22 files changed, 158 insertions, 179 deletions
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 10d6cc3fd052..e1983fa025d2 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -174,28 +174,8 @@ config IOMMU_LEAK
          Add a simple leak tracer to the IOMMU code. This is useful when you
          are debugging a buggy device driver that leaks IOMMU mappings.
-config MMIOTRACE
+config HAVE_MMIOTRACE_SUPPORT
-        bool "Memory mapped IO tracing"
+        def_bool y
-        depends on DEBUG_KERNEL && PCI
-        select TRACING
-        help
-          Mmiotrace traces Memory Mapped I/O access and is meant for
-          debugging and reverse engineering. It is called from the ioremap
-          implementation and works via page faults. Tracing is disabled by
-          default and can be enabled at run-time.
-          See Documentation/tracers/mmiotrace.txt.
-          If you are not helping to develop drivers, say N.
-config MMIOTRACE_TEST
-        tristate "Test module for mmiotrace"
-        depends on MMIOTRACE && m
-        help
-          This is a dumb module for testing mmiotrace. It is very dangerous
-          as it will write garbage to IO memory starting at a given address.
-          However, it should be safe to use on e.g. unused portion of VRAM.
-          Say N, unless you absolutely know what you are doing.
 #
 # IO delay types:
diff --git a/arch/x86/include/asm/kvm.h b/arch/x86/include/asm/kvm.h
index d2e3bf3608af..886c9402ec45 100644
--- a/arch/x86/include/asm/kvm.h
+++ b/arch/x86/include/asm/kvm.h
@@ -9,6 +9,13 @@
 #include <linux/types.h>
 #include <linux/ioctl.h>
+/* Select x86 specific features in <linux/kvm.h> */
+#define __KVM_HAVE_PIT
+#define __KVM_HAVE_IOAPIC
+#define __KVM_HAVE_DEVICE_ASSIGNMENT
+#define __KVM_HAVE_MSI
+#define __KVM_HAVE_USER_NMI
 /* Architectural interrupt line count. */
 #define KVM_NR_INTERRUPTS 256
diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h
index e9873a2e8695..776579119a00 100644
--- a/arch/x86/include/asm/page.h
+++ b/arch/x86/include/asm/page.h
@@ -57,7 +57,6 @@ typedef struct { pgdval_t pgd; } pgd_t;
 typedef struct { pgprotval_t pgprot; } pgprot_t;
 extern int page_is_ram(unsigned long pagenr);
-extern int pagerange_is_ram(unsigned long start, unsigned long end);
 extern int devmem_is_allowed(unsigned long pagenr);
 extern void map_devmem(unsigned long pfn, unsigned long size,
                       pgprot_t vma_prot);
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index c09a14127584..e299287e8e33 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -1352,14 +1352,7 @@ static inline void arch_leave_lazy_cpu_mode(void)
        PVOP_VCALL0(pv_cpu_ops.lazy_mode.leave);
 }
-static inline void arch_flush_lazy_cpu_mode(void)
+void arch_flush_lazy_cpu_mode(void);
-{
-        if (unlikely(paravirt_get_lazy_mode() == PARAVIRT_LAZY_CPU)) {
-                arch_leave_lazy_cpu_mode();
-                arch_enter_lazy_cpu_mode();
-        }
-}
 #define  __HAVE_ARCH_ENTER_LAZY_MMU_MODE
 static inline void arch_enter_lazy_mmu_mode(void)
@@ -1372,13 +1365,7 @@ static inline void arch_leave_lazy_mmu_mode(void)
        PVOP_VCALL0(pv_mmu_ops.lazy_mode.leave);
 }
-static inline void arch_flush_lazy_mmu_mode(void)
+void arch_flush_lazy_mmu_mode(void);
-{
-        if (unlikely(paravirt_get_lazy_mode() == PARAVIRT_LAZY_MMU)) {
-                arch_leave_lazy_mmu_mode();
-                arch_enter_lazy_mmu_mode();
-        }
-}
 static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
                                unsigned long phys, pgprot_t flags)
diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
index fb039cd345d8..6428aa17b40e 100644
--- a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
+++ b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
@@ -1157,8 +1157,7 @@ static int __cpuinit powernowk8_cpu_init(struct cpufreq_policy *pol)
        data->cpu = pol->cpu;
        data->currpstate = HW_PSTATE_INVALID;
-        rc = powernow_k8_cpu_init_acpi(data);
+        if (powernow_k8_cpu_init_acpi(data)) {
-        if (rc) {
                /*
                 * Use the PSB BIOS structure. This is only availabe on
                 * an UP version, and is deprecated by AMD.
@@ -1176,17 +1175,20 @@ static int __cpuinit powernowk8_cpu_init(struct cpufreq_policy *pol)
                               "ACPI maintainers and complain to your BIOS "
                               "vendor.\n");
 #endif
-                        goto err_out;
+                        kfree(data);
+                        return -ENODEV;
                }
                if (pol->cpu != 0) {
                        printk(KERN_ERR FW_BUG PFX "No ACPI _PSS objects for "
                               "CPU other than CPU0. Complain to your BIOS "
                               "vendor.\n");
-                        goto err_out;
+                        kfree(data);
+                        return -ENODEV;
                }
                rc = find_psb_table(data);
                if (rc) {
-                        goto err_out;
+                        kfree(data);
+                        return -ENODEV;
                }
                /* Take a crude guess here.
                 * That guess was in microseconds, so multiply with 1000 */
diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
index 388254f69a2a..a00545fe5cdd 100644
--- a/arch/x86/kernel/hpet.c
+++ b/arch/x86/kernel/hpet.c
@@ -269,6 +269,8 @@ static void hpet_set_mode(enum clock_event_mode mode,
                now = hpet_readl(HPET_COUNTER);
                cmp = now + (unsigned long) delta;
                cfg = hpet_readl(HPET_Tn_CFG(timer));
+                /* Make sure we use edge triggered interrupts */
+                cfg &= ~HPET_TN_LEVEL;
                cfg |= HPET_TN_ENABLE | HPET_TN_PERIODIC |
                       HPET_TN_SETVAL | HPET_TN_32BIT;
                hpet_writel(cfg, HPET_Tn_CFG(timer));
diff --git a/arch/x86/kernel/olpc.c b/arch/x86/kernel/olpc.c
index 7a13fac63a1f..4006c522adc7 100644
--- a/arch/x86/kernel/olpc.c
+++ b/arch/x86/kernel/olpc.c
@@ -203,7 +203,7 @@ static void __init platform_detect(void)
 static void __init platform_detect(void)
 {
        /* stopgap until OFW support is added to the kernel */
-        olpc_platform_info.boardrev = 0xc2;
+        olpc_platform_info.boardrev = olpc_board(0xc2);
 }
 #endif
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
index e4c8fb608873..c6520a4e85d4 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -268,6 +268,32 @@ enum paravirt_lazy_mode paravirt_get_lazy_mode(void)
        return __get_cpu_var(paravirt_lazy_mode);
 }
+void arch_flush_lazy_mmu_mode(void)
+{
+        preempt_disable();
+        if (paravirt_get_lazy_mode() == PARAVIRT_LAZY_MMU) {
+                WARN_ON(preempt_count() == 1);
+                arch_leave_lazy_mmu_mode();
+                arch_enter_lazy_mmu_mode();
+        }
+        preempt_enable();
+}
+void arch_flush_lazy_cpu_mode(void)
+{
+        preempt_disable();
+        if (paravirt_get_lazy_mode() == PARAVIRT_LAZY_CPU) {
+                WARN_ON(preempt_count() == 1);
+                arch_leave_lazy_cpu_mode();
+                arch_enter_lazy_cpu_mode();
+        }
+        preempt_enable();
+}
 struct pv_info pv_info = {
        .name = "bare hardware",
        .paravirt_enabled = 0,
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 0a5df5f82fb9..5a4c23d89892 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -810,12 +810,16 @@ static void ptrace_bts_untrace(struct task_struct *child)
 static void ptrace_bts_detach(struct task_struct *child)
 {
-        if (unlikely(child->bts)) {
+        /*
-                ds_release_bts(child->bts);
+         * Ptrace_detach() races with ptrace_untrace() in case
-                child->bts = NULL;
+         * the child dies and is reaped by another thread.
+         *
-                ptrace_bts_free_buffer(child);
+         * We only do the memory accounting at this point and
-        }
+         * leave the buffer deallocation and the bts tracer
+         * release to ptrace_bts_untrace() which will be called
+         * later on with tasklist_lock held.
+         */
+        release_locked_buffer(child->bts_buffer, child->bts_size);
 }
 #else
 static inline void ptrace_bts_fork(struct task_struct *tsk) {}
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 7932338d7cb3..a9e7548e1790 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -99,6 +99,12 @@ static inline void preempt_conditional_sti(struct pt_regs *regs)
                local_irq_enable();
 }
+static inline void conditional_cli(struct pt_regs *regs)
+{
+        if (regs->flags & X86_EFLAGS_IF)
+                local_irq_disable();
+}
 static inline void preempt_conditional_cli(struct pt_regs *regs)
 {
        if (regs->flags & X86_EFLAGS_IF)
@@ -626,8 +632,10 @@ clear_dr7:
 #ifdef CONFIG_X86_32
 debug_vm86:
+        /* reenable preemption: handle_vm86_trap() might sleep */
+        dec_preempt_count();
        handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, 1);
-        preempt_conditional_cli(regs);
+        conditional_cli(regs);
        return;
 #endif
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index e665d1c623ca..72bd275a9b5c 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -207,7 +207,7 @@ static int __pit_timer_fn(struct kvm_kpit_state *ps)
        hrtimer_add_expires_ns(&pt->timer, pt->period);
        pt->scheduled = hrtimer_get_expires_ns(&pt->timer);
        if (pt->period)
-                ps->channels[0].count_load_time = hrtimer_get_expires(&pt->timer);
+                ps->channels[0].count_load_time = ktime_get();
        return (pt->period == 0 ? 0 : 1);
 }
diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c
index c019b8edcdb7..cf17ed52f6fb 100644
--- a/arch/x86/kvm/irq.c
+++ b/arch/x86/kvm/irq.c
@@ -87,13 +87,6 @@ void kvm_inject_pending_timer_irqs(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_inject_pending_timer_irqs);
-void kvm_timer_intr_post(struct kvm_vcpu *vcpu, int vec)
-{
-        kvm_apic_timer_intr_post(vcpu, vec);
-        /* TODO: PIT, RTC etc. */
-}
-EXPORT_SYMBOL_GPL(kvm_timer_intr_post);
 void __kvm_migrate_timers(struct kvm_vcpu *vcpu)
 {
        __kvm_migrate_apic_timer(vcpu);
diff --git a/arch/x86/kvm/irq.h b/arch/x86/kvm/irq.h
index 2bf32a03ceec..82579ee538d0 100644
--- a/arch/x86/kvm/irq.h
+++ b/arch/x86/kvm/irq.h
@@ -89,7 +89,6 @@ static inline int irqchip_in_kernel(struct kvm *kvm)
 void kvm_pic_reset(struct kvm_kpic_state *s);
-void kvm_timer_intr_post(struct kvm_vcpu *vcpu, int vec);
 void kvm_inject_pending_timer_irqs(struct kvm_vcpu *vcpu);
 void kvm_inject_apic_timer_irqs(struct kvm_vcpu *vcpu);
 void kvm_apic_nmi_wd_deliver(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index afac68c0815c..f0b67f2cdd69 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -35,6 +35,12 @@
 #include "kvm_cache_regs.h"
 #include "irq.h"
+#ifndef CONFIG_X86_64
+#define mod_64(x, y) ((x) - (y) * div64_u64(x, y))
+#else
+#define mod_64(x, y) ((x) % (y))
+#endif
 #define PRId64 "d"
 #define PRIx64 "llx"
 #define PRIu64 "u"
@@ -511,52 +517,22 @@ static void apic_send_ipi(struct kvm_lapic *apic)
 static u32 apic_get_tmcct(struct kvm_lapic *apic)
 {
-        u64 counter_passed;
+        ktime_t remaining;
-        ktime_t passed, now;
+        s64 ns;
        u32 tmcct;
        ASSERT(apic != NULL);
-        now = apic->timer.dev.base->get_time();
-        tmcct = apic_get_reg(apic, APIC_TMICT);
        /* if initial count is 0, current count should also be 0 */
-        if (tmcct == 0)
+        if (apic_get_reg(apic, APIC_TMICT) == 0)
                return 0;
-        if (unlikely(ktime_to_ns(now) <=
+        remaining = hrtimer_expires_remaining(&apic->timer.dev);
-                ktime_to_ns(apic->timer.last_update))) {
+        if (ktime_to_ns(remaining) < 0)
-                /* Wrap around */
+                remaining = ktime_set(0, 0);
-                passed = ktime_add(( {
-                                    (ktime_t) {
+        ns = mod_64(ktime_to_ns(remaining), apic->timer.period);
-                                    .tv64 = KTIME_MAX -
+        tmcct = div64_u64(ns, (APIC_BUS_CYCLE_NS * apic->timer.divide_count));
-                                    (apic->timer.last_update).tv64}; }
-                                   ), now);
-                apic_debug("time elapsed\n");
-        } else
-                passed = ktime_sub(now, apic->timer.last_update);
-        counter_passed = div64_u64(ktime_to_ns(passed),
-                                   (APIC_BUS_CYCLE_NS * apic->timer.divide_count));
-        if (counter_passed > tmcct) {
-                if (unlikely(!apic_lvtt_period(apic))) {
-                        /* one-shot timers stick at 0 until reset */
-                        tmcct = 0;
-                } else {
-                        /*
-                         * periodic timers reset to APIC_TMICT when they
-                         * hit 0. The while loop simulates this happening N
-                         * times. (counter_passed %= tmcct) would also work,
-                         * but might be slower or not work on 32-bit??
-                         */
-                        while (counter_passed > tmcct)
-                                counter_passed -= tmcct;
-                        tmcct -= counter_passed;
-                }
-        } else {
-                tmcct -= counter_passed;
-        }
        return tmcct;
 }
@@ -653,8 +629,6 @@ static void start_apic_timer(struct kvm_lapic *apic)
 {
        ktime_t now = apic->timer.dev.base->get_time();
-        apic->timer.last_update = now;
        apic->timer.period = apic_get_reg(apic, APIC_TMICT) *
                    APIC_BUS_CYCLE_NS * apic->timer.divide_count;
        atomic_set(&apic->timer.pending, 0);
@@ -1110,16 +1084,6 @@ void kvm_inject_apic_timer_irqs(struct kvm_vcpu *vcpu)
        }
 }
-void kvm_apic_timer_intr_post(struct kvm_vcpu *vcpu, int vec)
-{
-        struct kvm_lapic *apic = vcpu->arch.apic;
-        if (apic && apic_lvt_vector(apic, APIC_LVTT) == vec)
-                apic->timer.last_update = ktime_add_ns(
-                                apic->timer.last_update,
-                                apic->timer.period);
-}
 int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu)
 {
        int vector = kvm_apic_has_interrupt(vcpu);
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 81858881287e..45ab6ee71209 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -12,7 +12,6 @@ struct kvm_lapic {
                atomic_t pending;
                s64 period;     /* unit: ns */
                u32 divide_count;
-                ktime_t last_update;
                struct hrtimer dev;
        } timer;
        struct kvm_vcpu *vcpu;
@@ -42,7 +41,6 @@ void kvm_set_apic_base(struct kvm_vcpu *vcpu, u64 data);
 void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu);
 int kvm_lapic_enabled(struct kvm_vcpu *vcpu);
 int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu);
-void kvm_apic_timer_intr_post(struct kvm_vcpu *vcpu, int vec);
 void kvm_lapic_set_vapic_addr(struct kvm_vcpu *vcpu, gpa_t vapic_addr);
 void kvm_lapic_sync_from_vapic(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 83f11c7474a1..2d4477c71473 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -1698,8 +1698,13 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
        if (largepage)
                spte |= PT_PAGE_SIZE_MASK;
        if (mt_mask) {
-                mt_mask = get_memory_type(vcpu, gfn) <<
+                if (!kvm_is_mmio_pfn(pfn)) {
-                          kvm_x86_ops->get_mt_mask_shift();
+                        mt_mask = get_memory_type(vcpu, gfn) <<
+                                kvm_x86_ops->get_mt_mask_shift();
+                        mt_mask |= VMX_EPT_IGMT_BIT;
+                } else
+                        mt_mask = MTRR_TYPE_UNCACHABLE <<
+                                kvm_x86_ops->get_mt_mask_shift();
                spte |= mt_mask;
        }
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 1452851ae258..a9e769e4e251 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1600,7 +1600,6 @@ static void svm_intr_assist(struct kvm_vcpu *vcpu)
        /* Okay, we can deliver the interrupt: grab it and update PIC state. */
        intr_vector = kvm_cpu_get_interrupt(vcpu);
        svm_inject_irq(svm, intr_vector);
-        kvm_timer_intr_post(vcpu, intr_vector);
 out:
        update_cr8_intercept(vcpu);
 }
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 6259d7467648..7611af576829 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -903,6 +903,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
                data = vmcs_readl(GUEST_SYSENTER_ESP);
                break;
        default:
+                vmx_load_host_state(to_vmx(vcpu));
                msr = find_msr_entry(to_vmx(vcpu), msr_index);
                if (msr) {
                        data = msr->data;
@@ -3285,7 +3286,6 @@ static void vmx_intr_assist(struct kvm_vcpu *vcpu)
        }
        if (vcpu->arch.interrupt.pending) {
                vmx_inject_irq(vcpu, vcpu->arch.interrupt.nr);
-                kvm_timer_intr_post(vcpu, vcpu->arch.interrupt.nr);
                if (kvm_cpu_has_interrupt(vcpu))
                        enable_irq_window(vcpu);
        }
@@ -3687,8 +3687,7 @@ static int __init vmx_init(void)
        if (vm_need_ept()) {
                bypass_guest_pf = 0;
                kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
-                        VMX_EPT_WRITABLE_MASK |
+                        VMX_EPT_WRITABLE_MASK);
-                        VMX_EPT_IGMT_BIT);
                kvm_mmu_set_mask_ptes(0ull, 0ull, 0ull, 0ull,
                                VMX_EPT_EXECUTABLE_MASK,
                                VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index cc17546a2406..758b7a155ae9 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -967,7 +967,6 @@ int kvm_dev_ioctl_check_extension(long ext)
        case KVM_CAP_MMU_SHADOW_CACHE_CONTROL:
        case KVM_CAP_SET_TSS_ADDR:
        case KVM_CAP_EXT_CPUID:
-        case KVM_CAP_CLOCKSOURCE:
        case KVM_CAP_PIT:
        case KVM_CAP_NOP_IO_DELAY:
        case KVM_CAP_MP_STATE:
@@ -992,6 +991,9 @@ int kvm_dev_ioctl_check_extension(long ext)
        case KVM_CAP_IOMMU:
                r = iommu_found();
                break;
+        case KVM_CAP_CLOCKSOURCE:
+                r = boot_cpu_has(X86_FEATURE_CONSTANT_TSC);
+                break;
        default:
                r = 0;
                break;
@@ -4127,9 +4129,13 @@ static void kvm_free_vcpus(struct kvm *kvm)
 }
-void kvm_arch_destroy_vm(struct kvm *kvm)
+void kvm_arch_sync_events(struct kvm *kvm)
 {
        kvm_free_all_assigned_devices(kvm);
+}
+void kvm_arch_destroy_vm(struct kvm *kvm)
+{
        kvm_iommu_unmap_guest(kvm);
        kvm_free_pit(kvm);
        kfree(kvm->arch.vpic);
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index af750ab973b6..f45d5e29a72e 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -134,25 +134,6 @@ int page_is_ram(unsigned long pagenr)
        return 0;
 }
-int pagerange_is_ram(unsigned long start, unsigned long end)
-{
-        int ram_page = 0, not_rampage = 0;
-        unsigned long page_nr;
-        for (page_nr = (start >> PAGE_SHIFT); page_nr < (end >> PAGE_SHIFT);
-             ++page_nr) {
-                if (page_is_ram(page_nr))
-                        ram_page = 1;
-                else
-                        not_rampage = 1;
-                if (ram_page == not_rampage)
-                        return -1;
-        }
-        return ram_page;
-}
 /*
 * Fix up the linear direct mapping of the kernel to avoid cache attribute
 * conflicts.
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index 84ba74820ad6..8ca0d8566fc8 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -575,7 +575,6 @@ static int __change_page_attr(struct cpa_data *cpa, int primary)
                address = cpa->vaddr[cpa->curpage];
        else
                address = *cpa->vaddr;
 repeat:
        kpte = lookup_address(address, &level);
        if (!kpte)
@@ -812,6 +811,13 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages,
        vm_unmap_aliases();
+        /*
+         * If we're called with lazy mmu updates enabled, the
+         * in-memory pte state may be stale.  Flush pending updates to
+         * bring them up to date.
+         */
+        arch_flush_lazy_mmu_mode();
        cpa.vaddr = addr;
        cpa.numpages = numpages;
        cpa.mask_set = mask_set;
@@ -854,6 +860,13 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages,
        } else
                cpa_flush_all(cache);
+        /*
+         * If we've been called with lazy mmu updates enabled, then
+         * make sure that everything gets flushed out before we
+         * return.
+         */
+        arch_flush_lazy_mmu_mode();
 out:
        return ret;
 }
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index 7b61036427df..aebbf67a79d0 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -211,6 +211,33 @@ chk_conflict(struct memtype *new, struct memtype *entry, unsigned long *type)
 static struct memtype *cached_entry;
 static u64 cached_start;
+static int pat_pagerange_is_ram(unsigned long start, unsigned long end)
+{
+        int ram_page = 0, not_rampage = 0;
+        unsigned long page_nr;
+        for (page_nr = (start >> PAGE_SHIFT); page_nr < (end >> PAGE_SHIFT);
+             ++page_nr) {
+                /*
+                 * For legacy reasons, physical address range in the legacy ISA
+                 * region is tracked as non-RAM. This will allow users of
+                 * /dev/mem to map portions of legacy ISA region, even when
+                 * some of those portions are listed(or not even listed) with
+                 * different e820 types(RAM/reserved/..)
+                 */
+                if (page_nr >= (ISA_END_ADDRESS >> PAGE_SHIFT) &&
+                    page_is_ram(page_nr))
+                        ram_page = 1;
+                else
+                        not_rampage = 1;
+                if (ram_page == not_rampage)
+                        return -1;
+        }
+        return ram_page;
+}
 /*
 * For RAM pages, mark the pages as non WB memory type using
 * PageNonWB (PG_arch_1). We allow only one set_memory_uc() or
@@ -336,20 +363,12 @@ int reserve_memtype(u64 start, u64 end, unsigned long req_type,
        if (new_type)
                *new_type = actual_type;
-        /*
+        is_range_ram = pat_pagerange_is_ram(start, end);
-         * For legacy reasons, some parts of the physical address range in the
+        if (is_range_ram == 1)
-         * legacy 1MB region is treated as non-RAM (even when listed as RAM in
+                return reserve_ram_pages_type(start, end, req_type,
-         * the e820 tables).  So we will track the memory attributes of this
+                                              new_type);
-         * legacy 1MB region using the linear memtype_list always.
+        else if (is_range_ram < 0)
-         */
+                return -EINVAL;
-        if (end >= ISA_END_ADDRESS) {
-                is_range_ram = pagerange_is_ram(start, end);
-                if (is_range_ram == 1)
-                        return reserve_ram_pages_type(start, end, req_type,
-                                                      new_type);
-                else if (is_range_ram < 0)
-                        return -EINVAL;
-        }
        new  = kmalloc(sizeof(struct memtype), GFP_KERNEL);
        if (!new)
@@ -446,19 +465,11 @@ int free_memtype(u64 start, u64 end)
        if (is_ISA_range(start, end - 1))
                return 0;
-        /*
+        is_range_ram = pat_pagerange_is_ram(start, end);
-         * For legacy reasons, some parts of the physical address range in the
+        if (is_range_ram == 1)
-         * legacy 1MB region is treated as non-RAM (even when listed as RAM in
+                return free_ram_pages_type(start, end);
-         * the e820 tables).  So we will track the memory attributes of this
+        else if (is_range_ram < 0)
-         * legacy 1MB region using the linear memtype_list always.
+                return -EINVAL;
-         */
-        if (end >= ISA_END_ADDRESS) {
-                is_range_ram = pagerange_is_ram(start, end);
-                if (is_range_ram == 1)
-                        return free_ram_pages_type(start, end);
-                else if (is_range_ram < 0)
-                        return -EINVAL;
-        }
        spin_lock(&memtype_lock);
        list_for_each_entry(entry, &memtype_list, nd) {
@@ -626,17 +637,13 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
        unsigned long flags;
        unsigned long want_flags = (pgprot_val(*vma_prot) & _PAGE_CACHE_MASK);
-        is_ram = pagerange_is_ram(paddr, paddr + size);
+        is_ram = pat_pagerange_is_ram(paddr, paddr + size);
-        if (is_ram != 0) {
+        /*
-                /*
+         * reserve_pfn_range() doesn't support RAM pages.
-                 * For mapping RAM pages, drivers need to call
+         */
-                 * set_memory_[uc|wc|wb] directly, for reserve and free, before
+        if (is_ram != 0)
-                 * setting up the PTE.
+                return -EINVAL;
-                 */
-                WARN_ON_ONCE(1);
-                return 0;
-        }
        ret = reserve_memtype(paddr, paddr + size, want_flags, &flags);
        if (ret)
@@ -693,7 +700,7 @@ static void free_pfn_range(u64 paddr, unsigned long size)
 {
        int is_ram;
-        is_ram = pagerange_is_ram(paddr, paddr + size);
+        is_ram = pat_pagerange_is_ram(paddr, paddr + size);
        if (is_ram == 0)
                free_memtype(paddr, paddr + size);
 }