40 files changed, 626 insertions, 225 deletions

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index f70e3e3a9fa7..845ea2b2d487 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -25,6 +25,18 @@ config X86
         select HAVE_KVM if ((X86_32 && !X86_VOYAGER && !X86_VISWS && !X86_NUMAQ) || X86_64)
         select HAVE_ARCH_KGDB if !X86_VOYAGER
 
+config DEFCONFIG_LIST
+        string
+        depends on X86_32
+        option defconfig_list
+        default "arch/x86/configs/i386_defconfig"
+
+config DEFCONFIG_LIST
+        string
+        depends on X86_64
+        option defconfig_list
+        default "arch/x86/configs/x86_64_defconfig"
+
 
 config GENERIC_LOCKBREAK
         def_bool n
@@ -180,7 +192,7 @@ config X86_HT
 
 config X86_BIOS_REBOOT
         bool
-        depends on X86_32 && !(X86_VISWS || X86_VOYAGER)
+        depends on !X86_VISWS && !X86_VOYAGER
         default y
 
 config X86_TRAMPOLINE
@@ -1161,7 +1173,7 @@ source kernel/Kconfig.hz
 
 config KEXEC
         bool "kexec system call"
-        depends on X86_64 || X86_BIOS_REBOOT
+        depends on X86_BIOS_REBOOT
         help
           kexec is a system call that implements the ability to shutdown your
           current kernel, and to start another kernel.  It is like a reboot
@@ -1649,6 +1661,7 @@ config GEODE_MFGPT_TIMER
 
 config OLPC
         bool "One Laptop Per Child support"
+        depends on MGEODE_LX
         default n
         help
           Add support for detecting the unique features of the OLPC
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
index 7ef18b01f0bc..2ad6301849a1 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
@@ -278,11 +278,6 @@ config GENERIC_CPU
 
 endchoice
 
-config X86_CPU
-        def_bool y
-        select GENERIC_FIND_FIRST_BIT
-        select GENERIC_FIND_NEXT_BIT
-
 config X86_GENERIC
         bool "Generic x86 support"
         depends on X86_32
@@ -297,6 +292,11 @@ config X86_GENERIC
 
 endif
 
+config X86_CPU
+        def_bool y
+        select GENERIC_FIND_FIRST_BIT
+        select GENERIC_FIND_NEXT_BIT
+
 #
 # Define implied options from the CPU selection here
 config X86_L1_CACHE_BYTES
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 5b1979a45a1e..ac1e31ba4795 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -118,7 +118,6 @@ config DEBUG_NX_TEST
 config 4KSTACKS
         bool "Use 4Kb for kernel stacks instead of 8Kb"
         depends on X86_32
-        default y
         help
           If you say Y here the kernel will use a 4Kb stacksize for the
           kernel stack attached to each process/thread. This facilitates
@@ -256,11 +255,9 @@ config CPA_DEBUG
         help
           Do change_page_attr() self-tests every 30 seconds.
 
-endmenu
-
 config OPTIMIZE_INLINING
         bool "Allow gcc to uninline functions marked 'inline'"
-        default y
+        depends on BROKEN
         help
           This option determines if the kernel forces gcc to inline the functions
           developers have marked 'inline'. Doing so takes away freedom from gcc to
@@ -270,3 +267,6 @@ config OPTIMIZE_INLINING
           this algorithm is so good that allowing gcc4 to make the decision can
           become the default in the future, until then this option is there to
           test gcc for this.
+
+endmenu
+
diff --git a/arch/x86/boot/compressed/relocs.c b/arch/x86/boot/compressed/relocs.c
index d01ea42187e6..edaadea90aaf 100644
--- a/arch/x86/boot/compressed/relocs.c
+++ b/arch/x86/boot/compressed/relocs.c
@@ -191,7 +191,7 @@ static void read_ehdr(FILE *fp)
                 die("Cannot read ELF header: %s\n",
                         strerror(errno));
         }
-        if (memcmp(ehdr.e_ident, ELFMAG, 4) != 0) {
+        if (memcmp(ehdr.e_ident, ELFMAG, SELFMAG) != 0) {
                 die("No ELF magic\n");
         }
         if (ehdr.e_ident[EI_CLASS] != ELFCLASS32) {
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index bbed3a26ce55..cb3856a18c85 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -128,7 +128,7 @@ asmlinkage long sys32_sigsuspend(int history0, int history1, old_sigset_t mask)
 
         current->state = TASK_INTERRUPTIBLE;
         schedule();
-        set_thread_flag(TIF_RESTORE_SIGMASK);
+        set_restore_sigmask();
         return -ERESTARTNOHAND;
 }
 
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 30d54ed27e55..bbdacb398d48 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -40,7 +40,6 @@ obj-$(CONFIG_STACKTRACE)	+= stacktrace.o
 obj-y                           += cpu/
 obj-y                           += acpi/
 obj-$(CONFIG_X86_BIOS_REBOOT)   += reboot.o
-obj-$(CONFIG_X86_64)            += reboot.o
 obj-$(CONFIG_MCA)               += mca_32.o
 obj-$(CONFIG_X86_MSR)           += msr.o
 obj-$(CONFIG_X86_CPUID)         += cpuid.o
diff --git a/arch/x86/kernel/acpi/Makefile b/arch/x86/kernel/acpi/Makefile
index 7335959b6aff..fd5ca97a2ad5 100644
--- a/arch/x86/kernel/acpi/Makefile
+++ b/arch/x86/kernel/acpi/Makefile
@@ -10,5 +10,5 @@ endif
 $(obj)/wakeup_rm.o:    $(obj)/realmode/wakeup.bin
 
 $(obj)/realmode/wakeup.bin: FORCE
-        $(Q)$(MAKE) $(build)=$(obj)/realmode $@
+        $(Q)$(MAKE) $(build)=$(obj)/realmode
 
diff --git a/arch/x86/kernel/acpi/realmode/Makefile b/arch/x86/kernel/acpi/realmode/Makefile
index 092900854acc..1c31cc0e9def 100644
--- a/arch/x86/kernel/acpi/realmode/Makefile
+++ b/arch/x86/kernel/acpi/realmode/Makefile
@@ -6,7 +6,8 @@
 # for more details.
 #
 
-targets         := wakeup.bin wakeup.elf
+always          := wakeup.bin
+targets         := wakeup.elf wakeup.lds
 
 wakeup-y        += wakeup.o wakemain.o video-mode.o copy.o
 
@@ -48,7 +49,7 @@ LDFLAGS_wakeup.elf	:= -T
 
 CPPFLAGS_wakeup.lds += -P -C
 
-$(obj)/wakeup.elf: $(src)/wakeup.lds $(WAKEUP_OBJS) FORCE
+$(obj)/wakeup.elf: $(obj)/wakeup.lds $(WAKEUP_OBJS) FORCE
         $(call if_changed,ld)
 
 OBJCOPYFLAGS_wakeup.bin := -O binary
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
index e4ea362e8480..bf9290e29013 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -1192,19 +1192,6 @@ static int suspend(int vetoable)
         int err;
         struct apm_user *as;
 
-        if (pm_send_all(PM_SUSPEND, (void *)3)) {
-                /* Vetoed */
-                if (vetoable) {
-                        if (apm_info.connection_version > 0x100)
-                                set_system_power_state(APM_STATE_REJECT);
-                        err = -EBUSY;
-                        ignore_sys_suspend = 0;
-                        printk(KERN_WARNING "apm: suspend was vetoed.\n");
-                        goto out;
-                }
-                printk(KERN_CRIT "apm: suspend was vetoed, but suspending anyway.\n");
-        }
-
         device_suspend(PMSG_SUSPEND);
         local_irq_disable();
         device_power_down(PMSG_SUSPEND);
@@ -1227,9 +1214,7 @@ static int suspend(int vetoable)
         device_power_up();
         local_irq_enable();
         device_resume();
-        pm_send_all(PM_RESUME, (void *)0);
         queue_event(APM_NORMAL_RESUME, NULL);
- out:
         spin_lock(&user_list_lock);
         for (as = user_list; as != NULL; as = as->next) {
                 as->suspend_wait = 0;
@@ -1340,7 +1325,6 @@ static void check_events(void)
                         if ((event != APM_NORMAL_RESUME)
                             || (ignore_normal_resume == 0)) {
                                 device_resume();
-                                pm_send_all(PM_RESUME, (void *)0);
                                 queue_event(event, NULL);
                         }
                         ignore_normal_resume = 0;
diff --git a/arch/x86/kernel/genapic_64.c b/arch/x86/kernel/genapic_64.c
index 021624c83583..cbaaf69bedb2 100644
--- a/arch/x86/kernel/genapic_64.c
+++ b/arch/x86/kernel/genapic_64.c
@@ -83,7 +83,7 @@ unsigned int read_apic_id(void)
 {
         unsigned int id;
 
-        WARN_ON(preemptible());
+        WARN_ON(preemptible() && num_online_cpus() > 1);
         id = apic_read(APIC_ID);
         if (uv_system_type >= UV_X2APIC)
                 id  |= __get_cpu_var(x2apic_extra_bits);
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index 90f038af3adc..b2cc73768a9d 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -656,15 +656,16 @@ int_msg:
         .asciz "Unknown interrupt or fault at EIP %p %p %p\n"
 
 fault_msg:
-        .asciz                                                          \
-/* fault info: */       "BUG: Int %d: CR2 %p\n"                         \
-/* pusha regs: */       "     EDI %p  ESI %p  EBP %p  ESP %p\n"         \
-                        "     EBX %p  EDX %p  ECX %p  EAX %p\n"         \
-/* fault frame: */      "     err %p  EIP %p   CS %p  flg %p\n"         \
-                                                                        \
-                        "Stack: %p %p %p %p %p %p %p %p\n"              \
-                        "       %p %p %p %p %p %p %p %p\n"              \
-                        "       %p %p %p %p %p %p %p %p\n"
+/* fault info: */
+        .ascii "BUG: Int %d: CR2 %p\n"
+/* pusha regs: */
+        .ascii "     EDI %p  ESI %p  EBP %p  ESP %p\n"
+        .ascii "     EBX %p  EDX %p  ECX %p  EAX %p\n"
+/* fault frame: */
+        .ascii "     err %p  EIP %p   CS %p  flg %p\n"
+        .ascii "Stack: %p %p %p %p %p %p %p %p\n"
+        .ascii "       %p %p %p %p %p %p %p %p\n"
+        .asciz "       %p %p %p %p %p %p %p %p\n"
 
 #include "../../x86/xen/xen-head.S"
 
diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
index 9007f9ea64ee..9b5cfcdfc426 100644
--- a/arch/x86/kernel/hpet.c
+++ b/arch/x86/kernel/hpet.c
@@ -137,9 +137,10 @@ static void hpet_reserve_platform_timers(unsigned long id)
         hd.hd_irq[0] = HPET_LEGACY_8254;
         hd.hd_irq[1] = HPET_LEGACY_RTC;
 
-        for (i = 2; i < nrtimers; timer++, i++)
-                hd.hd_irq[i] = (timer->hpet_config & Tn_INT_ROUTE_CNF_MASK) >>
+        for (i = 2; i < nrtimers; timer++, i++) {
+                hd.hd_irq[i] = (readl(&timer->hpet_config) & Tn_INT_ROUTE_CNF_MASK) >>
                         Tn_INT_ROUTE_CNF_SHIFT;
+        }
 
         hpet_alloc(&hd);
 
diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
index ddee04043aeb..4bc1be5d5472 100644
--- a/arch/x86/kernel/kvmclock.c
+++ b/arch/x86/kernel/kvmclock.c
@@ -133,6 +133,7 @@ static int kvm_register_clock(void)
         return native_write_msr_safe(MSR_KVM_SYSTEM_TIME, low, high);
 }
 
+#ifdef CONFIG_X86_LOCAL_APIC
 static void kvm_setup_secondary_clock(void)
 {
         /*
@@ -143,6 +144,7 @@ static void kvm_setup_secondary_clock(void)
         /* ok, done with our trickery, call native */
         setup_secondary_APIC_clock();
 }
+#endif
 
 /*
  * After the clock is registered, the host will keep writing to the
@@ -177,7 +179,9 @@ void __init kvmclock_init(void)
                 pv_time_ops.get_wallclock = kvm_get_wallclock;
                 pv_time_ops.set_wallclock = kvm_set_wallclock;
                 pv_time_ops.sched_clock = kvm_clock_read;
+#ifdef CONFIG_X86_LOCAL_APIC
                 pv_apic_ops.setup_secondary_clock = kvm_setup_secondary_clock;
+#endif
                 machine_ops.shutdown  = kvm_shutdown;
 #ifdef CONFIG_KEXEC
                 machine_ops.crash_shutdown  = kvm_crash_shutdown;
diff --git a/arch/x86/kernel/mpparse.c b/arch/x86/kernel/mpparse.c
index 3e2c54dc8b29..404683b94e79 100644
--- a/arch/x86/kernel/mpparse.c
+++ b/arch/x86/kernel/mpparse.c
@@ -794,6 +794,11 @@ void __init find_smp_config(void)
                             ACPI-based MP Configuration
    -------------------------------------------------------------------------- */
 
+/*
+ * Keep this outside and initialized to 0, for !CONFIG_ACPI builds:
+ */
+int es7000_plat;
+
 #ifdef CONFIG_ACPI
 
 #ifdef  CONFIG_X86_IO_APIC
@@ -909,8 +914,6 @@ void __init mp_override_legacy_irq(u8 bus_irq, u8 polarity, u8 trigger, u32 gsi)
         MP_intsrc_info(&intsrc);
 }
 
-int es7000_plat;
-
 void __init mp_config_acpi_legacy_irqs(void)
 {
         struct mpc_config_intsrc intsrc;
diff --git a/arch/x86/kernel/pci-dma.c b/arch/x86/kernel/pci-dma.c
index 388b113a7d88..0c37f16b6950 100644
--- a/arch/x86/kernel/pci-dma.c
+++ b/arch/x86/kernel/pci-dma.c
@@ -14,7 +14,7 @@ EXPORT_SYMBOL(forbid_dac);
 const struct dma_mapping_ops *dma_ops;
 EXPORT_SYMBOL(dma_ops);
 
-int iommu_sac_force __read_mostly = 0;
+static int iommu_sac_force __read_mostly;
 
 #ifdef CONFIG_IOMMU_DEBUG
 int panic_on_overflow __read_mostly = 1;
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index a4a838306b2c..f6be7d5f82f8 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -9,6 +9,7 @@
 #include <asm/desc.h>
 #include <asm/hpet.h>
 #include <asm/pgtable.h>
+#include <asm/proto.h>
 #include <asm/reboot_fixups.h>
 #include <asm/reboot.h>
 
@@ -148,7 +149,6 @@ static struct dmi_system_id __initdata reboot_dmi_table[] = {
                 .matches = {
                         DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
                         DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 745"),
-                        DMI_MATCH(DMI_BOARD_NAME, "0WF810"),
                 },
         },
         {       /* Handle problems with rebooting on Dell Optiplex 745's DFF*/
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index c0c68c18a788..cc6f5eb20b24 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -95,7 +95,7 @@ void __init setup_per_cpu_areas(void)
 
         /* Copy section for each CPU (we discard the original) */
         size = PERCPU_ENOUGH_ROOM;
-        printk(KERN_INFO "PERCPU: Allocating %lu bytes of per cpu data\n",
+        printk(KERN_INFO "PERCPU: Allocating %zd bytes of per cpu data\n",
                           size);
 
         for_each_possible_cpu(i) {
diff --git a/arch/x86/kernel/signal_32.c b/arch/x86/kernel/signal_32.c
index 8e05e7f7bd40..d92373630963 100644
--- a/arch/x86/kernel/signal_32.c
+++ b/arch/x86/kernel/signal_32.c
@@ -57,7 +57,7 @@ sys_sigsuspend(int history0, int history1, old_sigset_t mask)
 
         current->state = TASK_INTERRUPTIBLE;
         schedule();
-        set_thread_flag(TIF_RESTORE_SIGMASK);
+        set_restore_sigmask();
 
         return -ERESTARTNOHAND;
 }
@@ -593,7 +593,7 @@ static void do_signal(struct pt_regs *regs)
         if (!user_mode(regs))
                 return;
 
-        if (test_thread_flag(TIF_RESTORE_SIGMASK))
+        if (current_thread_info()->status & TS_RESTORE_SIGMASK)
                 oldset = &current->saved_sigmask;
         else
                 oldset = &current->blocked;
@@ -612,13 +612,12 @@ static void do_signal(struct pt_regs *regs)
                 /* Whee! Actually deliver the signal.  */
                 if (handle_signal(signr, &info, &ka, oldset, regs) == 0) {
                         /*
-                         * a signal was successfully delivered; the saved
+                         * A signal was successfully delivered; the saved
                          * sigmask will have been stored in the signal frame,
                          * and will be restored by sigreturn, so we can simply
-                         * clear the TIF_RESTORE_SIGMASK flag
+                         * clear the TS_RESTORE_SIGMASK flag.
                          */
-                        if (test_thread_flag(TIF_RESTORE_SIGMASK))
-                                clear_thread_flag(TIF_RESTORE_SIGMASK);
+                        current_thread_info()->status &= ~TS_RESTORE_SIGMASK;
                 }
                 return;
         }
@@ -645,8 +644,8 @@ static void do_signal(struct pt_regs *regs)
          * If there's no signal to deliver, we just put the saved sigmask
          * back.
          */
-        if (test_thread_flag(TIF_RESTORE_SIGMASK)) {
-                clear_thread_flag(TIF_RESTORE_SIGMASK);
+        if (current_thread_info()->status & TS_RESTORE_SIGMASK) {
+                current_thread_info()->status &= ~TS_RESTORE_SIGMASK;
                 sigprocmask(SIG_SETMASK, &current->saved_sigmask, NULL);
         }
 }
@@ -665,7 +664,7 @@ do_notify_resume(struct pt_regs *regs, void *unused, __u32 thread_info_flags)
         }
 
         /* deal with pending signal delivery */
-        if (thread_info_flags & (_TIF_SIGPENDING | _TIF_RESTORE_SIGMASK))
+        if (thread_info_flags & _TIF_SIGPENDING)
                 do_signal(regs);
 
         if (thread_info_flags & _TIF_HRTICK_RESCHED)
diff --git a/arch/x86/kernel/signal_64.c b/arch/x86/kernel/signal_64.c
index ccb2a4560c2d..e53b267662e7 100644
--- a/arch/x86/kernel/signal_64.c
+++ b/arch/x86/kernel/signal_64.c
@@ -427,7 +427,7 @@ static void do_signal(struct pt_regs *regs)
         if (!user_mode(regs))
                 return;
 
-        if (test_thread_flag(TIF_RESTORE_SIGMASK))
+        if (current_thread_info()->status & TS_RESTORE_SIGMASK)
                 oldset = &current->saved_sigmask;
         else
                 oldset = &current->blocked;
@@ -444,11 +444,13 @@ static void do_signal(struct pt_regs *regs)
 
                 /* Whee!  Actually deliver the signal.  */
                 if (handle_signal(signr, &info, &ka, oldset, regs) == 0) {
-                        /* a signal was successfully delivered; the saved
+                        /*
+                         * A signal was successfully delivered; the saved
                          * sigmask will have been stored in the signal frame,
                          * and will be restored by sigreturn, so we can simply
-                         * clear the TIF_RESTORE_SIGMASK flag */
-                        clear_thread_flag(TIF_RESTORE_SIGMASK);
+                         * clear the TS_RESTORE_SIGMASK flag.
+                         */
+                        current_thread_info()->status &= ~TS_RESTORE_SIGMASK;
                 }
                 return;
         }
@@ -476,8 +478,8 @@ static void do_signal(struct pt_regs *regs)
          * If there's no signal to deliver, we just put the saved sigmask
          * back.
          */
-        if (test_thread_flag(TIF_RESTORE_SIGMASK)) {
-                clear_thread_flag(TIF_RESTORE_SIGMASK);
+        if (current_thread_info()->status & TS_RESTORE_SIGMASK) {
+                current_thread_info()->status &= ~TS_RESTORE_SIGMASK;
                 sigprocmask(SIG_SETMASK, &current->saved_sigmask, NULL);
         }
 }
@@ -498,7 +500,7 @@ void do_notify_resume(struct pt_regs *regs, void *unused,
 #endif /* CONFIG_X86_MCE */
 
         /* deal with pending signal delivery */
-        if (thread_info_flags & (_TIF_SIGPENDING | _TIF_RESTORE_SIGMASK))
+        if (thread_info_flags & _TIF_SIGPENDING)
                 do_signal(regs);
 
         if (thread_info_flags & _TIF_HRTICK_RESCHED)
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 84241a256dc8..6b087ab6cd8f 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -299,7 +299,7 @@ static void __cpuinit smp_callin(void)
 /*
  * Activate a secondary processor.
  */
-void __cpuinit start_secondary(void *unused)
+static void __cpuinit start_secondary(void *unused)
 {
         /*
          * Don't put *anything* before cpu_init(), SMP booting is too
@@ -1306,7 +1306,7 @@ static void remove_siblinginfo(int cpu)
         cpu_clear(cpu, cpu_sibling_setup_map);
 }
 
-int additional_cpus __initdata = -1;
+static int additional_cpus __initdata = -1;
 
 static __init int setup_additional_cpus(char *s)
 {
diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c
index a86d26f036e1..d2ab52cc1d6b 100644
--- a/arch/x86/kernel/sys_i386_32.c
+++ b/arch/x86/kernel/sys_i386_32.c
@@ -22,23 +22,6 @@
 #include <asm/uaccess.h>
 #include <asm/unistd.h>
 
-/*
- * sys_pipe() is the normal C calling standard for creating
- * a pipe. It's not the way Unix traditionally does this, though.
- */
-asmlinkage int sys_pipe(unsigned long __user * fildes)
-{
-        int fd[2];
-        int error;
-
-        error = do_pipe(fd);
-        if (!error) {
-                if (copy_to_user(fildes, fd, 2*sizeof(int)))
-                        error = -EFAULT;
-        }
-        return error;
-}
-
 asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
                           unsigned long prot, unsigned long flags,
                           unsigned long fd, unsigned long pgoff)
diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
index bd802a5e1aa3..3b360ef33817 100644
--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
@@ -17,23 +17,6 @@
 #include <asm/uaccess.h>
 #include <asm/ia32.h>
 
-/*
- * sys_pipe() is the normal C calling standard for creating
- * a pipe. It's not the way Unix traditionally does this, though.
- */
-asmlinkage long sys_pipe(int __user *fildes)
-{
-        int fd[2];
-        int error;
-
-        error = do_pipe(fd);
-        if (!error) {
-                if (copy_to_user(fildes, fd, 2*sizeof(int)))
-                        error = -EFAULT;
-        }
-        return error;
-}
-
 asmlinkage long sys_mmap(unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags,
         unsigned long fd, unsigned long off)
 {
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index 361e31611276..3324d90038e4 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -35,7 +35,7 @@
 #include "i8254.h"
 
 #ifndef CONFIG_X86_64
-#define mod_64(x, y) ((x) - (y) * div64_64(x, y))
+#define mod_64(x, y) ((x) - (y) * div64_u64(x, y))
 #else
 #define mod_64(x, y) ((x) % (y))
 #endif
@@ -60,8 +60,8 @@ static u64 muldiv64(u64 a, u32 b, u32 c)
         rl = (u64)u.l.low * (u64)b;
         rh = (u64)u.l.high * (u64)b;
         rh += (rl >> 32);
-        res.l.high = div64_64(rh, c);
-        res.l.low = div64_64(((mod_64(rh, c) << 32) + (rl & 0xffffffff)), c);
+        res.l.high = div64_u64(rh, c);
+        res.l.low = div64_u64(((mod_64(rh, c) << 32) + (rl & 0xffffffff)), c);
         return res.ll;
 }
 
@@ -288,6 +288,8 @@ static void pit_load_count(struct kvm *kvm, int channel, u32 val)
          * mode 1 is one shot, mode 2 is period, otherwise del timer */
         switch (ps->channels[0].mode) {
         case 1:
+        /* FIXME: enhance mode 4 precision */
+        case 4:
                 create_pit_timer(&ps->pit_timer, val, 0);
                 break;
         case 2:
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 57ac4e4c556a..36809d79788b 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -25,13 +25,13 @@
 #include <linux/hrtimer.h>
 #include <linux/io.h>
 #include <linux/module.h>
+#include <linux/math64.h>
 #include <asm/processor.h>
 #include <asm/msr.h>
 #include <asm/page.h>
 #include <asm/current.h>
 #include <asm/apicdef.h>
 #include <asm/atomic.h>
-#include <asm/div64.h>
 #include "irq.h"
 
 #define PRId64 "d"
@@ -526,8 +526,8 @@ static u32 apic_get_tmcct(struct kvm_lapic *apic)
         } else
                 passed = ktime_sub(now, apic->timer.last_update);
 
-        counter_passed = div64_64(ktime_to_ns(passed),
-                                  (APIC_BUS_CYCLE_NS * apic->timer.divide_count));
+        counter_passed = div64_u64(ktime_to_ns(passed),
+                                   (APIC_BUS_CYCLE_NS * apic->timer.divide_count));
 
         if (counter_passed > tmcct) {
                 if (unlikely(!apic_lvtt_period(apic))) {
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 2ad6f5481671..36c5406b1813 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -79,36 +79,6 @@ static int dbg = 1;
         }
 #endif
 
-#define PT64_PT_BITS 9
-#define PT64_ENT_PER_PAGE (1 << PT64_PT_BITS)
-#define PT32_PT_BITS 10
-#define PT32_ENT_PER_PAGE (1 << PT32_PT_BITS)
-
-#define PT_WRITABLE_SHIFT 1
-
-#define PT_PRESENT_MASK (1ULL << 0)
-#define PT_WRITABLE_MASK (1ULL << PT_WRITABLE_SHIFT)
-#define PT_USER_MASK (1ULL << 2)
-#define PT_PWT_MASK (1ULL << 3)
-#define PT_PCD_MASK (1ULL << 4)
-#define PT_ACCESSED_MASK (1ULL << 5)
-#define PT_DIRTY_MASK (1ULL << 6)
-#define PT_PAGE_SIZE_MASK (1ULL << 7)
-#define PT_PAT_MASK (1ULL << 7)
-#define PT_GLOBAL_MASK (1ULL << 8)
-#define PT64_NX_SHIFT 63
-#define PT64_NX_MASK (1ULL << PT64_NX_SHIFT)
-
-#define PT_PAT_SHIFT 7
-#define PT_DIR_PAT_SHIFT 12
-#define PT_DIR_PAT_MASK (1ULL << PT_DIR_PAT_SHIFT)
-
-#define PT32_DIR_PSE36_SIZE 4
-#define PT32_DIR_PSE36_SHIFT 13
-#define PT32_DIR_PSE36_MASK \
-        (((1ULL << PT32_DIR_PSE36_SIZE) - 1) << PT32_DIR_PSE36_SHIFT)
-
-
 #define PT_FIRST_AVAIL_BITS_SHIFT 9
 #define PT64_SECOND_AVAIL_BITS_SHIFT 52
 
@@ -154,10 +124,6 @@ static int dbg = 1;
 #define PFERR_USER_MASK (1U << 2)
 #define PFERR_FETCH_MASK (1U << 4)
 
-#define PT64_ROOT_LEVEL 4
-#define PT32_ROOT_LEVEL 2
-#define PT32E_ROOT_LEVEL 3
-
 #define PT_DIRECTORY_LEVEL 2
 #define PT_PAGE_TABLE_LEVEL 1
 
@@ -186,6 +152,12 @@ static struct kmem_cache *mmu_page_header_cache;
 
 static u64 __read_mostly shadow_trap_nonpresent_pte;
 static u64 __read_mostly shadow_notrap_nonpresent_pte;
+static u64 __read_mostly shadow_base_present_pte;
+static u64 __read_mostly shadow_nx_mask;
+static u64 __read_mostly shadow_x_mask; /* mutual exclusive with nx_mask */
+static u64 __read_mostly shadow_user_mask;
+static u64 __read_mostly shadow_accessed_mask;
+static u64 __read_mostly shadow_dirty_mask;
 
 void kvm_mmu_set_nonpresent_ptes(u64 trap_pte, u64 notrap_pte)
 {
@@ -194,6 +166,23 @@ void kvm_mmu_set_nonpresent_ptes(u64 trap_pte, u64 notrap_pte)
 }
 EXPORT_SYMBOL_GPL(kvm_mmu_set_nonpresent_ptes);
 
+void kvm_mmu_set_base_ptes(u64 base_pte)
+{
+        shadow_base_present_pte = base_pte;
+}
+EXPORT_SYMBOL_GPL(kvm_mmu_set_base_ptes);
+
+void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask,
+                u64 dirty_mask, u64 nx_mask, u64 x_mask)
+{
+        shadow_user_mask = user_mask;
+        shadow_accessed_mask = accessed_mask;
+        shadow_dirty_mask = dirty_mask;
+        shadow_nx_mask = nx_mask;
+        shadow_x_mask = x_mask;
+}
+EXPORT_SYMBOL_GPL(kvm_mmu_set_mask_ptes);
+
 static int is_write_protection(struct kvm_vcpu *vcpu)
 {
         return vcpu->arch.cr0 & X86_CR0_WP;
@@ -232,7 +221,7 @@ static int is_writeble_pte(unsigned long pte)
 
 static int is_dirty_pte(unsigned long pte)
 {
-        return pte & PT_DIRTY_MASK;
+        return pte & shadow_dirty_mask;
 }
 
 static int is_rmap_pte(u64 pte)
@@ -387,7 +376,6 @@ static void account_shadowed(struct kvm *kvm, gfn_t gfn)
 
         write_count = slot_largepage_idx(gfn, gfn_to_memslot(kvm, gfn));
         *write_count += 1;
-        WARN_ON(*write_count > KVM_PAGES_PER_HPAGE);
 }
 
 static void unaccount_shadowed(struct kvm *kvm, gfn_t gfn)
@@ -547,7 +535,7 @@ static void rmap_remove(struct kvm *kvm, u64 *spte)
                 return;
         sp = page_header(__pa(spte));
         pfn = spte_to_pfn(*spte);
-        if (*spte & PT_ACCESSED_MASK)
+        if (*spte & shadow_accessed_mask)
                 kvm_set_pfn_accessed(pfn);
         if (is_writeble_pte(*spte))
                 kvm_release_pfn_dirty(pfn);
@@ -1073,17 +1061,17 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
          * whether the guest actually used the pte (in order to detect
          * demand paging).
          */
-        spte = PT_PRESENT_MASK | PT_DIRTY_MASK;
+        spte = shadow_base_present_pte | shadow_dirty_mask;
         if (!speculative)
                 pte_access |= PT_ACCESSED_MASK;
         if (!dirty)
                 pte_access &= ~ACC_WRITE_MASK;
-        if (!(pte_access & ACC_EXEC_MASK))
-                spte |= PT64_NX_MASK;
-
-        spte |= PT_PRESENT_MASK;
+        if (pte_access & ACC_EXEC_MASK)
+                spte |= shadow_x_mask;
+        else
+                spte |= shadow_nx_mask;
         if (pte_access & ACC_USER_MASK)
-                spte |= PT_USER_MASK;
+                spte |= shadow_user_mask;
         if (largepage)
                 spte |= PT_PAGE_SIZE_MASK;
 
@@ -1188,8 +1176,9 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
                                 return -ENOMEM;
                         }
 
-                        table[index] = __pa(new_table->spt) | PT_PRESENT_MASK
-                                | PT_WRITABLE_MASK | PT_USER_MASK;
+                        table[index] = __pa(new_table->spt)
+                                | PT_PRESENT_MASK | PT_WRITABLE_MASK
+                                | shadow_user_mask | shadow_x_mask;
                 }
                 table_addr = table[index] & PT64_BASE_ADDR_MASK;
         }
@@ -1244,7 +1233,6 @@ static void mmu_free_roots(struct kvm_vcpu *vcpu)
         if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
                 return;
         spin_lock(&vcpu->kvm->mmu_lock);
-#ifdef CONFIG_X86_64
         if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
                 hpa_t root = vcpu->arch.mmu.root_hpa;
 
@@ -1256,7 +1244,6 @@ static void mmu_free_roots(struct kvm_vcpu *vcpu)
                 spin_unlock(&vcpu->kvm->mmu_lock);
                 return;
         }
-#endif
         for (i = 0; i < 4; ++i) {
                 hpa_t root = vcpu->arch.mmu.pae_root[i];
 
@@ -1282,7 +1269,6 @@ static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
 
         root_gfn = vcpu->arch.cr3 >> PAGE_SHIFT;
 
-#ifdef CONFIG_X86_64
         if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
                 hpa_t root = vcpu->arch.mmu.root_hpa;
 
@@ -1297,7 +1283,6 @@ static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
                 vcpu->arch.mmu.root_hpa = root;
                 return;
         }
-#endif
         metaphysical = !is_paging(vcpu);
         if (tdp_enabled)
                 metaphysical = 1;
@@ -1377,7 +1362,7 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa,
         spin_lock(&vcpu->kvm->mmu_lock);
         kvm_mmu_free_some_pages(vcpu);
         r = __direct_map(vcpu, gpa, error_code & PFERR_WRITE_MASK,
-                         largepage, gfn, pfn, TDP_ROOT_LEVEL);
+                         largepage, gfn, pfn, kvm_x86_ops->get_tdp_level());
         spin_unlock(&vcpu->kvm->mmu_lock);
 
         return r;
@@ -1484,7 +1469,7 @@ static int init_kvm_tdp_mmu(struct kvm_vcpu *vcpu)
         context->page_fault = tdp_page_fault;
         context->free = nonpaging_free;
         context->prefetch_page = nonpaging_prefetch_page;
-        context->shadow_root_level = TDP_ROOT_LEVEL;
+        context->shadow_root_level = kvm_x86_ops->get_tdp_level();
         context->root_hpa = INVALID_PAGE;
 
         if (!is_paging(vcpu)) {
@@ -1633,7 +1618,7 @@ static bool last_updated_pte_accessed(struct kvm_vcpu *vcpu)
 {
         u64 *spte = vcpu->arch.last_pte_updated;
 
-        return !!(spte && (*spte & PT_ACCESSED_MASK));
+        return !!(spte && (*spte & shadow_accessed_mask));
 }
 
 static void mmu_guess_page_from_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index e64e9f56a65e..1730757bbc7a 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -3,11 +3,38 @@
 
 #include <linux/kvm_host.h>
 
-#ifdef CONFIG_X86_64
-#define TDP_ROOT_LEVEL PT64_ROOT_LEVEL
-#else
-#define TDP_ROOT_LEVEL PT32E_ROOT_LEVEL
-#endif
+#define PT64_PT_BITS 9
+#define PT64_ENT_PER_PAGE (1 << PT64_PT_BITS)
+#define PT32_PT_BITS 10
+#define PT32_ENT_PER_PAGE (1 << PT32_PT_BITS)
+
+#define PT_WRITABLE_SHIFT 1
+
+#define PT_PRESENT_MASK (1ULL << 0)
+#define PT_WRITABLE_MASK (1ULL << PT_WRITABLE_SHIFT)
+#define PT_USER_MASK (1ULL << 2)
+#define PT_PWT_MASK (1ULL << 3)
+#define PT_PCD_MASK (1ULL << 4)
+#define PT_ACCESSED_MASK (1ULL << 5)
+#define PT_DIRTY_MASK (1ULL << 6)
+#define PT_PAGE_SIZE_MASK (1ULL << 7)
+#define PT_PAT_MASK (1ULL << 7)
+#define PT_GLOBAL_MASK (1ULL << 8)
+#define PT64_NX_SHIFT 63
+#define PT64_NX_MASK (1ULL << PT64_NX_SHIFT)
+
+#define PT_PAT_SHIFT 7
+#define PT_DIR_PAT_SHIFT 12
+#define PT_DIR_PAT_MASK (1ULL << PT_DIR_PAT_SHIFT)
+
+#define PT32_DIR_PSE36_SIZE 4
+#define PT32_DIR_PSE36_SHIFT 13
+#define PT32_DIR_PSE36_MASK \
+        (((1ULL << PT32_DIR_PSE36_SIZE) - 1) << PT32_DIR_PSE36_SHIFT)
+
+#define PT64_ROOT_LEVEL 4
+#define PT32_ROOT_LEVEL 2
+#define PT32E_ROOT_LEVEL 3
 
 static inline void kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
 {
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 89e0be2c10d0..ab22615eee89 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1863,6 +1863,15 @@ static bool svm_cpu_has_accelerated_tpr(void)
         return false;
 }
 
+static int get_npt_level(void)
+{
+#ifdef CONFIG_X86_64
+        return PT64_ROOT_LEVEL;
+#else
+        return PT32E_ROOT_LEVEL;
+#endif
+}
+
 static struct kvm_x86_ops svm_x86_ops = {
         .cpu_has_kvm_support = has_svm,
         .disabled_by_bios = is_disabled,
@@ -1920,6 +1929,7 @@ static struct kvm_x86_ops svm_x86_ops = {
         .inject_pending_vectors = do_interrupt_requests,
 
         .set_tss_addr = svm_set_tss_addr,
+        .get_tdp_level = get_npt_level,
 };
 
 static int __init svm_init(void)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 8e5d6645b90d..bfe4db11989c 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -42,6 +42,9 @@ module_param(enable_vpid, bool, 0);
 static int flexpriority_enabled = 1;
 module_param(flexpriority_enabled, bool, 0);
 
+static int enable_ept = 1;
+module_param(enable_ept, bool, 0);
+
 struct vmcs {
         u32 revision_id;
         u32 abort;
@@ -84,7 +87,7 @@ static inline struct vcpu_vmx *to_vmx(struct kvm_vcpu *vcpu)
         return container_of(vcpu, struct vcpu_vmx, vcpu);
 }
 
-static int init_rmode_tss(struct kvm *kvm);
+static int init_rmode(struct kvm *kvm);
 
 static DEFINE_PER_CPU(struct vmcs *, vmxarea);
 static DEFINE_PER_CPU(struct vmcs *, current_vmcs);
@@ -107,6 +110,11 @@ static struct vmcs_config {
         u32 vmentry_ctrl;
 } vmcs_config;
 
+struct vmx_capability {
+        u32 ept;
+        u32 vpid;
+} vmx_capability;
+
 #define VMX_SEGMENT_FIELD(seg)                                  \
         [VCPU_SREG_##seg] = {                                   \
                 .selector = GUEST_##seg##_SELECTOR,             \
@@ -214,6 +222,32 @@ static inline bool cpu_has_vmx_virtualize_apic_accesses(void)
                     SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES);
 }
 
+static inline int cpu_has_vmx_invept_individual_addr(void)
+{
+        return (!!(vmx_capability.ept & VMX_EPT_EXTENT_INDIVIDUAL_BIT));
+}
+
+static inline int cpu_has_vmx_invept_context(void)
+{
+        return (!!(vmx_capability.ept & VMX_EPT_EXTENT_CONTEXT_BIT));
+}
+
+static inline int cpu_has_vmx_invept_global(void)
+{
+        return (!!(vmx_capability.ept & VMX_EPT_EXTENT_GLOBAL_BIT));
+}
+
+static inline int cpu_has_vmx_ept(void)
+{
+        return (vmcs_config.cpu_based_2nd_exec_ctrl &
+                SECONDARY_EXEC_ENABLE_EPT);
+}
+
+static inline int vm_need_ept(void)
+{
+        return (cpu_has_vmx_ept() && enable_ept);
+}
+
 static inline int vm_need_virtualize_apic_accesses(struct kvm *kvm)
 {
         return ((cpu_has_vmx_virtualize_apic_accesses()) &&
@@ -250,6 +284,18 @@ static inline void __invvpid(int ext, u16 vpid, gva_t gva)
                   : : "a"(&operand), "c"(ext) : "cc", "memory");
 }
 
+static inline void __invept(int ext, u64 eptp, gpa_t gpa)
+{
+        struct {
+                u64 eptp, gpa;
+        } operand = {eptp, gpa};
+
+        asm volatile (ASM_VMX_INVEPT
+                        /* CF==1 or ZF==1 --> rc = -1 */
+                        "; ja 1f ; ud2 ; 1:\n"
+                        : : "a" (&operand), "c" (ext) : "cc", "memory");
+}
+
 static struct kvm_msr_entry *find_msr_entry(struct vcpu_vmx *vmx, u32 msr)
 {
         int i;
@@ -301,6 +347,33 @@ static inline void vpid_sync_vcpu_all(struct vcpu_vmx *vmx)
         __invvpid(VMX_VPID_EXTENT_SINGLE_CONTEXT, vmx->vpid, 0);
 }
 
+static inline void ept_sync_global(void)
+{
+        if (cpu_has_vmx_invept_global())
+                __invept(VMX_EPT_EXTENT_GLOBAL, 0, 0);
+}
+
+static inline void ept_sync_context(u64 eptp)
+{
+        if (vm_need_ept()) {
+                if (cpu_has_vmx_invept_context())
+                        __invept(VMX_EPT_EXTENT_CONTEXT, eptp, 0);
+                else
+                        ept_sync_global();
+        }
+}
+
+static inline void ept_sync_individual_addr(u64 eptp, gpa_t gpa)
+{
+        if (vm_need_ept()) {
+                if (cpu_has_vmx_invept_individual_addr())
+                        __invept(VMX_EPT_EXTENT_INDIVIDUAL_ADDR,
+                                        eptp, gpa);
+                else
+                        ept_sync_context(eptp);
+        }
+}
+
 static unsigned long vmcs_readl(unsigned long field)
 {
         unsigned long value;
@@ -388,6 +461,8 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
                 eb |= 1u << 1;
         if (vcpu->arch.rmode.active)
                 eb = ~0;
+        if (vm_need_ept())
+                eb &= ~(1u << PF_VECTOR); /* bypass_guest_pf = 0 */
         vmcs_write32(EXCEPTION_BITMAP, eb);
 }
 
@@ -985,7 +1060,7 @@ static __init int adjust_vmx_controls(u32 ctl_min, u32 ctl_opt,
 static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
 {
         u32 vmx_msr_low, vmx_msr_high;
-        u32 min, opt;
+        u32 min, opt, min2, opt2;
         u32 _pin_based_exec_control = 0;
         u32 _cpu_based_exec_control = 0;
         u32 _cpu_based_2nd_exec_control = 0;
@@ -1003,6 +1078,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
               CPU_BASED_CR8_LOAD_EXITING |
               CPU_BASED_CR8_STORE_EXITING |
 #endif
+              CPU_BASED_CR3_LOAD_EXITING |
+              CPU_BASED_CR3_STORE_EXITING |
               CPU_BASED_USE_IO_BITMAPS |
               CPU_BASED_MOV_DR_EXITING |
               CPU_BASED_USE_TSC_OFFSETING;
@@ -1018,11 +1095,13 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
                                            ~CPU_BASED_CR8_STORE_EXITING;
 #endif
         if (_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) {
-                min = 0;
-                opt = SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
+                min2 = 0;
+                opt2 = SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
                         SECONDARY_EXEC_WBINVD_EXITING |
-                        SECONDARY_EXEC_ENABLE_VPID;
-                if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS2,
+                        SECONDARY_EXEC_ENABLE_VPID |
+                        SECONDARY_EXEC_ENABLE_EPT;
+                if (adjust_vmx_controls(min2, opt2,
+                                        MSR_IA32_VMX_PROCBASED_CTLS2,
                                         &_cpu_based_2nd_exec_control) < 0)
                         return -EIO;
         }
@@ -1031,6 +1110,16 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
                                 SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES))
                 _cpu_based_exec_control &= ~CPU_BASED_TPR_SHADOW;
 #endif
+        if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) {
+                /* CR3 accesses don't need to cause VM Exits when EPT enabled */
+                min &= ~(CPU_BASED_CR3_LOAD_EXITING |
+                         CPU_BASED_CR3_STORE_EXITING);
+                if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS,
+                                        &_cpu_based_exec_control) < 0)
+                        return -EIO;
+                rdmsr(MSR_IA32_VMX_EPT_VPID_CAP,
+                      vmx_capability.ept, vmx_capability.vpid);
+        }
 
         min = 0;
 #ifdef CONFIG_X86_64
@@ -1256,7 +1345,7 @@ static void enter_rmode(struct kvm_vcpu *vcpu)
         fix_rmode_seg(VCPU_SREG_FS, &vcpu->arch.rmode.fs);
 
         kvm_mmu_reset_context(vcpu);
-        init_rmode_tss(vcpu->kvm);
+        init_rmode(vcpu->kvm);
 }
 
 #ifdef CONFIG_X86_64
@@ -1304,8 +1393,64 @@ static void vmx_decache_cr4_guest_bits(struct kvm_vcpu *vcpu)
         vcpu->arch.cr4 |= vmcs_readl(GUEST_CR4) & ~KVM_GUEST_CR4_MASK;
 }
 
+static void ept_load_pdptrs(struct kvm_vcpu *vcpu)
+{
+        if (is_paging(vcpu) && is_pae(vcpu) && !is_long_mode(vcpu)) {
+                if (!load_pdptrs(vcpu, vcpu->arch.cr3)) {
+                        printk(KERN_ERR "EPT: Fail to load pdptrs!\n");
+                        return;
+                }
+                vmcs_write64(GUEST_PDPTR0, vcpu->arch.pdptrs[0]);
+                vmcs_write64(GUEST_PDPTR1, vcpu->arch.pdptrs[1]);
+                vmcs_write64(GUEST_PDPTR2, vcpu->arch.pdptrs[2]);
+                vmcs_write64(GUEST_PDPTR3, vcpu->arch.pdptrs[3]);
+        }
+}
+
+static void vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4);
+
+static void ept_update_paging_mode_cr0(unsigned long *hw_cr0,
+                                        unsigned long cr0,
+                                        struct kvm_vcpu *vcpu)
+{
+        if (!(cr0 & X86_CR0_PG)) {
+                /* From paging/starting to nonpaging */
+                vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
+                             vmcs_config.cpu_based_exec_ctrl |
+                             (CPU_BASED_CR3_LOAD_EXITING |
+                              CPU_BASED_CR3_STORE_EXITING));
+                vcpu->arch.cr0 = cr0;
+                vmx_set_cr4(vcpu, vcpu->arch.cr4);
+                *hw_cr0 |= X86_CR0_PE | X86_CR0_PG;
+                *hw_cr0 &= ~X86_CR0_WP;
+        } else if (!is_paging(vcpu)) {
+                /* From nonpaging to paging */
+                vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
+                             vmcs_config.cpu_based_exec_ctrl &
+                             ~(CPU_BASED_CR3_LOAD_EXITING |
+                               CPU_BASED_CR3_STORE_EXITING));
+                vcpu->arch.cr0 = cr0;
+                vmx_set_cr4(vcpu, vcpu->arch.cr4);
+                if (!(vcpu->arch.cr0 & X86_CR0_WP))
+                        *hw_cr0 &= ~X86_CR0_WP;
+        }
+}
+
+static void ept_update_paging_mode_cr4(unsigned long *hw_cr4,
+                                        struct kvm_vcpu *vcpu)
+{
+        if (!is_paging(vcpu)) {
+                *hw_cr4 &= ~X86_CR4_PAE;
+                *hw_cr4 |= X86_CR4_PSE;
+        } else if (!(vcpu->arch.cr4 & X86_CR4_PAE))
+                *hw_cr4 &= ~X86_CR4_PAE;
+}
+
 static void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
 {
+        unsigned long hw_cr0 = (cr0 & ~KVM_GUEST_CR0_MASK) |
+                                KVM_VM_CR0_ALWAYS_ON;
+
         vmx_fpu_deactivate(vcpu);
 
         if (vcpu->arch.rmode.active && (cr0 & X86_CR0_PE))
@@ -1323,29 +1468,61 @@ static void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
         }
 #endif
 
+        if (vm_need_ept())
+                ept_update_paging_mode_cr0(&hw_cr0, cr0, vcpu);
+
         vmcs_writel(CR0_READ_SHADOW, cr0);
-        vmcs_writel(GUEST_CR0,
-                    (cr0 & ~KVM_GUEST_CR0_MASK) | KVM_VM_CR0_ALWAYS_ON);
+        vmcs_writel(GUEST_CR0, hw_cr0);
         vcpu->arch.cr0 = cr0;
 
         if (!(cr0 & X86_CR0_TS) || !(cr0 & X86_CR0_PE))
                 vmx_fpu_activate(vcpu);
 }
 
+static u64 construct_eptp(unsigned long root_hpa)
+{
+        u64 eptp;
+
+        /* TODO write the value reading from MSR */
+        eptp = VMX_EPT_DEFAULT_MT |
+                VMX_EPT_DEFAULT_GAW << VMX_EPT_GAW_EPTP_SHIFT;
+        eptp |= (root_hpa & PAGE_MASK);
+
+        return eptp;
+}
+
 static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
 {
+        unsigned long guest_cr3;
+        u64 eptp;
+
+        guest_cr3 = cr3;
+        if (vm_need_ept()) {
+                eptp = construct_eptp(cr3);
+                vmcs_write64(EPT_POINTER, eptp);
+                ept_sync_context(eptp);
+                ept_load_pdptrs(vcpu);
+                guest_cr3 = is_paging(vcpu) ? vcpu->arch.cr3 :
+                        VMX_EPT_IDENTITY_PAGETABLE_ADDR;
+        }
+
         vmx_flush_tlb(vcpu);
-        vmcs_writel(GUEST_CR3, cr3);
+        vmcs_writel(GUEST_CR3, guest_cr3);
         if (vcpu->arch.cr0 & X86_CR0_PE)
                 vmx_fpu_deactivate(vcpu);
 }
 
 static void vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 {
-        vmcs_writel(CR4_READ_SHADOW, cr4);
-        vmcs_writel(GUEST_CR4, cr4 | (vcpu->arch.rmode.active ?
-                    KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON));
+        unsigned long hw_cr4 = cr4 | (vcpu->arch.rmode.active ?
+                    KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON);
+
         vcpu->arch.cr4 = cr4;
+        if (vm_need_ept())
+                ept_update_paging_mode_cr4(&hw_cr4, vcpu);
+
+        vmcs_writel(CR4_READ_SHADOW, cr4);
+        vmcs_writel(GUEST_CR4, hw_cr4);
 }
 
 static void vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer)
@@ -1530,6 +1707,41 @@ out:
         return ret;
 }
 
+static int init_rmode_identity_map(struct kvm *kvm)
+{
+        int i, r, ret;
+        pfn_t identity_map_pfn;
+        u32 tmp;
+
+        if (!vm_need_ept())
+                return 1;
+        if (unlikely(!kvm->arch.ept_identity_pagetable)) {
+                printk(KERN_ERR "EPT: identity-mapping pagetable "
+                        "haven't been allocated!\n");
+                return 0;
+        }
+        if (likely(kvm->arch.ept_identity_pagetable_done))
+                return 1;
+        ret = 0;
+        identity_map_pfn = VMX_EPT_IDENTITY_PAGETABLE_ADDR >> PAGE_SHIFT;
+        r = kvm_clear_guest_page(kvm, identity_map_pfn, 0, PAGE_SIZE);
+        if (r < 0)
+                goto out;
+        /* Set up identity-mapping pagetable for EPT in real mode */
+        for (i = 0; i < PT32_ENT_PER_PAGE; i++) {
+                tmp = (i << 22) + (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER |
+                        _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE);
+                r = kvm_write_guest_page(kvm, identity_map_pfn,
+                                &tmp, i * sizeof(tmp), sizeof(tmp));
+                if (r < 0)
+                        goto out;
+        }
+        kvm->arch.ept_identity_pagetable_done = true;
+        ret = 1;
+out:
+        return ret;
+}
+
 static void seg_setup(int seg)
 {
         struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
@@ -1564,6 +1776,31 @@ out:
         return r;
 }
 
+static int alloc_identity_pagetable(struct kvm *kvm)
+{
+        struct kvm_userspace_memory_region kvm_userspace_mem;
+        int r = 0;
+
+        down_write(&kvm->slots_lock);
+        if (kvm->arch.ept_identity_pagetable)
+                goto out;
+        kvm_userspace_mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
+        kvm_userspace_mem.flags = 0;
+        kvm_userspace_mem.guest_phys_addr = VMX_EPT_IDENTITY_PAGETABLE_ADDR;
+        kvm_userspace_mem.memory_size = PAGE_SIZE;
+        r = __kvm_set_memory_region(kvm, &kvm_userspace_mem, 0);
+        if (r)
+                goto out;
+
+        down_read(&current->mm->mmap_sem);
+        kvm->arch.ept_identity_pagetable = gfn_to_page(kvm,
+                        VMX_EPT_IDENTITY_PAGETABLE_ADDR >> PAGE_SHIFT);
+        up_read(&current->mm->mmap_sem);
+out:
+        up_write(&kvm->slots_lock);
+        return r;
+}
+
 static void allocate_vpid(struct vcpu_vmx *vmx)
 {
         int vpid;
@@ -1638,6 +1875,9 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
                                 CPU_BASED_CR8_LOAD_EXITING;
 #endif
         }
+        if (!vm_need_ept())
+                exec_control |= CPU_BASED_CR3_STORE_EXITING |
+                                CPU_BASED_CR3_LOAD_EXITING;
         vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, exec_control);
 
         if (cpu_has_secondary_exec_ctrls()) {
@@ -1647,6 +1887,8 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
                                 ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
                 if (vmx->vpid == 0)
                         exec_control &= ~SECONDARY_EXEC_ENABLE_VPID;
+                if (!vm_need_ept())
+                        exec_control &= ~SECONDARY_EXEC_ENABLE_EPT;
                 vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
         }
 
@@ -1722,6 +1964,15 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
         return 0;
 }
 
+static int init_rmode(struct kvm *kvm)
+{
+        if (!init_rmode_tss(kvm))
+                return 0;
+        if (!init_rmode_identity_map(kvm))
+                return 0;
+        return 1;
+}
+
 static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
@@ -1729,7 +1980,7 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
         int ret;
 
         down_read(&vcpu->kvm->slots_lock);
-        if (!init_rmode_tss(vmx->vcpu.kvm)) {
+        if (!init_rmode(vmx->vcpu.kvm)) {
                 ret = -ENOMEM;
                 goto out;
         }
@@ -1994,6 +2245,9 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         if (intr_info & INTR_INFO_DELIVER_CODE_MASK)
                 error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
         if (is_page_fault(intr_info)) {
+                /* EPT won't cause page fault directly */
+                if (vm_need_ept())
+                        BUG();
                 cr2 = vmcs_readl(EXIT_QUALIFICATION);
                 KVMTRACE_3D(PAGE_FAULT, vcpu, error_code, (u32)cr2,
                             (u32)((u64)cr2 >> 32), handler);
@@ -2323,6 +2577,64 @@ static int handle_task_switch(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return kvm_task_switch(vcpu, tss_selector, reason);
 }
 
+static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+{
+        u64 exit_qualification;
+        enum emulation_result er;
+        gpa_t gpa;
+        unsigned long hva;
+        int gla_validity;
+        int r;
+
+        exit_qualification = vmcs_read64(EXIT_QUALIFICATION);
+
+        if (exit_qualification & (1 << 6)) {
+                printk(KERN_ERR "EPT: GPA exceeds GAW!\n");
+                return -ENOTSUPP;
+        }
+
+        gla_validity = (exit_qualification >> 7) & 0x3;
+        if (gla_validity != 0x3 && gla_validity != 0x1 && gla_validity != 0) {
+                printk(KERN_ERR "EPT: Handling EPT violation failed!\n");
+                printk(KERN_ERR "EPT: GPA: 0x%lx, GVA: 0x%lx\n",
+                        (long unsigned int)vmcs_read64(GUEST_PHYSICAL_ADDRESS),
+                        (long unsigned int)vmcs_read64(GUEST_LINEAR_ADDRESS));
+                printk(KERN_ERR "EPT: Exit qualification is 0x%lx\n",
+                        (long unsigned int)exit_qualification);
+                kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
+                kvm_run->hw.hardware_exit_reason = 0;
+                return -ENOTSUPP;
+        }
+
+        gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
+        hva = gfn_to_hva(vcpu->kvm, gpa >> PAGE_SHIFT);
+        if (!kvm_is_error_hva(hva)) {
+                r = kvm_mmu_page_fault(vcpu, gpa & PAGE_MASK, 0);
+                if (r < 0) {
+                        printk(KERN_ERR "EPT: Not enough memory!\n");
+                        return -ENOMEM;
+                }
+                return 1;
+        } else {
+                /* must be MMIO */
+                er = emulate_instruction(vcpu, kvm_run, 0, 0, 0);
+
+                if (er == EMULATE_FAIL) {
+                        printk(KERN_ERR
+                         "EPT: Fail to handle EPT violation vmexit!er is %d\n",
+                         er);
+                        printk(KERN_ERR "EPT: GPA: 0x%lx, GVA: 0x%lx\n",
+                         (long unsigned int)vmcs_read64(GUEST_PHYSICAL_ADDRESS),
+                         (long unsigned int)vmcs_read64(GUEST_LINEAR_ADDRESS));
+                        printk(KERN_ERR "EPT: Exit qualification is 0x%lx\n",
+                                (long unsigned int)exit_qualification);
+                        return -ENOTSUPP;
+                } else if (er == EMULATE_DO_MMIO)
+                        return 0;
+        }
+        return 1;
+}
+
 /*
  * The exit handlers return 1 if the exit was handled fully and guest execution
  * may resume.  Otherwise they set the kvm_run parameter to indicate what needs
@@ -2346,6 +2658,7 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu,
         [EXIT_REASON_APIC_ACCESS]             = handle_apic_access,
         [EXIT_REASON_WBINVD]                  = handle_wbinvd,
         [EXIT_REASON_TASK_SWITCH]             = handle_task_switch,
+        [EXIT_REASON_EPT_VIOLATION]           = handle_ept_violation,
 };
 
 static const int kvm_vmx_max_exit_handlers =
@@ -2364,6 +2677,13 @@ static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
         KVMTRACE_3D(VMEXIT, vcpu, exit_reason, (u32)vmcs_readl(GUEST_RIP),
                     (u32)((u64)vmcs_readl(GUEST_RIP) >> 32), entryexit);
 
+        /* Access CR3 don't cause VMExit in paging mode, so we need
+         * to sync with guest real CR3. */
+        if (vm_need_ept() && is_paging(vcpu)) {
+                vcpu->arch.cr3 = vmcs_readl(GUEST_CR3);
+                ept_load_pdptrs(vcpu);
+        }
+
         if (unlikely(vmx->fail)) {
                 kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY;
                 kvm_run->fail_entry.hardware_entry_failure_reason
@@ -2372,7 +2692,8 @@ static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
         }
 
         if ((vectoring_info & VECTORING_INFO_VALID_MASK) &&
-                                exit_reason != EXIT_REASON_EXCEPTION_NMI)
+                        (exit_reason != EXIT_REASON_EXCEPTION_NMI &&
+                        exit_reason != EXIT_REASON_EPT_VIOLATION))
                 printk(KERN_WARNING "%s: unexpected, valid vectoring info and "
                        "exit reason is 0x%x\n", __func__, exit_reason);
         if (exit_reason < kvm_vmx_max_exit_handlers
@@ -2674,6 +2995,15 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
                 return ERR_PTR(-ENOMEM);
 
         allocate_vpid(vmx);
+        if (id == 0 && vm_need_ept()) {
+                kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
+                        VMX_EPT_WRITABLE_MASK |
+                        VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
+                kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
+                                VMX_EPT_FAKE_DIRTY_MASK, 0ull,
+                                VMX_EPT_EXECUTABLE_MASK);
+                kvm_enable_tdp();
+        }
 
         err = kvm_vcpu_init(&vmx->vcpu, kvm, id);
         if (err)
@@ -2706,6 +3036,10 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
                 if (alloc_apic_access_page(kvm) != 0)
                         goto free_vmcs;
 
+        if (vm_need_ept())
+                if (alloc_identity_pagetable(kvm) != 0)
+                        goto free_vmcs;
+
         return &vmx->vcpu;
 
 free_vmcs:
@@ -2735,6 +3069,11 @@ static void __init vmx_check_processor_compat(void *rtn)
         }
 }
 
+static int get_ept_level(void)
+{
+        return VMX_EPT_DEFAULT_GAW + 1;
+}
+
 static struct kvm_x86_ops vmx_x86_ops = {
         .cpu_has_kvm_support = cpu_has_kvm_support,
         .disabled_by_bios = vmx_disabled_by_bios,
@@ -2791,6 +3130,7 @@ static struct kvm_x86_ops vmx_x86_ops = {
         .inject_pending_vectors = do_interrupt_requests,
 
         .set_tss_addr = vmx_set_tss_addr,
+        .get_tdp_level = get_ept_level,
 };
 
 static int __init vmx_init(void)
@@ -2843,9 +3183,14 @@ static int __init vmx_init(void)
         vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_IA32_SYSENTER_ESP);
         vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_IA32_SYSENTER_EIP);
 
+        if (cpu_has_vmx_ept())
+                bypass_guest_pf = 0;
+
         if (bypass_guest_pf)
                 kvm_mmu_set_nonpresent_ptes(~0xffeull, 0ull);
 
+        ept_sync_global();
+
         return 0;
 
 out2:
diff --git a/arch/x86/kvm/vmx.h b/arch/x86/kvm/vmx.h
index 5dff4606b988..79d94c610dfe 100644
--- a/arch/x86/kvm/vmx.h
+++ b/arch/x86/kvm/vmx.h
@@ -35,6 +35,8 @@
 #define CPU_BASED_MWAIT_EXITING                 0x00000400
 #define CPU_BASED_RDPMC_EXITING                 0x00000800
 #define CPU_BASED_RDTSC_EXITING                 0x00001000
+#define CPU_BASED_CR3_LOAD_EXITING              0x00008000
+#define CPU_BASED_CR3_STORE_EXITING             0x00010000
 #define CPU_BASED_CR8_LOAD_EXITING              0x00080000
 #define CPU_BASED_CR8_STORE_EXITING             0x00100000
 #define CPU_BASED_TPR_SHADOW                    0x00200000
@@ -49,6 +51,7 @@
  * Definitions of Secondary Processor-Based VM-Execution Controls.
  */
 #define SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES 0x00000001
+#define SECONDARY_EXEC_ENABLE_EPT               0x00000002
 #define SECONDARY_EXEC_ENABLE_VPID              0x00000020
 #define SECONDARY_EXEC_WBINVD_EXITING           0x00000040
 
@@ -100,10 +103,22 @@ enum vmcs_field {
         VIRTUAL_APIC_PAGE_ADDR_HIGH     = 0x00002013,
         APIC_ACCESS_ADDR                = 0x00002014,
         APIC_ACCESS_ADDR_HIGH           = 0x00002015,
+        EPT_POINTER                     = 0x0000201a,
+        EPT_POINTER_HIGH                = 0x0000201b,
+        GUEST_PHYSICAL_ADDRESS          = 0x00002400,
+        GUEST_PHYSICAL_ADDRESS_HIGH     = 0x00002401,
         VMCS_LINK_POINTER               = 0x00002800,
         VMCS_LINK_POINTER_HIGH          = 0x00002801,
         GUEST_IA32_DEBUGCTL             = 0x00002802,
         GUEST_IA32_DEBUGCTL_HIGH        = 0x00002803,
+        GUEST_PDPTR0                    = 0x0000280a,
+        GUEST_PDPTR0_HIGH               = 0x0000280b,
+        GUEST_PDPTR1                    = 0x0000280c,
+        GUEST_PDPTR1_HIGH               = 0x0000280d,
+        GUEST_PDPTR2                    = 0x0000280e,
+        GUEST_PDPTR2_HIGH               = 0x0000280f,
+        GUEST_PDPTR3                    = 0x00002810,
+        GUEST_PDPTR3_HIGH               = 0x00002811,
         PIN_BASED_VM_EXEC_CONTROL       = 0x00004000,
         CPU_BASED_VM_EXEC_CONTROL       = 0x00004002,
         EXCEPTION_BITMAP                = 0x00004004,
@@ -226,6 +241,8 @@ enum vmcs_field {
 #define EXIT_REASON_MWAIT_INSTRUCTION   36
 #define EXIT_REASON_TPR_BELOW_THRESHOLD 43
 #define EXIT_REASON_APIC_ACCESS         44
+#define EXIT_REASON_EPT_VIOLATION       48
+#define EXIT_REASON_EPT_MISCONFIG       49
 #define EXIT_REASON_WBINVD              54
 
 /*
@@ -316,15 +333,36 @@ enum vmcs_field {
 #define MSR_IA32_VMX_CR4_FIXED1                 0x489
 #define MSR_IA32_VMX_VMCS_ENUM                  0x48a
 #define MSR_IA32_VMX_PROCBASED_CTLS2            0x48b
+#define MSR_IA32_VMX_EPT_VPID_CAP               0x48c
 
 #define MSR_IA32_FEATURE_CONTROL                0x3a
 #define MSR_IA32_FEATURE_CONTROL_LOCKED         0x1
 #define MSR_IA32_FEATURE_CONTROL_VMXON_ENABLED  0x4
 
 #define APIC_ACCESS_PAGE_PRIVATE_MEMSLOT        9
+#define IDENTITY_PAGETABLE_PRIVATE_MEMSLOT      10
 
 #define VMX_NR_VPIDS                            (1 << 16)
 #define VMX_VPID_EXTENT_SINGLE_CONTEXT          1
 #define VMX_VPID_EXTENT_ALL_CONTEXT             2
 
+#define VMX_EPT_EXTENT_INDIVIDUAL_ADDR          0
+#define VMX_EPT_EXTENT_CONTEXT                  1
+#define VMX_EPT_EXTENT_GLOBAL                   2
+#define VMX_EPT_EXTENT_INDIVIDUAL_BIT           (1ull << 24)
+#define VMX_EPT_EXTENT_CONTEXT_BIT              (1ull << 25)
+#define VMX_EPT_EXTENT_GLOBAL_BIT               (1ull << 26)
+#define VMX_EPT_DEFAULT_GAW                     3
+#define VMX_EPT_MAX_GAW                         0x4
+#define VMX_EPT_MT_EPTE_SHIFT                   3
+#define VMX_EPT_GAW_EPTP_SHIFT                  3
+#define VMX_EPT_DEFAULT_MT                      0x6ull
+#define VMX_EPT_READABLE_MASK                   0x1ull
+#define VMX_EPT_WRITABLE_MASK                   0x2ull
+#define VMX_EPT_EXECUTABLE_MASK                 0x4ull
+#define VMX_EPT_FAKE_ACCESSED_MASK              (1ull << 62)
+#define VMX_EPT_FAKE_DIRTY_MASK                 (1ull << 63)
+
+#define VMX_EPT_IDENTITY_PAGETABLE_ADDR         0xfffbc000ul
+
 #endif
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 0ce556372a4d..21338bdb28ff 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2417,6 +2417,9 @@ int kvm_arch_init(void *opaque)
 
         kvm_x86_ops = ops;
         kvm_mmu_set_nonpresent_ptes(0ull, 0ull);
+        kvm_mmu_set_base_ptes(PT_PRESENT_MASK);
+        kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK,
+                        PT_DIRTY_MASK, PT64_NX_MASK, 0);
         return 0;
 
 out:
@@ -3019,6 +3022,8 @@ int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
 
         kvm_x86_ops->decache_regs(vcpu);
 
+        vcpu->arch.exception.pending = false;
+
         vcpu_put(vcpu);
 
         return 0;
@@ -3481,7 +3486,7 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
         }
 
         if (reason == TASK_SWITCH_IRET || reason == TASK_SWITCH_JMP) {
-                cseg_desc.type &= ~(1 << 8); //clear the B flag
+                cseg_desc.type &= ~(1 << 1); //clear the B flag
                 save_guest_segment_descriptor(vcpu, tr_seg.selector,
                                               &cseg_desc);
         }
@@ -3507,7 +3512,7 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
         }
 
         if (reason != TASK_SWITCH_IRET) {
-                nseg_desc.type |= (1 << 8);
+                nseg_desc.type |= (1 << 1);
                 save_guest_segment_descriptor(vcpu, tss_selector,
                                               &nseg_desc);
         }
@@ -3698,10 +3703,19 @@ void fx_init(struct kvm_vcpu *vcpu)
 {
         unsigned after_mxcsr_mask;
 
+        /*
+         * Touch the fpu the first time in non atomic context as if
+         * this is the first fpu instruction the exception handler
+         * will fire before the instruction returns and it'll have to
+         * allocate ram with GFP_KERNEL.
+         */
+        if (!used_math())
+                fx_save(&vcpu->arch.host_fx_image);
+
         /* Initialize guest FPU by resetting ours and saving into guest's */
         preempt_disable();
         fx_save(&vcpu->arch.host_fx_image);
-        fpu_init();
+        fx_finit();
         fx_save(&vcpu->arch.guest_fx_image);
         fx_restore(&vcpu->arch.host_fx_image);
         preempt_enable();
@@ -3906,6 +3920,8 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
         kvm_free_physmem(kvm);
         if (kvm->arch.apic_access_page)
                 put_page(kvm->arch.apic_access_page);
+        if (kvm->arch.ept_identity_pagetable)
+                put_page(kvm->arch.ept_identity_pagetable);
         kfree(kvm);
 }
 
diff --git a/arch/x86/kvm/x86_emulate.c b/arch/x86/kvm/x86_emulate.c
index 2ca08386f993..f2a696d6a243 100644
--- a/arch/x86/kvm/x86_emulate.c
+++ b/arch/x86/kvm/x86_emulate.c
@@ -1761,6 +1761,7 @@ twobyte_insn:
                 case 6: /* lmsw */
                         realmode_lmsw(ctxt->vcpu, (u16)c->src.val,
                                       &ctxt->eflags);
+                        c->dst.type = OP_NONE;
                         break;
                 case 7: /* invlpg*/
                         emulate_invlpg(ctxt->vcpu, memop);
diff --git a/arch/x86/mach-voyager/voyager_cat.c b/arch/x86/mach-voyager/voyager_cat.c
index ecab9fff0fd1..2ad598c104af 100644
--- a/arch/x86/mach-voyager/voyager_cat.c
+++ b/arch/x86/mach-voyager/voyager_cat.c
@@ -877,7 +877,7 @@ void __init voyager_cat_init(void)
                         request_resource(&iomem_resource, res);
                 }
 
-                qic_addr = (unsigned long)ioremap(qic_addr, 0x400);
+                qic_addr = (unsigned long)ioremap_cache(qic_addr, 0x400);
 
                 for (j = 0; j < 4; j++) {
                         __u8 cpu;
diff --git a/arch/x86/mm/discontig_32.c b/arch/x86/mm/discontig_32.c
index 18378850e25a..914ccf983687 100644
--- a/arch/x86/mm/discontig_32.c
+++ b/arch/x86/mm/discontig_32.c
@@ -476,29 +476,3 @@ int memory_add_physaddr_to_nid(u64 addr)
 
 EXPORT_SYMBOL_GPL(memory_add_physaddr_to_nid);
 #endif
-
-#ifndef CONFIG_HAVE_ARCH_PARSE_SRAT
-/*
- * XXX FIXME: Make SLIT table parsing available to 32-bit NUMA
- *
- * These stub functions are needed to compile 32-bit NUMA when SRAT is
- * not set. There are functions in srat_64.c for parsing this table
- * and it may be possible to make them common functions.
- */
-void acpi_numa_slit_init (struct acpi_table_slit *slit)
-{
-        printk(KERN_INFO "ACPI: No support for parsing SLIT table\n");
-}
-
-void acpi_numa_processor_affinity_init (struct acpi_srat_cpu_affinity *pa)
-{
-}
-
-void acpi_numa_memory_affinity_init (struct acpi_srat_mem_affinity *ma)
-{
-}
-
-void acpi_numa_arch_fixup(void)
-{
-}
-#endif /* CONFIG_HAVE_ARCH_PARSE_SRAT */
diff --git a/arch/x86/mm/highmem_32.c b/arch/x86/mm/highmem_32.c
index 9cf33d3ee5bc..165c871ba9af 100644
--- a/arch/x86/mm/highmem_32.c
+++ b/arch/x86/mm/highmem_32.c
@@ -155,4 +155,3 @@ EXPORT_SYMBOL(kmap);
 EXPORT_SYMBOL(kunmap);
 EXPORT_SYMBOL(kmap_atomic);
 EXPORT_SYMBOL(kunmap_atomic);
-EXPORT_SYMBOL(kmap_atomic_to_page);
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index 804de18abcc2..71bb3159031a 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -149,7 +149,8 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
          * Don't allow anybody to remap normal RAM that we're using..
          */
         for (pfn = phys_addr >> PAGE_SHIFT;
-                                (pfn << PAGE_SHIFT) < last_addr; pfn++) {
+                                (pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK);
+                                pfn++) {
 
                 int is_ram = page_is_ram(pfn);
 
@@ -176,11 +177,11 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
                 /*
                  * Do not fallback to certain memory types with certain
                  * requested type:
-                 * - request is uncached, return cannot be write-back
-                 * - request is uncached, return cannot be write-combine
+                 * - request is uc-, return cannot be write-back
+                 * - request is uc-, return cannot be write-combine
                  * - request is write-combine, return cannot be write-back
                  */
-                if ((prot_val == _PAGE_CACHE_UC &&
+                if ((prot_val == _PAGE_CACHE_UC_MINUS &&
                      (new_prot_val == _PAGE_CACHE_WB ||
                       new_prot_val == _PAGE_CACHE_WC)) ||
                     (prot_val == _PAGE_CACHE_WC &&
@@ -201,6 +202,9 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
         default:
                 prot = PAGE_KERNEL_NOCACHE;
                 break;
+        case _PAGE_CACHE_UC_MINUS:
+                prot = PAGE_KERNEL_UC_MINUS;
+                break;
         case _PAGE_CACHE_WC:
                 prot = PAGE_KERNEL_WC;
                 break;
@@ -255,7 +259,16 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
  */
 void __iomem *ioremap_nocache(resource_size_t phys_addr, unsigned long size)
 {
-        return __ioremap_caller(phys_addr, size, _PAGE_CACHE_UC,
+        /*
+         * Ideally, this should be:
+         *      pat_wc_enabled ? _PAGE_CACHE_UC : _PAGE_CACHE_UC_MINUS;
+         *
+         * Till we fix all X drivers to use ioremap_wc(), we will use
+         * UC MINUS.
+         */
+        unsigned long val = _PAGE_CACHE_UC_MINUS;
+
+        return __ioremap_caller(phys_addr, size, val,
                                 __builtin_return_address(0));
 }
 EXPORT_SYMBOL(ioremap_nocache);
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index bd5e05c654dc..60bcb5b6a37e 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -777,14 +777,20 @@ static inline int change_page_attr_clear(unsigned long addr, int numpages,
 
 int _set_memory_uc(unsigned long addr, int numpages)
 {
+        /*
+         * for now UC MINUS. see comments in ioremap_nocache()
+         */
         return change_page_attr_set(addr, numpages,
-                                    __pgprot(_PAGE_CACHE_UC));
+                                    __pgprot(_PAGE_CACHE_UC_MINUS));
 }
 
 int set_memory_uc(unsigned long addr, int numpages)
 {
+        /*
+         * for now UC MINUS. see comments in ioremap_nocache()
+         */
         if (reserve_memtype(addr, addr + numpages * PAGE_SIZE,
-                            _PAGE_CACHE_UC, NULL))
+                            _PAGE_CACHE_UC_MINUS, NULL))
                 return -EINVAL;
 
         return _set_memory_uc(addr, numpages);
diff --git a/arch/x86/pci/Makefile_32 b/arch/x86/pci/Makefile_32
index 2a1516efb542..89ec35d00efd 100644
--- a/arch/x86/pci/Makefile_32
+++ b/arch/x86/pci/Makefile_32
@@ -6,11 +6,19 @@ obj-$(CONFIG_PCI_DIRECT)	+= direct.o
 obj-$(CONFIG_PCI_OLPC)          += olpc.o
 
 pci-y                           := fixup.o
+
+# Do not change the ordering here. There is a nasty init function
+# ordering dependency which breaks when you move acpi.o below
+# legacy/irq.o
 pci-$(CONFIG_ACPI)              += acpi.o
 pci-y                           += legacy.o irq.o
 
+# Careful: VISWS and NUMAQ overrule the pci-y above. The colons are
+# therefor correct. This needs a proper fix by distangling the code.
 pci-$(CONFIG_X86_VISWS)         := visws.o fixup.o
 pci-$(CONFIG_X86_NUMAQ)         := numa.o irq.o
+
+# Necessary for NUMAQ as well
 pci-$(CONFIG_NUMA)              += mp_bus_to_node.o
 
 obj-y                           += $(pci-y) common.o early.o
diff --git a/arch/x86/pci/i386.c b/arch/x86/pci/i386.c
index 94f6c73a53d0..8af0f0bae2af 100644
--- a/arch/x86/pci/i386.c
+++ b/arch/x86/pci/i386.c
@@ -301,6 +301,13 @@ int pci_mmap_page_range(struct pci_dev *dev, struct vm_area_struct *vma,
         prot = pgprot_val(vma->vm_page_prot);
         if (pat_wc_enabled && write_combine)
                 prot |= _PAGE_CACHE_WC;
+        else if (pat_wc_enabled)
+                /*
+                 * ioremap() and ioremap_nocache() defaults to UC MINUS for now.
+                 * To avoid attribute conflicts, request UC MINUS here
+                 * aswell.
+                 */
+                prot |= _PAGE_CACHE_UC_MINUS;
         else if (boot_cpu_data.x86 > 3)
                 prot |= _PAGE_CACHE_UC;
 
@@ -319,9 +326,8 @@ int pci_mmap_page_range(struct pci_dev *dev, struct vm_area_struct *vma,
                  * - request is uncached, return cannot be write-combine
                  * - request is write-combine, return cannot be write-back
                  */
-                if ((flags == _PAGE_CACHE_UC &&
-                     (new_flags == _PAGE_CACHE_WB ||
-                      new_flags == _PAGE_CACHE_WC)) ||
+                if ((flags == _PAGE_CACHE_UC_MINUS &&
+                     (new_flags == _PAGE_CACHE_WB)) ||
                     (flags == _PAGE_CACHE_WC &&
                      new_flags == _PAGE_CACHE_WB)) {
                         free_memtype(addr, addr+len);
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
index e2af8eee80e3..cf058fecfcee 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -162,7 +162,7 @@ static __init void relocate_vdso(Elf32_Ehdr *ehdr)
         Elf32_Shdr *shdr;
         int i;
 
-        BUG_ON(memcmp(ehdr->e_ident, ELFMAG, 4) != 0 ||
+        BUG_ON(memcmp(ehdr->e_ident, ELFMAG, SELFMAG) != 0 ||
                !elf_check_arch_ia32(ehdr) ||
                ehdr->e_type != ET_DYN);
 
@@ -303,8 +303,6 @@ int __init sysenter_setup(void)
 
 #ifdef CONFIG_X86_32
         gate_vma_init();
-
-        printk("Compat vDSO mapped to %08lx.\n", __fix_to_virt(FIX_VDSO));
 #endif
 
         if (!vdso32_sysenter()) {
diff --git a/arch/x86/video/fbdev.c b/arch/x86/video/fbdev.c
index 4db42bff8c60..69527688f794 100644
--- a/arch/x86/video/fbdev.c
+++ b/arch/x86/video/fbdev.c
@@ -1,5 +1,4 @@
 /*
- *
  * Copyright (C) 2007 Antonino Daplas <adaplas@gmail.com>
  *
  * This file is subject to the terms and conditions of the GNU General Public
@@ -29,3 +28,4 @@ int fb_is_primary_device(struct fb_info *info)
         return retval;
 }
 EXPORT_SYMBOL(fb_is_primary_device);
+MODULE_LICENSE("GPL");