53 files changed, 443 insertions, 189 deletions

diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 602f57e590b5..33f71b01fd22 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -79,11 +79,14 @@ else
         UTS_MACHINE := x86_64
         CHECKFLAGS += -D__x86_64__ -m64
 
+        biarch := -m64
         KBUILD_AFLAGS += -m64
         KBUILD_CFLAGS += -m64
 
         # Don't autogenerate traditional x87, MMX or SSE instructions
-        KBUILD_CFLAGS += -mno-mmx -mno-sse -mno-80387 -mno-fp-ret-in-387
+        KBUILD_CFLAGS += -mno-mmx -mno-sse
+        KBUILD_CFLAGS += $(call cc-option,-mno-80387)
+        KBUILD_CFLAGS += $(call cc-option,-mno-fp-ret-in-387)
 
         # Use -mpreferred-stack-boundary=3 if supported.
         KBUILD_CFLAGS += $(call cc-option,-mpreferred-stack-boundary=3)
@@ -250,8 +253,8 @@ archclean:
 PHONY += kvmconfig
 kvmconfig:
         $(if $(wildcard $(objtree)/.config),, $(error You need an existing .config for this target))
-        $(Q)$(CONFIG_SHELL) $(srctree)/scripts/kconfig/merge_config.sh -m -O $(objtree) $(objtree)/.config arch/x86/configs/kvm_guest.config
-        $(Q)yes "" | $(MAKE) oldconfig
+        $(Q)$(CONFIG_SHELL) $(srctree)/scripts/kconfig/merge_config.sh -m -O $(objtree) $(objtree)/.config $(srctree)/arch/x86/configs/kvm_guest.config
+        $(Q)yes "" | $(MAKE) -f $(srctree)/Makefile oldconfig
 
 define archhelp
   echo  '* bzImage      - Compressed kernel image (arch/x86/boot/bzImage)'
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
index abb9eba61b50..dbe8dd2fe247 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -71,7 +71,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE
 
 SETUP_OBJS = $(addprefix $(obj)/,$(setup-y))
 
-sed-voffset := -e 's/^\([0-9a-fA-F]*\) . \(_text\|_end\)$$/\#define VO_\2 0x\1/p'
+sed-voffset := -e 's/^\([0-9a-fA-F]*\) [ABCDGRSTVW] \(_text\|_end\)$$/\#define VO_\2 0x\1/p'
 
 quiet_cmd_voffset = VOFFSET $@
       cmd_voffset = $(NM) $< | sed -n $(sed-voffset) > $@
@@ -80,7 +80,7 @@ targets += voffset.h
 $(obj)/voffset.h: vmlinux FORCE
         $(call if_changed,voffset)
 
-sed-zoffset := -e 's/^\([0-9a-fA-F]*\) . \(startup_32\|startup_64\|efi32_stub_entry\|efi64_stub_entry\|efi_pe_entry\|input_data\|_end\|z_.*\)$$/\#define ZO_\2 0x\1/p'
+sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [ABCDGRSTVW] \(startup_32\|startup_64\|efi32_stub_entry\|efi64_stub_entry\|efi_pe_entry\|input_data\|_end\|z_.*\)$$/\#define ZO_\2 0x\1/p'
 
 quiet_cmd_zoffset = ZOFFSET $@
       cmd_zoffset = $(NM) $< | sed -n $(sed-zoffset) > $@
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 17684615374b..57ab74df7eea 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -354,7 +354,7 @@ static void parse_elf(void *output)
         free(phdrs);
 }
 
-asmlinkage void *decompress_kernel(void *rmode, memptr heap,
+asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
                                   unsigned char *input_data,
                                   unsigned long input_len,
                                   unsigned char *output,
diff --git a/arch/x86/include/asm/hpet.h b/arch/x86/include/asm/hpet.h
index b18df579c0e9..36f7125945e3 100644
--- a/arch/x86/include/asm/hpet.h
+++ b/arch/x86/include/asm/hpet.h
@@ -63,6 +63,7 @@
 /* hpet memory map physical address */
 extern unsigned long hpet_address;
 extern unsigned long force_hpet_address;
+extern int boot_hpet_disable;
 extern u8 hpet_blockid;
 extern int hpet_force_user;
 extern u8 hpet_msi_disable;
diff --git a/arch/x86/include/asm/hugetlb.h b/arch/x86/include/asm/hugetlb.h
index a8091216963b..68c05398bba9 100644
--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -52,6 +52,7 @@ static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
 static inline void huge_ptep_clear_flush(struct vm_area_struct *vma,
                                          unsigned long addr, pte_t *ptep)
 {
+        ptep_clear_flush(vma, addr, ptep);
 }
 
 static inline int huge_pte_none(pte_t pte)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index fcaf9c961265..7de069afb382 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -60,7 +60,7 @@
                           | X86_CR4_PSE | X86_CR4_PAE | X86_CR4_MCE     \
                           | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \
                           | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \
-                          | X86_CR4_OSXMMEXCPT | X86_CR4_VMXE))
+                          | X86_CR4_OSXMMEXCPT | X86_CR4_VMXE | X86_CR4_SMAP))
 
 #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR)
 
diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
index 8de6d9cf3b95..678205195ae1 100644
--- a/arch/x86/include/asm/page_64_types.h
+++ b/arch/x86/include/asm/page_64_types.h
@@ -1,7 +1,7 @@
 #ifndef _ASM_X86_PAGE_64_DEFS_H
 #define _ASM_X86_PAGE_64_DEFS_H
 
-#define THREAD_SIZE_ORDER       1
+#define THREAD_SIZE_ORDER       2
 #define THREAD_SIZE  (PAGE_SIZE << THREAD_SIZE_ORDER)
 #define CURRENT_MASK (~(THREAD_SIZE - 1))
 
diff --git a/arch/x86/include/uapi/asm/msr-index.h b/arch/x86/include/uapi/asm/msr-index.h
index c827ace3121b..fcf2b3ae1bf0 100644
--- a/arch/x86/include/uapi/asm/msr-index.h
+++ b/arch/x86/include/uapi/asm/msr-index.h
@@ -384,7 +384,7 @@
 #define MSR_IA32_MISC_ENABLE_MWAIT_BIT                  18
 #define MSR_IA32_MISC_ENABLE_MWAIT                      (1ULL << MSR_IA32_MISC_ENABLE_MWAIT_BIT)
 #define MSR_IA32_MISC_ENABLE_LIMIT_CPUID_BIT            22
-#define MSR_IA32_MISC_ENABLE_LIMIT_CPUID                (1ULL << MSR_IA32_MISC_ENABLE_LIMIT_CPUID_BIT);
+#define MSR_IA32_MISC_ENABLE_LIMIT_CPUID                (1ULL << MSR_IA32_MISC_ENABLE_LIMIT_CPUID_BIT)
 #define MSR_IA32_MISC_ENABLE_XTPR_DISABLE_BIT           23
 #define MSR_IA32_MISC_ENABLE_XTPR_DISABLE               (1ULL << MSR_IA32_MISC_ENABLE_XTPR_DISABLE_BIT)
 #define MSR_IA32_MISC_ENABLE_XD_DISABLE_BIT             34
diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
index 3a2ae4c88948..31368207837c 100644
--- a/arch/x86/kernel/acpi/sleep.c
+++ b/arch/x86/kernel/acpi/sleep.c
@@ -31,7 +31,7 @@ static char temp_stack[4096];
  *
  * Wrapper around acpi_enter_sleep_state() to be called by assmebly.
  */
-acpi_status asmlinkage x86_acpi_enter_sleep_state(u8 state)
+acpi_status asmlinkage __visible x86_acpi_enter_sleep_state(u8 state)
 {
         return acpi_enter_sleep_state(state);
 }
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index 6ad4658de705..992060e09897 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -2189,7 +2189,7 @@ void send_cleanup_vector(struct irq_cfg *cfg)
         cfg->move_in_progress = 0;
 }
 
-asmlinkage void smp_irq_move_cleanup_interrupt(void)
+asmlinkage __visible void smp_irq_move_cleanup_interrupt(void)
 {
         unsigned vector, me;
 
@@ -3425,6 +3425,11 @@ int get_nr_irqs_gsi(void)
         return nr_irqs_gsi;
 }
 
+unsigned int arch_dynirq_lower_bound(unsigned int from)
+{
+        return from < nr_irqs_gsi ? nr_irqs_gsi : from;
+}
+
 int __init arch_probe_nr_irqs(void)
 {
         int nr;
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
index eeee23ff75ef..68317c80de7f 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -598,7 +598,6 @@ void machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
 {
         struct mce m;
         int i;
-        unsigned long *v;
 
         this_cpu_inc(mce_poll_count);
 
@@ -618,8 +617,7 @@ void machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
                 if (!(m.status & MCI_STATUS_VAL))
                         continue;
 
-                v = &get_cpu_var(mce_polled_error);
-                set_bit(0, v);
+                this_cpu_write(mce_polled_error, 1);
                 /*
                  * Uncorrected or signalled events are handled by the exception
                  * handler when it is enabled, so don't process those here.
diff --git a/arch/x86/kernel/cpu/mcheck/mce_intel.c b/arch/x86/kernel/cpu/mcheck/mce_intel.c
index 3bdb95ae8c43..9a316b21df8b 100644
--- a/arch/x86/kernel/cpu/mcheck/mce_intel.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_intel.c
@@ -42,7 +42,7 @@ static DEFINE_PER_CPU(mce_banks_t, mce_banks_owned);
  * cmci_discover_lock protects against parallel discovery attempts
  * which could race against each other.
  */
-static DEFINE_RAW_SPINLOCK(cmci_discover_lock);
+static DEFINE_SPINLOCK(cmci_discover_lock);
 
 #define CMCI_THRESHOLD          1
 #define CMCI_POLL_INTERVAL      (30 * HZ)
@@ -144,14 +144,14 @@ static void cmci_storm_disable_banks(void)
         int bank;
         u64 val;
 
-        raw_spin_lock_irqsave(&cmci_discover_lock, flags);
+        spin_lock_irqsave(&cmci_discover_lock, flags);
         owned = __get_cpu_var(mce_banks_owned);
         for_each_set_bit(bank, owned, MAX_NR_BANKS) {
                 rdmsrl(MSR_IA32_MCx_CTL2(bank), val);
                 val &= ~MCI_CTL2_CMCI_EN;
                 wrmsrl(MSR_IA32_MCx_CTL2(bank), val);
         }
-        raw_spin_unlock_irqrestore(&cmci_discover_lock, flags);
+        spin_unlock_irqrestore(&cmci_discover_lock, flags);
 }
 
 static bool cmci_storm_detect(void)
@@ -211,7 +211,7 @@ static void cmci_discover(int banks)
         int i;
         int bios_wrong_thresh = 0;
 
-        raw_spin_lock_irqsave(&cmci_discover_lock, flags);
+        spin_lock_irqsave(&cmci_discover_lock, flags);
         for (i = 0; i < banks; i++) {
                 u64 val;
                 int bios_zero_thresh = 0;
@@ -266,7 +266,7 @@ static void cmci_discover(int banks)
                         WARN_ON(!test_bit(i, __get_cpu_var(mce_poll_banks)));
                 }
         }
-        raw_spin_unlock_irqrestore(&cmci_discover_lock, flags);
+        spin_unlock_irqrestore(&cmci_discover_lock, flags);
         if (mca_cfg.bios_cmci_threshold && bios_wrong_thresh) {
                 pr_info_once(
                         "bios_cmci_threshold: Some banks do not have valid thresholds set\n");
@@ -316,10 +316,10 @@ void cmci_clear(void)
 
         if (!cmci_supported(&banks))
                 return;
-        raw_spin_lock_irqsave(&cmci_discover_lock, flags);
+        spin_lock_irqsave(&cmci_discover_lock, flags);
         for (i = 0; i < banks; i++)
                 __cmci_disable_bank(i);
-        raw_spin_unlock_irqrestore(&cmci_discover_lock, flags);
+        spin_unlock_irqrestore(&cmci_discover_lock, flags);
 }
 
 static void cmci_rediscover_work_func(void *arg)
@@ -360,9 +360,9 @@ void cmci_disable_bank(int bank)
         if (!cmci_supported(&banks))
                 return;
 
-        raw_spin_lock_irqsave(&cmci_discover_lock, flags);
+        spin_lock_irqsave(&cmci_discover_lock, flags);
         __cmci_disable_bank(bank);
-        raw_spin_unlock_irqrestore(&cmci_discover_lock, flags);
+        spin_unlock_irqrestore(&cmci_discover_lock, flags);
 }
 
 static void intel_init_cmci(void)
diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c
index d921b7ee6595..36a1bb6d1ee0 100644
--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c
+++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c
@@ -429,14 +429,14 @@ static inline void __smp_thermal_interrupt(void)
         smp_thermal_vector();
 }
 
-asmlinkage void smp_thermal_interrupt(struct pt_regs *regs)
+asmlinkage __visible void smp_thermal_interrupt(struct pt_regs *regs)
 {
         entering_irq();
         __smp_thermal_interrupt();
         exiting_ack_irq();
 }
 
-asmlinkage void smp_trace_thermal_interrupt(struct pt_regs *regs)
+asmlinkage __visible void smp_trace_thermal_interrupt(struct pt_regs *regs)
 {
         entering_irq();
         trace_thermal_apic_entry(THERMAL_APIC_VECTOR);
diff --git a/arch/x86/kernel/cpu/mcheck/threshold.c b/arch/x86/kernel/cpu/mcheck/threshold.c
index fe6b1c86645b..7245980186ee 100644
--- a/arch/x86/kernel/cpu/mcheck/threshold.c
+++ b/arch/x86/kernel/cpu/mcheck/threshold.c
@@ -24,14 +24,14 @@ static inline void __smp_threshold_interrupt(void)
         mce_threshold_vector();
 }
 
-asmlinkage void smp_threshold_interrupt(void)
+asmlinkage __visible void smp_threshold_interrupt(void)
 {
         entering_irq();
         __smp_threshold_interrupt();
         exiting_ack_irq();
 }
 
-asmlinkage void smp_trace_threshold_interrupt(void)
+asmlinkage __visible void smp_trace_threshold_interrupt(void)
 {
         entering_irq();
         trace_threshold_apic_entry(THRESHOLD_APIC_VECTOR);
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
index aa333d966886..adb02aa62af5 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
@@ -169,7 +169,6 @@ static struct event_constraint intel_slm_event_constraints[] __read_mostly =
 {
         FIXED_EVENT_CONSTRAINT(0x00c0, 0), /* INST_RETIRED.ANY */
         FIXED_EVENT_CONSTRAINT(0x003c, 1), /* CPU_CLK_UNHALTED.CORE */
-        FIXED_EVENT_CONSTRAINT(0x013c, 2), /* CPU_CLK_UNHALTED.REF */
         FIXED_EVENT_CONSTRAINT(0x0300, 2), /* pseudo CPU_CLK_UNHALTED.REF */
         EVENT_CONSTRAINT_END
 };
diff --git a/arch/x86/kernel/cpu/perf_event_intel_rapl.c b/arch/x86/kernel/cpu/perf_event_intel_rapl.c
index 059218ed5208..619f7699487a 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_rapl.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_rapl.c
@@ -59,7 +59,7 @@
 #define INTEL_RAPL_PKG          0x2     /* pseudo-encoding */
 #define RAPL_IDX_RAM_NRG_STAT   2       /* DRAM */
 #define INTEL_RAPL_RAM          0x3     /* pseudo-encoding */
-#define RAPL_IDX_PP1_NRG_STAT   3       /* DRAM */
+#define RAPL_IDX_PP1_NRG_STAT   3       /* gpu */
 #define INTEL_RAPL_PP1          0x4     /* pseudo-encoding */
 
 /* Clients have PP0, PKG */
@@ -72,6 +72,12 @@
                          1<<RAPL_IDX_PKG_NRG_STAT|\
                          1<<RAPL_IDX_RAM_NRG_STAT)
 
+/* Servers have PP0, PKG, RAM, PP1 */
+#define RAPL_IDX_HSW    (1<<RAPL_IDX_PP0_NRG_STAT|\
+                         1<<RAPL_IDX_PKG_NRG_STAT|\
+                         1<<RAPL_IDX_RAM_NRG_STAT|\
+                         1<<RAPL_IDX_PP1_NRG_STAT)
+
 /*
  * event code: LSB 8 bits, passed in attr->config
  * any other bit is reserved
@@ -425,6 +431,24 @@ static struct attribute *rapl_events_cln_attr[] = {
         NULL,
 };
 
+static struct attribute *rapl_events_hsw_attr[] = {
+        EVENT_PTR(rapl_cores),
+        EVENT_PTR(rapl_pkg),
+        EVENT_PTR(rapl_gpu),
+        EVENT_PTR(rapl_ram),
+
+        EVENT_PTR(rapl_cores_unit),
+        EVENT_PTR(rapl_pkg_unit),
+        EVENT_PTR(rapl_gpu_unit),
+        EVENT_PTR(rapl_ram_unit),
+
+        EVENT_PTR(rapl_cores_scale),
+        EVENT_PTR(rapl_pkg_scale),
+        EVENT_PTR(rapl_gpu_scale),
+        EVENT_PTR(rapl_ram_scale),
+        NULL,
+};
+
 static struct attribute_group rapl_pmu_events_group = {
         .name = "events",
         .attrs = NULL, /* patched at runtime */
@@ -511,6 +535,7 @@ static int rapl_cpu_prepare(int cpu)
         struct rapl_pmu *pmu = per_cpu(rapl_pmu, cpu);
         int phys_id = topology_physical_package_id(cpu);
         u64 ms;
+        u64 msr_rapl_power_unit_bits;
 
         if (pmu)
                 return 0;
@@ -518,6 +543,10 @@ static int rapl_cpu_prepare(int cpu)
         if (phys_id < 0)
                 return -1;
 
+        /* protect rdmsrl() to handle virtualization */
+        if (rdmsrl_safe(MSR_RAPL_POWER_UNIT, &msr_rapl_power_unit_bits))
+                return -1;
+
         pmu = kzalloc_node(sizeof(*pmu), GFP_KERNEL, cpu_to_node(cpu));
         if (!pmu)
                 return -1;
@@ -531,8 +560,7 @@ static int rapl_cpu_prepare(int cpu)
          *
          * we cache in local PMU instance
          */
-        rdmsrl(MSR_RAPL_POWER_UNIT, pmu->hw_unit);
-        pmu->hw_unit = (pmu->hw_unit >> 8) & 0x1FULL;
+        pmu->hw_unit = (msr_rapl_power_unit_bits >> 8) & 0x1FULL;
         pmu->pmu = &rapl_pmu_class;
 
         /*
@@ -631,11 +659,14 @@ static int __init rapl_pmu_init(void)
         switch (boot_cpu_data.x86_model) {
         case 42: /* Sandy Bridge */
         case 58: /* Ivy Bridge */
-        case 60: /* Haswell */
-        case 69: /* Haswell-Celeron */
                 rapl_cntr_mask = RAPL_IDX_CLN;
                 rapl_pmu_events_group.attrs = rapl_events_cln_attr;
                 break;
+        case 60: /* Haswell */
+        case 69: /* Haswell-Celeron */
+                rapl_cntr_mask = RAPL_IDX_HSW;
+                rapl_pmu_events_group.attrs = rapl_events_hsw_attr;
+                break;
         case 45: /* Sandy Bridge-EP */
         case 62: /* IvyTown */
                 rapl_cntr_mask = RAPL_IDX_SRV;
@@ -650,7 +681,9 @@ static int __init rapl_pmu_init(void)
         cpu_notifier_register_begin();
 
         for_each_online_cpu(cpu) {
-                rapl_cpu_prepare(cpu);
+                ret = rapl_cpu_prepare(cpu);
+                if (ret)
+                        goto out;
                 rapl_cpu_init(cpu);
         }
 
@@ -673,6 +706,7 @@ static int __init rapl_pmu_init(void)
                 hweight32(rapl_cntr_mask),
                 ktime_to_ms(pmu->timer_interval));
 
+out:
         cpu_notifier_register_done();
 
         return 0;
diff --git a/arch/x86/kernel/cpu/rdrand.c b/arch/x86/kernel/cpu/rdrand.c
index 384df5105fbc..136ac74dee82 100644
--- a/arch/x86/kernel/cpu/rdrand.c
+++ b/arch/x86/kernel/cpu/rdrand.c
@@ -27,6 +27,7 @@
 static int __init x86_rdrand_setup(char *s)
 {
         setup_clear_cpu_cap(X86_FEATURE_RDRAND);
+        setup_clear_cpu_cap(X86_FEATURE_RDSEED);
         return 1;
 }
 __setup("nordrand", x86_rdrand_setup);
diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c
index b0cc3809723d..6cda0baeac9d 100644
--- a/arch/x86/kernel/early-quirks.c
+++ b/arch/x86/kernel/early-quirks.c
@@ -17,6 +17,7 @@
 #include <asm/dma.h>
 #include <asm/io_apic.h>
 #include <asm/apic.h>
+#include <asm/hpet.h>
 #include <asm/iommu.h>
 #include <asm/gart.h>
 #include <asm/irq_remapping.h>
@@ -240,7 +241,7 @@ static u32 __init intel_stolen_base(int num, int slot, int func, size_t stolen_s
         return base;
 }
 
-#define KB(x)   ((x) * 1024)
+#define KB(x)   ((x) * 1024UL)
 #define MB(x)   (KB (KB (x)))
 #define GB(x)   (MB (KB (x)))
 
@@ -530,6 +531,15 @@ static void __init intel_graphics_stolen(int num, int slot, int func)
         }
 }
 
+static void __init force_disable_hpet(int num, int slot, int func)
+{
+#ifdef CONFIG_HPET_TIMER
+        boot_hpet_disable = 1;
+        pr_info("x86/hpet: Will disable the HPET for this platform because it's not reliable\n");
+#endif
+}
+
+
 #define QFLAG_APPLY_ONCE        0x1
 #define QFLAG_APPLIED           0x2
 #define QFLAG_DONE              (QFLAG_APPLY_ONCE|QFLAG_APPLIED)
@@ -567,6 +577,12 @@ static struct chipset early_qrk[] __initdata = {
           PCI_BASE_CLASS_BRIDGE, 0, intel_remapping_check },
         { PCI_VENDOR_ID_INTEL, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA, PCI_ANY_ID,
           QFLAG_APPLY_ONCE, intel_graphics_stolen },
+        /*
+         * HPET on current version of Baytrail platform has accuracy
+         * problems, disable it for now:
+         */
+        { PCI_VENDOR_ID_INTEL, 0x0f00,
+                PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, force_disable_hpet},
         {}
 };
 
diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c
index c61a14a4a310..d6c1b9836995 100644
--- a/arch/x86/kernel/head32.c
+++ b/arch/x86/kernel/head32.c
@@ -29,7 +29,7 @@ static void __init i386_default_early_setup(void)
         reserve_ebda_region();
 }
 
-asmlinkage void __init i386_start_kernel(void)
+asmlinkage __visible void __init i386_start_kernel(void)
 {
         sanitize_boot_params(&boot_params);
 
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 85126ccbdf6b..068054f4bf20 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -137,7 +137,7 @@ static void __init copy_bootdata(char *real_mode_data)
         }
 }
 
-asmlinkage void __init x86_64_start_kernel(char * real_mode_data)
+asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
 {
         int i;
 
diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
index 8d80ae011603..4177bfbc80b0 100644
--- a/arch/x86/kernel/hpet.c
+++ b/arch/x86/kernel/hpet.c
@@ -88,7 +88,7 @@ static inline void hpet_clear_mapping(void)
 /*
  * HPET command line enable / disable
  */
-static int boot_hpet_disable;
+int boot_hpet_disable;
 int hpet_force_user;
 static int hpet_verbose;
 
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index 79a3f9682871..61b17dc2c277 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -897,9 +897,10 @@ int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
         struct kprobe *cur = kprobe_running();
         struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 
-        switch (kcb->kprobe_status) {
-        case KPROBE_HIT_SS:
-        case KPROBE_REENTER:
+        if (unlikely(regs->ip == (unsigned long)cur->ainsn.insn)) {
+                /* This must happen on single-stepping */
+                WARN_ON(kcb->kprobe_status != KPROBE_HIT_SS &&
+                        kcb->kprobe_status != KPROBE_REENTER);
                 /*
                  * We are here because the instruction being single
                  * stepped caused a page fault. We reset the current
@@ -914,9 +915,8 @@ int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
                 else
                         reset_current_kprobe();
                 preempt_enable_no_resched();
-                break;
-        case KPROBE_HIT_ACTIVE:
-        case KPROBE_HIT_SSDONE:
+        } else if (kcb->kprobe_status == KPROBE_HIT_ACTIVE ||
+                   kcb->kprobe_status == KPROBE_HIT_SSDONE) {
                 /*
                  * We increment the nmissed count for accounting,
                  * we can also use npre/npostfault count for accounting
@@ -945,10 +945,8 @@ int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
                  * fixup routine could not handle it,
                  * Let do_page_fault() fix it.
                  */
-                break;
-        default:
-                break;
         }
+
         return 0;
 }
 
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index af1d14a9ebda..dcbbaa165bde 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -20,6 +20,8 @@
 #include <asm/mmu_context.h>
 #include <asm/syscalls.h>
 
+int sysctl_ldt16 = 0;
+
 #ifdef CONFIG_SMP
 static void flush_ldt(void *current_mm)
 {
@@ -234,7 +236,7 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
          * IRET leaking the high bits of the kernel stack address.
          */
 #ifdef CONFIG_X86_64
-        if (!ldt_info.seg_32bit) {
+        if (!ldt_info.seg_32bit && !sysctl_ldt16) {
                 error = -EINVAL;
                 goto out_unlock;
         }
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index 9c0280f93d05..898d077617a9 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -52,7 +52,7 @@
 
 asmlinkage extern void ret_from_fork(void);
 
-asmlinkage DEFINE_PER_CPU(unsigned long, old_rsp);
+__visible DEFINE_PER_CPU(unsigned long, old_rsp);
 
 /* Prints also some state that isn't saved in the pt_regs */
 void __show_regs(struct pt_regs *regs, int all)
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index 654b46574b91..52b1157c53eb 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -114,8 +114,8 @@ EXPORT_SYMBOL(machine_real_restart);
  */
 static int __init set_pci_reboot(const struct dmi_system_id *d)
 {
-        if (reboot_type != BOOT_CF9) {
-                reboot_type = BOOT_CF9;
+        if (reboot_type != BOOT_CF9_FORCE) {
+                reboot_type = BOOT_CF9_FORCE;
                 pr_info("%s series board detected. Selecting %s-method for reboots.\n",
                         d->ident, "PCI");
         }
@@ -191,6 +191,16 @@ static struct dmi_system_id __initdata reboot_dmi_table[] = {
                 },
         },
 
+        /* Certec */
+        {       /* Handle problems with rebooting on Certec BPC600 */
+                .callback = set_pci_reboot,
+                .ident = "Certec BPC600",
+                .matches = {
+                        DMI_MATCH(DMI_SYS_VENDOR, "Certec"),
+                        DMI_MATCH(DMI_PRODUCT_NAME, "BPC600"),
+                },
+        },
+
         /* Dell */
         {       /* Handle problems with rebooting on Dell DXP061 */
                 .callback = set_bios_reboot,
@@ -458,20 +468,23 @@ void __attribute__((weak)) mach_reboot_fixups(void)
 }
 
 /*
- * Windows compatible x86 hardware expects the following on reboot:
+ * To the best of our knowledge Windows compatible x86 hardware expects
+ * the following on reboot:
  *
  * 1) If the FADT has the ACPI reboot register flag set, try it
  * 2) If still alive, write to the keyboard controller
  * 3) If still alive, write to the ACPI reboot register again
  * 4) If still alive, write to the keyboard controller again
  * 5) If still alive, call the EFI runtime service to reboot
- * 6) If still alive, write to the PCI IO port 0xCF9 to reboot
- * 7) If still alive, inform BIOS to do a proper reboot
+ * 6) If no EFI runtime service, call the BIOS to do a reboot
+ *
+ * We default to following the same pattern. We also have
+ * two other reboot methods: 'triple fault' and 'PCI', which
+ * can be triggered via the reboot= kernel boot option or
+ * via quirks.
  *
- * If the machine is still alive at this stage, it gives up. We default to
- * following the same pattern, except that if we're still alive after (7) we'll
- * try to force a triple fault and then cycle between hitting the keyboard
- * controller and doing that
+ * This means that this function can never return, it can misbehave
+ * by not rebooting properly and hanging.
  */
 static void native_machine_emergency_restart(void)
 {
@@ -492,6 +505,11 @@ static void native_machine_emergency_restart(void)
         for (;;) {
                 /* Could also try the reset bit in the Hammer NB */
                 switch (reboot_type) {
+                case BOOT_ACPI:
+                        acpi_reboot();
+                        reboot_type = BOOT_KBD;
+                        break;
+
                 case BOOT_KBD:
                         mach_reboot_fixups(); /* For board specific fixups */
 
@@ -509,43 +527,29 @@ static void native_machine_emergency_restart(void)
                         }
                         break;
 
-                case BOOT_TRIPLE:
-                        load_idt(&no_idt);
-                        __asm__ __volatile__("int3");
-
-                        /* We're probably dead after this, but... */
-                        reboot_type = BOOT_KBD;
-                        break;
-
-                case BOOT_BIOS:
-                        machine_real_restart(MRR_BIOS);
-
-                        /* We're probably dead after this, but... */
-                        reboot_type = BOOT_TRIPLE;
-                        break;
-
-                case BOOT_ACPI:
-                        acpi_reboot();
-                        reboot_type = BOOT_KBD;
-                        break;
-
                 case BOOT_EFI:
                         if (efi_enabled(EFI_RUNTIME_SERVICES))
                                 efi.reset_system(reboot_mode == REBOOT_WARM ?
                                                  EFI_RESET_WARM :
                                                  EFI_RESET_COLD,
                                                  EFI_SUCCESS, 0, NULL);
-                        reboot_type = BOOT_CF9_COND;
+                        reboot_type = BOOT_BIOS;
+                        break;
+
+                case BOOT_BIOS:
+                        machine_real_restart(MRR_BIOS);
+
+                        /* We're probably dead after this, but... */
+                        reboot_type = BOOT_CF9_SAFE;
                         break;
 
-                case BOOT_CF9:
+                case BOOT_CF9_FORCE:
                         port_cf9_safe = true;
                         /* Fall through */
 
-                case BOOT_CF9_COND:
+                case BOOT_CF9_SAFE:
                         if (port_cf9_safe) {
-                                u8 reboot_code = reboot_mode == REBOOT_WARM ?
-                                        0x06 : 0x0E;
+                                u8 reboot_code = reboot_mode == REBOOT_WARM ?  0x06 : 0x0E;
                                 u8 cf9 = inb(0xcf9) & ~reboot_code;
                                 outb(cf9|2, 0xcf9); /* Request hard reset */
                                 udelay(50);
@@ -553,7 +557,15 @@ static void native_machine_emergency_restart(void)
                                 outb(cf9|reboot_code, 0xcf9);
                                 udelay(50);
                         }
-                        reboot_type = BOOT_BIOS;
+                        reboot_type = BOOT_TRIPLE;
+                        break;
+
+                case BOOT_TRIPLE:
+                        load_idt(&no_idt);
+                        __asm__ __volatile__("int3");
+
+                        /* We're probably dead after this, but... */
+                        reboot_type = BOOT_KBD;
                         break;
                 }
         }
diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
index 7c3a5a61f2e4..be8e1bde07aa 100644
--- a/arch/x86/kernel/smp.c
+++ b/arch/x86/kernel/smp.c
@@ -168,7 +168,7 @@ static int smp_stop_nmi_callback(unsigned int val, struct pt_regs *regs)
  * this function calls the 'stop' function on all other CPUs in the system.
  */
 
-asmlinkage void smp_reboot_interrupt(void)
+asmlinkage __visible void smp_reboot_interrupt(void)
 {
         ack_APIC_irq();
         irq_enter();
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 57409f6b8c62..f73b5d435bdc 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -357,7 +357,7 @@ exit:
  * for scheduling or signal handling. The actual stack switch is done in
  * entry.S
  */
-asmlinkage __kprobes struct pt_regs *sync_regs(struct pt_regs *eregs)
+asmlinkage __visible __kprobes struct pt_regs *sync_regs(struct pt_regs *eregs)
 {
         struct pt_regs *regs = eregs;
         /* Did already sync */
@@ -601,11 +601,11 @@ do_spurious_interrupt_bug(struct pt_regs *regs, long error_code)
 #endif
 }
 
-asmlinkage void __attribute__((weak)) smp_thermal_interrupt(void)
+asmlinkage __visible void __attribute__((weak)) smp_thermal_interrupt(void)
 {
 }
 
-asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void)
+asmlinkage __visible void __attribute__((weak)) smp_threshold_interrupt(void)
 {
 }
 
diff --git a/arch/x86/kernel/vsmp_64.c b/arch/x86/kernel/vsmp_64.c
index f6584a90aba3..b99b9ad8540c 100644
--- a/arch/x86/kernel/vsmp_64.c
+++ b/arch/x86/kernel/vsmp_64.c
@@ -26,6 +26,9 @@
 
 #define TOPOLOGY_REGISTER_OFFSET 0x10
 
+/* Flag below is initialized once during vSMP PCI initialization. */
+static int irq_routing_comply = 1;
+
 #if defined CONFIG_PCI && defined CONFIG_PARAVIRT
 /*
  * Interrupt control on vSMPowered systems:
@@ -33,7 +36,7 @@
  * and vice versa.
  */
 
-asmlinkage unsigned long vsmp_save_fl(void)
+asmlinkage __visible unsigned long vsmp_save_fl(void)
 {
         unsigned long flags = native_save_fl();
 
@@ -53,7 +56,7 @@ __visible void vsmp_restore_fl(unsigned long flags)
 }
 PV_CALLEE_SAVE_REGS_THUNK(vsmp_restore_fl);
 
-asmlinkage void vsmp_irq_disable(void)
+asmlinkage __visible void vsmp_irq_disable(void)
 {
         unsigned long flags = native_save_fl();
 
@@ -61,7 +64,7 @@ asmlinkage void vsmp_irq_disable(void)
 }
 PV_CALLEE_SAVE_REGS_THUNK(vsmp_irq_disable);
 
-asmlinkage void vsmp_irq_enable(void)
+asmlinkage __visible void vsmp_irq_enable(void)
 {
         unsigned long flags = native_save_fl();
 
@@ -101,6 +104,10 @@ static void __init set_vsmp_pv_ops(void)
 #ifdef CONFIG_SMP
         if (cap & ctl & BIT(8)) {
                 ctl &= ~BIT(8);
+
+                /* Interrupt routing set to ignore */
+                irq_routing_comply = 0;
+
 #ifdef CONFIG_PROC_FS
                 /* Don't let users change irq affinity via procfs */
                 no_irq_affinity = 1;
@@ -218,7 +225,9 @@ static void vsmp_apic_post_init(void)
 {
         /* need to update phys_pkg_id */
         apic->phys_pkg_id = apicid_phys_pkg_id;
-        apic->vector_allocation_domain = fill_vector_allocation_domain;
+
+        if (!irq_routing_comply)
+                apic->vector_allocation_domain = fill_vector_allocation_domain;
 }
 
 void __init vsmp_init(void)
diff --git a/arch/x86/kernel/vsyscall_gtod.c b/arch/x86/kernel/vsyscall_gtod.c
index f9c6e56e14b5..9531fbb123ba 100644
--- a/arch/x86/kernel/vsyscall_gtod.c
+++ b/arch/x86/kernel/vsyscall_gtod.c
@@ -43,7 +43,7 @@ void update_vsyscall(struct timekeeper *tk)
         vdata->monotonic_time_sec       = tk->xtime_sec
                                         + tk->wall_to_monotonic.tv_sec;
         vdata->monotonic_time_snsec     = tk->xtime_nsec
-                                        + (tk->wall_to_monotonic.tv_nsec
+                                        + ((u64)tk->wall_to_monotonic.tv_nsec
                                                 << tk->shift);
         while (vdata->monotonic_time_snsec >=
                                         (((u64)NSEC_PER_SEC) << tk->shift)) {
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index bea60671ef8a..f47a104a749c 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -308,7 +308,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
         const u32 kvm_supported_word9_x86_features =
                 F(FSGSBASE) | F(BMI1) | F(HLE) | F(AVX2) | F(SMEP) |
                 F(BMI2) | F(ERMS) | f_invpcid | F(RTM) | f_mpx | F(RDSEED) |
-                F(ADX);
+                F(ADX) | F(SMAP);
 
         /* all calls to cpuid_count() should be made on the same cpu */
         get_cpu();
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index a2a1bb7ed8c1..eeecbed26ac7 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -48,6 +48,14 @@ static inline bool guest_cpuid_has_smep(struct kvm_vcpu *vcpu)
         return best && (best->ebx & bit(X86_FEATURE_SMEP));
 }
 
+static inline bool guest_cpuid_has_smap(struct kvm_vcpu *vcpu)
+{
+        struct kvm_cpuid_entry2 *best;
+
+        best = kvm_find_cpuid_entry(vcpu, 7, 0);
+        return best && (best->ebx & bit(X86_FEATURE_SMAP));
+}
+
 static inline bool guest_cpuid_has_fsgsbase(struct kvm_vcpu *vcpu)
 {
         struct kvm_cpuid_entry2 *best;
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index f5704d9e5ddc..813d31038b93 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -3601,20 +3601,27 @@ static void reset_rsvds_bits_mask_ept(struct kvm_vcpu *vcpu,
         }
 }
 
-static void update_permission_bitmask(struct kvm_vcpu *vcpu,
+void update_permission_bitmask(struct kvm_vcpu *vcpu,
                 struct kvm_mmu *mmu, bool ept)
 {
         unsigned bit, byte, pfec;
         u8 map;
-        bool fault, x, w, u, wf, uf, ff, smep;
+        bool fault, x, w, u, wf, uf, ff, smapf, cr4_smap, cr4_smep, smap = 0;
 
-        smep = kvm_read_cr4_bits(vcpu, X86_CR4_SMEP);
+        cr4_smep = kvm_read_cr4_bits(vcpu, X86_CR4_SMEP);
+        cr4_smap = kvm_read_cr4_bits(vcpu, X86_CR4_SMAP);
         for (byte = 0; byte < ARRAY_SIZE(mmu->permissions); ++byte) {
                 pfec = byte << 1;
                 map = 0;
                 wf = pfec & PFERR_WRITE_MASK;
                 uf = pfec & PFERR_USER_MASK;
                 ff = pfec & PFERR_FETCH_MASK;
+                /*
+                 * PFERR_RSVD_MASK bit is set in PFEC if the access is not
+                 * subject to SMAP restrictions, and cleared otherwise. The
+                 * bit is only meaningful if the SMAP bit is set in CR4.
+                 */
+                smapf = !(pfec & PFERR_RSVD_MASK);
                 for (bit = 0; bit < 8; ++bit) {
                         x = bit & ACC_EXEC_MASK;
                         w = bit & ACC_WRITE_MASK;
@@ -3626,12 +3633,33 @@ static void update_permission_bitmask(struct kvm_vcpu *vcpu,
                                 /* Allow supervisor writes if !cr0.wp */
                                 w |= !is_write_protection(vcpu) && !uf;
                                 /* Disallow supervisor fetches of user code if cr4.smep */
-                                x &= !(smep && u && !uf);
+                                x &= !(cr4_smep && u && !uf);
+
+                                /*
+                                 * SMAP:kernel-mode data accesses from user-mode
+                                 * mappings should fault. A fault is considered
+                                 * as a SMAP violation if all of the following
+                                 * conditions are ture:
+                                 *   - X86_CR4_SMAP is set in CR4
+                                 *   - An user page is accessed
+                                 *   - Page fault in kernel mode
+                                 *   - if CPL = 3 or X86_EFLAGS_AC is clear
+                                 *
+                                 *   Here, we cover the first three conditions.
+                                 *   The fourth is computed dynamically in
+                                 *   permission_fault() and is in smapf.
+                                 *
+                                 *   Also, SMAP does not affect instruction
+                                 *   fetches, add the !ff check here to make it
+                                 *   clearer.
+                                 */
+                                smap = cr4_smap && u && !uf && !ff;
                         } else
                                 /* Not really needed: no U/S accesses on ept  */
                                 u = 1;
 
-                        fault = (ff && !x) || (uf && !u) || (wf && !w);
+                        fault = (ff && !x) || (uf && !u) || (wf && !w) ||
+                                (smapf && smap);
                         map |= fault << bit;
                 }
                 mmu->permissions[byte] = map;
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index 292615274358..3842e70bdb7c 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -44,11 +44,17 @@
 #define PT_DIRECTORY_LEVEL 2
 #define PT_PAGE_TABLE_LEVEL 1
 
-#define PFERR_PRESENT_MASK (1U << 0)
-#define PFERR_WRITE_MASK (1U << 1)
-#define PFERR_USER_MASK (1U << 2)
-#define PFERR_RSVD_MASK (1U << 3)
-#define PFERR_FETCH_MASK (1U << 4)
+#define PFERR_PRESENT_BIT 0
+#define PFERR_WRITE_BIT 1
+#define PFERR_USER_BIT 2
+#define PFERR_RSVD_BIT 3
+#define PFERR_FETCH_BIT 4
+
+#define PFERR_PRESENT_MASK (1U << PFERR_PRESENT_BIT)
+#define PFERR_WRITE_MASK (1U << PFERR_WRITE_BIT)
+#define PFERR_USER_MASK (1U << PFERR_USER_BIT)
+#define PFERR_RSVD_MASK (1U << PFERR_RSVD_BIT)
+#define PFERR_FETCH_MASK (1U << PFERR_FETCH_BIT)
 
 int kvm_mmu_get_spte_hierarchy(struct kvm_vcpu *vcpu, u64 addr, u64 sptes[4]);
 void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask);
@@ -73,6 +79,8 @@ int handle_mmio_page_fault_common(struct kvm_vcpu *vcpu, u64 addr, bool direct);
 void kvm_init_shadow_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *context);
 void kvm_init_shadow_ept_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *context,
                 bool execonly);
+void update_permission_bitmask(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
+                bool ept);
 
 static inline unsigned int kvm_mmu_available_pages(struct kvm *kvm)
 {
@@ -110,10 +118,30 @@ static inline bool is_write_protection(struct kvm_vcpu *vcpu)
  * Will a fault with a given page-fault error code (pfec) cause a permission
  * fault with the given access (in ACC_* format)?
  */
-static inline bool permission_fault(struct kvm_mmu *mmu, unsigned pte_access,
-                                    unsigned pfec)
+static inline bool permission_fault(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
+                                    unsigned pte_access, unsigned pfec)
 {
-        return (mmu->permissions[pfec >> 1] >> pte_access) & 1;
+        int cpl = kvm_x86_ops->get_cpl(vcpu);
+        unsigned long rflags = kvm_x86_ops->get_rflags(vcpu);
+
+        /*
+         * If CPL < 3, SMAP prevention are disabled if EFLAGS.AC = 1.
+         *
+         * If CPL = 3, SMAP applies to all supervisor-mode data accesses
+         * (these are implicit supervisor accesses) regardless of the value
+         * of EFLAGS.AC.
+         *
+         * This computes (cpl < 3) && (rflags & X86_EFLAGS_AC), leaving
+         * the result in X86_EFLAGS_AC. We then insert it in place of
+         * the PFERR_RSVD_MASK bit; this bit will always be zero in pfec,
+         * but it will be one in index if SMAP checks are being overridden.
+         * It is important to keep this branchless.
+         */
+        unsigned long smap = (cpl - 3) & (rflags & X86_EFLAGS_AC);
+        int index = (pfec >> 1) +
+                    (smap >> (X86_EFLAGS_AC_BIT - PFERR_RSVD_BIT + 1));
+
+        return (mmu->permissions[index] >> pte_access) & 1;
 }
 
 void kvm_mmu_invalidate_zap_all_pages(struct kvm *kvm);
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index b1e6c1bf68d3..123efd3ec29f 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -353,7 +353,7 @@ retry_walk:
                 walker->ptes[walker->level - 1] = pte;
         } while (!is_last_gpte(mmu, walker->level, pte));
 
-        if (unlikely(permission_fault(mmu, pte_access, access))) {
+        if (unlikely(permission_fault(vcpu, mmu, pte_access, access))) {
                 errcode |= PFERR_PRESENT_MASK;
                 goto error;
         }
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 1320e0f8e611..138ceffc6377 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -503,7 +503,7 @@ static inline struct vcpu_vmx *to_vmx(struct kvm_vcpu *vcpu)
                                 [number##_HIGH] = VMCS12_OFFSET(name)+4
 
 
-static const unsigned long shadow_read_only_fields[] = {
+static unsigned long shadow_read_only_fields[] = {
         /*
          * We do NOT shadow fields that are modified when L0
          * traps and emulates any vmx instruction (e.g. VMPTRLD,
@@ -526,10 +526,10 @@ static const unsigned long shadow_read_only_fields[] = {
         GUEST_LINEAR_ADDRESS,
         GUEST_PHYSICAL_ADDRESS
 };
-static const int max_shadow_read_only_fields =
+static int max_shadow_read_only_fields =
         ARRAY_SIZE(shadow_read_only_fields);
 
-static const unsigned long shadow_read_write_fields[] = {
+static unsigned long shadow_read_write_fields[] = {
         GUEST_RIP,
         GUEST_RSP,
         GUEST_CR0,
@@ -558,7 +558,7 @@ static const unsigned long shadow_read_write_fields[] = {
         HOST_FS_SELECTOR,
         HOST_GS_SELECTOR
 };
-static const int max_shadow_read_write_fields =
+static int max_shadow_read_write_fields =
         ARRAY_SIZE(shadow_read_write_fields);
 
 static const unsigned short vmcs_field_to_offset_table[] = {
@@ -3009,6 +3009,41 @@ static void free_kvm_area(void)
         }
 }
 
+static void init_vmcs_shadow_fields(void)
+{
+        int i, j;
+
+        /* No checks for read only fields yet */
+
+        for (i = j = 0; i < max_shadow_read_write_fields; i++) {
+                switch (shadow_read_write_fields[i]) {
+                case GUEST_BNDCFGS:
+                        if (!vmx_mpx_supported())
+                                continue;
+                        break;
+                default:
+                        break;
+                }
+
+                if (j < i)
+                        shadow_read_write_fields[j] =
+                                shadow_read_write_fields[i];
+                j++;
+        }
+        max_shadow_read_write_fields = j;
+
+        /* shadowed fields guest access without vmexit */
+        for (i = 0; i < max_shadow_read_write_fields; i++) {
+                clear_bit(shadow_read_write_fields[i],
+                          vmx_vmwrite_bitmap);
+                clear_bit(shadow_read_write_fields[i],
+                          vmx_vmread_bitmap);
+        }
+        for (i = 0; i < max_shadow_read_only_fields; i++)
+                clear_bit(shadow_read_only_fields[i],
+                          vmx_vmread_bitmap);
+}
+
 static __init int alloc_kvm_area(void)
 {
         int cpu;
@@ -3039,6 +3074,8 @@ static __init int hardware_setup(void)
                 enable_vpid = 0;
         if (!cpu_has_vmx_shadow_vmcs())
                 enable_shadow_vmcs = 0;
+        if (enable_shadow_vmcs)
+                init_vmcs_shadow_fields();
 
         if (!cpu_has_vmx_ept() ||
             !cpu_has_vmx_ept_4levels()) {
@@ -3484,13 +3521,14 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
                         hw_cr4 &= ~X86_CR4_PAE;
                         hw_cr4 |= X86_CR4_PSE;
                         /*
-                         * SMEP is disabled if CPU is in non-paging mode in
-                         * hardware. However KVM always uses paging mode to
+                         * SMEP/SMAP is disabled if CPU is in non-paging mode
+                         * in hardware. However KVM always uses paging mode to
                          * emulate guest non-paging mode with TDP.
-                         * To emulate this behavior, SMEP needs to be manually
-                         * disabled when guest switches to non-paging mode.
+                         * To emulate this behavior, SMEP/SMAP needs to be
+                         * manually disabled when guest switches to non-paging
+                         * mode.
                          */
-                        hw_cr4 &= ~X86_CR4_SMEP;
+                        hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
                 } else if (!(cr4 & X86_CR4_PAE)) {
                         hw_cr4 &= ~X86_CR4_PAE;
                 }
@@ -7740,7 +7778,8 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
 
         exec_control = vmcs12->pin_based_vm_exec_control;
         exec_control |= vmcs_config.pin_based_exec_ctrl;
-        exec_control &= ~PIN_BASED_VMX_PREEMPTION_TIMER;
+        exec_control &= ~(PIN_BASED_VMX_PREEMPTION_TIMER |
+                          PIN_BASED_POSTED_INTR);
         vmcs_write32(PIN_BASED_VM_EXEC_CONTROL, exec_control);
 
         vmx->nested.preemption_timer_expired = false;
@@ -7777,7 +7816,9 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
                 if (!vmx->rdtscp_enabled)
                         exec_control &= ~SECONDARY_EXEC_RDTSCP;
                 /* Take the following fields only from vmcs12 */
-                exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
+                exec_control &= ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
+                                  SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
+                                  SECONDARY_EXEC_APIC_REGISTER_VIRT);
                 if (nested_cpu_has(vmcs12,
                                 CPU_BASED_ACTIVATE_SECONDARY_CONTROLS))
                         exec_control |= vmcs12->secondary_vm_exec_control;
@@ -8802,14 +8843,6 @@ static int __init vmx_init(void)
 
         memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
         memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
-        /* shadowed read/write fields */
-        for (i = 0; i < max_shadow_read_write_fields; i++) {
-                clear_bit(shadow_read_write_fields[i], vmx_vmwrite_bitmap);
-                clear_bit(shadow_read_write_fields[i], vmx_vmread_bitmap);
-        }
-        /* shadowed read only fields */
-        for (i = 0; i < max_shadow_read_only_fields; i++)
-                clear_bit(shadow_read_only_fields[i], vmx_vmread_bitmap);
 
         /*
          * Allow direct access to the PC debug port (it is often used for I/O
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 9d1b5cd4d34c..20316c67b824 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -106,6 +106,8 @@ EXPORT_SYMBOL_GPL(kvm_max_guest_tsc_khz);
 static u32 tsc_tolerance_ppm = 250;
 module_param(tsc_tolerance_ppm, uint, S_IRUGO | S_IWUSR);
 
+static bool backwards_tsc_observed = false;
+
 #define KVM_NR_SHARED_MSRS 16
 
 struct kvm_shared_msrs_global {
@@ -280,7 +282,7 @@ int kvm_set_apic_base(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 }
 EXPORT_SYMBOL_GPL(kvm_set_apic_base);
 
-asmlinkage void kvm_spurious_fault(void)
+asmlinkage __visible void kvm_spurious_fault(void)
 {
         /* Fault while not rebooting.  We want the trace. */
         BUG();
@@ -652,6 +654,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
         if (!guest_cpuid_has_smep(vcpu) && (cr4 & X86_CR4_SMEP))
                 return 1;
 
+        if (!guest_cpuid_has_smap(vcpu) && (cr4 & X86_CR4_SMAP))
+                return 1;
+
         if (!guest_cpuid_has_fsgsbase(vcpu) && (cr4 & X86_CR4_FSGSBASE))
                 return 1;
 
@@ -680,6 +685,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
             (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE)))
                 kvm_mmu_reset_context(vcpu);
 
+        if ((cr4 ^ old_cr4) & X86_CR4_SMAP)
+                update_permission_bitmask(vcpu, vcpu->arch.walk_mmu, false);
+
         if ((cr4 ^ old_cr4) & X86_CR4_OSXSAVE)
                 kvm_update_cpuid(vcpu);
 
@@ -1117,7 +1125,6 @@ static inline u64 get_kernel_ns(void)
 {
         struct timespec ts;
 
-        WARN_ON(preemptible());
         ktime_get_ts(&ts);
         monotonic_to_bootbased(&ts);
         return timespec_to_ns(&ts);
@@ -1481,7 +1488,8 @@ static void pvclock_update_vm_gtod_copy(struct kvm *kvm)
                                         &ka->master_kernel_ns,
                                         &ka->master_cycle_now);
 
-        ka->use_master_clock = host_tsc_clocksource & vcpus_matched;
+        ka->use_master_clock = host_tsc_clocksource && vcpus_matched
+                                && !backwards_tsc_observed;
 
         if (ka->use_master_clock)
                 atomic_set(&kvm_guest_has_master_clock, 1);
@@ -4164,7 +4172,8 @@ static int vcpu_mmio_gva_to_gpa(struct kvm_vcpu *vcpu, unsigned long gva,
                 | (write ? PFERR_WRITE_MASK : 0);
 
         if (vcpu_match_mmio_gva(vcpu, gva)
-            && !permission_fault(vcpu->arch.walk_mmu, vcpu->arch.access, access)) {
+            && !permission_fault(vcpu, vcpu->arch.walk_mmu,
+                                 vcpu->arch.access, access)) {
                 *gpa = vcpu->arch.mmio_gfn << PAGE_SHIFT |
                                         (gva & (PAGE_SIZE - 1));
                 trace_vcpu_match_mmio(gva, *gpa, write, false);
@@ -6939,6 +6948,7 @@ int kvm_arch_hardware_enable(void *garbage)
          */
         if (backwards_tsc) {
                 u64 delta_cyc = max_tsc - local_tsc;
+                backwards_tsc_observed = true;
                 list_for_each_entry(kvm, &vm_list, vm_list) {
                         kvm_for_each_vcpu(i, vcpu, kvm) {
                                 vcpu->arch.tsc_offset_adjustment += delta_cyc;
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index ad1fb5f53925..aae94132bc24 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -233,13 +233,13 @@ static void lguest_end_context_switch(struct task_struct *next)
  * flags word contains all kind of stuff, but in practice Linux only cares
  * about the interrupt flag.  Our "save_flags()" just returns that.
  */
-asmlinkage unsigned long lguest_save_fl(void)
+asmlinkage __visible unsigned long lguest_save_fl(void)
 {
         return lguest_data.irq_enabled;
 }
 
 /* Interrupts go off... */
-asmlinkage void lguest_irq_disable(void)
+asmlinkage __visible void lguest_irq_disable(void)
 {
         lguest_data.irq_enabled = 0;
 }
diff --git a/arch/x86/lib/msr.c b/arch/x86/lib/msr.c
index db9db446b71a..43623739c7cf 100644
--- a/arch/x86/lib/msr.c
+++ b/arch/x86/lib/msr.c
@@ -76,7 +76,7 @@ static inline int __flip_bit(u32 msr, u8 bit, bool set)
         if (m1.q == m.q)
                 return 0;
 
-        err = msr_write(msr, &m);
+        err = msr_write(msr, &m1);
         if (err)
                 return err;
 
diff --git a/arch/x86/math-emu/errors.c b/arch/x86/math-emu/errors.c
index a5449089cd9f..9e6545f269e5 100644
--- a/arch/x86/math-emu/errors.c
+++ b/arch/x86/math-emu/errors.c
@@ -302,7 +302,7 @@ static struct {
               0x242  in div_Xsig.S
  */
 
-asmlinkage void FPU_exception(int n)
+asmlinkage __visible void FPU_exception(int n)
 {
         int i, int_type;
 
@@ -492,7 +492,7 @@ int real_2op_NaN(FPU_REG const *b, u_char tagb,
 
 /* Invalid arith operation on Valid registers */
 /* Returns < 0 if the exception is unmasked */
-asmlinkage int arith_invalid(int deststnr)
+asmlinkage __visible int arith_invalid(int deststnr)
 {
 
         EXCEPTION(EX_Invalid);
@@ -507,7 +507,7 @@ asmlinkage int arith_invalid(int deststnr)
 }
 
 /* Divide a finite number by zero */
-asmlinkage int FPU_divide_by_zero(int deststnr, u_char sign)
+asmlinkage __visible int FPU_divide_by_zero(int deststnr, u_char sign)
 {
         FPU_REG *dest = &st(deststnr);
         int tag = TAG_Valid;
@@ -539,7 +539,7 @@ int set_precision_flag(int flags)
 }
 
 /* This may be called often, so keep it lean */
-asmlinkage void set_precision_flag_up(void)
+asmlinkage __visible void set_precision_flag_up(void)
 {
         if (control_word & CW_Precision)
                 partial_status |= (SW_Precision | SW_C1);       /* The masked response */
@@ -548,7 +548,7 @@ asmlinkage void set_precision_flag_up(void)
 }
 
 /* This may be called often, so keep it lean */
-asmlinkage void set_precision_flag_down(void)
+asmlinkage __visible void set_precision_flag_down(void)
 {
         if (control_word & CW_Precision) {      /* The masked response */
                 partial_status &= ~SW_C1;
@@ -557,7 +557,7 @@ asmlinkage void set_precision_flag_down(void)
                 EXCEPTION(EX_Precision);
 }
 
-asmlinkage int denormal_operand(void)
+asmlinkage __visible int denormal_operand(void)
 {
         if (control_word & CW_Denormal) {       /* The masked response */
                 partial_status |= SW_Denorm_Op;
@@ -568,7 +568,7 @@ asmlinkage int denormal_operand(void)
         }
 }
 
-asmlinkage int arith_overflow(FPU_REG *dest)
+asmlinkage __visible int arith_overflow(FPU_REG *dest)
 {
         int tag = TAG_Valid;
 
@@ -596,7 +596,7 @@ asmlinkage int arith_overflow(FPU_REG *dest)
 
 }
 
-asmlinkage int arith_underflow(FPU_REG *dest)
+asmlinkage __visible int arith_underflow(FPU_REG *dest)
 {
         int tag = TAG_Valid;
 
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index dc017735bb91..6d5663a599a7 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -171,7 +171,7 @@ static struct bpf_binary_header *bpf_alloc_binary(unsigned int proglen,
         memset(header, 0xcc, sz); /* fill whole space with int3 instructions */
 
         header->pages = sz / PAGE_SIZE;
-        hole = sz - (proglen + sizeof(*header));
+        hole = min(sz - (proglen + sizeof(*header)), PAGE_SIZE - sizeof(*header));
 
         /* insert a random number of int3 instructions before BPF code */
         *image_ptr = &header->image[prandom_u32() % hole];
diff --git a/arch/x86/platform/efi/early_printk.c b/arch/x86/platform/efi/early_printk.c
index 81b506d5befd..524142117296 100644
--- a/arch/x86/platform/efi/early_printk.c
+++ b/arch/x86/platform/efi/early_printk.c
@@ -14,48 +14,92 @@
 
 static const struct font_desc *font;
 static u32 efi_x, efi_y;
+static void *efi_fb;
+static bool early_efi_keep;
 
-static __init void early_efi_clear_scanline(unsigned int y)
+/*
+ * efi earlyprintk need use early_ioremap to map the framebuffer.
+ * But early_ioremap is not usable for earlyprintk=efi,keep, ioremap should
+ * be used instead. ioremap will be available after paging_init() which is
+ * earlier than initcall callbacks. Thus adding this early initcall function
+ * early_efi_map_fb to map the whole efi framebuffer.
+ */
+static __init int early_efi_map_fb(void)
 {
-        unsigned long base, *dst;
-        u16 len;
+        unsigned long base, size;
+
+        if (!early_efi_keep)
+                return 0;
 
         base = boot_params.screen_info.lfb_base;
-        len = boot_params.screen_info.lfb_linelength;
+        size = boot_params.screen_info.lfb_size;
+        efi_fb = ioremap(base, size);
+
+        return efi_fb ? 0 : -ENOMEM;
+}
+early_initcall(early_efi_map_fb);
+
+/*
+ * early_efi_map maps efi framebuffer region [start, start + len -1]
+ * In case earlyprintk=efi,keep we have the whole framebuffer mapped already
+ * so just return the offset efi_fb + start.
+ */
+static __init_refok void *early_efi_map(unsigned long start, unsigned long len)
+{
+        unsigned long base;
+
+        base = boot_params.screen_info.lfb_base;
+
+        if (efi_fb)
+                return (efi_fb + start);
+        else
+                return early_ioremap(base + start, len);
+}
 
-        dst = early_ioremap(base + y*len, len);
+static __init_refok void early_efi_unmap(void *addr, unsigned long len)
+{
+        if (!efi_fb)
+                early_iounmap(addr, len);
+}
+
+static void early_efi_clear_scanline(unsigned int y)
+{
+        unsigned long *dst;
+        u16 len;
+
+        len = boot_params.screen_info.lfb_linelength;
+        dst = early_efi_map(y*len, len);
         if (!dst)
                 return;
 
         memset(dst, 0, len);
-        early_iounmap(dst, len);
+        early_efi_unmap(dst, len);
 }
 
-static __init void early_efi_scroll_up(void)
+static void early_efi_scroll_up(void)
 {
-        unsigned long base, *dst, *src;
+        unsigned long *dst, *src;
         u16 len;
         u32 i, height;
 
-        base = boot_params.screen_info.lfb_base;
         len = boot_params.screen_info.lfb_linelength;
         height = boot_params.screen_info.lfb_height;
 
         for (i = 0; i < height - font->height; i++) {
-                dst = early_ioremap(base + i*len, len);
+                dst = early_efi_map(i*len, len);
                 if (!dst)
                         return;
 
-                src = early_ioremap(base + (i + font->height) * len, len);
+                src = early_efi_map((i + font->height) * len, len);
                 if (!src) {
-                        early_iounmap(dst, len);
+                        early_efi_unmap(dst, len);
                         return;
                 }
 
                 memmove(dst, src, len);
 
-                early_iounmap(src, len);
-                early_iounmap(dst, len);
+                early_efi_unmap(src, len);
+                early_efi_unmap(dst, len);
         }
 }
 
@@ -79,16 +123,14 @@ static void early_efi_write_char(u32 *dst, unsigned char c, unsigned int h)
         }
 }
 
-static __init void
+static void
 early_efi_write(struct console *con, const char *str, unsigned int num)
 {
         struct screen_info *si;
-        unsigned long base;
         unsigned int len;
         const char *s;
         void *dst;
 
-        base = boot_params.screen_info.lfb_base;
         si = &boot_params.screen_info;
         len = si->lfb_linelength;
 
@@ -109,7 +151,7 @@ early_efi_write(struct console *con, const char *str, unsigned int num)
                 for (h = 0; h < font->height; h++) {
                         unsigned int n, x;
 
-                        dst = early_ioremap(base + (efi_y + h) * len, len);
+                        dst = early_efi_map((efi_y + h) * len, len);
                         if (!dst)
                                 return;
 
@@ -123,7 +165,7 @@ early_efi_write(struct console *con, const char *str, unsigned int num)
                                 s++;
                         }
 
-                        early_iounmap(dst, len);
+                        early_efi_unmap(dst, len);
                 }
 
                 num -= count;
@@ -179,6 +221,9 @@ static __init int early_efi_setup(struct console *con, char *options)
         for (i = 0; i < (yres - efi_y) / font->height; i++)
                 early_efi_scroll_up();
 
+        /* early_console_register will unset CON_BOOT in case ,keep */
+        if (!(con->flags & CON_BOOT))
+                early_efi_keep = true;
         return 0;
 }
 
diff --git a/arch/x86/platform/olpc/olpc-xo1-pm.c b/arch/x86/platform/olpc/olpc-xo1-pm.c
index ff0174dda810..a9acde72d4ed 100644
--- a/arch/x86/platform/olpc/olpc-xo1-pm.c
+++ b/arch/x86/platform/olpc/olpc-xo1-pm.c
@@ -75,7 +75,7 @@ static int xo1_power_state_enter(suspend_state_t pm_state)
         return 0;
 }
 
-asmlinkage int xo1_do_sleep(u8 sleep_state)
+asmlinkage __visible int xo1_do_sleep(u8 sleep_state)
 {
         void *pgd_addr = __va(read_cr3());
 
diff --git a/arch/x86/power/hibernate_64.c b/arch/x86/power/hibernate_64.c
index 304fca20d96e..35e2bb6c0f37 100644
--- a/arch/x86/power/hibernate_64.c
+++ b/arch/x86/power/hibernate_64.c
@@ -23,7 +23,7 @@
 extern __visible const void __nosave_begin, __nosave_end;
 
 /* Defined in hibernate_asm_64.S */
-extern asmlinkage int restore_image(void);
+extern asmlinkage __visible int restore_image(void);
 
 /*
  * Address to jump to in the last phase of restore in order to get to the image
diff --git a/arch/x86/syscalls/Makefile b/arch/x86/syscalls/Makefile
index f325af26107c..3323c2745248 100644
--- a/arch/x86/syscalls/Makefile
+++ b/arch/x86/syscalls/Makefile
@@ -54,5 +54,7 @@ syshdr-$(CONFIG_X86_64)		+= syscalls_64.h
 
 targets += $(uapisyshdr-y) $(syshdr-y)
 
+PHONY += all
 all: $(addprefix $(uapi)/,$(uapisyshdr-y))
 all: $(addprefix $(out)/,$(syshdr-y))
+        @:
diff --git a/arch/x86/syscalls/syscall_32.tbl b/arch/x86/syscalls/syscall_32.tbl
index 96bc506ac6de..d6b867921612 100644
--- a/arch/x86/syscalls/syscall_32.tbl
+++ b/arch/x86/syscalls/syscall_32.tbl
@@ -359,3 +359,4 @@
 350     i386    finit_module            sys_finit_module
 351     i386    sched_setattr           sys_sched_setattr
 352     i386    sched_getattr           sys_sched_getattr
+353     i386    renameat2               sys_renameat2
diff --git a/arch/x86/tools/Makefile b/arch/x86/tools/Makefile
index e8120346903b..604a37efd4d5 100644
--- a/arch/x86/tools/Makefile
+++ b/arch/x86/tools/Makefile
@@ -40,4 +40,6 @@ $(obj)/insn_sanity.o: $(srctree)/arch/x86/lib/insn.c $(srctree)/arch/x86/lib/ina
 HOST_EXTRACFLAGS += -I$(srctree)/tools/include
 hostprogs-y     += relocs
 relocs-objs     := relocs_32.o relocs_64.o relocs_common.o
+PHONY += relocs
 relocs: $(obj)/relocs
+        @:
diff --git a/arch/x86/vdso/vdso-layout.lds.S b/arch/x86/vdso/vdso-layout.lds.S
index 2e263f367b13..9df017ab2285 100644
--- a/arch/x86/vdso/vdso-layout.lds.S
+++ b/arch/x86/vdso/vdso-layout.lds.S
@@ -9,12 +9,9 @@ SECTIONS
 #ifdef BUILD_VDSO32
 #include <asm/vdso32.h>
 
-        .hpet_sect : {
-                hpet_page = . - VDSO_OFFSET(VDSO_HPET_PAGE);
-        } :text :hpet_sect
+        hpet_page = . - VDSO_OFFSET(VDSO_HPET_PAGE);
 
-        .vvar_sect : {
-                vvar = . - VDSO_OFFSET(VDSO_VVAR_PAGE);
+        vvar = . - VDSO_OFFSET(VDSO_VVAR_PAGE);
 
         /* Place all vvars at the offsets in asm/vvar.h. */
 #define EMIT_VVAR(name, offset) vvar_ ## name = vvar + offset;
@@ -22,7 +19,6 @@ SECTIONS
 #include <asm/vvar.h>
 #undef __VVAR_KERNEL_LDS
 #undef EMIT_VVAR
-        } :text :vvar_sect
 #endif
         . = SIZEOF_HEADERS;
 
@@ -61,7 +57,12 @@ SECTIONS
          */
         . = ALIGN(0x100);
 
-        .text           : { *(.text*) }                 :text   =0x90909090
+        .text           : { *(.text*) }                 :text   =0x90909090,
+
+        /*
+         * The comma above works around a bug in gold:
+         * https://sourceware.org/bugzilla/show_bug.cgi?id=16804
+         */
 
         /DISCARD/ : {
                 *(.discard)
@@ -84,8 +85,4 @@ PHDRS
         dynamic         PT_DYNAMIC      FLAGS(4);               /* PF_R */
         note            PT_NOTE         FLAGS(4);               /* PF_R */
         eh_frame_hdr    PT_GNU_EH_FRAME;
-#ifdef BUILD_VDSO32
-        vvar_sect       PT_NULL         FLAGS(4);               /* PF_R */
-        hpet_sect       PT_NULL         FLAGS(4);               /* PF_R */
-#endif
 }
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
index 00348980a3a6..e1f220e3ca68 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -39,6 +39,7 @@
 #ifdef CONFIG_X86_64
 #define vdso_enabled                    sysctl_vsyscall32
 #define arch_setup_additional_pages     syscall32_setup_pages
+extern int sysctl_ldt16;
 #endif
 
 /*
@@ -249,6 +250,13 @@ static struct ctl_table abi_table2[] = {
                 .mode           = 0644,
                 .proc_handler   = proc_dointvec
         },
+        {
+                .procname       = "ldt16",
+                .data           = &sysctl_ldt16,
+                .maxlen         = sizeof(int),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec
+        },
         {}
 };
 
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 201d09a7c46b..c34bfc4bbe7f 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1515,7 +1515,7 @@ static void __init xen_pvh_early_guest_init(void)
 }
 
 /* First C function to be called on Xen boot */
-asmlinkage void __init xen_start_kernel(void)
+asmlinkage __visible void __init xen_start_kernel(void)
 {
         struct physdev_set_iopl set_iopl;
         int rc;
diff --git a/arch/x86/xen/irq.c b/arch/x86/xen/irq.c
index 08f763de26fe..a1207cb6472a 100644
--- a/arch/x86/xen/irq.c
+++ b/arch/x86/xen/irq.c
@@ -23,7 +23,7 @@ void xen_force_evtchn_callback(void)
         (void)HYPERVISOR_xen_version(0, NULL);
 }
 
-asmlinkage unsigned long xen_save_fl(void)
+asmlinkage __visible unsigned long xen_save_fl(void)
 {
         struct vcpu_info *vcpu;
         unsigned long flags;
@@ -63,7 +63,7 @@ __visible void xen_restore_fl(unsigned long flags)
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_restore_fl);
 
-asmlinkage void xen_irq_disable(void)
+asmlinkage __visible void xen_irq_disable(void)
 {
         /* There's a one instruction preempt window here.  We need to
            make sure we're don't switch CPUs between getting the vcpu
@@ -74,7 +74,7 @@ asmlinkage void xen_irq_disable(void)
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_irq_disable);
 
-asmlinkage void xen_irq_enable(void)
+asmlinkage __visible void xen_irq_enable(void)
 {
         struct vcpu_info *vcpu;
 
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index a18eadd8bb40..7005974c3ff3 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -441,10 +441,11 @@ static int xen_cpu_up(unsigned int cpu, struct task_struct *idle)
         irq_ctx_init(cpu);
 #else
         clear_tsk_thread_flag(idle, TIF_FORK);
+#endif
         per_cpu(kernel_stack, cpu) =
                 (unsigned long)task_stack_page(idle) -
                 KERNEL_STACK_OFFSET + THREAD_SIZE;
-#endif
+
         xen_setup_runstate_info(cpu);
         xen_setup_timer(cpu);
         xen_init_lock_cpu(cpu);
diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
index 4d3acc34a998..0ba5f3b967f0 100644
--- a/arch/x86/xen/spinlock.c
+++ b/arch/x86/xen/spinlock.c
@@ -274,7 +274,7 @@ void __init xen_init_spinlocks(void)
                 printk(KERN_DEBUG "xen: PV spinlocks disabled\n");
                 return;
         }
-
+        printk(KERN_DEBUG "xen: PV spinlocks enabled\n");
         pv_lock_ops.lock_spinning = PV_CALLEE_SAVE(xen_lock_spinning);
         pv_lock_ops.unlock_kick = xen_unlock_kick;
 }
@@ -290,6 +290,9 @@ static __init int xen_init_spinlocks_jump(void)
         if (!xen_pvspin)
                 return 0;
 
+        if (!xen_domain())
+                return 0;
+
         static_key_slow_inc(&paravirt_ticketlocks_enabled);
         return 0;
 }
diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S
index 33ca6e42a4ca..fd92a64d748e 100644
--- a/arch/x86/xen/xen-asm_32.S
+++ b/arch/x86/xen/xen-asm_32.S
@@ -75,6 +75,17 @@ ENDPROC(xen_sysexit)
  * stack state in whatever form its in, we keep things simple by only
  * using a single register which is pushed/popped on the stack.
  */
+
+.macro POP_FS
+1:
+        popw %fs
+.pushsection .fixup, "ax"
+2:      movw $0, (%esp)
+        jmp 1b
+.popsection
+        _ASM_EXTABLE(1b,2b)
+.endm
+
 ENTRY(xen_iret)
         /* test eflags for special cases */
         testl $(X86_EFLAGS_VM | XEN_EFLAGS_NMI), 8(%esp)
@@ -83,15 +94,13 @@ ENTRY(xen_iret)
         push %eax
         ESP_OFFSET=4    # bytes pushed onto stack
 
-        /*
-         * Store vcpu_info pointer for easy access.  Do it this way to
-         * avoid having to reload %fs
-         */
+        /* Store vcpu_info pointer for easy access */
 #ifdef CONFIG_SMP
-        GET_THREAD_INFO(%eax)
-        movl %ss:TI_cpu(%eax), %eax
-        movl %ss:__per_cpu_offset(,%eax,4), %eax
-        mov %ss:xen_vcpu(%eax), %eax
+        pushw %fs
+        movl $(__KERNEL_PERCPU), %eax
+        movl %eax, %fs
+        movl %fs:xen_vcpu, %eax
+        POP_FS
 #else
         movl %ss:xen_vcpu, %eax
 #endif