35 files changed, 257 insertions, 116 deletions

diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 3f76523589af..f857bd39cdfb 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -152,7 +152,7 @@
 #define X86_FEATURE_3DNOWPREFETCH (6*32+ 8) /* 3DNow prefetch instructions */
 #define X86_FEATURE_OSVW        (6*32+ 9) /* OS Visible Workaround */
 #define X86_FEATURE_IBS         (6*32+10) /* Instruction Based Sampling */
-#define X86_FEATURE_SSE5        (6*32+11) /* SSE-5 */
+#define X86_FEATURE_XOP         (6*32+11) /* extended AVX instructions */
 #define X86_FEATURE_SKINIT      (6*32+12) /* SKINIT/STGI instructions */
 #define X86_FEATURE_WDT         (6*32+13) /* Watchdog timer */
 #define X86_FEATURE_NODEID_MSR  (6*32+19) /* NodeId MSR */
diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h
index 30a3e9776123..6a45ec41ec26 100644
--- a/arch/x86/include/asm/io.h
+++ b/arch/x86/include/asm/io.h
@@ -206,6 +206,7 @@ static inline void __iomem *ioremap(resource_size_t offset, unsigned long size)
 
 extern void iounmap(volatile void __iomem *addr);
 
+extern void set_iounmap_nonlazy(void);
 
 #ifdef __KERNEL__
 
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index c52e2eb40a1e..6986312bb670 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -79,7 +79,7 @@
 #define KVM_NUM_MMU_PAGES (1 << KVM_MMU_HASH_SHIFT)
 #define KVM_MIN_FREE_MMU_PAGES 5
 #define KVM_REFILL_PAGES 25
-#define KVM_MAX_CPUID_ENTRIES 40
+#define KVM_MAX_CPUID_ENTRIES 80
 #define KVM_NR_FIXED_MTRR_REGION 88
 #define KVM_NR_VAR_MTRR 8
 
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index 4a2d4e0c18d9..8b5393ec1080 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -36,8 +36,6 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
         unsigned cpu = smp_processor_id();
 
         if (likely(prev != next)) {
-                /* stop flush ipis for the previous mm */
-                cpumask_clear_cpu(cpu, mm_cpumask(prev));
 #ifdef CONFIG_SMP
                 percpu_write(cpu_tlbstate.state, TLBSTATE_OK);
                 percpu_write(cpu_tlbstate.active_mm, next);
@@ -47,6 +45,9 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
                 /* Re-load page tables */
                 load_cr3(next->pgd);
 
+                /* stop flush ipis for the previous mm */
+                cpumask_clear_cpu(cpu, mm_cpumask(prev));
+
                 /*
                  * load the LDT, if the LDT is different:
                  */
diff --git a/arch/x86/include/asm/mrst.h b/arch/x86/include/asm/mrst.h
index 16350740edf6..33fc2966beb7 100644
--- a/arch/x86/include/asm/mrst.h
+++ b/arch/x86/include/asm/mrst.h
@@ -26,7 +26,7 @@ enum mrst_cpu_type {
 };
 
 extern enum mrst_cpu_type __mrst_cpu_chip;
-static enum mrst_cpu_type mrst_identify_cpu(void)
+static inline enum mrst_cpu_type mrst_identify_cpu(void)
 {
         return __mrst_cpu_chip;
 }
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index ebaa04a8d3af..37ea41c63b49 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -768,29 +768,6 @@ extern unsigned long		idle_halt;
 extern unsigned long            idle_nomwait;
 extern bool                     c1e_detected;
 
-/*
- * on systems with caches, caches must be flashed as the absolute
- * last instruction before going into a suspended halt.  Otherwise,
- * dirty data can linger in the cache and become stale on resume,
- * leading to strange errors.
- *
- * perform a variety of operations to guarantee that the compiler
- * will not reorder instructions.  wbinvd itself is serializing
- * so the processor will not reorder.
- *
- * Systems without cache can just go into halt.
- */
-static inline void wbinvd_halt(void)
-{
-        mb();
-        /* check for clflush to determine if wbinvd is legal */
-        if (cpu_has_clflush)
-                asm volatile("cli; wbinvd; 1: hlt; jmp 1b" : : : "memory");
-        else
-                while (1)
-                        halt();
-}
-
 extern void enable_sep_cpu(void);
 extern int sysenter_setup(void);
 
diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h
index 4cfc90824068..4c2f63c7fc1b 100644
--- a/arch/x86/include/asm/smp.h
+++ b/arch/x86/include/asm/smp.h
@@ -50,7 +50,7 @@ struct smp_ops {
         void (*smp_prepare_cpus)(unsigned max_cpus);
         void (*smp_cpus_done)(unsigned max_cpus);
 
-        void (*smp_send_stop)(void);
+        void (*stop_other_cpus)(int wait);
         void (*smp_send_reschedule)(int cpu);
 
         int (*cpu_up)(unsigned cpu);
@@ -73,7 +73,12 @@ extern struct smp_ops smp_ops;
 
 static inline void smp_send_stop(void)
 {
-        smp_ops.smp_send_stop();
+        smp_ops.stop_other_cpus(0);
+}
+
+static inline void stop_other_cpus(void)
+{
+        smp_ops.stop_other_cpus(1);
 }
 
 static inline void smp_prepare_boot_cpu(void)
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index e3b534cda49a..e0f220e158c1 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1340,6 +1340,14 @@ void __cpuinit end_local_APIC_setup(void)
 
         setup_apic_nmi_watchdog(NULL);
         apic_pm_activate();
+
+        /*
+         * Now that local APIC setup is completed for BP, configure the fault
+         * handling for interrupt remapping.
+         */
+        if (!smp_processor_id() && intr_remapping_enabled)
+                enable_drhd_fault_handling();
+
 }
 
 #ifdef CONFIG_X86_X2APIC
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index 5c5b8f3dddb5..4d90327853b7 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -1397,6 +1397,7 @@ int setup_ioapic_entry(int apic_id, int irq,
                 irte.dlvry_mode = apic->irq_delivery_mode;
                 irte.vector = vector;
                 irte.dest_id = IRTE_DEST(destination);
+                irte.redir_hint = 1;
 
                 /* Set source-id of interrupt request */
                 set_ioapic_sid(&irte, apic_id);
@@ -3348,6 +3349,7 @@ static int msi_compose_msg(struct pci_dev *pdev, unsigned int irq,
                 irte.dlvry_mode = apic->irq_delivery_mode;
                 irte.vector = cfg->vector;
                 irte.dest_id = IRTE_DEST(dest);
+                irte.redir_hint = 1;
 
                 /* Set source-id of interrupt request */
                 if (pdev)
@@ -3624,6 +3626,7 @@ static int dmar_msi_set_affinity(unsigned int irq, const struct cpumask *mask)
         msg.data |= MSI_DATA_VECTOR(cfg->vector);
         msg.address_lo &= ~MSI_ADDR_DEST_ID_MASK;
         msg.address_lo |= MSI_ADDR_DEST_ID(dest);
+        msg.address_hi = MSI_ADDR_BASE_HI | MSI_ADDR_EXT_DEST_ID(dest);
 
         dmar_msi_write(irq, &msg);
 
diff --git a/arch/x86/kernel/apic/probe_64.c b/arch/x86/kernel/apic/probe_64.c
index 83e9be4778e2..fac49a845064 100644
--- a/arch/x86/kernel/apic/probe_64.c
+++ b/arch/x86/kernel/apic/probe_64.c
@@ -76,13 +76,6 @@ void __init default_setup_apic_routing(void)
                 /* need to update phys_pkg_id */
                 apic->phys_pkg_id = apicid_phys_pkg_id;
         }
-
-        /*
-         * Now that apic routing model is selected, configure the
-         * fault handling for intr remapping.
-         */
-        if (intr_remapping_enabled)
-                enable_drhd_fault_handling();
 }
 
 /* Same for both flat and physical. */
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index ba5f62f45f01..81fa3cb12f39 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -305,8 +305,7 @@ static void __cpuinit amd_detect_cmp(struct cpuinfo_x86 *c)
         /* use socket ID also for last level cache */
         per_cpu(cpu_llc_id, cpu) = c->phys_proc_id;
         /* fixup topology information on multi-node processors */
-        if ((c->x86 == 0x10) && (c->x86_model == 9))
-                amd_fixup_dcm(c);
+        amd_fixup_dcm(c);
 #endif
 }
 
diff --git a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
index cd8da247dda1..a2baafb2fe6d 100644
--- a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
+++ b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
@@ -701,6 +701,7 @@ static int acpi_cpufreq_cpu_exit(struct cpufreq_policy *policy)
                 per_cpu(acfreq_data, policy->cpu) = NULL;
                 acpi_processor_unregister_performance(data->acpi_data,
                                                       policy->cpu);
+                kfree(data->freq_table);
                 kfree(data);
         }
 
diff --git a/arch/x86/kernel/cpu/mtrr/cleanup.c b/arch/x86/kernel/cpu/mtrr/cleanup.c
index c5f59d071425..ac140c7be396 100644
--- a/arch/x86/kernel/cpu/mtrr/cleanup.c
+++ b/arch/x86/kernel/cpu/mtrr/cleanup.c
@@ -827,7 +827,7 @@ int __init amd_special_default_mtrr(void)
 
         if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD)
                 return 0;
-        if (boot_cpu_data.x86 < 0xf || boot_cpu_data.x86 > 0x11)
+        if (boot_cpu_data.x86 < 0xf)
                 return 0;
         /* In case some hypervisor doesn't pass SYSCFG through: */
         if (rdmsr_safe(MSR_K8_SYSCFG, &l, &h) < 0)
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
index 01c0f3ee6cc3..bebabec5b448 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
+++ b/arch/x86/kernel/cpu/mtrr/main.c
@@ -793,13 +793,21 @@ void set_mtrr_aps_delayed_init(void)
 }
 
 /*
- * MTRR initialization for all AP's
+ * Delayed MTRR initialization for all AP's
  */
 void mtrr_aps_init(void)
 {
         if (!use_intel())
                 return;
 
+        /*
+         * Check if someone has requested the delay of AP MTRR initialization,
+         * by doing set_mtrr_aps_delayed_init(), prior to this point. If not,
+         * then we are done.
+         */
+        if (!mtrr_aps_delayed_init)
+                return;
+
         set_mtrr(~0U, 0, 0, 0);
         mtrr_aps_delayed_init = false;
 }
diff --git a/arch/x86/kernel/cpu/perf_event_amd.c b/arch/x86/kernel/cpu/perf_event_amd.c
index c2897b7b4a3b..46d58448c3af 100644
--- a/arch/x86/kernel/cpu/perf_event_amd.c
+++ b/arch/x86/kernel/cpu/perf_event_amd.c
@@ -52,7 +52,7 @@ static __initconst const u64 amd_hw_cache_event_ids
  [ C(DTLB) ] = {
         [ C(OP_READ) ] = {
                 [ C(RESULT_ACCESS) ] = 0x0040, /* Data Cache Accesses        */
-                [ C(RESULT_MISS)   ] = 0x0046, /* L1 DTLB and L2 DLTB Miss   */
+                [ C(RESULT_MISS)   ] = 0x0746, /* L1_DTLB_AND_L2_DLTB_MISS.ALL */
         },
         [ C(OP_WRITE) ] = {
                 [ C(RESULT_ACCESS) ] = 0,
@@ -66,7 +66,7 @@ static __initconst const u64 amd_hw_cache_event_ids
  [ C(ITLB) ] = {
         [ C(OP_READ) ] = {
                 [ C(RESULT_ACCESS) ] = 0x0080, /* Instruction fecthes        */
-                [ C(RESULT_MISS)   ] = 0x0085, /* Instr. fetch ITLB misses   */
+                [ C(RESULT_MISS)   ] = 0x0385, /* L1_ITLB_AND_L2_ITLB_MISS.ALL */
         },
         [ C(OP_WRITE) ] = {
                 [ C(RESULT_ACCESS) ] = -1,
diff --git a/arch/x86/kernel/crash_dump_64.c b/arch/x86/kernel/crash_dump_64.c
index 045b36cada65..994828899e09 100644
--- a/arch/x86/kernel/crash_dump_64.c
+++ b/arch/x86/kernel/crash_dump_64.c
@@ -34,7 +34,7 @@ ssize_t copy_oldmem_page(unsigned long pfn, char *buf,
         if (!csize)
                 return 0;
 
-        vaddr = ioremap(pfn << PAGE_SHIFT, PAGE_SIZE);
+        vaddr = ioremap_cache(pfn << PAGE_SHIFT, PAGE_SIZE);
         if (!vaddr)
                 return -ENOMEM;
 
@@ -46,6 +46,7 @@ ssize_t copy_oldmem_page(unsigned long pfn, char *buf,
         } else
                 memcpy(buf, vaddr + offset, csize);
 
+        set_iounmap_nonlazy();
         iounmap(vaddr);
         return csize;
 }
diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c
index ff15c9dcc25d..42c594254507 100644
--- a/arch/x86/kernel/hw_breakpoint.c
+++ b/arch/x86/kernel/hw_breakpoint.c
@@ -433,6 +433,10 @@ static int __kprobes hw_breakpoint_handler(struct die_args *args)
         dr6_p = (unsigned long *)ERR_PTR(args->err);
         dr6 = *dr6_p;
 
+        /* If it's a single step, TRAP bits are random */
+        if (dr6 & DR_STEP)
+                return NOTIFY_DONE;
+
         /* Do an early return if no trap bits are set in DR6 */
         if ((dr6 & DR_TRAP_BITS) == 0)
                 return NOTIFY_DONE;
diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c
index 356170262a93..2573689bda77 100644
--- a/arch/x86/kernel/microcode_intel.c
+++ b/arch/x86/kernel/microcode_intel.c
@@ -364,8 +364,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
 
                 /* For performance reasons, reuse mc area when possible */
                 if (!mc || mc_size > curr_mc_size) {
-                        if (mc)
-                                vfree(mc);
+                        vfree(mc);
                         mc = vmalloc(mc_size);
                         if (!mc)
                                 break;
@@ -374,13 +373,11 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
 
                 if (get_ucode_data(mc, ucode_ptr, mc_size) ||
                     microcode_sanity_check(mc) < 0) {
-                        vfree(mc);
                         break;
                 }
 
                 if (get_matching_microcode(&uci->cpu_sig, mc, new_rev)) {
-                        if (new_mc)
-                                vfree(new_mc);
+                        vfree(new_mc);
                         new_rev = mc_header.rev;
                         new_mc  = mc;
                         mc = NULL;      /* trigger new vmalloc */
@@ -390,12 +387,10 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
                 leftover  -= mc_size;
         }
 
-        if (mc)
-                vfree(mc);
+        vfree(mc);
 
         if (leftover) {
-                if (new_mc)
-                        vfree(new_mc);
+                vfree(new_mc);
                 state = UCODE_ERROR;
                 goto out;
         }
@@ -405,8 +400,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
                 goto out;
         }
 
-        if (uci->mc)
-                vfree(uci->mc);
+        vfree(uci->mc);
         uci->mc = (struct microcode_intel *)new_mc;
 
         pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n",
diff --git a/arch/x86/kernel/olpc.c b/arch/x86/kernel/olpc.c
index 0e0cdde519be..a2bd899b2b83 100644
--- a/arch/x86/kernel/olpc.c
+++ b/arch/x86/kernel/olpc.c
@@ -114,6 +114,7 @@ int olpc_ec_cmd(unsigned char cmd, unsigned char *inbuf, size_t inlen,
         unsigned long flags;
         int ret = -EIO;
         int i;
+        int restarts = 0;
 
         spin_lock_irqsave(&ec_lock, flags);
 
@@ -169,7 +170,9 @@ restart:
                         if (wait_on_obf(0x6c, 1)) {
                                 printk(KERN_ERR "olpc-ec:  timeout waiting for"
                                                 " EC to provide data!\n");
-                                goto restart;
+                                if (restarts++ < 10)
+                                        goto restart;
+                                goto err;
                         }
                         outbuf[i] = inb(0x68);
                         pr_devel("olpc-ec:  received 0x%x\n", outbuf[i]);
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index e3af342fe83a..76a0d715a031 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -641,7 +641,7 @@ void native_machine_shutdown(void)
         /* O.K Now that I'm on the appropriate processor,
          * stop all of the others.
          */
-        smp_send_stop();
+        stop_other_cpus();
 #endif
 
         lapic_shutdown();
diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
index 74cca6014c0e..96af3a8e7326 100644
--- a/arch/x86/kernel/smp.c
+++ b/arch/x86/kernel/smp.c
@@ -174,10 +174,10 @@ asmlinkage void smp_reboot_interrupt(void)
         irq_exit();
 }
 
-static void native_smp_send_stop(void)
+static void native_stop_other_cpus(int wait)
 {
         unsigned long flags;
-        unsigned long wait;
+        unsigned long timeout;
 
         if (reboot_force)
                 return;
@@ -194,9 +194,12 @@ static void native_smp_send_stop(void)
         if (num_online_cpus() > 1) {
                 apic->send_IPI_allbutself(REBOOT_VECTOR);
 
-                /* Don't wait longer than a second */
-                wait = USEC_PER_SEC;
-                while (num_online_cpus() > 1 && wait--)
+                /*
+                 * Don't wait longer than a second if the caller
+                 * didn't ask us to wait.
+                 */
+                timeout = USEC_PER_SEC;
+                while (num_online_cpus() > 1 && (wait || timeout--))
                         udelay(1);
         }
 
@@ -254,7 +257,7 @@ struct smp_ops smp_ops = {
         .smp_prepare_cpus       = native_smp_prepare_cpus,
         .smp_cpus_done          = native_smp_cpus_done,
 
-        .smp_send_stop          = native_smp_send_stop,
+        .stop_other_cpus        = native_stop_other_cpus,
         .smp_send_reschedule    = native_smp_send_reschedule,
 
         .cpu_up                 = native_cpu_up,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 8b3bfc4dd708..016179e5ba09 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -1383,11 +1383,94 @@ void play_dead_common(void)
         local_irq_disable();
 }
 
+#define MWAIT_SUBSTATE_MASK             0xf
+#define MWAIT_SUBSTATE_SIZE             4
+
+#define CPUID_MWAIT_LEAF                5
+#define CPUID5_ECX_EXTENSIONS_SUPPORTED 0x1
+
+/*
+ * We need to flush the caches before going to sleep, lest we have
+ * dirty data in our caches when we come back up.
+ */
+static inline void mwait_play_dead(void)
+{
+        unsigned int eax, ebx, ecx, edx;
+        unsigned int highest_cstate = 0;
+        unsigned int highest_subcstate = 0;
+        int i;
+        void *mwait_ptr;
+
+        if (!cpu_has(&current_cpu_data, X86_FEATURE_MWAIT))
+                return;
+        if (!cpu_has(&current_cpu_data, X86_FEATURE_CLFLSH))
+                return;
+        if (current_cpu_data.cpuid_level < CPUID_MWAIT_LEAF)
+                return;
+
+        eax = CPUID_MWAIT_LEAF;
+        ecx = 0;
+        native_cpuid(&eax, &ebx, &ecx, &edx);
+
+        /*
+         * eax will be 0 if EDX enumeration is not valid.
+         * Initialized below to cstate, sub_cstate value when EDX is valid.
+         */
+        if (!(ecx & CPUID5_ECX_EXTENSIONS_SUPPORTED)) {
+                eax = 0;
+        } else {
+                edx >>= MWAIT_SUBSTATE_SIZE;
+                for (i = 0; i < 7 && edx; i++, edx >>= MWAIT_SUBSTATE_SIZE) {
+                        if (edx & MWAIT_SUBSTATE_MASK) {
+                                highest_cstate = i;
+                                highest_subcstate = edx & MWAIT_SUBSTATE_MASK;
+                        }
+                }
+                eax = (highest_cstate << MWAIT_SUBSTATE_SIZE) |
+                        (highest_subcstate - 1);
+        }
+
+        /*
+         * This should be a memory location in a cache line which is
+         * unlikely to be touched by other processors.  The actual
+         * content is immaterial as it is not actually modified in any way.
+         */
+        mwait_ptr = &current_thread_info()->flags;
+
+        wbinvd();
+
+        while (1) {
+                /*
+                 * The CLFLUSH is a workaround for erratum AAI65 for
+                 * the Xeon 7400 series.  It's not clear it is actually
+                 * needed, but it should be harmless in either case.
+                 * The WBINVD is insufficient due to the spurious-wakeup
+                 * case where we return around the loop.
+                 */
+                clflush(mwait_ptr);
+                __monitor(mwait_ptr, 0, 0);
+                mb();
+                __mwait(eax, 0);
+        }
+}
+
+static inline void hlt_play_dead(void)
+{
+        if (current_cpu_data.x86 >= 4)
+                wbinvd();
+
+        while (1) {
+                native_halt();
+        }
+}
+
 void native_play_dead(void)
 {
         play_dead_common();
         tboot_shutdown(TB_SHUTDOWN_WFS);
-        wbinvd_halt();
+
+        mwait_play_dead();      /* Only returns on failure */
+        hlt_play_dead();
 }
 
 #else /* ... !CONFIG_HOTPLUG_CPU */
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 60788dee0f8a..9f4edeb21323 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -575,6 +575,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
         if (regs->flags & X86_VM_MASK) {
                 handle_vm86_trap((struct kernel_vm86_regs *) regs,
                                 error_code, 1);
+                preempt_conditional_cli(regs);
                 return;
         }
 
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
index 5ffb5622f793..61fb98519622 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -551,8 +551,14 @@ cannot_handle:
 int handle_vm86_trap(struct kernel_vm86_regs *regs, long error_code, int trapno)
 {
         if (VMPI.is_vm86pus) {
-                if ((trapno == 3) || (trapno == 1))
-                        return_to_32bit(regs, VM86_TRAP + (trapno << 8));
+                if ((trapno == 3) || (trapno == 1)) {
+                        KVM86->regs32->ax = VM86_TRAP + (trapno << 8);
+                        /* setting this flag forces the code in entry_32.S to
+                           call save_v86_state() and change the stack pointer
+                           to KVM86->regs32 */
+                        set_thread_flag(TIF_IRET);
+                        return 0;
+                }
                 do_int(regs, trapno, (unsigned char __user *) (regs->pt.ss << 4), SP(regs));
                 return 0;
         }
diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
index 9c253bd65e24..547128546cc3 100644
--- a/arch/x86/kernel/xsave.c
+++ b/arch/x86/kernel/xsave.c
@@ -394,7 +394,8 @@ static void __init setup_xstate_init(void)
          * Setup init_xstate_buf to represent the init state of
          * all the features managed by the xsave
          */
-        init_xstate_buf = alloc_bootmem(xstate_size);
+        init_xstate_buf = alloc_bootmem_align(xstate_size,
+                                              __alignof__(struct xsave_struct));
         init_xstate_buf->i387.mxcsr = MXCSR_DEFAULT;
 
         clts();
diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
index 4b7b73ce2098..9f163e61283c 100644
--- a/arch/x86/kvm/i8259.c
+++ b/arch/x86/kvm/i8259.c
@@ -570,6 +570,8 @@ struct kvm_pic *kvm_create_pic(struct kvm *kvm)
         s->pics[1].elcr_mask = 0xde;
         s->pics[0].pics_state = s;
         s->pics[1].pics_state = s;
+        s->pics[0].isr_ack = 0xff;
+        s->pics[1].isr_ack = 0xff;
 
         /*
          * Initialize PIO device
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 311f6dad8951..7fed5b793faf 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2254,6 +2254,10 @@ static int mmu_alloc_roots(struct kvm_vcpu *vcpu)
                 return 0;
         }
         direct = !is_paging(vcpu);
+
+        if (mmu_check_root(vcpu, root_gfn))
+                return 1;
+
         for (i = 0; i < 4; ++i) {
                 hpa_t root = vcpu->arch.mmu.pae_root[i];
 
@@ -2265,13 +2269,13 @@ static int mmu_alloc_roots(struct kvm_vcpu *vcpu)
                                 continue;
                         }
                         root_gfn = pdptr >> PAGE_SHIFT;
+                        if (mmu_check_root(vcpu, root_gfn))
+                                return 1;
                 } else if (vcpu->arch.mmu.root_level == 0)
                         root_gfn = 0;
-                if (mmu_check_root(vcpu, root_gfn))
-                        return 1;
                 if (tdp_enabled) {
                         direct = 1;
-                        root_gfn = i << 30;
+                        root_gfn = i << (30 - PAGE_SHIFT);
                 }
                 spin_lock(&vcpu->kvm->mmu_lock);
                 kvm_mmu_free_some_pages(vcpu);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 8a3f9f64f86f..e7c3f3bd08fc 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -88,6 +88,14 @@ struct nested_state {
         /* A VMEXIT is required but not yet emulated */
         bool exit_required;
 
+        /*
+         * If we vmexit during an instruction emulation we need this to restore
+         * the l1 guest rip after the emulation
+         */
+        unsigned long vmexit_rip;
+        unsigned long vmexit_rsp;
+        unsigned long vmexit_rax;
+
         /* cache for intercepts of the guest */
         u16 intercept_cr_read;
         u16 intercept_cr_write;
@@ -1206,8 +1214,12 @@ static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
                 if (old == new) {
                         /* cr0 write with ts and mp unchanged */
                         svm->vmcb->control.exit_code = SVM_EXIT_CR0_SEL_WRITE;
-                        if (nested_svm_exit_handled(svm) == NESTED_EXIT_DONE)
+                        if (nested_svm_exit_handled(svm) == NESTED_EXIT_DONE) {
+                                svm->nested.vmexit_rip = kvm_rip_read(vcpu);
+                                svm->nested.vmexit_rsp = kvm_register_read(vcpu, VCPU_REGS_RSP);
+                                svm->nested.vmexit_rax = kvm_register_read(vcpu, VCPU_REGS_RAX);
                                 return;
+                        }
                 }
         }
 
@@ -2399,6 +2411,23 @@ static int emulate_on_interception(struct vcpu_svm *svm)
         return emulate_instruction(&svm->vcpu, 0, 0, 0) == EMULATE_DONE;
 }
 
+static int cr0_write_interception(struct vcpu_svm *svm)
+{
+        struct kvm_vcpu *vcpu = &svm->vcpu;
+        int r;
+
+        r = emulate_instruction(&svm->vcpu, 0, 0, 0);
+
+        if (svm->nested.vmexit_rip) {
+                kvm_register_write(vcpu, VCPU_REGS_RIP, svm->nested.vmexit_rip);
+                kvm_register_write(vcpu, VCPU_REGS_RSP, svm->nested.vmexit_rsp);
+                kvm_register_write(vcpu, VCPU_REGS_RAX, svm->nested.vmexit_rax);
+                svm->nested.vmexit_rip = 0;
+        }
+
+        return r == EMULATE_DONE;
+}
+
 static int cr8_write_interception(struct vcpu_svm *svm)
 {
         struct kvm_run *kvm_run = svm->vcpu.run;
@@ -2672,7 +2701,7 @@ static int (*svm_exit_handlers[])(struct vcpu_svm *svm) = {
         [SVM_EXIT_READ_CR4]                     = emulate_on_interception,
         [SVM_EXIT_READ_CR8]                     = emulate_on_interception,
         [SVM_EXIT_CR0_SEL_WRITE]                = emulate_on_interception,
-        [SVM_EXIT_WRITE_CR0]                    = emulate_on_interception,
+        [SVM_EXIT_WRITE_CR0]                    = cr0_write_interception,
         [SVM_EXIT_WRITE_CR3]                    = emulate_on_interception,
         [SVM_EXIT_WRITE_CR4]                    = emulate_on_interception,
         [SVM_EXIT_WRITE_CR8]                    = cr8_write_interception,
@@ -3252,6 +3281,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
         vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip;
 
         load_host_msrs(vcpu);
+        kvm_load_ldt(ldt_selector);
         loadsegment(fs, fs_selector);
 #ifdef CONFIG_X86_64
         load_gs_index(gs_selector);
@@ -3259,7 +3289,6 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
 #else
         loadsegment(gs, gs_selector);
 #endif
-        kvm_load_ldt(ldt_selector);
 
         reload_tss(vcpu);
 
@@ -3354,6 +3383,14 @@ static void svm_cpuid_update(struct kvm_vcpu *vcpu)
 static void svm_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry)
 {
         switch (func) {
+        case 0x00000001:
+                /* Mask out xsave bit as long as it is not supported by SVM */
+                entry->ecx &= ~(bit(X86_FEATURE_XSAVE));
+                break;
+        case 0x80000001:
+                if (nested)
+                        entry->ecx |= (1 << 2); /* Set SVM bit */
+                break;
         case 0x8000000A:
                 entry->eax = 1; /* SVM revision 1 */
                 entry->ebx = 8; /* Lets support 8 ASIDs in case we add proper
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 7bddfab12013..b3986fec7e68 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -828,10 +828,9 @@ static void vmx_save_host_state(struct kvm_vcpu *vcpu)
 #endif
 
 #ifdef CONFIG_X86_64
-        if (is_long_mode(&vmx->vcpu)) {
-                rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
+        rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
+        if (is_long_mode(&vmx->vcpu))
                 wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
-        }
 #endif
         for (i = 0; i < vmx->save_nmsrs; ++i)
                 kvm_set_shared_msr(vmx->guest_msrs[i].index,
@@ -846,23 +845,23 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx)
 
         ++vmx->vcpu.stat.host_state_reload;
         vmx->host_state.loaded = 0;
-        if (vmx->host_state.fs_reload_needed)
-                loadsegment(fs, vmx->host_state.fs_sel);
+#ifdef CONFIG_X86_64
+        if (is_long_mode(&vmx->vcpu))
+                rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
+#endif
         if (vmx->host_state.gs_ldt_reload_needed) {
                 kvm_load_ldt(vmx->host_state.ldt_sel);
 #ifdef CONFIG_X86_64
                 load_gs_index(vmx->host_state.gs_sel);
-                wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gs);
 #else
                 loadsegment(gs, vmx->host_state.gs_sel);
 #endif
         }
+        if (vmx->host_state.fs_reload_needed)
+                loadsegment(fs, vmx->host_state.fs_sel);
         reload_tss();
 #ifdef CONFIG_X86_64
-        if (is_long_mode(&vmx->vcpu)) {
-                rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
-                wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
-        }
+        wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
 #endif
         if (current_thread_info()->status & TS_USEDFPU)
                 clts();
@@ -4249,11 +4248,6 @@ static int vmx_get_lpage_level(void)
                 return PT_PDPE_LEVEL;
 }
 
-static inline u32 bit(int bitno)
-{
-        return 1 << (bitno & 31);
-}
-
 static void vmx_cpuid_update(struct kvm_vcpu *vcpu)
 {
         struct kvm_cpuid_entry2 *best;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 3a09c625d526..a5746de6f402 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -153,11 +153,6 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
 
 u64 __read_mostly host_xcr0;
 
-static inline u32 bit(int bitno)
-{
-        return 1 << (bitno & 31);
-}
-
 static void kvm_on_user_return(struct user_return_notifier *urn)
 {
         unsigned slot;
@@ -1994,9 +1989,9 @@ static void do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
                 0 /* Reserved, AES */ | F(XSAVE) | 0 /* OSXSAVE */ | F(AVX);
         /* cpuid 0x80000001.ecx */
         const u32 kvm_supported_word6_x86_features =
-                F(LAHF_LM) | F(CMP_LEGACY) | F(SVM) | 0 /* ExtApicSpace */ |
+                F(LAHF_LM) | F(CMP_LEGACY) | 0 /*SVM*/ | 0 /* ExtApicSpace */ |
                 F(CR8_LEGACY) | F(ABM) | F(SSE4A) | F(MISALIGNSSE) |
-                F(3DNOWPREFETCH) | 0 /* OSVW */ | 0 /* IBS */ | F(SSE5) |
+                F(3DNOWPREFETCH) | 0 /* OSVW */ | 0 /* IBS */ | F(XOP) |
                 0 /* SKINIT */ | 0 /* WDT */;
 
         /* all calls to cpuid_count() should be made on the same cpu */
@@ -2305,6 +2300,7 @@ static void kvm_vcpu_ioctl_x86_get_vcpu_events(struct kvm_vcpu *vcpu,
                 !kvm_exception_is_soft(vcpu->arch.exception.nr);
         events->exception.nr = vcpu->arch.exception.nr;
         events->exception.has_error_code = vcpu->arch.exception.has_error_code;
+        events->exception.pad = 0;
         events->exception.error_code = vcpu->arch.exception.error_code;
 
         events->interrupt.injected =
@@ -2318,12 +2314,14 @@ static void kvm_vcpu_ioctl_x86_get_vcpu_events(struct kvm_vcpu *vcpu,
         events->nmi.injected = vcpu->arch.nmi_injected;
         events->nmi.pending = vcpu->arch.nmi_pending;
         events->nmi.masked = kvm_x86_ops->get_nmi_mask(vcpu);
+        events->nmi.pad = 0;
 
         events->sipi_vector = vcpu->arch.sipi_vector;
 
         events->flags = (KVM_VCPUEVENT_VALID_NMI_PENDING
                          | KVM_VCPUEVENT_VALID_SIPI_VECTOR
                          | KVM_VCPUEVENT_VALID_SHADOW);
+        memset(&events->reserved, 0, sizeof(events->reserved));
 }
 
 static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
@@ -2366,6 +2364,7 @@ static void kvm_vcpu_ioctl_x86_get_debugregs(struct kvm_vcpu *vcpu,
         dbgregs->dr6 = vcpu->arch.dr6;
         dbgregs->dr7 = vcpu->arch.dr7;
         dbgregs->flags = 0;
+        memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
 }
 
 static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
@@ -2849,6 +2848,7 @@ static int kvm_vm_ioctl_get_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
                 sizeof(ps->channels));
         ps->flags = kvm->arch.vpit->pit_state.flags;
         mutex_unlock(&kvm->arch.vpit->pit_state.lock);
+        memset(&ps->reserved, 0, sizeof(ps->reserved));
         return r;
 }
 
@@ -2912,10 +2912,6 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
                 struct kvm_memslots *slots, *old_slots;
                 unsigned long *dirty_bitmap;
 
-                spin_lock(&kvm->mmu_lock);
-                kvm_mmu_slot_remove_write_access(kvm, log->slot);
-                spin_unlock(&kvm->mmu_lock);
-
                 r = -ENOMEM;
                 dirty_bitmap = vmalloc(n);
                 if (!dirty_bitmap)
@@ -2937,6 +2933,10 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
                 dirty_bitmap = old_slots->memslots[log->slot].dirty_bitmap;
                 kfree(old_slots);
 
+                spin_lock(&kvm->mmu_lock);
+                kvm_mmu_slot_remove_write_access(kvm, log->slot);
+                spin_unlock(&kvm->mmu_lock);
+
                 r = -EFAULT;
                 if (copy_to_user(log->dirty_bitmap, dirty_bitmap, n)) {
                         vfree(dirty_bitmap);
@@ -3229,6 +3229,7 @@ long kvm_arch_vm_ioctl(struct file *filp,
                 now_ns = timespec_to_ns(&now);
                 user_ns.clock = kvm->arch.kvmclock_offset + now_ns;
                 user_ns.flags = 0;
+                memset(&user_ns.pad, 0, sizeof(user_ns.pad));
 
                 r = -EFAULT;
                 if (copy_to_user(argp, &user_ns, sizeof(user_ns)))
@@ -5111,6 +5112,8 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
 
         mmu_reset_needed |= kvm_read_cr4(vcpu) != sregs->cr4;
         kvm_x86_ops->set_cr4(vcpu, sregs->cr4);
+        if (sregs->cr4 & X86_CR4_OSXSAVE)
+                update_cpuid(vcpu);
         if (!is_long_mode(vcpu) && is_pae(vcpu)) {
                 load_pdptrs(vcpu, vcpu->arch.cr3);
                 mmu_reset_needed = 1;
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index b7a404722d2b..0bf327453499 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -65,6 +65,11 @@ static inline int is_paging(struct kvm_vcpu *vcpu)
         return kvm_read_cr0_bits(vcpu, X86_CR0_PG);
 }
 
+static inline u32 bit(int bitno)
+{
+        return 1 << (bitno & 31);
+}
+
 void kvm_before_handle_nmi(struct kvm_vcpu *vcpu);
 void kvm_after_handle_nmi(struct kvm_vcpu *vcpu);
 
diff --git a/arch/x86/oprofile/op_model_amd.c b/arch/x86/oprofile/op_model_amd.c
index b67a6b5aa8d4..42623310c968 100644
--- a/arch/x86/oprofile/op_model_amd.c
+++ b/arch/x86/oprofile/op_model_amd.c
@@ -484,21 +484,29 @@ static int __init_ibs_nmi(void)
         return 0;
 }
 
-/* initialize the APIC for the IBS interrupts if available */
+/*
+ * check and reserve APIC extended interrupt LVT offset for IBS if
+ * available
+ *
+ * init_ibs() preforms implicitly cpu-local operations, so pin this
+ * thread to its current CPU
+ */
+
 static void init_ibs(void)
 {
-        ibs_caps = get_ibs_caps();
+        preempt_disable();
 
+        ibs_caps = get_ibs_caps();
         if (!ibs_caps)
-                return;
+                goto out;
 
-        if (__init_ibs_nmi()) {
+        if (__init_ibs_nmi() < 0)
                 ibs_caps = 0;
-                return;
-        }
+        else
+                printk(KERN_INFO "oprofile: AMD IBS detected (0x%08x)\n", ibs_caps);
 
-        printk(KERN_INFO "oprofile: AMD IBS detected (0x%08x)\n",
-               (unsigned)ibs_caps);
+out:
+        preempt_enable();
 }
 
 static int (*create_arch_files)(struct super_block *sb, struct dentry *root);
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
index 4a2afa1bac51..b6552b189bcd 100644
--- a/arch/x86/vdso/Makefile
+++ b/arch/x86/vdso/Makefile
@@ -25,7 +25,7 @@ targets += vdso.so vdso.so.dbg vdso.lds $(vobjs-y)
 
 export CPPFLAGS_vdso.lds += -P -C
 
-VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -Wl,-soname=linux-vdso.so.1 \
+VDSO_LDFLAGS_vdso.lds = -m64 -Wl,-soname=linux-vdso.so.1 \
                         -Wl,-z,max-page-size=4096 -Wl,-z,common-page-size=4096
 
 $(obj)/vdso.o: $(src)/vdso.S $(obj)/vdso.so
@@ -69,7 +69,7 @@ vdso32.so-$(VDSO32-y)		+= sysenter
 vdso32-images                   = $(vdso32.so-y:%=vdso32-%.so)
 
 CPPFLAGS_vdso32.lds = $(CPPFLAGS_vdso.lds)
-VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -Wl,-soname=linux-gate.so.1
+VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-soname=linux-gate.so.1
 
 # This makes sure the $(obj) subdirectory exists even though vdso32/
 # is not a kbuild sub-make subdirectory.
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 7d46c8441418..0f6cd146f1ee 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1017,10 +1017,6 @@ static void xen_reboot(int reason)
 {
         struct sched_shutdown r = { .reason = reason };
 
-#ifdef CONFIG_SMP
-        smp_send_stop();
-#endif
-
         if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r))
                 BUG();
 }
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index 25f232b18a82..f4d010031465 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -400,9 +400,9 @@ static void stop_self(void *v)
         BUG();
 }
 
-static void xen_smp_send_stop(void)
+static void xen_stop_other_cpus(int wait)
 {
-        smp_call_function(stop_self, NULL, 0);
+        smp_call_function(stop_self, NULL, wait);
 }
 
 static void xen_smp_send_reschedule(int cpu)
@@ -470,7 +470,7 @@ static const struct smp_ops xen_smp_ops __initdata = {
         .cpu_disable = xen_cpu_disable,
         .play_dead = xen_play_dead,
 
-        .smp_send_stop = xen_smp_send_stop,
+        .stop_other_cpus = xen_stop_other_cpus,
         .smp_send_reschedule = xen_smp_send_reschedule,
 
         .send_call_func_ipi = xen_smp_send_call_function_ipi,