(CONFIG_X86_64) && defined(CONFIG_X86_MCE)
+#if defined(CONFIG_X86_NEW_MCE)
        return atomic_read(&mce_entry) > 0;
 #endif
        return 0;
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index ef0ae207a7c8..096d19aea2f7 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -463,7 +463,7 @@ static void uv_heartbeat(unsigned long ignored)
        uv_set_scir_bits(bits);
        /* enable next timer period */
-        mod_timer(timer, jiffies + SCIR_CPU_HB_INTERVAL);
+        mod_timer_pinned(timer, jiffies + SCIR_CPU_HB_INTERVAL);
 }
 static void __cpuinit uv_heartbeat_enable(int cpu)
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
index 49e0939bac42..79302e9a33a4 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -1233,9 +1233,9 @@ static int suspend(int vetoable)
        int err;
        struct apm_user *as;
-        device_suspend(PMSG_SUSPEND);
+        dpm_suspend_start(PMSG_SUSPEND);
-        device_power_down(PMSG_SUSPEND);
+        dpm_suspend_noirq(PMSG_SUSPEND);
        local_irq_disable();
        sysdev_suspend(PMSG_SUSPEND);
@@ -1259,9 +1259,9 @@ static int suspend(int vetoable)
        sysdev_resume();
        local_irq_enable();
-        device_power_up(PMSG_RESUME);
+        dpm_resume_noirq(PMSG_RESUME);
-        device_resume(PMSG_RESUME);
+        dpm_resume_end(PMSG_RESUME);
        queue_event(APM_NORMAL_RESUME, NULL);
        spin_lock(&user_list_lock);
        for (as = user_list; as != NULL; as = as->next) {
@@ -1277,7 +1277,7 @@ static void standby(void)
 {
        int err;
-        device_power_down(PMSG_SUSPEND);
+        dpm_suspend_noirq(PMSG_SUSPEND);
        local_irq_disable();
        sysdev_suspend(PMSG_SUSPEND);
@@ -1291,7 +1291,7 @@ static void standby(void)
        sysdev_resume();
        local_irq_enable();
-        device_power_up(PMSG_RESUME);
+        dpm_resume_noirq(PMSG_RESUME);
 }
 static apm_event_t get_event(void)
@@ -1376,7 +1376,7 @@ static void check_events(void)
                        ignore_bounce = 1;
                        if ((event != APM_NORMAL_RESUME)
                            || (ignore_normal_resume == 0)) {
-                                device_resume(PMSG_RESUME);
+                                dpm_resume_end(PMSG_RESUME);
                                queue_event(event, NULL);
                        }
                        ignore_normal_resume = 0;
diff --git a/arch/x86/kernel/asm-offsets_32.c b/arch/x86/kernel/asm-offsets_32.c
index 1a830cbd7015..dfdbf6403895 100644
--- a/arch/x86/kernel/asm-offsets_32.c
+++ b/arch/x86/kernel/asm-offsets_32.c
@@ -126,6 +126,7 @@ void foo(void)
 #if defined(CONFIG_LGUEST) || defined(CONFIG_LGUEST_GUEST) || defined(CONFIG_LGUEST_MODULE)
        BLANK();
        OFFSET(LGUEST_DATA_irq_enabled, lguest_data, irq_enabled);
+        OFFSET(LGUEST_DATA_irq_pending, lguest_data, irq_pending);
        OFFSET(LGUEST_DATA_pgdir, lguest_data, pgdir);
        BLANK();
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 3ffdcfa9abdf..9fa33886c0d7 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -487,7 +487,6 @@ out:
 static void __cpuinit get_cpu_vendor(struct cpuinfo_x86 *c)
 {
        char *v = c->x86_vendor_id;
-        static int printed;
        int i;
        for (i = 0; i < X86_VENDOR_NUM; i++) {
@@ -504,13 +503,9 @@ static void __cpuinit get_cpu_vendor(struct cpuinfo_x86 *c)
                }
        }
-        if (!printed) {
+        printk_once(KERN_ERR
-                printed++;
+                        "CPU: vendor_id '%s' unknown, using generic init.\n" \
-                printk(KERN_ERR
+                        "CPU: Your system may be unstable.\n", v);
-                    "CPU: vendor_id '%s' unknown, using generic init.\n", v);
-                printk(KERN_ERR "CPU: Your system may be unstable.\n");
-        }
        c->x86_vendor = X86_VENDOR_UNKNOWN;
        this_cpu = &default_cpu;
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index daed39ba2614..3260ab044996 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -86,6 +86,29 @@ static void __cpuinit early_init_intel(struct cpuinfo_x86 *c)
         */
        if (c->x86 == 6 && c->x86_model < 15)
                clear_cpu_cap(c, X86_FEATURE_PAT);
+#ifdef CONFIG_KMEMCHECK
+        /*
+         * P4s have a "fast strings" feature which causes single-
+         * stepping REP instructions to only generate a #DB on
+         * cache-line boundaries.
+         *
+         * Ingo Molnar reported a Pentium D (model 6) and a Xeon
+         * (model 2) with the same problem.
+         */
+        if (c->x86 == 15) {
+                u64 misc_enable;
+                rdmsrl(MSR_IA32_MISC_ENABLE, misc_enable);
+                if (misc_enable & MSR_IA32_MISC_ENABLE_FAST_STRING) {
+                        printk(KERN_INFO "kmemcheck: Disabling fast string operations\n");
+                        misc_enable &= ~MSR_IA32_MISC_ENABLE_FAST_STRING;
+                        wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable);
+                }
+        }
+#endif
 }
 #ifdef CONFIG_X86_32
diff --git a/arch/x86/kernel/cpu/mcheck/Makefile b/arch/x86/kernel/cpu/mcheck/Makefile
index b2f89829bbe8..45004faf67ea 100644
--- a/arch/x86/kernel/cpu/mcheck/Makefile
+++ b/arch/x86/kernel/cpu/mcheck/Makefile
@@ -1,7 +1,11 @@
-obj-y                           =  mce_$(BITS).o therm_throt.o
+obj-y                           =  mce.o therm_throt.o
-obj-$(CONFIG_X86_32)            += k7.o p4.o p5.o p6.o winchip.o
+obj-$(CONFIG_X86_NEW_MCE)       += mce-severity.o
-obj-$(CONFIG_X86_MCE_INTEL)     += mce_intel_64.o
+obj-$(CONFIG_X86_OLD_MCE)       += k7.o p4.o p6.o
+obj-$(CONFIG_X86_ANCIENT_MCE)   += winchip.o p5.o
+obj-$(CONFIG_X86_MCE_P4THERMAL) += mce_intel.o
+obj-$(CONFIG_X86_MCE_INTEL)     += mce_intel_64.o mce_intel.o
 obj-$(CONFIG_X86_MCE_AMD)       += mce_amd_64.o
 obj-$(CONFIG_X86_MCE_NONFATAL)  += non-fatal.o
 obj-$(CONFIG_X86_MCE_THRESHOLD) += threshold.o
+obj-$(CONFIG_X86_MCE_INJECT)    += mce-inject.o
diff --git a/arch/x86/kernel/cpu/mcheck/k7.c b/arch/x86/kernel/cpu/mcheck/k7.c
index dd3af6e7b39a..89e510424152 100644
--- a/arch/x86/kernel/cpu/mcheck/k7.c
+++ b/arch/x86/kernel/cpu/mcheck/k7.c
@@ -2,11 +2,10 @@
 * Athlon specific Machine Check Exception Reporting
 * (C) Copyright 2002 Dave Jones <davej@redhat.com>
 */
-#include <linux/init.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
 #include <linux/interrupt.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/init.h>
 #include <linux/smp.h>
 #include <asm/processor.h>
@@ -15,12 +14,12 @@
 #include "mce.h"
-/* Machine Check Handler For AMD Athlon/Duron */
+/* Machine Check Handler For AMD Athlon/Duron: */
 static void k7_machine_check(struct pt_regs *regs, long error_code)
 {
-        int recover = 1;
        u32 alow, ahigh, high, low;
        u32 mcgstl, mcgsth;
+        int recover = 1;
        int i;
        rdmsr(MSR_IA32_MCG_STATUS, mcgstl, mcgsth);
@@ -32,15 +31,19 @@ static void k7_machine_check(struct pt_regs *regs, long error_code)
        for (i = 1; i < nr_mce_banks; i++) {
                rdmsr(MSR_IA32_MC0_STATUS+i*4, low, high);
-                if (high&(1<<31)) {
+                if (high & (1<<31)) {
                        char misc[20];
                        char addr[24];
-                        misc[0] = addr[0] = '\0';
+                        misc[0] = '\0';
+                        addr[0] = '\0';
                        if (high & (1<<29))
                                recover |= 1;
                        if (high & (1<<25))
                                recover |= 2;
                        high &= ~(1<<31);
                        if (high & (1<<27)) {
                                rdmsr(MSR_IA32_MC0_MISC+i*4, alow, ahigh);
                                snprintf(misc, 20, "[%08x%08x]", ahigh, alow);
@@ -49,27 +52,31 @@ static void k7_machine_check(struct pt_regs *regs, long error_code)
                                rdmsr(MSR_IA32_MC0_ADDR+i*4, alow, ahigh);
                                snprintf(addr, 24, " at %08x%08x", ahigh, alow);
                        }
                        printk(KERN_EMERG "CPU %d: Bank %d: %08x%08x%s%s\n",
                                smp_processor_id(), i, high, low, misc, addr);
-                        /* Clear it */
+                        /* Clear it: */
                        wrmsr(MSR_IA32_MC0_STATUS+i*4, 0UL, 0UL);
-                        /* Serialize */
+                        /* Serialize: */
                        wmb();
                        add_taint(TAINT_MACHINE_CHECK);
                }
        }
-        if (recover&2)
+        if (recover & 2)
                panic("CPU context corrupt");
-        if (recover&1)
+        if (recover & 1)
                panic("Unable to continue");
        printk(KERN_EMERG "Attempting to continue.\n");
        mcgstl &= ~(1<<2);
        wrmsr(MSR_IA32_MCG_STATUS, mcgstl, mcgsth);
 }
-/* AMD K7 machine check is Intel like */
+/* AMD K7 machine check is Intel like: */
 void amd_mcheck_init(struct cpuinfo_x86 *c)
 {
        u32 l, h;
@@ -79,21 +86,26 @@ void amd_mcheck_init(struct cpuinfo_x86 *c)
                return;
        machine_check_vector = k7_machine_check;
+        /* Make sure the vector pointer is visible before we enable MCEs: */
        wmb();
        printk(KERN_INFO "Intel machine check architecture supported.\n");
        rdmsr(MSR_IA32_MCG_CAP, l, h);
        if (l & (1<<8)) /* Control register present ? */
                wrmsr(MSR_IA32_MCG_CTL, 0xffffffff, 0xffffffff);
        nr_mce_banks = l & 0xff;
-        /* Clear status for MC index 0 separately, we don't touch CTL,
+        /*
-         * as some K7 Athlons cause spurious MCEs when its enabled. */
+         * Clear status for MC index 0 separately, we don't touch CTL,
+         * as some K7 Athlons cause spurious MCEs when its enabled:
+         */
        if (boot_cpu_data.x86 == 6) {
                wrmsr(MSR_IA32_MC0_STATUS, 0x0, 0x0);
                i = 1;
        } else
                i = 0;
        for (; i < nr_mce_banks; i++) {
                wrmsr(MSR_IA32_MC0_CTL+4*i, 0xffffffff, 0xffffffff);
                wrmsr(MSR_IA32_MC0_STATUS+4*i, 0x0, 0x0);
diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c
new file mode 100644
index 000000000000..a3a235a53f09
--- /dev/null
+++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c
@@ -0,0 +1,127 @@
+/*
+ * Machine check injection support.
+ * Copyright 2008 Intel Corporation.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2
+ * of the License.
+ *
+ * Authors:
+ * Andi Kleen
+ * Ying Huang
+ */
+#include <linux/uaccess.h>
+#include <linux/module.h>
+#include <linux/timer.h>
+#include <linux/kernel.h>
+#include <linux/string.h>
+#include <linux/fs.h>
+#include <linux/smp.h>
+#include <asm/mce.h>
+/* Update fake mce registers on current CPU. */
+static void inject_mce(struct mce *m)
+{
+        struct mce *i = &per_cpu(injectm, m->extcpu);
+        /* Make sure noone reads partially written injectm */
+        i->finished = 0;
+        mb();
+        m->finished = 0;
+        /* First set the fields after finished */
+        i->extcpu = m->extcpu;
+        mb();
+        /* Now write record in order, finished last (except above) */
+        memcpy(i, m, sizeof(struct mce));
+        /* Finally activate it */
+        mb();
+        i->finished = 1;
+}
+struct delayed_mce {
+        struct timer_list timer;
+        struct mce m;
+};
+/* Inject mce on current CPU */
+static void raise_mce(unsigned long data)
+{
+        struct delayed_mce *dm = (struct delayed_mce *)data;
+        struct mce *m = &dm->m;
+        int cpu = m->extcpu;
+        inject_mce(m);
+        if (m->status & MCI_STATUS_UC) {
+                struct pt_regs regs;
+                memset(&regs, 0, sizeof(struct pt_regs));
+                regs.ip = m->ip;
+                regs.cs = m->cs;
+                printk(KERN_INFO "Triggering MCE exception on CPU %d\n", cpu);
+                do_machine_check(&regs, 0);
+                printk(KERN_INFO "MCE exception done on CPU %d\n", cpu);
+        } else {
+                mce_banks_t b;
+                memset(&b, 0xff, sizeof(mce_banks_t));
+                printk(KERN_INFO "Starting machine check poll CPU %d\n", cpu);
+                machine_check_poll(0, &b);
+                mce_notify_irq();
+                printk(KERN_INFO "Finished machine check poll on CPU %d\n",
+                       cpu);
+        }
+        kfree(dm);
+}
+/* Error injection interface */
+static ssize_t mce_write(struct file *filp, const char __user *ubuf,
+                         size_t usize, loff_t *off)
+{
+        struct delayed_mce *dm;
+        struct mce m;
+        if (!capable(CAP_SYS_ADMIN))
+                return -EPERM;
+        /*
+         * There are some cases where real MSR reads could slip
+         * through.
+         */
+        if (!boot_cpu_has(X86_FEATURE_MCE) || !boot_cpu_has(X86_FEATURE_MCA))
+                return -EIO;
+        if ((unsigned long)usize > sizeof(struct mce))
+                usize = sizeof(struct mce);
+        if (copy_from_user(&m, ubuf, usize))
+                return -EFAULT;
+        if (m.extcpu >= num_possible_cpus() || !cpu_online(m.extcpu))
+                return -EINVAL;
+        dm = kmalloc(sizeof(struct delayed_mce), GFP_KERNEL);
+        if (!dm)
+                return -ENOMEM;
+        /*
+         * Need to give user space some time to set everything up,
+         * so do it a jiffie or two later everywhere.
+         * Should we use a hrtimer here for better synchronization?
+         */
+        memcpy(&dm->m, &m, sizeof(struct mce));
+        setup_timer(&dm->timer, raise_mce, (unsigned long)dm);
+        dm->timer.expires = jiffies + 2;
+        add_timer_on(&dm->timer, m.extcpu);
+        return usize;
+}
+static int inject_init(void)
+{
+        printk(KERN_INFO "Machine check injector initialized\n");
+        mce_chrdev_ops.write = mce_write;
+        return 0;
+}
+module_init(inject_init);
+/*
+ * Cannot tolerate unloading currently because we cannot
+ * guarantee all openers of mce_chrdev will get a reference to us.
+ */
+MODULE_LICENSE("GPL");
diff --git a/arch/x86/kernel/cpu/mcheck/mce-internal.h b/arch/x86/kernel/cpu/mcheck/mce-internal.h
new file mode 100644
index 000000000000..54dcb8ff12e5
--- /dev/null
+++ b/arch/x86/kernel/cpu/mcheck/mce-internal.h
@@ -0,0 +1,15 @@
+#include <asm/mce.h>
+enum severity_level {
+        MCE_NO_SEVERITY,
+        MCE_KEEP_SEVERITY,
+        MCE_SOME_SEVERITY,
+        MCE_AO_SEVERITY,
+        MCE_UC_SEVERITY,
+        MCE_AR_SEVERITY,
+        MCE_PANIC_SEVERITY,
+};
+int mce_severity(struct mce *a, int tolerant, char **msg);
+extern int mce_ser;
diff --git a/arch/x86/kernel/cpu/mcheck/mce-severity.c b/arch/x86/kernel/cpu/mcheck/mce-severity.c
new file mode 100644
index 000000000000..ff0807f97056
--- /dev/null
+++ b/arch/x86/kernel/cpu/mcheck/mce-severity.c
@@ -0,0 +1,218 @@
+/*
+ * MCE grading rules.
+ * Copyright 2008, 2009 Intel Corporation.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2
+ * of the License.
+ *
+ * Author: Andi Kleen
+ */
+#include <linux/kernel.h>
+#include <linux/seq_file.h>
+#include <linux/init.h>
+#include <linux/debugfs.h>
+#include <asm/mce.h>
+#include "mce-internal.h"
+/*
+ * Grade an mce by severity. In general the most severe ones are processed
+ * first. Since there are quite a lot of combinations test the bits in a
+ * table-driven way. The rules are simply processed in order, first
+ * match wins.
+ *
+ * Note this is only used for machine check exceptions, the corrected
+ * errors use much simpler rules. The exceptions still check for the corrected
+ * errors, but only to leave them alone for the CMCI handler (except for
+ * panic situations)
+ */
+enum context { IN_KERNEL = 1, IN_USER = 2 };
+enum ser { SER_REQUIRED = 1, NO_SER = 2 };
+static struct severity {
+        u64 mask;
+        u64 result;
+        unsigned char sev;
+        unsigned char mcgmask;
+        unsigned char mcgres;
+        unsigned char ser;
+        unsigned char context;
+        unsigned char covered;
+        char *msg;
+} severities[] = {
+#define KERNEL .context = IN_KERNEL
+#define USER .context = IN_USER
+#define SER .ser = SER_REQUIRED
+#define NOSER .ser = NO_SER
+#define SEV(s) .sev = MCE_ ## s ## _SEVERITY
+#define BITCLR(x, s, m, r...) { .mask = x, .result = 0, SEV(s), .msg = m, ## r }
+#define BITSET(x, s, m, r...) { .mask = x, .result = x, SEV(s), .msg = m, ## r }
+#define MCGMASK(x, res, s, m, r...) \
+        { .mcgmask = x, .mcgres = res, SEV(s), .msg = m, ## r }
+#define MASK(x, y, s, m, r...) \
+        { .mask = x, .result = y, SEV(s), .msg = m, ## r }
+#define MCI_UC_S (MCI_STATUS_UC|MCI_STATUS_S)
+#define MCI_UC_SAR (MCI_STATUS_UC|MCI_STATUS_S|MCI_STATUS_AR)
+#define MCACOD 0xffff
+        BITCLR(MCI_STATUS_VAL, NO, "Invalid"),
+        BITCLR(MCI_STATUS_EN, NO, "Not enabled"),
+        BITSET(MCI_STATUS_PCC, PANIC, "Processor context corrupt"),
+        /* When MCIP is not set something is very confused */
+        MCGMASK(MCG_STATUS_MCIP, 0, PANIC, "MCIP not set in MCA handler"),
+        /* Neither return not error IP -- no chance to recover -> PANIC */
+        MCGMASK(MCG_STATUS_RIPV|MCG_STATUS_EIPV, 0, PANIC,
+                "Neither restart nor error IP"),
+        MCGMASK(MCG_STATUS_RIPV, 0, PANIC, "In kernel and no restart IP",
+                KERNEL),
+        BITCLR(MCI_STATUS_UC, KEEP, "Corrected error", NOSER),
+        MASK(MCI_STATUS_OVER|MCI_STATUS_UC|MCI_STATUS_EN, MCI_STATUS_UC, SOME,
+             "Spurious not enabled", SER),
+        /* ignore OVER for UCNA */
+        MASK(MCI_UC_SAR, MCI_STATUS_UC, KEEP,
+             "Uncorrected no action required", SER),
+        MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_STATUS_UC|MCI_STATUS_AR, PANIC,
+             "Illegal combination (UCNA with AR=1)", SER),
+        MASK(MCI_STATUS_S, 0, KEEP, "Non signalled machine check", SER),
+        /* AR add known MCACODs here */
+        MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_STATUS_OVER|MCI_UC_SAR, PANIC,
+             "Action required with lost events", SER),
+        MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCACOD, MCI_UC_SAR, PANIC,
+             "Action required; unknown MCACOD", SER),
+        /* known AO MCACODs: */
+        MASK(MCI_UC_SAR|MCI_STATUS_OVER|0xfff0, MCI_UC_S|0xc0, AO,
+             "Action optional: memory scrubbing error", SER),
+        MASK(MCI_UC_SAR|MCI_STATUS_OVER|MCACOD, MCI_UC_S|0x17a, AO,
+             "Action optional: last level cache writeback error", SER),
+        MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_UC_S, SOME,
+             "Action optional unknown MCACOD", SER),
+        MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_UC_S|MCI_STATUS_OVER, SOME,
+             "Action optional with lost events", SER),
+        BITSET(MCI_STATUS_UC|MCI_STATUS_OVER, PANIC, "Overflowed uncorrected"),
+        BITSET(MCI_STATUS_UC, UC, "Uncorrected"),
+        BITSET(0, SOME, "No match")     /* always matches. keep at end */
+};
+/*
+ * If the EIPV bit is set, it means the saved IP is the
+ * instruction which caused the MCE.
+ */
+static int error_context(struct mce *m)
+{
+        if (m->mcgstatus & MCG_STATUS_EIPV)
+                return (m->ip && (m->cs & 3) == 3) ? IN_USER : IN_KERNEL;
+        /* Unknown, assume kernel */
+        return IN_KERNEL;
+}
+int mce_severity(struct mce *a, int tolerant, char **msg)
+{
+        enum context ctx = error_context(a);
+        struct severity *s;
+        for (s = severities;; s++) {
+                if ((a->status & s->mask) != s->result)
+                        continue;
+                if ((a->mcgstatus & s->mcgmask) != s->mcgres)
+                        continue;
+                if (s->ser == SER_REQUIRED && !mce_ser)
+                        continue;
+                if (s->ser == NO_SER && mce_ser)
+                        continue;
+                if (s->context && ctx != s->context)
+                        continue;
+                if (msg)
+                        *msg = s->msg;
+                s->covered = 1;
+                if (s->sev >= MCE_UC_SEVERITY && ctx == IN_KERNEL) {
+                        if (panic_on_oops || tolerant < 1)
+                                return MCE_PANIC_SEVERITY;
+                }
+                return s->sev;
+        }
+}
+static void *s_start(struct seq_file *f, loff_t *pos)
+{
+        if (*pos >= ARRAY_SIZE(severities))
+                return NULL;
+        return &severities[*pos];
+}
+static void *s_next(struct seq_file *f, void *data, loff_t *pos)
+{
+        if (++(*pos) >= ARRAY_SIZE(severities))
+                return NULL;
+        return &severities[*pos];
+}
+static void s_stop(struct seq_file *f, void *data)
+{
+}
+static int s_show(struct seq_file *f, void *data)
+{
+        struct severity *ser = data;
+        seq_printf(f, "%d\t%s\n", ser->covered, ser->msg);
+        return 0;
+}
+static const struct seq_operations severities_seq_ops = {
+        .start  = s_start,
+        .next   = s_next,
+        .stop   = s_stop,
+        .show   = s_show,
+};
+static int severities_coverage_open(struct inode *inode, struct file *file)
+{
+        return seq_open(file, &severities_seq_ops);
+}
+static ssize_t severities_coverage_write(struct file *file,
+                                         const char __user *ubuf,
+                                         size_t count, loff_t *ppos)
+{
+        int i;
+        for (i = 0; i < ARRAY_SIZE(severities); i++)
+                severities[i].covered = 0;
+        return count;
+}
+static const struct file_operations severities_coverage_fops = {
+        .open           = severities_coverage_open,
+        .release        = seq_release,
+        .read           = seq_read,
+        .write          = severities_coverage_write,
+};
+static int __init severities_debugfs_init(void)
+{
+        struct dentry *dmce = NULL, *fseverities_coverage = NULL;
+        dmce = debugfs_create_dir("mce", NULL);
+        if (dmce == NULL)
+                goto err_out;
+        fseverities_coverage = debugfs_create_file("severities-coverage",
+                                                   0444, dmce, NULL,
+                                                   &severities_coverage_fops);
+        if (fseverities_coverage == NULL)
+                goto err_out;
+        return 0;
+err_out:
+        if (fseverities_coverage)
+                debugfs_remove(fseverities_coverage);
+        if (dmce)
+                debugfs_remove(dmce);
+        return -ENOMEM;
+}
+late_initcall(severities_debugfs_init);
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
new file mode 100644
index 000000000000..fabba15e4558
--- /dev/null
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -0,0 +1,1964 @@
+/*
+ * Machine check handler.
+ *
+ * K8 parts Copyright 2002,2003 Andi Kleen, SuSE Labs.
+ * Rest from unknown author(s).
+ * 2004 Andi Kleen. Rewrote most of it.
+ * Copyright 2008 Intel Corporation
+ * Author: Andi Kleen
+ */
+#include <linux/thread_info.h>
+#include <linux/capability.h>
+#include <linux/miscdevice.h>
+#include <linux/interrupt.h>
+#include <linux/ratelimit.h>
+#include <linux/kallsyms.h>
+#include <linux/rcupdate.h>
+#include <linux/kobject.h>
+#include <linux/uaccess.h>
+#include <linux/kdebug.h>
+#include <linux/kernel.h>
+#include <linux/percpu.h>
+#include <linux/string.h>
+#include <linux/sysdev.h>
+#include <linux/delay.h>
+#include <linux/ctype.h>
+#include <linux/sched.h>
+#include <linux/sysfs.h>
+#include <linux/types.h>
+#include <linux/init.h>
+#include <linux/kmod.h>
+#include <linux/poll.h>
+#include <linux/nmi.h>
+#include <linux/cpu.h>
+#include <linux/smp.h>
+#include <linux/fs.h>
+#include <linux/mm.h>
+#include <asm/processor.h>
+#include <asm/hw_irq.h>
+#include <asm/apic.h>
+#include <asm/idle.h>
+#include <asm/ipi.h>
+#include <asm/mce.h>
+#include <asm/msr.h>
+#include "mce-internal.h"
+#include "mce.h"
+/* Handle unconfigured int18 (should never happen) */
+static void unexpected_machine_check(struct pt_regs *regs, long error_code)
+{
+        printk(KERN_ERR "CPU#%d: Unexpected int18 (Machine Check).\n",
+               smp_processor_id());
+}
+/* Call the installed machine check handler for this CPU setup. */
+void (*machine_check_vector)(struct pt_regs *, long error_code) =
+                                                unexpected_machine_check;
+int                             mce_disabled;
+#ifdef CONFIG_X86_NEW_MCE
+#define MISC_MCELOG_MINOR       227
+#define SPINUNIT 100    /* 100ns */
+atomic_t mce_entry;
+DEFINE_PER_CPU(unsigned, mce_exception_count);
+/*
+ * Tolerant levels:
+ *   0: always panic on uncorrected errors, log corrected errors
+ *   1: panic or SIGBUS on uncorrected errors, log corrected errors
+ *   2: SIGBUS or log uncorrected errors (if possible), log corrected errors
+ *   3: never panic or SIGBUS, log all errors (for testing only)
+ */
+static int                      tolerant = 1;
+static int                      banks;
+static u64                      *bank;
+static unsigned long            notify_user;
+static int                      rip_msr;
+static int                      mce_bootlog = -1;
+static int                      monarch_timeout = -1;
+static int                      mce_panic_timeout;
+static int                      mce_dont_log_ce;
+int                             mce_cmci_disabled;
+int                             mce_ignore_ce;
+int                             mce_ser;
+static char                     trigger[128];
+static char                     *trigger_argv[2] = { trigger, NULL };
+static unsigned long            dont_init_banks;
+static DECLARE_WAIT_QUEUE_HEAD(mce_wait);
+static DEFINE_PER_CPU(struct mce, mces_seen);
+static int                      cpu_missing;
+/* MCA banks polled by the period polling timer for corrected events */
+DEFINE_PER_CPU(mce_banks_t, mce_poll_banks) = {
+        [0 ... BITS_TO_LONGS(MAX_NR_BANKS)-1] = ~0UL
+};
+static inline int skip_bank_init(int i)
+{
+        return i < BITS_PER_LONG && test_bit(i, &dont_init_banks);
+}
+static DEFINE_PER_CPU(struct work_struct, mce_work);
+/* Do initial initialization of a struct mce */
+void mce_setup(struct mce *m)
+{
+        memset(m, 0, sizeof(struct mce));
+        m->cpu = m->extcpu = smp_processor_id();
+        rdtscll(m->tsc);
+        /* We hope get_seconds stays lockless */
+        m->time = get_seconds();
+        m->cpuvendor = boot_cpu_data.x86_vendor;
+        m->cpuid = cpuid_eax(1);
+#ifdef CONFIG_SMP
+        m->socketid = cpu_data(m->extcpu).phys_proc_id;
+#endif
+        m->apicid = cpu_data(m->extcpu).initial_apicid;
+        rdmsrl(MSR_IA32_MCG_CAP, m->mcgcap);
+}
+DEFINE_PER_CPU(struct mce, injectm);
+EXPORT_PER_CPU_SYMBOL_GPL(injectm);
+/*
+ * Lockless MCE logging infrastructure.
+ * This avoids deadlocks on printk locks without having to break locks. Also
+ * separate MCEs from kernel messages to avoid bogus bug reports.
+ */
+static struct mce_log mcelog = {
+        .signature      = MCE_LOG_SIGNATURE,
+        .len            = MCE_LOG_LEN,
+        .recordlen      = sizeof(struct mce),
+};
+void mce_log(struct mce *mce)
+{
+        unsigned next, entry;
+        mce->finished = 0;
+        wmb();
+        for (;;) {
+                entry = rcu_dereference(mcelog.next);
+                for (;;) {
+                        /*
+                         * When the buffer fills up discard new entries.
+                         * Assume that the earlier errors are the more
+                         * interesting ones:
+                         */
+                        if (entry >= MCE_LOG_LEN) {
+                                set_bit(MCE_OVERFLOW,
+                                        (unsigned long *)&mcelog.flags);
+                                return;
+                        }
+                        /* Old left over entry. Skip: */
+                        if (mcelog.entry[entry].finished) {
+                                entry++;
+                                continue;
+                        }
+                        break;
+                }
+                smp_rmb();
+                next = entry + 1;
+                if (cmpxchg(&mcelog.next, entry, next) == entry)
+                        break;
+        }
+        memcpy(mcelog.entry + entry, mce, sizeof(struct mce));
+        wmb();
+        mcelog.entry[entry].finished = 1;
+        wmb();
+        mce->finished = 1;
+        set_bit(0, &notify_user);
+}
+static void print_mce(struct mce *m)
+{
+        printk(KERN_EMERG
+               "CPU %d: Machine Check Exception: %16Lx Bank %d: %016Lx\n",
+               m->extcpu, m->mcgstatus, m->bank, m->status);
+        if (m->ip) {
+                printk(KERN_EMERG "RIP%s %02x:<%016Lx> ",
+                       !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
+                       m->cs, m->ip);
+                if (m->cs == __KERNEL_CS)
+                        print_symbol("{%s}", m->ip);
+                printk("\n");
+        }
+        printk(KERN_EMERG "TSC %llx ", m->tsc);
+        if (m->addr)
+                printk("ADDR %llx ", m->addr);
+        if (m->misc)
+                printk("MISC %llx ", m->misc);
+        printk("\n");
+        printk(KERN_EMERG "PROCESSOR %u:%x TIME %llu SOCKET %u APIC %x\n",
+                        m->cpuvendor, m->cpuid, m->time, m->socketid,
+                        m->apicid);
+}
+static void print_mce_head(void)
+{
+        printk(KERN_EMERG "\n" KERN_EMERG "HARDWARE ERROR\n");
+}
+static void print_mce_tail(void)
+{
+        printk(KERN_EMERG "This is not a software problem!\n"
+               KERN_EMERG "Run through mcelog --ascii to decode and contact your hardware vendor\n");
+}
+#define PANIC_TIMEOUT 5 /* 5 seconds */
+static atomic_t mce_paniced;
+/* Panic in progress. Enable interrupts and wait for final IPI */
+static void wait_for_panic(void)
+{
+        long timeout = PANIC_TIMEOUT*USEC_PER_SEC;
+        preempt_disable();
+        local_irq_enable();
+        while (timeout-- > 0)
+                udelay(1);
+        if (panic_timeout == 0)
+                panic_timeout = mce_panic_timeout;
+        panic("Panicing machine check CPU died");
+}
+static void mce_panic(char *msg, struct mce *final, char *exp)
+{
+        int i;
+        /*
+         * Make sure only one CPU runs in machine check panic
+         */
+        if (atomic_add_return(1, &mce_paniced) > 1)
+                wait_for_panic();
+        barrier();
+        bust_spinlocks(1);
+        console_verbose();
+        print_mce_head();
+        /* First print corrected ones that are still unlogged */
+        for (i = 0; i < MCE_LOG_LEN; i++) {
+                struct mce *m = &mcelog.entry[i];
+                if (!(m->status & MCI_STATUS_VAL))
+                        continue;
+                if (!(m->status & MCI_STATUS_UC))
+                        print_mce(m);
+        }
+        /* Now print uncorrected but with the final one last */
+        for (i = 0; i < MCE_LOG_LEN; i++) {
+                struct mce *m = &mcelog.entry[i];
+                if (!(m->status & MCI_STATUS_VAL))
+                        continue;
+                if (!(m->status & MCI_STATUS_UC))
+                        continue;
+                if (!final || memcmp(m, final, sizeof(struct mce)))
+                        print_mce(m);
+        }
+        if (final)
+                print_mce(final);
+        if (cpu_missing)
+                printk(KERN_EMERG "Some CPUs didn't answer in synchronization\n");
+        print_mce_tail();
+        if (exp)
+                printk(KERN_EMERG "Machine check: %s\n", exp);
+        if (panic_timeout == 0)
+                panic_timeout = mce_panic_timeout;
+        panic(msg);
+}
+/* Support code for software error injection */
+static int msr_to_offset(u32 msr)
+{
+        unsigned bank = __get_cpu_var(injectm.bank);
+        if (msr == rip_msr)
+                return offsetof(struct mce, ip);
+        if (msr == MSR_IA32_MC0_STATUS + bank*4)
+                return offsetof(struct mce, status);
+        if (msr == MSR_IA32_MC0_ADDR + bank*4)
+                return offsetof(struct mce, addr);
+        if (msr == MSR_IA32_MC0_MISC + bank*4)
+                return offsetof(struct mce, misc);
+        if (msr == MSR_IA32_MCG_STATUS)
+                return offsetof(struct mce, mcgstatus);
+        return -1;
+}
+/* MSR access wrappers used for error injection */
+static u64 mce_rdmsrl(u32 msr)
+{
+        u64 v;
+        if (__get_cpu_var(injectm).finished) {
+                int offset = msr_to_offset(msr);
+                if (offset < 0)
+                        return 0;
+                return *(u64 *)((char *)&__get_cpu_var(injectm) + offset);
+        }
+        rdmsrl(msr, v);
+        return v;
+}
+static void mce_wrmsrl(u32 msr, u64 v)
+{
+        if (__get_cpu_var(injectm).finished) {
+                int offset = msr_to_offset(msr);
+                if (offset >= 0)
+                        *(u64 *)((char *)&__get_cpu_var(injectm) + offset) = v;
+                return;
+        }
+        wrmsrl(msr, v);
+}
+/*
+ * Simple lockless ring to communicate PFNs from the exception handler with the
+ * process context work function. This is vastly simplified because there's
+ * only a single reader and a single writer.
+ */
+#define MCE_RING_SIZE 16        /* we use one entry less */
+struct mce_ring {
+        unsigned short start;
+        unsigned short end;
+        unsigned long ring[MCE_RING_SIZE];
+};
+static DEFINE_PER_CPU(struct mce_ring, mce_ring);
+/* Runs with CPU affinity in workqueue */
+static int mce_ring_empty(void)
+{
+        struct mce_ring *r = &__get_cpu_var(mce_ring);
+        return r->start == r->end;
+}
+static int mce_ring_get(unsigned long *pfn)
+{
+        struct mce_ring *r;
+        int ret = 0;
+        *pfn = 0;
+        get_cpu();
+        r = &__get_cpu_var(mce_ring);
+        if (r->start == r->end)
+                goto out;
+        *pfn = r->ring[r->start];
+        r->start = (r->start + 1) % MCE_RING_SIZE;
+        ret = 1;
+out:
+        put_cpu();
+        return ret;
+}
+/* Always runs in MCE context with preempt off */
+static int mce_ring_add(unsigned long pfn)
+{
+        struct mce_ring *r = &__get_cpu_var(mce_ring);
+        unsigned next;
+        next = (r->end + 1) % MCE_RING_SIZE;
+        if (next == r->start)
+                return -1;
+        r->ring[r->end] = pfn;
+        wmb();
+        r->end = next;
+        return 0;
+}
+int mce_available(struct cpuinfo_x86 *c)
+{
+        if (mce_disabled)
+                return 0;
+        return cpu_has(c, X86_FEATURE_MCE) && cpu_has(c, X86_FEATURE_MCA);
+}
+static void mce_schedule_work(void)
+{
+        if (!mce_ring_empty()) {
+                struct work_struct *work = &__get_cpu_var(mce_work);
+                if (!work_pending(work))
+                        schedule_work(work);
+        }
+}
+/*
+ * Get the address of the instruction at the time of the machine check
+ * error.
+ */
+static inline void mce_get_rip(struct mce *m, struct pt_regs *regs)
+{
+        if (regs && (m->mcgstatus & (MCG_STATUS_RIPV|MCG_STATUS_EIPV))) {
+                m->ip = regs->ip;
+                m->cs = regs->cs;
+        } else {
+                m->ip = 0;
+                m->cs = 0;
+        }
+        if (rip_msr)
+                m->ip = mce_rdmsrl(rip_msr);
+}
+#ifdef CONFIG_X86_LOCAL_APIC 
+/*
+ * Called after interrupts have been reenabled again
+ * when a MCE happened during an interrupts off region
+ * in the kernel.
+ */
+asmlinkage void smp_mce_self_interrupt(struct pt_regs *regs)
+{
+        ack_APIC_irq();
+        exit_idle();
+        irq_enter();
+        mce_notify_irq();
+        mce_schedule_work();
+        irq_exit();
+}
+#endif
+static void mce_report_event(struct pt_regs *regs)
+{
+        if (regs->flags & (X86_VM_MASK|X86_EFLAGS_IF)) {
+                mce_notify_irq();
+                /*
+                 * Triggering the work queue here is just an insurance
+                 * policy in case the syscall exit notify handler
+                 * doesn't run soon enough or ends up running on the
+                 * wrong CPU (can happen when audit sleeps)
+                 */
+                mce_schedule_work();
+                return;
+        }
+#ifdef CONFIG_X86_LOCAL_APIC
+        /*
+         * Without APIC do not notify. The event will be picked
+         * up eventually.
+         */
+        if (!cpu_has_apic)
+                return;
+        /*
+         * When interrupts are disabled we cannot use
+         * kernel services safely. Trigger an self interrupt
+         * through the APIC to instead do the notification
+         * after interrupts are reenabled again.
+         */
+        apic->send_IPI_self(MCE_SELF_VECTOR);
+        /*
+         * Wait for idle afterwards again so that we don't leave the
+         * APIC in a non idle state because the normal APIC writes
+         * cannot exclude us.
+         */
+        apic_wait_icr_idle();
+#endif
+}
+DEFINE_PER_CPU(unsigned, mce_poll_count);
+/*
+ * Poll for corrected events or events that happened before reset.
+ * Those are just logged through /dev/mcelog.
+ *
+ * This is executed in standard interrupt context.
+ *
+ * Note: spec recommends to panic for fatal unsignalled
+ * errors here. However this would be quite problematic --
+ * we would need to reimplement the Monarch handling and
+ * it would mess up the exclusion between exception handler
+ * and poll hander -- * so we skip this for now.
+ * These cases should not happen anyways, or only when the CPU
+ * is already totally * confused. In this case it's likely it will
+ * not fully execute the machine check handler either.
+ */
+void machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
+{
+        struct mce m;
+        int i;
+        __get_cpu_var(mce_poll_count)++;
+        mce_setup(&m);
+        m.mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
+        for (i = 0; i < banks; i++) {
+                if (!bank[i] || !test_bit(i, *b))
+                        continue;
+                m.misc = 0;
+                m.addr = 0;
+                m.bank = i;
+                m.tsc = 0;
+                barrier();
+                m.status = mce_rdmsrl(MSR_IA32_MC0_STATUS + i*4);
+                if (!(m.status & MCI_STATUS_VAL))
+                        continue;
+                /*
+                 * Uncorrected or signalled events are handled by the exception
+                 * handler when it is enabled, so don't process those here.
+                 *
+                 * TBD do the same check for MCI_STATUS_EN here?
+                 */
+                if (!(flags & MCP_UC) &&
+                    (m.status & (mce_ser ? MCI_STATUS_S : MCI_STATUS_UC)))
+                        continue;
+                if (m.status & MCI_STATUS_MISCV)
+                        m.misc = mce_rdmsrl(MSR_IA32_MC0_MISC + i*4);
+                if (m.status & MCI_STATUS_ADDRV)
+                        m.addr = mce_rdmsrl(MSR_IA32_MC0_ADDR + i*4);
+                if (!(flags & MCP_TIMESTAMP))
+                        m.tsc = 0;
+                /*
+                 * Don't get the IP here because it's unlikely to
+                 * have anything to do with the actual error location.
+                 */
+                if (!(flags & MCP_DONTLOG) && !mce_dont_log_ce) {
+                        mce_log(&m);
+                        add_taint(TAINT_MACHINE_CHECK);
+                }
+                /*
+                 * Clear state for this bank.
+                 */
+                mce_wrmsrl(MSR_IA32_MC0_STATUS+4*i, 0);
+        }
+        /*
+         * Don't clear MCG_STATUS here because it's only defined for
+         * exceptions.
+         */
+        sync_core();
+}
+EXPORT_SYMBOL_GPL(machine_check_poll);
+/*
+ * Do a quick check if any of the events requires a panic.
+ * This decides if we keep the events around or clear them.
+ */
+static int mce_no_way_out(struct mce *m, char **msg)
+{
+        int i;
+        for (i = 0; i < banks; i++) {
+                m->status = mce_rdmsrl(MSR_IA32_MC0_STATUS + i*4);
+                if (mce_severity(m, tolerant, msg) >= MCE_PANIC_SEVERITY)
+                        return 1;
+        }
+        return 0;
+}
+/*
+ * Variable to establish order between CPUs while scanning.
+ * Each CPU spins initially until executing is equal its number.
+ */
+static atomic_t mce_executing;
+/*
+ * Defines order of CPUs on entry. First CPU becomes Monarch.
+ */
+static atomic_t mce_callin;
+/*
+ * Check if a timeout waiting for other CPUs happened.
+ */
+static int mce_timed_out(u64 *t)
+{
+        /*
+         * The others already did panic for some reason.
+         * Bail out like in a timeout.
+         * rmb() to tell the compiler that system_state
+         * might have been modified by someone else.
+         */
+        rmb();
+        if (atomic_read(&mce_paniced))
+                wait_for_panic();
+        if (!monarch_timeout)
+                goto out;
+        if ((s64)*t < SPINUNIT) {
+                /* CHECKME: Make panic default for 1 too? */
+                if (tolerant < 1)
+                        mce_panic("Timeout synchronizing machine check over CPUs",
+                                  NULL, NULL);
+                cpu_missing = 1;
+                return 1;
+        }
+        *t -= SPINUNIT;
+out:
+        touch_nmi_watchdog();
+        return 0;
+}
+/*
+ * The Monarch's reign.  The Monarch is the CPU who entered
+ * the machine check handler first. It waits for the others to
+ * raise the exception too and then grades them. When any
+ * error is fatal panic. Only then let the others continue.
+ *
+ * The other CPUs entering the MCE handler will be controlled by the
+ * Monarch. They are called Subjects.
+ *
+ * This way we prevent any potential data corruption in a unrecoverable case
+ * and also makes sure always all CPU's errors are examined.
+ *
+ * Also this detects the case of an machine check event coming from outer
+ * space (not detected by any CPUs) In this case some external agent wants
+ * us to shut down, so panic too.
+ *
+ * The other CPUs might still decide to panic if the handler happens
+ * in a unrecoverable place, but in this case the system is in a semi-stable
+ * state and won't corrupt anything by itself. It's ok to let the others
+ * continue for a bit first.
+ *
+ * All the spin loops have timeouts; when a timeout happens a CPU
+ * typically elects itself to be Monarch.
+ */
+static void mce_reign(void)
+{
+        int cpu;
+        struct mce *m = NULL;
+        int global_worst = 0;
+        char *msg = NULL;
+        char *nmsg = NULL;
+        /*
+         * This CPU is the Monarch and the other CPUs have run
+         * through their handlers.
+         * Grade the severity of the errors of all the CPUs.
+         */
+        for_each_possible_cpu(cpu) {
+                int severity = mce_severity(&per_cpu(mces_seen, cpu), tolerant,
+                                            &nmsg);
+                if (severity > global_worst) {
+                        msg = nmsg;
+                        global_worst = severity;
+                        m = &per_cpu(mces_seen, cpu);
+                }
+        }
+        /*
+         * Cannot recover? Panic here then.
+         * This dumps all the mces in the log buffer and stops the
+         * other CPUs.
+         */
+        if (m && global_worst >= MCE_PANIC_SEVERITY && tolerant < 3)
+                mce_panic("Fatal Machine check", m, msg);
+        /*
+         * For UC somewhere we let the CPU who detects it handle it.
+         * Also must let continue the others, otherwise the handling
+         * CPU could deadlock on a lock.
+         */
+        /*
+         * No machine check event found. Must be some external
+         * source or one CPU is hung. Panic.
+         */
+        if (!m && tolerant < 3)
+                mce_panic("Machine check from unknown source", NULL, NULL);
+        /*
+         * Now clear all the mces_seen so that they don't reappear on
+         * the next mce.
+         */
+        for_each_possible_cpu(cpu)
+                memset(&per_cpu(mces_seen, cpu), 0, sizeof(struct mce));
+}
+static atomic_t global_nwo;
+/*
+ * Start of Monarch synchronization. This waits until all CPUs have
+ * entered the exception handler and then determines if any of them
+ * saw a fatal event that requires panic. Then it executes them
+ * in the entry order.
+ * TBD double check parallel CPU hotunplug
+ */
+static int mce_start(int no_way_out, int *order)
+{
+        int nwo;
+        int cpus = num_online_cpus();
+        u64 timeout = (u64)monarch_timeout * NSEC_PER_USEC;
+        if (!timeout) {
+                *order = -1;
+                return no_way_out;
+        }
+        atomic_add(no_way_out, &global_nwo);
+        /*
+         * Wait for everyone.
+         */
+        while (atomic_read(&mce_callin) != cpus) {
+                if (mce_timed_out(&timeout)) {
+                        atomic_set(&global_nwo, 0);
+                        *order = -1;
+                        return no_way_out;
+                }
+                ndelay(SPINUNIT);
+        }
+        /*
+         * Cache the global no_way_out state.
+         */
+        nwo = atomic_read(&global_nwo);
+        /*
+         * Monarch starts executing now, the others wait.
+         */
+        if (*order == 1) {
+                atomic_set(&mce_executing, 1);
+                return nwo;
+        }
+        /*
+         * Now start the scanning loop one by one
+         * in the original callin order.
+         * This way when there are any shared banks it will
+         * be only seen by one CPU before cleared, avoiding duplicates.
+         */
+        while (atomic_read(&mce_executing) < *order) {
+                if (mce_timed_out(&timeout)) {
+                        atomic_set(&global_nwo, 0);
+                        *order = -1;
+                        return no_way_out;
+                }
+                ndelay(SPINUNIT);
+        }
+        return nwo;
+}
+/*
+ * Synchronize between CPUs after main scanning loop.
+ * This invokes the bulk of the Monarch processing.
+ */
+static int mce_end(int order)
+{
+        int ret = -1;
+        u64 timeout = (u64)monarch_timeout * NSEC_PER_USEC;
+        if (!timeout)
+                goto reset;
+        if (order < 0)
+                goto reset;
+        /*
+         * Allow others to run.
+         */
+        atomic_inc(&mce_executing);
+        if (order == 1) {
+                /* CHECKME: Can this race with a parallel hotplug? */
+                int cpus = num_online_cpus();
+                /*
+                 * Monarch: Wait for everyone to go through their scanning
+                 * loops.
+                 */
+                while (atomic_read(&mce_executing) <= cpus) {
+                        if (mce_timed_out(&timeout))
+                                goto reset;
+                        ndelay(SPINUNIT);
+                }
+                mce_reign();
+                barrier();
+                ret = 0;
+        } else {
+                /*
+                 * Subject: Wait for Monarch to finish.
+                 */
+                while (atomic_read(&mce_executing) != 0) {
+                        if (mce_timed_out(&timeout))
+                                goto reset;
+                        ndelay(SPINUNIT);
+                }
+                /*
+                 * Don't reset anything. That's done by the Monarch.
+                 */
+                return 0;
+        }
+        /*
+         * Reset all global state.
+         */
+reset:
+        atomic_set(&global_nwo, 0);
+        atomic_set(&mce_callin, 0);
+        barrier();
+        /*
+         * Let others run again.
+         */
+        atomic_set(&mce_executing, 0);
+        return ret;
+}
+/*
+ * Check if the address reported by the CPU is in a format we can parse.
+ * It would be possible to add code for most other cases, but all would
+ * be somewhat complicated (e.g. segment offset would require an instruction
+ * parser). So only support physical addresses upto page granuality for now.
+ */
+static int mce_usable_address(struct mce *m)
+{
+        if (!(m->status & MCI_STATUS_MISCV) || !(m->status & MCI_STATUS_ADDRV))
+                return 0;
+        if ((m->misc & 0x3f) > PAGE_SHIFT)
+                return 0;
+        if (((m->misc >> 6) & 7) != MCM_ADDR_PHYS)
+                return 0;
+        return 1;
+}
+static void mce_clear_state(unsigned long *toclear)
+{
+        int i;
+        for (i = 0; i < banks; i++) {
+                if (test_bit(i, toclear))
+                        mce_wrmsrl(MSR_IA32_MC0_STATUS+4*i, 0);
+        }
+}
+/*
+ * The actual machine check handler. This only handles real
+ * exceptions when something got corrupted coming in through int 18.
+ *
+ * This is executed in NMI context not subject to normal locking rules. This
+ * implies that most kernel services cannot be safely used. Don't even
+ * think about putting a printk in there!
+ *
+ * On Intel systems this is entered on all CPUs in parallel through
+ * MCE broadcast. However some CPUs might be broken beyond repair,
+ * so be always careful when synchronizing with others.
+ */
+void do_machine_check(struct pt_regs *regs, long error_code)
+{
+        struct mce m, *final;
+        int i;
+        int worst = 0;
+        int severity;
+        /*
+         * Establish sequential order between the CPUs entering the machine
+         * check handler.
+         */
+        int order;
+        /*
+         * If no_way_out gets set, there is no safe way to recover from this
+         * MCE.  If tolerant is cranked up, we'll try anyway.
+         */
+        int no_way_out = 0;
+        /*
+         * If kill_it gets set, there might be a way to recover from this
+         * error.
+         */
+        int kill_it = 0;
+        DECLARE_BITMAP(toclear, MAX_NR_BANKS);
+        char *msg = "Unknown";
+        atomic_inc(&mce_entry);
+        __get_cpu_var(mce_exception_count)++;
+        if (notify_die(DIE_NMI, "machine check", regs, error_code,
+                           18, SIGKILL) == NOTIFY_STOP)
+                goto out;
+        if (!banks)
+                goto out;
+        order = atomic_add_return(1, &mce_callin);
+        mce_setup(&m);
+        m.mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
+        no_way_out = mce_no_way_out(&m, &msg);
+        final = &__get_cpu_var(mces_seen);
+        *final = m;
+        barrier();
+        /*
+         * When no restart IP must always kill or panic.
+         */
+        if (!(m.mcgstatus & MCG_STATUS_RIPV))
+                kill_it = 1;
+        /*
+         * Go through all the banks in exclusion of the other CPUs.
+         * This way we don't report duplicated events on shared banks
+         * because the first one to see it will clear it.
+         */
+        no_way_out = mce_start(no_way_out, &order);
+        for (i = 0; i < banks; i++) {
+                __clear_bit(i, toclear);
+                if (!bank[i])
+                        continue;
+                m.misc = 0;
+                m.addr = 0;
+                m.bank = i;
+                m.status = mce_rdmsrl(MSR_IA32_MC0_STATUS + i*4);
+                if ((m.status & MCI_STATUS_VAL) == 0)
+                        continue;
+                /*
+                 * Non uncorrected or non signaled errors are handled by
+                 * machine_check_poll. Leave them alone, unless this panics.
+                 */
+                if (!(m.status & (mce_ser ? MCI_STATUS_S : MCI_STATUS_UC)) &&
+                        !no_way_out)
+                        continue;
+                /*
+                 * Set taint even when machine check was not enabled.
+                 */
+                add_taint(TAINT_MACHINE_CHECK);
+                severity = mce_severity(&m, tolerant, NULL);
+                /*
+                 * When machine check was for corrected handler don't touch,
+                 * unless we're panicing.
+                 */
+                if (severity == MCE_KEEP_SEVERITY && !no_way_out)
+                        continue;
+                __set_bit(i, toclear);
+                if (severity == MCE_NO_SEVERITY) {
+                        /*
+                         * Machine check event was not enabled. Clear, but
+                         * ignore.
+                         */
+                        continue;
+                }
+                /*
+                 * Kill on action required.
+                 */
+                if (severity == MCE_AR_SEVERITY)
+                        kill_it = 1;
+                if (m.status & MCI_STATUS_MISCV)
+                        m.misc = mce_rdmsrl(MSR_IA32_MC0_MISC + i*4);
+                if (m.status & MCI_STATUS_ADDRV)
+                        m.addr = mce_rdmsrl(MSR_IA32_MC0_ADDR + i*4);
+                /*
+                 * Action optional error. Queue address for later processing.
+                 * When the ring overflows we just ignore the AO error.
+                 * RED-PEN add some logging mechanism when
+                 * usable_address or mce_add_ring fails.
+                 * RED-PEN don't ignore overflow for tolerant == 0
+                 */
+                if (severity == MCE_AO_SEVERITY && mce_usable_address(&m))
+                        mce_ring_add(m.addr >> PAGE_SHIFT);
+                mce_get_rip(&m, regs);
+                mce_log(&m);
+                if (severity > worst) {
+                        *final = m;
+                        worst = severity;
+                }
+        }
+        if (!no_way_out)
+                mce_clear_state(toclear);
+        /*
+         * Do most of the synchronization with other CPUs.
+         * When there's any problem use only local no_way_out state.
+         */
+        if (mce_end(order) < 0)
+                no_way_out = worst >= MCE_PANIC_SEVERITY;
+        /*
+         * If we have decided that we just CAN'T continue, and the user
+         * has not set tolerant to an insane level, give up and die.
+         *
+         * This is mainly used in the case when the system doesn't
+         * support MCE broadcasting or it has been disabled.
+         */
+        if (no_way_out && tolerant < 3)
+                mce_panic("Fatal machine check on current CPU", final, msg);
+        /*
+         * If the error seems to be unrecoverable, something should be
+         * done.  Try to kill as little as possible.  If we can kill just
+         * one task, do that.  If the user has set the tolerance very
+         * high, don't try to do anything at all.
+         */
+        if (kill_it && tolerant < 3)
+                force_sig(SIGBUS, current);
+        /* notify userspace ASAP */
+        set_thread_flag(TIF_MCE_NOTIFY);
+        if (worst > 0)
+                mce_report_event(regs);
+        mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
+out:
+        atomic_dec(&mce_entry);
+        sync_core();
+}
+EXPORT_SYMBOL_GPL(do_machine_check);
+/* dummy to break dependency. actual code is in mm/memory-failure.c */
+void __attribute__((weak)) memory_failure(unsigned long pfn, int vector)
+{
+        printk(KERN_ERR "Action optional memory failure at %lx ignored\n", pfn);
+}
+/*
+ * Called after mce notification in process context. This code
+ * is allowed to sleep. Call the high level VM handler to process
+ * any corrupted pages.
+ * Assume that the work queue code only calls this one at a time
+ * per CPU.
+ * Note we don't disable preemption, so this code might run on the wrong
+ * CPU. In this case the event is picked up by the scheduled work queue.
+ * This is merely a fast path to expedite processing in some common
+ * cases.
+ */
+void mce_notify_process(void)
+{
+        unsigned long pfn;
+        mce_notify_irq();
+        while (mce_ring_get(&pfn))
+                memory_failure(pfn, MCE_VECTOR);
+}
+static void mce_process_work(struct work_struct *dummy)
+{
+        mce_notify_process();
+}
+#ifdef CONFIG_X86_MCE_INTEL
+/***
+ * mce_log_therm_throt_event - Logs the thermal throttling event to mcelog
+ * @cpu: The CPU on which the event occurred.
+ * @status: Event status information
+ *
+ * This function should be called by the thermal interrupt after the
+ * event has been processed and the decision was made to log the event
+ * further.
+ *
+ * The status parameter will be saved to the 'status' field of 'struct mce'
+ * and historically has been the register value of the
+ * MSR_IA32_THERMAL_STATUS (Intel) msr.
+ */
+void mce_log_therm_throt_event(__u64 status)
+{
+        struct mce m;
+        mce_setup(&m);
+        m.bank = MCE_THERMAL_BANK;
+        m.status = status;
+        mce_log(&m);
+}
+#endif /* CONFIG_X86_MCE_INTEL */
+/*
+ * Periodic polling timer for "silent" machine check errors.  If the
+ * poller finds an MCE, poll 2x faster.  When the poller finds no more
+ * errors, poll 2x slower (up to check_interval seconds).
+ */
+static int check_interval = 5 * 60; /* 5 minutes */
+static DEFINE_PER_CPU(int, next_interval); /* in jiffies */
+static DEFINE_PER_CPU(struct timer_list, mce_timer);
+static void mcheck_timer(unsigned long data)
+{
+        struct timer_list *t = &per_cpu(mce_timer, data);
+        int *n;
+        WARN_ON(smp_processor_id() != data);
+        if (mce_available(&current_cpu_data)) {
+                machine_check_poll(MCP_TIMESTAMP,
+                                &__get_cpu_var(mce_poll_banks));
+        }
+        /*
+         * Alert userspace if needed.  If we logged an MCE, reduce the
+         * polling interval, otherwise increase the polling interval.
+         */
+        n = &__get_cpu_var(next_interval);
+        if (mce_notify_irq())
+                *n = max(*n/2, HZ/100);
+        else
+                *n = min(*n*2, (int)round_jiffies_relative(check_interval*HZ));
+        t->expires = jiffies + *n;
+        add_timer(t);
+}
+static void mce_do_trigger(struct work_struct *work)
+{
+        call_usermodehelper(trigger, trigger_argv, NULL, UMH_NO_WAIT);
+}
+static DECLARE_WORK(mce_trigger_work, mce_do_trigger);
+/*
+ * Notify the user(s) about new machine check events.
+ * Can be called from interrupt context, but not from machine check/NMI
+ * context.
+ */
+int mce_notify_irq(void)
+{
+        /* Not more than two messages every minute */
+        static DEFINE_RATELIMIT_STATE(ratelimit, 60*HZ, 2);
+        clear_thread_flag(TIF_MCE_NOTIFY);
+        if (test_and_clear_bit(0, &notify_user)) {
+                wake_up_interruptible(&mce_wait);
+                /*
+                 * There is no risk of missing notifications because
+                 * work_pending is always cleared before the function is
+                 * executed.
+                 */
+                if (trigger[0] && !work_pending(&mce_trigger_work))
+                        schedule_work(&mce_trigger_work);
+                if (__ratelimit(&ratelimit))
+                        printk(KERN_INFO "Machine check events logged\n");
+                return 1;
+        }
+        return 0;
+}
+EXPORT_SYMBOL_GPL(mce_notify_irq);
+/*
+ * Initialize Machine Checks for a CPU.
+ */
+static int mce_cap_init(void)
+{
+        unsigned b;
+        u64 cap;
+        rdmsrl(MSR_IA32_MCG_CAP, cap);
+        b = cap & MCG_BANKCNT_MASK;
+        printk(KERN_INFO "mce: CPU supports %d MCE banks\n", b);
+        if (b > MAX_NR_BANKS) {
+                printk(KERN_WARNING
+                       "MCE: Using only %u machine check banks out of %u\n",
+                        MAX_NR_BANKS, b);
+                b = MAX_NR_BANKS;
+        }
+        /* Don't support asymmetric configurations today */
+        WARN_ON(banks != 0 && b != banks);
+        banks = b;
+        if (!bank) {
+                bank = kmalloc(banks * sizeof(u64), GFP_KERNEL);
+                if (!bank)
+                        return -ENOMEM;
+                memset(bank, 0xff, banks * sizeof(u64));
+        }
+        /* Use accurate RIP reporting if available. */
+        if ((cap & MCG_EXT_P) && MCG_EXT_CNT(cap) >= 9)
+                rip_msr = MSR_IA32_MCG_EIP;
+        if (cap & MCG_SER_P)
+                mce_ser = 1;
+        return 0;
+}
+static void mce_init(void)
+{
+        mce_banks_t all_banks;
+        u64 cap;
+        int i;
+        /*
+         * Log the machine checks left over from the previous reset.
+         */
+        bitmap_fill(all_banks, MAX_NR_BANKS);
+        machine_check_poll(MCP_UC|(!mce_bootlog ? MCP_DONTLOG : 0), &all_banks);
+        set_in_cr4(X86_CR4_MCE);
+        rdmsrl(MSR_IA32_MCG_CAP, cap);
+        if (cap & MCG_CTL_P)
+                wrmsr(MSR_IA32_MCG_CTL, 0xffffffff, 0xffffffff);
+        for (i = 0; i < banks; i++) {
+                if (skip_bank_init(i))
+                        continue;
+                wrmsrl(MSR_IA32_MC0_CTL+4*i, bank[i]);
+                wrmsrl(MSR_IA32_MC0_STATUS+4*i, 0);
+        }
+}
+/* Add per CPU specific workarounds here */
+static void mce_cpu_quirks(struct cpuinfo_x86 *c)
+{
+        /* This should be disabled by the BIOS, but isn't always */
+        if (c->x86_vendor == X86_VENDOR_AMD) {
+                if (c->x86 == 15 && banks > 4) {
+                        /*
+                         * disable GART TBL walk error reporting, which
+                         * trips off incorrectly with the IOMMU & 3ware
+                         * & Cerberus:
+                         */
+                        clear_bit(10, (unsigned long *)&bank[4]);
+                }
+                if (c->x86 <= 17 && mce_bootlog < 0) {
+                        /*
+                         * Lots of broken BIOS around that don't clear them
+                         * by default and leave crap in there. Don't log:
+                         */
+                        mce_bootlog = 0;
+                }
+                /*
+                 * Various K7s with broken bank 0 around. Always disable
+                 * by default.
+                 */
+                 if (c->x86 == 6)
+                        bank[0] = 0;
+        }
+        if (c->x86_vendor == X86_VENDOR_INTEL) {
+                /*
+                 * SDM documents that on family 6 bank 0 should not be written
+                 * because it aliases to another special BIOS controlled
+                 * register.
+                 * But it's not aliased anymore on model 0x1a+
+                 * Don't ignore bank 0 completely because there could be a
+                 * valid event later, merely don't write CTL0.
+                 */
+                if (c->x86 == 6 && c->x86_model < 0x1A)
+                        __set_bit(0, &dont_init_banks);
+                /*
+                 * All newer Intel systems support MCE broadcasting. Enable
+                 * synchronization with a one second timeout.
+                 */
+                if ((c->x86 > 6 || (c->x86 == 6 && c->x86_model >= 0xe)) &&
+                        monarch_timeout < 0)
+                        monarch_timeout = USEC_PER_SEC;
+        }
+        if (monarch_timeout < 0)
+                monarch_timeout = 0;
+        if (mce_bootlog != 0)
+                mce_panic_timeout = 30;
+}
+static void __cpuinit mce_ancient_init(struct cpuinfo_x86 *c)
+{
+        if (c->x86 != 5)
+                return;
+        switch (c->x86_vendor) {
+        case X86_VENDOR_INTEL:
+                if (mce_p5_enabled())
+                        intel_p5_mcheck_init(c);
+                break;
+        case X86_VENDOR_CENTAUR:
+                winchip_mcheck_init(c);
+                break;
+        }
+}
+static void mce_cpu_features(struct cpuinfo_x86 *c)
+{
+        switch (c->x86_vendor) {
+        case X86_VENDOR_INTEL:
+                mce_intel_feature_init(c);
+                break;
+        case X86_VENDOR_AMD:
+                mce_amd_feature_init(c);
+                break;
+        default:
+                break;
+        }
+}
+static void mce_init_timer(void)
+{
+        struct timer_list *t = &__get_cpu_var(mce_timer);
+        int *n = &__get_cpu_var(next_interval);
+        if (mce_ignore_ce)
+                return;
+        *n = check_interval * HZ;
+        if (!*n)
+                return;
+        setup_timer(t, mcheck_timer, smp_processor_id());
+        t->expires = round_jiffies(jiffies + *n);
+        add_timer(t);
+}
+/*
+ * Called for each booted CPU to set up machine checks.
+ * Must be called with preempt off:
+ */
+void __cpuinit mcheck_init(struct cpuinfo_x86 *c)
+{
+        if (mce_disabled)
+                return;
+        mce_ancient_init(c);
+        if (!mce_available(c))
+                return;
+        if (mce_cap_init() < 0) {
+                mce_disabled = 1;
+                return;
+        }
+        mce_cpu_quirks(c);
+        machine_check_vector = do_machine_check;
+        mce_init();
+        mce_cpu_features(c);
+        mce_init_timer();
+        INIT_WORK(&__get_cpu_var(mce_work), mce_process_work);
+}
+/*
+ * Character device to read and clear the MCE log.
+ */
+static DEFINE_SPINLOCK(mce_state_lock);
+static int              open_count;             /* #times opened */
+static int              open_exclu;             /* already open exclusive? */
+static int mce_open(struct inode *inode, struct file *file)
+{
+        spin_lock(&mce_state_lock);
+        if (open_exclu || (open_count && (file->f_flags & O_EXCL))) {
+                spin_unlock(&mce_state_lock);
+                return -EBUSY;
+        }
+        if (file->f_flags & O_EXCL)
+                open_exclu = 1;
+        open_count++;
+        spin_unlock(&mce_state_lock);
+        return nonseekable_open(inode, file);
+}
+static int mce_release(struct inode *inode, struct file *file)
+{
+        spin_lock(&mce_state_lock);
+        open_count--;
+        open_exclu = 0;
+        spin_unlock(&mce_state_lock);
+        return 0;
+}
+static void collect_tscs(void *data)
+{
+        unsigned long *cpu_tsc = (unsigned long *)data;
+        rdtscll(cpu_tsc[smp_processor_id()]);
+}
+static DEFINE_MUTEX(mce_read_mutex);
+static ssize_t mce_read(struct file *filp, char __user *ubuf, size_t usize,
+                        loff_t *off)
+{
+        char __user *buf = ubuf;
+        unsigned long *cpu_tsc;
+        unsigned prev, next;
+        int i, err;
+        cpu_tsc = kmalloc(nr_cpu_ids * sizeof(long), GFP_KERNEL);
+        if (!cpu_tsc)
+                return -ENOMEM;
+        mutex_lock(&mce_read_mutex);
+        next = rcu_dereference(mcelog.next);
+        /* Only supports full reads right now */
+        if (*off != 0 || usize < MCE_LOG_LEN*sizeof(struct mce)) {
+                mutex_unlock(&mce_read_mutex);
+                kfree(cpu_tsc);
+                return -EINVAL;
+        }
+        err = 0;
+        prev = 0;
+        do {
+                for (i = prev; i < next; i++) {
+                        unsigned long start = jiffies;
+                        while (!mcelog.entry[i].finished) {
+                                if (time_after_eq(jiffies, start + 2)) {
+                                        memset(mcelog.entry + i, 0,
+                                               sizeof(struct mce));
+                                        goto timeout;
+                                }
+                                cpu_relax();
+                        }
+                        smp_rmb();
+                        err |= copy_to_user(buf, mcelog.entry + i,
+                                            sizeof(struct mce));
+                        buf += sizeof(struct mce);
+timeout:
+                        ;
+                }
+                memset(mcelog.entry + prev, 0,
+                       (next - prev) * sizeof(struct mce));
+                prev = next;
+                next = cmpxchg(&mcelog.next, prev, 0);
+        } while (next != prev);
+        synchronize_sched();
+        /*
+         * Collect entries that were still getting written before the
+         * synchronize.
+         */
+        on_each_cpu(collect_tscs, cpu_tsc, 1);
+        for (i = next; i < MCE_LOG_LEN; i++) {
+                if (mcelog.entry[i].finished &&
+                    mcelog.entry[i].tsc < cpu_tsc[mcelog.entry[i].cpu]) {
+                        err |= copy_to_user(buf, mcelog.entry+i,
+                                            sizeof(struct mce));
+                        smp_rmb();
+                        buf += sizeof(struct mce);
+                        memset(&mcelog.entry[i], 0, sizeof(struct mce));
+                }
+        }
+        mutex_unlock(&mce_read_mutex);
+        kfree(cpu_tsc);
+        return err ? -EFAULT : buf - ubuf;
+}
+static unsigned int mce_poll(struct file *file, poll_table *wait)
+{
+        poll_wait(file, &mce_wait, wait);
+        if (rcu_dereference(mcelog.next))
+                return POLLIN | POLLRDNORM;
+        return 0;
+}
+static long mce_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
+{
+        int __user *p = (int __user *)arg;
+        if (!capable(CAP_SYS_ADMIN))
+                return -EPERM;
+        switch (cmd) {
+        case MCE_GET_RECORD_LEN:
+                return put_user(sizeof(struct mce), p);
+        case MCE_GET_LOG_LEN:
+                return put_user(MCE_LOG_LEN, p);
+        case MCE_GETCLEAR_FLAGS: {
+                unsigned flags;
+                do {
+                        flags = mcelog.flags;
+                } while (cmpxchg(&mcelog.flags, flags, 0) != flags);
+                return put_user(flags, p);
+        }
+        default:
+                return -ENOTTY;
+        }
+}
+/* Modified in mce-inject.c, so not static or const */
+struct file_operations mce_chrdev_ops = {
+        .open                   = mce_open,
+        .release                = mce_release,
+        .read                   = mce_read,
+        .poll                   = mce_poll,
+        .unlocked_ioctl         = mce_ioctl,
+};
+EXPORT_SYMBOL_GPL(mce_chrdev_ops);
+static struct miscdevice mce_log_device = {
+        MISC_MCELOG_MINOR,
+        "mcelog",
+        &mce_chrdev_ops,
+};
+/*
+ * mce=off Disables machine check
+ * mce=no_cmci Disables CMCI
+ * mce=dont_log_ce Clears corrected events silently, no log created for CEs.
+ * mce=ignore_ce Disables polling and CMCI, corrected events are not cleared.
+ * mce=TOLERANCELEVEL[,monarchtimeout] (number, see above)
+ *      monarchtimeout is how long to wait for other CPUs on machine
+ *      check, or 0 to not wait
+ * mce=bootlog Log MCEs from before booting. Disabled by default on AMD.
+ * mce=nobootlog Don't log MCEs from before booting.
+ */
+static int __init mcheck_enable(char *str)
+{
+        if (*str == 0)
+                enable_p5_mce();
+        if (*str == '=')
+                str++;
+        if (!strcmp(str, "off"))
+                mce_disabled = 1;
+        else if (!strcmp(str, "no_cmci"))
+                mce_cmci_disabled = 1;
+        else if (!strcmp(str, "dont_log_ce"))
+                mce_dont_log_ce = 1;
+        else if (!strcmp(str, "ignore_ce"))
+                mce_ignore_ce = 1;
+        else if (!strcmp(str, "bootlog") || !strcmp(str, "nobootlog"))
+                mce_bootlog = (str[0] == 'b');
+        else if (isdigit(str[0])) {
+                get_option(&str, &tolerant);
+                if (*str == ',') {
+                        ++str;
+                        get_option(&str, &monarch_timeout);
+                }
+        } else {
+                printk(KERN_INFO "mce argument %s ignored. Please use /sys\n",
+                       str);
+                return 0;
+        }
+        return 1;
+}
+__setup("mce", mcheck_enable);
+/*
+ * Sysfs support
+ */
+/*
+ * Disable machine checks on suspend and shutdown. We can't really handle
+ * them later.
+ */
+static int mce_disable(void)
+{
+        int i;
+        for (i = 0; i < banks; i++) {
+                if (!skip_bank_init(i))
+                        wrmsrl(MSR_IA32_MC0_CTL + i*4, 0);
+        }
+        return 0;
+}
+static int mce_suspend(struct sys_device *dev, pm_message_t state)
+{
+        return mce_disable();
+}
+static int mce_shutdown(struct sys_device *dev)
+{
+        return mce_disable();
+}
+/*
+ * On resume clear all MCE state. Don't want to see leftovers from the BIOS.
+ * Only one CPU is active at this time, the others get re-added later using
+ * CPU hotplug:
+ */
+static int mce_resume(struct sys_device *dev)
+{
+        mce_init();
+        mce_cpu_features(&current_cpu_data);
+        return 0;
+}
+static void mce_cpu_restart(void *data)
+{
+        del_timer_sync(&__get_cpu_var(mce_timer));
+        if (mce_available(&current_cpu_data))
+                mce_init();
+        mce_init_timer();
+}
+/* Reinit MCEs after user configuration changes */
+static void mce_restart(void)
+{
+        on_each_cpu(mce_cpu_restart, NULL, 1);
+}
+static struct sysdev_class mce_sysclass = {
+        .suspend        = mce_suspend,
+        .shutdown       = mce_shutdown,
+        .resume         = mce_resume,
+        .name           = "machinecheck",
+};
+DEFINE_PER_CPU(struct sys_device, mce_dev);
+__cpuinitdata
+void (*threshold_cpu_callback)(unsigned long action, unsigned int cpu);
+static struct sysdev_attribute *bank_attrs;
+static ssize_t show_bank(struct sys_device *s, struct sysdev_attribute *attr,
+                         char *buf)
+{
+        u64 b = bank[attr - bank_attrs];
+        return sprintf(buf, "%llx\n", b);
+}
+static ssize_t set_bank(struct sys_device *s, struct sysdev_attribute *attr,
+                        const char *buf, size_t size)
+{
+        u64 new;
+        if (strict_strtoull(buf, 0, &new) < 0)
+                return -EINVAL;
+        bank[attr - bank_attrs] = new;
+        mce_restart();
+        return size;
+}
+static ssize_t
+show_trigger(struct sys_device *s, struct sysdev_attribute *attr, char *buf)
+{
+        strcpy(buf, trigger);
+        strcat(buf, "\n");
+        return strlen(trigger) + 1;
+}
+static ssize_t set_trigger(struct sys_device *s, struct sysdev_attribute *attr,
+                                const char *buf, size_t siz)
+{
+        char *p;
+        int len;
+        strncpy(trigger, buf, sizeof(trigger));
+        trigger[sizeof(trigger)-1] = 0;
+        len = strlen(trigger);
+        p = strchr(trigger, '\n');
+        if (*p)
+                *p = 0;
+        return len;
+}
+static ssize_t store_int_with_restart(struct sys_device *s,
+                                      struct sysdev_attribute *attr,
+                                      const char *buf, size_t size)
+{
+        ssize_t ret = sysdev_store_int(s, attr, buf, size);
+        mce_restart();
+        return ret;
+}
+static SYSDEV_ATTR(trigger, 0644, show_trigger, set_trigger);
+static SYSDEV_INT_ATTR(tolerant, 0644, tolerant);
+static SYSDEV_INT_ATTR(monarch_timeout, 0644, monarch_timeout);
+static struct sysdev_ext_attribute attr_check_interval = {
+        _SYSDEV_ATTR(check_interval, 0644, sysdev_show_int,
+                     store_int_with_restart),
+        &check_interval
+};
+static struct sysdev_attribute *mce_attrs[] = {
+        &attr_tolerant.attr, &attr_check_interval.attr, &attr_trigger,
+        &attr_monarch_timeout.attr,
+        NULL
+};
+static cpumask_var_t mce_dev_initialized;
+/* Per cpu sysdev init. All of the cpus still share the same ctrl bank: */
+static __cpuinit int mce_create_device(unsigned int cpu)
+{
+        int err;
+        int i;
+        if (!mce_available(&boot_cpu_data))
+                return -EIO;
+        memset(&per_cpu(mce_dev, cpu).kobj, 0, sizeof(struct kobject));
+        per_cpu(mce_dev, cpu).id        = cpu;
+        per_cpu(mce_dev, cpu).cls       = &mce_sysclass;
+        err = sysdev_register(&per_cpu(mce_dev, cpu));
+        if (err)
+                return err;
+        for (i = 0; mce_attrs[i]; i++) {
+                err = sysdev_create_file(&per_cpu(mce_dev, cpu), mce_attrs[i]);
+                if (err)
+                        goto error;
+        }
+        for (i = 0; i < banks; i++) {
+                err = sysdev_create_file(&per_cpu(mce_dev, cpu),
+                                        &bank_attrs[i]);
+                if (err)
+                        goto error2;
+        }
+        cpumask_set_cpu(cpu, mce_dev_initialized);
+        return 0;
+error2:
+        while (--i >= 0)
+                sysdev_remove_file(&per_cpu(mce_dev, cpu), &bank_attrs[i]);
+error:
+        while (--i >= 0)
+                sysdev_remove_file(&per_cpu(mce_dev, cpu), mce_attrs[i]);
+        sysdev_unregister(&per_cpu(mce_dev, cpu));
+        return err;
+}
+static __cpuinit void mce_remove_device(unsigned int cpu)
+{
+        int i;
+        if (!cpumask_test_cpu(cpu, mce_dev_initialized))
+                return;
+        for (i = 0; mce_attrs[i]; i++)
+                sysdev_remove_file(&per_cpu(mce_dev, cpu), mce_attrs[i]);
+        for (i = 0; i < banks; i++)
+                sysdev_remove_file(&per_cpu(mce_dev, cpu), &bank_attrs[i]);
+        sysdev_unregister(&per_cpu(mce_dev, cpu));
+        cpumask_clear_cpu(cpu, mce_dev_initialized);
+}
+/* Make sure there are no machine checks on offlined CPUs. */
+static void mce_disable_cpu(void *h)
+{
+        unsigned long action = *(unsigned long *)h;
+        int i;
+        if (!mce_available(&current_cpu_data))
+                return;
+        if (!(action & CPU_TASKS_FROZEN))
+                cmci_clear();
+        for (i = 0; i < banks; i++) {
+                if (!skip_bank_init(i))
+                        wrmsrl(MSR_IA32_MC0_CTL + i*4, 0);
+        }
+}
+static void mce_reenable_cpu(void *h)
+{
+        unsigned long action = *(unsigned long *)h;
+        int i;
+        if (!mce_available(&current_cpu_data))
+                return;
+        if (!(action & CPU_TASKS_FROZEN))
+                cmci_reenable();
+        for (i = 0; i < banks; i++) {
+                if (!skip_bank_init(i))
+                        wrmsrl(MSR_IA32_MC0_CTL + i*4, bank[i]);
+        }
+}
+/* Get notified when a cpu comes on/off. Be hotplug friendly. */
+static int __cpuinit
+mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu)
+{
+        unsigned int cpu = (unsigned long)hcpu;
+        struct timer_list *t = &per_cpu(mce_timer, cpu);
+        switch (action) {
+        case CPU_ONLINE:
+        case CPU_ONLINE_FROZEN:
+                mce_create_device(cpu);
+                if (threshold_cpu_callback)
+                        threshold_cpu_callback(action, cpu);
+                break;
+        case CPU_DEAD:
+        case CPU_DEAD_FROZEN:
+                if (threshold_cpu_callback)
+                        threshold_cpu_callback(action, cpu);
+                mce_remove_device(cpu);
+                break;
+        case CPU_DOWN_PREPARE:
+        case CPU_DOWN_PREPARE_FROZEN:
+                del_timer_sync(t);
+                smp_call_function_single(cpu, mce_disable_cpu, &action, 1);
+                break;
+        case CPU_DOWN_FAILED:
+        case CPU_DOWN_FAILED_FROZEN:
+                t->expires = round_jiffies(jiffies +
+                                                __get_cpu_var(next_interval));
+                add_timer_on(t, cpu);
+                smp_call_function_single(cpu, mce_reenable_cpu, &action, 1);
+                break;
+        case CPU_POST_DEAD:
+                /* intentionally ignoring frozen here */
+                cmci_rediscover(cpu);
+                break;
+        }
+        return NOTIFY_OK;
+}
+static struct notifier_block mce_cpu_notifier __cpuinitdata = {
+        .notifier_call = mce_cpu_callback,
+};
+static __init int mce_init_banks(void)
+{
+        int i;
+        bank_attrs = kzalloc(sizeof(struct sysdev_attribute) * banks,
+                                GFP_KERNEL);
+        if (!bank_attrs)
+                return -ENOMEM;
+        for (i = 0; i < banks; i++) {
+                struct sysdev_attribute *a = &bank_attrs[i];
+                a->attr.name    = kasprintf(GFP_KERNEL, "bank%d", i);
+                if (!a->attr.name)
+                        goto nomem;
+                a->attr.mode    = 0644;
+                a->show         = show_bank;
+                a->store        = set_bank;
+        }
+        return 0;
+nomem:
+        while (--i >= 0)
+                kfree(bank_attrs[i].attr.name);
+        kfree(bank_attrs);
+        bank_attrs = NULL;
+        return -ENOMEM;
+}
+static __init int mce_init_device(void)
+{
+        int err;
+        int i = 0;
+        if (!mce_available(&boot_cpu_data))
+                return -EIO;
+        alloc_cpumask_var(&mce_dev_initialized, GFP_KERNEL);
+        err = mce_init_banks();
+        if (err)
+                return err;
+        err = sysdev_class_register(&mce_sysclass);
+        if (err)
+                return err;
+        for_each_online_cpu(i) {
+                err = mce_create_device(i);
+                if (err)
+                        return err;
+        }
+        register_hotcpu_notifier(&mce_cpu_notifier);
+        misc_register(&mce_log_device);
+        return err;
+}
+device_initcall(mce_init_device);
+#else /* CONFIG_X86_OLD_MCE: */
+int nr_mce_banks;
+EXPORT_SYMBOL_GPL(nr_mce_banks);        /* non-fatal.o */
+/* This has to be run for each processor */
+void mcheck_init(struct cpuinfo_x86 *c)
+{
+        if (mce_disabled == 1)
+                return;
+        switch (c->x86_vendor) {
+        case X86_VENDOR_AMD:
+                amd_mcheck_init(c);
+                break;
+        case X86_VENDOR_INTEL:
+                if (c->x86 == 5)
+                        intel_p5_mcheck_init(c);
+                if (c->x86 == 6)
+                        intel_p6_mcheck_init(c);
+                if (c->x86 == 15)
+                        intel_p4_mcheck_init(c);
+                break;
+        case X86_VENDOR_CENTAUR:
+                if (c->x86 == 5)
+                        winchip_mcheck_init(c);
+                break;
+        default:
+                break;
+        }
+        printk(KERN_INFO "mce: CPU supports %d MCE banks\n", nr_mce_banks);
+}
+static int __init mcheck_enable(char *str)
+{
+        mce_disabled = -1;
+        return 1;
+}
+__setup("mce", mcheck_enable);
+#endif /* CONFIG_X86_OLD_MCE */
+/*
+ * Old style boot options parsing. Only for compatibility.
+ */
+static int __init mcheck_disable(char *str)
+{
+        mce_disabled = 1;
+        return 1;
+}
+__setup("nomce", mcheck_disable);
diff --git a/arch/x86/kernel/cpu/mcheck/mce.h b/arch/x86/kernel/cpu/mcheck/mce.h
index ae9f628838f1..84a552b458c8 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.h
+++ b/arch/x86/kernel/cpu/mcheck/mce.h
@@ -1,14 +1,38 @@
 #include <linux/init.h>
 #include <asm/mce.h>
+#ifdef CONFIG_X86_OLD_MCE
 void amd_mcheck_init(struct cpuinfo_x86 *c);
 void intel_p4_mcheck_init(struct cpuinfo_x86 *c);
-void intel_p5_mcheck_init(struct cpuinfo_x86 *c);
 void intel_p6_mcheck_init(struct cpuinfo_x86 *c);
+#endif
+#ifdef CONFIG_X86_ANCIENT_MCE
+void intel_p5_mcheck_init(struct cpuinfo_x86 *c);
 void winchip_mcheck_init(struct cpuinfo_x86 *c);
+extern int mce_p5_enable;
+static inline int mce_p5_enabled(void) { return mce_p5_enable; }
+static inline void enable_p5_mce(void) { mce_p5_enable = 1; }
+#else
+static inline void intel_p5_mcheck_init(struct cpuinfo_x86 *c) {}
+static inline void winchip_mcheck_init(struct cpuinfo_x86 *c) {}
+static inline int mce_p5_enabled(void) { return 0; }
+static inline void enable_p5_mce(void) { }
+#endif
 /* Call the installed machine check handler for this CPU setup. */
 extern void (*machine_check_vector)(struct pt_regs *, long error_code);
+#ifdef CONFIG_X86_OLD_MCE
 extern int nr_mce_banks;
+void intel_set_thermal_handler(void);
+#else
+static inline void intel_set_thermal_handler(void) { }
+#endif
+void intel_init_thermal(struct cpuinfo_x86 *c);
diff --git a/arch/x86/kernel/cpu/mcheck/mce_32.c b/arch/x86/kernel/cpu/mcheck/mce_32.c
deleted file mode 100644
index 3552119b091d..000000000000
--- a/arch/x86/kernel/cpu/mcheck/mce_32.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * mce.c - x86 Machine Check Exception Reporting
- * (c) 2002 Alan Cox <alan@lxorguk.ukuu.org.uk>, Dave Jones <davej@redhat.com>
- */
-#include <linux/init.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/smp.h>
-#include <linux/thread_info.h>
-#include <asm/processor.h>
-#include <asm/system.h>
-#include <asm/mce.h>
-#include "mce.h"
-int mce_disabled;
-int nr_mce_banks;
-EXPORT_SYMBOL_GPL(nr_mce_banks);        /* non-fatal.o */
-/* Handle unconfigured int18 (should never happen) */
-static void unexpected_machine_check(struct pt_regs *regs, long error_code)
-{
-        printk(KERN_ERR "CPU#%d: Unexpected int18 (Machine Check).\n", smp_processor_id());
-}
-/* Call the installed machine check handler for this CPU setup. */
-void (*machine_check_vector)(struct pt_regs *, long error_code) = unexpected_machine_check;
-/* This has to be run for each processor */
-void mcheck_init(struct cpuinfo_x86 *c)
-{
-        if (mce_disabled == 1)
-                return;
-        switch (c->x86_vendor) {
-        case X86_VENDOR_AMD:
-                amd_mcheck_init(c);
-                break;
-        case X86_VENDOR_INTEL:
-                if (c->x86 == 5)
-                        intel_p5_mcheck_init(c);
-                if (c->x86 == 6)
-                        intel_p6_mcheck_init(c);
-                if (c->x86 == 15)
-                        intel_p4_mcheck_init(c);
-                break;
-        case X86_VENDOR_CENTAUR:
-                if (c->x86 == 5)
-                        winchip_mcheck_init(c);
-                break;
-        default:
-                break;
-        }
-}
-static int __init mcheck_disable(char *str)
-{
-        mce_disabled = 1;
-        return 1;
-}
-static int __init mcheck_enable(char *str)
-{
-        mce_disabled = -1;
-        return 1;
-}
-__setup("nomce", mcheck_disable);
-__setup("mce", mcheck_enable);
diff --git a/arch/x86/kernel/cpu/mcheck/mce_64.c b/arch/x86/kernel/cpu/mcheck/mce_64.c
deleted file mode 100644
index 09dd1d414fc3..000000000000
--- a/arch/x86/kernel/cpu/mcheck/mce_64.c
+++ /dev/null
@@ -1,1187 +0,0 @@
-/*
- * Machine check handler.
- * K8 parts Copyright 2002,2003 Andi Kleen, SuSE Labs.
- * Rest from unknown author(s).
- * 2004 Andi Kleen. Rewrote most of it.
- * Copyright 2008 Intel Corporation
- * Author: Andi Kleen
- */
-#include <linux/init.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
-#include <linux/sched.h>
-#include <linux/smp_lock.h>
-#include <linux/string.h>
-#include <linux/rcupdate.h>
-#include <linux/kallsyms.h>
-#include <linux/sysdev.h>
-#include <linux/miscdevice.h>
-#include <linux/fs.h>
-#include <linux/capability.h>
-#include <linux/cpu.h>
-#include <linux/percpu.h>
-#include <linux/poll.h>
-#include <linux/thread_info.h>
-#include <linux/ctype.h>
-#include <linux/kmod.h>
-#include <linux/kdebug.h>
-#include <linux/kobject.h>
-#include <linux/sysfs.h>
-#include <linux/ratelimit.h>
-#include <asm/processor.h>
-#include <asm/msr.h>
-#include <asm/mce.h>
-#include <asm/uaccess.h>
-#include <asm/smp.h>
-#include <asm/idle.h>
-#define MISC_MCELOG_MINOR 227
-atomic_t mce_entry;
-static int mce_dont_init;
-/*
- * Tolerant levels:
- *   0: always panic on uncorrected errors, log corrected errors
- *   1: panic or SIGBUS on uncorrected errors, log corrected errors
- *   2: SIGBUS or log uncorrected errors (if possible), log corrected errors
- *   3: never panic or SIGBUS, log all errors (for testing only)
- */
-static int tolerant = 1;
-static int banks;
-static u64 *bank;
-static unsigned long notify_user;
-static int rip_msr;
-static int mce_bootlog = -1;
-static atomic_t mce_events;
-static char trigger[128];
-static char *trigger_argv[2] = { trigger, NULL };
-static DECLARE_WAIT_QUEUE_HEAD(mce_wait);
-/* MCA banks polled by the period polling timer for corrected events */
-DEFINE_PER_CPU(mce_banks_t, mce_poll_banks) = {
-        [0 ... BITS_TO_LONGS(MAX_NR_BANKS)-1] = ~0UL
-};
-/* Do initial initialization of a struct mce */
-void mce_setup(struct mce *m)
-{
-        memset(m, 0, sizeof(struct mce));
-        m->cpu = smp_processor_id();
-        rdtscll(m->tsc);
-}
-/*
- * Lockless MCE logging infrastructure.
- * This avoids deadlocks on printk locks without having to break locks. Also
- * separate MCEs from kernel messages to avoid bogus bug reports.
- */
-static struct mce_log mcelog = {
-        MCE_LOG_SIGNATURE,
-        MCE_LOG_LEN,
-};
-void mce_log(struct mce *mce)
-{
-        unsigned next, entry;
-        atomic_inc(&mce_events);
-        mce->finished = 0;
-        wmb();
-        for (;;) {
-                entry = rcu_dereference(mcelog.next);
-                for (;;) {
-                        /* When the buffer fills up discard new entries. Assume
-                           that the earlier errors are the more interesting. */
-                        if (entry >= MCE_LOG_LEN) {
-                                set_bit(MCE_OVERFLOW, (unsigned long *)&mcelog.flags);
-                                return;
-                        }
-                        /* Old left over entry. Skip. */
-                        if (mcelog.entry[entry].finished) {
-                                entry++;
-                                continue;
-                        }
-                        break;
-                }
-                smp_rmb();
-                next = entry + 1;
-                if (cmpxchg(&mcelog.next, entry, next) == entry)
-                        break;
-        }
-        memcpy(mcelog.entry + entry, mce, sizeof(struct mce));
-        wmb();
-        mcelog.entry[entry].finished = 1;
-        wmb();
-        set_bit(0, &notify_user);
-}
-static void print_mce(struct mce *m)
-{
-        printk(KERN_EMERG "\n"
-               KERN_EMERG "HARDWARE ERROR\n"
-               KERN_EMERG
-               "CPU %d: Machine Check Exception: %16Lx Bank %d: %016Lx\n",
-               m->cpu, m->mcgstatus, m->bank, m->status);
-        if (m->ip) {
-                printk(KERN_EMERG "RIP%s %02x:<%016Lx> ",
-                       !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
-                       m->cs, m->ip);
-                if (m->cs == __KERNEL_CS)
-                        print_symbol("{%s}", m->ip);
-                printk("\n");
-        }
-        printk(KERN_EMERG "TSC %llx ", m->tsc);
-        if (m->addr)
-                printk("ADDR %llx ", m->addr);
-        if (m->misc)
-                printk("MISC %llx ", m->misc);
-        printk("\n");
-        printk(KERN_EMERG "This is not a software problem!\n");
-        printk(KERN_EMERG "Run through mcelog --ascii to decode "
-               "and contact your hardware vendor\n");
-}
-static void mce_panic(char *msg, struct mce *backup, unsigned long start)
-{
-        int i;
-        oops_begin();
-        for (i = 0; i < MCE_LOG_LEN; i++) {
-                unsigned long tsc = mcelog.entry[i].tsc;
-                if (time_before(tsc, start))
-                        continue;
-                print_mce(&mcelog.entry[i]);
-                if (backup && mcelog.entry[i].tsc == backup->tsc)
-                        backup = NULL;
-        }
-        if (backup)
-                print_mce(backup);
-        panic(msg);
-}
-int mce_available(struct cpuinfo_x86 *c)
-{
-        if (mce_dont_init)
-                return 0;
-        return cpu_has(c, X86_FEATURE_MCE) && cpu_has(c, X86_FEATURE_MCA);
-}
-static inline void mce_get_rip(struct mce *m, struct pt_regs *regs)
-{
-        if (regs && (m->mcgstatus & MCG_STATUS_RIPV)) {
-                m->ip = regs->ip;
-                m->cs = regs->cs;
-        } else {
-                m->ip = 0;
-                m->cs = 0;
-        }
-        if (rip_msr) {
-                /* Assume the RIP in the MSR is exact. Is this true? */
-                m->mcgstatus |= MCG_STATUS_EIPV;
-                rdmsrl(rip_msr, m->ip);
-                m->cs = 0;
-        }
-}
-/*
- * Poll for corrected events or events that happened before reset.
- * Those are just logged through /dev/mcelog.
- *
- * This is executed in standard interrupt context.
- */
-void machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
-{
-        struct mce m;
-        int i;
-        mce_setup(&m);
-        rdmsrl(MSR_IA32_MCG_STATUS, m.mcgstatus);
-        for (i = 0; i < banks; i++) {
-                if (!bank[i] || !test_bit(i, *b))
-                        continue;
-                m.misc = 0;
-                m.addr = 0;
-                m.bank = i;
-                m.tsc = 0;
-                barrier();
-                rdmsrl(MSR_IA32_MC0_STATUS + i*4, m.status);
-                if (!(m.status & MCI_STATUS_VAL))
-                        continue;
-                /*
-                 * Uncorrected events are handled by the exception handler
-                 * when it is enabled. But when the exception is disabled log
-                 * everything.
-                 *
-                 * TBD do the same check for MCI_STATUS_EN here?
-                 */
-                if ((m.status & MCI_STATUS_UC) && !(flags & MCP_UC))
-                        continue;
-                if (m.status & MCI_STATUS_MISCV)
-                        rdmsrl(MSR_IA32_MC0_MISC + i*4, m.misc);
-                if (m.status & MCI_STATUS_ADDRV)
-                        rdmsrl(MSR_IA32_MC0_ADDR + i*4, m.addr);
-                if (!(flags & MCP_TIMESTAMP))
-                        m.tsc = 0;
-                /*
-                 * Don't get the IP here because it's unlikely to
-                 * have anything to do with the actual error location.
-                 */
-                if (!(flags & MCP_DONTLOG)) {
-                        mce_log(&m);
-                        add_taint(TAINT_MACHINE_CHECK);
-                }
-                /*
-                 * Clear state for this bank.
-                 */
-                wrmsrl(MSR_IA32_MC0_STATUS+4*i, 0);
-        }
-        /*
-         * Don't clear MCG_STATUS here because it's only defined for
-         * exceptions.
-         */
-}
-/*
- * The actual machine check handler. This only handles real
- * exceptions when something got corrupted coming in through int 18.
- *
- * This is executed in NMI context not subject to normal locking rules. This
- * implies that most kernel services cannot be safely used. Don't even
- * think about putting a printk in there!
- */
-void do_machine_check(struct pt_regs * regs, long error_code)
-{
-        struct mce m, panicm;
-        u64 mcestart = 0;
-        int i;
-        int panicm_found = 0;
-        /*
-         * If no_way_out gets set, there is no safe way to recover from this
-         * MCE.  If tolerant is cranked up, we'll try anyway.
-         */
-        int no_way_out = 0;
-        /*
-         * If kill_it gets set, there might be a way to recover from this
-         * error.
-         */
-        int kill_it = 0;
-        DECLARE_BITMAP(toclear, MAX_NR_BANKS);
-        atomic_inc(&mce_entry);
-        if (notify_die(DIE_NMI, "machine check", regs, error_code,
-                           18, SIGKILL) == NOTIFY_STOP)
-                goto out2;
-        if (!banks)
-                goto out2;
-        mce_setup(&m);
-        rdmsrl(MSR_IA32_MCG_STATUS, m.mcgstatus);
-        /* if the restart IP is not valid, we're done for */
-        if (!(m.mcgstatus & MCG_STATUS_RIPV))
-                no_way_out = 1;
-        rdtscll(mcestart);
-        barrier();
-        for (i = 0; i < banks; i++) {
-                __clear_bit(i, toclear);
-                if (!bank[i])
-                        continue;
-                m.misc = 0;
-                m.addr = 0;
-                m.bank = i;
-                rdmsrl(MSR_IA32_MC0_STATUS + i*4, m.status);
-                if ((m.status & MCI_STATUS_VAL) == 0)
-                        continue;
-                /*
-                 * Non uncorrected errors are handled by machine_check_poll
-                 * Leave them alone.
-                 */
-                if ((m.status & MCI_STATUS_UC) == 0)
-                        continue;
-                /*
-                 * Set taint even when machine check was not enabled.
-                 */
-                add_taint(TAINT_MACHINE_CHECK);
-                __set_bit(i, toclear);
-                if (m.status & MCI_STATUS_EN) {
-                        /* if PCC was set, there's no way out */
-                        no_way_out |= !!(m.status & MCI_STATUS_PCC);
-                        /*
-                         * If this error was uncorrectable and there was
-                         * an overflow, we're in trouble.  If no overflow,
-                         * we might get away with just killing a task.
-                         */
-                        if (m.status & MCI_STATUS_UC) {
-                                if (tolerant < 1 || m.status & MCI_STATUS_OVER)
-                                        no_way_out = 1;
-                                kill_it = 1;
-                        }
-                } else {
-                        /*
-                         * Machine check event was not enabled. Clear, but
-                         * ignore.
-                         */
-                        continue;
-                }
-                if (m.status & MCI_STATUS_MISCV)
-                        rdmsrl(MSR_IA32_MC0_MISC + i*4, m.misc);
-                if (m.status & MCI_STATUS_ADDRV)
-                        rdmsrl(MSR_IA32_MC0_ADDR + i*4, m.addr);
-                mce_get_rip(&m, regs);
-                mce_log(&m);
-                /* Did this bank cause the exception? */
-                /* Assume that the bank with uncorrectable errors did it,
-                   and that there is only a single one. */
-                if ((m.status & MCI_STATUS_UC) && (m.status & MCI_STATUS_EN)) {
-                        panicm = m;
-                        panicm_found = 1;
-                }
-        }
-        /* If we didn't find an uncorrectable error, pick
-           the last one (shouldn't happen, just being safe). */
-        if (!panicm_found)
-                panicm = m;
-        /*
-         * If we have decided that we just CAN'T continue, and the user
-         *  has not set tolerant to an insane level, give up and die.
-         */
-        if (no_way_out && tolerant < 3)
-                mce_panic("Machine check", &panicm, mcestart);
-        /*
-         * If the error seems to be unrecoverable, something should be
-         * done.  Try to kill as little as possible.  If we can kill just
-         * one task, do that.  If the user has set the tolerance very
-         * high, don't try to do anything at all.
-         */
-        if (kill_it && tolerant < 3) {
-                int user_space = 0;
-                /*
-                 * If the EIPV bit is set, it means the saved IP is the
-                 * instruction which caused the MCE.
-                 */
-                if (m.mcgstatus & MCG_STATUS_EIPV)
-                        user_space = panicm.ip && (panicm.cs & 3);
-                /*
-                 * If we know that the error was in user space, send a
-                 * SIGBUS.  Otherwise, panic if tolerance is low.
-                 *
-                 * force_sig() takes an awful lot of locks and has a slight
-                 * risk of deadlocking.
-                 */
-                if (user_space) {
-                        force_sig(SIGBUS, current);
-                } else if (panic_on_oops || tolerant < 2) {
-                        mce_panic("Uncorrected machine check",
-                                &panicm, mcestart);
-                }
-        }
-        /* notify userspace ASAP */
-        set_thread_flag(TIF_MCE_NOTIFY);
-        /* the last thing we do is clear state */
-        for (i = 0; i < banks; i++) {
-                if (test_bit(i, toclear))
-                        wrmsrl(MSR_IA32_MC0_STATUS+4*i, 0);
-        }
-        wrmsrl(MSR_IA32_MCG_STATUS, 0);
- out2:
-        atomic_dec(&mce_entry);
-}
-#ifdef CONFIG_X86_MCE_INTEL
-/***
- * mce_log_therm_throt_event - Logs the thermal throttling event to mcelog
- * @cpu: The CPU on which the event occurred.
- * @status: Event status information
- *
- * This function should be called by the thermal interrupt after the
- * event has been processed and the decision was made to log the event
- * further.
- *
- * The status parameter will be saved to the 'status' field of 'struct mce'
- * and historically has been the register value of the
- * MSR_IA32_THERMAL_STATUS (Intel) msr.
- */
-void mce_log_therm_throt_event(__u64 status)
-{
-        struct mce m;
-        mce_setup(&m);
-        m.bank = MCE_THERMAL_BANK;
-        m.status = status;
-        mce_log(&m);
-}
-#endif /* CONFIG_X86_MCE_INTEL */
-/*
- * Periodic polling timer for "silent" machine check errors.  If the
- * poller finds an MCE, poll 2x faster.  When the poller finds no more
- * errors, poll 2x slower (up to check_interval seconds).
- */
-static int check_interval = 5 * 60; /* 5 minutes */
-static DEFINE_PER_CPU(int, next_interval); /* in jiffies */
-static void mcheck_timer(unsigned long);
-static DEFINE_PER_CPU(struct timer_list, mce_timer);
-static void mcheck_timer(unsigned long data)
-{
-        struct timer_list *t = &per_cpu(mce_timer, data);
-        int *n;
-        WARN_ON(smp_processor_id() != data);
-        if (mce_available(&current_cpu_data))
-                machine_check_poll(MCP_TIMESTAMP,
-                                &__get_cpu_var(mce_poll_banks));
-        /*
-         * Alert userspace if needed.  If we logged an MCE, reduce the
-         * polling interval, otherwise increase the polling interval.
-         */
-        n = &__get_cpu_var(next_interval);
-        if (mce_notify_user()) {
-                *n = max(*n/2, HZ/100);
-        } else {
-                *n = min(*n*2, (int)round_jiffies_relative(check_interval*HZ));
-        }
-        t->expires = jiffies + *n;
-        add_timer(t);
-}
-static void mce_do_trigger(struct work_struct *work)
-{
-        call_usermodehelper(trigger, trigger_argv, NULL, UMH_NO_WAIT);
-}
-static DECLARE_WORK(mce_trigger_work, mce_do_trigger);
-/*
- * Notify the user(s) about new machine check events.
- * Can be called from interrupt context, but not from machine check/NMI
- * context.
- */
-int mce_notify_user(void)
-{
-        /* Not more than two messages every minute */
-        static DEFINE_RATELIMIT_STATE(ratelimit, 60*HZ, 2);
-        clear_thread_flag(TIF_MCE_NOTIFY);
-        if (test_and_clear_bit(0, &notify_user)) {
-                wake_up_interruptible(&mce_wait);
-                /*
-                 * There is no risk of missing notifications because
-                 * work_pending is always cleared before the function is
-                 * executed.
-                 */
-                if (trigger[0] && !work_pending(&mce_trigger_work))
-                        schedule_work(&mce_trigger_work);
-                if (__ratelimit(&ratelimit))
-                        printk(KERN_INFO "Machine check events logged\n");
-                return 1;
-        }
-        return 0;
-}
-/* see if the idle task needs to notify userspace */
-static int
-mce_idle_callback(struct notifier_block *nfb, unsigned long action, void *junk)
-{
-        /* IDLE_END should be safe - interrupts are back on */
-        if (action == IDLE_END && test_thread_flag(TIF_MCE_NOTIFY))
-                mce_notify_user();
-        return NOTIFY_OK;
-}
-static struct notifier_block mce_idle_notifier = {
-        .notifier_call = mce_idle_callback,
-};
-static __init int periodic_mcheck_init(void)
-{
-       idle_notifier_register(&mce_idle_notifier);
-       return 0;
-}
-__initcall(periodic_mcheck_init);
-/*
- * Initialize Machine Checks for a CPU.
- */
-static int mce_cap_init(void)
-{
-        u64 cap;
-        unsigned b;
-        rdmsrl(MSR_IA32_MCG_CAP, cap);
-        b = cap & 0xff;
-        if (b > MAX_NR_BANKS) {
-                printk(KERN_WARNING
-                       "MCE: Using only %u machine check banks out of %u\n",
-                        MAX_NR_BANKS, b);
-                b = MAX_NR_BANKS;
-        }
-        /* Don't support asymmetric configurations today */
-        WARN_ON(banks != 0 && b != banks);
-        banks = b;
-        if (!bank) {
-                bank = kmalloc(banks * sizeof(u64), GFP_KERNEL);
-                if (!bank)
-                        return -ENOMEM;
-                memset(bank, 0xff, banks * sizeof(u64));
-        }
-        /* Use accurate RIP reporting if available. */
-        if ((cap & (1<<9)) && ((cap >> 16) & 0xff) >= 9)
-                rip_msr = MSR_IA32_MCG_EIP;
-        return 0;
-}
-static void mce_init(void *dummy)
-{
-        u64 cap;
-        int i;
-        mce_banks_t all_banks;
-        /*
-         * Log the machine checks left over from the previous reset.
-         */
-        bitmap_fill(all_banks, MAX_NR_BANKS);
-        machine_check_poll(MCP_UC|(!mce_bootlog ? MCP_DONTLOG : 0), &all_banks);
-        set_in_cr4(X86_CR4_MCE);
-        rdmsrl(MSR_IA32_MCG_CAP, cap);
-        if (cap & MCG_CTL_P)
-                wrmsr(MSR_IA32_MCG_CTL, 0xffffffff, 0xffffffff);
-        for (i = 0; i < banks; i++) {
-                wrmsrl(MSR_IA32_MC0_CTL+4*i, bank[i]);
-                wrmsrl(MSR_IA32_MC0_STATUS+4*i, 0);
-        }
-}
-/* Add per CPU specific workarounds here */
-static void mce_cpu_quirks(struct cpuinfo_x86 *c)
-{
-        /* This should be disabled by the BIOS, but isn't always */
-        if (c->x86_vendor == X86_VENDOR_AMD) {
-                if (c->x86 == 15 && banks > 4)
-                        /* disable GART TBL walk error reporting, which trips off
-                           incorrectly with the IOMMU & 3ware & Cerberus. */
-                        clear_bit(10, (unsigned long *)&bank[4]);
-                if(c->x86 <= 17 && mce_bootlog < 0)
-                        /* Lots of broken BIOS around that don't clear them
-                           by default and leave crap in there. Don't log. */
-                        mce_bootlog = 0;
-        }
-}
-static void mce_cpu_features(struct cpuinfo_x86 *c)
-{
-        switch (c->x86_vendor) {
-        case X86_VENDOR_INTEL:
-                mce_intel_feature_init(c);
-                break;
-        case X86_VENDOR_AMD:
-                mce_amd_feature_init(c);
-                break;
-        default:
-                break;
-        }
-}
-static void mce_init_timer(void)
-{
-        struct timer_list *t = &__get_cpu_var(mce_timer);
-        int *n = &__get_cpu_var(next_interval);
-        *n = check_interval * HZ;
-        if (!*n)
-                return;
-        setup_timer(t, mcheck_timer, smp_processor_id());
-        t->expires = round_jiffies(jiffies + *n);
-        add_timer(t);
-}
-/*
- * Called for each booted CPU to set up machine checks.
- * Must be called with preempt off.
- */
-void __cpuinit mcheck_init(struct cpuinfo_x86 *c)
-{
-        if (!mce_available(c))
-                return;
-        if (mce_cap_init() < 0) {
-                mce_dont_init = 1;
-                return;
-        }
-        mce_cpu_quirks(c);
-        mce_init(NULL);
-        mce_cpu_features(c);
-        mce_init_timer();
-}
-/*
- * Character device to read and clear the MCE log.
- */
-static DEFINE_SPINLOCK(mce_state_lock);
-static int open_count;  /* #times opened */
-static int open_exclu;  /* already open exclusive? */
-static int mce_open(struct inode *inode, struct file *file)
-{
-        lock_kernel();
-        spin_lock(&mce_state_lock);
-        if (open_exclu || (open_count && (file->f_flags & O_EXCL))) {
-                spin_unlock(&mce_state_lock);
-                unlock_kernel();
-                return -EBUSY;
-        }
-        if (file->f_flags & O_EXCL)
-                open_exclu = 1;
-        open_count++;
-        spin_unlock(&mce_state_lock);
-        unlock_kernel();
-        return nonseekable_open(inode, file);
-}
-static int mce_release(struct inode *inode, struct file *file)
-{
-        spin_lock(&mce_state_lock);
-        open_count--;
-        open_exclu = 0;
-        spin_unlock(&mce_state_lock);
-        return 0;
-}
-static void collect_tscs(void *data)
-{
-        unsigned long *cpu_tsc = (unsigned long *)data;
-        rdtscll(cpu_tsc[smp_processor_id()]);
-}
-static ssize_t mce_read(struct file *filp, char __user *ubuf, size_t usize,
-                        loff_t *off)
-{
-        unsigned long *cpu_tsc;
-        static DEFINE_MUTEX(mce_read_mutex);
-        unsigned prev, next;
-        char __user *buf = ubuf;
-        int i, err;
-        cpu_tsc = kmalloc(nr_cpu_ids * sizeof(long), GFP_KERNEL);
-        if (!cpu_tsc)
-                return -ENOMEM;
-        mutex_lock(&mce_read_mutex);
-        next = rcu_dereference(mcelog.next);
-        /* Only supports full reads right now */
-        if (*off != 0 || usize < MCE_LOG_LEN*sizeof(struct mce)) {
-                mutex_unlock(&mce_read_mutex);
-                kfree(cpu_tsc);
-                return -EINVAL;
-        }
-        err = 0;
-        prev = 0;
-        do {
-                for (i = prev; i < next; i++) {
-                        unsigned long start = jiffies;
-                        while (!mcelog.entry[i].finished) {
-                                if (time_after_eq(jiffies, start + 2)) {
-                                        memset(mcelog.entry + i, 0,
-                                               sizeof(struct mce));
-                                        goto timeout;
-                                }
-                                cpu_relax();
-                        }
-                        smp_rmb();
-                        err |= copy_to_user(buf, mcelog.entry + i,
-                                            sizeof(struct mce));
-                        buf += sizeof(struct mce);
-timeout:
-                        ;
-                }
-                memset(mcelog.entry + prev, 0,
-                       (next - prev) * sizeof(struct mce));
-                prev = next;
-                next = cmpxchg(&mcelog.next, prev, 0);
-        } while (next != prev);
-        synchronize_sched();
-        /*
-         * Collect entries that were still getting written before the
-         * synchronize.
-         */
-        on_each_cpu(collect_tscs, cpu_tsc, 1);
-        for (i = next; i < MCE_LOG_LEN; i++) {
-                if (mcelog.entry[i].finished &&
-                    mcelog.entry[i].tsc < cpu_tsc[mcelog.entry[i].cpu]) {
-                        err |= copy_to_user(buf, mcelog.entry+i,
-                                            sizeof(struct mce));
-                        smp_rmb();
-                        buf += sizeof(struct mce);
-                        memset(&mcelog.entry[i], 0, sizeof(struct mce));
-                }
-        }
-        mutex_unlock(&mce_read_mutex);
-        kfree(cpu_tsc);
-        return err ? -EFAULT : buf - ubuf;
-}
-static unsigned int mce_poll(struct file *file, poll_table *wait)
-{
-        poll_wait(file, &mce_wait, wait);
-        if (rcu_dereference(mcelog.next))
-                return POLLIN | POLLRDNORM;
-        return 0;
-}
-static long mce_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
-{
-        int __user *p = (int __user *)arg;
-        if (!capable(CAP_SYS_ADMIN))
-                return -EPERM;
-        switch (cmd) {
-        case MCE_GET_RECORD_LEN:
-                return put_user(sizeof(struct mce), p);
-        case MCE_GET_LOG_LEN:
-                return put_user(MCE_LOG_LEN, p);
-        case MCE_GETCLEAR_FLAGS: {
-                unsigned flags;
-                do {
-                        flags = mcelog.flags;
-                } while (cmpxchg(&mcelog.flags, flags, 0) != flags);
-                return put_user(flags, p);
-        }
-        default:
-                return -ENOTTY;
-        }
-}
-static const struct file_operations mce_chrdev_ops = {
-        .open = mce_open,
-        .release = mce_release,
-        .read = mce_read,
-        .poll = mce_poll,
-        .unlocked_ioctl = mce_ioctl,
-};
-static struct miscdevice mce_log_device = {
-        MISC_MCELOG_MINOR,
-        "mcelog",
-        &mce_chrdev_ops,
-};
-/*
- * Old style boot options parsing. Only for compatibility.
- */
-static int __init mcheck_disable(char *str)
-{
-        mce_dont_init = 1;
-        return 1;
-}
-/* mce=off disables machine check.
-   mce=TOLERANCELEVEL (number, see above)
-   mce=bootlog Log MCEs from before booting. Disabled by default on AMD.
-   mce=nobootlog Don't log MCEs from before booting. */
-static int __init mcheck_enable(char *str)
-{
-        if (!strcmp(str, "off"))
-                mce_dont_init = 1;
-        else if (!strcmp(str, "bootlog") || !strcmp(str,"nobootlog"))
-                mce_bootlog = str[0] == 'b';
-        else if (isdigit(str[0]))
-                get_option(&str, &tolerant);
-        else
-                printk("mce= argument %s ignored. Please use /sys", str);
-        return 1;
-}
-__setup("nomce", mcheck_disable);
-__setup("mce=", mcheck_enable);
-/*
- * Sysfs support
- */
-/*
- * Disable machine checks on suspend and shutdown. We can't really handle
- * them later.
- */
-static int mce_disable(void)
-{
-        int i;
-        for (i = 0; i < banks; i++)
-                wrmsrl(MSR_IA32_MC0_CTL + i*4, 0);
-        return 0;
-}
-static int mce_suspend(struct sys_device *dev, pm_message_t state)
-{
-        return mce_disable();
-}
-static int mce_shutdown(struct sys_device *dev)
-{
-        return mce_disable();
-}
-/* On resume clear all MCE state. Don't want to see leftovers from the BIOS.
-   Only one CPU is active at this time, the others get readded later using
-   CPU hotplug. */
-static int mce_resume(struct sys_device *dev)
-{
-        mce_init(NULL);
-        mce_cpu_features(&current_cpu_data);
-        return 0;
-}
-static void mce_cpu_restart(void *data)
-{
-        del_timer_sync(&__get_cpu_var(mce_timer));
-        if (mce_available(&current_cpu_data))
-                mce_init(NULL);
-        mce_init_timer();
-}
-/* Reinit MCEs after user configuration changes */
-static void mce_restart(void)
-{
-        on_each_cpu(mce_cpu_restart, NULL, 1);
-}
-static struct sysdev_class mce_sysclass = {
-        .suspend = mce_suspend,
-        .shutdown = mce_shutdown,
-        .resume = mce_resume,
-        .name = "machinecheck",
-};
-DEFINE_PER_CPU(struct sys_device, device_mce);
-void (*threshold_cpu_callback)(unsigned long action, unsigned int cpu) __cpuinitdata;
-/* Why are there no generic functions for this? */
-#define ACCESSOR(name, var, start) \
-        static ssize_t show_ ## name(struct sys_device *s,              \
-                                     struct sysdev_attribute *attr,     \
-                                     char *buf) {                       \
-                return sprintf(buf, "%lx\n", (unsigned long)var);       \
-        }                                                               \
-        static ssize_t set_ ## name(struct sys_device *s,               \
-                                    struct sysdev_attribute *attr,      \
-                                    const char *buf, size_t siz) {      \
-                char *end;                                              \
-                unsigned long new = simple_strtoul(buf, &end, 0);       \
-                if (end == buf) return -EINVAL;                         \
-                var = new;                                              \
-                start;                                                  \
-                return end-buf;                                         \
-        }                                                               \
-        static SYSDEV_ATTR(name, 0644, show_ ## name, set_ ## name);
-static struct sysdev_attribute *bank_attrs;
-static ssize_t show_bank(struct sys_device *s, struct sysdev_attribute *attr,
-                         char *buf)
-{
-        u64 b = bank[attr - bank_attrs];
-        return sprintf(buf, "%llx\n", b);
-}
-static ssize_t set_bank(struct sys_device *s, struct sysdev_attribute *attr,
-                        const char *buf, size_t siz)
-{
-        char *end;
-        u64 new = simple_strtoull(buf, &end, 0);
-        if (end == buf)
-                return -EINVAL;
-        bank[attr - bank_attrs] = new;
-        mce_restart();
-        return end-buf;
-}
-static ssize_t show_trigger(struct sys_device *s, struct sysdev_attribute *attr,
-                                char *buf)
-{
-        strcpy(buf, trigger);
-        strcat(buf, "\n");
-        return strlen(trigger) + 1;
-}
-static ssize_t set_trigger(struct sys_device *s, struct sysdev_attribute *attr,
-                                const char *buf,size_t siz)
-{
-        char *p;
-        int len;
-        strncpy(trigger, buf, sizeof(trigger));
-        trigger[sizeof(trigger)-1] = 0;
-        len = strlen(trigger);
-        p = strchr(trigger, '\n');
-        if (*p) *p = 0;
-        return len;
-}
-static SYSDEV_ATTR(trigger, 0644, show_trigger, set_trigger);
-static SYSDEV_INT_ATTR(tolerant, 0644, tolerant);
-ACCESSOR(check_interval,check_interval,mce_restart())
-static struct sysdev_attribute *mce_attributes[] = {
-        &attr_tolerant.attr, &attr_check_interval, &attr_trigger,
-        NULL
-};
-static cpumask_var_t mce_device_initialized;
-/* Per cpu sysdev init.  All of the cpus still share the same ctl bank */
-static __cpuinit int mce_create_device(unsigned int cpu)
-{
-        int err;
-        int i;
-        if (!mce_available(&boot_cpu_data))
-                return -EIO;
-        memset(&per_cpu(device_mce, cpu).kobj, 0, sizeof(struct kobject));
-        per_cpu(device_mce,cpu).id = cpu;
-        per_cpu(device_mce,cpu).cls = &mce_sysclass;
-        err = sysdev_register(&per_cpu(device_mce,cpu));
-        if (err)
-                return err;
-        for (i = 0; mce_attributes[i]; i++) {
-                err = sysdev_create_file(&per_cpu(device_mce,cpu),
-                                         mce_attributes[i]);
-                if (err)
-                        goto error;
-        }
-        for (i = 0; i < banks; i++) {
-                err = sysdev_create_file(&per_cpu(device_mce, cpu),
-                                        &bank_attrs[i]);
-                if (err)
-                        goto error2;
-        }
-        cpumask_set_cpu(cpu, mce_device_initialized);
-        return 0;
-error2:
-        while (--i >= 0) {
-                sysdev_remove_file(&per_cpu(device_mce, cpu),
-                                        &bank_attrs[i]);
-        }
-error:
-        while (--i >= 0) {
-                sysdev_remove_file(&per_cpu(device_mce,cpu),
-                                   mce_attributes[i]);
-        }
-        sysdev_unregister(&per_cpu(device_mce,cpu));
-        return err;
-}
-static __cpuinit void mce_remove_device(unsigned int cpu)
-{
-        int i;
-        if (!cpumask_test_cpu(cpu, mce_device_initialized))
-                return;
-        for (i = 0; mce_attributes[i]; i++)
-                sysdev_remove_file(&per_cpu(device_mce,cpu),
-                        mce_attributes[i]);
-        for (i = 0; i < banks; i++)
-                sysdev_remove_file(&per_cpu(device_mce, cpu),
-                        &bank_attrs[i]);
-        sysdev_unregister(&per_cpu(device_mce,cpu));
-        cpumask_clear_cpu(cpu, mce_device_initialized);
-}
-/* Make sure there are no machine checks on offlined CPUs. */
-static void mce_disable_cpu(void *h)
-{
-        int i;
-        unsigned long action = *(unsigned long *)h;
-        if (!mce_available(&current_cpu_data))
-                return;
-        if (!(action & CPU_TASKS_FROZEN))
-                cmci_clear();
-        for (i = 0; i < banks; i++)
-                wrmsrl(MSR_IA32_MC0_CTL + i*4, 0);
-}
-static void mce_reenable_cpu(void *h)
-{
-        int i;
-        unsigned long action = *(unsigned long *)h;
-        if (!mce_available(&current_cpu_data))
-                return;
-        if (!(action & CPU_TASKS_FROZEN))
-                cmci_reenable();
-        for (i = 0; i < banks; i++)
-                wrmsrl(MSR_IA32_MC0_CTL + i*4, bank[i]);
-}
-/* Get notified when a cpu comes on/off. Be hotplug friendly. */
-static int __cpuinit mce_cpu_callback(struct notifier_block *nfb,
-                                      unsigned long action, void *hcpu)
-{
-        unsigned int cpu = (unsigned long)hcpu;
-        struct timer_list *t = &per_cpu(mce_timer, cpu);
-        switch (action) {
-        case CPU_ONLINE:
-        case CPU_ONLINE_FROZEN:
-                mce_create_device(cpu);
-                if (threshold_cpu_callback)
-                        threshold_cpu_callback(action, cpu);
-                break;
-        case CPU_DEAD:
-        case CPU_DEAD_FROZEN:
-                if (threshold_cpu_callback)
-                        threshold_cpu_callback(action, cpu);
-                mce_remove_device(cpu);
-                break;
-        case CPU_DOWN_PREPARE:
-        case CPU_DOWN_PREPARE_FROZEN:
-                del_timer_sync(t);
-                smp_call_function_single(cpu, mce_disable_cpu, &action, 1);
-                break;
-        case CPU_DOWN_FAILED:
-        case CPU_DOWN_FAILED_FROZEN:
-                t->expires = round_jiffies(jiffies +
-                                                __get_cpu_var(next_interval));
-                add_timer_on(t, cpu);
-                smp_call_function_single(cpu, mce_reenable_cpu, &action, 1);
-                break;
-        case CPU_POST_DEAD:
-                /* intentionally ignoring frozen here */
-                cmci_rediscover(cpu);
-                break;
-        }
-        return NOTIFY_OK;
-}
-static struct notifier_block mce_cpu_notifier __cpuinitdata = {
-        .notifier_call = mce_cpu_callback,
-};
-static __init int mce_init_banks(void)
-{
-        int i;
-        bank_attrs = kzalloc(sizeof(struct sysdev_attribute) * banks,
-                                GFP_KERNEL);
-        if (!bank_attrs)
-                return -ENOMEM;
-        for (i = 0; i < banks; i++) {
-                struct sysdev_attribute *a = &bank_attrs[i];
-                a->attr.name = kasprintf(GFP_KERNEL, "bank%d", i);
-                if (!a->attr.name)
-                        goto nomem;
-                a->attr.mode = 0644;
-                a->show = show_bank;
-                a->store = set_bank;
-        }
-        return 0;
-nomem:
-        while (--i >= 0)
-                kfree(bank_attrs[i].attr.name);
-        kfree(bank_attrs);
-        bank_attrs = NULL;
-        return -ENOMEM;
-}
-static __init int mce_init_device(void)
-{
-        int err;
-        int i = 0;
-        if (!mce_available(&boot_cpu_data))
-                return -EIO;
-        zalloc_cpumask_var(&mce_device_initialized, GFP_KERNEL);
-        err = mce_init_banks();
-        if (err)
-                return err;
-        err = sysdev_class_register(&mce_sysclass);
-        if (err)
-                return err;
-        for_each_online_cpu(i) {
-                err = mce_create_device(i);
-                if (err)
-                        return err;
-        }
-        register_hotcpu_notifier(&mce_cpu_notifier);
-        misc_register(&mce_log_device);
-        return err;
-}
-device_initcall(mce_init_device);
diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd_64.c b/arch/x86/kernel/cpu/mcheck/mce_amd_64.c
index 56dde9c4bc96..ddae21620bda 100644
--- a/arch/x86/kernel/cpu/mcheck/mce_amd_64.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_amd_64.c
@@ -13,22 +13,22 @@
 *
 *  All MC4_MISCi registers are shared between multi-cores
 */
-#include <linux/cpu.h>
-#include <linux/errno.h>
-#include <linux/init.h>
 #include <linux/interrupt.h>
-#include <linux/kobject.h>
 #include <linux/notifier.h>
-#include <linux/sched.h>
+#include <linux/kobject.h>
-#include <linux/smp.h>
+#include <linux/percpu.h>
 #include <linux/sysdev.h>
+#include <linux/errno.h>
+#include <linux/sched.h>
 #include <linux/sysfs.h>
+#include <linux/init.h>
+#include <linux/cpu.h>
+#include <linux/smp.h>
 #include <asm/apic.h>
+#include <asm/idle.h>
 #include <asm/mce.h>
 #include <asm/msr.h>
-#include <asm/percpu.h>
-#include <asm/idle.h>
 #define PFX               "mce_threshold: "
 #define VERSION           "version 1.1.1"
@@ -48,26 +48,26 @@
 #define MCG_XBLK_ADDR     0xC0000400
 struct threshold_block {
-        unsigned int block;
+        unsigned int            block;
-        unsigned int bank;
+        unsigned int            bank;
-        unsigned int cpu;
+        unsigned int            cpu;
-        u32 address;
+        u32                     address;
-        u16 interrupt_enable;
+        u16                     interrupt_enable;
-        u16 threshold_limit;
+        u16                     threshold_limit;
-        struct kobject kobj;
+        struct kobject          kobj;
-        struct list_head miscj;
+        struct list_head        miscj;
 };
 /* defaults used early on boot */
 static struct threshold_block threshold_defaults = {
-        .interrupt_enable = 0,
+        .interrupt_enable       = 0,
-        .threshold_limit = THRESHOLD_MAX,
+        .threshold_limit        = THRESHOLD_MAX,
 };
 struct threshold_bank {
-        struct kobject *kobj;
+        struct kobject          *kobj;
-        struct threshold_block *blocks;
+        struct threshold_block  *blocks;
-        cpumask_var_t cpus;
+        cpumask_var_t           cpus;
 };
 static DEFINE_PER_CPU(struct threshold_bank *, threshold_banks[NR_BANKS]);
@@ -86,9 +86,9 @@ static void amd_threshold_interrupt(void);
 */
 struct thresh_restart {
-        struct threshold_block *b;
+        struct threshold_block  *b;
-        int reset;
+        int                     reset;
-        u16 old_limit;
+        u16                     old_limit;
 };
 /* must be called with correct cpu affinity */
@@ -110,6 +110,7 @@ static void threshold_restart_bank(void *_tr)
        } else if (tr->old_limit) {     /* change limit w/o reset */
                int new_count = (mci_misc_hi & THRESHOLD_MAX) +
                    (tr->old_limit - tr->b->threshold_limit);
                mci_misc_hi = (mci_misc_hi & ~MASK_ERR_COUNT_HI) |
                    (new_count & THRESHOLD_MAX);
        }
@@ -125,11 +126,11 @@ static void threshold_restart_bank(void *_tr)
 /* cpu init entry point, called from mce.c with preempt off */
 void mce_amd_feature_init(struct cpuinfo_x86 *c)
 {
-        unsigned int bank, block;
        unsigned int cpu = smp_processor_id();
-        u8 lvt_off;
        u32 low = 0, high = 0, address = 0;
+        unsigned int bank, block;
        struct thresh_restart tr;
+        u8 lvt_off;
        for (bank = 0; bank < NR_BANKS; ++bank) {
                for (block = 0; block < NR_BLOCKS; ++block) {
@@ -140,8 +141,7 @@ void mce_amd_feature_init(struct cpuinfo_x86 *c)
                                if (!address)
                                        break;
                                address += MCG_XBLK_ADDR;
-                        }
+                        } else
-                        else
                                ++address;
                        if (rdmsr_safe(address, &low, &high))
@@ -193,9 +193,9 @@ void mce_amd_feature_init(struct cpuinfo_x86 *c)
 */
 static void amd_threshold_interrupt(void)
 {
+        u32 low = 0, high = 0, address = 0;
        unsigned int bank, block;
        struct mce m;
-        u32 low = 0, high = 0, address = 0;
        mce_setup(&m);
@@ -204,16 +204,16 @@ static void amd_threshold_interrupt(void)
                if (!(per_cpu(bank_map, m.cpu) & (1 << bank)))
                        continue;
                for (block = 0; block < NR_BLOCKS; ++block) {
-                        if (block == 0)
+                        if (block == 0) {
                                address = MSR_IA32_MC0_MISC + bank * 4;
-                        else if (block == 1) {
+                        } else if (block == 1) {
                                address = (low & MASK_BLKPTR_LO) >> 21;
                                if (!address)
                                        break;
                                address += MCG_XBLK_ADDR;
-                        }
+                        } else {
-                        else
                                ++address;
+                        }
                        if (rdmsr_safe(address, &low, &high))
                                break;
@@ -229,8 +229,10 @@ static void amd_threshold_interrupt(void)
                             (high & MASK_LOCKED_HI))
                                continue;
-                        /* Log the machine check that caused the threshold
+                        /*
-                           event. */
+                         * Log the machine check that caused the threshold
+                         * event.
+                         */
                        machine_check_poll(MCP_TIMESTAMP,
                                        &__get_cpu_var(mce_poll_banks));
@@ -254,48 +256,52 @@ static void amd_threshold_interrupt(void)
 struct threshold_attr {
        struct attribute attr;
-        ssize_t(*show) (struct threshold_block *, char *);
+        ssize_t (*show) (struct threshold_block *, char *);
-        ssize_t(*store) (struct threshold_block *, const char *, size_t count);
+        ssize_t (*store) (struct threshold_block *, const char *, size_t count);
 };
-#define SHOW_FIELDS(name)                                           \
+#define SHOW_FIELDS(name)                                               \
-static ssize_t show_ ## name(struct threshold_block * b, char *buf) \
+static ssize_t show_ ## name(struct threshold_block *b, char *buf)      \
-{                                                                   \
+{                                                                       \
-        return sprintf(buf, "%lx\n", (unsigned long) b->name);      \
+        return sprintf(buf, "%lx\n", (unsigned long) b->name);          \
 }
 SHOW_FIELDS(interrupt_enable)
 SHOW_FIELDS(threshold_limit)
-static ssize_t store_interrupt_enable(struct threshold_block *b,
+static ssize_t
-                                      const char *buf, size_t count)
+store_interrupt_enable(struct threshold_block *b, const char *buf, size_t size)
 {
-        char *end;
        struct thresh_restart tr;
-        unsigned long new = simple_strtoul(buf, &end, 0);
+        unsigned long new;
-        if (end == buf)
+        if (strict_strtoul(buf, 0, &new) < 0)
                return -EINVAL;
        b->interrupt_enable = !!new;
-        tr.b = b;
+        tr.b            = b;
-        tr.reset = 0;
+        tr.reset        = 0;
-        tr.old_limit = 0;
+        tr.old_limit    = 0;
        smp_call_function_single(b->cpu, threshold_restart_bank, &tr, 1);
-        return end - buf;
+        return size;
 }
-static ssize_t store_threshold_limit(struct threshold_block *b,
+static ssize_t
-                                     const char *buf, size_t count)
+store_threshold_limit(struct threshold_block *b, const char *buf, size_t size)
 {
-        char *end;
        struct thresh_restart tr;
-        unsigned long new = simple_strtoul(buf, &end, 0);
+        unsigned long new;
-        if (end == buf)
+        if (strict_strtoul(buf, 0, &new) < 0)
                return -EINVAL;
        if (new > THRESHOLD_MAX)
                new = THRESHOLD_MAX;
        if (new < 1)
                new = 1;
        tr.old_limit = b->threshold_limit;
        b->threshold_limit = new;
        tr.b = b;
@@ -303,12 +309,12 @@ static ssize_t store_threshold_limit(struct threshold_block *b,
        smp_call_function_single(b->cpu, threshold_restart_bank, &tr, 1);
-        return end - buf;
+        return size;
 }
 struct threshold_block_cross_cpu {
-        struct threshold_block *tb;
+        struct threshold_block  *tb;
-        long retval;
+        long                    retval;
 };
 static void local_error_count_handler(void *_tbcc)
@@ -338,16 +344,13 @@ static ssize_t store_error_count(struct threshold_block *b,
        return 1;
 }
-#define THRESHOLD_ATTR(_name,_mode,_show,_store) {            \
+#define RW_ATTR(val)                                                    \
-        .attr = {.name = __stringify(_name), .mode = _mode }, \
+static struct threshold_attr val = {                                    \
-        .show = _show,                                        \
+        .attr   = {.name = __stringify(val), .mode = 0644 },            \
-        .store = _store,                                      \
+        .show   = show_## val,                                          \
+        .store  = store_## val,                                         \
 };
-#define RW_ATTR(name)                                           \
-static struct threshold_attr name =                             \
-        THRESHOLD_ATTR(name, 0644, show_## name, store_## name)
 RW_ATTR(interrupt_enable);
 RW_ATTR(threshold_limit);
 RW_ATTR(error_count);
@@ -359,15 +362,17 @@ static struct attribute *default_attrs[] = {
        NULL
 };
-#define to_block(k) container_of(k, struct threshold_block, kobj)
+#define to_block(k)     container_of(k, struct threshold_block, kobj)
-#define to_attr(a) container_of(a, struct threshold_attr, attr)
+#define to_attr(a)      container_of(a, struct threshold_attr, attr)
 static ssize_t show(struct kobject *kobj, struct attribute *attr, char *buf)
 {
        struct threshold_block *b = to_block(kobj);
        struct threshold_attr *a = to_attr(attr);
        ssize_t ret;
        ret = a->show ? a->show(b, buf) : -EIO;
        return ret;
 }
@@ -377,18 +382,20 @@ static ssize_t store(struct kobject *kobj, struct attribute *attr,
        struct threshold_block *b = to_block(kobj);
        struct threshold_attr *a = to_attr(attr);
        ssize_t ret;
        ret = a->store ? a->store(b, buf, count) : -EIO;
        return ret;
 }
 static struct sysfs_ops threshold_ops = {
-        .show = show,
+        .show                   = show,
-        .store = store,
+        .store                  = store,
 };
 static struct kobj_type threshold_ktype = {
-        .sysfs_ops = &threshold_ops,
+        .sysfs_ops              = &threshold_ops,
-        .default_attrs = default_attrs,
+        .default_attrs          = default_attrs,
 };
 static __cpuinit int allocate_threshold_blocks(unsigned int cpu,
@@ -396,9 +403,9 @@ static __cpuinit int allocate_threshold_blocks(unsigned int cpu,
                                               unsigned int block,
                                               u32 address)
 {
-        int err;
-        u32 low, high;
        struct threshold_block *b = NULL;
+        u32 low, high;
+        int err;
        if ((bank >= NR_BANKS) || (block >= NR_BLOCKS))
                return 0;
@@ -421,20 +428,21 @@ static __cpuinit int allocate_threshold_blocks(unsigned int cpu,
        if (!b)
                return -ENOMEM;
-        b->block = block;
+        b->block                = block;
-        b->bank = bank;
+        b->bank                 = bank;
-        b->cpu = cpu;
+        b->cpu                  = cpu;
-        b->address = address;
+        b->address              = address;
-        b->interrupt_enable = 0;
+        b->interrupt_enable     = 0;
-        b->threshold_limit = THRESHOLD_MAX;
+        b->threshold_limit      = THRESHOLD_MAX;
        INIT_LIST_HEAD(&b->miscj);
-        if (per_cpu(threshold_banks, cpu)[bank]->blocks)
+        if (per_cpu(threshold_banks, cpu)[bank]->blocks) {
                list_add(&b->miscj,
                         &per_cpu(threshold_banks, cpu)[bank]->blocks->miscj);
-        else
+        } else {
                per_cpu(threshold_banks, cpu)[bank]->blocks = b;
+        }
        err = kobject_init_and_add(&b->kobj, &threshold_ktype,
                                   per_cpu(threshold_banks, cpu)[bank]->kobj,
@@ -447,8 +455,9 @@ recurse:
                if (!address)
                        return 0;
                address += MCG_XBLK_ADDR;
-        } else
+        } else {
                ++address;
+        }
        err = allocate_threshold_blocks(cpu, bank, ++block, address);
        if (err)
@@ -500,13 +509,14 @@ static __cpuinit int threshold_create_bank(unsigned int cpu, unsigned int bank)
                if (!b)
                        goto out;
-                err = sysfs_create_link(&per_cpu(device_mce, cpu).kobj,
+                err = sysfs_create_link(&per_cpu(mce_dev, cpu).kobj,
                                        b->kobj, name);
                if (err)
                        goto out;
                cpumask_copy(b->cpus, cpu_core_mask(cpu));
                per_cpu(threshold_banks, cpu)[bank] = b;
                goto out;
        }
 #endif
@@ -522,7 +532,7 @@ static __cpuinit int threshold_create_bank(unsigned int cpu, unsigned int bank)
                goto out;
        }
-        b->kobj = kobject_create_and_add(name, &per_cpu(device_mce, cpu).kobj);
+        b->kobj = kobject_create_and_add(name, &per_cpu(mce_dev, cpu).kobj);
        if (!b->kobj)
                goto out_free;
@@ -542,7 +552,7 @@ static __cpuinit int threshold_create_bank(unsigned int cpu, unsigned int bank)
                if (i == cpu)
                        continue;
-                err = sysfs_create_link(&per_cpu(device_mce, i).kobj,
+                err = sysfs_create_link(&per_cpu(mce_dev, i).kobj,
                                        b->kobj, name);
                if (err)
                        goto out;
@@ -605,15 +615,13 @@ static void deallocate_threshold_block(unsigned int cpu,
 static void threshold_remove_bank(unsigned int cpu, int bank)
 {
-        int i = 0;
        struct threshold_bank *b;
        char name[32];
+        int i = 0;
        b = per_cpu(threshold_banks, cpu)[bank];
        if (!b)
                return;
        if (!b->blocks)
                goto free_out;
@@ -622,8 +630,9 @@ static void threshold_remove_bank(unsigned int cpu, int bank)
 #ifdef CONFIG_SMP
        /* sibling symlink */
        if (shared_bank[bank] && b->blocks->cpu != cpu) {
-                sysfs_remove_link(&per_cpu(device_mce, cpu).kobj, name);
+                sysfs_remove_link(&per_cpu(mce_dev, cpu).kobj, name);
                per_cpu(threshold_banks, cpu)[bank] = NULL;
                return;
        }
 #endif
@@ -633,7 +642,7 @@ static void threshold_remove_bank(unsigned int cpu, int bank)
                if (i == cpu)
                        continue;
-                sysfs_remove_link(&per_cpu(device_mce, i).kobj, name);
+                sysfs_remove_link(&per_cpu(mce_dev, i).kobj, name);
                per_cpu(threshold_banks, i)[bank] = NULL;
        }
@@ -659,12 +668,9 @@ static void threshold_remove_device(unsigned int cpu)
 }
 /* get notified when a cpu comes on/off */
-static void __cpuinit amd_64_threshold_cpu_callback(unsigned long action,
+static void __cpuinit
-                                                     unsigned int cpu)
+amd_64_threshold_cpu_callback(unsigned long action, unsigned int cpu)
 {
-        if (cpu >= NR_CPUS)
-                return;
        switch (action) {
        case CPU_ONLINE:
        case CPU_ONLINE_FROZEN:
@@ -686,11 +692,12 @@ static __init int threshold_init_device(void)
        /* to hit CPUs online before the notifier is up */
        for_each_online_cpu(lcpu) {
                int err = threshold_create_device(lcpu);
                if (err)
                        return err;
        }
        threshold_cpu_callback = amd_64_threshold_cpu_callback;
        return 0;
 }
 device_initcall(threshold_init_device);
diff --git a/arch/x86/kernel/cpu/mcheck/mce_intel.c b/arch/x86/kernel/cpu/mcheck/mce_intel.c
new file mode 100644
index 000000000000..2b011d2d8579
--- /dev/null
+++ b/arch/x86/kernel/cpu/mcheck/mce_intel.c
@@ -0,0 +1,74 @@
+/*
+ * Common code for Intel machine checks
+ */
+#include <linux/interrupt.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/init.h>
+#include <linux/smp.h>
+#include <asm/therm_throt.h>
+#include <asm/processor.h>
+#include <asm/system.h>
+#include <asm/apic.h>
+#include <asm/msr.h>
+#include "mce.h"
+void intel_init_thermal(struct cpuinfo_x86 *c)
+{
+        unsigned int cpu = smp_processor_id();
+        int tm2 = 0;
+        u32 l, h;
+        /* Thermal monitoring depends on ACPI and clock modulation*/
+        if (!cpu_has(c, X86_FEATURE_ACPI) || !cpu_has(c, X86_FEATURE_ACC))
+                return;
+        /*
+         * First check if its enabled already, in which case there might
+         * be some SMM goo which handles it, so we can't even put a handler
+         * since it might be delivered via SMI already:
+         */
+        rdmsr(MSR_IA32_MISC_ENABLE, l, h);
+        h = apic_read(APIC_LVTTHMR);
+        if ((l & MSR_IA32_MISC_ENABLE_TM1) && (h & APIC_DM_SMI)) {
+                printk(KERN_DEBUG
+                       "CPU%d: Thermal monitoring handled by SMI\n", cpu);
+                return;
+        }
+        if (cpu_has(c, X86_FEATURE_TM2) && (l & MSR_IA32_MISC_ENABLE_TM2))
+                tm2 = 1;
+        /* Check whether a vector already exists */
+        if (h & APIC_VECTOR_MASK) {
+                printk(KERN_DEBUG
+                       "CPU%d: Thermal LVT vector (%#x) already installed\n",
+                       cpu, (h & APIC_VECTOR_MASK));
+                return;
+        }
+        /* We'll mask the thermal vector in the lapic till we're ready: */
+        h = THERMAL_APIC_VECTOR | APIC_DM_FIXED | APIC_LVT_MASKED;
+        apic_write(APIC_LVTTHMR, h);
+        rdmsr(MSR_IA32_THERM_INTERRUPT, l, h);
+        wrmsr(MSR_IA32_THERM_INTERRUPT,
+                l | (THERM_INT_LOW_ENABLE | THERM_INT_HIGH_ENABLE), h);
+        intel_set_thermal_handler();
+        rdmsr(MSR_IA32_MISC_ENABLE, l, h);
+        wrmsr(MSR_IA32_MISC_ENABLE, l | MSR_IA32_MISC_ENABLE_TM1, h);
+        /* Unmask the thermal vector: */
+        l = apic_read(APIC_LVTTHMR);
+        apic_write(APIC_LVTTHMR, l & ~APIC_LVT_MASKED);
+        printk(KERN_INFO "CPU%d: Thermal monitoring enabled (%s)\n",
+               cpu, tm2 ? "TM2" : "TM1");
+        /* enable thermal throttle processing */
+        atomic_set(&therm_throt_en, 1);
+}
diff --git a/arch/x86/kernel/cpu/mcheck/mce_intel_64.c b/arch/x86/kernel/cpu/mcheck/mce_intel_64.c
index 65a0fceedcd7..f2ef6952c400 100644
--- a/arch/x86/kernel/cpu/mcheck/mce_intel_64.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_intel_64.c
@@ -16,6 +16,8 @@
 #include <asm/idle.h>
 #include <asm/therm_throt.h>
+#include "mce.h"
 asmlinkage void smp_thermal_interrupt(void)
 {
        __u64 msr_val;
@@ -26,67 +28,13 @@ asmlinkage void smp_thermal_interrupt(void)
        irq_enter();
        rdmsrl(MSR_IA32_THERM_STATUS, msr_val);
-        if (therm_throt_process(msr_val & 1))
+        if (therm_throt_process(msr_val & THERM_STATUS_PROCHOT))
                mce_log_therm_throt_event(msr_val);
        inc_irq_stat(irq_thermal_count);
        irq_exit();
 }
-static void intel_init_thermal(struct cpuinfo_x86 *c)
-{
-        u32 l, h;
-        int tm2 = 0;
-        unsigned int cpu = smp_processor_id();
-        if (!cpu_has(c, X86_FEATURE_ACPI))
-                return;
-        if (!cpu_has(c, X86_FEATURE_ACC))
-                return;
-        /* first check if TM1 is already enabled by the BIOS, in which
-         * case there might be some SMM goo which handles it, so we can't even
-         * put a handler since it might be delivered via SMI already.
-         */
-        rdmsr(MSR_IA32_MISC_ENABLE, l, h);
-        h = apic_read(APIC_LVTTHMR);
-        if ((l & MSR_IA32_MISC_ENABLE_TM1) && (h & APIC_DM_SMI)) {
-                printk(KERN_DEBUG
-                       "CPU%d: Thermal monitoring handled by SMI\n", cpu);
-                return;
-        }
-        if (cpu_has(c, X86_FEATURE_TM2) && (l & MSR_IA32_MISC_ENABLE_TM2))
-                tm2 = 1;
-        if (h & APIC_VECTOR_MASK) {
-                printk(KERN_DEBUG
-                       "CPU%d: Thermal LVT vector (%#x) already "
-                       "installed\n", cpu, (h & APIC_VECTOR_MASK));
-                return;
-        }
-        h = THERMAL_APIC_VECTOR;
-        h |= (APIC_DM_FIXED | APIC_LVT_MASKED);
-        apic_write(APIC_LVTTHMR, h);
-        rdmsr(MSR_IA32_THERM_INTERRUPT, l, h);
-        wrmsr(MSR_IA32_THERM_INTERRUPT, l | 0x03, h);
-        rdmsr(MSR_IA32_MISC_ENABLE, l, h);
-        wrmsr(MSR_IA32_MISC_ENABLE, l | MSR_IA32_MISC_ENABLE_TM1, h);
-        l = apic_read(APIC_LVTTHMR);
-        apic_write(APIC_LVTTHMR, l & ~APIC_LVT_MASKED);
-        printk(KERN_INFO "CPU%d: Thermal monitoring enabled (%s)\n",
-                cpu, tm2 ? "TM2" : "TM1");
-        /* enable thermal throttle processing */
-        atomic_set(&therm_throt_en, 1);
-        return;
-}
 /*
 * Support for Intel Correct Machine Check Interrupts. This allows
 * the CPU to raise an interrupt when a corrected machine check happened.
@@ -108,6 +56,9 @@ static int cmci_supported(int *banks)
 {
        u64 cap;
+        if (mce_cmci_disabled || mce_ignore_ce)
+                return 0;
        /*
         * Vendor check is not strictly needed, but the initial
         * initialization is vendor keyed and this
@@ -131,7 +82,7 @@ static int cmci_supported(int *banks)
 static void intel_threshold_interrupt(void)
 {
        machine_check_poll(MCP_TIMESTAMP, &__get_cpu_var(mce_banks_owned));
-        mce_notify_user();
+        mce_notify_irq();
 }
 static void print_update(char *type, int *hdr, int num)
@@ -247,7 +198,7 @@ void cmci_rediscover(int dying)
                return;
        cpumask_copy(old, &current->cpus_allowed);
-        for_each_online_cpu (cpu) {
+        for_each_online_cpu(cpu) {
                if (cpu == dying)
                        continue;
                if (set_cpus_allowed_ptr(current, cpumask_of(cpu)))
diff --git a/arch/x86/kernel/cpu/mcheck/non-fatal.c b/arch/x86/kernel/cpu/mcheck/non-fatal.c
index a74af128efc9..70b710420f74 100644
--- a/arch/x86/kernel/cpu/mcheck/non-fatal.c
+++ b/arch/x86/kernel/cpu/mcheck/non-fatal.c
@@ -6,15 +6,14 @@
 * This file contains routines to check for non-fatal MCEs every 15s
 *
 */
-#include <linux/init.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
-#include <linux/jiffies.h>
-#include <linux/workqueue.h>
 #include <linux/interrupt.h>
-#include <linux/smp.h>
+#include <linux/workqueue.h>
+#include <linux/jiffies.h>
+#include <linux/kernel.h>
 #include <linux/module.h>
+#include <linux/types.h>
+#include <linux/init.h>
+#include <linux/smp.h>
 #include <asm/processor.h>
 #include <asm/system.h>
@@ -22,9 +21,9 @@
 #include "mce.h"
-static int firstbank;
+static int              firstbank;
-#define MCE_RATE        15*HZ   /* timer rate is 15s */
+#define MCE_RATE        (15*HZ) /* timer rate is 15s */
 static void mce_checkregs(void *info)
 {
@@ -34,23 +33,24 @@ static void mce_checkregs(void *info)
        for (i = firstbank; i < nr_mce_banks; i++) {
                rdmsr(MSR_IA32_MC0_STATUS+i*4, low, high);
-                if (high & (1<<31)) {
+                if (!(high & (1<<31)))
-                        printk(KERN_INFO "MCE: The hardware reports a non "
+                        continue;
-                                "fatal, correctable incident occurred on "
-                                "CPU %d.\n",
+                printk(KERN_INFO "MCE: The hardware reports a non fatal, "
+                        "correctable incident occurred on CPU %d.\n",
                                smp_processor_id());
-                        printk(KERN_INFO "Bank %d: %08x%08x\n", i, high, low);
+                printk(KERN_INFO "Bank %d: %08x%08x\n", i, high, low);
-                        /*
-                         * Scrub the error so we don't pick it up in MCE_RATE
+                /*
-                         * seconds time.
+                 * Scrub the error so we don't pick it up in MCE_RATE
-                         */
+                 * seconds time:
-                        wrmsr(MSR_IA32_MC0_STATUS+i*4, 0UL, 0UL);
+                 */
+                wrmsr(MSR_IA32_MC0_STATUS+i*4, 0UL, 0UL);
-                        /* Serialize */
-                        wmb();
+                /* Serialize: */
-                        add_taint(TAINT_MACHINE_CHECK);
+                wmb();
-                }
+                add_taint(TAINT_MACHINE_CHECK);
        }
 }
@@ -77,16 +77,17 @@ static int __init init_nonfatal_mce_checker(void)
        /* Some Athlons misbehave when we frob bank 0 */
        if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
-                boot_cpu_data.x86 == 6)
+                                                boot_cpu_data.x86 == 6)
-                        firstbank = 1;
+                firstbank = 1;
        else
-                        firstbank = 0;
+                firstbank = 0;
        /*
         * Check for non-fatal errors every MCE_RATE s
         */
        schedule_delayed_work(&mce_work, round_jiffies_relative(MCE_RATE));
        printk(KERN_INFO "Machine check exception polling timer started.\n");
        return 0;
 }
 module_init(init_nonfatal_mce_checker);
diff --git a/arch/x86/kernel/cpu/mcheck/p4.c b/arch/x86/kernel/cpu/mcheck/p4.c
index f53bdcbaf382..82cee108a2d3 100644
--- a/arch/x86/kernel/cpu/mcheck/p4.c
+++ b/arch/x86/kernel/cpu/mcheck/p4.c
@@ -2,18 +2,17 @@
 * P4 specific Machine Check Exception Reporting
 */
-#include <linux/init.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
 #include <linux/interrupt.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/init.h>
 #include <linux/smp.h>
+#include <asm/therm_throt.h>
 #include <asm/processor.h>
 #include <asm/system.h>
-#include <asm/msr.h>
 #include <asm/apic.h>
+#include <asm/msr.h>
-#include <asm/therm_throt.h>
 #include "mce.h"
@@ -36,6 +35,7 @@ static int mce_num_extended_msrs;
 #ifdef CONFIG_X86_MCE_P4THERMAL
 static void unexpected_thermal_interrupt(struct pt_regs *regs)
 {
        printk(KERN_ERR "CPU%d: Unexpected LVT TMR interrupt!\n",
@@ -43,7 +43,7 @@ static void unexpected_thermal_interrupt(struct pt_regs *regs)
        add_taint(TAINT_MACHINE_CHECK);
 }
-/* P4/Xeon Thermal transition interrupt handler */
+/* P4/Xeon Thermal transition interrupt handler: */
 static void intel_thermal_interrupt(struct pt_regs *regs)
 {
        __u64 msr_val;
@@ -51,11 +51,12 @@ static void intel_thermal_interrupt(struct pt_regs *regs)
        ack_APIC_irq();
        rdmsrl(MSR_IA32_THERM_STATUS, msr_val);
-        therm_throt_process(msr_val & 0x1);
+        therm_throt_process(msr_val & THERM_STATUS_PROCHOT);
 }
-/* Thermal interrupt handler for this CPU setup */
+/* Thermal interrupt handler for this CPU setup: */
-static void (*vendor_thermal_interrupt)(struct pt_regs *regs) = unexpected_thermal_interrupt;
+static void (*vendor_thermal_interrupt)(struct pt_regs *regs) =
+                                                unexpected_thermal_interrupt;
 void smp_thermal_interrupt(struct pt_regs *regs)
 {
@@ -65,67 +66,15 @@ void smp_thermal_interrupt(struct pt_regs *regs)
        irq_exit();
 }
-/* P4/Xeon Thermal regulation detect and init */
+void intel_set_thermal_handler(void)
-static void intel_init_thermal(struct cpuinfo_x86 *c)
 {
-        u32 l, h;
-        unsigned int cpu = smp_processor_id();
-        /* Thermal monitoring */
-        if (!cpu_has(c, X86_FEATURE_ACPI))
-                return; /* -ENODEV */
-        /* Clock modulation */
-        if (!cpu_has(c, X86_FEATURE_ACC))
-                return; /* -ENODEV */
-        /* first check if its enabled already, in which case there might
-         * be some SMM goo which handles it, so we can't even put a handler
-         * since it might be delivered via SMI already -zwanem.
-         */
-        rdmsr(MSR_IA32_MISC_ENABLE, l, h);
-        h = apic_read(APIC_LVTTHMR);
-        if ((l & MSR_IA32_MISC_ENABLE_TM1) && (h & APIC_DM_SMI)) {
-                printk(KERN_DEBUG "CPU%d: Thermal monitoring handled by SMI\n",
-                                cpu);
-                return; /* -EBUSY */
-        }
-        /* check whether a vector already exists, temporarily masked? */
-        if (h & APIC_VECTOR_MASK) {
-                printk(KERN_DEBUG "CPU%d: Thermal LVT vector (%#x) already "
-                                "installed\n",
-                        cpu, (h & APIC_VECTOR_MASK));
-                return; /* -EBUSY */
-        }
-        /* The temperature transition interrupt handler setup */
-        h = THERMAL_APIC_VECTOR;                /* our delivery vector */
-        h |= (APIC_DM_FIXED | APIC_LVT_MASKED); /* we'll mask till we're ready */
-        apic_write(APIC_LVTTHMR, h);
-        rdmsr(MSR_IA32_THERM_INTERRUPT, l, h);
-        wrmsr(MSR_IA32_THERM_INTERRUPT, l | 0x03 , h);
-        /* ok we're good to go... */
        vendor_thermal_interrupt = intel_thermal_interrupt;
-        rdmsr(MSR_IA32_MISC_ENABLE, l, h);
-        wrmsr(MSR_IA32_MISC_ENABLE, l | MSR_IA32_MISC_ENABLE_TM1, h);
-        l = apic_read(APIC_LVTTHMR);
-        apic_write(APIC_LVTTHMR, l & ~APIC_LVT_MASKED);
-        printk(KERN_INFO "CPU%d: Thermal monitoring enabled\n", cpu);
-        /* enable thermal throttle processing */
-        atomic_set(&therm_throt_en, 1);
-        return;
 }
-#endif /* CONFIG_X86_MCE_P4THERMAL */
+#endif /* CONFIG_X86_MCE_P4THERMAL */
 /* P4/Xeon Extended MCE MSR retrieval, return 0 if unsupported */
-static inline void intel_get_extended_msrs(struct intel_mce_extended_msrs *r)
+static void intel_get_extended_msrs(struct intel_mce_extended_msrs *r)
 {
        u32 h;
@@ -143,9 +92,9 @@ static inline void intel_get_extended_msrs(struct intel_mce_extended_msrs *r)
 static void intel_machine_check(struct pt_regs *regs, long error_code)
 {
-        int recover = 1;
        u32 alow, ahigh, high, low;
        u32 mcgstl, mcgsth;
+        int recover = 1;
        int i;
        rdmsr(MSR_IA32_MCG_STATUS, mcgstl, mcgsth);
@@ -157,7 +106,9 @@ static void intel_machine_check(struct pt_regs *regs, long error_code)
        if (mce_num_extended_msrs > 0) {
                struct intel_mce_extended_msrs dbg;
                intel_get_extended_msrs(&dbg);
                printk(KERN_DEBUG "CPU %d: EIP: %08x EFLAGS: %08x\n"
                        "\teax: %08x ebx: %08x ecx: %08x edx: %08x\n"
                        "\tesi: %08x edi: %08x ebp: %08x esp: %08x\n",
@@ -171,6 +122,7 @@ static void intel_machine_check(struct pt_regs *regs, long error_code)
                if (high & (1<<31)) {
                        char misc[20];
                        char addr[24];
                        misc[0] = addr[0] = '\0';
                        if (high & (1<<29))
                                recover |= 1;
@@ -196,6 +148,7 @@ static void intel_machine_check(struct pt_regs *regs, long error_code)
                panic("Unable to continue");
        printk(KERN_EMERG "Attempting to continue.\n");
        /*
         * Do not clear the MSR_IA32_MCi_STATUS if the error is not
         * recoverable/continuable.This will allow BIOS to look at the MSRs
@@ -217,7 +170,6 @@ static void intel_machine_check(struct pt_regs *regs, long error_code)
        wrmsr(MSR_IA32_MCG_STATUS, mcgstl, mcgsth);
 }
 void intel_p4_mcheck_init(struct cpuinfo_x86 *c)
 {
        u32 l, h;
diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c
index c9f77ea69edc..015f481ab1b0 100644
--- a/arch/x86/kernel/cpu/mcheck/p5.c
+++ b/arch/x86/kernel/cpu/mcheck/p5.c
@@ -2,11 +2,10 @@
 * P5 specific Machine Check Exception Reporting
 * (C) Copyright 2002 Alan Cox <alan@lxorguk.ukuu.org.uk>
 */
-#include <linux/init.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
 #include <linux/interrupt.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/init.h>
 #include <linux/smp.h>
 #include <asm/processor.h>
@@ -15,39 +14,58 @@
 #include "mce.h"
-/* Machine check handler for Pentium class Intel */
+/* By default disabled */
+int             mce_p5_enable;
+/* Machine check handler for Pentium class Intel CPUs: */
 static void pentium_machine_check(struct pt_regs *regs, long error_code)
 {
        u32 loaddr, hi, lotype;
        rdmsr(MSR_IA32_P5_MC_ADDR, loaddr, hi);
        rdmsr(MSR_IA32_P5_MC_TYPE, lotype, hi);
-        printk(KERN_EMERG "CPU#%d: Machine Check Exception:  0x%8X (type 0x%8X).\n", smp_processor_id(), loaddr, lotype);
-        if (lotype&(1<<5))
+        printk(KERN_EMERG
-                printk(KERN_EMERG "CPU#%d: Possible thermal failure (CPU on fire ?).\n", smp_processor_id());
+                "CPU#%d: Machine Check Exception:  0x%8X (type 0x%8X).\n",
+                smp_processor_id(), loaddr, lotype);
+        if (lotype & (1<<5)) {
+                printk(KERN_EMERG
+                        "CPU#%d: Possible thermal failure (CPU on fire ?).\n",
+                        smp_processor_id());
+        }
        add_taint(TAINT_MACHINE_CHECK);
 }
-/* Set up machine check reporting for processors with Intel style MCE */
+/* Set up machine check reporting for processors with Intel style MCE: */
 void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
 {
        u32 l, h;
-        /*Check for MCE support */
+        /* Check for MCE support: */
        if (!cpu_has(c, X86_FEATURE_MCE))
                return;
-        /* Default P5 to off as its often misconnected */
+#ifdef CONFIG_X86_OLD_MCE
+        /* Default P5 to off as its often misconnected: */
        if (mce_disabled != -1)
                return;
+#endif
        machine_check_vector = pentium_machine_check;
+        /* Make sure the vector pointer is visible before we enable MCEs: */
        wmb();
-        /* Read registers before enabling */
+        /* Read registers before enabling: */
        rdmsr(MSR_IA32_P5_MC_ADDR, l, h);
        rdmsr(MSR_IA32_P5_MC_TYPE, l, h);
-        printk(KERN_INFO "Intel old style machine check architecture supported.\n");
+        printk(KERN_INFO
+               "Intel old style machine check architecture supported.\n");
-        /* Enable MCE */
+        /* Enable MCE: */
        set_in_cr4(X86_CR4_MCE);
-        printk(KERN_INFO "Intel old style machine check reporting enabled on CPU#%d.\n", smp_processor_id());
+        printk(KERN_INFO
+               "Intel old style machine check reporting enabled on CPU#%d.\n",
+               smp_processor_id());
 }
diff --git a/arch/x86/kernel/cpu/mcheck/p6.c b/arch/x86/kernel/cpu/mcheck/p6.c
index 2ac52d7b434b..43c24e667457 100644
--- a/arch/x86/kernel/cpu/mcheck/p6.c
+++ b/arch/x86/kernel/cpu/mcheck/p6.c
@@ -2,11 +2,10 @@
 * P6 specific Machine Check Exception Reporting
 * (C) Copyright 2002 Alan Cox <alan@lxorguk.ukuu.org.uk>
 */
-#include <linux/init.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
 #include <linux/interrupt.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/init.h>
 #include <linux/smp.h>
 #include <asm/processor.h>
@@ -18,9 +17,9 @@
 /* Machine Check Handler For PII/PIII */
 static void intel_machine_check(struct pt_regs *regs, long error_code)
 {
-        int recover = 1;
        u32 alow, ahigh, high, low;
        u32 mcgstl, mcgsth;
+        int recover = 1;
        int i;
        rdmsr(MSR_IA32_MCG_STATUS, mcgstl, mcgsth);
@@ -35,12 +34,16 @@ static void intel_machine_check(struct pt_regs *regs, long error_code)
                if (high & (1<<31)) {
                        char misc[20];
                        char addr[24];
-                        misc[0] = addr[0] = '\0';
+                        misc[0] = '\0';
+                        addr[0] = '\0';
                        if (high & (1<<29))
                                recover |= 1;
                        if (high & (1<<25))
                                recover |= 2;
                        high &= ~(1<<31);
                        if (high & (1<<27)) {
                                rdmsr(MSR_IA32_MC0_MISC+i*4, alow, ahigh);
                                snprintf(misc, 20, "[%08x%08x]", ahigh, alow);
@@ -49,6 +52,7 @@ static void intel_machine_check(struct pt_regs *regs, long error_code)
                                rdmsr(MSR_IA32_MC0_ADDR+i*4, alow, ahigh);
                                snprintf(addr, 24, " at %08x%08x", ahigh, alow);
                        }
                        printk(KERN_EMERG "CPU %d: Bank %d: %08x%08x%s%s\n",
                                smp_processor_id(), i, high, low, misc, addr);
                }
@@ -63,16 +67,17 @@ static void intel_machine_check(struct pt_regs *regs, long error_code)
        /*
         * Do not clear the MSR_IA32_MCi_STATUS if the error is not
         * recoverable/continuable.This will allow BIOS to look at the MSRs
-         * for errors if the OS could not log the error.
+         * for errors if the OS could not log the error:
         */
        for (i = 0; i < nr_mce_banks; i++) {
                unsigned int msr;
                msr = MSR_IA32_MC0_STATUS+i*4;
                rdmsr(msr, low, high);
                if (high & (1<<31)) {
-                        /* Clear it */
+                        /* Clear it: */
                        wrmsr(msr, 0UL, 0UL);
-                        /* Serialize */
+                        /* Serialize: */
                        wmb();
                        add_taint(TAINT_MACHINE_CHECK);
                }
@@ -81,7 +86,7 @@ static void intel_machine_check(struct pt_regs *regs, long error_code)
        wrmsr(MSR_IA32_MCG_STATUS, mcgstl, mcgsth);
 }
-/* Set up machine check reporting for processors with Intel style MCE */
+/* Set up machine check reporting for processors with Intel style MCE: */
 void intel_p6_mcheck_init(struct cpuinfo_x86 *c)
 {
        u32 l, h;
@@ -97,6 +102,7 @@ void intel_p6_mcheck_init(struct cpuinfo_x86 *c)
        /* Ok machine check is available */
        machine_check_vector = intel_machine_check;
+        /* Make sure the vector pointer is visible before we enable MCEs: */
        wmb();
        printk(KERN_INFO "Intel machine check architecture supported.\n");
diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c
index d5ae2243f0b9..7b1ae2e20ba5 100644
--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c
+++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c
@@ -1,7 +1,7 @@
 /*
- *
 * Thermal throttle event support code (such as syslog messaging and rate
 * limiting) that was factored out from x86_64 (mce_intel.c) and i386 (p4.c).
+ *
 * This allows consistent reporting of CPU thermal throttle events.
 *
 * Maintains a counter in /sys that keeps track of the number of thermal
@@ -13,43 +13,43 @@
 * Credits: Adapted from Zwane Mwaikambo's original code in mce_intel.c.
 *          Inspired by Ross Biro's and Al Borchers' counter code.
 */
+#include <linux/notifier.h>
+#include <linux/jiffies.h>
 #include <linux/percpu.h>
 #include <linux/sysdev.h>
 #include <linux/cpu.h>
-#include <asm/cpu.h>
-#include <linux/notifier.h>
-#include <linux/jiffies.h>
 #include <asm/therm_throt.h>
 /* How long to wait between reporting thermal events */
-#define CHECK_INTERVAL              (300 * HZ)
+#define CHECK_INTERVAL          (300 * HZ)
 static DEFINE_PER_CPU(__u64, next_check) = INITIAL_JIFFIES;
 static DEFINE_PER_CPU(unsigned long, thermal_throttle_count);
-atomic_t therm_throt_en = ATOMIC_INIT(0);
+atomic_t therm_throt_en         = ATOMIC_INIT(0);
 #ifdef CONFIG_SYSFS
-#define define_therm_throt_sysdev_one_ro(_name)                              \
+#define define_therm_throt_sysdev_one_ro(_name)                         \
-        static SYSDEV_ATTR(_name, 0444, therm_throt_sysdev_show_##_name, NULL)
+        static SYSDEV_ATTR(_name, 0444, therm_throt_sysdev_show_##_name, NULL)
-#define define_therm_throt_sysdev_show_func(name)                            \
+#define define_therm_throt_sysdev_show_func(name)                       \
-static ssize_t therm_throt_sysdev_show_##name(struct sys_device *dev,        \
+static ssize_t therm_throt_sysdev_show_##name(struct sys_device *dev,   \
-                                        struct sysdev_attribute *attr,       \
+                                        struct sysdev_attribute *attr,  \
-                                              char *buf)                     \
+                                              char *buf)                \
-{                                                                            \
+{                                                                       \
-        unsigned int cpu = dev->id;                                          \
+        unsigned int cpu = dev->id;                                     \
-        ssize_t ret;                                                         \
+        ssize_t ret;                                                    \
-                                                                             \
+                                                                        \
-        preempt_disable();              /* CPU hotplug */                    \
+        preempt_disable();      /* CPU hotplug */                       \
-        if (cpu_online(cpu))                                                 \
+        if (cpu_online(cpu))                                            \
-                ret = sprintf(buf, "%lu\n",                                  \
+                ret = sprintf(buf, "%lu\n",                             \
-                              per_cpu(thermal_throttle_##name, cpu));        \
+                              per_cpu(thermal_throttle_##name, cpu));   \
-        else                                                                 \
+        else                                                            \
-                ret = 0;                                                     \
+                ret = 0;                                                \
-        preempt_enable();                                                    \
+        preempt_enable();                                               \
-                                                                             \
+                                                                        \
-        return ret;                                                          \
+        return ret;                                                     \
 }
 define_therm_throt_sysdev_show_func(count);
@@ -61,8 +61,8 @@ static struct attribute *thermal_throttle_attrs[] = {
 };
 static struct attribute_group thermal_throttle_attr_group = {
-        .attrs = thermal_throttle_attrs,
+        .attrs  = thermal_throttle_attrs,
-        .name = "thermal_throttle"
+        .name   = "thermal_throttle"
 };
 #endif /* CONFIG_SYSFS */
@@ -110,10 +110,11 @@ int therm_throt_process(int curr)
 }
 #ifdef CONFIG_SYSFS
-/* Add/Remove thermal_throttle interface for CPU device */
+/* Add/Remove thermal_throttle interface for CPU device: */
 static __cpuinit int thermal_throttle_add_dev(struct sys_device *sys_dev)
 {
-        return sysfs_create_group(&sys_dev->kobj, &thermal_throttle_attr_group);
+        return sysfs_create_group(&sys_dev->kobj,
+                                  &thermal_throttle_attr_group);
 }
 static __cpuinit void thermal_throttle_remove_dev(struct sys_device *sys_dev)
@@ -121,19 +122,21 @@ static __cpuinit void thermal_throttle_remove_dev(struct sys_device *sys_dev)
        sysfs_remove_group(&sys_dev->kobj, &thermal_throttle_attr_group);
 }
-/* Mutex protecting device creation against CPU hotplug */
+/* Mutex protecting device creation against CPU hotplug: */
 static DEFINE_MUTEX(therm_cpu_lock);
 /* Get notified when a cpu comes on/off. Be hotplug friendly. */
-static __cpuinit int thermal_throttle_cpu_callback(struct notifier_block *nfb,
+static __cpuinit int
-                                                   unsigned long action,
+thermal_throttle_cpu_callback(struct notifier_block *nfb,
-                                                   void *hcpu)
+                              unsigned long action,
+                              void *hcpu)
 {
        unsigned int cpu = (unsigned long)hcpu;
        struct sys_device *sys_dev;
        int err = 0;
        sys_dev = get_cpu_sysdev(cpu);
        switch (action) {
        case CPU_UP_PREPARE:
        case CPU_UP_PREPARE_FROZEN:
diff --git a/arch/x86/kernel/cpu/mcheck/threshold.c b/arch/x86/kernel/cpu/mcheck/threshold.c
index 23ee9e730f78..d746df2909c9 100644
--- a/arch/x86/kernel/cpu/mcheck/threshold.c
+++ b/arch/x86/kernel/cpu/mcheck/threshold.c
@@ -17,7 +17,7 @@ static void default_threshold_interrupt(void)
 void (*mce_threshold_vector)(void) = default_threshold_interrupt;
-asmlinkage void mce_threshold_interrupt(void)
+asmlinkage void smp_threshold_interrupt(void)
 {
        exit_idle();
        irq_enter();
diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c
index 2a043d89811d..81b02487090b 100644
--- a/arch/x86/kernel/cpu/mcheck/winchip.c
+++ b/arch/x86/kernel/cpu/mcheck/winchip.c
@@ -2,11 +2,10 @@
 * IDT Winchip specific Machine Check Exception Reporting
 * (C) Copyright 2002 Alan Cox <alan@lxorguk.ukuu.org.uk>
 */
-#include <linux/init.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
 #include <linux/interrupt.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/init.h>
 #include <asm/processor.h>
 #include <asm/system.h>
@@ -14,7 +13,7 @@
 #include "mce.h"
-/* Machine check handler for WinChip C6 */
+/* Machine check handler for WinChip C6: */
 static void winchip_machine_check(struct pt_regs *regs, long error_code)
 {
        printk(KERN_EMERG "CPU0: Machine Check Exception.\n");
@@ -25,12 +24,18 @@ static void winchip_machine_check(struct pt_regs *regs, long error_code)
 void winchip_mcheck_init(struct cpuinfo_x86 *c)
 {
        u32 lo, hi;
        machine_check_vector = winchip_machine_check;
+        /* Make sure the vector pointer is visible before we enable MCEs: */
        wmb();
        rdmsr(MSR_IDT_FCR1, lo, hi);
        lo |= (1<<2);   /* Enable EIERRINT (int 18 MCE) */
        lo &= ~(1<<4);  /* Enable MCE */
        wrmsr(MSR_IDT_FCR1, lo, hi);
        set_in_cr4(X86_CR4_MCE);
-        printk(KERN_INFO "Winchip machine check reporting enabled on CPU#0.\n");
+        printk(KERN_INFO
+               "Winchip machine check reporting enabled on CPU#0.\n");
 }
diff --git a/arch/x86/kernel/cpu/perf_counter.c b/arch/x86/kernel/cpu/perf_counter.c
index 895c82e78455..275bc142cd5d 100644
--- a/arch/x86/kernel/cpu/perf_counter.c
+++ b/arch/x86/kernel/cpu/perf_counter.c
@@ -968,6 +968,13 @@ fixed_mode_idx(struct perf_counter *counter, struct hw_perf_counter *hwc)
        if (!x86_pmu.num_counters_fixed)
                return -1;
+        /*
+         * Quirk, IA32_FIXED_CTRs do not work on current Atom processors:
+         */
+        if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
+                                        boot_cpu_data.x86_model == 28)
+                return -1;
        event = hwc->config & ARCH_PERFMON_EVENT_MASK;
        if (unlikely(event == x86_pmu.event_map(PERF_COUNT_HW_INSTRUCTIONS)))
diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c
index 2ac1f0c2beb3..b07af8861244 100644
--- a/arch/x86/kernel/cpuid.c
+++ b/arch/x86/kernel/cpuid.c
@@ -182,6 +182,11 @@ static struct notifier_block __refdata cpuid_class_cpu_notifier =
        .notifier_call = cpuid_class_cpu_callback,
 };
+static char *cpuid_nodename(struct device *dev)
+{
+        return kasprintf(GFP_KERNEL, "cpu/%u/cpuid", MINOR(dev->devt));
+}
 static int __init cpuid_init(void)
 {
        int i, err = 0;
@@ -198,6 +203,7 @@ static int __init cpuid_init(void)
                err = PTR_ERR(cpuid_class);
                goto out_chrdev;
        }
+        cpuid_class->nodename = cpuid_nodename;
        for_each_online_cpu(i) {
                err = cpuid_device_create(i);
                if (err != 0)
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index a4742a340d8d..de74f0a3e0ed 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -963,6 +963,8 @@ END(\sym)
 #ifdef CONFIG_SMP
 apicinterrupt IRQ_MOVE_CLEANUP_VECTOR \
        irq_move_cleanup_interrupt smp_irq_move_cleanup_interrupt
+apicinterrupt REBOOT_VECTOR \
+        reboot_interrupt smp_reboot_interrupt
 #endif
 #ifdef CONFIG_X86_UV
@@ -994,10 +996,15 @@ apicinterrupt INVALIDATE_TLB_VECTOR_START+7 \
 #endif
 apicinterrupt THRESHOLD_APIC_VECTOR \
-        threshold_interrupt mce_threshold_interrupt
+        threshold_interrupt smp_threshold_interrupt
 apicinterrupt THERMAL_APIC_VECTOR \
        thermal_interrupt smp_thermal_interrupt
+#ifdef CONFIG_X86_MCE
+apicinterrupt MCE_SELF_VECTOR \
+        mce_self_interrupt smp_mce_self_interrupt
+#endif
 #ifdef CONFIG_SMP
 apicinterrupt CALL_FUNCTION_SINGLE_VECTOR \
        call_function_single_interrupt smp_call_function_single_interrupt
@@ -1379,7 +1386,7 @@ errorentry xen_stack_segment do_stack_segment
 errorentry general_protection do_general_protection
 errorentry page_fault do_page_fault
 #ifdef CONFIG_X86_MCE
-paranoidzeroentry machine_check do_machine_check
+paranoidzeroentry machine_check *machine_check_vector(%rip)
 #endif
        /*
diff --git a/arch/x86/kernel/i8253.c b/arch/x86/kernel/i8253.c
index c2e0bb0890d4..5cf36c053ac4 100644
--- a/arch/x86/kernel/i8253.c
+++ b/arch/x86/kernel/i8253.c
@@ -7,6 +7,7 @@
 #include <linux/spinlock.h>
 #include <linux/jiffies.h>
 #include <linux/module.h>
+#include <linux/timex.h>
 #include <linux/delay.h>
 #include <linux/init.h>
 #include <linux/io.h>
diff --git a/arch/x86/kernel/init_task.c b/arch/x86/kernel/init_task.c
index df3bf269beab..270ff83efc11 100644
--- a/arch/x86/kernel/init_task.c
+++ b/arch/x86/kernel/init_task.c
@@ -12,7 +12,6 @@
 static struct signal_struct init_signals = INIT_SIGNALS(init_signals);
 static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand);
-struct mm_struct init_mm = INIT_MM(init_mm);
 /*
 * Initial thread structure.
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index 38287b5f116e..b0cdde6932f5 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -12,6 +12,7 @@
 #include <asm/io_apic.h>
 #include <asm/irq.h>
 #include <asm/idle.h>
+#include <asm/mce.h>
 #include <asm/hw_irq.h>
 atomic_t irq_err_count;
@@ -96,13 +97,23 @@ static int show_other_interrupts(struct seq_file *p, int prec)
        for_each_online_cpu(j)
                seq_printf(p, "%10u ", irq_stats(j)->irq_thermal_count);
        seq_printf(p, "  Thermal event interrupts\n");
-# ifdef CONFIG_X86_64
+# ifdef CONFIG_X86_MCE_THRESHOLD
        seq_printf(p, "%*s: ", prec, "THR");
        for_each_online_cpu(j)
                seq_printf(p, "%10u ", irq_stats(j)->irq_threshold_count);
        seq_printf(p, "  Threshold APIC interrupts\n");
 # endif
 #endif
+#ifdef CONFIG_X86_NEW_MCE
+        seq_printf(p, "%*s: ", prec, "MCE");
+        for_each_online_cpu(j)
+                seq_printf(p, "%10u ", per_cpu(mce_exception_count, j));
+        seq_printf(p, "  Machine check exceptions\n");
+        seq_printf(p, "%*s: ", prec, "MCP");
+        for_each_online_cpu(j)
+                seq_printf(p, "%10u ", per_cpu(mce_poll_count, j));
+        seq_printf(p, "  Machine check polls\n");
+#endif
        seq_printf(p, "%*s: %10u\n", prec, "ERR", atomic_read(&irq_err_count));
 #if defined(CONFIG_X86_IO_APIC)
        seq_printf(p, "%*s: %10u\n", prec, "MIS", atomic_read(&irq_mis_count));
@@ -185,10 +196,14 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
 #endif
 #ifdef CONFIG_X86_MCE
        sum += irq_stats(cpu)->irq_thermal_count;
-# ifdef CONFIG_X86_64
+# ifdef CONFIG_X86_MCE_THRESHOLD
        sum += irq_stats(cpu)->irq_threshold_count;
 # endif
 #endif
+#ifdef CONFIG_X86_NEW_MCE
+        sum += per_cpu(mce_exception_count, cpu);
+        sum += per_cpu(mce_poll_count, cpu);
+#endif
        return sum;
 }
diff --git a/arch/x86/kernel/irqinit.c b/arch/x86/kernel/irqinit.c
index 267c6624c77f..696f0e475c2d 100644
--- a/arch/x86/kernel/irqinit.c
+++ b/arch/x86/kernel/irqinit.c
@@ -173,6 +173,9 @@ static void __init smp_intr_init(void)
        /* Low priority IPI to cleanup after moving an irq */
        set_intr_gate(IRQ_MOVE_CLEANUP_VECTOR, irq_move_cleanup_interrupt);
        set_bit(IRQ_MOVE_CLEANUP_VECTOR, used_vectors);
+        /* IPI used for rebooting/stopping */
+        alloc_intr_gate(REBOOT_VECTOR, reboot_interrupt);
 #endif
 #endif /* CONFIG_SMP */
 }
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
index 6551dedee20c..a78ecad0c900 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -27,6 +27,7 @@
 #include <linux/mm.h>
 #include <linux/highmem.h>
 #include <linux/hardirq.h>
+#include <asm/timer.h>
 #define MMU_QUEUE_SIZE 1024
@@ -230,6 +231,9 @@ static void paravirt_ops_setup(void)
                pv_mmu_ops.lazy_mode.enter = kvm_enter_lazy_mmu;
                pv_mmu_ops.lazy_mode.leave = kvm_leave_lazy_mmu;
        }
+#ifdef CONFIG_X86_IO_APIC
+        no_timer_check = 1;
+#endif
 }
 void __init kvm_guest_init(void)
diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c
index 9c4461501fcb..9371448290ac 100644
--- a/arch/x86/kernel/microcode_core.c
+++ b/arch/x86/kernel/microcode_core.c
@@ -236,6 +236,7 @@ static const struct file_operations microcode_fops = {
 static struct miscdevice microcode_dev = {
        .minor                  = MICROCODE_MINOR,
        .name                   = "microcode",
+        .devnode                = "cpu/microcode",
        .fops                   = &microcode_fops,
 };
diff --git a/arch/x86/kernel/module_64.c b/arch/x86/kernel/module.c
index c23880b90b5c..89f386f044e4 100644
--- a/arch/x86/kernel/module_64.c
+++ b/arch/x86/kernel/module.c
@@ -1,6 +1,5 @@
-/*  Kernel module help for x86-64
+/*  Kernel module help for x86.
    Copyright (C) 2001 Rusty Russell.
-    Copyright (C) 2002,2003 Andi Kleen, SuSE Labs.
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,23 +21,18 @@
 #include <linux/fs.h>
 #include <linux/string.h>
 #include <linux/kernel.h>
-#include <linux/mm.h>
-#include <linux/slab.h>
 #include <linux/bug.h>
+#include <linux/mm.h>
 #include <asm/system.h>
 #include <asm/page.h>
 #include <asm/pgtable.h>
+#if 0
+#define DEBUGP printk
+#else
 #define DEBUGP(fmt...)
+#endif
-#ifndef CONFIG_UML
-void module_free(struct module *mod, void *module_region)
-{
-        vfree(module_region);
-        /* FIXME: If module_region == mod->init_region, trim exception
-           table entries. */
-}
 void *module_alloc(unsigned long size)
 {
@@ -54,9 +48,15 @@ void *module_alloc(unsigned long size)
        if (!area)
                return NULL;
-        return __vmalloc_area(area, GFP_KERNEL, PAGE_KERNEL_EXEC);
+        return __vmalloc_area(area, GFP_KERNEL | __GFP_HIGHMEM,
+                                        PAGE_KERNEL_EXEC);
+}
+/* Free memory returned from module_alloc */
+void module_free(struct module *mod, void *module_region)
+{
+        vfree(module_region);
 }
-#endif
 /* We don't need anything special. */
 int module_frob_arch_sections(Elf_Ehdr *hdr,
@@ -67,6 +67,58 @@ int module_frob_arch_sections(Elf_Ehdr *hdr,
        return 0;
 }
+#ifdef CONFIG_X86_32
+int apply_relocate(Elf32_Shdr *sechdrs,
+                   const char *strtab,
+                   unsigned int symindex,
+                   unsigned int relsec,
+                   struct module *me)
+{
+        unsigned int i;
+        Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
+        Elf32_Sym *sym;
+        uint32_t *location;
+        DEBUGP("Applying relocate section %u to %u\n", relsec,
+               sechdrs[relsec].sh_info);
+        for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
+                /* This is where to make the change */
+                location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
+                        + rel[i].r_offset;
+                /* This is the symbol it is referring to.  Note that all
+                   undefined symbols have been resolved.  */
+                sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
+                        + ELF32_R_SYM(rel[i].r_info);
+                switch (ELF32_R_TYPE(rel[i].r_info)) {
+                case R_386_32:
+                        /* We add the value into the location given */
+                        *location += sym->st_value;
+                        break;
+                case R_386_PC32:
+                        /* Add the value, subtract its postition */
+                        *location += sym->st_value - (uint32_t)location;
+                        break;
+                default:
+                        printk(KERN_ERR "module %s: Unknown relocation: %u\n",
+                               me->name, ELF32_R_TYPE(rel[i].r_info));
+                        return -ENOEXEC;
+                }
+        }
+        return 0;
+}
+int apply_relocate_add(Elf32_Shdr *sechdrs,
+                       const char *strtab,
+                       unsigned int symindex,
+                       unsigned int relsec,
+                       struct module *me)
+{
+        printk(KERN_ERR "module %s: ADD RELOCATION unsupported\n",
+               me->name);
+        return -ENOEXEC;
+}
+#else /*X86_64*/
 int apply_relocate_add(Elf64_Shdr *sechdrs,
                   const char *strtab,
                   unsigned int symindex,
@@ -147,6 +199,8 @@ int apply_relocate(Elf_Shdr *sechdrs,
        return -ENOSYS;
 }
+#endif
 int module_finalize(const Elf_Ehdr *hdr,
                    const Elf_Shdr *sechdrs,
                    struct module *me)
diff --git a/arch/x86/kernel/module_32.c b/arch/x86/kernel/module_32.c
deleted file mode 100644
index 0edd819050e7..000000000000
--- a/arch/x86/kernel/module_32.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/*  Kernel module help for i386.
-    Copyright (C) 2001 Rusty Russell.
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-*/
-#include <linux/moduleloader.h>
-#include <linux/elf.h>
-#include <linux/vmalloc.h>
-#include <linux/fs.h>
-#include <linux/string.h>
-#include <linux/kernel.h>
-#include <linux/bug.h>
-#if 0
-#define DEBUGP printk
-#else
-#define DEBUGP(fmt...)
-#endif
-void *module_alloc(unsigned long size)
-{
-        if (size == 0)
-                return NULL;
-        return vmalloc_exec(size);
-}
-/* Free memory returned from module_alloc */
-void module_free(struct module *mod, void *module_region)
-{
-        vfree(module_region);
-        /* FIXME: If module_region == mod->init_region, trim exception
-           table entries. */
-}
-/* We don't need anything special. */
-int module_frob_arch_sections(Elf_Ehdr *hdr,
-                              Elf_Shdr *sechdrs,
-                              char *secstrings,
-                              struct module *mod)
-{
-        return 0;
-}
-int apply_relocate(Elf32_Shdr *sechdrs,
-                   const char *strtab,
-                   unsigned int symindex,
-                   unsigned int relsec,
-                   struct module *me)
-{
-        unsigned int i;
-        Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
-        Elf32_Sym *sym;
-        uint32_t *location;
-        DEBUGP("Applying relocate section %u to %u\n", relsec,
-               sechdrs[relsec].sh_info);
-        for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
-                /* This is where to make the change */
-                location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
-                        + rel[i].r_offset;
-                /* This is the symbol it is referring to.  Note that all
-                   undefined symbols have been resolved.  */
-                sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
-                        + ELF32_R_SYM(rel[i].r_info);
-                switch (ELF32_R_TYPE(rel[i].r_info)) {
-                case R_386_32:
-                        /* We add the value into the location given */
-                        *location += sym->st_value;
-                        break;
-                case R_386_PC32:
-                        /* Add the value, subtract its postition */
-                        *location += sym->st_value - (uint32_t)location;
-                        break;
-                default:
-                        printk(KERN_ERR "module %s: Unknown relocation: %u\n",
-                               me->name, ELF32_R_TYPE(rel[i].r_info));
-                        return -ENOEXEC;
-                }
-        }
-        return 0;
-}
-int apply_relocate_add(Elf32_Shdr *sechdrs,
-                       const char *strtab,
-                       unsigned int symindex,
-                       unsigned int relsec,
-                       struct module *me)
-{
-        printk(KERN_ERR "module %s: ADD RELOCATION unsupported\n",
-               me->name);
-        return -ENOEXEC;
-}
-int module_finalize(const Elf_Ehdr *hdr,
-                    const Elf_Shdr *sechdrs,
-                    struct module *me)
-{
-        const Elf_Shdr *s, *text = NULL, *alt = NULL, *locks = NULL,
-                *para = NULL;
-        char *secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;
-        for (s = sechdrs; s < sechdrs + hdr->e_shnum; s++) {
-                if (!strcmp(".text", secstrings + s->sh_name))
-                        text = s;
-                if (!strcmp(".altinstructions", secstrings + s->sh_name))
-                        alt = s;
-                if (!strcmp(".smp_locks", secstrings + s->sh_name))
-                        locks = s;
-                if (!strcmp(".parainstructions", secstrings + s->sh_name))
-                        para = s;
-        }
-        if (alt) {
-                /* patch .altinstructions */
-                void *aseg = (void *)alt->sh_addr;
-                apply_alternatives(aseg, aseg + alt->sh_size);
-        }
-        if (locks && text) {
-                void *lseg = (void *)locks->sh_addr;
-                void *tseg = (void *)text->sh_addr;
-                alternatives_smp_module_add(me, me->name,
-                                            lseg, lseg + locks->sh_size,
-                                            tseg, tseg + text->sh_size);
-        }
-        if (para) {
-                void *pseg = (void *)para->sh_addr;
-                apply_paravirt(pseg, pseg + para->sh_size);
-        }
-        return module_bug_finalize(hdr, sechdrs, me);
-}
-void module_arch_cleanup(struct module *mod)
-{
-        alternatives_smp_module_del(mod);
-        module_bug_cleanup(mod);
-}
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index 3cf3413ec626..98fd6cd4e3a4 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -196,6 +196,11 @@ static struct notifier_block __refdata msr_class_cpu_notifier = {
        .notifier_call = msr_class_cpu_callback,
 };
+static char *msr_nodename(struct device *dev)
+{
+        return kasprintf(GFP_KERNEL, "cpu/%u/msr", MINOR(dev->devt));
+}
 static int __init msr_init(void)
 {
        int i, err = 0;
@@ -212,6 +217,7 @@ static int __init msr_init(void)
                err = PTR_ERR(msr_class);
                goto out_chrdev;
        }
+        msr_class->nodename = msr_nodename;
        for_each_online_cpu(i) {
                err = msr_device_create(i);
                if (err != 0)
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 3bb2be1649bd..994dd6a4a2a0 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -63,7 +63,7 @@ void arch_task_cache_init(void)
        task_xstate_cachep =
                kmem_cache_create("task_xstate", xstate_size,
                                  __alignof__(union thread_xstate),
-                                  SLAB_PANIC, NULL);
+                                  SLAB_PANIC | SLAB_NOTRACK, NULL);
 }
 /*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index d1c636bf31a7..be5ae80f897f 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -301,15 +301,13 @@ static void __init reserve_brk(void)
 #ifdef CONFIG_BLK_DEV_INITRD
-#ifdef CONFIG_X86_32
 #define MAX_MAP_CHUNK   (NR_FIX_BTMAPS << PAGE_SHIFT)
 static void __init relocate_initrd(void)
 {
        u64 ramdisk_image = boot_params.hdr.ramdisk_image;
        u64 ramdisk_size  = boot_params.hdr.ramdisk_size;
-        u64 end_of_lowmem = max_low_pfn << PAGE_SHIFT;
+        u64 end_of_lowmem = max_low_pfn_mapped << PAGE_SHIFT;
        u64 ramdisk_here;
        unsigned long slop, clen, mapaddr;
        char *p, *q;
@@ -365,14 +363,13 @@ static void __init relocate_initrd(void)
                ramdisk_image, ramdisk_image + ramdisk_size - 1,
                ramdisk_here, ramdisk_here + ramdisk_size - 1);
 }
-#endif
 static void __init reserve_initrd(void)
 {
        u64 ramdisk_image = boot_params.hdr.ramdisk_image;
        u64 ramdisk_size  = boot_params.hdr.ramdisk_size;
        u64 ramdisk_end   = ramdisk_image + ramdisk_size;
-        u64 end_of_lowmem = max_low_pfn << PAGE_SHIFT;
+        u64 end_of_lowmem = max_low_pfn_mapped << PAGE_SHIFT;
        if (!boot_params.hdr.type_of_loader ||
            !ramdisk_image || !ramdisk_size)
@@ -402,14 +399,8 @@ static void __init reserve_initrd(void)
                return;
        }
-#ifdef CONFIG_X86_32
        relocate_initrd();
-#else
-        printk(KERN_ERR "initrd extends beyond end of memory "
-               "(0x%08llx > 0x%08llx)\ndisabling initrd\n",
-               ramdisk_end, end_of_lowmem);
-        initrd_start = 0;
-#endif
        free_early(ramdisk_image, ramdisk_end);
 }
 #else
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 0a813b17b172..4c578751e94e 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -24,11 +24,11 @@
 #include <asm/ucontext.h>
 #include <asm/i387.h>
 #include <asm/vdso.h>
+#include <asm/mce.h>
 #ifdef CONFIG_X86_64
 #include <asm/proto.h>
 #include <asm/ia32_unistd.h>
-#include <asm/mce.h>
 #endif /* CONFIG_X86_64 */
 #include <asm/syscall.h>
@@ -856,10 +856,10 @@ static void do_signal(struct pt_regs *regs)
 void
 do_notify_resume(struct pt_regs *regs, void *unused, __u32 thread_info_flags)
 {
-#if defined(CONFIG_X86_64) && defined(CONFIG_X86_MCE)
+#ifdef CONFIG_X86_NEW_MCE
        /* notify userspace of pending MCEs */
        if (thread_info_flags & _TIF_MCE_NOTIFY)
-                mce_notify_user();
+                mce_notify_process();
 #endif /* CONFIG_X86_64 && CONFIG_X86_MCE */
        /* deal with pending signal delivery */
diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
index f6db48c405b8..ec1de97600e7 100644
--- a/arch/x86/kernel/smp.c
+++ b/arch/x86/kernel/smp.c
@@ -150,14 +150,40 @@ void native_send_call_func_ipi(const struct cpumask *mask)
 * this function calls the 'stop' function on all other CPUs in the system.
 */
+asmlinkage void smp_reboot_interrupt(void)
+{
+        ack_APIC_irq();
+        irq_enter();
+        stop_this_cpu(NULL);
+        irq_exit();
+}
 static void native_smp_send_stop(void)
 {
        unsigned long flags;
+        unsigned long wait;
        if (reboot_force)
                return;
-        smp_call_function(stop_this_cpu, NULL, 0);
+        /*
+         * Use an own vector here because smp_call_function
+         * does lots of things not suitable in a panic situation.
+         * On most systems we could also use an NMI here,
+         * but there are a few systems around where NMI
+         * is problematic so stay with an non NMI for now
+         * (this implies we cannot stop CPUs spinning with irq off
+         * currently)
+         */
+        if (num_online_cpus() > 1) {
+                apic->send_IPI_allbutself(REBOOT_VECTOR);
+                /* Don't wait longer than a second */
+                wait = USEC_PER_SEC;
+                while (num_online_cpus() > 1 && wait--)
+                        udelay(1);
+        }
        local_irq_save(flags);
        disable_local_APIC();
        local_irq_restore(flags);
@@ -172,6 +198,9 @@ void smp_reschedule_interrupt(struct pt_regs *regs)
 {
        ack_APIC_irq();
        inc_irq_stat(irq_resched_count);
+        /*
+         * KVM uses this interrupt to force a cpu out of guest mode
+         */
 }
 void smp_call_function_interrupt(struct pt_regs *regs)
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 7c80007ea5f7..2fecda69ee64 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -873,7 +873,7 @@ int __cpuinit native_cpu_up(unsigned int cpu)
        err = do_boot_cpu(apicid, cpu);
-        zap_low_mappings();
+        zap_low_mappings(false);
        low_mappings = 0;
 #else
        err = do_boot_cpu(apicid, cpu);
diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c
index 4aaf7e48394f..c3eb207181fe 100644
--- a/arch/x86/kernel/stacktrace.c
+++ b/arch/x86/kernel/stacktrace.c
@@ -77,6 +77,13 @@ void save_stack_trace(struct stack_trace *trace)
 }
 EXPORT_SYMBOL_GPL(save_stack_trace);
+void save_stack_trace_bp(struct stack_trace *trace, unsigned long bp)
+{
+        dump_trace(current, NULL, NULL, bp, &save_stack_ops, trace);
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = ULONG_MAX;
+}
 void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
 {
        dump_trace(tsk, NULL, NULL, 0, &save_stack_ops_nosched, trace);
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 07d60c870ce2..5f935f0d5861 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -45,6 +45,7 @@
 #include <linux/edac.h>
 #endif
+#include <asm/kmemcheck.h>
 #include <asm/stacktrace.h>
 #include <asm/processor.h>
 #include <asm/debugreg.h>
@@ -534,6 +535,10 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
        get_debugreg(condition, 6);
+        /* Catch kmemcheck conditions first of all! */
+        if (condition & DR_STEP && kmemcheck_trap(regs))
+                return;
        /*
         * The processor cleared BTF, so don't mark that we need it set.
         */
@@ -798,15 +803,15 @@ unsigned long patch_espfix_desc(unsigned long uesp, unsigned long kesp)
        return new_kesp;
 }
-#else
+#endif
 asmlinkage void __attribute__((weak)) smp_thermal_interrupt(void)
 {
 }
-asmlinkage void __attribute__((weak)) mce_threshold_interrupt(void)
+asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void)
 {
 }
-#endif
 /*
 * 'math_state_restore()' saves the current math information in the
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 3e1c057e98fe..ae3180c506a6 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -9,6 +9,7 @@
 #include <linux/delay.h>
 #include <linux/clocksource.h>
 #include <linux/percpu.h>
+#include <linux/timex.h>
 #include <asm/hpet.h>
 #include <asm/timer.h>
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 4c85b2e2bb65..367e87882041 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -108,6 +108,8 @@ SECTIONS
        /* Data */
        . = ALIGN(PAGE_SIZE);
        .data : AT(ADDR(.data) - LOAD_OFFSET) {
+                /* Start of data section */
+                _sdata = .;
                DATA_DATA
                CONSTRUCTORS
diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index a58504ea78cc..8600a09e0c6c 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -50,6 +50,9 @@ config KVM_INTEL
          Provides support for KVM on Intel processors equipped with the VT
          extensions.
+          To compile this as a module, choose M here: the module
+          will be called kvm-intel.
 config KVM_AMD
        tristate "KVM for AMD processors support"
        depends on KVM
@@ -57,6 +60,9 @@ config KVM_AMD
          Provides support for KVM on AMD processors equipped with the AMD-V
          (SVM) extensions.
+          To compile this as a module, choose M here: the module
+          will be called kvm-amd.
 config KVM_TRACE
        bool "KVM trace support"
        depends on KVM && SYSFS
diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
index d3ec292f00f2..b43c4efafe80 100644
--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -14,7 +14,7 @@ endif
 EXTRA_CFLAGS += -Ivirt/kvm -Iarch/x86/kvm
 kvm-objs := $(common-objs) x86.o mmu.o x86_emulate.o i8259.o irq.o lapic.o \
-        i8254.o
+        i8254.o timer.o
 obj-$(CONFIG_KVM) += kvm.o
 kvm-intel-objs = vmx.o
 obj-$(CONFIG_KVM_INTEL) += kvm-intel.o
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index c13bb92d3157..4d6f0d293ee2 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -98,6 +98,37 @@ static int pit_get_gate(struct kvm *kvm, int channel)
        return kvm->arch.vpit->pit_state.channels[channel].gate;
 }
+static s64 __kpit_elapsed(struct kvm *kvm)
+{
+        s64 elapsed;
+        ktime_t remaining;
+        struct kvm_kpit_state *ps = &kvm->arch.vpit->pit_state;
+        /*
+         * The Counter does not stop when it reaches zero. In
+         * Modes 0, 1, 4, and 5 the Counter ``wraps around'' to
+         * the highest count, either FFFF hex for binary counting
+         * or 9999 for BCD counting, and continues counting.
+         * Modes 2 and 3 are periodic; the Counter reloads
+         * itself with the initial count and continues counting
+         * from there.
+         */
+        remaining = hrtimer_expires_remaining(&ps->pit_timer.timer);
+        elapsed = ps->pit_timer.period - ktime_to_ns(remaining);
+        elapsed = mod_64(elapsed, ps->pit_timer.period);
+        return elapsed;
+}
+static s64 kpit_elapsed(struct kvm *kvm, struct kvm_kpit_channel_state *c,
+                        int channel)
+{
+        if (channel == 0)
+                return __kpit_elapsed(kvm);
+        return ktime_to_ns(ktime_sub(ktime_get(), c->count_load_time));
+}
 static int pit_get_count(struct kvm *kvm, int channel)
 {
        struct kvm_kpit_channel_state *c =
@@ -107,7 +138,7 @@ static int pit_get_count(struct kvm *kvm, int channel)
        WARN_ON(!mutex_is_locked(&kvm->arch.vpit->pit_state.lock));
-        t = ktime_to_ns(ktime_sub(ktime_get(), c->count_load_time));
+        t = kpit_elapsed(kvm, c, channel);
        d = muldiv64(t, KVM_PIT_FREQ, NSEC_PER_SEC);
        switch (c->mode) {
@@ -137,7 +168,7 @@ static int pit_get_out(struct kvm *kvm, int channel)
        WARN_ON(!mutex_is_locked(&kvm->arch.vpit->pit_state.lock));
-        t = ktime_to_ns(ktime_sub(ktime_get(), c->count_load_time));
+        t = kpit_elapsed(kvm, c, channel);
        d = muldiv64(t, KVM_PIT_FREQ, NSEC_PER_SEC);
        switch (c->mode) {
@@ -193,28 +224,6 @@ static void pit_latch_status(struct kvm *kvm, int channel)
        }
 }
-static int __pit_timer_fn(struct kvm_kpit_state *ps)
-{
-        struct kvm_vcpu *vcpu0 = ps->pit->kvm->vcpus[0];
-        struct kvm_kpit_timer *pt = &ps->pit_timer;
-        if (!atomic_inc_and_test(&pt->pending))
-                set_bit(KVM_REQ_PENDING_TIMER, &vcpu0->requests);
-        if (!pt->reinject)
-                atomic_set(&pt->pending, 1);
-        if (vcpu0 && waitqueue_active(&vcpu0->wq))
-                wake_up_interruptible(&vcpu0->wq);
-        hrtimer_add_expires_ns(&pt->timer, pt->period);
-        pt->scheduled = hrtimer_get_expires_ns(&pt->timer);
-        if (pt->period)
-                ps->channels[0].count_load_time = ktime_get();
-        return (pt->period == 0 ? 0 : 1);
-}
 int pit_has_pending_timer(struct kvm_vcpu *vcpu)
 {
        struct kvm_pit *pit = vcpu->kvm->arch.vpit;
@@ -235,21 +244,6 @@ static void kvm_pit_ack_irq(struct kvm_irq_ack_notifier *kian)
        spin_unlock(&ps->inject_lock);
 }
-static enum hrtimer_restart pit_timer_fn(struct hrtimer *data)
-{
-        struct kvm_kpit_state *ps;
-        int restart_timer = 0;
-        ps = container_of(data, struct kvm_kpit_state, pit_timer.timer);
-        restart_timer = __pit_timer_fn(ps);
-        if (restart_timer)
-                return HRTIMER_RESTART;
-        else
-                return HRTIMER_NORESTART;
-}
 void __kvm_migrate_pit_timer(struct kvm_vcpu *vcpu)
 {
        struct kvm_pit *pit = vcpu->kvm->arch.vpit;
@@ -263,15 +257,26 @@ void __kvm_migrate_pit_timer(struct kvm_vcpu *vcpu)
                hrtimer_start_expires(timer, HRTIMER_MODE_ABS);
 }
-static void destroy_pit_timer(struct kvm_kpit_timer *pt)
+static void destroy_pit_timer(struct kvm_timer *pt)
 {
        pr_debug("pit: execute del timer!\n");
        hrtimer_cancel(&pt->timer);
 }
+static bool kpit_is_periodic(struct kvm_timer *ktimer)
+{
+        struct kvm_kpit_state *ps = container_of(ktimer, struct kvm_kpit_state,
+                                                 pit_timer);
+        return ps->is_periodic;
+}
+static struct kvm_timer_ops kpit_ops = {
+        .is_periodic = kpit_is_periodic,
+};
 static void create_pit_timer(struct kvm_kpit_state *ps, u32 val, int is_period)
 {
-        struct kvm_kpit_timer *pt = &ps->pit_timer;
+        struct kvm_timer *pt = &ps->pit_timer;
        s64 interval;
        interval = muldiv64(val, NSEC_PER_SEC, KVM_PIT_FREQ);
@@ -280,8 +285,14 @@ static void create_pit_timer(struct kvm_kpit_state *ps, u32 val, int is_period)
        /* TODO The new value only affected after the retriggered */
        hrtimer_cancel(&pt->timer);
-        pt->period = (is_period == 0) ? 0 : interval;
+        pt->period = interval;
-        pt->timer.function = pit_timer_fn;
+        ps->is_periodic = is_period;
+        pt->timer.function = kvm_timer_fn;
+        pt->t_ops = &kpit_ops;
+        pt->kvm = ps->pit->kvm;
+        pt->vcpu_id = 0;
        atomic_set(&pt->pending, 0);
        ps->irq_ack = 1;
@@ -298,23 +309,23 @@ static void pit_load_count(struct kvm *kvm, int channel, u32 val)
        pr_debug("pit: load_count val is %d, channel is %d\n", val, channel);
        /*
-         * Though spec said the state of 8254 is undefined after power-up,
+         * The largest possible initial count is 0; this is equivalent
-         * seems some tricky OS like Windows XP depends on IRQ0 interrupt
+         * to 216 for binary counting and 104 for BCD counting.
-         * when booting up.
-         * So here setting initialize rate for it, and not a specific number
         */
        if (val == 0)
                val = 0x10000;
-        ps->channels[channel].count_load_time = ktime_get();
        ps->channels[channel].count = val;
-        if (channel != 0)
+        if (channel != 0) {
+                ps->channels[channel].count_load_time = ktime_get();
                return;
+        }
        /* Two types of timer
         * mode 1 is one shot, mode 2 is period, otherwise del timer */
        switch (ps->channels[0].mode) {
+        case 0:
        case 1:
        /* FIXME: enhance mode 4 precision */
        case 4:
diff --git a/arch/x86/kvm/i8254.h b/arch/x86/kvm/i8254.h
index 6acbe4b505d5..bbd863ff60b7 100644
--- a/arch/x86/kvm/i8254.h
+++ b/arch/x86/kvm/i8254.h
@@ -3,15 +3,6 @@
 #include "iodev.h"
-struct kvm_kpit_timer {
-        struct hrtimer timer;
-        int irq;
-        s64 period; /* unit: ns */
-        s64 scheduled;
-        atomic_t pending;
-        bool reinject;
-};
 struct kvm_kpit_channel_state {
        u32 count; /* can be 65536 */
        u16 latched_count;
@@ -30,7 +21,8 @@ struct kvm_kpit_channel_state {
 struct kvm_kpit_state {
        struct kvm_kpit_channel_state channels[3];
-        struct kvm_kpit_timer pit_timer;
+        struct kvm_timer pit_timer;
+        bool is_periodic;
        u32    speaker_data_on;
        struct mutex lock;
        struct kvm_pit *pit;
diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c
index cf17ed52f6fb..96dfbb6ad2a9 100644
--- a/arch/x86/kvm/irq.c
+++ b/arch/x86/kvm/irq.c
@@ -24,6 +24,7 @@
 #include "irq.h"
 #include "i8254.h"
+#include "x86.h"
 /*
 * check if there are pending timer events
@@ -48,6 +49,9 @@ int kvm_cpu_has_interrupt(struct kvm_vcpu *v)
 {
        struct kvm_pic *s;
+        if (!irqchip_in_kernel(v->kvm))
+                return v->arch.interrupt.pending;
        if (kvm_apic_has_interrupt(v) == -1) {  /* LAPIC */
                if (kvm_apic_accept_pic_intr(v)) {
                        s = pic_irqchip(v->kvm);        /* PIC */
@@ -67,6 +71,9 @@ int kvm_cpu_get_interrupt(struct kvm_vcpu *v)
        struct kvm_pic *s;
        int vector;
+        if (!irqchip_in_kernel(v->kvm))
+                return v->arch.interrupt.nr;
        vector = kvm_get_apic_interrupt(v);     /* APIC */
        if (vector == -1) {
                if (kvm_apic_accept_pic_intr(v)) {
diff --git a/arch/x86/kvm/kvm_timer.h b/arch/x86/kvm/kvm_timer.h
new file mode 100644
index 000000000000..26bd6ba74e1c
--- /dev/null
+++ b/arch/x86/kvm/kvm_timer.h
@@ -0,0 +1,18 @@
+struct kvm_timer {
+        struct hrtimer timer;
+        s64 period;                             /* unit: ns */
+        atomic_t pending;                       /* accumulated triggered timers */
+        bool reinject;
+        struct kvm_timer_ops *t_ops;
+        struct kvm *kvm;
+        int vcpu_id;
+};
+struct kvm_timer_ops {
+        bool (*is_periodic)(struct kvm_timer *);
+};
+enum hrtimer_restart kvm_timer_fn(struct hrtimer *data);
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index f0b67f2cdd69..ae99d83f81a3 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -196,20 +196,15 @@ int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_lapic_find_highest_irr);
-int kvm_apic_set_irq(struct kvm_vcpu *vcpu, u8 vec, u8 trig)
+static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
+                             int vector, int level, int trig_mode);
+int kvm_apic_set_irq(struct kvm_vcpu *vcpu, struct kvm_lapic_irq *irq)
 {
        struct kvm_lapic *apic = vcpu->arch.apic;
-        if (!apic_test_and_set_irr(vec, apic)) {
+        return __apic_accept_irq(apic, irq->delivery_mode, irq->vector,
-                /* a new pending irq is set in IRR */
+                        irq->level, irq->trig_mode);
-                if (trig)
-                        apic_set_vector(vec, apic->regs + APIC_TMR);
-                else
-                        apic_clear_vector(vec, apic->regs + APIC_TMR);
-                kvm_vcpu_kick(apic->vcpu);
-                return 1;
-        }
-        return 0;
 }
 static inline int apic_find_highest_isr(struct kvm_lapic *apic)
@@ -250,7 +245,7 @@ static void apic_set_tpr(struct kvm_lapic *apic, u32 tpr)
 int kvm_apic_match_physical_addr(struct kvm_lapic *apic, u16 dest)
 {
-        return kvm_apic_id(apic) == dest;
+        return dest == 0xff || kvm_apic_id(apic) == dest;
 }
 int kvm_apic_match_logical_addr(struct kvm_lapic *apic, u8 mda)
@@ -279,37 +274,34 @@ int kvm_apic_match_logical_addr(struct kvm_lapic *apic, u8 mda)
        return result;
 }
-static int apic_match_dest(struct kvm_vcpu *vcpu, struct kvm_lapic *source,
+int kvm_apic_match_dest(struct kvm_vcpu *vcpu, struct kvm_lapic *source,
                           int short_hand, int dest, int dest_mode)
 {
        int result = 0;
        struct kvm_lapic *target = vcpu->arch.apic;
        apic_debug("target %p, source %p, dest 0x%x, "
-                   "dest_mode 0x%x, short_hand 0x%x",
+                   "dest_mode 0x%x, short_hand 0x%x\n",
                   target, source, dest, dest_mode, short_hand);
        ASSERT(!target);
        switch (short_hand) {
        case APIC_DEST_NOSHORT:
-                if (dest_mode == 0) {
+                if (dest_mode == 0)
                        /* Physical mode. */
-                        if ((dest == 0xFF) || (dest == kvm_apic_id(target)))
+                        result = kvm_apic_match_physical_addr(target, dest);
-                                result = 1;
+                else
-                } else
                        /* Logical mode. */
                        result = kvm_apic_match_logical_addr(target, dest);
                break;
        case APIC_DEST_SELF:
-                if (target == source)
+                result = (target == source);
-                        result = 1;
                break;
        case APIC_DEST_ALLINC:
                result = 1;
                break;
        case APIC_DEST_ALLBUT:
-                if (target != source)
+                result = (target != source);
-                        result = 1;
                break;
        default:
                printk(KERN_WARNING "Bad dest shorthand value %x\n",
@@ -327,20 +319,22 @@ static int apic_match_dest(struct kvm_vcpu *vcpu, struct kvm_lapic *source,
 static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                             int vector, int level, int trig_mode)
 {
-        int orig_irr, result = 0;
+        int result = 0;
        struct kvm_vcpu *vcpu = apic->vcpu;
        switch (delivery_mode) {
-        case APIC_DM_FIXED:
        case APIC_DM_LOWEST:
+                vcpu->arch.apic_arb_prio++;
+        case APIC_DM_FIXED:
                /* FIXME add logic for vcpu on reset */
                if (unlikely(!apic_enabled(apic)))
                        break;
-                orig_irr = apic_test_and_set_irr(vector, apic);
+                result = !apic_test_and_set_irr(vector, apic);
-                if (orig_irr && trig_mode) {
+                if (!result) {
-                        apic_debug("level trig mode repeatedly for vector %d",
+                        if (trig_mode)
-                                   vector);
+                                apic_debug("level trig mode repeatedly for "
+                                                "vector %d", vector);
                        break;
                }
@@ -349,10 +343,7 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                        apic_set_vector(vector, apic->regs + APIC_TMR);
                } else
                        apic_clear_vector(vector, apic->regs + APIC_TMR);
                kvm_vcpu_kick(vcpu);
-                result = (orig_irr == 0);
                break;
        case APIC_DM_REMRD:
@@ -364,12 +355,14 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                break;
        case APIC_DM_NMI:
+                result = 1;
                kvm_inject_nmi(vcpu);
                kvm_vcpu_kick(vcpu);
                break;
        case APIC_DM_INIT:
                if (level) {
+                        result = 1;
                        if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE)
                                printk(KERN_DEBUG
                                       "INIT on a runnable vcpu %d\n",
@@ -386,6 +379,7 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                apic_debug("SIPI to vcpu %d vector 0x%02x\n",
                           vcpu->vcpu_id, vector);
                if (vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED) {
+                        result = 1;
                        vcpu->arch.sipi_vector = vector;
                        vcpu->arch.mp_state = KVM_MP_STATE_SIPI_RECEIVED;
                        kvm_vcpu_kick(vcpu);
@@ -408,43 +402,9 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
        return result;
 }
-static struct kvm_lapic *kvm_apic_round_robin(struct kvm *kvm, u8 vector,
+int kvm_apic_compare_prio(struct kvm_vcpu *vcpu1, struct kvm_vcpu *vcpu2)
-                                       unsigned long bitmap)
-{
-        int last;
-        int next;
-        struct kvm_lapic *apic = NULL;
-        last = kvm->arch.round_robin_prev_vcpu;
-        next = last;
-        do {
-                if (++next == KVM_MAX_VCPUS)
-                        next = 0;
-                if (kvm->vcpus[next] == NULL || !test_bit(next, &bitmap))
-                        continue;
-                apic = kvm->vcpus[next]->arch.apic;
-                if (apic && apic_enabled(apic))
-                        break;
-                apic = NULL;
-        } while (next != last);
-        kvm->arch.round_robin_prev_vcpu = next;
-        if (!apic)
-                printk(KERN_DEBUG "vcpu not ready for apic_round_robin\n");
-        return apic;
-}
-struct kvm_vcpu *kvm_get_lowest_prio_vcpu(struct kvm *kvm, u8 vector,
-                unsigned long bitmap)
 {
-        struct kvm_lapic *apic;
+        return vcpu1->arch.apic_arb_prio - vcpu2->arch.apic_arb_prio;
-        apic = kvm_apic_round_robin(kvm, vector, bitmap);
-        if (apic)
-                return apic->vcpu;
-        return NULL;
 }
 static void apic_set_eoi(struct kvm_lapic *apic)
@@ -472,47 +432,24 @@ static void apic_send_ipi(struct kvm_lapic *apic)
 {
        u32 icr_low = apic_get_reg(apic, APIC_ICR);
        u32 icr_high = apic_get_reg(apic, APIC_ICR2);
+        struct kvm_lapic_irq irq;
-        unsigned int dest = GET_APIC_DEST_FIELD(icr_high);
+        irq.vector = icr_low & APIC_VECTOR_MASK;
-        unsigned int short_hand = icr_low & APIC_SHORT_MASK;
+        irq.delivery_mode = icr_low & APIC_MODE_MASK;
-        unsigned int trig_mode = icr_low & APIC_INT_LEVELTRIG;
+        irq.dest_mode = icr_low & APIC_DEST_MASK;
-        unsigned int level = icr_low & APIC_INT_ASSERT;
+        irq.level = icr_low & APIC_INT_ASSERT;
-        unsigned int dest_mode = icr_low & APIC_DEST_MASK;
+        irq.trig_mode = icr_low & APIC_INT_LEVELTRIG;
-        unsigned int delivery_mode = icr_low & APIC_MODE_MASK;
+        irq.shorthand = icr_low & APIC_SHORT_MASK;
-        unsigned int vector = icr_low & APIC_VECTOR_MASK;
+        irq.dest_id = GET_APIC_DEST_FIELD(icr_high);
-        struct kvm_vcpu *target;
-        struct kvm_vcpu *vcpu;
-        unsigned long lpr_map = 0;
-        int i;
        apic_debug("icr_high 0x%x, icr_low 0x%x, "
                   "short_hand 0x%x, dest 0x%x, trig_mode 0x%x, level 0x%x, "
                   "dest_mode 0x%x, delivery_mode 0x%x, vector 0x%x\n",
-                   icr_high, icr_low, short_hand, dest,
+                   icr_high, icr_low, irq.shorthand, irq.dest_id,
-                   trig_mode, level, dest_mode, delivery_mode, vector);
+                   irq.trig_mode, irq.level, irq.dest_mode, irq.delivery_mode,
+                   irq.vector);
-        for (i = 0; i < KVM_MAX_VCPUS; i++) {
-                vcpu = apic->vcpu->kvm->vcpus[i];
-                if (!vcpu)
-                        continue;
-                if (vcpu->arch.apic &&
-                    apic_match_dest(vcpu, apic, short_hand, dest, dest_mode)) {
-                        if (delivery_mode == APIC_DM_LOWEST)
-                                set_bit(vcpu->vcpu_id, &lpr_map);
-                        else
-                                __apic_accept_irq(vcpu->arch.apic, delivery_mode,
-                                                  vector, level, trig_mode);
-                }
-        }
-        if (delivery_mode == APIC_DM_LOWEST) {
+        kvm_irq_delivery_to_apic(apic->vcpu->kvm, apic, &irq);
-                target = kvm_get_lowest_prio_vcpu(vcpu->kvm, vector, lpr_map);
-                if (target != NULL)
-                        __apic_accept_irq(target->arch.apic, delivery_mode,
-                                          vector, level, trig_mode);
-        }
 }
 static u32 apic_get_tmcct(struct kvm_lapic *apic)
@@ -527,12 +464,13 @@ static u32 apic_get_tmcct(struct kvm_lapic *apic)
        if (apic_get_reg(apic, APIC_TMICT) == 0)
                return 0;
-        remaining = hrtimer_expires_remaining(&apic->timer.dev);
+        remaining = hrtimer_expires_remaining(&apic->lapic_timer.timer);
        if (ktime_to_ns(remaining) < 0)
                remaining = ktime_set(0, 0);
-        ns = mod_64(ktime_to_ns(remaining), apic->timer.period);
+        ns = mod_64(ktime_to_ns(remaining), apic->lapic_timer.period);
-        tmcct = div64_u64(ns, (APIC_BUS_CYCLE_NS * apic->timer.divide_count));
+        tmcct = div64_u64(ns,
+                         (APIC_BUS_CYCLE_NS * apic->divide_count));
        return tmcct;
 }
@@ -619,25 +557,25 @@ static void update_divide_count(struct kvm_lapic *apic)
        tdcr = apic_get_reg(apic, APIC_TDCR);
        tmp1 = tdcr & 0xf;
        tmp2 = ((tmp1 & 0x3) | ((tmp1 & 0x8) >> 1)) + 1;
-        apic->timer.divide_count = 0x1 << (tmp2 & 0x7);
+        apic->divide_count = 0x1 << (tmp2 & 0x7);
        apic_debug("timer divide count is 0x%x\n",
-                                   apic->timer.divide_count);
+                                   apic->divide_count);
 }
 static void start_apic_timer(struct kvm_lapic *apic)
 {
-        ktime_t now = apic->timer.dev.base->get_time();
+        ktime_t now = apic->lapic_timer.timer.base->get_time();
-        apic->timer.period = apic_get_reg(apic, APIC_TMICT) *
+        apic->lapic_timer.period = apic_get_reg(apic, APIC_TMICT) *
-                    APIC_BUS_CYCLE_NS * apic->timer.divide_count;
+                    APIC_BUS_CYCLE_NS * apic->divide_count;
-        atomic_set(&apic->timer.pending, 0);
+        atomic_set(&apic->lapic_timer.pending, 0);
-        if (!apic->timer.period)
+        if (!apic->lapic_timer.period)
                return;
-        hrtimer_start(&apic->timer.dev,
+        hrtimer_start(&apic->lapic_timer.timer,
-                      ktime_add_ns(now, apic->timer.period),
+                      ktime_add_ns(now, apic->lapic_timer.period),
                      HRTIMER_MODE_ABS);
        apic_debug("%s: bus cycle is %" PRId64 "ns, now 0x%016"
@@ -646,9 +584,9 @@ static void start_apic_timer(struct kvm_lapic *apic)
                           "expire @ 0x%016" PRIx64 ".\n", __func__,
                           APIC_BUS_CYCLE_NS, ktime_to_ns(now),
                           apic_get_reg(apic, APIC_TMICT),
-                           apic->timer.period,
+                           apic->lapic_timer.period,
                           ktime_to_ns(ktime_add_ns(now,
-                                        apic->timer.period)));
+                                        apic->lapic_timer.period)));
 }
 static void apic_manage_nmi_watchdog(struct kvm_lapic *apic, u32 lvt0_val)
@@ -730,7 +668,7 @@ static void apic_mmio_write(struct kvm_io_device *this,
                                apic_set_reg(apic, APIC_LVTT + 0x10 * i,
                                             lvt_val | APIC_LVT_MASKED);
                        }
-                        atomic_set(&apic->timer.pending, 0);
+                        atomic_set(&apic->lapic_timer.pending, 0);
                }
                break;
@@ -762,7 +700,7 @@ static void apic_mmio_write(struct kvm_io_device *this,
                break;
        case APIC_TMICT:
-                hrtimer_cancel(&apic->timer.dev);
+                hrtimer_cancel(&apic->lapic_timer.timer);
                apic_set_reg(apic, APIC_TMICT, val);
                start_apic_timer(apic);
                return;
@@ -802,7 +740,7 @@ void kvm_free_lapic(struct kvm_vcpu *vcpu)
        if (!vcpu->arch.apic)
                return;
-        hrtimer_cancel(&vcpu->arch.apic->timer.dev);
+        hrtimer_cancel(&vcpu->arch.apic->lapic_timer.timer);
        if (vcpu->arch.apic->regs_page)
                __free_page(vcpu->arch.apic->regs_page);
@@ -880,7 +818,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu)
        ASSERT(apic != NULL);
        /* Stop the timer in case it's a reset to an active apic */
-        hrtimer_cancel(&apic->timer.dev);
+        hrtimer_cancel(&apic->lapic_timer.timer);
        apic_set_reg(apic, APIC_ID, vcpu->vcpu_id << 24);
        apic_set_reg(apic, APIC_LVR, APIC_VERSION);
@@ -905,11 +843,13 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu)
                apic_set_reg(apic, APIC_TMR + 0x10 * i, 0);
        }
        update_divide_count(apic);
-        atomic_set(&apic->timer.pending, 0);
+        atomic_set(&apic->lapic_timer.pending, 0);
        if (vcpu->vcpu_id == 0)
                vcpu->arch.apic_base |= MSR_IA32_APICBASE_BSP;
        apic_update_ppr(apic);
+        vcpu->arch.apic_arb_prio = 0;
        apic_debug(KERN_INFO "%s: vcpu=%p, id=%d, base_msr="
                   "0x%016" PRIx64 ", base_address=0x%0lx.\n", __func__,
                   vcpu, kvm_apic_id(apic),
@@ -917,16 +857,14 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_lapic_reset);
-int kvm_lapic_enabled(struct kvm_vcpu *vcpu)
+bool kvm_apic_present(struct kvm_vcpu *vcpu)
 {
-        struct kvm_lapic *apic = vcpu->arch.apic;
+        return vcpu->arch.apic && apic_hw_enabled(vcpu->arch.apic);
-        int ret = 0;
+}
-        if (!apic)
-                return 0;
-        ret = apic_enabled(apic);
-        return ret;
+int kvm_lapic_enabled(struct kvm_vcpu *vcpu)
+{
+        return kvm_apic_present(vcpu) && apic_sw_enabled(vcpu->arch.apic);
 }
 EXPORT_SYMBOL_GPL(kvm_lapic_enabled);
@@ -936,22 +874,11 @@ EXPORT_SYMBOL_GPL(kvm_lapic_enabled);
 *----------------------------------------------------------------------
 */
-/* TODO: make sure __apic_timer_fn runs in current pCPU */
+static bool lapic_is_periodic(struct kvm_timer *ktimer)
-static int __apic_timer_fn(struct kvm_lapic *apic)
 {
-        int result = 0;
+        struct kvm_lapic *apic = container_of(ktimer, struct kvm_lapic,
-        wait_queue_head_t *q = &apic->vcpu->wq;
+                                              lapic_timer);
+        return apic_lvtt_period(apic);
-        if(!atomic_inc_and_test(&apic->timer.pending))
-                set_bit(KVM_REQ_PENDING_TIMER, &apic->vcpu->requests);
-        if (waitqueue_active(q))
-                wake_up_interruptible(q);
-        if (apic_lvtt_period(apic)) {
-                result = 1;
-                hrtimer_add_expires_ns(&apic->timer.dev, apic->timer.period);
-        }
-        return result;
 }
 int apic_has_pending_timer(struct kvm_vcpu *vcpu)
@@ -959,7 +886,7 @@ int apic_has_pending_timer(struct kvm_vcpu *vcpu)
        struct kvm_lapic *lapic = vcpu->arch.apic;
        if (lapic && apic_enabled(lapic) && apic_lvt_enabled(lapic, APIC_LVTT))
-                return atomic_read(&lapic->timer.pending);
+                return atomic_read(&lapic->lapic_timer.pending);
        return 0;
 }
@@ -986,20 +913,9 @@ void kvm_apic_nmi_wd_deliver(struct kvm_vcpu *vcpu)
                kvm_apic_local_deliver(apic, APIC_LVT0);
 }
-static enum hrtimer_restart apic_timer_fn(struct hrtimer *data)
+static struct kvm_timer_ops lapic_timer_ops = {
-{
+        .is_periodic = lapic_is_periodic,
-        struct kvm_lapic *apic;
+};
-        int restart_timer = 0;
-        apic = container_of(data, struct kvm_lapic, timer.dev);
-        restart_timer = __apic_timer_fn(apic);
-        if (restart_timer)
-                return HRTIMER_RESTART;
-        else
-                return HRTIMER_NORESTART;
-}
 int kvm_create_lapic(struct kvm_vcpu *vcpu)
 {
@@ -1024,8 +940,13 @@ int kvm_create_lapic(struct kvm_vcpu *vcpu)
        memset(apic->regs, 0, PAGE_SIZE);
        apic->vcpu = vcpu;
-        hrtimer_init(&apic->timer.dev, CLOCK_MONOTONIC, HRTIMER_MODE_ABS);
+        hrtimer_init(&apic->lapic_timer.timer, CLOCK_MONOTONIC,
-        apic->timer.dev.function = apic_timer_fn;
+                     HRTIMER_MODE_ABS);
+        apic->lapic_timer.timer.function = kvm_timer_fn;
+        apic->lapic_timer.t_ops = &lapic_timer_ops;
+        apic->lapic_timer.kvm = vcpu->kvm;
+        apic->lapic_timer.vcpu_id = vcpu->vcpu_id;
        apic->base_address = APIC_DEFAULT_PHYS_BASE;
        vcpu->arch.apic_base = APIC_DEFAULT_PHYS_BASE;
@@ -1078,9 +999,9 @@ void kvm_inject_apic_timer_irqs(struct kvm_vcpu *vcpu)
 {
        struct kvm_lapic *apic = vcpu->arch.apic;
-        if (apic && atomic_read(&apic->timer.pending) > 0) {
+        if (apic && atomic_read(&apic->lapic_timer.pending) > 0) {
                if (kvm_apic_local_deliver(apic, APIC_LVTT))
-                        atomic_dec(&apic->timer.pending);
+                        atomic_dec(&apic->lapic_timer.pending);
        }
 }
@@ -1106,7 +1027,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu)
                             MSR_IA32_APICBASE_BASE;
        apic_set_reg(apic, APIC_LVR, APIC_VERSION);
        apic_update_ppr(apic);
-        hrtimer_cancel(&apic->timer.dev);
+        hrtimer_cancel(&apic->lapic_timer.timer);
        update_divide_count(apic);
        start_apic_timer(apic);
 }
@@ -1119,7 +1040,7 @@ void __kvm_migrate_apic_timer(struct kvm_vcpu *vcpu)
        if (!apic)
                return;
-        timer = &apic->timer.dev;
+        timer = &apic->lapic_timer.timer;
        if (hrtimer_cancel(timer))
                hrtimer_start_expires(timer, HRTIMER_MODE_ABS);
 }
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 45ab6ee71209..a587f8349c46 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -2,18 +2,15 @@
 #define __KVM_X86_LAPIC_H
 #include "iodev.h"
+#include "kvm_timer.h"
 #include <linux/kvm_host.h>
 struct kvm_lapic {
        unsigned long base_address;
        struct kvm_io_device dev;
-        struct {
+        struct kvm_timer lapic_timer;
-                atomic_t pending;
+        u32 divide_count;
-                s64 period;     /* unit: ns */
-                u32 divide_count;
-                struct hrtimer dev;
-        } timer;
        struct kvm_vcpu *vcpu;
        struct page *regs_page;
        void *regs;
@@ -34,12 +31,13 @@ u64 kvm_lapic_get_base(struct kvm_vcpu *vcpu);
 int kvm_apic_match_physical_addr(struct kvm_lapic *apic, u16 dest);
 int kvm_apic_match_logical_addr(struct kvm_lapic *apic, u8 mda);
-int kvm_apic_set_irq(struct kvm_vcpu *vcpu, u8 vec, u8 trig);
+int kvm_apic_set_irq(struct kvm_vcpu *vcpu, struct kvm_lapic_irq *irq);
 u64 kvm_get_apic_base(struct kvm_vcpu *vcpu);
 void kvm_set_apic_base(struct kvm_vcpu *vcpu, u64 data);
 void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu);
 int kvm_lapic_enabled(struct kvm_vcpu *vcpu);
+bool kvm_apic_present(struct kvm_vcpu *vcpu);
 int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu);
 void kvm_lapic_set_vapic_addr(struct kvm_vcpu *vcpu, gpa_t vapic_addr);
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 32cf11e5728a..5c3d6e81a7dc 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -126,6 +126,7 @@ module_param(oos_shadow, bool, 0644);
 #define PFERR_PRESENT_MASK (1U << 0)
 #define PFERR_WRITE_MASK (1U << 1)
 #define PFERR_USER_MASK (1U << 2)
+#define PFERR_RSVD_MASK (1U << 3)
 #define PFERR_FETCH_MASK (1U << 4)
 #define PT_DIRECTORY_LEVEL 2
@@ -177,7 +178,11 @@ static u64 __read_mostly shadow_x_mask;	/* mutual exclusive with nx_mask */
 static u64 __read_mostly shadow_user_mask;
 static u64 __read_mostly shadow_accessed_mask;
 static u64 __read_mostly shadow_dirty_mask;
-static u64 __read_mostly shadow_mt_mask;
+static inline u64 rsvd_bits(int s, int e)
+{
+        return ((1ULL << (e - s + 1)) - 1) << s;
+}
 void kvm_mmu_set_nonpresent_ptes(u64 trap_pte, u64 notrap_pte)
 {
@@ -193,14 +198,13 @@ void kvm_mmu_set_base_ptes(u64 base_pte)
 EXPORT_SYMBOL_GPL(kvm_mmu_set_base_ptes);
 void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask,
-                u64 dirty_mask, u64 nx_mask, u64 x_mask, u64 mt_mask)
+                u64 dirty_mask, u64 nx_mask, u64 x_mask)
 {
        shadow_user_mask = user_mask;
        shadow_accessed_mask = accessed_mask;
        shadow_dirty_mask = dirty_mask;
        shadow_nx_mask = nx_mask;
        shadow_x_mask = x_mask;
-        shadow_mt_mask = mt_mask;
 }
 EXPORT_SYMBOL_GPL(kvm_mmu_set_mask_ptes);
@@ -219,11 +223,6 @@ static int is_nx(struct kvm_vcpu *vcpu)
        return vcpu->arch.shadow_efer & EFER_NX;
 }
-static int is_present_pte(unsigned long pte)
-{
-        return pte & PT_PRESENT_MASK;
-}
 static int is_shadow_present_pte(u64 pte)
 {
        return pte != shadow_trap_nonpresent_pte
@@ -1074,18 +1073,10 @@ static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm *kvm, gfn_t gfn)
        return NULL;
 }
-static void kvm_unlink_unsync_global(struct kvm *kvm, struct kvm_mmu_page *sp)
-{
-        list_del(&sp->oos_link);
-        --kvm->stat.mmu_unsync_global;
-}
 static void kvm_unlink_unsync_page(struct kvm *kvm, struct kvm_mmu_page *sp)
 {
        WARN_ON(!sp->unsync);
        sp->unsync = 0;
-        if (sp->global)
-                kvm_unlink_unsync_global(kvm, sp);
        --kvm->stat.mmu_unsync;
 }
@@ -1248,7 +1239,6 @@ static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
        pgprintk("%s: adding gfn %lx role %x\n", __func__, gfn, role.word);
        sp->gfn = gfn;
        sp->role = role;
-        sp->global = 0;
        hlist_add_head(&sp->hash_link, bucket);
        if (!direct) {
                if (rmap_write_protect(vcpu->kvm, gfn))
@@ -1616,7 +1606,7 @@ static int get_mtrr_type(struct mtrr_state_type *mtrr_state,
        return mtrr_state->def_type;
 }
-static u8 get_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn)
+u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn)
 {
        u8 mtrr;
@@ -1626,6 +1616,7 @@ static u8 get_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn)
                mtrr = MTRR_TYPE_WRBACK;
        return mtrr;
 }
+EXPORT_SYMBOL_GPL(kvm_get_guest_memory_type);
 static int kvm_unsync_page(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
 {
@@ -1646,11 +1637,7 @@ static int kvm_unsync_page(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
        ++vcpu->kvm->stat.mmu_unsync;
        sp->unsync = 1;
-        if (sp->global) {
+        kvm_mmu_mark_parents_unsync(vcpu, sp);
-                list_add(&sp->oos_link, &vcpu->kvm->arch.oos_global_pages);
-                ++vcpu->kvm->stat.mmu_unsync_global;
-        } else
-                kvm_mmu_mark_parents_unsync(vcpu, sp);
        mmu_convert_notrap(sp);
        return 0;
@@ -1677,21 +1664,11 @@ static int mmu_need_write_protect(struct kvm_vcpu *vcpu, gfn_t gfn,
 static int set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
                    unsigned pte_access, int user_fault,
                    int write_fault, int dirty, int largepage,
-                    int global, gfn_t gfn, pfn_t pfn, bool speculative,
+                    gfn_t gfn, pfn_t pfn, bool speculative,
                    bool can_unsync)
 {
        u64 spte;
        int ret = 0;
-        u64 mt_mask = shadow_mt_mask;
-        struct kvm_mmu_page *sp = page_header(__pa(shadow_pte));
-        if (!global && sp->global) {
-                sp->global = 0;
-                if (sp->unsync) {
-                        kvm_unlink_unsync_global(vcpu->kvm, sp);
-                        kvm_mmu_mark_parents_unsync(vcpu, sp);
-                }
-        }
        /*
         * We don't set the accessed bit, since we sometimes want to see
@@ -1711,16 +1688,9 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
                spte |= shadow_user_mask;
        if (largepage)
                spte |= PT_PAGE_SIZE_MASK;
-        if (mt_mask) {
+        if (tdp_enabled)
-                if (!kvm_is_mmio_pfn(pfn)) {
+                spte |= kvm_x86_ops->get_mt_mask(vcpu, gfn,
-                        mt_mask = get_memory_type(vcpu, gfn) <<
+                        kvm_is_mmio_pfn(pfn));
-                                kvm_x86_ops->get_mt_mask_shift();
-                        mt_mask |= VMX_EPT_IGMT_BIT;
-                } else
-                        mt_mask = MTRR_TYPE_UNCACHABLE <<
-                                kvm_x86_ops->get_mt_mask_shift();
-                spte |= mt_mask;
-        }
        spte |= (u64)pfn << PAGE_SHIFT;
@@ -1765,8 +1735,8 @@ set_pte:
 static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
                         unsigned pt_access, unsigned pte_access,
                         int user_fault, int write_fault, int dirty,
-                         int *ptwrite, int largepage, int global,
+                         int *ptwrite, int largepage, gfn_t gfn,
-                         gfn_t gfn, pfn_t pfn, bool speculative)
+                         pfn_t pfn, bool speculative)
 {
        int was_rmapped = 0;
        int was_writeble = is_writeble_pte(*shadow_pte);
@@ -1795,7 +1765,7 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
                        was_rmapped = 1;
        }
        if (set_spte(vcpu, shadow_pte, pte_access, user_fault, write_fault,
-                      dirty, largepage, global, gfn, pfn, speculative, true)) {
+                      dirty, largepage, gfn, pfn, speculative, true)) {
                if (write_fault)
                        *ptwrite = 1;
                kvm_x86_ops->tlb_flush(vcpu);
@@ -1843,7 +1813,7 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
                    || (largepage && iterator.level == PT_DIRECTORY_LEVEL)) {
                        mmu_set_spte(vcpu, iterator.sptep, ACC_ALL, ACC_ALL,
                                     0, write, 1, &pt_write,
-                                     largepage, 0, gfn, pfn, false);
+                                     largepage, gfn, pfn, false);
                        ++vcpu->stat.pf_fixed;
                        break;
                }
@@ -1942,7 +1912,19 @@ static void mmu_free_roots(struct kvm_vcpu *vcpu)
        vcpu->arch.mmu.root_hpa = INVALID_PAGE;
 }
-static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
+static int mmu_check_root(struct kvm_vcpu *vcpu, gfn_t root_gfn)
+{
+        int ret = 0;
+        if (!kvm_is_visible_gfn(vcpu->kvm, root_gfn)) {
+                set_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests);
+                ret = 1;
+        }
+        return ret;
+}
+static int mmu_alloc_roots(struct kvm_vcpu *vcpu)
 {
        int i;
        gfn_t root_gfn;
@@ -1957,13 +1939,15 @@ static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
                ASSERT(!VALID_PAGE(root));
                if (tdp_enabled)
                        direct = 1;
+                if (mmu_check_root(vcpu, root_gfn))
+                        return 1;
                sp = kvm_mmu_get_page(vcpu, root_gfn, 0,
                                      PT64_ROOT_LEVEL, direct,
                                      ACC_ALL, NULL);
                root = __pa(sp->spt);
                ++sp->root_count;
                vcpu->arch.mmu.root_hpa = root;
-                return;
+                return 0;
        }
        direct = !is_paging(vcpu);
        if (tdp_enabled)
@@ -1980,6 +1964,8 @@ static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
                        root_gfn = vcpu->arch.pdptrs[i] >> PAGE_SHIFT;
                } else if (vcpu->arch.mmu.root_level == 0)
                        root_gfn = 0;
+                if (mmu_check_root(vcpu, root_gfn))
+                        return 1;
                sp = kvm_mmu_get_page(vcpu, root_gfn, i << 30,
                                      PT32_ROOT_LEVEL, direct,
                                      ACC_ALL, NULL);
@@ -1988,6 +1974,7 @@ static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
                vcpu->arch.mmu.pae_root[i] = root | PT_PRESENT_MASK;
        }
        vcpu->arch.mmu.root_hpa = __pa(vcpu->arch.mmu.pae_root);
+        return 0;
 }
 static void mmu_sync_roots(struct kvm_vcpu *vcpu)
@@ -2006,7 +1993,7 @@ static void mmu_sync_roots(struct kvm_vcpu *vcpu)
        for (i = 0; i < 4; ++i) {
                hpa_t root = vcpu->arch.mmu.pae_root[i];
-                if (root) {
+                if (root && VALID_PAGE(root)) {
                        root &= PT64_BASE_ADDR_MASK;
                        sp = page_header(root);
                        mmu_sync_children(vcpu, sp);
@@ -2014,15 +2001,6 @@ static void mmu_sync_roots(struct kvm_vcpu *vcpu)
        }
 }
-static void mmu_sync_global(struct kvm_vcpu *vcpu)
-{
-        struct kvm *kvm = vcpu->kvm;
-        struct kvm_mmu_page *sp, *n;
-        list_for_each_entry_safe(sp, n, &kvm->arch.oos_global_pages, oos_link)
-                kvm_sync_page(vcpu, sp);
-}
 void kvm_mmu_sync_roots(struct kvm_vcpu *vcpu)
 {
        spin_lock(&vcpu->kvm->mmu_lock);
@@ -2030,13 +2008,6 @@ void kvm_mmu_sync_roots(struct kvm_vcpu *vcpu)
        spin_unlock(&vcpu->kvm->mmu_lock);
 }
-void kvm_mmu_sync_global(struct kvm_vcpu *vcpu)
-{
-        spin_lock(&vcpu->kvm->mmu_lock);
-        mmu_sync_global(vcpu);
-        spin_unlock(&vcpu->kvm->mmu_lock);
-}
 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
 {
        return vaddr;
@@ -2151,6 +2122,14 @@ static void paging_free(struct kvm_vcpu *vcpu)
        nonpaging_free(vcpu);
 }
+static bool is_rsvd_bits_set(struct kvm_vcpu *vcpu, u64 gpte, int level)
+{
+        int bit7;
+        bit7 = (gpte >> 7) & 1;
+        return (gpte & vcpu->arch.mmu.rsvd_bits_mask[bit7][level-1]) != 0;
+}
 #define PTTYPE 64
 #include "paging_tmpl.h"
 #undef PTTYPE
@@ -2159,6 +2138,59 @@ static void paging_free(struct kvm_vcpu *vcpu)
 #include "paging_tmpl.h"
 #undef PTTYPE
+static void reset_rsvds_bits_mask(struct kvm_vcpu *vcpu, int level)
+{
+        struct kvm_mmu *context = &vcpu->arch.mmu;
+        int maxphyaddr = cpuid_maxphyaddr(vcpu);
+        u64 exb_bit_rsvd = 0;
+        if (!is_nx(vcpu))
+                exb_bit_rsvd = rsvd_bits(63, 63);
+        switch (level) {
+        case PT32_ROOT_LEVEL:
+                /* no rsvd bits for 2 level 4K page table entries */
+                context->rsvd_bits_mask[0][1] = 0;
+                context->rsvd_bits_mask[0][0] = 0;
+                if (is_cpuid_PSE36())
+                        /* 36bits PSE 4MB page */
+                        context->rsvd_bits_mask[1][1] = rsvd_bits(17, 21);
+                else
+                        /* 32 bits PSE 4MB page */
+                        context->rsvd_bits_mask[1][1] = rsvd_bits(13, 21);
+                context->rsvd_bits_mask[1][0] = ~0ull;
+                break;
+        case PT32E_ROOT_LEVEL:
+                context->rsvd_bits_mask[0][2] =
+                        rsvd_bits(maxphyaddr, 63) |
+                        rsvd_bits(7, 8) | rsvd_bits(1, 2);      /* PDPTE */
+                context->rsvd_bits_mask[0][1] = exb_bit_rsvd |
+                        rsvd_bits(maxphyaddr, 62);      /* PDE */
+                context->rsvd_bits_mask[0][0] = exb_bit_rsvd |
+                        rsvd_bits(maxphyaddr, 62);      /* PTE */
+                context->rsvd_bits_mask[1][1] = exb_bit_rsvd |
+                        rsvd_bits(maxphyaddr, 62) |
+                        rsvd_bits(13, 20);              /* large page */
+                context->rsvd_bits_mask[1][0] = ~0ull;
+                break;
+        case PT64_ROOT_LEVEL:
+                context->rsvd_bits_mask[0][3] = exb_bit_rsvd |
+                        rsvd_bits(maxphyaddr, 51) | rsvd_bits(7, 8);
+                context->rsvd_bits_mask[0][2] = exb_bit_rsvd |
+                        rsvd_bits(maxphyaddr, 51) | rsvd_bits(7, 8);
+                context->rsvd_bits_mask[0][1] = exb_bit_rsvd |
+                        rsvd_bits(maxphyaddr, 51);
+                context->rsvd_bits_mask[0][0] = exb_bit_rsvd |
+                        rsvd_bits(maxphyaddr, 51);
+                context->rsvd_bits_mask[1][3] = context->rsvd_bits_mask[0][3];
+                context->rsvd_bits_mask[1][2] = context->rsvd_bits_mask[0][2];
+                context->rsvd_bits_mask[1][1] = exb_bit_rsvd |
+                        rsvd_bits(maxphyaddr, 51) |
+                        rsvd_bits(13, 20);              /* large page */
+                context->rsvd_bits_mask[1][0] = ~0ull;
+                break;
+        }
+}
 static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
 {
        struct kvm_mmu *context = &vcpu->arch.mmu;
@@ -2179,6 +2211,7 @@ static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
 static int paging64_init_context(struct kvm_vcpu *vcpu)
 {
+        reset_rsvds_bits_mask(vcpu, PT64_ROOT_LEVEL);
        return paging64_init_context_common(vcpu, PT64_ROOT_LEVEL);
 }
@@ -2186,6 +2219,7 @@ static int paging32_init_context(struct kvm_vcpu *vcpu)
 {
        struct kvm_mmu *context = &vcpu->arch.mmu;
+        reset_rsvds_bits_mask(vcpu, PT32_ROOT_LEVEL);
        context->new_cr3 = paging_new_cr3;
        context->page_fault = paging32_page_fault;
        context->gva_to_gpa = paging32_gva_to_gpa;
@@ -2201,6 +2235,7 @@ static int paging32_init_context(struct kvm_vcpu *vcpu)
 static int paging32E_init_context(struct kvm_vcpu *vcpu)
 {
+        reset_rsvds_bits_mask(vcpu, PT32E_ROOT_LEVEL);
        return paging64_init_context_common(vcpu, PT32E_ROOT_LEVEL);
 }
@@ -2221,12 +2256,15 @@ static int init_kvm_tdp_mmu(struct kvm_vcpu *vcpu)
                context->gva_to_gpa = nonpaging_gva_to_gpa;
                context->root_level = 0;
        } else if (is_long_mode(vcpu)) {
+                reset_rsvds_bits_mask(vcpu, PT64_ROOT_LEVEL);
                context->gva_to_gpa = paging64_gva_to_gpa;
                context->root_level = PT64_ROOT_LEVEL;
        } else if (is_pae(vcpu)) {
+                reset_rsvds_bits_mask(vcpu, PT32E_ROOT_LEVEL);
                context->gva_to_gpa = paging64_gva_to_gpa;
                context->root_level = PT32E_ROOT_LEVEL;
        } else {
+                reset_rsvds_bits_mask(vcpu, PT32_ROOT_LEVEL);
                context->gva_to_gpa = paging32_gva_to_gpa;
                context->root_level = PT32_ROOT_LEVEL;
        }
@@ -2290,9 +2328,11 @@ int kvm_mmu_load(struct kvm_vcpu *vcpu)
                goto out;
        spin_lock(&vcpu->kvm->mmu_lock);
        kvm_mmu_free_some_pages(vcpu);
-        mmu_alloc_roots(vcpu);
+        r = mmu_alloc_roots(vcpu);
        mmu_sync_roots(vcpu);
        spin_unlock(&vcpu->kvm->mmu_lock);
+        if (r)
+                goto out;
        kvm_x86_ops->set_cr3(vcpu, vcpu->arch.mmu.root_hpa);
        kvm_mmu_flush_tlb(vcpu);
 out:
@@ -2638,14 +2678,6 @@ EXPORT_SYMBOL_GPL(kvm_disable_tdp);
 static void free_mmu_pages(struct kvm_vcpu *vcpu)
 {
-        struct kvm_mmu_page *sp;
-        while (!list_empty(&vcpu->kvm->arch.active_mmu_pages)) {
-                sp = container_of(vcpu->kvm->arch.active_mmu_pages.next,
-                                  struct kvm_mmu_page, link);
-                kvm_mmu_zap_page(vcpu->kvm, sp);
-                cond_resched();
-        }
        free_page((unsigned long)vcpu->arch.mmu.pae_root);
 }
@@ -2710,7 +2742,6 @@ void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
 {
        struct kvm_mmu_page *sp;
-        spin_lock(&kvm->mmu_lock);
        list_for_each_entry(sp, &kvm->arch.active_mmu_pages, link) {
                int i;
                u64 *pt;
@@ -2725,7 +2756,6 @@ void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
                                pt[i] &= ~PT_WRITABLE_MASK;
        }
        kvm_flush_remote_tlbs(kvm);
-        spin_unlock(&kvm->mmu_lock);
 }
 void kvm_mmu_zap_all(struct kvm *kvm)
@@ -3007,11 +3037,13 @@ static void audit_mappings_page(struct kvm_vcpu *vcpu, u64 page_pte,
                                       " in nonleaf level: levels %d gva %lx"
                                       " level %d pte %llx\n", audit_msg,
                                       vcpu->arch.mmu.root_level, va, level, ent);
+                        else
-                        audit_mappings_page(vcpu, ent, va, level - 1);
+                                audit_mappings_page(vcpu, ent, va, level - 1);
                } else {
                        gpa_t gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, va);
-                        hpa_t hpa = (hpa_t)gpa_to_pfn(vcpu, gpa) << PAGE_SHIFT;
+                        gfn_t gfn = gpa >> PAGE_SHIFT;
+                        pfn_t pfn = gfn_to_pfn(vcpu->kvm, gfn);
+                        hpa_t hpa = (hpa_t)pfn << PAGE_SHIFT;
                        if (is_shadow_present_pte(ent)
                            && (ent & PT64_BASE_ADDR_MASK) != hpa)
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index eaab2145f62b..3494a2fb136e 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -75,4 +75,9 @@ static inline int is_paging(struct kvm_vcpu *vcpu)
        return vcpu->arch.cr0 & X86_CR0_PG;
 }
+static inline int is_present_pte(unsigned long pte)
+{
+        return pte & PT_PRESENT_MASK;
+}
 #endif
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 6bd70206c561..258e4591e1ca 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -123,6 +123,7 @@ static int FNAME(walk_addr)(struct guest_walker *walker,
        gfn_t table_gfn;
        unsigned index, pt_access, pte_access;
        gpa_t pte_gpa;
+        int rsvd_fault = 0;
        pgprintk("%s: addr %lx\n", __func__, addr);
 walk:
@@ -157,6 +158,10 @@ walk:
                if (!is_present_pte(pte))
                        goto not_present;
+                rsvd_fault = is_rsvd_bits_set(vcpu, pte, walker->level);
+                if (rsvd_fault)
+                        goto access_error;
                if (write_fault && !is_writeble_pte(pte))
                        if (user_fault || is_write_protection(vcpu))
                                goto access_error;
@@ -209,7 +214,6 @@ walk:
                if (ret)
                        goto walk;
                pte |= PT_DIRTY_MASK;
-                kvm_mmu_pte_write(vcpu, pte_gpa, (u8 *)&pte, sizeof(pte), 0);
                walker->ptes[walker->level - 1] = pte;
        }
@@ -233,6 +237,8 @@ err:
                walker->error_code |= PFERR_USER_MASK;
        if (fetch_fault)
                walker->error_code |= PFERR_FETCH_MASK;
+        if (rsvd_fault)
+                walker->error_code |= PFERR_RSVD_MASK;
        return 0;
 }
@@ -262,8 +268,7 @@ static void FNAME(update_pte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *page,
        kvm_get_pfn(pfn);
        mmu_set_spte(vcpu, spte, page->role.access, pte_access, 0, 0,
                     gpte & PT_DIRTY_MASK, NULL, largepage,
-                     gpte & PT_GLOBAL_MASK, gpte_to_gfn(gpte),
+                     gpte_to_gfn(gpte), pfn, true);
-                     pfn, true);
 }
 /*
@@ -297,7 +302,6 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
                                     user_fault, write_fault,
                                     gw->ptes[gw->level-1] & PT_DIRTY_MASK,
                                     ptwrite, largepage,
-                                     gw->ptes[gw->level-1] & PT_GLOBAL_MASK,
                                     gw->gfn, pfn, false);
                        break;
                }
@@ -380,7 +384,7 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr,
                return r;
        /*
-         * Look up the shadow pte for the faulting address.
+         * Look up the guest pte for the faulting address.
         */
        r = FNAME(walk_addr)(&walker, vcpu, addr, write_fault, user_fault,
                             fetch_fault);
@@ -586,7 +590,7 @@ static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
                nr_present++;
                pte_access = sp->role.access & FNAME(gpte_access)(vcpu, gpte);
                set_spte(vcpu, &sp->spt[i], pte_access, 0, 0,
-                         is_dirty_pte(gpte), 0, gpte & PT_GLOBAL_MASK, gfn,
+                         is_dirty_pte(gpte), 0, gfn,
                         spte_to_pfn(sp->spt[i]), true, false);
        }
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 1f8510c51d6e..71510e07e69e 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -19,6 +19,7 @@
 #include "irq.h"
 #include "mmu.h"
 #include "kvm_cache_regs.h"
+#include "x86.h"
 #include <linux/module.h>
 #include <linux/kernel.h>
@@ -69,7 +70,6 @@ module_param(npt, int, S_IRUGO);
 static int nested = 0;
 module_param(nested, int, S_IRUGO);
-static void kvm_reput_irq(struct vcpu_svm *svm);
 static void svm_flush_tlb(struct kvm_vcpu *vcpu);
 static int nested_svm_exit_handled(struct vcpu_svm *svm, bool kvm_override);
@@ -132,24 +132,6 @@ static inline u32 svm_has(u32 feat)
        return svm_features & feat;
 }
-static inline u8 pop_irq(struct kvm_vcpu *vcpu)
-{
-        int word_index = __ffs(vcpu->arch.irq_summary);
-        int bit_index = __ffs(vcpu->arch.irq_pending[word_index]);
-        int irq = word_index * BITS_PER_LONG + bit_index;
-        clear_bit(bit_index, &vcpu->arch.irq_pending[word_index]);
-        if (!vcpu->arch.irq_pending[word_index])
-                clear_bit(word_index, &vcpu->arch.irq_summary);
-        return irq;
-}
-static inline void push_irq(struct kvm_vcpu *vcpu, u8 irq)
-{
-        set_bit(irq, vcpu->arch.irq_pending);
-        set_bit(irq / BITS_PER_LONG, &vcpu->arch.irq_summary);
-}
 static inline void clgi(void)
 {
        asm volatile (__ex(SVM_CLGI));
@@ -214,17 +196,31 @@ static void svm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
        svm->vmcb->control.event_inj_err = error_code;
 }
-static bool svm_exception_injected(struct kvm_vcpu *vcpu)
+static int is_external_interrupt(u32 info)
+{
+        info &= SVM_EVTINJ_TYPE_MASK | SVM_EVTINJ_VALID;
+        return info == (SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR);
+}
+static u32 svm_get_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
+        u32 ret = 0;
-        return !(svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_VALID);
+        if (svm->vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK)
+                ret |= X86_SHADOW_INT_STI | X86_SHADOW_INT_MOV_SS;
+        return ret & mask;
 }
-static int is_external_interrupt(u32 info)
+static void svm_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
 {
-        info &= SVM_EVTINJ_TYPE_MASK | SVM_EVTINJ_VALID;
+        struct vcpu_svm *svm = to_svm(vcpu);
-        return info == (SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR);
+        if (mask == 0)
+                svm->vmcb->control.int_state &= ~SVM_INTERRUPT_SHADOW_MASK;
+        else
+                svm->vmcb->control.int_state |= SVM_INTERRUPT_SHADOW_MASK;
 }
 static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
@@ -232,7 +228,9 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
        struct vcpu_svm *svm = to_svm(vcpu);
        if (!svm->next_rip) {
-                printk(KERN_DEBUG "%s: NOP\n", __func__);
+                if (emulate_instruction(vcpu, vcpu->run, 0, 0, EMULTYPE_SKIP) !=
+                                EMULATE_DONE)
+                        printk(KERN_DEBUG "%s: NOP\n", __func__);
                return;
        }
        if (svm->next_rip - kvm_rip_read(vcpu) > MAX_INST_SIZE)
@@ -240,9 +238,7 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
                       __func__, kvm_rip_read(vcpu), svm->next_rip);
        kvm_rip_write(vcpu, svm->next_rip);
-        svm->vmcb->control.int_state &= ~SVM_INTERRUPT_SHADOW_MASK;
+        svm_set_interrupt_shadow(vcpu, 0);
-        vcpu->arch.interrupt_window_open = (svm->vcpu.arch.hflags & HF_GIF_MASK);
 }
 static int has_svm(void)
@@ -830,6 +826,15 @@ static void svm_get_segment(struct kvm_vcpu *vcpu,
                if (!var->unusable)
                        var->type |= 0x1;
                break;
+        case VCPU_SREG_SS:
+                /* On AMD CPUs sometimes the DB bit in the segment
+                 * descriptor is left as 1, although the whole segment has
+                 * been made unusable. Clear it here to pass an Intel VMX
+                 * entry check when cross vendor migrating.
+                 */
+                if (var->unusable)
+                        var->db = 0;
+                break;
        }
 }
@@ -960,15 +965,16 @@ static void svm_set_segment(struct kvm_vcpu *vcpu,
 }
-static int svm_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
+static void update_db_intercept(struct kvm_vcpu *vcpu)
 {
-        int old_debug = vcpu->guest_debug;
        struct vcpu_svm *svm = to_svm(vcpu);
-        vcpu->guest_debug = dbg->control;
        svm->vmcb->control.intercept_exceptions &=
                ~((1 << DB_VECTOR) | (1 << BP_VECTOR));
+        if (vcpu->arch.singlestep)
+                svm->vmcb->control.intercept_exceptions |= (1 << DB_VECTOR);
        if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
                if (vcpu->guest_debug &
                    (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
@@ -979,6 +985,16 @@ static int svm_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
                                1 << BP_VECTOR;
        } else
                vcpu->guest_debug = 0;
+}
+static int svm_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
+{
+        int old_debug = vcpu->guest_debug;
+        struct vcpu_svm *svm = to_svm(vcpu);
+        vcpu->guest_debug = dbg->control;
+        update_db_intercept(vcpu);
        if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)
                svm->vmcb->save.dr7 = dbg->arch.debugreg[7];
@@ -993,16 +1009,6 @@ static int svm_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
        return 0;
 }
-static int svm_get_irq(struct kvm_vcpu *vcpu)
-{
-        struct vcpu_svm *svm = to_svm(vcpu);
-        u32 exit_int_info = svm->vmcb->control.exit_int_info;
-        if (is_external_interrupt(exit_int_info))
-                return exit_int_info & SVM_EVTINJ_VEC_MASK;
-        return -1;
-}
 static void load_host_msrs(struct kvm_vcpu *vcpu)
 {
 #ifdef CONFIG_X86_64
@@ -1107,17 +1113,8 @@ static void svm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long value,
 static int pf_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 {
-        u32 exit_int_info = svm->vmcb->control.exit_int_info;
-        struct kvm *kvm = svm->vcpu.kvm;
        u64 fault_address;
        u32 error_code;
-        bool event_injection = false;
-        if (!irqchip_in_kernel(kvm) &&
-            is_external_interrupt(exit_int_info)) {
-                event_injection = true;
-                push_irq(&svm->vcpu, exit_int_info & SVM_EVTINJ_VEC_MASK);
-        }
        fault_address  = svm->vmcb->control.exit_info_2;
        error_code = svm->vmcb->control.exit_info_1;
@@ -1137,23 +1134,40 @@ static int pf_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         */
        if (npt_enabled)
                svm_flush_tlb(&svm->vcpu);
+        else {
-        if (!npt_enabled && event_injection)
+                if (kvm_event_needs_reinjection(&svm->vcpu))
-                kvm_mmu_unprotect_page_virt(&svm->vcpu, fault_address);
+                        kvm_mmu_unprotect_page_virt(&svm->vcpu, fault_address);
+        }
        return kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code);
 }
 static int db_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 {
        if (!(svm->vcpu.guest_debug &
-              (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) {
+              (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) &&
+                !svm->vcpu.arch.singlestep) {
                kvm_queue_exception(&svm->vcpu, DB_VECTOR);
                return 1;
        }
-        kvm_run->exit_reason = KVM_EXIT_DEBUG;
-        kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
+        if (svm->vcpu.arch.singlestep) {
-        kvm_run->debug.arch.exception = DB_VECTOR;
+                svm->vcpu.arch.singlestep = false;
-        return 0;
+                if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
+                        svm->vmcb->save.rflags &=
+                                ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
+                update_db_intercept(&svm->vcpu);
+        }
+        if (svm->vcpu.guest_debug &
+            (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)){
+                kvm_run->exit_reason = KVM_EXIT_DEBUG;
+                kvm_run->debug.arch.pc =
+                        svm->vmcb->save.cs.base + svm->vmcb->save.rip;
+                kvm_run->debug.arch.exception = DB_VECTOR;
+                return 0;
+        }
+        return 1;
 }
 static int bp_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
@@ -1842,17 +1856,51 @@ static int task_switch_interception(struct vcpu_svm *svm,
                                    struct kvm_run *kvm_run)
 {
        u16 tss_selector;
+        int reason;
+        int int_type = svm->vmcb->control.exit_int_info &
+                SVM_EXITINTINFO_TYPE_MASK;
+        int int_vec = svm->vmcb->control.exit_int_info & SVM_EVTINJ_VEC_MASK;
+        uint32_t type =
+                svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_TYPE_MASK;
+        uint32_t idt_v =
+                svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_VALID;
        tss_selector = (u16)svm->vmcb->control.exit_info_1;
        if (svm->vmcb->control.exit_info_2 &
            (1ULL << SVM_EXITINFOSHIFT_TS_REASON_IRET))
-                return kvm_task_switch(&svm->vcpu, tss_selector,
+                reason = TASK_SWITCH_IRET;
-                                       TASK_SWITCH_IRET);
+        else if (svm->vmcb->control.exit_info_2 &
-        if (svm->vmcb->control.exit_info_2 &
+                 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_JMP))
-            (1ULL << SVM_EXITINFOSHIFT_TS_REASON_JMP))
+                reason = TASK_SWITCH_JMP;
-                return kvm_task_switch(&svm->vcpu, tss_selector,
+        else if (idt_v)
-                                       TASK_SWITCH_JMP);
+                reason = TASK_SWITCH_GATE;
-        return kvm_task_switch(&svm->vcpu, tss_selector, TASK_SWITCH_CALL);
+        else
+                reason = TASK_SWITCH_CALL;
+        if (reason == TASK_SWITCH_GATE) {
+                switch (type) {
+                case SVM_EXITINTINFO_TYPE_NMI:
+                        svm->vcpu.arch.nmi_injected = false;
+                        break;
+                case SVM_EXITINTINFO_TYPE_EXEPT:
+                        kvm_clear_exception_queue(&svm->vcpu);
+                        break;
+                case SVM_EXITINTINFO_TYPE_INTR:
+                        kvm_clear_interrupt_queue(&svm->vcpu);
+                        break;
+                default:
+                        break;
+                }
+        }
+        if (reason != TASK_SWITCH_GATE ||
+            int_type == SVM_EXITINTINFO_TYPE_SOFT ||
+            (int_type == SVM_EXITINTINFO_TYPE_EXEPT &&
+             (int_vec == OF_VECTOR || int_vec == BP_VECTOR)))
+                skip_emulated_instruction(&svm->vcpu);
+        return kvm_task_switch(&svm->vcpu, tss_selector, reason);
 }
 static int cpuid_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
@@ -1862,6 +1910,14 @@ static int cpuid_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
        return 1;
 }
+static int iret_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+{
+        ++svm->vcpu.stat.nmi_window_exits;
+        svm->vmcb->control.intercept &= ~(1UL << INTERCEPT_IRET);
+        svm->vcpu.arch.hflags |= HF_IRET_MASK;
+        return 1;
+}
 static int invlpg_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 {
        if (emulate_instruction(&svm->vcpu, kvm_run, 0, 0, 0) != EMULATE_DONE)
@@ -1879,8 +1935,14 @@ static int emulate_on_interception(struct vcpu_svm *svm,
 static int cr8_write_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 {
+        u8 cr8_prev = kvm_get_cr8(&svm->vcpu);
+        /* instruction emulation calls kvm_set_cr8() */
        emulate_instruction(&svm->vcpu, NULL, 0, 0, 0);
-        if (irqchip_in_kernel(svm->vcpu.kvm))
+        if (irqchip_in_kernel(svm->vcpu.kvm)) {
+                svm->vmcb->control.intercept_cr_write &= ~INTERCEPT_CR8_MASK;
+                return 1;
+        }
+        if (cr8_prev <= kvm_get_cr8(&svm->vcpu))
                return 1;
        kvm_run->exit_reason = KVM_EXIT_SET_TPR;
        return 0;
@@ -2090,8 +2152,9 @@ static int interrupt_window_interception(struct vcpu_svm *svm,
         * If the user space waits to inject interrupts, exit as soon as
         * possible
         */
-        if (kvm_run->request_interrupt_window &&
+        if (!irqchip_in_kernel(svm->vcpu.kvm) &&
-            !svm->vcpu.arch.irq_summary) {
+            kvm_run->request_interrupt_window &&
+            !kvm_cpu_has_interrupt(&svm->vcpu)) {
                ++svm->vcpu.stat.irq_window_exits;
                kvm_run->exit_reason = KVM_EXIT_IRQ_WINDOW_OPEN;
                return 0;
@@ -2134,6 +2197,7 @@ static int (*svm_exit_handlers[])(struct vcpu_svm *svm,
        [SVM_EXIT_VINTR]                        = interrupt_window_interception,
        /* [SVM_EXIT_CR0_SEL_WRITE]             = emulate_on_interception, */
        [SVM_EXIT_CPUID]                        = cpuid_interception,
+        [SVM_EXIT_IRET]                         = iret_interception,
        [SVM_EXIT_INVD]                         = emulate_on_interception,
        [SVM_EXIT_HLT]                          = halt_interception,
        [SVM_EXIT_INVLPG]                       = invlpg_interception,
@@ -2194,7 +2258,6 @@ static int handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
                }
        }
-        kvm_reput_irq(svm);
        if (svm->vmcb->control.exit_code == SVM_EXIT_ERR) {
                kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY;
@@ -2205,7 +2268,7 @@ static int handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
        if (is_external_interrupt(svm->vmcb->control.exit_int_info) &&
            exit_code != SVM_EXIT_EXCP_BASE + PF_VECTOR &&
-            exit_code != SVM_EXIT_NPF)
+            exit_code != SVM_EXIT_NPF && exit_code != SVM_EXIT_TASK_SWITCH)
                printk(KERN_ERR "%s: unexpected exit_ini_info 0x%x "
                       "exit_code 0x%x\n",
                       __func__, svm->vmcb->control.exit_int_info,
@@ -2242,6 +2305,15 @@ static void pre_svm_run(struct vcpu_svm *svm)
                new_asid(svm, svm_data);
 }
+static void svm_inject_nmi(struct kvm_vcpu *vcpu)
+{
+        struct vcpu_svm *svm = to_svm(vcpu);
+        svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI;
+        vcpu->arch.hflags |= HF_NMI_MASK;
+        svm->vmcb->control.intercept |= (1UL << INTERCEPT_IRET);
+        ++vcpu->stat.nmi_injections;
+}
 static inline void svm_inject_irq(struct vcpu_svm *svm, int irq)
 {
@@ -2257,134 +2329,71 @@ static inline void svm_inject_irq(struct vcpu_svm *svm, int irq)
                ((/*control->int_vector >> 4*/ 0xf) << V_INTR_PRIO_SHIFT);
 }
-static void svm_set_irq(struct kvm_vcpu *vcpu, int irq)
+static void svm_queue_irq(struct kvm_vcpu *vcpu, unsigned nr)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
-        nested_svm_intr(svm);
+        svm->vmcb->control.event_inj = nr |
+                SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR;
-        svm_inject_irq(svm, irq);
 }
-static void update_cr8_intercept(struct kvm_vcpu *vcpu)
+static void svm_set_irq(struct kvm_vcpu *vcpu)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
-        struct vmcb *vmcb = svm->vmcb;
-        int max_irr, tpr;
-        if (!irqchip_in_kernel(vcpu->kvm) || vcpu->arch.apic->vapic_addr)
+        nested_svm_intr(svm);
-                return;
-        vmcb->control.intercept_cr_write &= ~INTERCEPT_CR8_MASK;
+        svm_queue_irq(vcpu, vcpu->arch.interrupt.nr);
+}
-        max_irr = kvm_lapic_find_highest_irr(vcpu);
+static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
-        if (max_irr == -1)
+{
-                return;
+        struct vcpu_svm *svm = to_svm(vcpu);
-        tpr = kvm_lapic_get_cr8(vcpu) << 4;
+        if (irr == -1)
+                return;
-        if (tpr >= (max_irr & 0xf0))
+        if (tpr >= irr)
-                vmcb->control.intercept_cr_write |= INTERCEPT_CR8_MASK;
+                svm->vmcb->control.intercept_cr_write |= INTERCEPT_CR8_MASK;
 }
-static void svm_intr_assist(struct kvm_vcpu *vcpu)
+static int svm_nmi_allowed(struct kvm_vcpu *vcpu)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
        struct vmcb *vmcb = svm->vmcb;
-        int intr_vector = -1;
+        return !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
+                !(svm->vcpu.arch.hflags & HF_NMI_MASK);
-        if ((vmcb->control.exit_int_info & SVM_EVTINJ_VALID) &&
-            ((vmcb->control.exit_int_info & SVM_EVTINJ_TYPE_MASK) == 0)) {
-                intr_vector = vmcb->control.exit_int_info &
-                              SVM_EVTINJ_VEC_MASK;
-                vmcb->control.exit_int_info = 0;
-                svm_inject_irq(svm, intr_vector);
-                goto out;
-        }
-        if (vmcb->control.int_ctl & V_IRQ_MASK)
-                goto out;
-        if (!kvm_cpu_has_interrupt(vcpu))
-                goto out;
-        if (nested_svm_intr(svm))
-                goto out;
-        if (!(svm->vcpu.arch.hflags & HF_GIF_MASK))
-                goto out;
-        if (!(vmcb->save.rflags & X86_EFLAGS_IF) ||
-            (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) ||
-            (vmcb->control.event_inj & SVM_EVTINJ_VALID)) {
-                /* unable to deliver irq, set pending irq */
-                svm_set_vintr(svm);
-                svm_inject_irq(svm, 0x0);
-                goto out;
-        }
-        /* Okay, we can deliver the interrupt: grab it and update PIC state. */
-        intr_vector = kvm_cpu_get_interrupt(vcpu);
-        svm_inject_irq(svm, intr_vector);
-out:
-        update_cr8_intercept(vcpu);
 }
-static void kvm_reput_irq(struct vcpu_svm *svm)
+static int svm_interrupt_allowed(struct kvm_vcpu *vcpu)
 {
-        struct vmcb_control_area *control = &svm->vmcb->control;
+        struct vcpu_svm *svm = to_svm(vcpu);
+        struct vmcb *vmcb = svm->vmcb;
-        if ((control->int_ctl & V_IRQ_MASK)
+        return (vmcb->save.rflags & X86_EFLAGS_IF) &&
-            && !irqchip_in_kernel(svm->vcpu.kvm)) {
+                !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
-                control->int_ctl &= ~V_IRQ_MASK;
+                (svm->vcpu.arch.hflags & HF_GIF_MASK);
-                push_irq(&svm->vcpu, control->int_vector);
-        }
-        svm->vcpu.arch.interrupt_window_open =
-                !(control->int_state & SVM_INTERRUPT_SHADOW_MASK) &&
-                 (svm->vcpu.arch.hflags & HF_GIF_MASK);
 }
-static void svm_do_inject_vector(struct vcpu_svm *svm)
+static void enable_irq_window(struct kvm_vcpu *vcpu)
 {
-        struct kvm_vcpu *vcpu = &svm->vcpu;
+        svm_set_vintr(to_svm(vcpu));
-        int word_index = __ffs(vcpu->arch.irq_summary);
+        svm_inject_irq(to_svm(vcpu), 0x0);
-        int bit_index = __ffs(vcpu->arch.irq_pending[word_index]);
-        int irq = word_index * BITS_PER_LONG + bit_index;
-        clear_bit(bit_index, &vcpu->arch.irq_pending[word_index]);
-        if (!vcpu->arch.irq_pending[word_index])
-                clear_bit(word_index, &vcpu->arch.irq_summary);
-        svm_inject_irq(svm, irq);
 }
-static void do_interrupt_requests(struct kvm_vcpu *vcpu,
+static void enable_nmi_window(struct kvm_vcpu *vcpu)
-                                       struct kvm_run *kvm_run)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
-        struct vmcb_control_area *control = &svm->vmcb->control;
-        if (nested_svm_intr(svm))
-                return;
-        svm->vcpu.arch.interrupt_window_open =
+        if ((svm->vcpu.arch.hflags & (HF_NMI_MASK | HF_IRET_MASK))
-                (!(control->int_state & SVM_INTERRUPT_SHADOW_MASK) &&
+            == HF_NMI_MASK)
-                 (svm->vmcb->save.rflags & X86_EFLAGS_IF) &&
+                return; /* IRET will cause a vm exit */
-                 (svm->vcpu.arch.hflags & HF_GIF_MASK));
-        if (svm->vcpu.arch.interrupt_window_open && svm->vcpu.arch.irq_summary)
+        /* Something prevents NMI from been injected. Single step over
-                /*
+           possible problem (IRET or exception injection or interrupt
-                 * If interrupts enabled, and not blocked by sti or mov ss. Good.
+           shadow) */
-                 */
+        vcpu->arch.singlestep = true;
-                svm_do_inject_vector(svm);
+        svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
+        update_db_intercept(vcpu);
-        /*
-         * Interrupts blocked.  Wait for unblock.
-         */
-        if (!svm->vcpu.arch.interrupt_window_open &&
-            (svm->vcpu.arch.irq_summary || kvm_run->request_interrupt_window))
-                svm_set_vintr(svm);
-        else
-                svm_clear_vintr(svm);
 }
 static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
@@ -2407,7 +2416,7 @@ static inline void sync_cr8_to_lapic(struct kvm_vcpu *vcpu)
        if (!(svm->vmcb->control.intercept_cr_write & INTERCEPT_CR8_MASK)) {
                int cr8 = svm->vmcb->control.int_ctl & V_TPR_MASK;
-                kvm_lapic_set_tpr(vcpu, cr8);
+                kvm_set_cr8(vcpu, cr8);
        }
 }
@@ -2416,14 +2425,54 @@ static inline void sync_lapic_to_cr8(struct kvm_vcpu *vcpu)
        struct vcpu_svm *svm = to_svm(vcpu);
        u64 cr8;
-        if (!irqchip_in_kernel(vcpu->kvm))
-                return;
        cr8 = kvm_get_cr8(vcpu);
        svm->vmcb->control.int_ctl &= ~V_TPR_MASK;
        svm->vmcb->control.int_ctl |= cr8 & V_TPR_MASK;
 }
+static void svm_complete_interrupts(struct vcpu_svm *svm)
+{
+        u8 vector;
+        int type;
+        u32 exitintinfo = svm->vmcb->control.exit_int_info;
+        if (svm->vcpu.arch.hflags & HF_IRET_MASK)
+                svm->vcpu.arch.hflags &= ~(HF_NMI_MASK | HF_IRET_MASK);
+        svm->vcpu.arch.nmi_injected = false;
+        kvm_clear_exception_queue(&svm->vcpu);
+        kvm_clear_interrupt_queue(&svm->vcpu);
+        if (!(exitintinfo & SVM_EXITINTINFO_VALID))
+                return;
+        vector = exitintinfo & SVM_EXITINTINFO_VEC_MASK;
+        type = exitintinfo & SVM_EXITINTINFO_TYPE_MASK;
+        switch (type) {
+        case SVM_EXITINTINFO_TYPE_NMI:
+                svm->vcpu.arch.nmi_injected = true;
+                break;
+        case SVM_EXITINTINFO_TYPE_EXEPT:
+                /* In case of software exception do not reinject an exception
+                   vector, but re-execute and instruction instead */
+                if (kvm_exception_is_soft(vector))
+                        break;
+                if (exitintinfo & SVM_EXITINTINFO_VALID_ERR) {
+                        u32 err = svm->vmcb->control.exit_int_info_err;
+                        kvm_queue_exception_e(&svm->vcpu, vector, err);
+                } else
+                        kvm_queue_exception(&svm->vcpu, vector);
+                break;
+        case SVM_EXITINTINFO_TYPE_INTR:
+                kvm_queue_interrupt(&svm->vcpu, vector, false);
+                break;
+        default:
+                break;
+        }
+}
 #ifdef CONFIG_X86_64
 #define R "r"
 #else
@@ -2552,6 +2601,8 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
        sync_cr8_to_lapic(vcpu);
        svm->next_rip = 0;
+        svm_complete_interrupts(svm);
 }
 #undef R
@@ -2617,7 +2668,7 @@ static int get_npt_level(void)
 #endif
 }
-static int svm_get_mt_mask_shift(void)
+static u64 svm_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
 {
        return 0;
 }
@@ -2667,17 +2718,21 @@ static struct kvm_x86_ops svm_x86_ops = {
        .run = svm_vcpu_run,
        .handle_exit = handle_exit,
        .skip_emulated_instruction = skip_emulated_instruction,
+        .set_interrupt_shadow = svm_set_interrupt_shadow,
+        .get_interrupt_shadow = svm_get_interrupt_shadow,
        .patch_hypercall = svm_patch_hypercall,
-        .get_irq = svm_get_irq,
        .set_irq = svm_set_irq,
+        .set_nmi = svm_inject_nmi,
        .queue_exception = svm_queue_exception,
-        .exception_injected = svm_exception_injected,
+        .interrupt_allowed = svm_interrupt_allowed,
-        .inject_pending_irq = svm_intr_assist,
+        .nmi_allowed = svm_nmi_allowed,
-        .inject_pending_vectors = do_interrupt_requests,
+        .enable_nmi_window = enable_nmi_window,
+        .enable_irq_window = enable_irq_window,
+        .update_cr8_intercept = update_cr8_intercept,
        .set_tss_addr = svm_set_tss_addr,
        .get_tdp_level = get_npt_level,
-        .get_mt_mask_shift = svm_get_mt_mask_shift,
+        .get_mt_mask = svm_get_mt_mask,
 };
 static int __init svm_init(void)
diff --git a/arch/x86/kvm/timer.c b/arch/x86/kvm/timer.c
new file mode 100644
index 000000000000..86dbac072d0c
--- /dev/null
+++ b/arch/x86/kvm/timer.c
@@ -0,0 +1,46 @@
+#include <linux/kvm_host.h>
+#include <linux/kvm.h>
+#include <linux/hrtimer.h>
+#include <asm/atomic.h>
+#include "kvm_timer.h"
+static int __kvm_timer_fn(struct kvm_vcpu *vcpu, struct kvm_timer *ktimer)
+{
+        int restart_timer = 0;
+        wait_queue_head_t *q = &vcpu->wq;
+        /* FIXME: this code should not know anything about vcpus */
+        if (!atomic_inc_and_test(&ktimer->pending))
+                set_bit(KVM_REQ_PENDING_TIMER, &vcpu->requests);
+        if (!ktimer->reinject)
+                atomic_set(&ktimer->pending, 1);
+        if (waitqueue_active(q))
+                wake_up_interruptible(q);
+        if (ktimer->t_ops->is_periodic(ktimer)) {
+                hrtimer_add_expires_ns(&ktimer->timer, ktimer->period);
+                restart_timer = 1;
+        }
+        return restart_timer;
+}
+enum hrtimer_restart kvm_timer_fn(struct hrtimer *data)
+{
+        int restart_timer;
+        struct kvm_vcpu *vcpu;
+        struct kvm_timer *ktimer = container_of(data, struct kvm_timer, timer);
+        vcpu = ktimer->kvm->vcpus[ktimer->vcpu_id];
+        if (!vcpu)
+                return HRTIMER_NORESTART;
+        restart_timer = __kvm_timer_fn(vcpu, ktimer);
+        if (restart_timer)
+                return HRTIMER_RESTART;
+        else
+                return HRTIMER_NORESTART;
+}
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index bb481330716f..e770bf349ec4 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -32,26 +32,27 @@
 #include <asm/desc.h>
 #include <asm/vmx.h>
 #include <asm/virtext.h>
+#include <asm/mce.h>
 #define __ex(x) __kvm_handle_fault_on_reboot(x)
 MODULE_AUTHOR("Qumranet");
 MODULE_LICENSE("GPL");
-static int bypass_guest_pf = 1;
+static int __read_mostly bypass_guest_pf = 1;
-module_param(bypass_guest_pf, bool, 0);
+module_param(bypass_guest_pf, bool, S_IRUGO);
-static int enable_vpid = 1;
+static int __read_mostly enable_vpid = 1;
-module_param(enable_vpid, bool, 0);
+module_param_named(vpid, enable_vpid, bool, 0444);
-static int flexpriority_enabled = 1;
+static int __read_mostly flexpriority_enabled = 1;
-module_param(flexpriority_enabled, bool, 0);
+module_param_named(flexpriority, flexpriority_enabled, bool, S_IRUGO);
-static int enable_ept = 1;
+static int __read_mostly enable_ept = 1;
-module_param(enable_ept, bool, 0);
+module_param_named(ept, enable_ept, bool, S_IRUGO);
-static int emulate_invalid_guest_state = 0;
+static int __read_mostly emulate_invalid_guest_state = 0;
-module_param(emulate_invalid_guest_state, bool, 0);
+module_param(emulate_invalid_guest_state, bool, S_IRUGO);
 struct vmcs {
        u32 revision_id;
@@ -97,6 +98,7 @@ struct vcpu_vmx {
        int soft_vnmi_blocked;
        ktime_t entry_time;
        s64 vnmi_blocked_time;
+        u32 exit_reason;
 };
 static inline struct vcpu_vmx *to_vmx(struct kvm_vcpu *vcpu)
@@ -111,9 +113,10 @@ static DEFINE_PER_CPU(struct vmcs *, vmxarea);
 static DEFINE_PER_CPU(struct vmcs *, current_vmcs);
 static DEFINE_PER_CPU(struct list_head, vcpus_on_cpu);
-static struct page *vmx_io_bitmap_a;
+static unsigned long *vmx_io_bitmap_a;
-static struct page *vmx_io_bitmap_b;
+static unsigned long *vmx_io_bitmap_b;
-static struct page *vmx_msr_bitmap;
+static unsigned long *vmx_msr_bitmap_legacy;
+static unsigned long *vmx_msr_bitmap_longmode;
 static DECLARE_BITMAP(vmx_vpid_bitmap, VMX_NR_VPIDS);
 static DEFINE_SPINLOCK(vmx_vpid_lock);
@@ -213,70 +216,78 @@ static inline int is_external_interrupt(u32 intr_info)
                == (INTR_TYPE_EXT_INTR | INTR_INFO_VALID_MASK);
 }
+static inline int is_machine_check(u32 intr_info)
+{
+        return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VECTOR_MASK |
+                             INTR_INFO_VALID_MASK)) ==
+                (INTR_TYPE_HARD_EXCEPTION | MC_VECTOR | INTR_INFO_VALID_MASK);
+}
 static inline int cpu_has_vmx_msr_bitmap(void)
 {
-        return (vmcs_config.cpu_based_exec_ctrl & CPU_BASED_USE_MSR_BITMAPS);
+        return vmcs_config.cpu_based_exec_ctrl & CPU_BASED_USE_MSR_BITMAPS;
 }
 static inline int cpu_has_vmx_tpr_shadow(void)
 {
-        return (vmcs_config.cpu_based_exec_ctrl & CPU_BASED_TPR_SHADOW);
+        return vmcs_config.cpu_based_exec_ctrl & CPU_BASED_TPR_SHADOW;
 }
 static inline int vm_need_tpr_shadow(struct kvm *kvm)
 {
-        return ((cpu_has_vmx_tpr_shadow()) && (irqchip_in_kernel(kvm)));
+        return (cpu_has_vmx_tpr_shadow()) && (irqchip_in_kernel(kvm));
 }
 static inline int cpu_has_secondary_exec_ctrls(void)
 {
-        return (vmcs_config.cpu_based_exec_ctrl &
+        return vmcs_config.cpu_based_exec_ctrl &
-                CPU_BASED_ACTIVATE_SECONDARY_CONTROLS);
+                CPU_BASED_ACTIVATE_SECONDARY_CONTROLS;
 }
 static inline bool cpu_has_vmx_virtualize_apic_accesses(void)
 {
-        return flexpriority_enabled
+        return vmcs_config.cpu_based_2nd_exec_ctrl &
-                && (vmcs_config.cpu_based_2nd_exec_ctrl &
+                SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
-                    SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES);
+}
+static inline bool cpu_has_vmx_flexpriority(void)
+{
+        return cpu_has_vmx_tpr_shadow() &&
+                cpu_has_vmx_virtualize_apic_accesses();
 }
 static inline int cpu_has_vmx_invept_individual_addr(void)
 {
-        return (!!(vmx_capability.ept & VMX_EPT_EXTENT_INDIVIDUAL_BIT));
+        return !!(vmx_capability.ept & VMX_EPT_EXTENT_INDIVIDUAL_BIT);
 }
 static inline int cpu_has_vmx_invept_context(void)
 {
-        return (!!(vmx_capability.ept & VMX_EPT_EXTENT_CONTEXT_BIT));
+        return !!(vmx_capability.ept & VMX_EPT_EXTENT_CONTEXT_BIT);
 }
 static inline int cpu_has_vmx_invept_global(void)
 {
-        return (!!(vmx_capability.ept & VMX_EPT_EXTENT_GLOBAL_BIT));
+        return !!(vmx_capability.ept & VMX_EPT_EXTENT_GLOBAL_BIT);
 }
 static inline int cpu_has_vmx_ept(void)
 {
-        return (vmcs_config.cpu_based_2nd_exec_ctrl &
+        return vmcs_config.cpu_based_2nd_exec_ctrl &
-                SECONDARY_EXEC_ENABLE_EPT);
+                SECONDARY_EXEC_ENABLE_EPT;
-}
-static inline int vm_need_ept(void)
-{
-        return (cpu_has_vmx_ept() && enable_ept);
 }
 static inline int vm_need_virtualize_apic_accesses(struct kvm *kvm)
 {
-        return ((cpu_has_vmx_virtualize_apic_accesses()) &&
+        return flexpriority_enabled &&
-                (irqchip_in_kernel(kvm)));
+                (cpu_has_vmx_virtualize_apic_accesses()) &&
+                (irqchip_in_kernel(kvm));
 }
 static inline int cpu_has_vmx_vpid(void)
 {
-        return (vmcs_config.cpu_based_2nd_exec_ctrl &
+        return vmcs_config.cpu_based_2nd_exec_ctrl &
-                SECONDARY_EXEC_ENABLE_VPID);
+                SECONDARY_EXEC_ENABLE_VPID;
 }
 static inline int cpu_has_virtual_nmis(void)
@@ -284,6 +295,11 @@ static inline int cpu_has_virtual_nmis(void)
        return vmcs_config.pin_based_exec_ctrl & PIN_BASED_VIRTUAL_NMIS;
 }
+static inline bool report_flexpriority(void)
+{
+        return flexpriority_enabled;
+}
 static int __find_msr_index(struct vcpu_vmx *vmx, u32 msr)
 {
        int i;
@@ -381,7 +397,7 @@ static inline void ept_sync_global(void)
 static inline void ept_sync_context(u64 eptp)
 {
-        if (vm_need_ept()) {
+        if (enable_ept) {
                if (cpu_has_vmx_invept_context())
                        __invept(VMX_EPT_EXTENT_CONTEXT, eptp, 0);
                else
@@ -391,7 +407,7 @@ static inline void ept_sync_context(u64 eptp)
 static inline void ept_sync_individual_addr(u64 eptp, gpa_t gpa)
 {
-        if (vm_need_ept()) {
+        if (enable_ept) {
                if (cpu_has_vmx_invept_individual_addr())
                        __invept(VMX_EPT_EXTENT_INDIVIDUAL_ADDR,
                                        eptp, gpa);
@@ -478,7 +494,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
 {
        u32 eb;
-        eb = (1u << PF_VECTOR) | (1u << UD_VECTOR);
+        eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR);
        if (!vcpu->fpu_active)
                eb |= 1u << NM_VECTOR;
        if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
@@ -488,9 +504,9 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
                if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
                        eb |= 1u << BP_VECTOR;
        }
-        if (vcpu->arch.rmode.active)
+        if (vcpu->arch.rmode.vm86_active)
                eb = ~0;
-        if (vm_need_ept())
+        if (enable_ept)
                eb &= ~(1u << PF_VECTOR); /* bypass_guest_pf = 0 */
        vmcs_write32(EXCEPTION_BITMAP, eb);
 }
@@ -724,29 +740,50 @@ static unsigned long vmx_get_rflags(struct kvm_vcpu *vcpu)
 static void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
 {
-        if (vcpu->arch.rmode.active)
+        if (vcpu->arch.rmode.vm86_active)
                rflags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM;
        vmcs_writel(GUEST_RFLAGS, rflags);
 }
+static u32 vmx_get_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
+{
+        u32 interruptibility = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
+        int ret = 0;
+        if (interruptibility & GUEST_INTR_STATE_STI)
+                ret |= X86_SHADOW_INT_STI;
+        if (interruptibility & GUEST_INTR_STATE_MOV_SS)
+                ret |= X86_SHADOW_INT_MOV_SS;
+        return ret & mask;
+}
+static void vmx_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
+{
+        u32 interruptibility_old = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
+        u32 interruptibility = interruptibility_old;
+        interruptibility &= ~(GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS);
+        if (mask & X86_SHADOW_INT_MOV_SS)
+                interruptibility |= GUEST_INTR_STATE_MOV_SS;
+        if (mask & X86_SHADOW_INT_STI)
+                interruptibility |= GUEST_INTR_STATE_STI;
+        if ((interruptibility != interruptibility_old))
+                vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, interruptibility);
+}
 static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
 {
        unsigned long rip;
-        u32 interruptibility;
        rip = kvm_rip_read(vcpu);
        rip += vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
        kvm_rip_write(vcpu, rip);
-        /*
+        /* skipping an emulated instruction also counts */
-         * We emulated an instruction, so temporary interrupt blocking
+        vmx_set_interrupt_shadow(vcpu, 0);
-         * should be removed, if set.
-         */
-        interruptibility = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
-        if (interruptibility & 3)
-                vmcs_write32(GUEST_INTERRUPTIBILITY_INFO,
-                             interruptibility & ~3);
-        vcpu->arch.interrupt_window_open = 1;
 }
 static void vmx_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
@@ -760,7 +797,7 @@ static void vmx_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
                intr_info |= INTR_INFO_DELIVER_CODE_MASK;
        }
-        if (vcpu->arch.rmode.active) {
+        if (vcpu->arch.rmode.vm86_active) {
                vmx->rmode.irq.pending = true;
                vmx->rmode.irq.vector = nr;
                vmx->rmode.irq.rip = kvm_rip_read(vcpu);
@@ -773,8 +810,9 @@ static void vmx_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
                return;
        }
-        if (nr == BP_VECTOR || nr == OF_VECTOR) {
+        if (kvm_exception_is_soft(nr)) {
-                vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, 1);
+                vmcs_write32(VM_ENTRY_INSTRUCTION_LEN,
+                             vmx->vcpu.arch.event_exit_inst_len);
                intr_info |= INTR_TYPE_SOFT_EXCEPTION;
        } else
                intr_info |= INTR_TYPE_HARD_EXCEPTION;
@@ -782,11 +820,6 @@ static void vmx_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
        vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr_info);
 }
-static bool vmx_exception_injected(struct kvm_vcpu *vcpu)
-{
-        return false;
-}
 /*
 * Swap MSR entry in host/guest MSR entry array.
 */
@@ -812,6 +845,7 @@ static void move_msr_up(struct vcpu_vmx *vmx, int from, int to)
 static void setup_msrs(struct vcpu_vmx *vmx)
 {
        int save_nmsrs;
+        unsigned long *msr_bitmap;
        vmx_load_host_state(vmx);
        save_nmsrs = 0;
@@ -847,6 +881,15 @@ static void setup_msrs(struct vcpu_vmx *vmx)
                __find_msr_index(vmx, MSR_KERNEL_GS_BASE);
 #endif
        vmx->msr_offset_efer = __find_msr_index(vmx, MSR_EFER);
+        if (cpu_has_vmx_msr_bitmap()) {
+                if (is_long_mode(&vmx->vcpu))
+                        msr_bitmap = vmx_msr_bitmap_longmode;
+                else
+                        msr_bitmap = vmx_msr_bitmap_legacy;
+                vmcs_write64(MSR_BITMAP, __pa(msr_bitmap));
+        }
 }
 /*
@@ -1034,13 +1077,6 @@ static int set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
        return 0;
 }
-static int vmx_get_irq(struct kvm_vcpu *vcpu)
-{
-        if (!vcpu->arch.interrupt.pending)
-                return -1;
-        return vcpu->arch.interrupt.nr;
-}
 static __init int cpu_has_kvm_support(void)
 {
        return cpu_has_vmx();
@@ -1241,7 +1277,7 @@ static struct vmcs *alloc_vmcs_cpu(int cpu)
        struct page *pages;
        struct vmcs *vmcs;
-        pages = alloc_pages_node(node, GFP_KERNEL, vmcs_config.order);
+        pages = alloc_pages_exact_node(node, GFP_KERNEL, vmcs_config.order);
        if (!pages)
                return NULL;
        vmcs = page_address(pages);
@@ -1294,6 +1330,18 @@ static __init int hardware_setup(void)
        if (boot_cpu_has(X86_FEATURE_NX))
                kvm_enable_efer_bits(EFER_NX);
+        if (!cpu_has_vmx_vpid())
+                enable_vpid = 0;
+        if (!cpu_has_vmx_ept())
+                enable_ept = 0;
+        if (!cpu_has_vmx_flexpriority())
+                flexpriority_enabled = 0;
+        if (!cpu_has_vmx_tpr_shadow())
+                kvm_x86_ops->update_cr8_intercept = NULL;
        return alloc_kvm_area();
 }
@@ -1324,7 +1372,7 @@ static void enter_pmode(struct kvm_vcpu *vcpu)
        struct vcpu_vmx *vmx = to_vmx(vcpu);
        vmx->emulation_required = 1;
-        vcpu->arch.rmode.active = 0;
+        vcpu->arch.rmode.vm86_active = 0;
        vmcs_writel(GUEST_TR_BASE, vcpu->arch.rmode.tr.base);
        vmcs_write32(GUEST_TR_LIMIT, vcpu->arch.rmode.tr.limit);
@@ -1386,7 +1434,7 @@ static void enter_rmode(struct kvm_vcpu *vcpu)
        struct vcpu_vmx *vmx = to_vmx(vcpu);
        vmx->emulation_required = 1;
-        vcpu->arch.rmode.active = 1;
+        vcpu->arch.rmode.vm86_active = 1;
        vcpu->arch.rmode.tr.base = vmcs_readl(GUEST_TR_BASE);
        vmcs_writel(GUEST_TR_BASE, rmode_tss_base(vcpu->kvm));
@@ -1485,7 +1533,7 @@ static void exit_lmode(struct kvm_vcpu *vcpu)
 static void vmx_flush_tlb(struct kvm_vcpu *vcpu)
 {
        vpid_sync_vcpu_all(to_vmx(vcpu));
-        if (vm_need_ept())
+        if (enable_ept)
                ept_sync_context(construct_eptp(vcpu->arch.mmu.root_hpa));
 }
@@ -1555,10 +1603,10 @@ static void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
        vmx_fpu_deactivate(vcpu);
-        if (vcpu->arch.rmode.active && (cr0 & X86_CR0_PE))
+        if (vcpu->arch.rmode.vm86_active && (cr0 & X86_CR0_PE))
                enter_pmode(vcpu);
-        if (!vcpu->arch.rmode.active && !(cr0 & X86_CR0_PE))
+        if (!vcpu->arch.rmode.vm86_active && !(cr0 & X86_CR0_PE))
                enter_rmode(vcpu);
 #ifdef CONFIG_X86_64
@@ -1570,7 +1618,7 @@ static void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
        }
 #endif
-        if (vm_need_ept())
+        if (enable_ept)
                ept_update_paging_mode_cr0(&hw_cr0, cr0, vcpu);
        vmcs_writel(CR0_READ_SHADOW, cr0);
@@ -1599,7 +1647,7 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
        u64 eptp;
        guest_cr3 = cr3;
-        if (vm_need_ept()) {
+        if (enable_ept) {
                eptp = construct_eptp(cr3);
                vmcs_write64(EPT_POINTER, eptp);
                ept_sync_context(eptp);
@@ -1616,11 +1664,11 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
 static void vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 {
-        unsigned long hw_cr4 = cr4 | (vcpu->arch.rmode.active ?
+        unsigned long hw_cr4 = cr4 | (vcpu->arch.rmode.vm86_active ?
                    KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON);
        vcpu->arch.cr4 = cr4;
-        if (vm_need_ept())
+        if (enable_ept)
                ept_update_paging_mode_cr4(&hw_cr4, vcpu);
        vmcs_writel(CR4_READ_SHADOW, cr4);
@@ -1699,7 +1747,7 @@ static void vmx_set_segment(struct kvm_vcpu *vcpu,
        struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
        u32 ar;
-        if (vcpu->arch.rmode.active && seg == VCPU_SREG_TR) {
+        if (vcpu->arch.rmode.vm86_active && seg == VCPU_SREG_TR) {
                vcpu->arch.rmode.tr.selector = var->selector;
                vcpu->arch.rmode.tr.base = var->base;
                vcpu->arch.rmode.tr.limit = var->limit;
@@ -1709,7 +1757,7 @@ static void vmx_set_segment(struct kvm_vcpu *vcpu,
        vmcs_writel(sf->base, var->base);
        vmcs_write32(sf->limit, var->limit);
        vmcs_write16(sf->selector, var->selector);
-        if (vcpu->arch.rmode.active && var->s) {
+        if (vcpu->arch.rmode.vm86_active && var->s) {
                /*
                 * Hack real-mode segments into vm86 compatibility.
                 */
@@ -1982,7 +2030,7 @@ static int init_rmode_identity_map(struct kvm *kvm)
        pfn_t identity_map_pfn;
        u32 tmp;
-        if (!vm_need_ept())
+        if (!enable_ept)
                return 1;
        if (unlikely(!kvm->arch.ept_identity_pagetable)) {
                printk(KERN_ERR "EPT: identity-mapping pagetable "
@@ -2071,7 +2119,7 @@ static void allocate_vpid(struct vcpu_vmx *vmx)
        int vpid;
        vmx->vpid = 0;
-        if (!enable_vpid || !cpu_has_vmx_vpid())
+        if (!enable_vpid)
                return;
        spin_lock(&vmx_vpid_lock);
        vpid = find_first_zero_bit(vmx_vpid_bitmap, VMX_NR_VPIDS);
@@ -2082,9 +2130,9 @@ static void allocate_vpid(struct vcpu_vmx *vmx)
        spin_unlock(&vmx_vpid_lock);
 }
-static void vmx_disable_intercept_for_msr(struct page *msr_bitmap, u32 msr)
+static void __vmx_disable_intercept_for_msr(unsigned long *msr_bitmap, u32 msr)
 {
-        void *va;
+        int f = sizeof(unsigned long);
        if (!cpu_has_vmx_msr_bitmap())
                return;
@@ -2094,16 +2142,21 @@ static void vmx_disable_intercept_for_msr(struct page *msr_bitmap, u32 msr)
         * have the write-low and read-high bitmap offsets the wrong way round.
         * We can control MSRs 0x00000000-0x00001fff and 0xc0000000-0xc0001fff.
         */
-        va = kmap(msr_bitmap);
        if (msr <= 0x1fff) {
-                __clear_bit(msr, va + 0x000); /* read-low */
+                __clear_bit(msr, msr_bitmap + 0x000 / f); /* read-low */
-                __clear_bit(msr, va + 0x800); /* write-low */
+                __clear_bit(msr, msr_bitmap + 0x800 / f); /* write-low */
        } else if ((msr >= 0xc0000000) && (msr <= 0xc0001fff)) {
                msr &= 0x1fff;
-                __clear_bit(msr, va + 0x400); /* read-high */
+                __clear_bit(msr, msr_bitmap + 0x400 / f); /* read-high */
-                __clear_bit(msr, va + 0xc00); /* write-high */
+                __clear_bit(msr, msr_bitmap + 0xc00 / f); /* write-high */
        }
-        kunmap(msr_bitmap);
+}
+static void vmx_disable_intercept_for_msr(u32 msr, bool longmode_only)
+{
+        if (!longmode_only)
+                __vmx_disable_intercept_for_msr(vmx_msr_bitmap_legacy, msr);
+        __vmx_disable_intercept_for_msr(vmx_msr_bitmap_longmode, msr);
 }
 /*
@@ -2121,11 +2174,11 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
        u32 exec_control;
        /* I/O */
-        vmcs_write64(IO_BITMAP_A, page_to_phys(vmx_io_bitmap_a));
+        vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap_a));
-        vmcs_write64(IO_BITMAP_B, page_to_phys(vmx_io_bitmap_b));
+        vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap_b));
        if (cpu_has_vmx_msr_bitmap())
-                vmcs_write64(MSR_BITMAP, page_to_phys(vmx_msr_bitmap));
+                vmcs_write64(MSR_BITMAP, __pa(vmx_msr_bitmap_legacy));
        vmcs_write64(VMCS_LINK_POINTER, -1ull); /* 22.3.1.5 */
@@ -2141,7 +2194,7 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
                                CPU_BASED_CR8_LOAD_EXITING;
 #endif
        }
-        if (!vm_need_ept())
+        if (!enable_ept)
                exec_control |= CPU_BASED_CR3_STORE_EXITING |
                                CPU_BASED_CR3_LOAD_EXITING  |
                                CPU_BASED_INVLPG_EXITING;
@@ -2154,7 +2207,7 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
                                ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
                if (vmx->vpid == 0)
                        exec_control &= ~SECONDARY_EXEC_ENABLE_VPID;
-                if (!vm_need_ept())
+                if (!enable_ept)
                        exec_control &= ~SECONDARY_EXEC_ENABLE_EPT;
                vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
        }
@@ -2273,7 +2326,7 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
                goto out;
        }
-        vmx->vcpu.arch.rmode.active = 0;
+        vmx->vcpu.arch.rmode.vm86_active = 0;
        vmx->soft_vnmi_blocked = 0;
@@ -2402,14 +2455,16 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
        vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control);
 }
-static void vmx_inject_irq(struct kvm_vcpu *vcpu, int irq)
+static void vmx_inject_irq(struct kvm_vcpu *vcpu)
 {
        struct vcpu_vmx *vmx = to_vmx(vcpu);
+        uint32_t intr;
+        int irq = vcpu->arch.interrupt.nr;
        KVMTRACE_1D(INJ_VIRQ, vcpu, (u32)irq, handler);
        ++vcpu->stat.irq_injections;
-        if (vcpu->arch.rmode.active) {
+        if (vcpu->arch.rmode.vm86_active) {
                vmx->rmode.irq.pending = true;
                vmx->rmode.irq.vector = irq;
                vmx->rmode.irq.rip = kvm_rip_read(vcpu);
@@ -2419,8 +2474,14 @@ static void vmx_inject_irq(struct kvm_vcpu *vcpu, int irq)
                kvm_rip_write(vcpu, vmx->rmode.irq.rip - 1);
                return;
        }
-        vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
+        intr = irq | INTR_INFO_VALID_MASK;
-                        irq | INTR_TYPE_EXT_INTR | INTR_INFO_VALID_MASK);
+        if (vcpu->arch.interrupt.soft) {
+                intr |= INTR_TYPE_SOFT_INTR;
+                vmcs_write32(VM_ENTRY_INSTRUCTION_LEN,
+                             vmx->vcpu.arch.event_exit_inst_len);
+        } else
+                intr |= INTR_TYPE_EXT_INTR;
+        vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr);
 }
 static void vmx_inject_nmi(struct kvm_vcpu *vcpu)
@@ -2441,7 +2502,7 @@ static void vmx_inject_nmi(struct kvm_vcpu *vcpu)
        }
        ++vcpu->stat.nmi_injections;
-        if (vcpu->arch.rmode.active) {
+        if (vcpu->arch.rmode.vm86_active) {
                vmx->rmode.irq.pending = true;
                vmx->rmode.irq.vector = NMI_VECTOR;
                vmx->rmode.irq.rip = kvm_rip_read(vcpu);
@@ -2456,76 +2517,21 @@ static void vmx_inject_nmi(struct kvm_vcpu *vcpu)
                        INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK | NMI_VECTOR);
 }
-static void vmx_update_window_states(struct kvm_vcpu *vcpu)
+static int vmx_nmi_allowed(struct kvm_vcpu *vcpu)
 {
-        u32 guest_intr = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
-        vcpu->arch.nmi_window_open =
-                !(guest_intr & (GUEST_INTR_STATE_STI |
-                                GUEST_INTR_STATE_MOV_SS |
-                                GUEST_INTR_STATE_NMI));
        if (!cpu_has_virtual_nmis() && to_vmx(vcpu)->soft_vnmi_blocked)
-                vcpu->arch.nmi_window_open = 0;
+                return 0;
-        vcpu->arch.interrupt_window_open =
-                ((vmcs_readl(GUEST_RFLAGS) & X86_EFLAGS_IF) &&
-                 !(guest_intr & (GUEST_INTR_STATE_STI |
-                                 GUEST_INTR_STATE_MOV_SS)));
-}
-static void kvm_do_inject_irq(struct kvm_vcpu *vcpu)
-{
-        int word_index = __ffs(vcpu->arch.irq_summary);
-        int bit_index = __ffs(vcpu->arch.irq_pending[word_index]);
-        int irq = word_index * BITS_PER_LONG + bit_index;
-        clear_bit(bit_index, &vcpu->arch.irq_pending[word_index]);
+        return  !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
-        if (!vcpu->arch.irq_pending[word_index])
+                        (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS |
-                clear_bit(word_index, &vcpu->arch.irq_summary);
+                                GUEST_INTR_STATE_NMI));
-        kvm_queue_interrupt(vcpu, irq);
 }
-static void do_interrupt_requests(struct kvm_vcpu *vcpu,
+static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu)
-                                       struct kvm_run *kvm_run)
 {
-        vmx_update_window_states(vcpu);
+        return (vmcs_readl(GUEST_RFLAGS) & X86_EFLAGS_IF) &&
+                !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
-        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
+                        (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS));
-                vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
-                                GUEST_INTR_STATE_STI |
-                                GUEST_INTR_STATE_MOV_SS);
-        if (vcpu->arch.nmi_pending && !vcpu->arch.nmi_injected) {
-                if (vcpu->arch.interrupt.pending) {
-                        enable_nmi_window(vcpu);
-                } else if (vcpu->arch.nmi_window_open) {
-                        vcpu->arch.nmi_pending = false;
-                        vcpu->arch.nmi_injected = true;
-                } else {
-                        enable_nmi_window(vcpu);
-                        return;
-                }
-        }
-        if (vcpu->arch.nmi_injected) {
-                vmx_inject_nmi(vcpu);
-                if (vcpu->arch.nmi_pending)
-                        enable_nmi_window(vcpu);
-                else if (vcpu->arch.irq_summary
-                         || kvm_run->request_interrupt_window)
-                        enable_irq_window(vcpu);
-                return;
-        }
-        if (vcpu->arch.interrupt_window_open) {
-                if (vcpu->arch.irq_summary && !vcpu->arch.interrupt.pending)
-                        kvm_do_inject_irq(vcpu);
-                if (vcpu->arch.interrupt.pending)
-                        vmx_inject_irq(vcpu, vcpu->arch.interrupt.nr);
-        }
-        if (!vcpu->arch.interrupt_window_open &&
-            (vcpu->arch.irq_summary || kvm_run->request_interrupt_window))
-                enable_irq_window(vcpu);
 }
 static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
@@ -2585,6 +2591,31 @@ static int handle_rmode_exception(struct kvm_vcpu *vcpu,
        return 0;
 }
+/*
+ * Trigger machine check on the host. We assume all the MSRs are already set up
+ * by the CPU and that we still run on the same CPU as the MCE occurred on.
+ * We pass a fake environment to the machine check handler because we want
+ * the guest to be always treated like user space, no matter what context
+ * it used internally.
+ */
+static void kvm_machine_check(void)
+{
+#if defined(CONFIG_X86_MCE) && defined(CONFIG_X86_64)
+        struct pt_regs regs = {
+                .cs = 3, /* Fake ring 3 no matter what the guest ran on */
+                .flags = X86_EFLAGS_IF,
+        };
+        do_machine_check(&regs, 0);
+#endif
+}
+static int handle_machine_check(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+{
+        /* already handled by vcpu_run */
+        return 1;
+}
 static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
        struct vcpu_vmx *vmx = to_vmx(vcpu);
@@ -2596,17 +2627,14 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
        vect_info = vmx->idt_vectoring_info;
        intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
+        if (is_machine_check(intr_info))
+                return handle_machine_check(vcpu, kvm_run);
        if ((vect_info & VECTORING_INFO_VALID_MASK) &&
                                                !is_page_fault(intr_info))
                printk(KERN_ERR "%s: unexpected, vectoring info 0x%x "
                       "intr info 0x%x\n", __func__, vect_info, intr_info);
-        if (!irqchip_in_kernel(vcpu->kvm) && is_external_interrupt(vect_info)) {
-                int irq = vect_info & VECTORING_INFO_VECTOR_MASK;
-                set_bit(irq, vcpu->arch.irq_pending);
-                set_bit(irq / BITS_PER_LONG, &vcpu->arch.irq_summary);
-        }
        if ((intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR)
                return 1;  /* already handled by vmx_vcpu_run() */
@@ -2628,17 +2656,17 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
        if (is_page_fault(intr_info)) {
                /* EPT won't cause page fault directly */
-                if (vm_need_ept())
+                if (enable_ept)
                        BUG();
                cr2 = vmcs_readl(EXIT_QUALIFICATION);
                KVMTRACE_3D(PAGE_FAULT, vcpu, error_code, (u32)cr2,
                            (u32)((u64)cr2 >> 32), handler);
-                if (vcpu->arch.interrupt.pending || vcpu->arch.exception.pending)
+                if (kvm_event_needs_reinjection(vcpu))
                        kvm_mmu_unprotect_page_virt(vcpu, cr2);
                return kvm_mmu_page_fault(vcpu, cr2, error_code);
        }
-        if (vcpu->arch.rmode.active &&
+        if (vcpu->arch.rmode.vm86_active &&
            handle_rmode_exception(vcpu, intr_info & INTR_INFO_VECTOR_MASK,
                                                                error_code)) {
                if (vcpu->arch.halt_request) {
@@ -2753,13 +2781,18 @@ static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                        kvm_set_cr4(vcpu, kvm_register_read(vcpu, reg));
                        skip_emulated_instruction(vcpu);
                        return 1;
-                case 8:
+                case 8: {
-                        kvm_set_cr8(vcpu, kvm_register_read(vcpu, reg));
+                                u8 cr8_prev = kvm_get_cr8(vcpu);
-                        skip_emulated_instruction(vcpu);
+                                u8 cr8 = kvm_register_read(vcpu, reg);
-                        if (irqchip_in_kernel(vcpu->kvm))
+                                kvm_set_cr8(vcpu, cr8);
-                                return 1;
+                                skip_emulated_instruction(vcpu);
-                        kvm_run->exit_reason = KVM_EXIT_SET_TPR;
+                                if (irqchip_in_kernel(vcpu->kvm))
-                        return 0;
+                                        return 1;
+                                if (cr8_prev <= cr8)
+                                        return 1;
+                                kvm_run->exit_reason = KVM_EXIT_SET_TPR;
+                                return 0;
+                        }
                };
                break;
        case 2: /* clts */
@@ -2957,8 +2990,9 @@ static int handle_interrupt_window(struct kvm_vcpu *vcpu,
         * If the user space waits to inject interrupts, exit as soon as
         * possible
         */
-        if (kvm_run->request_interrupt_window &&
+        if (!irqchip_in_kernel(vcpu->kvm) &&
-            !vcpu->arch.irq_summary) {
+            kvm_run->request_interrupt_window &&
+            !kvm_cpu_has_interrupt(vcpu)) {
                kvm_run->exit_reason = KVM_EXIT_IRQ_WINDOW_OPEN;
                return 0;
        }
@@ -2980,7 +3014,7 @@ static int handle_vmcall(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 static int handle_invlpg(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
-        u64 exit_qualification = vmcs_read64(EXIT_QUALIFICATION);
+        unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
        kvm_mmu_invlpg(vcpu, exit_qualification);
        skip_emulated_instruction(vcpu);
@@ -2996,11 +3030,11 @@ static int handle_wbinvd(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 static int handle_apic_access(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
-        u64 exit_qualification;
+        unsigned long exit_qualification;
        enum emulation_result er;
        unsigned long offset;
-        exit_qualification = vmcs_read64(EXIT_QUALIFICATION);
+        exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
        offset = exit_qualification & 0xffful;
        er = emulate_instruction(vcpu, kvm_run, 0, 0, 0);
@@ -3019,22 +3053,41 @@ static int handle_task_switch(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
        struct vcpu_vmx *vmx = to_vmx(vcpu);
        unsigned long exit_qualification;
        u16 tss_selector;
-        int reason;
+        int reason, type, idt_v;
+        idt_v = (vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK);
+        type = (vmx->idt_vectoring_info & VECTORING_INFO_TYPE_MASK);
        exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
        reason = (u32)exit_qualification >> 30;
-        if (reason == TASK_SWITCH_GATE && vmx->vcpu.arch.nmi_injected &&
+        if (reason == TASK_SWITCH_GATE && idt_v) {
-            (vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&
+                switch (type) {
-            (vmx->idt_vectoring_info & VECTORING_INFO_TYPE_MASK)
+                case INTR_TYPE_NMI_INTR:
-            == INTR_TYPE_NMI_INTR) {
+                        vcpu->arch.nmi_injected = false;
-                vcpu->arch.nmi_injected = false;
+                        if (cpu_has_virtual_nmis())
-                if (cpu_has_virtual_nmis())
+                                vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
-                        vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
+                                              GUEST_INTR_STATE_NMI);
-                                      GUEST_INTR_STATE_NMI);
+                        break;
+                case INTR_TYPE_EXT_INTR:
+                case INTR_TYPE_SOFT_INTR:
+                        kvm_clear_interrupt_queue(vcpu);
+                        break;
+                case INTR_TYPE_HARD_EXCEPTION:
+                case INTR_TYPE_SOFT_EXCEPTION:
+                        kvm_clear_exception_queue(vcpu);
+                        break;
+                default:
+                        break;
+                }
        }
        tss_selector = exit_qualification;
+        if (!idt_v || (type != INTR_TYPE_HARD_EXCEPTION &&
+                       type != INTR_TYPE_EXT_INTR &&
+                       type != INTR_TYPE_NMI_INTR))
+                skip_emulated_instruction(vcpu);
        if (!kvm_task_switch(vcpu, tss_selector, reason))
                return 0;
@@ -3051,11 +3104,11 @@ static int handle_task_switch(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
-        u64 exit_qualification;
+        unsigned long exit_qualification;
        gpa_t gpa;
        int gla_validity;
-        exit_qualification = vmcs_read64(EXIT_QUALIFICATION);
+        exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
        if (exit_qualification & (1 << 6)) {
                printk(KERN_ERR "EPT: GPA exceeds GAW!\n");
@@ -3067,7 +3120,7 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                printk(KERN_ERR "EPT: Handling EPT violation failed!\n");
                printk(KERN_ERR "EPT: GPA: 0x%lx, GVA: 0x%lx\n",
                        (long unsigned int)vmcs_read64(GUEST_PHYSICAL_ADDRESS),
-                        (long unsigned int)vmcs_read64(GUEST_LINEAR_ADDRESS));
+                        vmcs_readl(GUEST_LINEAR_ADDRESS));
                printk(KERN_ERR "EPT: Exit qualification is 0x%lx\n",
                        (long unsigned int)exit_qualification);
                kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
@@ -3150,6 +3203,7 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu,
        [EXIT_REASON_WBINVD]                  = handle_wbinvd,
        [EXIT_REASON_TASK_SWITCH]             = handle_task_switch,
        [EXIT_REASON_EPT_VIOLATION]           = handle_ept_violation,
+        [EXIT_REASON_MCE_DURING_VMENTRY]      = handle_machine_check,
 };
 static const int kvm_vmx_max_exit_handlers =
@@ -3159,10 +3213,10 @@ static const int kvm_vmx_max_exit_handlers =
 * The guest has exited.  See if we can fix it or if we need userspace
 * assistance.
 */
-static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
+static int vmx_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
 {
-        u32 exit_reason = vmcs_read32(VM_EXIT_REASON);
        struct vcpu_vmx *vmx = to_vmx(vcpu);
+        u32 exit_reason = vmx->exit_reason;
        u32 vectoring_info = vmx->idt_vectoring_info;
        KVMTRACE_3D(VMEXIT, vcpu, exit_reason, (u32)kvm_rip_read(vcpu),
@@ -3178,7 +3232,7 @@ static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
        /* Access CR3 don't cause VMExit in paging mode, so we need
         * to sync with guest real CR3. */
-        if (vm_need_ept() && is_paging(vcpu)) {
+        if (enable_ept && is_paging(vcpu)) {
                vcpu->arch.cr3 = vmcs_readl(GUEST_CR3);
                ept_load_pdptrs(vcpu);
        }
@@ -3199,9 +3253,8 @@ static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
                       __func__, vectoring_info, exit_reason);
        if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) {
-                if (vcpu->arch.interrupt_window_open) {
+                if (vmx_interrupt_allowed(vcpu)) {
                        vmx->soft_vnmi_blocked = 0;
-                        vcpu->arch.nmi_window_open = 1;
                } else if (vmx->vnmi_blocked_time > 1000000000LL &&
                           vcpu->arch.nmi_pending) {
                        /*
@@ -3214,7 +3267,6 @@ static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
                               "state on VCPU %d after 1 s timeout\n",
                               __func__, vcpu->vcpu_id);
                        vmx->soft_vnmi_blocked = 0;
-                        vmx->vcpu.arch.nmi_window_open = 1;
                }
        }
@@ -3228,122 +3280,107 @@ static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
        return 0;
 }
-static void update_tpr_threshold(struct kvm_vcpu *vcpu)
+static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
 {
-        int max_irr, tpr;
+        if (irr == -1 || tpr < irr) {
-        if (!vm_need_tpr_shadow(vcpu->kvm))
-                return;
-        if (!kvm_lapic_enabled(vcpu) ||
-            ((max_irr = kvm_lapic_find_highest_irr(vcpu)) == -1)) {
                vmcs_write32(TPR_THRESHOLD, 0);
                return;
        }
-        tpr = (kvm_lapic_get_cr8(vcpu) & 0x0f) << 4;
+        vmcs_write32(TPR_THRESHOLD, irr);
-        vmcs_write32(TPR_THRESHOLD, (max_irr > tpr) ? tpr >> 4 : max_irr >> 4);
 }
 static void vmx_complete_interrupts(struct vcpu_vmx *vmx)
 {
        u32 exit_intr_info;
-        u32 idt_vectoring_info;
+        u32 idt_vectoring_info = vmx->idt_vectoring_info;
        bool unblock_nmi;
        u8 vector;
        int type;
        bool idtv_info_valid;
-        u32 error;
        exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
+        vmx->exit_reason = vmcs_read32(VM_EXIT_REASON);
+        /* Handle machine checks before interrupts are enabled */
+        if ((vmx->exit_reason == EXIT_REASON_MCE_DURING_VMENTRY)
+            || (vmx->exit_reason == EXIT_REASON_EXCEPTION_NMI
+                && is_machine_check(exit_intr_info)))
+                kvm_machine_check();
+        /* We need to handle NMIs before interrupts are enabled */
+        if ((exit_intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR &&
+            (exit_intr_info & INTR_INFO_VALID_MASK)) {
+                KVMTRACE_0D(NMI, &vmx->vcpu, handler);
+                asm("int $2");
+        }
+        idtv_info_valid = idt_vectoring_info & VECTORING_INFO_VALID_MASK;
        if (cpu_has_virtual_nmis()) {
                unblock_nmi = (exit_intr_info & INTR_INFO_UNBLOCK_NMI) != 0;
                vector = exit_intr_info & INTR_INFO_VECTOR_MASK;
                /*
-                 * SDM 3: 25.7.1.2
+                 * SDM 3: 27.7.1.2 (September 2008)
                 * Re-set bit "block by NMI" before VM entry if vmexit caused by
                 * a guest IRET fault.
+                 * SDM 3: 23.2.2 (September 2008)
+                 * Bit 12 is undefined in any of the following cases:
+                 *  If the VM exit sets the valid bit in the IDT-vectoring
+                 *   information field.
+                 *  If the VM exit is due to a double fault.
                 */
-                if (unblock_nmi && vector != DF_VECTOR)
+                if ((exit_intr_info & INTR_INFO_VALID_MASK) && unblock_nmi &&
+                    vector != DF_VECTOR && !idtv_info_valid)
                        vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
                                      GUEST_INTR_STATE_NMI);
        } else if (unlikely(vmx->soft_vnmi_blocked))
                vmx->vnmi_blocked_time +=
                        ktime_to_ns(ktime_sub(ktime_get(), vmx->entry_time));
-        idt_vectoring_info = vmx->idt_vectoring_info;
+        vmx->vcpu.arch.nmi_injected = false;
-        idtv_info_valid = idt_vectoring_info & VECTORING_INFO_VALID_MASK;
+        kvm_clear_exception_queue(&vmx->vcpu);
+        kvm_clear_interrupt_queue(&vmx->vcpu);
+        if (!idtv_info_valid)
+                return;
        vector = idt_vectoring_info & VECTORING_INFO_VECTOR_MASK;
        type = idt_vectoring_info & VECTORING_INFO_TYPE_MASK;
-        if (vmx->vcpu.arch.nmi_injected) {
+        switch (type) {
+        case INTR_TYPE_NMI_INTR:
+                vmx->vcpu.arch.nmi_injected = true;
                /*
-                 * SDM 3: 25.7.1.2
+                 * SDM 3: 27.7.1.2 (September 2008)
-                 * Clear bit "block by NMI" before VM entry if a NMI delivery
+                 * Clear bit "block by NMI" before VM entry if a NMI
-                 * faulted.
+                 * delivery faulted.
                 */
-                if (idtv_info_valid && type == INTR_TYPE_NMI_INTR)
+                vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
-                        vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
+                                GUEST_INTR_STATE_NMI);
-                                        GUEST_INTR_STATE_NMI);
+                break;
-                else
+        case INTR_TYPE_SOFT_EXCEPTION:
-                        vmx->vcpu.arch.nmi_injected = false;
+                vmx->vcpu.arch.event_exit_inst_len =
-        }
+                        vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
-        kvm_clear_exception_queue(&vmx->vcpu);
+                /* fall through */
-        if (idtv_info_valid && (type == INTR_TYPE_HARD_EXCEPTION ||
+        case INTR_TYPE_HARD_EXCEPTION:
-                                type == INTR_TYPE_SOFT_EXCEPTION)) {
                if (idt_vectoring_info & VECTORING_INFO_DELIVER_CODE_MASK) {
-                        error = vmcs_read32(IDT_VECTORING_ERROR_CODE);
+                        u32 err = vmcs_read32(IDT_VECTORING_ERROR_CODE);
-                        kvm_queue_exception_e(&vmx->vcpu, vector, error);
+                        kvm_queue_exception_e(&vmx->vcpu, vector, err);
                } else
                        kvm_queue_exception(&vmx->vcpu, vector);
-                vmx->idt_vectoring_info = 0;
+                break;
-        }
+        case INTR_TYPE_SOFT_INTR:
-        kvm_clear_interrupt_queue(&vmx->vcpu);
+                vmx->vcpu.arch.event_exit_inst_len =
-        if (idtv_info_valid && type == INTR_TYPE_EXT_INTR) {
+                        vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
-                kvm_queue_interrupt(&vmx->vcpu, vector);
+                /* fall through */
-                vmx->idt_vectoring_info = 0;
+        case INTR_TYPE_EXT_INTR:
-        }
+                kvm_queue_interrupt(&vmx->vcpu, vector,
-}
+                        type == INTR_TYPE_SOFT_INTR);
+                break;
-static void vmx_intr_assist(struct kvm_vcpu *vcpu)
+        default:
-{
+                break;
-        update_tpr_threshold(vcpu);
-        vmx_update_window_states(vcpu);
-        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
-                vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
-                                GUEST_INTR_STATE_STI |
-                                GUEST_INTR_STATE_MOV_SS);
-        if (vcpu->arch.nmi_pending && !vcpu->arch.nmi_injected) {
-                if (vcpu->arch.interrupt.pending) {
-                        enable_nmi_window(vcpu);
-                } else if (vcpu->arch.nmi_window_open) {
-                        vcpu->arch.nmi_pending = false;
-                        vcpu->arch.nmi_injected = true;
-                } else {
-                        enable_nmi_window(vcpu);
-                        return;
-                }
-        }
-        if (vcpu->arch.nmi_injected) {
-                vmx_inject_nmi(vcpu);
-                if (vcpu->arch.nmi_pending)
-                        enable_nmi_window(vcpu);
-                else if (kvm_cpu_has_interrupt(vcpu))
-                        enable_irq_window(vcpu);
-                return;
-        }
-        if (!vcpu->arch.interrupt.pending && kvm_cpu_has_interrupt(vcpu)) {
-                if (vcpu->arch.interrupt_window_open)
-                        kvm_queue_interrupt(vcpu, kvm_cpu_get_interrupt(vcpu));
-                else
-                        enable_irq_window(vcpu);
-        }
-        if (vcpu->arch.interrupt.pending) {
-                vmx_inject_irq(vcpu, vcpu->arch.interrupt.nr);
-                if (kvm_cpu_has_interrupt(vcpu))
-                        enable_irq_window(vcpu);
        }
 }
@@ -3381,7 +3418,6 @@ static void fixup_rmode_irq(struct vcpu_vmx *vmx)
 static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
        struct vcpu_vmx *vmx = to_vmx(vcpu);
-        u32 intr_info;
        /* Record the guest's net vcpu time for enforced NMI injections. */
        if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked))
@@ -3505,20 +3541,9 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
        if (vmx->rmode.irq.pending)
                fixup_rmode_irq(vmx);
-        vmx_update_window_states(vcpu);
        asm("mov %0, %%ds; mov %0, %%es" : : "r"(__USER_DS));
        vmx->launched = 1;
-        intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
-        /* We need to handle NMIs before interrupts are enabled */
-        if ((intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR &&
-            (intr_info & INTR_INFO_VALID_MASK)) {
-                KVMTRACE_0D(NMI, vcpu, handler);
-                asm("int $2");
-        }
        vmx_complete_interrupts(vmx);
 }
@@ -3593,7 +3618,7 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
                if (alloc_apic_access_page(kvm) != 0)
                        goto free_vmcs;
-        if (vm_need_ept())
+        if (enable_ept)
                if (alloc_identity_pagetable(kvm) != 0)
                        goto free_vmcs;
@@ -3631,9 +3656,32 @@ static int get_ept_level(void)
        return VMX_EPT_DEFAULT_GAW + 1;
 }
-static int vmx_get_mt_mask_shift(void)
+static u64 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
 {
-        return VMX_EPT_MT_EPTE_SHIFT;
+        u64 ret;
+        /* For VT-d and EPT combination
+         * 1. MMIO: always map as UC
+         * 2. EPT with VT-d:
+         *   a. VT-d without snooping control feature: can't guarantee the
+         *      result, try to trust guest.
+         *   b. VT-d with snooping control feature: snooping control feature of
+         *      VT-d engine can guarantee the cache correctness. Just set it
+         *      to WB to keep consistent with host. So the same as item 3.
+         * 3. EPT without VT-d: always map as WB and set IGMT=1 to keep
+         *    consistent with host MTRR
+         */
+        if (is_mmio)
+                ret = MTRR_TYPE_UNCACHABLE << VMX_EPT_MT_EPTE_SHIFT;
+        else if (vcpu->kvm->arch.iommu_domain &&
+                !(vcpu->kvm->arch.iommu_flags & KVM_IOMMU_CACHE_COHERENCY))
+                ret = kvm_get_guest_memory_type(vcpu, gfn) <<
+                      VMX_EPT_MT_EPTE_SHIFT;
+        else
+                ret = (MTRR_TYPE_WRBACK << VMX_EPT_MT_EPTE_SHIFT)
+                        | VMX_EPT_IGMT_BIT;
+        return ret;
 }
 static struct kvm_x86_ops vmx_x86_ops = {
@@ -3644,7 +3692,7 @@ static struct kvm_x86_ops vmx_x86_ops = {
        .check_processor_compatibility = vmx_check_processor_compat,
        .hardware_enable = hardware_enable,
        .hardware_disable = hardware_disable,
-        .cpu_has_accelerated_tpr = cpu_has_vmx_virtualize_apic_accesses,
+        .cpu_has_accelerated_tpr = report_flexpriority,
        .vcpu_create = vmx_create_vcpu,
        .vcpu_free = vmx_free_vcpu,
@@ -3678,78 +3726,82 @@ static struct kvm_x86_ops vmx_x86_ops = {
        .tlb_flush = vmx_flush_tlb,
        .run = vmx_vcpu_run,
-        .handle_exit = kvm_handle_exit,
+        .handle_exit = vmx_handle_exit,
        .skip_emulated_instruction = skip_emulated_instruction,
+        .set_interrupt_shadow = vmx_set_interrupt_shadow,
+        .get_interrupt_shadow = vmx_get_interrupt_shadow,
        .patch_hypercall = vmx_patch_hypercall,
-        .get_irq = vmx_get_irq,
        .set_irq = vmx_inject_irq,
+        .set_nmi = vmx_inject_nmi,
        .queue_exception = vmx_queue_exception,
-        .exception_injected = vmx_exception_injected,
+        .interrupt_allowed = vmx_interrupt_allowed,
-        .inject_pending_irq = vmx_intr_assist,
+        .nmi_allowed = vmx_nmi_allowed,
-        .inject_pending_vectors = do_interrupt_requests,
+        .enable_nmi_window = enable_nmi_window,
+        .enable_irq_window = enable_irq_window,
+        .update_cr8_intercept = update_cr8_intercept,
        .set_tss_addr = vmx_set_tss_addr,
        .get_tdp_level = get_ept_level,
-        .get_mt_mask_shift = vmx_get_mt_mask_shift,
+        .get_mt_mask = vmx_get_mt_mask,
 };
 static int __init vmx_init(void)
 {
-        void *va;
        int r;
-        vmx_io_bitmap_a = alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
+        vmx_io_bitmap_a = (unsigned long *)__get_free_page(GFP_KERNEL);
        if (!vmx_io_bitmap_a)
                return -ENOMEM;
-        vmx_io_bitmap_b = alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
+        vmx_io_bitmap_b = (unsigned long *)__get_free_page(GFP_KERNEL);
        if (!vmx_io_bitmap_b) {
                r = -ENOMEM;
                goto out;
        }
-        vmx_msr_bitmap = alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
+        vmx_msr_bitmap_legacy = (unsigned long *)__get_free_page(GFP_KERNEL);
-        if (!vmx_msr_bitmap) {
+        if (!vmx_msr_bitmap_legacy) {
                r = -ENOMEM;
                goto out1;
        }
+        vmx_msr_bitmap_longmode = (unsigned long *)__get_free_page(GFP_KERNEL);
+        if (!vmx_msr_bitmap_longmode) {
+                r = -ENOMEM;
+                goto out2;
+        }
        /*
         * Allow direct access to the PC debug port (it is often used for I/O
         * delays, but the vmexits simply slow things down).
         */
-        va = kmap(vmx_io_bitmap_a);
+        memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE);
-        memset(va, 0xff, PAGE_SIZE);
+        clear_bit(0x80, vmx_io_bitmap_a);
-        clear_bit(0x80, va);
-        kunmap(vmx_io_bitmap_a);
-        va = kmap(vmx_io_bitmap_b);
+        memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE);
-        memset(va, 0xff, PAGE_SIZE);
-        kunmap(vmx_io_bitmap_b);
-        va = kmap(vmx_msr_bitmap);
+        memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE);
-        memset(va, 0xff, PAGE_SIZE);
+        memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE);
-        kunmap(vmx_msr_bitmap);
        set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
        r = kvm_init(&vmx_x86_ops, sizeof(struct vcpu_vmx), THIS_MODULE);
        if (r)
-                goto out2;
+                goto out3;
-        vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_FS_BASE);
+        vmx_disable_intercept_for_msr(MSR_FS_BASE, false);
-        vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_GS_BASE);
+        vmx_disable_intercept_for_msr(MSR_GS_BASE, false);
-        vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_IA32_SYSENTER_CS);
+        vmx_disable_intercept_for_msr(MSR_KERNEL_GS_BASE, true);
-        vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_IA32_SYSENTER_ESP);
+        vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_CS, false);
-        vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_IA32_SYSENTER_EIP);
+        vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_ESP, false);
+        vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_EIP, false);
-        if (vm_need_ept()) {
+        if (enable_ept) {
                bypass_guest_pf = 0;
                kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
                        VMX_EPT_WRITABLE_MASK);
                kvm_mmu_set_mask_ptes(0ull, 0ull, 0ull, 0ull,
-                                VMX_EPT_EXECUTABLE_MASK,
+                                VMX_EPT_EXECUTABLE_MASK);
-                                VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
                kvm_enable_tdp();
        } else
                kvm_disable_tdp();
@@ -3761,20 +3813,23 @@ static int __init vmx_init(void)
        return 0;
+out3:
+        free_page((unsigned long)vmx_msr_bitmap_longmode);
 out2:
-        __free_page(vmx_msr_bitmap);
+        free_page((unsigned long)vmx_msr_bitmap_legacy);
 out1:
-        __free_page(vmx_io_bitmap_b);
+        free_page((unsigned long)vmx_io_bitmap_b);
 out:
-        __free_page(vmx_io_bitmap_a);
+        free_page((unsigned long)vmx_io_bitmap_a);
        return r;
 }
 static void __exit vmx_exit(void)
 {
-        __free_page(vmx_msr_bitmap);
+        free_page((unsigned long)vmx_msr_bitmap_legacy);
-        __free_page(vmx_io_bitmap_b);
+        free_page((unsigned long)vmx_msr_bitmap_longmode);
-        __free_page(vmx_io_bitmap_a);
+        free_page((unsigned long)vmx_io_bitmap_b);
+        free_page((unsigned long)vmx_io_bitmap_a);
        kvm_exit();
 }
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 3944e917e794..249540f98513 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -91,7 +91,6 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
        { "halt_wakeup", VCPU_STAT(halt_wakeup) },
        { "hypercalls", VCPU_STAT(hypercalls) },
        { "request_irq", VCPU_STAT(request_irq_exits) },
-        { "request_nmi", VCPU_STAT(request_nmi_exits) },
        { "irq_exits", VCPU_STAT(irq_exits) },
        { "host_state_reload", VCPU_STAT(host_state_reload) },
        { "efer_reload", VCPU_STAT(efer_reload) },
@@ -108,7 +107,6 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
        { "mmu_recycled", VM_STAT(mmu_recycled) },
        { "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
        { "mmu_unsync", VM_STAT(mmu_unsync) },
-        { "mmu_unsync_global", VM_STAT(mmu_unsync_global) },
        { "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
        { "largepages", VM_STAT(lpages) },
        { NULL }
@@ -234,7 +232,8 @@ int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3)
                goto out;
        }
        for (i = 0; i < ARRAY_SIZE(pdpte); ++i) {
-                if ((pdpte[i] & 1) && (pdpte[i] & 0xfffffff0000001e6ull)) {
+                if (is_present_pte(pdpte[i]) &&
+                    (pdpte[i] & vcpu->arch.mmu.rsvd_bits_mask[0][2])) {
                        ret = 0;
                        goto out;
                }
@@ -321,7 +320,6 @@ void kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
        kvm_x86_ops->set_cr0(vcpu, cr0);
        vcpu->arch.cr0 = cr0;
-        kvm_mmu_sync_global(vcpu);
        kvm_mmu_reset_context(vcpu);
        return;
 }
@@ -370,7 +368,6 @@ void kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
        kvm_x86_ops->set_cr4(vcpu, cr4);
        vcpu->arch.cr4 = cr4;
        vcpu->arch.mmu.base_role.cr4_pge = (cr4 & X86_CR4_PGE) && !tdp_enabled;
-        kvm_mmu_sync_global(vcpu);
        kvm_mmu_reset_context(vcpu);
 }
 EXPORT_SYMBOL_GPL(kvm_set_cr4);
@@ -523,6 +520,9 @@ static void set_efer(struct kvm_vcpu *vcpu, u64 efer)
        efer |= vcpu->arch.shadow_efer & EFER_LMA;
        vcpu->arch.shadow_efer = efer;
+        vcpu->arch.mmu.base_role.nxe = (efer & EFER_NX) && !tdp_enabled;
+        kvm_mmu_reset_context(vcpu);
 }
 void kvm_enable_efer_bits(u64 mask)
@@ -630,14 +630,17 @@ static void kvm_write_guest_time(struct kvm_vcpu *v)
        unsigned long flags;
        struct kvm_vcpu_arch *vcpu = &v->arch;
        void *shared_kaddr;
+        unsigned long this_tsc_khz;
        if ((!vcpu->time_page))
                return;
-        if (unlikely(vcpu->hv_clock_tsc_khz != __get_cpu_var(cpu_tsc_khz))) {
+        this_tsc_khz = get_cpu_var(cpu_tsc_khz);
-                kvm_set_time_scale(__get_cpu_var(cpu_tsc_khz), &vcpu->hv_clock);
+        if (unlikely(vcpu->hv_clock_tsc_khz != this_tsc_khz)) {
-                vcpu->hv_clock_tsc_khz = __get_cpu_var(cpu_tsc_khz);
+                kvm_set_time_scale(this_tsc_khz, &vcpu->hv_clock);
+                vcpu->hv_clock_tsc_khz = this_tsc_khz;
        }
+        put_cpu_var(cpu_tsc_khz);
        /* Keep irq disabled to prevent changes to the clock */
        local_irq_save(flags);
@@ -893,6 +896,8 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
        case MSR_IA32_LASTINTFROMIP:
        case MSR_IA32_LASTINTTOIP:
        case MSR_VM_HSAVE_PA:
+        case MSR_P6_EVNTSEL0:
+        case MSR_P6_EVNTSEL1:
                data = 0;
                break;
        case MSR_MTRRcap:
@@ -1024,6 +1029,7 @@ int kvm_dev_ioctl_check_extension(long ext)
        case KVM_CAP_SYNC_MMU:
        case KVM_CAP_REINJECT_CONTROL:
        case KVM_CAP_IRQ_INJECT_STATUS:
+        case KVM_CAP_ASSIGN_DEV_IRQ:
                r = 1;
                break;
        case KVM_CAP_COALESCED_MMIO:
@@ -1241,41 +1247,53 @@ static void do_cpuid_1_ent(struct kvm_cpuid_entry2 *entry, u32 function,
        entry->flags = 0;
 }
+#define F(x) bit(X86_FEATURE_##x)
 static void do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
                         u32 index, int *nent, int maxnent)
 {
-        const u32 kvm_supported_word0_x86_features = bit(X86_FEATURE_FPU) |
+        unsigned f_nx = is_efer_nx() ? F(NX) : 0;
-                bit(X86_FEATURE_VME) | bit(X86_FEATURE_DE) |
-                bit(X86_FEATURE_PSE) | bit(X86_FEATURE_TSC) |
-                bit(X86_FEATURE_MSR) | bit(X86_FEATURE_PAE) |
-                bit(X86_FEATURE_CX8) | bit(X86_FEATURE_APIC) |
-                bit(X86_FEATURE_SEP) | bit(X86_FEATURE_PGE) |
-                bit(X86_FEATURE_CMOV) | bit(X86_FEATURE_PSE36) |
-                bit(X86_FEATURE_CLFLSH) | bit(X86_FEATURE_MMX) |
-                bit(X86_FEATURE_FXSR) | bit(X86_FEATURE_XMM) |
-                bit(X86_FEATURE_XMM2) | bit(X86_FEATURE_SELFSNOOP);
-        const u32 kvm_supported_word1_x86_features = bit(X86_FEATURE_FPU) |
-                bit(X86_FEATURE_VME) | bit(X86_FEATURE_DE) |
-                bit(X86_FEATURE_PSE) | bit(X86_FEATURE_TSC) |
-                bit(X86_FEATURE_MSR) | bit(X86_FEATURE_PAE) |
-                bit(X86_FEATURE_CX8) | bit(X86_FEATURE_APIC) |
-                bit(X86_FEATURE_PGE) |
-                bit(X86_FEATURE_CMOV) | bit(X86_FEATURE_PSE36) |
-                bit(X86_FEATURE_MMX) | bit(X86_FEATURE_FXSR) |
-                bit(X86_FEATURE_SYSCALL) |
-                (is_efer_nx() ? bit(X86_FEATURE_NX) : 0) |
 #ifdef CONFIG_X86_64
-                bit(X86_FEATURE_LM) |
+        unsigned f_lm = F(LM);
+#else
+        unsigned f_lm = 0;
 #endif
-                bit(X86_FEATURE_FXSR_OPT) |
-                bit(X86_FEATURE_MMXEXT) |
+        /* cpuid 1.edx */
-                bit(X86_FEATURE_3DNOWEXT) |
+        const u32 kvm_supported_word0_x86_features =
-                bit(X86_FEATURE_3DNOW);
+                F(FPU) | F(VME) | F(DE) | F(PSE) |
-        const u32 kvm_supported_word3_x86_features =
+                F(TSC) | F(MSR) | F(PAE) | F(MCE) |
-                bit(X86_FEATURE_XMM3) | bit(X86_FEATURE_CX16);
+                F(CX8) | F(APIC) | 0 /* Reserved */ | F(SEP) |
+                F(MTRR) | F(PGE) | F(MCA) | F(CMOV) |
+                F(PAT) | F(PSE36) | 0 /* PSN */ | F(CLFLSH) |
+                0 /* Reserved, DS, ACPI */ | F(MMX) |
+                F(FXSR) | F(XMM) | F(XMM2) | F(SELFSNOOP) |
+                0 /* HTT, TM, Reserved, PBE */;
+        /* cpuid 0x80000001.edx */
+        const u32 kvm_supported_word1_x86_features =
+                F(FPU) | F(VME) | F(DE) | F(PSE) |
+                F(TSC) | F(MSR) | F(PAE) | F(MCE) |
+                F(CX8) | F(APIC) | 0 /* Reserved */ | F(SYSCALL) |
+                F(MTRR) | F(PGE) | F(MCA) | F(CMOV) |
+                F(PAT) | F(PSE36) | 0 /* Reserved */ |
+                f_nx | 0 /* Reserved */ | F(MMXEXT) | F(MMX) |
+                F(FXSR) | F(FXSR_OPT) | 0 /* GBPAGES */ | 0 /* RDTSCP */ |
+                0 /* Reserved */ | f_lm | F(3DNOWEXT) | F(3DNOW);
+        /* cpuid 1.ecx */
+        const u32 kvm_supported_word4_x86_features =
+                F(XMM3) | 0 /* Reserved, DTES64, MONITOR */ |
+                0 /* DS-CPL, VMX, SMX, EST */ |
+                0 /* TM2 */ | F(SSSE3) | 0 /* CNXT-ID */ | 0 /* Reserved */ |
+                0 /* Reserved */ | F(CX16) | 0 /* xTPR Update, PDCM */ |
+                0 /* Reserved, DCA */ | F(XMM4_1) |
+                F(XMM4_2) | 0 /* x2APIC */ | F(MOVBE) | F(POPCNT) |
+                0 /* Reserved, XSAVE, OSXSAVE */;
+        /* cpuid 0x80000001.ecx */
        const u32 kvm_supported_word6_x86_features =
-                bit(X86_FEATURE_LAHF_LM) | bit(X86_FEATURE_CMP_LEGACY) |
+                F(LAHF_LM) | F(CMP_LEGACY) | F(SVM) | 0 /* ExtApicSpace */ |
-                bit(X86_FEATURE_SVM);
+                F(CR8_LEGACY) | F(ABM) | F(SSE4A) | F(MISALIGNSSE) |
+                F(3DNOWPREFETCH) | 0 /* OSVW */ | 0 /* IBS */ | F(SSE5) |
+                0 /* SKINIT */ | 0 /* WDT */;
        /* all calls to cpuid_count() should be made on the same cpu */
        get_cpu();
@@ -1288,7 +1306,7 @@ static void do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
                break;
        case 1:
                entry->edx &= kvm_supported_word0_x86_features;
-                entry->ecx &= kvm_supported_word3_x86_features;
+                entry->ecx &= kvm_supported_word4_x86_features;
                break;
        /* function 2 entries are STATEFUL. That is, repeated cpuid commands
         * may return different values. This forces us to get_cpu() before
@@ -1350,6 +1368,8 @@ static void do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
        put_cpu();
 }
+#undef F
 static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
                                     struct kvm_cpuid_entry2 __user *entries)
 {
@@ -1421,8 +1441,7 @@ static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
                return -ENXIO;
        vcpu_load(vcpu);
-        set_bit(irq->irq, vcpu->arch.irq_pending);
+        kvm_queue_interrupt(vcpu, irq->irq, false);
-        set_bit(irq->irq / BITS_PER_LONG, &vcpu->arch.irq_summary);
        vcpu_put(vcpu);
@@ -1584,8 +1603,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
                r = -EINVAL;
        }
 out:
-        if (lapic)
+        kfree(lapic);
-                kfree(lapic);
        return r;
 }
@@ -1606,10 +1624,12 @@ static int kvm_vm_ioctl_set_nr_mmu_pages(struct kvm *kvm,
                return -EINVAL;
        down_write(&kvm->slots_lock);
+        spin_lock(&kvm->mmu_lock);
        kvm_mmu_change_mmu_pages(kvm, kvm_nr_mmu_pages);
        kvm->arch.n_requested_mmu_pages = kvm_nr_mmu_pages;
+        spin_unlock(&kvm->mmu_lock);
        up_write(&kvm->slots_lock);
        return 0;
 }
@@ -1785,7 +1805,9 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
        /* If nothing is dirty, don't bother messing with page tables. */
        if (is_dirty) {
+                spin_lock(&kvm->mmu_lock);
                kvm_mmu_slot_remove_write_access(kvm, log->slot);
+                spin_unlock(&kvm->mmu_lock);
                kvm_flush_remote_tlbs(kvm);
                memslot = &kvm->memslots[log->slot];
                n = ALIGN(memslot->npages, BITS_PER_LONG) / 8;
@@ -2360,7 +2382,7 @@ int emulate_instruction(struct kvm_vcpu *vcpu,
                        u16 error_code,
                        int emulation_type)
 {
-        int r;
+        int r, shadow_mask;
        struct decode_cache *c;
        kvm_clear_exception_queue(vcpu);
@@ -2408,7 +2430,16 @@ int emulate_instruction(struct kvm_vcpu *vcpu,
                }
        }
+        if (emulation_type & EMULTYPE_SKIP) {
+                kvm_rip_write(vcpu, vcpu->arch.emulate_ctxt.decode.eip);
+                return EMULATE_DONE;
+        }
        r = x86_emulate_insn(&vcpu->arch.emulate_ctxt, &emulate_ops);
+        shadow_mask = vcpu->arch.emulate_ctxt.interruptibility;
+        if (r == 0)
+                kvm_x86_ops->set_interrupt_shadow(vcpu, shadow_mask);
        if (vcpu->arch.pio.string)
                return EMULATE_DO_MMIO;
@@ -2761,7 +2792,7 @@ int kvm_arch_init(void *opaque)
        kvm_mmu_set_nonpresent_ptes(0ull, 0ull);
        kvm_mmu_set_base_ptes(PT_PRESENT_MASK);
        kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK,
-                        PT_DIRTY_MASK, PT64_NX_MASK, 0, 0);
+                        PT_DIRTY_MASK, PT64_NX_MASK, 0);
        for_each_possible_cpu(cpu)
                per_cpu(cpu_tsc_khz, cpu) = tsc_khz;
@@ -3012,6 +3043,16 @@ struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct kvm_vcpu *vcpu,
        return best;
 }
+int cpuid_maxphyaddr(struct kvm_vcpu *vcpu)
+{
+        struct kvm_cpuid_entry2 *best;
+        best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0);
+        if (best)
+                return best->eax & 0xff;
+        return 36;
+}
 void kvm_emulate_cpuid(struct kvm_vcpu *vcpu)
 {
        u32 function, index;
@@ -3048,10 +3089,9 @@ EXPORT_SYMBOL_GPL(kvm_emulate_cpuid);
 static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu,
                                          struct kvm_run *kvm_run)
 {
-        return (!vcpu->arch.irq_summary &&
+        return (!irqchip_in_kernel(vcpu->kvm) && !kvm_cpu_has_interrupt(vcpu) &&
                kvm_run->request_interrupt_window &&
-                vcpu->arch.interrupt_window_open &&
+                kvm_arch_interrupt_allowed(vcpu));
-                (kvm_x86_ops->get_rflags(vcpu) & X86_EFLAGS_IF));
 }
 static void post_kvm_run_save(struct kvm_vcpu *vcpu,
@@ -3064,8 +3104,9 @@ static void post_kvm_run_save(struct kvm_vcpu *vcpu,
                kvm_run->ready_for_interrupt_injection = 1;
        else
                kvm_run->ready_for_interrupt_injection =
-                                        (vcpu->arch.interrupt_window_open &&
+                        kvm_arch_interrupt_allowed(vcpu) &&
-                                         vcpu->arch.irq_summary == 0);
+                        !kvm_cpu_has_interrupt(vcpu) &&
+                        !kvm_event_needs_reinjection(vcpu);
 }
 static void vapic_enter(struct kvm_vcpu *vcpu)
@@ -3094,9 +3135,63 @@ static void vapic_exit(struct kvm_vcpu *vcpu)
        up_read(&vcpu->kvm->slots_lock);
 }
+static void update_cr8_intercept(struct kvm_vcpu *vcpu)
+{
+        int max_irr, tpr;
+        if (!kvm_x86_ops->update_cr8_intercept)
+                return;
+        if (!vcpu->arch.apic->vapic_addr)
+                max_irr = kvm_lapic_find_highest_irr(vcpu);
+        else
+                max_irr = -1;
+        if (max_irr != -1)
+                max_irr >>= 4;
+        tpr = kvm_lapic_get_cr8(vcpu);
+        kvm_x86_ops->update_cr8_intercept(vcpu, tpr, max_irr);
+}
+static void inject_pending_irq(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+{
+        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
+                kvm_x86_ops->set_interrupt_shadow(vcpu, 0);
+        /* try to reinject previous events if any */
+        if (vcpu->arch.nmi_injected) {
+                kvm_x86_ops->set_nmi(vcpu);
+                return;
+        }
+        if (vcpu->arch.interrupt.pending) {
+                kvm_x86_ops->set_irq(vcpu);
+                return;
+        }
+        /* try to inject new event if pending */
+        if (vcpu->arch.nmi_pending) {
+                if (kvm_x86_ops->nmi_allowed(vcpu)) {
+                        vcpu->arch.nmi_pending = false;
+                        vcpu->arch.nmi_injected = true;
+                        kvm_x86_ops->set_nmi(vcpu);
+                }
+        } else if (kvm_cpu_has_interrupt(vcpu)) {
+                if (kvm_x86_ops->interrupt_allowed(vcpu)) {
+                        kvm_queue_interrupt(vcpu, kvm_cpu_get_interrupt(vcpu),
+                                            false);
+                        kvm_x86_ops->set_irq(vcpu);
+                }
+        }
+}
 static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
        int r;
+        bool req_int_win = !irqchip_in_kernel(vcpu->kvm) &&
+                kvm_run->request_interrupt_window;
        if (vcpu->requests)
                if (test_and_clear_bit(KVM_REQ_MMU_RELOAD, &vcpu->requests))
@@ -3128,9 +3223,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                }
        }
-        clear_bit(KVM_REQ_PENDING_TIMER, &vcpu->requests);
-        kvm_inject_pending_timer_irqs(vcpu);
        preempt_disable();
        kvm_x86_ops->prepare_guest_switch(vcpu);
@@ -3138,6 +3230,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
        local_irq_disable();
+        clear_bit(KVM_REQ_KICK, &vcpu->requests);
+        smp_mb__after_clear_bit();
        if (vcpu->requests || need_resched() || signal_pending(current)) {
                local_irq_enable();
                preempt_enable();
@@ -3145,21 +3240,21 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                goto out;
        }
-        vcpu->guest_mode = 1;
-        /*
-         * Make sure that guest_mode assignment won't happen after
-         * testing the pending IRQ vector bitmap.
-         */
-        smp_wmb();
        if (vcpu->arch.exception.pending)
                __queue_exception(vcpu);
-        else if (irqchip_in_kernel(vcpu->kvm))
-                kvm_x86_ops->inject_pending_irq(vcpu);
        else
-                kvm_x86_ops->inject_pending_vectors(vcpu, kvm_run);
+                inject_pending_irq(vcpu, kvm_run);
-        kvm_lapic_sync_to_vapic(vcpu);
+        /* enable NMI/IRQ window open exits if needed */
+        if (vcpu->arch.nmi_pending)
+                kvm_x86_ops->enable_nmi_window(vcpu);
+        else if (kvm_cpu_has_interrupt(vcpu) || req_int_win)
+                kvm_x86_ops->enable_irq_window(vcpu);
+        if (kvm_lapic_enabled(vcpu)) {
+                update_cr8_intercept(vcpu);
+                kvm_lapic_sync_to_vapic(vcpu);
+        }
        up_read(&vcpu->kvm->slots_lock);
@@ -3193,7 +3288,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
        set_debugreg(vcpu->arch.host_dr6, 6);
        set_debugreg(vcpu->arch.host_dr7, 7);
-        vcpu->guest_mode = 0;
+        set_bit(KVM_REQ_KICK, &vcpu->requests);
        local_irq_enable();
        ++vcpu->stat.exits;
@@ -3220,8 +3315,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                profile_hit(KVM_PROFILING, (void *)rip);
        }
-        if (vcpu->arch.exception.pending && kvm_x86_ops->exception_injected(vcpu))
-                vcpu->arch.exception.pending = false;
        kvm_lapic_sync_from_vapic(vcpu);
@@ -3230,6 +3323,7 @@ out:
        return r;
 }
 static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
        int r;
@@ -3256,29 +3350,42 @@ static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                        kvm_vcpu_block(vcpu);
                        down_read(&vcpu->kvm->slots_lock);
                        if (test_and_clear_bit(KVM_REQ_UNHALT, &vcpu->requests))
-                                if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED)
+                        {
+                                switch(vcpu->arch.mp_state) {
+                                case KVM_MP_STATE_HALTED:
                                        vcpu->arch.mp_state =
-                                                        KVM_MP_STATE_RUNNABLE;
+                                                KVM_MP_STATE_RUNNABLE;
-                        if (vcpu->arch.mp_state != KVM_MP_STATE_RUNNABLE)
+                                case KVM_MP_STATE_RUNNABLE:
-                                r = -EINTR;
+                                        break;
+                                case KVM_MP_STATE_SIPI_RECEIVED:
+                                default:
+                                        r = -EINTR;
+                                        break;
+                                }
+                        }
                }
-                if (r > 0) {
+                if (r <= 0)
-                        if (dm_request_for_irq_injection(vcpu, kvm_run)) {
+                        break;
-                                r = -EINTR;
-                                kvm_run->exit_reason = KVM_EXIT_INTR;
+                clear_bit(KVM_REQ_PENDING_TIMER, &vcpu->requests);
-                                ++vcpu->stat.request_irq_exits;
+                if (kvm_cpu_has_pending_timer(vcpu))
-                        }
+                        kvm_inject_pending_timer_irqs(vcpu);
-                        if (signal_pending(current)) {
-                                r = -EINTR;
+                if (dm_request_for_irq_injection(vcpu, kvm_run)) {
-                                kvm_run->exit_reason = KVM_EXIT_INTR;
+                        r = -EINTR;
-                                ++vcpu->stat.signal_exits;
+                        kvm_run->exit_reason = KVM_EXIT_INTR;
-                        }
+                        ++vcpu->stat.request_irq_exits;
-                        if (need_resched()) {
+                }
-                                up_read(&vcpu->kvm->slots_lock);
+                if (signal_pending(current)) {
-                                kvm_resched(vcpu);
+                        r = -EINTR;
-                                down_read(&vcpu->kvm->slots_lock);
+                        kvm_run->exit_reason = KVM_EXIT_INTR;
-                        }
+                        ++vcpu->stat.signal_exits;
+                }
+                if (need_resched()) {
+                        up_read(&vcpu->kvm->slots_lock);
+                        kvm_resched(vcpu);
+                        down_read(&vcpu->kvm->slots_lock);
                }
        }
@@ -3442,7 +3549,6 @@ int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
                                  struct kvm_sregs *sregs)
 {
        struct descriptor_table dt;
-        int pending_vec;
        vcpu_load(vcpu);
@@ -3472,16 +3578,11 @@ int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
        sregs->efer = vcpu->arch.shadow_efer;
        sregs->apic_base = kvm_get_apic_base(vcpu);
-        if (irqchip_in_kernel(vcpu->kvm)) {
+        memset(sregs->interrupt_bitmap, 0, sizeof sregs->interrupt_bitmap);
-                memset(sregs->interrupt_bitmap, 0,
-                       sizeof sregs->interrupt_bitmap);
+        if (vcpu->arch.interrupt.pending && !vcpu->arch.interrupt.soft)
-                pending_vec = kvm_x86_ops->get_irq(vcpu);
+                set_bit(vcpu->arch.interrupt.nr,
-                if (pending_vec >= 0)
+                        (unsigned long *)sregs->interrupt_bitmap);
-                        set_bit(pending_vec,
-                                (unsigned long *)sregs->interrupt_bitmap);
-        } else
-                memcpy(sregs->interrupt_bitmap, vcpu->arch.irq_pending,
-                       sizeof sregs->interrupt_bitmap);
        vcpu_put(vcpu);
@@ -3688,7 +3789,6 @@ static void save_state_to_tss32(struct kvm_vcpu *vcpu,
        tss->fs = get_segment_selector(vcpu, VCPU_SREG_FS);
        tss->gs = get_segment_selector(vcpu, VCPU_SREG_GS);
        tss->ldt_selector = get_segment_selector(vcpu, VCPU_SREG_LDTR);
-        tss->prev_task_link = get_segment_selector(vcpu, VCPU_SREG_TR);
 }
 static int load_state_from_tss32(struct kvm_vcpu *vcpu,
@@ -3785,8 +3885,8 @@ static int load_state_from_tss16(struct kvm_vcpu *vcpu,
 }
 static int kvm_task_switch_16(struct kvm_vcpu *vcpu, u16 tss_selector,
-                       u32 old_tss_base,
+                              u16 old_tss_sel, u32 old_tss_base,
-                       struct desc_struct *nseg_desc)
+                              struct desc_struct *nseg_desc)
 {
        struct tss_segment_16 tss_segment_16;
        int ret = 0;
@@ -3805,6 +3905,16 @@ static int kvm_task_switch_16(struct kvm_vcpu *vcpu, u16 tss_selector,
                           &tss_segment_16, sizeof tss_segment_16))
                goto out;
+        if (old_tss_sel != 0xffff) {
+                tss_segment_16.prev_task_link = old_tss_sel;
+                if (kvm_write_guest(vcpu->kvm,
+                                    get_tss_base_addr(vcpu, nseg_desc),
+                                    &tss_segment_16.prev_task_link,
+                                    sizeof tss_segment_16.prev_task_link))
+                        goto out;
+        }
        if (load_state_from_tss16(vcpu, &tss_segment_16))
                goto out;
@@ -3814,7 +3924,7 @@ out:
 }
 static int kvm_task_switch_32(struct kvm_vcpu *vcpu, u16 tss_selector,
-                       u32 old_tss_base,
+                       u16 old_tss_sel, u32 old_tss_base,
                       struct desc_struct *nseg_desc)
 {
        struct tss_segment_32 tss_segment_32;
@@ -3834,6 +3944,16 @@ static int kvm_task_switch_32(struct kvm_vcpu *vcpu, u16 tss_selector,
                           &tss_segment_32, sizeof tss_segment_32))
                goto out;
+        if (old_tss_sel != 0xffff) {
+                tss_segment_32.prev_task_link = old_tss_sel;
+                if (kvm_write_guest(vcpu->kvm,
+                                    get_tss_base_addr(vcpu, nseg_desc),
+                                    &tss_segment_32.prev_task_link,
+                                    sizeof tss_segment_32.prev_task_link))
+                        goto out;
+        }
        if (load_state_from_tss32(vcpu, &tss_segment_32))
                goto out;
@@ -3887,14 +4007,22 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
                kvm_x86_ops->set_rflags(vcpu, eflags & ~X86_EFLAGS_NT);
        }
-        kvm_x86_ops->skip_emulated_instruction(vcpu);
+        /* set back link to prev task only if NT bit is set in eflags
+           note that old_tss_sel is not used afetr this point */
+        if (reason != TASK_SWITCH_CALL && reason != TASK_SWITCH_GATE)
+                old_tss_sel = 0xffff;
+        /* set back link to prev task only if NT bit is set in eflags
+           note that old_tss_sel is not used afetr this point */
+        if (reason != TASK_SWITCH_CALL && reason != TASK_SWITCH_GATE)
+                old_tss_sel = 0xffff;
        if (nseg_desc.type & 8)
-                ret = kvm_task_switch_32(vcpu, tss_selector, old_tss_base,
+                ret = kvm_task_switch_32(vcpu, tss_selector, old_tss_sel,
-                                         &nseg_desc);
+                                         old_tss_base, &nseg_desc);
        else
-                ret = kvm_task_switch_16(vcpu, tss_selector, old_tss_base,
+                ret = kvm_task_switch_16(vcpu, tss_selector, old_tss_sel,
-                                         &nseg_desc);
+                                         old_tss_base, &nseg_desc);
        if (reason == TASK_SWITCH_CALL || reason == TASK_SWITCH_GATE) {
                u32 eflags = kvm_x86_ops->get_rflags(vcpu);
@@ -3920,7 +4048,7 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
                                  struct kvm_sregs *sregs)
 {
        int mmu_reset_needed = 0;
-        int i, pending_vec, max_bits;
+        int pending_vec, max_bits;
        struct descriptor_table dt;
        vcpu_load(vcpu);
@@ -3934,7 +4062,13 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
        vcpu->arch.cr2 = sregs->cr2;
        mmu_reset_needed |= vcpu->arch.cr3 != sregs->cr3;
-        vcpu->arch.cr3 = sregs->cr3;
+        down_read(&vcpu->kvm->slots_lock);
+        if (gfn_to_memslot(vcpu->kvm, sregs->cr3 >> PAGE_SHIFT))
+                vcpu->arch.cr3 = sregs->cr3;
+        else
+                set_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests);
+        up_read(&vcpu->kvm->slots_lock);
        kvm_set_cr8(vcpu, sregs->cr8);
@@ -3956,25 +4090,14 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
        if (mmu_reset_needed)
                kvm_mmu_reset_context(vcpu);
-        if (!irqchip_in_kernel(vcpu->kvm)) {
+        max_bits = (sizeof sregs->interrupt_bitmap) << 3;
-                memcpy(vcpu->arch.irq_pending, sregs->interrupt_bitmap,
+        pending_vec = find_first_bit(
-                       sizeof vcpu->arch.irq_pending);
+                (const unsigned long *)sregs->interrupt_bitmap, max_bits);
-                vcpu->arch.irq_summary = 0;
+        if (pending_vec < max_bits) {
-                for (i = 0; i < ARRAY_SIZE(vcpu->arch.irq_pending); ++i)
+                kvm_queue_interrupt(vcpu, pending_vec, false);
-                        if (vcpu->arch.irq_pending[i])
+                pr_debug("Set back pending irq %d\n", pending_vec);
-                                __set_bit(i, &vcpu->arch.irq_summary);
+                if (irqchip_in_kernel(vcpu->kvm))
-        } else {
+                        kvm_pic_clear_isr_ack(vcpu->kvm);
-                max_bits = (sizeof sregs->interrupt_bitmap) << 3;
-                pending_vec = find_first_bit(
-                        (const unsigned long *)sregs->interrupt_bitmap,
-                        max_bits);
-                /* Only pending external irq is handled here */
-                if (pending_vec < max_bits) {
-                        kvm_x86_ops->set_irq(vcpu, pending_vec);
-                        pr_debug("Set back pending irq %d\n",
-                                 pending_vec);
-                }
-                kvm_pic_clear_isr_ack(vcpu->kvm);
        }
        kvm_set_segment(vcpu, &sregs->cs, VCPU_SREG_CS);
@@ -4308,7 +4431,6 @@ struct  kvm *kvm_arch_create_vm(void)
                return ERR_PTR(-ENOMEM);
        INIT_LIST_HEAD(&kvm->arch.active_mmu_pages);
-        INIT_LIST_HEAD(&kvm->arch.oos_global_pages);
        INIT_LIST_HEAD(&kvm->arch.assigned_dev_head);
        /* Reserve bit 0 of irq_sources_bitmap for userspace irq source */
@@ -4411,12 +4533,14 @@ int kvm_arch_set_memory_region(struct kvm *kvm,
                }
        }
+        spin_lock(&kvm->mmu_lock);
        if (!kvm->arch.n_requested_mmu_pages) {
                unsigned int nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm);
                kvm_mmu_change_mmu_pages(kvm, nr_mmu_pages);
        }
        kvm_mmu_slot_remove_write_access(kvm, mem->slot);
+        spin_unlock(&kvm->mmu_lock);
        kvm_flush_remote_tlbs(kvm);
        return 0;
@@ -4425,6 +4549,7 @@ int kvm_arch_set_memory_region(struct kvm *kvm,
 void kvm_arch_flush_shadow(struct kvm *kvm)
 {
        kvm_mmu_zap_all(kvm);
+        kvm_reload_remote_mmus(kvm);
 }
 int kvm_arch_vcpu_runnable(struct kvm_vcpu *vcpu)
@@ -4434,28 +4559,24 @@ int kvm_arch_vcpu_runnable(struct kvm_vcpu *vcpu)
               || vcpu->arch.nmi_pending;
 }
-static void vcpu_kick_intr(void *info)
-{
-#ifdef DEBUG
-        struct kvm_vcpu *vcpu = (struct kvm_vcpu *)info;
-        printk(KERN_DEBUG "vcpu_kick_intr %p \n", vcpu);
-#endif
-}
 void kvm_vcpu_kick(struct kvm_vcpu *vcpu)
 {
-        int ipi_pcpu = vcpu->cpu;
+        int me;
-        int cpu = get_cpu();
+        int cpu = vcpu->cpu;
        if (waitqueue_active(&vcpu->wq)) {
                wake_up_interruptible(&vcpu->wq);
                ++vcpu->stat.halt_wakeup;
        }
-        /*
-         * We may be called synchronously with irqs disabled in guest mode,
+        me = get_cpu();
-         * So need not to call smp_call_function_single() in that case.
+        if (cpu != me && (unsigned)cpu < nr_cpu_ids && cpu_online(cpu))
-         */
+                if (!test_and_set_bit(KVM_REQ_KICK, &vcpu->requests))
-        if (vcpu->guest_mode && vcpu->cpu != cpu)
+                        smp_send_reschedule(cpu);
-                smp_call_function_single(ipi_pcpu, vcpu_kick_intr, vcpu, 0);
        put_cpu();
 }
+int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu)
+{
+        return kvm_x86_ops->interrupt_allowed(vcpu);
+}
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 6a4be78a7384..4c8e10af78e8 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -8,9 +8,11 @@ static inline void kvm_clear_exception_queue(struct kvm_vcpu *vcpu)
        vcpu->arch.exception.pending = false;
 }
-static inline void kvm_queue_interrupt(struct kvm_vcpu *vcpu, u8 vector)
+static inline void kvm_queue_interrupt(struct kvm_vcpu *vcpu, u8 vector,
+        bool soft)
 {
        vcpu->arch.interrupt.pending = true;
+        vcpu->arch.interrupt.soft = soft;
        vcpu->arch.interrupt.nr = vector;
 }
@@ -19,4 +21,14 @@ static inline void kvm_clear_interrupt_queue(struct kvm_vcpu *vcpu)
        vcpu->arch.interrupt.pending = false;
 }
+static inline bool kvm_event_needs_reinjection(struct kvm_vcpu *vcpu)
+{
+        return vcpu->arch.exception.pending || vcpu->arch.interrupt.pending ||
+                vcpu->arch.nmi_injected;
+}
+static inline bool kvm_exception_is_soft(unsigned int nr)
+{
+        return (nr == BP_VECTOR) || (nr == OF_VECTOR);
+}
 #endif
diff --git a/arch/x86/kvm/x86_emulate.c b/arch/x86/kvm/x86_emulate.c
index ca91749d2083..c1b6c232e02b 100644
--- a/arch/x86/kvm/x86_emulate.c
+++ b/arch/x86/kvm/x86_emulate.c
@@ -59,13 +59,14 @@
 #define SrcImm      (5<<4)      /* Immediate operand. */
 #define SrcImmByte  (6<<4)      /* 8-bit sign-extended immediate operand. */
 #define SrcOne      (7<<4)      /* Implied '1' */
-#define SrcMask     (7<<4)
+#define SrcImmUByte (8<<4)      /* 8-bit unsigned immediate operand. */
+#define SrcMask     (0xf<<4)
 /* Generic ModRM decode. */
-#define ModRM       (1<<7)
+#define ModRM       (1<<8)
 /* Destination is only written; never read. */
-#define Mov         (1<<8)
+#define Mov         (1<<9)
-#define BitOp       (1<<9)
+#define BitOp       (1<<10)
-#define MemAbs      (1<<10)      /* Memory operand is absolute displacement */
+#define MemAbs      (1<<11)      /* Memory operand is absolute displacement */
 #define String      (1<<12)     /* String instruction (rep capable) */
 #define Stack       (1<<13)     /* Stack instruction (push/pop) */
 #define Group       (1<<14)     /* Bits 3:5 of modrm byte extend opcode */
@@ -76,6 +77,7 @@
 #define Src2CL      (1<<29)
 #define Src2ImmByte (2<<29)
 #define Src2One     (3<<29)
+#define Src2Imm16   (4<<29)
 #define Src2Mask    (7<<29)
 enum {
@@ -135,11 +137,11 @@ static u32 opcode_table[256] = {
        SrcNone  | ByteOp  | ImplicitOps, SrcNone  | ImplicitOps, /* insb, insw/insd */
        SrcNone  | ByteOp  | ImplicitOps, SrcNone  | ImplicitOps, /* outsb, outsw/outsd */
        /* 0x70 - 0x77 */
-        ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
+        SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
-        ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
+        SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
        /* 0x78 - 0x7F */
-        ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
+        SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
-        ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
+        SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
        /* 0x80 - 0x87 */
        Group | Group1_80, Group | Group1_81,
        Group | Group1_82, Group | Group1_83,
@@ -153,7 +155,8 @@ static u32 opcode_table[256] = {
        /* 0x90 - 0x97 */
        DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
        /* 0x98 - 0x9F */
-        0, 0, 0, 0, ImplicitOps | Stack, ImplicitOps | Stack, 0, 0,
+        0, 0, SrcImm | Src2Imm16, 0,
+        ImplicitOps | Stack, ImplicitOps | Stack, 0, 0,
        /* 0xA0 - 0xA7 */
        ByteOp | DstReg | SrcMem | Mov | MemAbs, DstReg | SrcMem | Mov | MemAbs,
        ByteOp | DstMem | SrcReg | Mov | MemAbs, DstMem | SrcReg | Mov | MemAbs,
@@ -178,7 +181,8 @@ static u32 opcode_table[256] = {
        0, ImplicitOps | Stack, 0, 0,
        ByteOp | DstMem | SrcImm | ModRM | Mov, DstMem | SrcImm | ModRM | Mov,
        /* 0xC8 - 0xCF */
-        0, 0, 0, ImplicitOps | Stack, 0, 0, 0, 0,
+        0, 0, 0, ImplicitOps | Stack,
+        ImplicitOps, SrcImmByte, ImplicitOps, ImplicitOps,
        /* 0xD0 - 0xD7 */
        ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
        ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
@@ -187,11 +191,11 @@ static u32 opcode_table[256] = {
        0, 0, 0, 0, 0, 0, 0, 0,
        /* 0xE0 - 0xE7 */
        0, 0, 0, 0,
-        SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
+        ByteOp | SrcImmUByte, SrcImmUByte,
-        SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
+        ByteOp | SrcImmUByte, SrcImmUByte,
        /* 0xE8 - 0xEF */
-        ImplicitOps | Stack, SrcImm | ImplicitOps,
+        SrcImm | Stack, SrcImm | ImplicitOps,
-        ImplicitOps, SrcImmByte | ImplicitOps,
+        SrcImm | Src2Imm16, SrcImmByte | ImplicitOps,
        SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
        SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
        /* 0xF0 - 0xF7 */
@@ -230,10 +234,8 @@ static u32 twobyte_table[256] = {
        /* 0x70 - 0x7F */
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        /* 0x80 - 0x8F */
-        ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
+        SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm,
-        ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
+        SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm,
-        ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
-        ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
        /* 0x90 - 0x9F */
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        /* 0xA0 - 0xA7 */
@@ -1044,10 +1046,14 @@ done_prefixes:
                }
                break;
        case SrcImmByte:
+        case SrcImmUByte:
                c->src.type = OP_IMM;
                c->src.ptr = (unsigned long *)c->eip;
                c->src.bytes = 1;
-                c->src.val = insn_fetch(s8, 1, c->eip);
+                if ((c->d & SrcMask) == SrcImmByte)
+                        c->src.val = insn_fetch(s8, 1, c->eip);
+                else
+                        c->src.val = insn_fetch(u8, 1, c->eip);
                break;
        case SrcOne:
                c->src.bytes = 1;
@@ -1072,6 +1078,12 @@ done_prefixes:
                c->src2.bytes = 1;
                c->src2.val = insn_fetch(u8, 1, c->eip);
                break;
+        case Src2Imm16:
+                c->src2.type = OP_IMM;
+                c->src2.ptr = (unsigned long *)c->eip;
+                c->src2.bytes = 2;
+                c->src2.val = insn_fetch(u16, 2, c->eip);
+                break;
        case Src2One:
                c->src2.bytes = 1;
                c->src2.val = 1;
@@ -1349,6 +1361,20 @@ static inline int writeback(struct x86_emulate_ctxt *ctxt,
        return 0;
 }
+void toggle_interruptibility(struct x86_emulate_ctxt *ctxt, u32 mask)
+{
+        u32 int_shadow = kvm_x86_ops->get_interrupt_shadow(ctxt->vcpu, mask);
+        /*
+         * an sti; sti; sequence only disable interrupts for the first
+         * instruction. So, if the last instruction, be it emulated or
+         * not, left the system with the INT_STI flag enabled, it
+         * means that the last instruction is an sti. We should not
+         * leave the flag on in this case. The same goes for mov ss
+         */
+        if (!(int_shadow & mask))
+                ctxt->interruptibility = mask;
+}
 int
 x86_emulate_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
 {
@@ -1360,6 +1386,8 @@ x86_emulate_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
        int io_dir_in;
        int rc = 0;
+        ctxt->interruptibility = 0;
        /* Shadow copy of register state. Committed on successful emulation.
         * NOTE: we can copy them from vcpu as x86_decode_insn() doesn't
         * modify them.
@@ -1531,13 +1559,10 @@ special_insn:
                        return -1;
                }
                return 0;
-        case 0x70 ... 0x7f: /* jcc (short) */ {
+        case 0x70 ... 0x7f: /* jcc (short) */
-                int rel = insn_fetch(s8, 1, c->eip);
                if (test_cc(c->b, ctxt->eflags))
-                        jmp_rel(c, rel);
+                        jmp_rel(c, c->src.val);
                break;
-        }
        case 0x80 ... 0x83:     /* Grp1 */
                switch (c->modrm_reg) {
                case 0:
@@ -1609,6 +1634,9 @@ special_insn:
                int err;
                sel = c->src.val;
+                if (c->modrm_reg == VCPU_SREG_SS)
+                        toggle_interruptibility(ctxt, X86_SHADOW_INT_MOV_SS);
                if (c->modrm_reg <= 5) {
                        type_bits = (c->modrm_reg == 1) ? 9 : 1;
                        err = kvm_load_segment_descriptor(ctxt->vcpu, sel,
@@ -1769,59 +1797,32 @@ special_insn:
                break;
        case 0xe4:      /* inb */
        case 0xe5:      /* in */
-                port = insn_fetch(u8, 1, c->eip);
+                port = c->src.val;
                io_dir_in = 1;
                goto do_io;
        case 0xe6: /* outb */
        case 0xe7: /* out */
-                port = insn_fetch(u8, 1, c->eip);
+                port = c->src.val;
                io_dir_in = 0;
                goto do_io;
        case 0xe8: /* call (near) */ {
-                long int rel;
+                long int rel = c->src.val;
-                switch (c->op_bytes) {
-                case 2:
-                        rel = insn_fetch(s16, 2, c->eip);
-                        break;
-                case 4:
-                        rel = insn_fetch(s32, 4, c->eip);
-                        break;
-                default:
-                        DPRINTF("Call: Invalid op_bytes\n");
-                        goto cannot_emulate;
-                }
                c->src.val = (unsigned long) c->eip;
                jmp_rel(c, rel);
-                c->op_bytes = c->ad_bytes;
                emulate_push(ctxt);
                break;
        }
        case 0xe9: /* jmp rel */
                goto jmp;
-        case 0xea: /* jmp far */ {
+        case 0xea: /* jmp far */
-                uint32_t eip;
+                if (kvm_load_segment_descriptor(ctxt->vcpu, c->src2.val, 9,
-                uint16_t sel;
+                                        VCPU_SREG_CS) < 0) {
-                switch (c->op_bytes) {
-                case 2:
-                        eip = insn_fetch(u16, 2, c->eip);
-                        break;
-                case 4:
-                        eip = insn_fetch(u32, 4, c->eip);
-                        break;
-                default:
-                        DPRINTF("jmp far: Invalid op_bytes\n");
-                        goto cannot_emulate;
-                }
-                sel = insn_fetch(u16, 2, c->eip);
-                if (kvm_load_segment_descriptor(ctxt->vcpu, sel, 9, VCPU_SREG_CS) < 0) {
                        DPRINTF("jmp far: Failed to load CS descriptor\n");
                        goto cannot_emulate;
                }
-                c->eip = eip;
+                c->eip = c->src.val;
                break;
-        }
        case 0xeb:
              jmp:              /* jmp rel short */
                jmp_rel(c, c->src.val);
@@ -1865,6 +1866,7 @@ special_insn:
                c->dst.type = OP_NONE;  /* Disable writeback. */
                break;
        case 0xfb: /* sti */
+                toggle_interruptibility(ctxt, X86_SHADOW_INT_STI);
                ctxt->eflags |= X86_EFLAGS_IF;
                c->dst.type = OP_NONE;  /* Disable writeback. */
                break;
@@ -2039,28 +2041,11 @@ twobyte_insn:
                if (!test_cc(c->b, ctxt->eflags))
                        c->dst.type = OP_NONE; /* no writeback */
                break;
-        case 0x80 ... 0x8f: /* jnz rel, etc*/ {
+        case 0x80 ... 0x8f: /* jnz rel, etc*/
-                long int rel;
-                switch (c->op_bytes) {
-                case 2:
-                        rel = insn_fetch(s16, 2, c->eip);
-                        break;
-                case 4:
-                        rel = insn_fetch(s32, 4, c->eip);
-                        break;
-                case 8:
-                        rel = insn_fetch(s64, 8, c->eip);
-                        break;
-                default:
-                        DPRINTF("jnz: Invalid op_bytes\n");
-                        goto cannot_emulate;
-                }
                if (test_cc(c->b, ctxt->eflags))
-                        jmp_rel(c, rel);
+                        jmp_rel(c, c->src.val);
                c->dst.type = OP_NONE;
                break;
-        }
        case 0xa3:
              bt:               /* bt */
                c->dst.type = OP_NONE;
diff --git a/arch/x86/lguest/Kconfig b/arch/x86/lguest/Kconfig
index 8dab8f7844d3..38718041efc3 100644
--- a/arch/x86/lguest/Kconfig
+++ b/arch/x86/lguest/Kconfig
@@ -2,7 +2,6 @@ config LGUEST_GUEST
        bool "Lguest guest support"
        select PARAVIRT
        depends on X86_32
-        depends on !X86_PAE
        select VIRTIO
        select VIRTIO_RING
        select VIRTIO_CONSOLE
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index 4e0c26559395..7bc65f0f62c4 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -87,7 +87,7 @@ struct lguest_data lguest_data = {
 /*G:037 async_hcall() is pretty simple: I'm quite proud of it really.  We have a
 * ring buffer of stored hypercalls which the Host will run though next time we
- * do a normal hypercall.  Each entry in the ring has 4 slots for the hypercall
+ * do a normal hypercall.  Each entry in the ring has 5 slots for the hypercall
 * arguments, and a "hcall_status" word which is 0 if the call is ready to go,
 * and 255 once the Host has finished with it.
 *
@@ -96,7 +96,8 @@ struct lguest_data lguest_data = {
 * effect of causing the Host to run all the stored calls in the ring buffer
 * which empties it for next time! */
 static void async_hcall(unsigned long call, unsigned long arg1,
-                        unsigned long arg2, unsigned long arg3)
+                        unsigned long arg2, unsigned long arg3,
+                        unsigned long arg4)
 {
        /* Note: This code assumes we're uniprocessor. */
        static unsigned int next_call;
@@ -108,12 +109,13 @@ static void async_hcall(unsigned long call, unsigned long arg1,
        local_irq_save(flags);
        if (lguest_data.hcall_status[next_call] != 0xFF) {
                /* Table full, so do normal hcall which will flush table. */
-                kvm_hypercall3(call, arg1, arg2, arg3);
+                kvm_hypercall4(call, arg1, arg2, arg3, arg4);
        } else {
                lguest_data.hcalls[next_call].arg0 = call;
                lguest_data.hcalls[next_call].arg1 = arg1;
                lguest_data.hcalls[next_call].arg2 = arg2;
                lguest_data.hcalls[next_call].arg3 = arg3;
+                lguest_data.hcalls[next_call].arg4 = arg4;
                /* Arguments must all be written before we mark it to go */
                wmb();
                lguest_data.hcall_status[next_call] = 0;
@@ -141,7 +143,7 @@ static void lazy_hcall1(unsigned long call,
        if (paravirt_get_lazy_mode() == PARAVIRT_LAZY_NONE)
                kvm_hypercall1(call, arg1);
        else
-                async_hcall(call, arg1, 0, 0);
+                async_hcall(call, arg1, 0, 0, 0);
 }
 static void lazy_hcall2(unsigned long call,
@@ -151,7 +153,7 @@ static void lazy_hcall2(unsigned long call,
        if (paravirt_get_lazy_mode() == PARAVIRT_LAZY_NONE)
                kvm_hypercall2(call, arg1, arg2);
        else
-                async_hcall(call, arg1, arg2, 0);
+                async_hcall(call, arg1, arg2, 0, 0);
 }
 static void lazy_hcall3(unsigned long call,
@@ -162,9 +164,23 @@ static void lazy_hcall3(unsigned long call,
        if (paravirt_get_lazy_mode() == PARAVIRT_LAZY_NONE)
                kvm_hypercall3(call, arg1, arg2, arg3);
        else
-                async_hcall(call, arg1, arg2, arg3);
+                async_hcall(call, arg1, arg2, arg3, 0);
 }
+#ifdef CONFIG_X86_PAE
+static void lazy_hcall4(unsigned long call,
+                       unsigned long arg1,
+                       unsigned long arg2,
+                       unsigned long arg3,
+                       unsigned long arg4)
+{
+        if (paravirt_get_lazy_mode() == PARAVIRT_LAZY_NONE)
+                kvm_hypercall4(call, arg1, arg2, arg3, arg4);
+        else
+                async_hcall(call, arg1, arg2, arg3, arg4);
+}
+#endif
 /* When lazy mode is turned off reset the per-cpu lazy mode variable and then
 * issue the do-nothing hypercall to flush any stored calls. */
 static void lguest_leave_lazy_mmu_mode(void)
@@ -179,7 +195,7 @@ static void lguest_end_context_switch(struct task_struct *next)
        paravirt_end_context_switch(next);
 }
-/*G:033
+/*G:032
 * After that diversion we return to our first native-instruction
 * replacements: four functions for interrupt control.
 *
@@ -199,30 +215,28 @@ static unsigned long save_fl(void)
 {
        return lguest_data.irq_enabled;
 }
-PV_CALLEE_SAVE_REGS_THUNK(save_fl);
-/* restore_flags() just sets the flags back to the value given. */
-static void restore_fl(unsigned long flags)
-{
-        lguest_data.irq_enabled = flags;
-}
-PV_CALLEE_SAVE_REGS_THUNK(restore_fl);
 /* Interrupts go off... */
 static void irq_disable(void)
 {
        lguest_data.irq_enabled = 0;
 }
+/* Let's pause a moment.  Remember how I said these are called so often?
+ * Jeremy Fitzhardinge optimized them so hard early in 2009 that he had to
+ * break some rules.  In particular, these functions are assumed to save their
+ * own registers if they need to: normal C functions assume they can trash the
+ * eax register.  To use normal C functions, we use
+ * PV_CALLEE_SAVE_REGS_THUNK(), which pushes %eax onto the stack, calls the
+ * C function, then restores it. */
+PV_CALLEE_SAVE_REGS_THUNK(save_fl);
 PV_CALLEE_SAVE_REGS_THUNK(irq_disable);
+/*:*/
-/* Interrupts go on... */
+/* These are in i386_head.S */
-static void irq_enable(void)
+extern void lg_irq_enable(void);
-{
+extern void lg_restore_fl(unsigned long flags);
-        lguest_data.irq_enabled = X86_EFLAGS_IF;
-}
-PV_CALLEE_SAVE_REGS_THUNK(irq_enable);
-/*:*/
 /*M:003 Note that we don't check for outstanding interrupts when we re-enable
 * them (or when we unmask an interrupt).  This seems to work for the moment,
 * since interrupts are rare and we'll just get the interrupt on the next timer
@@ -368,8 +382,8 @@ static void lguest_cpuid(unsigned int *ax, unsigned int *bx,
        case 1: /* Basic feature request. */
                /* We only allow kernel to see SSE3, CMPXCHG16B and SSSE3 */
                *cx &= 0x00002201;
-                /* SSE, SSE2, FXSR, MMX, CMOV, CMPXCHG8B, TSC, FPU. */
+                /* SSE, SSE2, FXSR, MMX, CMOV, CMPXCHG8B, TSC, FPU, PAE. */
-                *dx &= 0x07808111;
+                *dx &= 0x07808151;
                /* The Host can do a nice optimization if it knows that the
                 * kernel mappings (addresses above 0xC0000000 or whatever
                 * PAGE_OFFSET is set to) haven't changed.  But Linux calls
@@ -388,6 +402,11 @@ static void lguest_cpuid(unsigned int *ax, unsigned int *bx,
                if (*ax > 0x80000008)
                        *ax = 0x80000008;
                break;
+        case 0x80000001:
+                /* Here we should fix nx cap depending on host. */
+                /* For this version of PAE, we just clear NX bit. */
+                *dx &= ~(1 << 20);
+                break;
        }
 }
@@ -521,25 +540,52 @@ static void lguest_write_cr4(unsigned long val)
 static void lguest_pte_update(struct mm_struct *mm, unsigned long addr,
                               pte_t *ptep)
 {
+#ifdef CONFIG_X86_PAE
+        lazy_hcall4(LHCALL_SET_PTE, __pa(mm->pgd), addr,
+                    ptep->pte_low, ptep->pte_high);
+#else
        lazy_hcall3(LHCALL_SET_PTE, __pa(mm->pgd), addr, ptep->pte_low);
+#endif
 }
 static void lguest_set_pte_at(struct mm_struct *mm, unsigned long addr,
                              pte_t *ptep, pte_t pteval)
 {
-        *ptep = pteval;
+        native_set_pte(ptep, pteval);
        lguest_pte_update(mm, addr, ptep);
 }
-/* The Guest calls this to set a top-level entry.  Again, we set the entry then
+/* The Guest calls lguest_set_pud to set a top-level entry and lguest_set_pmd
- * tell the Host which top-level page we changed, and the index of the entry we
+ * to set a middle-level entry when PAE is activated.
- * changed. */
+ * Again, we set the entry then tell the Host which page we changed,
+ * and the index of the entry we changed. */
+#ifdef CONFIG_X86_PAE
+static void lguest_set_pud(pud_t *pudp, pud_t pudval)
+{
+        native_set_pud(pudp, pudval);
+        /* 32 bytes aligned pdpt address and the index. */
+        lazy_hcall2(LHCALL_SET_PGD, __pa(pudp) & 0xFFFFFFE0,
+                   (__pa(pudp) & 0x1F) / sizeof(pud_t));
+}
 static void lguest_set_pmd(pmd_t *pmdp, pmd_t pmdval)
 {
-        *pmdp = pmdval;
+        native_set_pmd(pmdp, pmdval);
        lazy_hcall2(LHCALL_SET_PMD, __pa(pmdp) & PAGE_MASK,
-                   (__pa(pmdp) & (PAGE_SIZE - 1)) / 4);
+                   (__pa(pmdp) & (PAGE_SIZE - 1)) / sizeof(pmd_t));
 }
+#else
+/* The Guest calls lguest_set_pmd to set a top-level entry when PAE is not
+ * activated. */
+static void lguest_set_pmd(pmd_t *pmdp, pmd_t pmdval)
+{
+        native_set_pmd(pmdp, pmdval);
+        lazy_hcall2(LHCALL_SET_PGD, __pa(pmdp) & PAGE_MASK,
+                   (__pa(pmdp) & (PAGE_SIZE - 1)) / sizeof(pmd_t));
+}
+#endif
 /* There are a couple of legacy places where the kernel sets a PTE, but we
 * don't know the top level any more.  This is useless for us, since we don't
@@ -552,11 +598,31 @@ static void lguest_set_pmd(pmd_t *pmdp, pmd_t pmdval)
 * which brings boot back to 0.25 seconds. */
 static void lguest_set_pte(pte_t *ptep, pte_t pteval)
 {
-        *ptep = pteval;
+        native_set_pte(ptep, pteval);
+        if (cr3_changed)
+                lazy_hcall1(LHCALL_FLUSH_TLB, 1);
+}
+#ifdef CONFIG_X86_PAE
+static void lguest_set_pte_atomic(pte_t *ptep, pte_t pte)
+{
+        native_set_pte_atomic(ptep, pte);
        if (cr3_changed)
                lazy_hcall1(LHCALL_FLUSH_TLB, 1);
 }
+void lguest_pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
+{
+        native_pte_clear(mm, addr, ptep);
+        lguest_pte_update(mm, addr, ptep);
+}
+void lguest_pmd_clear(pmd_t *pmdp)
+{
+        lguest_set_pmd(pmdp, __pmd(0));
+}
+#endif
 /* Unfortunately for Lguest, the pv_mmu_ops for page tables were based on
 * native page table operations.  On native hardware you can set a new page
 * table entry whenever you want, but if you want to remove one you have to do
@@ -628,13 +694,12 @@ static void __init lguest_init_IRQ(void)
 {
        unsigned int i;
-        for (i = 0; i < LGUEST_IRQS; i++) {
+        for (i = FIRST_EXTERNAL_VECTOR; i < NR_VECTORS; i++) {
-                int vector = FIRST_EXTERNAL_VECTOR + i;
                /* Some systems map "vectors" to interrupts weirdly.  Lguest has
                 * a straightforward 1 to 1 mapping, so force that here. */
-                __get_cpu_var(vector_irq)[vector] = i;
+                __get_cpu_var(vector_irq)[i] = i - FIRST_EXTERNAL_VECTOR;
-                if (vector != SYSCALL_VECTOR)
+                if (i != SYSCALL_VECTOR)
-                        set_intr_gate(vector, interrupt[i]);
+                        set_intr_gate(i, interrupt[i - FIRST_EXTERNAL_VECTOR]);
        }
        /* This call is required to set up for 4k stacks, where we have
         * separate stacks for hard and soft interrupts. */
@@ -973,10 +1038,10 @@ static void lguest_restart(char *reason)
 *
 * Our current solution is to allow the paravirt back end to optionally patch
 * over the indirect calls to replace them with something more efficient.  We
- * patch the four most commonly called functions: disable interrupts, enable
+ * patch two of the simplest of the most commonly called functions: disable
- * interrupts, restore interrupts and save interrupts.  We usually have 6 or 10
+ * interrupts and save interrupts.  We usually have 6 or 10 bytes to patch
- * bytes to patch into: the Guest versions of these operations are small enough
+ * into: the Guest versions of these operations are small enough that we can
- * that we can fit comfortably.
+ * fit comfortably.
 *
 * First we need assembly templates of each of the patchable Guest operations,
 * and these are in i386_head.S. */
@@ -987,8 +1052,6 @@ static const struct lguest_insns
        const char *start, *end;
 } lguest_insns[] = {
        [PARAVIRT_PATCH(pv_irq_ops.irq_disable)] = { lgstart_cli, lgend_cli },
-        [PARAVIRT_PATCH(pv_irq_ops.irq_enable)] = { lgstart_sti, lgend_sti },
-        [PARAVIRT_PATCH(pv_irq_ops.restore_fl)] = { lgstart_popf, lgend_popf },
        [PARAVIRT_PATCH(pv_irq_ops.save_fl)] = { lgstart_pushf, lgend_pushf },
 };
@@ -1026,6 +1089,7 @@ __init void lguest_init(void)
        pv_info.name = "lguest";
        pv_info.paravirt_enabled = 1;
        pv_info.kernel_rpl = 1;
+        pv_info.shared_kernel_pmd = 1;
        /* We set up all the lguest overrides for sensitive operations.  These
         * are detailed with the operations themselves. */
@@ -1033,9 +1097,9 @@ __init void lguest_init(void)
        /* interrupt-related operations */
        pv_irq_ops.init_IRQ = lguest_init_IRQ;
        pv_irq_ops.save_fl = PV_CALLEE_SAVE(save_fl);
-        pv_irq_ops.restore_fl = PV_CALLEE_SAVE(restore_fl);
+        pv_irq_ops.restore_fl = __PV_IS_CALLEE_SAVE(lg_restore_fl);
        pv_irq_ops.irq_disable = PV_CALLEE_SAVE(irq_disable);
-        pv_irq_ops.irq_enable = PV_CALLEE_SAVE(irq_enable);
+        pv_irq_ops.irq_enable = __PV_IS_CALLEE_SAVE(lg_irq_enable);
        pv_irq_ops.safe_halt = lguest_safe_halt;
        /* init-time operations */
@@ -1071,6 +1135,12 @@ __init void lguest_init(void)
        pv_mmu_ops.set_pte = lguest_set_pte;
        pv_mmu_ops.set_pte_at = lguest_set_pte_at;
        pv_mmu_ops.set_pmd = lguest_set_pmd;
+#ifdef CONFIG_X86_PAE
+        pv_mmu_ops.set_pte_atomic = lguest_set_pte_atomic;
+        pv_mmu_ops.pte_clear = lguest_pte_clear;
+        pv_mmu_ops.pmd_clear = lguest_pmd_clear;
+        pv_mmu_ops.set_pud = lguest_set_pud;
+#endif
        pv_mmu_ops.read_cr2 = lguest_read_cr2;
        pv_mmu_ops.read_cr3 = lguest_read_cr3;
        pv_mmu_ops.lazy_mode.enter = paravirt_enter_lazy_mmu;
diff --git a/arch/x86/lguest/i386_head.S b/arch/x86/lguest/i386_head.S
index f79541989471..a9c8cfe61cd4 100644
--- a/arch/x86/lguest/i386_head.S
+++ b/arch/x86/lguest/i386_head.S
@@ -46,10 +46,64 @@ ENTRY(lguest_entry)
        .globl lgstart_##name; .globl lgend_##name
 LGUEST_PATCH(cli, movl $0, lguest_data+LGUEST_DATA_irq_enabled)
-LGUEST_PATCH(sti, movl $X86_EFLAGS_IF, lguest_data+LGUEST_DATA_irq_enabled)
-LGUEST_PATCH(popf, movl %eax, lguest_data+LGUEST_DATA_irq_enabled)
 LGUEST_PATCH(pushf, movl lguest_data+LGUEST_DATA_irq_enabled, %eax)
-/*:*/
+/*G:033 But using those wrappers is inefficient (we'll see why that doesn't
+ * matter for save_fl and irq_disable later).  If we write our routines
+ * carefully in assembler, we can avoid clobbering any registers and avoid
+ * jumping through the wrapper functions.
+ *
+ * I skipped over our first piece of assembler, but this one is worth studying
+ * in a bit more detail so I'll describe in easy stages.  First, the routine
+ * to enable interrupts: */
+ENTRY(lg_irq_enable)
+        /* The reverse of irq_disable, this sets lguest_data.irq_enabled to
+         * X86_EFLAGS_IF (ie. "Interrupts enabled"). */
+        movl $X86_EFLAGS_IF, lguest_data+LGUEST_DATA_irq_enabled
+        /* But now we need to check if the Host wants to know: there might have
+         * been interrupts waiting to be delivered, in which case it will have
+         * set lguest_data.irq_pending to X86_EFLAGS_IF.  If it's not zero, we
+         * jump to send_interrupts, otherwise we're done. */
+        testl $0, lguest_data+LGUEST_DATA_irq_pending
+        jnz send_interrupts
+        /* One cool thing about x86 is that you can do many things without using
+         * a register.  In this case, the normal path hasn't needed to save or
+         * restore any registers at all! */
+        ret
+send_interrupts:
+        /* OK, now we need a register: eax is used for the hypercall number,
+         * which is LHCALL_SEND_INTERRUPTS.
+         *
+         * We used not to bother with this pending detection at all, which was
+         * much simpler.  Sooner or later the Host would realize it had to
+         * send us an interrupt.  But that turns out to make performance 7
+         * times worse on a simple tcp benchmark.  So now we do this the hard
+         * way. */
+        pushl %eax
+        movl $LHCALL_SEND_INTERRUPTS, %eax
+        /* This is a vmcall instruction (same thing that KVM uses).  Older
+         * assembler versions might not know the "vmcall" instruction, so we
+         * create one manually here. */
+        .byte 0x0f,0x01,0xc1 /* KVM_HYPERCALL */
+        popl %eax
+        ret
+/* Finally, the "popf" or "restore flags" routine.  The %eax register holds the
+ * flags (in practice, either X86_EFLAGS_IF or 0): if it's X86_EFLAGS_IF we're
+ * enabling interrupts again, if it's 0 we're leaving them off. */
+ENTRY(lg_restore_fl)
+        /* This is just "lguest_data.irq_enabled = flags;" */
+        movl %eax, lguest_data+LGUEST_DATA_irq_enabled
+        /* Now, if the %eax value has enabled interrupts and
+         * lguest_data.irq_pending is set, we want to tell the Host so it can
+         * deliver any outstanding interrupts.  Fortunately, both values will
+         * be X86_EFLAGS_IF (ie. 512) in that case, and the "testl"
+         * instruction will AND them together for us.  If both are set, we
+         * jump to send_interrupts. */
+        testl lguest_data+LGUEST_DATA_irq_pending, %eax
+        jnz send_interrupts
+        /* Again, the normal path has used no extra registers.  Clever, huh? */
+        ret
 /* These demark the EIP range where host should never deliver interrupts. */
 .global lguest_noirq_start
diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
index 55e11aa6d66c..f9d35632666b 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -2,7 +2,7 @@
 # Makefile for x86 specific library files.
 #
-obj-$(CONFIG_SMP) := msr-on-cpu.o
+obj-$(CONFIG_SMP) := msr.o
 lib-y := delay.o
 lib-y += thunk_$(BITS).o
diff --git a/arch/x86/lib/msr-on-cpu.c b/arch/x86/lib/msr-on-cpu.c
deleted file mode 100644
index 321cf720dbb6..000000000000
--- a/arch/x86/lib/msr-on-cpu.c
+++ /dev/null
@@ -1,97 +0,0 @@
-#include <linux/module.h>
-#include <linux/preempt.h>
-#include <linux/smp.h>
-#include <asm/msr.h>
-struct msr_info {
-        u32 msr_no;
-        u32 l, h;
-        int err;
-};
-static void __rdmsr_on_cpu(void *info)
-{
-        struct msr_info *rv = info;
-        rdmsr(rv->msr_no, rv->l, rv->h);
-}
-static void __wrmsr_on_cpu(void *info)
-{
-        struct msr_info *rv = info;
-        wrmsr(rv->msr_no, rv->l, rv->h);
-}
-int rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
-{
-        int err;
-        struct msr_info rv;
-        rv.msr_no = msr_no;
-        err = smp_call_function_single(cpu, __rdmsr_on_cpu, &rv, 1);
-        *l = rv.l;
-        *h = rv.h;
-        return err;
-}
-int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
-{
-        int err;
-        struct msr_info rv;
-        rv.msr_no = msr_no;
-        rv.l = l;
-        rv.h = h;
-        err = smp_call_function_single(cpu, __wrmsr_on_cpu, &rv, 1);
-        return err;
-}
-/* These "safe" variants are slower and should be used when the target MSR
-   may not actually exist. */
-static void __rdmsr_safe_on_cpu(void *info)
-{
-        struct msr_info *rv = info;
-        rv->err = rdmsr_safe(rv->msr_no, &rv->l, &rv->h);
-}
-static void __wrmsr_safe_on_cpu(void *info)
-{
-        struct msr_info *rv = info;
-        rv->err = wrmsr_safe(rv->msr_no, rv->l, rv->h);
-}
-int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
-{
-        int err;
-        struct msr_info rv;
-        rv.msr_no = msr_no;
-        err = smp_call_function_single(cpu, __rdmsr_safe_on_cpu, &rv, 1);
-        *l = rv.l;
-        *h = rv.h;
-        return err ? err : rv.err;
-}
-int wrmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
-{
-        int err;
-        struct msr_info rv;
-        rv.msr_no = msr_no;
-        rv.l = l;
-        rv.h = h;
-        err = smp_call_function_single(cpu, __wrmsr_safe_on_cpu, &rv, 1);
-        return err ? err : rv.err;
-}
-EXPORT_SYMBOL(rdmsr_on_cpu);
-EXPORT_SYMBOL(wrmsr_on_cpu);
-EXPORT_SYMBOL(rdmsr_safe_on_cpu);
-EXPORT_SYMBOL(wrmsr_safe_on_cpu);
diff --git a/arch/x86/lib/msr.c b/arch/x86/lib/msr.c
new file mode 100644
index 000000000000..1440b9c0547e
--- /dev/null
+++ b/arch/x86/lib/msr.c
@@ -0,0 +1,183 @@
+#include <linux/module.h>
+#include <linux/preempt.h>
+#include <linux/smp.h>
+#include <asm/msr.h>
+struct msr_info {
+        u32 msr_no;
+        struct msr reg;
+        struct msr *msrs;
+        int off;
+        int err;
+};
+static void __rdmsr_on_cpu(void *info)
+{
+        struct msr_info *rv = info;
+        struct msr *reg;
+        int this_cpu = raw_smp_processor_id();
+        if (rv->msrs)
+                reg = &rv->msrs[this_cpu - rv->off];
+        else
+                reg = &rv->reg;
+        rdmsr(rv->msr_no, reg->l, reg->h);
+}
+static void __wrmsr_on_cpu(void *info)
+{
+        struct msr_info *rv = info;
+        struct msr *reg;
+        int this_cpu = raw_smp_processor_id();
+        if (rv->msrs)
+                reg = &rv->msrs[this_cpu - rv->off];
+        else
+                reg = &rv->reg;
+        wrmsr(rv->msr_no, reg->l, reg->h);
+}
+int rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
+{
+        int err;
+        struct msr_info rv;
+        memset(&rv, 0, sizeof(rv));
+        rv.msr_no = msr_no;
+        err = smp_call_function_single(cpu, __rdmsr_on_cpu, &rv, 1);
+        *l = rv.reg.l;
+        *h = rv.reg.h;
+        return err;
+}
+EXPORT_SYMBOL(rdmsr_on_cpu);
+int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
+{
+        int err;
+        struct msr_info rv;
+        memset(&rv, 0, sizeof(rv));
+        rv.msr_no = msr_no;
+        rv.reg.l = l;
+        rv.reg.h = h;
+        err = smp_call_function_single(cpu, __wrmsr_on_cpu, &rv, 1);
+        return err;
+}
+EXPORT_SYMBOL(wrmsr_on_cpu);
+/* rdmsr on a bunch of CPUs
+ *
+ * @mask:       which CPUs
+ * @msr_no:     which MSR
+ * @msrs:       array of MSR values
+ *
+ */
+void rdmsr_on_cpus(const cpumask_t *mask, u32 msr_no, struct msr *msrs)
+{
+        struct msr_info rv;
+        int this_cpu;
+        memset(&rv, 0, sizeof(rv));
+        rv.off    = cpumask_first(mask);
+        rv.msrs   = msrs;
+        rv.msr_no = msr_no;
+        preempt_disable();
+        /*
+         * FIXME: handle the CPU we're executing on separately for now until
+         * smp_call_function_many has been fixed to not skip it.
+         */
+        this_cpu = raw_smp_processor_id();
+        smp_call_function_single(this_cpu, __rdmsr_on_cpu, &rv, 1);
+        smp_call_function_many(mask, __rdmsr_on_cpu, &rv, 1);
+        preempt_enable();
+}
+EXPORT_SYMBOL(rdmsr_on_cpus);
+/*
+ * wrmsr on a bunch of CPUs
+ *
+ * @mask:       which CPUs
+ * @msr_no:     which MSR
+ * @msrs:       array of MSR values
+ *
+ */
+void wrmsr_on_cpus(const cpumask_t *mask, u32 msr_no, struct msr *msrs)
+{
+        struct msr_info rv;
+        int this_cpu;
+        memset(&rv, 0, sizeof(rv));
+        rv.off    = cpumask_first(mask);
+        rv.msrs   = msrs;
+        rv.msr_no = msr_no;
+        preempt_disable();
+        /*
+         * FIXME: handle the CPU we're executing on separately for now until
+         * smp_call_function_many has been fixed to not skip it.
+         */
+        this_cpu = raw_smp_processor_id();
+        smp_call_function_single(this_cpu, __wrmsr_on_cpu, &rv, 1);
+        smp_call_function_many(mask, __wrmsr_on_cpu, &rv, 1);
+        preempt_enable();
+}
+EXPORT_SYMBOL(wrmsr_on_cpus);
+/* These "safe" variants are slower and should be used when the target MSR
+   may not actually exist. */
+static void __rdmsr_safe_on_cpu(void *info)
+{
+        struct msr_info *rv = info;
+        rv->err = rdmsr_safe(rv->msr_no, &rv->reg.l, &rv->reg.h);
+}
+static void __wrmsr_safe_on_cpu(void *info)
+{
+        struct msr_info *rv = info;
+        rv->err = wrmsr_safe(rv->msr_no, rv->reg.l, rv->reg.h);
+}
+int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
+{
+        int err;
+        struct msr_info rv;
+        memset(&rv, 0, sizeof(rv));
+        rv.msr_no = msr_no;
+        err = smp_call_function_single(cpu, __rdmsr_safe_on_cpu, &rv, 1);
+        *l = rv.reg.l;
+        *h = rv.reg.h;
+        return err ? err : rv.err;
+}
+EXPORT_SYMBOL(rdmsr_safe_on_cpu);
+int wrmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
+{
+        int err;
+        struct msr_info rv;
+        memset(&rv, 0, sizeof(rv));
+        rv.msr_no = msr_no;
+        rv.reg.l = l;
+        rv.reg.h = h;
+        err = smp_call_function_single(cpu, __wrmsr_safe_on_cpu, &rv, 1);
+        return err ? err : rv.err;
+}
+EXPORT_SYMBOL(wrmsr_safe_on_cpu);
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index fdd30d08ab52..eefdeee8a871 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -10,6 +10,8 @@ obj-$(CONFIG_X86_PTDUMP)	+= dump_pagetables.o
 obj-$(CONFIG_HIGHMEM)           += highmem_32.o
+obj-$(CONFIG_KMEMCHECK)         += kmemcheck/
 obj-$(CONFIG_MMIOTRACE)         += mmiotrace.o
 mmiotrace-y                     := kmmio.o pf_in.o mmio-mod.o
 obj-$(CONFIG_MMIOTRACE_TEST)    += testmmiotrace.o
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index c6acc6326374..baa0e86adfbc 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -14,6 +14,7 @@
 #include <asm/traps.h>                  /* dotraplinkage, ...           */
 #include <asm/pgalloc.h>                /* pgd_*(), ...                 */
+#include <asm/kmemcheck.h>              /* kmemcheck_*(), ...           */
 /*
 * Page fault error code bits:
@@ -956,6 +957,13 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
        /* Get the faulting address: */
        address = read_cr2();
+        /*
+         * Detect and handle instructions that would cause a page fault for
+         * both a tracked kernel page and a userspace page.
+         */
+        if (kmemcheck_active(regs))
+                kmemcheck_hide(regs);
        if (unlikely(kmmio_fault(regs, address)))
                return;
@@ -973,9 +981,13 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
         * protection error (error_code & 9) == 0.
         */
        if (unlikely(fault_in_kernel_space(address))) {
-                if (!(error_code & (PF_RSVD|PF_USER|PF_PROT)) &&
+                if (!(error_code & (PF_RSVD | PF_USER | PF_PROT))) {
-                    vmalloc_fault(address) >= 0)
+                        if (vmalloc_fault(address) >= 0)
-                        return;
+                                return;
+                        if (kmemcheck_fault(regs, address, error_code))
+                                return;
+                }
                /* Can handle a stale RO->RW TLB: */
                if (spurious_fault(error_code, address))
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 34c1bfb64f1c..f53b57e4086f 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -213,7 +213,7 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
        if (!after_bootmem)
                init_gbpages();
-#ifdef CONFIG_DEBUG_PAGEALLOC
+#if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_KMEMCHECK)
        /*
         * For CONFIG_DEBUG_PAGEALLOC, identity mapping will use small pages.
         * This will simplify cpa(), which otherwise needs to support splitting
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index 949708d7a481..3cd7711bb949 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -111,7 +111,7 @@ static pte_t * __init one_page_table_init(pmd_t *pmd)
                pte_t *page_table = NULL;
                if (after_bootmem) {
-#ifdef CONFIG_DEBUG_PAGEALLOC
+#if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_KMEMCHECK)
                        page_table = (pte_t *) alloc_bootmem_pages(PAGE_SIZE);
 #endif
                        if (!page_table)
@@ -564,7 +564,7 @@ static inline void save_pg_dir(void)
 }
 #endif /* !CONFIG_ACPI_SLEEP */
-void zap_low_mappings(void)
+void zap_low_mappings(bool early)
 {
        int i;
@@ -581,7 +581,11 @@ void zap_low_mappings(void)
                set_pgd(swapper_pg_dir+i, __pgd(0));
 #endif
        }
-        flush_tlb_all();
+        if (early)
+                __flush_tlb();
+        else
+                flush_tlb_all();
 }
 pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
@@ -956,7 +960,7 @@ void __init mem_init(void)
                test_wp_bit();
        save_pg_dir();
-        zap_low_mappings();
+        zap_low_mappings(true);
 }
 #ifdef CONFIG_MEMORY_HOTPLUG
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 52bb9519bb86..9c543290a813 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -104,7 +104,7 @@ static __ref void *spp_getpage(void)
        void *ptr;
        if (after_bootmem)
-                ptr = (void *) get_zeroed_page(GFP_ATOMIC);
+                ptr = (void *) get_zeroed_page(GFP_ATOMIC | __GFP_NOTRACK);
        else
                ptr = alloc_bootmem_pages(PAGE_SIZE);
@@ -281,7 +281,7 @@ static __ref void *alloc_low_page(unsigned long *phys)
        void *adr;
        if (after_bootmem) {
-                adr = (void *)get_zeroed_page(GFP_ATOMIC);
+                adr = (void *)get_zeroed_page(GFP_ATOMIC | __GFP_NOTRACK);
                *phys = __pa(adr);
                return adr;
diff --git a/arch/x86/mm/kmemcheck/Makefile b/arch/x86/mm/kmemcheck/Makefile
new file mode 100644
index 000000000000..520b3bce4095
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/Makefile
@@ -0,0 +1 @@
+obj-y := error.o kmemcheck.o opcode.o pte.o selftest.o shadow.o
diff --git a/arch/x86/mm/kmemcheck/error.c b/arch/x86/mm/kmemcheck/error.c
new file mode 100644
index 000000000000..4901d0dafda6
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/error.c
@@ -0,0 +1,228 @@
+#include <linux/interrupt.h>
+#include <linux/kdebug.h>
+#include <linux/kmemcheck.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/ptrace.h>
+#include <linux/stacktrace.h>
+#include <linux/string.h>
+#include "error.h"
+#include "shadow.h"
+enum kmemcheck_error_type {
+        KMEMCHECK_ERROR_INVALID_ACCESS,
+        KMEMCHECK_ERROR_BUG,
+};
+#define SHADOW_COPY_SIZE (1 << CONFIG_KMEMCHECK_SHADOW_COPY_SHIFT)
+struct kmemcheck_error {
+        enum kmemcheck_error_type type;
+        union {
+                /* KMEMCHECK_ERROR_INVALID_ACCESS */
+                struct {
+                        /* Kind of access that caused the error */
+                        enum kmemcheck_shadow state;
+                        /* Address and size of the erroneous read */
+                        unsigned long   address;
+                        unsigned int    size;
+                };
+        };
+        struct pt_regs          regs;
+        struct stack_trace      trace;
+        unsigned long           trace_entries[32];
+        /* We compress it to a char. */
+        unsigned char           shadow_copy[SHADOW_COPY_SIZE];
+        unsigned char           memory_copy[SHADOW_COPY_SIZE];
+};
+/*
+ * Create a ring queue of errors to output. We can't call printk() directly
+ * from the kmemcheck traps, since this may call the console drivers and
+ * result in a recursive fault.
+ */
+static struct kmemcheck_error error_fifo[CONFIG_KMEMCHECK_QUEUE_SIZE];
+static unsigned int error_count;
+static unsigned int error_rd;
+static unsigned int error_wr;
+static unsigned int error_missed_count;
+static struct kmemcheck_error *error_next_wr(void)
+{
+        struct kmemcheck_error *e;
+        if (error_count == ARRAY_SIZE(error_fifo)) {
+                ++error_missed_count;
+                return NULL;
+        }
+        e = &error_fifo[error_wr];
+        if (++error_wr == ARRAY_SIZE(error_fifo))
+                error_wr = 0;
+        ++error_count;
+        return e;
+}
+static struct kmemcheck_error *error_next_rd(void)
+{
+        struct kmemcheck_error *e;
+        if (error_count == 0)
+                return NULL;
+        e = &error_fifo[error_rd];
+        if (++error_rd == ARRAY_SIZE(error_fifo))
+                error_rd = 0;
+        --error_count;
+        return e;
+}
+void kmemcheck_error_recall(void)
+{
+        static const char *desc[] = {
+                [KMEMCHECK_SHADOW_UNALLOCATED]          = "unallocated",
+                [KMEMCHECK_SHADOW_UNINITIALIZED]        = "uninitialized",
+                [KMEMCHECK_SHADOW_INITIALIZED]          = "initialized",
+                [KMEMCHECK_SHADOW_FREED]                = "freed",
+        };
+        static const char short_desc[] = {
+                [KMEMCHECK_SHADOW_UNALLOCATED]          = 'a',
+                [KMEMCHECK_SHADOW_UNINITIALIZED]        = 'u',
+                [KMEMCHECK_SHADOW_INITIALIZED]          = 'i',
+                [KMEMCHECK_SHADOW_FREED]                = 'f',
+        };
+        struct kmemcheck_error *e;
+        unsigned int i;
+        e = error_next_rd();
+        if (!e)
+                return;
+        switch (e->type) {
+        case KMEMCHECK_ERROR_INVALID_ACCESS:
+                printk(KERN_ERR  "WARNING: kmemcheck: Caught %d-bit read "
+                        "from %s memory (%p)\n",
+                        8 * e->size, e->state < ARRAY_SIZE(desc) ?
+                                desc[e->state] : "(invalid shadow state)",
+                        (void *) e->address);
+                printk(KERN_INFO);
+                for (i = 0; i < SHADOW_COPY_SIZE; ++i)
+                        printk("%02x", e->memory_copy[i]);
+                printk("\n");
+                printk(KERN_INFO);
+                for (i = 0; i < SHADOW_COPY_SIZE; ++i) {
+                        if (e->shadow_copy[i] < ARRAY_SIZE(short_desc))
+                                printk(" %c", short_desc[e->shadow_copy[i]]);
+                        else
+                                printk(" ?");
+                }
+                printk("\n");
+                printk(KERN_INFO "%*c\n", 2 + 2
+                        * (int) (e->address & (SHADOW_COPY_SIZE - 1)), '^');
+                break;
+        case KMEMCHECK_ERROR_BUG:
+                printk(KERN_EMERG "ERROR: kmemcheck: Fatal error\n");
+                break;
+        }
+        __show_regs(&e->regs, 1);
+        print_stack_trace(&e->trace, 0);
+}
+static void do_wakeup(unsigned long data)
+{
+        while (error_count > 0)
+                kmemcheck_error_recall();
+        if (error_missed_count > 0) {
+                printk(KERN_WARNING "kmemcheck: Lost %d error reports because "
+                        "the queue was too small\n", error_missed_count);
+                error_missed_count = 0;
+        }
+}
+static DECLARE_TASKLET(kmemcheck_tasklet, &do_wakeup, 0);
+/*
+ * Save the context of an error report.
+ */
+void kmemcheck_error_save(enum kmemcheck_shadow state,
+        unsigned long address, unsigned int size, struct pt_regs *regs)
+{
+        static unsigned long prev_ip;
+        struct kmemcheck_error *e;
+        void *shadow_copy;
+        void *memory_copy;
+        /* Don't report several adjacent errors from the same EIP. */
+        if (regs->ip == prev_ip)
+                return;
+        prev_ip = regs->ip;
+        e = error_next_wr();
+        if (!e)
+                return;
+        e->type = KMEMCHECK_ERROR_INVALID_ACCESS;
+        e->state = state;
+        e->address = address;
+        e->size = size;
+        /* Save regs */
+        memcpy(&e->regs, regs, sizeof(*regs));
+        /* Save stack trace */
+        e->trace.nr_entries = 0;
+        e->trace.entries = e->trace_entries;
+        e->trace.max_entries = ARRAY_SIZE(e->trace_entries);
+        e->trace.skip = 0;
+        save_stack_trace_bp(&e->trace, regs->bp);
+        /* Round address down to nearest 16 bytes */
+        shadow_copy = kmemcheck_shadow_lookup(address
+                & ~(SHADOW_COPY_SIZE - 1));
+        BUG_ON(!shadow_copy);
+        memcpy(e->shadow_copy, shadow_copy, SHADOW_COPY_SIZE);
+        kmemcheck_show_addr(address);
+        memory_copy = (void *) (address & ~(SHADOW_COPY_SIZE - 1));
+        memcpy(e->memory_copy, memory_copy, SHADOW_COPY_SIZE);
+        kmemcheck_hide_addr(address);
+        tasklet_hi_schedule_first(&kmemcheck_tasklet);
+}
+/*
+ * Save the context of a kmemcheck bug.
+ */
+void kmemcheck_error_save_bug(struct pt_regs *regs)
+{
+        struct kmemcheck_error *e;
+        e = error_next_wr();
+        if (!e)
+                return;
+        e->type = KMEMCHECK_ERROR_BUG;
+        memcpy(&e->regs, regs, sizeof(*regs));
+        e->trace.nr_entries = 0;
+        e->trace.entries = e->trace_entries;
+        e->trace.max_entries = ARRAY_SIZE(e->trace_entries);
+        e->trace.skip = 1;
+        save_stack_trace(&e->trace);
+        tasklet_hi_schedule_first(&kmemcheck_tasklet);
+}
diff --git a/arch/x86/mm/kmemcheck/error.h b/arch/x86/mm/kmemcheck/error.h
new file mode 100644
index 000000000000..0efc2e8d0a20
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/error.h
@@ -0,0 +1,15 @@
+#ifndef ARCH__X86__MM__KMEMCHECK__ERROR_H
+#define ARCH__X86__MM__KMEMCHECK__ERROR_H
+#include <linux/ptrace.h>
+#include "shadow.h"
+void kmemcheck_error_save(enum kmemcheck_shadow state,
+        unsigned long address, unsigned int size, struct pt_regs *regs);
+void kmemcheck_error_save_bug(struct pt_regs *regs);
+void kmemcheck_error_recall(void);
+#endif
diff --git a/arch/x86/mm/kmemcheck/kmemcheck.c b/arch/x86/mm/kmemcheck/kmemcheck.c
new file mode 100644
index 000000000000..2c55ed098654
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/kmemcheck.c
@@ -0,0 +1,640 @@
+/**
+ * kmemcheck - a heavyweight memory checker for the linux kernel
+ * Copyright (C) 2007, 2008  Vegard Nossum <vegardno@ifi.uio.no>
+ * (With a lot of help from Ingo Molnar and Pekka Enberg.)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License (version 2) as
+ * published by the Free Software Foundation.
+ */
+#include <linux/init.h>
+#include <linux/interrupt.h>
+#include <linux/kallsyms.h>
+#include <linux/kernel.h>
+#include <linux/kmemcheck.h>
+#include <linux/mm.h>
+#include <linux/module.h>
+#include <linux/page-flags.h>
+#include <linux/percpu.h>
+#include <linux/ptrace.h>
+#include <linux/string.h>
+#include <linux/types.h>
+#include <asm/cacheflush.h>
+#include <asm/kmemcheck.h>
+#include <asm/pgtable.h>
+#include <asm/tlbflush.h>
+#include "error.h"
+#include "opcode.h"
+#include "pte.h"
+#include "selftest.h"
+#include "shadow.h"
+#ifdef CONFIG_KMEMCHECK_DISABLED_BY_DEFAULT
+#  define KMEMCHECK_ENABLED 0
+#endif
+#ifdef CONFIG_KMEMCHECK_ENABLED_BY_DEFAULT
+#  define KMEMCHECK_ENABLED 1
+#endif
+#ifdef CONFIG_KMEMCHECK_ONESHOT_BY_DEFAULT
+#  define KMEMCHECK_ENABLED 2
+#endif
+int kmemcheck_enabled = KMEMCHECK_ENABLED;
+int __init kmemcheck_init(void)
+{
+#ifdef CONFIG_SMP
+        /*
+         * Limit SMP to use a single CPU. We rely on the fact that this code
+         * runs before SMP is set up.
+         */
+        if (setup_max_cpus > 1) {
+                printk(KERN_INFO
+                        "kmemcheck: Limiting number of CPUs to 1.\n");
+                setup_max_cpus = 1;
+        }
+#endif
+        if (!kmemcheck_selftest()) {
+                printk(KERN_INFO "kmemcheck: self-tests failed; disabling\n");
+                kmemcheck_enabled = 0;
+                return -EINVAL;
+        }
+        printk(KERN_INFO "kmemcheck: Initialized\n");
+        return 0;
+}
+early_initcall(kmemcheck_init);
+/*
+ * We need to parse the kmemcheck= option before any memory is allocated.
+ */
+static int __init param_kmemcheck(char *str)
+{
+        if (!str)
+                return -EINVAL;
+        sscanf(str, "%d", &kmemcheck_enabled);
+        return 0;
+}
+early_param("kmemcheck", param_kmemcheck);
+int kmemcheck_show_addr(unsigned long address)
+{
+        pte_t *pte;
+        pte = kmemcheck_pte_lookup(address);
+        if (!pte)
+                return 0;
+        set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT));
+        __flush_tlb_one(address);
+        return 1;
+}
+int kmemcheck_hide_addr(unsigned long address)
+{
+        pte_t *pte;
+        pte = kmemcheck_pte_lookup(address);
+        if (!pte)
+                return 0;
+        set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT));
+        __flush_tlb_one(address);
+        return 1;
+}
+struct kmemcheck_context {
+        bool busy;
+        int balance;
+        /*
+         * There can be at most two memory operands to an instruction, but
+         * each address can cross a page boundary -- so we may need up to
+         * four addresses that must be hidden/revealed for each fault.
+         */
+        unsigned long addr[4];
+        unsigned long n_addrs;
+        unsigned long flags;
+        /* Data size of the instruction that caused a fault. */
+        unsigned int size;
+};
+static DEFINE_PER_CPU(struct kmemcheck_context, kmemcheck_context);
+bool kmemcheck_active(struct pt_regs *regs)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        return data->balance > 0;
+}
+/* Save an address that needs to be shown/hidden */
+static void kmemcheck_save_addr(unsigned long addr)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        BUG_ON(data->n_addrs >= ARRAY_SIZE(data->addr));
+        data->addr[data->n_addrs++] = addr;
+}
+static unsigned int kmemcheck_show_all(void)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        unsigned int i;
+        unsigned int n;
+        n = 0;
+        for (i = 0; i < data->n_addrs; ++i)
+                n += kmemcheck_show_addr(data->addr[i]);
+        return n;
+}
+static unsigned int kmemcheck_hide_all(void)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        unsigned int i;
+        unsigned int n;
+        n = 0;
+        for (i = 0; i < data->n_addrs; ++i)
+                n += kmemcheck_hide_addr(data->addr[i]);
+        return n;
+}
+/*
+ * Called from the #PF handler.
+ */
+void kmemcheck_show(struct pt_regs *regs)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        BUG_ON(!irqs_disabled());
+        if (unlikely(data->balance != 0)) {
+                kmemcheck_show_all();
+                kmemcheck_error_save_bug(regs);
+                data->balance = 0;
+                return;
+        }
+        /*
+         * None of the addresses actually belonged to kmemcheck. Note that
+         * this is not an error.
+         */
+        if (kmemcheck_show_all() == 0)
+                return;
+        ++data->balance;
+        /*
+         * The IF needs to be cleared as well, so that the faulting
+         * instruction can run "uninterrupted". Otherwise, we might take
+         * an interrupt and start executing that before we've had a chance
+         * to hide the page again.
+         *
+         * NOTE: In the rare case of multiple faults, we must not override
+         * the original flags:
+         */
+        if (!(regs->flags & X86_EFLAGS_TF))
+                data->flags = regs->flags;
+        regs->flags |= X86_EFLAGS_TF;
+        regs->flags &= ~X86_EFLAGS_IF;
+}
+/*
+ * Called from the #DB handler.
+ */
+void kmemcheck_hide(struct pt_regs *regs)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        int n;
+        BUG_ON(!irqs_disabled());
+        if (data->balance == 0)
+                return;
+        if (unlikely(data->balance != 1)) {
+                kmemcheck_show_all();
+                kmemcheck_error_save_bug(regs);
+                data->n_addrs = 0;
+                data->balance = 0;
+                if (!(data->flags & X86_EFLAGS_TF))
+                        regs->flags &= ~X86_EFLAGS_TF;
+                if (data->flags & X86_EFLAGS_IF)
+                        regs->flags |= X86_EFLAGS_IF;
+                return;
+        }
+        if (kmemcheck_enabled)
+                n = kmemcheck_hide_all();
+        else
+                n = kmemcheck_show_all();
+        if (n == 0)
+                return;
+        --data->balance;
+        data->n_addrs = 0;
+        if (!(data->flags & X86_EFLAGS_TF))
+                regs->flags &= ~X86_EFLAGS_TF;
+        if (data->flags & X86_EFLAGS_IF)
+                regs->flags |= X86_EFLAGS_IF;
+}
+void kmemcheck_show_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+        for (i = 0; i < n; ++i) {
+                unsigned long address;
+                pte_t *pte;
+                unsigned int level;
+                address = (unsigned long) page_address(&p[i]);
+                pte = lookup_address(address, &level);
+                BUG_ON(!pte);
+                BUG_ON(level != PG_LEVEL_4K);
+                set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT));
+                set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_HIDDEN));
+                __flush_tlb_one(address);
+        }
+}
+bool kmemcheck_page_is_tracked(struct page *p)
+{
+        /* This will also check the "hidden" flag of the PTE. */
+        return kmemcheck_pte_lookup((unsigned long) page_address(p));
+}
+void kmemcheck_hide_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+        for (i = 0; i < n; ++i) {
+                unsigned long address;
+                pte_t *pte;
+                unsigned int level;
+                address = (unsigned long) page_address(&p[i]);
+                pte = lookup_address(address, &level);
+                BUG_ON(!pte);
+                BUG_ON(level != PG_LEVEL_4K);
+                set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT));
+                set_pte(pte, __pte(pte_val(*pte) | _PAGE_HIDDEN));
+                __flush_tlb_one(address);
+        }
+}
+/* Access may NOT cross page boundary */
+static void kmemcheck_read_strict(struct pt_regs *regs,
+        unsigned long addr, unsigned int size)
+{
+        void *shadow;
+        enum kmemcheck_shadow status;
+        shadow = kmemcheck_shadow_lookup(addr);
+        if (!shadow)
+                return;
+        kmemcheck_save_addr(addr);
+        status = kmemcheck_shadow_test(shadow, size);
+        if (status == KMEMCHECK_SHADOW_INITIALIZED)
+                return;
+        if (kmemcheck_enabled)
+                kmemcheck_error_save(status, addr, size, regs);
+        if (kmemcheck_enabled == 2)
+                kmemcheck_enabled = 0;
+        /* Don't warn about it again. */
+        kmemcheck_shadow_set(shadow, size);
+}
+/* Access may cross page boundary */
+static void kmemcheck_read(struct pt_regs *regs,
+        unsigned long addr, unsigned int size)
+{
+        unsigned long page = addr & PAGE_MASK;
+        unsigned long next_addr = addr + size - 1;
+        unsigned long next_page = next_addr & PAGE_MASK;
+        if (likely(page == next_page)) {
+                kmemcheck_read_strict(regs, addr, size);
+                return;
+        }
+        /*
+         * What we do is basically to split the access across the
+         * two pages and handle each part separately. Yes, this means
+         * that we may now see reads that are 3 + 5 bytes, for
+         * example (and if both are uninitialized, there will be two
+         * reports), but it makes the code a lot simpler.
+         */
+        kmemcheck_read_strict(regs, addr, next_page - addr);
+        kmemcheck_read_strict(regs, next_page, next_addr - next_page);
+}
+static void kmemcheck_write_strict(struct pt_regs *regs,
+        unsigned long addr, unsigned int size)
+{
+        void *shadow;
+        shadow = kmemcheck_shadow_lookup(addr);
+        if (!shadow)
+                return;
+        kmemcheck_save_addr(addr);
+        kmemcheck_shadow_set(shadow, size);
+}
+static void kmemcheck_write(struct pt_regs *regs,
+        unsigned long addr, unsigned int size)
+{
+        unsigned long page = addr & PAGE_MASK;
+        unsigned long next_addr = addr + size - 1;
+        unsigned long next_page = next_addr & PAGE_MASK;
+        if (likely(page == next_page)) {
+                kmemcheck_write_strict(regs, addr, size);
+                return;
+        }
+        /* See comment in kmemcheck_read(). */
+        kmemcheck_write_strict(regs, addr, next_page - addr);
+        kmemcheck_write_strict(regs, next_page, next_addr - next_page);
+}
+/*
+ * Copying is hard. We have two addresses, each of which may be split across
+ * a page (and each page will have different shadow addresses).
+ */
+static void kmemcheck_copy(struct pt_regs *regs,
+        unsigned long src_addr, unsigned long dst_addr, unsigned int size)
+{
+        uint8_t shadow[8];
+        enum kmemcheck_shadow status;
+        unsigned long page;
+        unsigned long next_addr;
+        unsigned long next_page;
+        uint8_t *x;
+        unsigned int i;
+        unsigned int n;
+        BUG_ON(size > sizeof(shadow));
+        page = src_addr & PAGE_MASK;
+        next_addr = src_addr + size - 1;
+        next_page = next_addr & PAGE_MASK;
+        if (likely(page == next_page)) {
+                /* Same page */
+                x = kmemcheck_shadow_lookup(src_addr);
+                if (x) {
+                        kmemcheck_save_addr(src_addr);
+                        for (i = 0; i < size; ++i)
+                                shadow[i] = x[i];
+                } else {
+                        for (i = 0; i < size; ++i)
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                }
+        } else {
+                n = next_page - src_addr;
+                BUG_ON(n > sizeof(shadow));
+                /* First page */
+                x = kmemcheck_shadow_lookup(src_addr);
+                if (x) {
+                        kmemcheck_save_addr(src_addr);
+                        for (i = 0; i < n; ++i)
+                                shadow[i] = x[i];
+                } else {
+                        /* Not tracked */
+                        for (i = 0; i < n; ++i)
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                }
+                /* Second page */
+                x = kmemcheck_shadow_lookup(next_page);
+                if (x) {
+                        kmemcheck_save_addr(next_page);
+                        for (i = n; i < size; ++i)
+                                shadow[i] = x[i - n];
+                } else {
+                        /* Not tracked */
+                        for (i = n; i < size; ++i)
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                }
+        }
+        page = dst_addr & PAGE_MASK;
+        next_addr = dst_addr + size - 1;
+        next_page = next_addr & PAGE_MASK;
+        if (likely(page == next_page)) {
+                /* Same page */
+                x = kmemcheck_shadow_lookup(dst_addr);
+                if (x) {
+                        kmemcheck_save_addr(dst_addr);
+                        for (i = 0; i < size; ++i) {
+                                x[i] = shadow[i];
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                        }
+                }
+        } else {
+                n = next_page - dst_addr;
+                BUG_ON(n > sizeof(shadow));
+                /* First page */
+                x = kmemcheck_shadow_lookup(dst_addr);
+                if (x) {
+                        kmemcheck_save_addr(dst_addr);
+                        for (i = 0; i < n; ++i) {
+                                x[i] = shadow[i];
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                        }
+                }
+                /* Second page */
+                x = kmemcheck_shadow_lookup(next_page);
+                if (x) {
+                        kmemcheck_save_addr(next_page);
+                        for (i = n; i < size; ++i) {
+                                x[i - n] = shadow[i];
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                        }
+                }
+        }
+        status = kmemcheck_shadow_test(shadow, size);
+        if (status == KMEMCHECK_SHADOW_INITIALIZED)
+                return;
+        if (kmemcheck_enabled)
+                kmemcheck_error_save(status, src_addr, size, regs);
+        if (kmemcheck_enabled == 2)
+                kmemcheck_enabled = 0;
+}
+enum kmemcheck_method {
+        KMEMCHECK_READ,
+        KMEMCHECK_WRITE,
+};
+static void kmemcheck_access(struct pt_regs *regs,
+        unsigned long fallback_address, enum kmemcheck_method fallback_method)
+{
+        const uint8_t *insn;
+        const uint8_t *insn_primary;
+        unsigned int size;
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        /* Recursive fault -- ouch. */
+        if (data->busy) {
+                kmemcheck_show_addr(fallback_address);
+                kmemcheck_error_save_bug(regs);
+                return;
+        }
+        data->busy = true;
+        insn = (const uint8_t *) regs->ip;
+        insn_primary = kmemcheck_opcode_get_primary(insn);
+        kmemcheck_opcode_decode(insn, &size);
+        switch (insn_primary[0]) {
+#ifdef CONFIG_KMEMCHECK_BITOPS_OK
+                /* AND, OR, XOR */
+                /*
+                 * Unfortunately, these instructions have to be excluded from
+                 * our regular checking since they access only some (and not
+                 * all) bits. This clears out "bogus" bitfield-access warnings.
+                 */
+        case 0x80:
+        case 0x81:
+        case 0x82:
+        case 0x83:
+                switch ((insn_primary[1] >> 3) & 7) {
+                        /* OR */
+                case 1:
+                        /* AND */
+                case 4:
+                        /* XOR */
+                case 6:
+                        kmemcheck_write(regs, fallback_address, size);
+                        goto out;
+                        /* ADD */
+                case 0:
+                        /* ADC */
+                case 2:
+                        /* SBB */
+                case 3:
+                        /* SUB */
+                case 5:
+                        /* CMP */
+                case 7:
+                        break;
+                }
+                break;
+#endif
+                /* MOVS, MOVSB, MOVSW, MOVSD */
+        case 0xa4:
+        case 0xa5:
+                /*
+                 * These instructions are special because they take two
+                 * addresses, but we only get one page fault.
+                 */
+                kmemcheck_copy(regs, regs->si, regs->di, size);
+                goto out;
+                /* CMPS, CMPSB, CMPSW, CMPSD */
+        case 0xa6:
+        case 0xa7:
+                kmemcheck_read(regs, regs->si, size);
+                kmemcheck_read(regs, regs->di, size);
+                goto out;
+        }
+        /*
+         * If the opcode isn't special in any way, we use the data from the
+         * page fault handler to determine the address and type of memory
+         * access.
+         */
+        switch (fallback_method) {
+        case KMEMCHECK_READ:
+                kmemcheck_read(regs, fallback_address, size);
+                goto out;
+        case KMEMCHECK_WRITE:
+                kmemcheck_write(regs, fallback_address, size);
+                goto out;
+        }
+out:
+        data->busy = false;
+}
+bool kmemcheck_fault(struct pt_regs *regs, unsigned long address,
+        unsigned long error_code)
+{
+        pte_t *pte;
+        /*
+         * XXX: Is it safe to assume that memory accesses from virtual 86
+         * mode or non-kernel code segments will _never_ access kernel
+         * memory (e.g. tracked pages)? For now, we need this to avoid
+         * invoking kmemcheck for PnP BIOS calls.
+         */
+        if (regs->flags & X86_VM_MASK)
+                return false;
+        if (regs->cs != __KERNEL_CS)
+                return false;
+        pte = kmemcheck_pte_lookup(address);
+        if (!pte)
+                return false;
+        if (error_code & 2)
+                kmemcheck_access(regs, address, KMEMCHECK_WRITE);
+        else
+                kmemcheck_access(regs, address, KMEMCHECK_READ);
+        kmemcheck_show(regs);
+        return true;
+}
+bool kmemcheck_trap(struct pt_regs *regs)
+{
+        if (!kmemcheck_active(regs))
+                return false;
+        /* We're done. */
+        kmemcheck_hide(regs);
+        return true;
+}
diff --git a/arch/x86/mm/kmemcheck/opcode.c b/arch/x86/mm/kmemcheck/opcode.c
new file mode 100644
index 000000000000..63c19e27aa6f
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/opcode.c
@@ -0,0 +1,106 @@
+#include <linux/types.h>
+#include "opcode.h"
+static bool opcode_is_prefix(uint8_t b)
+{
+        return
+                /* Group 1 */
+                b == 0xf0 || b == 0xf2 || b == 0xf3
+                /* Group 2 */
+                || b == 0x2e || b == 0x36 || b == 0x3e || b == 0x26
+                || b == 0x64 || b == 0x65 || b == 0x2e || b == 0x3e
+                /* Group 3 */
+                || b == 0x66
+                /* Group 4 */
+                || b == 0x67;
+}
+#ifdef CONFIG_X86_64
+static bool opcode_is_rex_prefix(uint8_t b)
+{
+        return (b & 0xf0) == 0x40;
+}
+#else
+static bool opcode_is_rex_prefix(uint8_t b)
+{
+        return false;
+}
+#endif
+#define REX_W (1 << 3)
+/*
+ * This is a VERY crude opcode decoder. We only need to find the size of the
+ * load/store that caused our #PF and this should work for all the opcodes
+ * that we care about. Moreover, the ones who invented this instruction set
+ * should be shot.
+ */
+void kmemcheck_opcode_decode(const uint8_t *op, unsigned int *size)
+{
+        /* Default operand size */
+        int operand_size_override = 4;
+        /* prefixes */
+        for (; opcode_is_prefix(*op); ++op) {
+                if (*op == 0x66)
+                        operand_size_override = 2;
+        }
+        /* REX prefix */
+        if (opcode_is_rex_prefix(*op)) {
+                uint8_t rex = *op;
+                ++op;
+                if (rex & REX_W) {
+                        switch (*op) {
+                        case 0x63:
+                                *size = 4;
+                                return;
+                        case 0x0f:
+                                ++op;
+                                switch (*op) {
+                                case 0xb6:
+                                case 0xbe:
+                                        *size = 1;
+                                        return;
+                                case 0xb7:
+                                case 0xbf:
+                                        *size = 2;
+                                        return;
+                                }
+                                break;
+                        }
+                        *size = 8;
+                        return;
+                }
+        }
+        /* escape opcode */
+        if (*op == 0x0f) {
+                ++op;
+                /*
+                 * This is move with zero-extend and sign-extend, respectively;
+                 * we don't have to think about 0xb6/0xbe, because this is
+                 * already handled in the conditional below.
+                 */
+                if (*op == 0xb7 || *op == 0xbf)
+                        operand_size_override = 2;
+        }
+        *size = (*op & 1) ? operand_size_override : 1;
+}
+const uint8_t *kmemcheck_opcode_get_primary(const uint8_t *op)
+{
+        /* skip prefixes */
+        while (opcode_is_prefix(*op))
+                ++op;
+        if (opcode_is_rex_prefix(*op))
+                ++op;
+        return op;
+}
diff --git a/arch/x86/mm/kmemcheck/opcode.h b/arch/x86/mm/kmemcheck/opcode.h
new file mode 100644
index 000000000000..6956aad66b5b
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/opcode.h
@@ -0,0 +1,9 @@
+#ifndef ARCH__X86__MM__KMEMCHECK__OPCODE_H
+#define ARCH__X86__MM__KMEMCHECK__OPCODE_H
+#include <linux/types.h>
+void kmemcheck_opcode_decode(const uint8_t *op, unsigned int *size);
+const uint8_t *kmemcheck_opcode_get_primary(const uint8_t *op);
+#endif
diff --git a/arch/x86/mm/kmemcheck/pte.c b/arch/x86/mm/kmemcheck/pte.c
new file mode 100644
index 000000000000..4ead26eeaf96
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/pte.c
@@ -0,0 +1,22 @@
+#include <linux/mm.h>
+#include <asm/pgtable.h>
+#include "pte.h"
+pte_t *kmemcheck_pte_lookup(unsigned long address)
+{
+        pte_t *pte;
+        unsigned int level;
+        pte = lookup_address(address, &level);
+        if (!pte)
+                return NULL;
+        if (level != PG_LEVEL_4K)
+                return NULL;
+        if (!pte_hidden(*pte))
+                return NULL;
+        return pte;
+}
diff --git a/arch/x86/mm/kmemcheck/pte.h b/arch/x86/mm/kmemcheck/pte.h
new file mode 100644
index 000000000000..9f5966456492
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/pte.h
@@ -0,0 +1,10 @@
+#ifndef ARCH__X86__MM__KMEMCHECK__PTE_H
+#define ARCH__X86__MM__KMEMCHECK__PTE_H
+#include <linux/mm.h>
+#include <asm/pgtable.h>
+pte_t *kmemcheck_pte_lookup(unsigned long address);
+#endif
diff --git a/arch/x86/mm/kmemcheck/selftest.c b/arch/x86/mm/kmemcheck/selftest.c
new file mode 100644
index 000000000000..036efbea8b28
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/selftest.c
@@ -0,0 +1,69 @@
+#include <linux/kernel.h>
+#include "opcode.h"
+#include "selftest.h"
+struct selftest_opcode {
+        unsigned int expected_size;
+        const uint8_t *insn;
+        const char *desc;
+};
+static const struct selftest_opcode selftest_opcodes[] = {
+        /* REP MOVS */
+        {1, "\xf3\xa4",                 "rep movsb <mem8>, <mem8>"},
+        {4, "\xf3\xa5",                 "rep movsl <mem32>, <mem32>"},
+        /* MOVZX / MOVZXD */
+        {1, "\x66\x0f\xb6\x51\xf8",     "movzwq <mem8>, <reg16>"},
+        {1, "\x0f\xb6\x51\xf8",         "movzwq <mem8>, <reg32>"},
+        /* MOVSX / MOVSXD */
+        {1, "\x66\x0f\xbe\x51\xf8",     "movswq <mem8>, <reg16>"},
+        {1, "\x0f\xbe\x51\xf8",         "movswq <mem8>, <reg32>"},
+#ifdef CONFIG_X86_64
+        /* MOVZX / MOVZXD */
+        {1, "\x49\x0f\xb6\x51\xf8",     "movzbq <mem8>, <reg64>"},
+        {2, "\x49\x0f\xb7\x51\xf8",     "movzbq <mem16>, <reg64>"},
+        /* MOVSX / MOVSXD */
+        {1, "\x49\x0f\xbe\x51\xf8",     "movsbq <mem8>, <reg64>"},
+        {2, "\x49\x0f\xbf\x51\xf8",     "movsbq <mem16>, <reg64>"},
+        {4, "\x49\x63\x51\xf8",         "movslq <mem32>, <reg64>"},
+#endif
+};
+static bool selftest_opcode_one(const struct selftest_opcode *op)
+{
+        unsigned size;
+        kmemcheck_opcode_decode(op->insn, &size);
+        if (size == op->expected_size)
+                return true;
+        printk(KERN_WARNING "kmemcheck: opcode %s: expected size %d, got %d\n",
+                op->desc, op->expected_size, size);
+        return false;
+}
+static bool selftest_opcodes_all(void)
+{
+        bool pass = true;
+        unsigned int i;
+        for (i = 0; i < ARRAY_SIZE(selftest_opcodes); ++i)
+                pass = pass && selftest_opcode_one(&selftest_opcodes[i]);
+        return pass;
+}
+bool kmemcheck_selftest(void)
+{
+        bool pass = true;
+        pass = pass && selftest_opcodes_all();
+        return pass;
+}
diff --git a/arch/x86/mm/kmemcheck/selftest.h b/arch/x86/mm/kmemcheck/selftest.h
new file mode 100644
index 000000000000..8fed4fe11f95
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/selftest.h
@@ -0,0 +1,6 @@
+#ifndef ARCH_X86_MM_KMEMCHECK_SELFTEST_H
+#define ARCH_X86_MM_KMEMCHECK_SELFTEST_H
+bool kmemcheck_selftest(void);
+#endif
diff --git a/arch/x86/mm/kmemcheck/shadow.c b/arch/x86/mm/kmemcheck/shadow.c
new file mode 100644
index 000000000000..e773b6bd0079
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/shadow.c
@@ -0,0 +1,162 @@
+#include <linux/kmemcheck.h>
+#include <linux/module.h>
+#include <linux/mm.h>
+#include <linux/module.h>
+#include <asm/page.h>
+#include <asm/pgtable.h>
+#include "pte.h"
+#include "shadow.h"
+/*
+ * Return the shadow address for the given address. Returns NULL if the
+ * address is not tracked.
+ *
+ * We need to be extremely careful not to follow any invalid pointers,
+ * because this function can be called for *any* possible address.
+ */
+void *kmemcheck_shadow_lookup(unsigned long address)
+{
+        pte_t *pte;
+        struct page *page;
+        if (!virt_addr_valid(address))
+                return NULL;
+        pte = kmemcheck_pte_lookup(address);
+        if (!pte)
+                return NULL;
+        page = virt_to_page(address);
+        if (!page->shadow)
+                return NULL;
+        return page->shadow + (address & (PAGE_SIZE - 1));
+}
+static void mark_shadow(void *address, unsigned int n,
+        enum kmemcheck_shadow status)
+{
+        unsigned long addr = (unsigned long) address;
+        unsigned long last_addr = addr + n - 1;
+        unsigned long page = addr & PAGE_MASK;
+        unsigned long last_page = last_addr & PAGE_MASK;
+        unsigned int first_n;
+        void *shadow;
+        /* If the memory range crosses a page boundary, stop there. */
+        if (page == last_page)
+                first_n = n;
+        else
+                first_n = page + PAGE_SIZE - addr;
+        shadow = kmemcheck_shadow_lookup(addr);
+        if (shadow)
+                memset(shadow, status, first_n);
+        addr += first_n;
+        n -= first_n;
+        /* Do full-page memset()s. */
+        while (n >= PAGE_SIZE) {
+                shadow = kmemcheck_shadow_lookup(addr);
+                if (shadow)
+                        memset(shadow, status, PAGE_SIZE);
+                addr += PAGE_SIZE;
+                n -= PAGE_SIZE;
+        }
+        /* Do the remaining page, if any. */
+        if (n > 0) {
+                shadow = kmemcheck_shadow_lookup(addr);
+                if (shadow)
+                        memset(shadow, status, n);
+        }
+}
+void kmemcheck_mark_unallocated(void *address, unsigned int n)
+{
+        mark_shadow(address, n, KMEMCHECK_SHADOW_UNALLOCATED);
+}
+void kmemcheck_mark_uninitialized(void *address, unsigned int n)
+{
+        mark_shadow(address, n, KMEMCHECK_SHADOW_UNINITIALIZED);
+}
+/*
+ * Fill the shadow memory of the given address such that the memory at that
+ * address is marked as being initialized.
+ */
+void kmemcheck_mark_initialized(void *address, unsigned int n)
+{
+        mark_shadow(address, n, KMEMCHECK_SHADOW_INITIALIZED);
+}
+EXPORT_SYMBOL_GPL(kmemcheck_mark_initialized);
+void kmemcheck_mark_freed(void *address, unsigned int n)
+{
+        mark_shadow(address, n, KMEMCHECK_SHADOW_FREED);
+}
+void kmemcheck_mark_unallocated_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+        for (i = 0; i < n; ++i)
+                kmemcheck_mark_unallocated(page_address(&p[i]), PAGE_SIZE);
+}
+void kmemcheck_mark_uninitialized_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+        for (i = 0; i < n; ++i)
+                kmemcheck_mark_uninitialized(page_address(&p[i]), PAGE_SIZE);
+}
+void kmemcheck_mark_initialized_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+        for (i = 0; i < n; ++i)
+                kmemcheck_mark_initialized(page_address(&p[i]), PAGE_SIZE);
+}
+enum kmemcheck_shadow kmemcheck_shadow_test(void *shadow, unsigned int size)
+{
+        uint8_t *x;
+        unsigned int i;
+        x = shadow;
+#ifdef CONFIG_KMEMCHECK_PARTIAL_OK
+        /*
+         * Make sure _some_ bytes are initialized. Gcc frequently generates
+         * code to access neighboring bytes.
+         */
+        for (i = 0; i < size; ++i) {
+                if (x[i] == KMEMCHECK_SHADOW_INITIALIZED)
+                        return x[i];
+        }
+#else
+        /* All bytes must be initialized. */
+        for (i = 0; i < size; ++i) {
+                if (x[i] != KMEMCHECK_SHADOW_INITIALIZED)
+                        return x[i];
+        }
+#endif
+        return x[0];
+}
+void kmemcheck_shadow_set(void *shadow, unsigned int size)
+{
+        uint8_t *x;
+        unsigned int i;
+        x = shadow;
+        for (i = 0; i < size; ++i)
+                x[i] = KMEMCHECK_SHADOW_INITIALIZED;
+}
diff --git a/arch/x86/mm/kmemcheck/shadow.h b/arch/x86/mm/kmemcheck/shadow.h
new file mode 100644
index 000000000000..af46d9ab9d86
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/shadow.h
@@ -0,0 +1,16 @@
+#ifndef ARCH__X86__MM__KMEMCHECK__SHADOW_H
+#define ARCH__X86__MM__KMEMCHECK__SHADOW_H
+enum kmemcheck_shadow {
+        KMEMCHECK_SHADOW_UNALLOCATED,
+        KMEMCHECK_SHADOW_UNINITIALIZED,
+        KMEMCHECK_SHADOW_INITIALIZED,
+        KMEMCHECK_SHADOW_FREED,
+};
+void *kmemcheck_shadow_lookup(unsigned long address);
+enum kmemcheck_shadow kmemcheck_shadow_test(void *shadow, unsigned int size);
+void kmemcheck_shadow_set(void *shadow, unsigned int size);
+#endif
diff --git a/arch/x86/mm/memtest.c b/arch/x86/mm/memtest.c
index c0bedcd10f97..18d244f70205 100644
--- a/arch/x86/mm/memtest.c
+++ b/arch/x86/mm/memtest.c
@@ -40,21 +40,20 @@ static void __init reserve_bad_mem(u64 pattern, u64 start_bad, u64 end_bad)
 static void __init memtest(u64 pattern, u64 start_phys, u64 size)
 {
-        u64 *p;
+        u64 *p, *start, *end;
-        void *start, *end;
        u64 start_bad, last_bad;
        u64 start_phys_aligned;
-        size_t incr;
+        const size_t incr = sizeof(pattern);
-        incr = sizeof(pattern);
        start_phys_aligned = ALIGN(start_phys, incr);
        start = __va(start_phys_aligned);
-        end = start + size - (start_phys_aligned - start_phys);
+        end = start + (size - (start_phys_aligned - start_phys)) / incr;
        start_bad = 0;
        last_bad = 0;
        for (p = start; p < end; p++)
                *p = pattern;
        for (p = start; p < end; p++, start_phys_aligned += incr) {
                if (*p == pattern)
                        continue;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index 6ce9518fe2ac..3cfe9ced8a4c 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -470,7 +470,7 @@ static int split_large_page(pte_t *kpte, unsigned long address)
        if (!debug_pagealloc)
                spin_unlock(&cpa_lock);
-        base = alloc_pages(GFP_KERNEL, 0);
+        base = alloc_pages(GFP_KERNEL | __GFP_NOTRACK, 0);
        if (!debug_pagealloc)
                spin_lock(&cpa_lock);
        if (!base)
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
index 7aa03a5389f5..8e43bdd45456 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
@@ -4,9 +4,11 @@
 #include <asm/tlb.h>
 #include <asm/fixmap.h>
+#define PGALLOC_GFP GFP_KERNEL | __GFP_NOTRACK | __GFP_REPEAT | __GFP_ZERO
 pte_t *pte_alloc_one_kernel(struct mm_struct *mm, unsigned long address)
 {
-        return (pte_t *)__get_free_page(GFP_KERNEL|__GFP_REPEAT|__GFP_ZERO);
+        return (pte_t *)__get_free_page(PGALLOC_GFP);
 }
 pgtable_t pte_alloc_one(struct mm_struct *mm, unsigned long address)
@@ -14,9 +16,9 @@ pgtable_t pte_alloc_one(struct mm_struct *mm, unsigned long address)
        struct page *pte;
 #ifdef CONFIG_HIGHPTE
-        pte = alloc_pages(GFP_KERNEL|__GFP_HIGHMEM|__GFP_REPEAT|__GFP_ZERO, 0);
+        pte = alloc_pages(PGALLOC_GFP | __GFP_HIGHMEM, 0);
 #else
-        pte = alloc_pages(GFP_KERNEL|__GFP_REPEAT|__GFP_ZERO, 0);
+        pte = alloc_pages(PGALLOC_GFP, 0);
 #endif
        if (pte)
                pgtable_page_ctor(pte);
@@ -161,7 +163,7 @@ static int preallocate_pmds(pmd_t *pmds[])
        bool failed = false;
        for(i = 0; i < PREALLOCATED_PMDS; i++) {
-                pmd_t *pmd = (pmd_t *)get_zeroed_page(GFP_KERNEL|__GFP_REPEAT);
+                pmd_t *pmd = (pmd_t *)__get_free_page(PGALLOC_GFP);
                if (pmd == NULL)
                        failed = true;
                pmds[i] = pmd;
@@ -228,7 +230,7 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
        pmd_t *pmds[PREALLOCATED_PMDS];
        unsigned long flags;
-        pgd = (pgd_t *)__get_free_page(GFP_KERNEL | __GFP_ZERO);
+        pgd = (pgd_t *)__get_free_page(PGALLOC_GFP);
        if (pgd == NULL)
                goto out;
diff --git a/arch/x86/power/Makefile b/arch/x86/power/Makefile
index 58b32db33125..de2abbd07544 100644
--- a/arch/x86/power/Makefile
+++ b/arch/x86/power/Makefile
@@ -3,5 +3,5 @@
 nostackp := $(call cc-option, -fno-stack-protector)
 CFLAGS_cpu_$(BITS).o    := $(nostackp)
-obj-$(CONFIG_PM_SLEEP)          += cpu_$(BITS).o
+obj-$(CONFIG_PM_SLEEP)          += cpu.o
 obj-$(CONFIG_HIBERNATION)       += hibernate_$(BITS).o hibernate_asm_$(BITS).o
diff --git a/arch/x86/power/cpu_64.c b/arch/x86/power/cpu.c
index 5343540f2607..d277ef1eea51 100644
--- a/arch/x86/power/cpu_64.c
+++ b/arch/x86/power/cpu.c
@@ -1,5 +1,5 @@
 /*
- * Suspend and hibernation support for x86-64
+ * Suspend support specific for i386/x86-64.
 *
 * Distribute under GPLv2
 *
@@ -8,18 +8,28 @@
 * Copyright (c) 2001 Patrick Mochel <mochel@osdl.org>
 */
-#include <linux/smp.h>
 #include <linux/suspend.h>
-#include <asm/proto.h>
+#include <linux/smp.h>
-#include <asm/page.h>
 #include <asm/pgtable.h>
+#include <asm/proto.h>
 #include <asm/mtrr.h>
+#include <asm/page.h>
+#include <asm/mce.h>
 #include <asm/xcr.h>
 #include <asm/suspend.h>
-static void fix_processor_context(void);
+#ifdef CONFIG_X86_32
+static struct saved_context saved_context;
+unsigned long saved_context_ebx;
+unsigned long saved_context_esp, saved_context_ebp;
+unsigned long saved_context_esi, saved_context_edi;
+unsigned long saved_context_eflags;
+#else
+/* CONFIG_X86_64 */
 struct saved_context saved_context;
+#endif
 /**
 *      __save_processor_state - save CPU registers before creating a
@@ -38,19 +48,35 @@ struct saved_context saved_context;
 */
 static void __save_processor_state(struct saved_context *ctxt)
 {
+#ifdef CONFIG_X86_32
+        mtrr_save_fixed_ranges(NULL);
+#endif
        kernel_fpu_begin();
        /*
         * descriptor tables
         */
+#ifdef CONFIG_X86_32
+        store_gdt(&ctxt->gdt);
+        store_idt(&ctxt->idt);
+#else
+/* CONFIG_X86_64 */
        store_gdt((struct desc_ptr *)&ctxt->gdt_limit);
        store_idt((struct desc_ptr *)&ctxt->idt_limit);
+#endif
        store_tr(ctxt->tr);
        /* XMM0..XMM15 should be handled by kernel_fpu_begin(). */
        /*
         * segment registers
         */
+#ifdef CONFIG_X86_32
+        savesegment(es, ctxt->es);
+        savesegment(fs, ctxt->fs);
+        savesegment(gs, ctxt->gs);
+        savesegment(ss, ctxt->ss);
+#else
+/* CONFIG_X86_64 */
        asm volatile ("movw %%ds, %0" : "=m" (ctxt->ds));
        asm volatile ("movw %%es, %0" : "=m" (ctxt->es));
        asm volatile ("movw %%fs, %0" : "=m" (ctxt->fs));
@@ -62,30 +88,87 @@ static void __save_processor_state(struct saved_context *ctxt)
        rdmsrl(MSR_KERNEL_GS_BASE, ctxt->gs_kernel_base);
        mtrr_save_fixed_ranges(NULL);
+        rdmsrl(MSR_EFER, ctxt->efer);
+#endif
        /*
         * control registers
         */
-        rdmsrl(MSR_EFER, ctxt->efer);
        ctxt->cr0 = read_cr0();
        ctxt->cr2 = read_cr2();
        ctxt->cr3 = read_cr3();
+#ifdef CONFIG_X86_32
+        ctxt->cr4 = read_cr4_safe();
+#else
+/* CONFIG_X86_64 */
        ctxt->cr4 = read_cr4();
        ctxt->cr8 = read_cr8();
+#endif
 }
+/* Needed by apm.c */
 void save_processor_state(void)
 {
        __save_processor_state(&saved_context);
 }
+#ifdef CONFIG_X86_32
+EXPORT_SYMBOL(save_processor_state);
+#endif
 static void do_fpu_end(void)
 {
        /*
-         * Restore FPU regs if necessary
+         * Restore FPU regs if necessary.
         */
        kernel_fpu_end();
 }
+static void fix_processor_context(void)
+{
+        int cpu = smp_processor_id();
+        struct tss_struct *t = &per_cpu(init_tss, cpu);
+        set_tss_desc(cpu, t);   /*
+                                 * This just modifies memory; should not be
+                                 * necessary. But... This is necessary, because
+                                 * 386 hardware has concept of busy TSS or some
+                                 * similar stupidity.
+                                 */
+#ifdef CONFIG_X86_64
+        get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
+        syscall_init();                         /* This sets MSR_*STAR and related */
+#endif
+        load_TR_desc();                         /* This does ltr */
+        load_LDT(&current->active_mm->context); /* This does lldt */
+        /*
+         * Now maybe reload the debug registers
+         */
+        if (current->thread.debugreg7) {
+#ifdef CONFIG_X86_32
+                set_debugreg(current->thread.debugreg0, 0);
+                set_debugreg(current->thread.debugreg1, 1);
+                set_debugreg(current->thread.debugreg2, 2);
+                set_debugreg(current->thread.debugreg3, 3);
+                /* no 4 and 5 */
+                set_debugreg(current->thread.debugreg6, 6);
+                set_debugreg(current->thread.debugreg7, 7);
+#else
+                /* CONFIG_X86_64 */
+                loaddebug(&current->thread, 0);
+                loaddebug(&current->thread, 1);
+                loaddebug(&current->thread, 2);
+                loaddebug(&current->thread, 3);
+                /* no 4 and 5 */
+                loaddebug(&current->thread, 6);
+                loaddebug(&current->thread, 7);
+#endif
+        }
+}
 /**
 *      __restore_processor_state - restore the contents of CPU registers saved
 *              by __save_processor_state()
@@ -96,9 +179,16 @@ static void __restore_processor_state(struct saved_context *ctxt)
        /*
         * control registers
         */
+        /* cr4 was introduced in the Pentium CPU */
+#ifdef CONFIG_X86_32
+        if (ctxt->cr4)
+                write_cr4(ctxt->cr4);
+#else
+/* CONFIG X86_64 */
        wrmsrl(MSR_EFER, ctxt->efer);
        write_cr8(ctxt->cr8);
        write_cr4(ctxt->cr4);
+#endif
        write_cr3(ctxt->cr3);
        write_cr2(ctxt->cr2);
        write_cr0(ctxt->cr0);
@@ -107,13 +197,31 @@ static void __restore_processor_state(struct saved_context *ctxt)
         * now restore the descriptor tables to their proper values
         * ltr is done i fix_processor_context().
         */
+#ifdef CONFIG_X86_32
+        load_gdt(&ctxt->gdt);
+        load_idt(&ctxt->idt);
+#else
+/* CONFIG_X86_64 */
        load_gdt((const struct desc_ptr *)&ctxt->gdt_limit);
        load_idt((const struct desc_ptr *)&ctxt->idt_limit);
+#endif
        /*
         * segment registers
         */
+#ifdef CONFIG_X86_32
+        loadsegment(es, ctxt->es);
+        loadsegment(fs, ctxt->fs);
+        loadsegment(gs, ctxt->gs);
+        loadsegment(ss, ctxt->ss);
+        /*
+         * sysenter MSRs
+         */
+        if (boot_cpu_has(X86_FEATURE_SEP))
+                enable_sep_cpu();
+#else
+/* CONFIG_X86_64 */
        asm volatile ("movw %0, %%ds" :: "r" (ctxt->ds));
        asm volatile ("movw %0, %%es" :: "r" (ctxt->es));
        asm volatile ("movw %0, %%fs" :: "r" (ctxt->fs));
@@ -123,6 +231,7 @@ static void __restore_processor_state(struct saved_context *ctxt)
        wrmsrl(MSR_FS_BASE, ctxt->fs_base);
        wrmsrl(MSR_GS_BASE, ctxt->gs_base);
        wrmsrl(MSR_KERNEL_GS_BASE, ctxt->gs_kernel_base);
+#endif
        /*
         * restore XCR0 for xsave capable cpu's.
@@ -134,41 +243,17 @@ static void __restore_processor_state(struct saved_context *ctxt)
        do_fpu_end();
        mtrr_ap_init();
+#ifdef CONFIG_X86_32
+        mcheck_init(&boot_cpu_data);
+#endif
 }
+/* Needed by apm.c */
 void restore_processor_state(void)
 {
        __restore_processor_state(&saved_context);
 }
+#ifdef CONFIG_X86_32
-static void fix_processor_context(void)
+EXPORT_SYMBOL(restore_processor_state);
-{
+#endif
-        int cpu = smp_processor_id();
-        struct tss_struct *t = &per_cpu(init_tss, cpu);
-        /*
-         * This just modifies memory; should not be necessary. But... This
-         * is necessary, because 386 hardware has concept of busy TSS or some
-         * similar stupidity.
-         */
-        set_tss_desc(cpu, t);
-        get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
-        syscall_init();                         /* This sets MSR_*STAR and related */
-        load_TR_desc();                         /* This does ltr */
-        load_LDT(&current->active_mm->context); /* This does lldt */
-        /*
-         * Now maybe reload the debug registers
-         */
-        if (current->thread.debugreg7){
-                loaddebug(&current->thread, 0);
-                loaddebug(&current->thread, 1);
-                loaddebug(&current->thread, 2);
-                loaddebug(&current->thread, 3);
-                /* no 4 and 5 */
-                loaddebug(&current->thread, 6);
-                loaddebug(&current->thread, 7);
-        }
-}
diff --git a/arch/x86/power/cpu_32.c b/arch/x86/power/cpu_32.c
deleted file mode 100644
index ce702c5b3a2c..000000000000
--- a/arch/x86/power/cpu_32.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Suspend support specific for i386.
- *
- * Distribute under GPLv2
- *
- * Copyright (c) 2002 Pavel Machek <pavel@suse.cz>
- * Copyright (c) 2001 Patrick Mochel <mochel@osdl.org>
- */
-#include <linux/module.h>
-#include <linux/suspend.h>
-#include <asm/mtrr.h>
-#include <asm/mce.h>
-#include <asm/xcr.h>
-#include <asm/suspend.h>
-static struct saved_context saved_context;
-unsigned long saved_context_ebx;
-unsigned long saved_context_esp, saved_context_ebp;
-unsigned long saved_context_esi, saved_context_edi;
-unsigned long saved_context_eflags;
-static void __save_processor_state(struct saved_context *ctxt)
-{
-        mtrr_save_fixed_ranges(NULL);
-        kernel_fpu_begin();
-        /*
-         * descriptor tables
-         */
-        store_gdt(&ctxt->gdt);
-        store_idt(&ctxt->idt);
-        store_tr(ctxt->tr);
-        /*
-         * segment registers
-         */
-        savesegment(es, ctxt->es);
-        savesegment(fs, ctxt->fs);
-        savesegment(gs, ctxt->gs);
-        savesegment(ss, ctxt->ss);
-        /*
-         * control registers
-         */
-        ctxt->cr0 = read_cr0();
-        ctxt->cr2 = read_cr2();
-        ctxt->cr3 = read_cr3();
-        ctxt->cr4 = read_cr4_safe();
-}
-/* Needed by apm.c */
-void save_processor_state(void)
-{
-        __save_processor_state(&saved_context);
-}
-EXPORT_SYMBOL(save_processor_state);
-static void do_fpu_end(void)
-{
-        /*
-         * Restore FPU regs if necessary.
-         */
-        kernel_fpu_end();
-}
-static void fix_processor_context(void)
-{
-        int cpu = smp_processor_id();
-        struct tss_struct *t = &per_cpu(init_tss, cpu);
-        set_tss_desc(cpu, t);   /*
-                                 * This just modifies memory; should not be
-                                 * necessary. But... This is necessary, because
-                                 * 386 hardware has concept of busy TSS or some
-                                 * similar stupidity.
-                                 */
-        load_TR_desc();                         /* This does ltr */
-        load_LDT(&current->active_mm->context); /* This does lldt */
-        /*
-         * Now maybe reload the debug registers
-         */
-        if (current->thread.debugreg7) {
-                set_debugreg(current->thread.debugreg0, 0);
-                set_debugreg(current->thread.debugreg1, 1);
-                set_debugreg(current->thread.debugreg2, 2);
-                set_debugreg(current->thread.debugreg3, 3);
-                /* no 4 and 5 */
-                set_debugreg(current->thread.debugreg6, 6);
-                set_debugreg(current->thread.debugreg7, 7);
-        }
-}
-static void __restore_processor_state(struct saved_context *ctxt)
-{
-        /*
-         * control registers
-         */
-        /* cr4 was introduced in the Pentium CPU */
-        if (ctxt->cr4)
-                write_cr4(ctxt->cr4);
-        write_cr3(ctxt->cr3);
-        write_cr2(ctxt->cr2);
-        write_cr0(ctxt->cr0);
-        /*
-         * now restore the descriptor tables to their proper values
-         * ltr is done i fix_processor_context().
-         */
-        load_gdt(&ctxt->gdt);
-        load_idt(&ctxt->idt);
-        /*
-         * segment registers
-         */
-        loadsegment(es, ctxt->es);
-        loadsegment(fs, ctxt->fs);
-        loadsegment(gs, ctxt->gs);
-        loadsegment(ss, ctxt->ss);
-        /*
-         * sysenter MSRs
-         */
-        if (boot_cpu_has(X86_FEATURE_SEP))
-                enable_sep_cpu();
-        /*
-         * restore XCR0 for xsave capable cpu's.
-         */
-        if (cpu_has_xsave)
-                xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);
-        fix_processor_context();
-        do_fpu_end();
-        mtrr_ap_init();
-        mcheck_init(&boot_cpu_data);
-}
-/* Needed by apm.c */
-void restore_processor_state(void)
-{
-        __restore_processor_state(&saved_context);
-}
-EXPORT_SYMBOL(restore_processor_state);