45 files changed, 416 insertions, 226 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 940e50ebfafa..0af5250d914f 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -444,6 +444,7 @@ config X86_INTEL_MID
        bool "Intel MID platform support"
        depends on X86_32
        depends on X86_EXTENDED_PLATFORM
+        depends on X86_PLATFORM_DEVICES
        depends on PCI
        depends on PCI_GOANY
        depends on X86_IO_APIC
@@ -1051,9 +1052,9 @@ config MICROCODE_INTEL
          This options enables microcode patch loading support for Intel
          processors.
-          For latest news and information on obtaining all the required
+          For the current Intel microcode data package go to
-          Intel ingredients for this driver, check:
+          <https://downloadcenter.intel.com> and search for
-          <http://www.urbanmyth.org/microcode/>.
+          'Linux Processor Microcode Data File'.
 config MICROCODE_AMD
        bool "AMD microcode loading support"
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 0f3621ed1db6..321a52ccf63a 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -184,6 +184,7 @@ config HAVE_MMIOTRACE_SUPPORT
 config X86_DECODER_SELFTEST
        bool "x86 instruction decoder selftest"
        depends on DEBUG_KERNEL && KPROBES
+        depends on !COMPILE_TEST
        ---help---
         Perform x86 instruction decoder selftests at build time.
         This option is useful for checking the sanity of x86 instruction
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index 90a21f430117..4dbf967da50d 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -111,7 +111,7 @@ struct mem_vector {
 };
 #define MEM_AVOID_MAX 5
-struct mem_vector mem_avoid[MEM_AVOID_MAX];
+static struct mem_vector mem_avoid[MEM_AVOID_MAX];
 static bool mem_contains(struct mem_vector *region, struct mem_vector *item)
 {
@@ -180,7 +180,7 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
 }
 /* Does this memory vector overlap a known avoided area? */
-bool mem_avoid_overlap(struct mem_vector *img)
+static bool mem_avoid_overlap(struct mem_vector *img)
 {
        int i;
@@ -192,8 +192,9 @@ bool mem_avoid_overlap(struct mem_vector *img)
        return false;
 }
-unsigned long slots[CONFIG_RANDOMIZE_BASE_MAX_OFFSET / CONFIG_PHYSICAL_ALIGN];
+static unsigned long slots[CONFIG_RANDOMIZE_BASE_MAX_OFFSET /
-unsigned long slot_max = 0;
+                           CONFIG_PHYSICAL_ALIGN];
+static unsigned long slot_max;
 static void slots_append(unsigned long addr)
 {
diff --git a/arch/x86/include/asm/amd_nb.h b/arch/x86/include/asm/amd_nb.h
index a54ee1d054d9..aaac3b2fb746 100644
--- a/arch/x86/include/asm/amd_nb.h
+++ b/arch/x86/include/asm/amd_nb.h
@@ -19,7 +19,7 @@ extern int amd_cache_northbridges(void);
 extern void amd_flush_garts(void);
 extern int amd_numa_init(void);
 extern int amd_get_subcaches(int);
-extern int amd_set_subcaches(int, int);
+extern int amd_set_subcaches(int, unsigned long);
 struct amd_l3_cache {
        unsigned indices;
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
index 3b978c472d08..acd86c850414 100644
--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -132,6 +132,9 @@ extern void __init efi_map_region_fixed(efi_memory_desc_t *md);
 extern void efi_sync_low_kernel_mappings(void);
 extern void efi_setup_page_tables(void);
 extern void __init old_map_region(efi_memory_desc_t *md);
+extern void __init runtime_code_page_mkexec(void);
+extern void __init efi_runtime_mkexec(void);
+extern void __init efi_apply_memmap_quirks(void);
 struct efi_setup_data {
        u64 fw_vendor;
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index bbc8b12fa443..5ad38ad07890 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -445,10 +445,20 @@ static inline int pte_same(pte_t a, pte_t b)
        return a.pte == b.pte;
 }
+static inline int pteval_present(pteval_t pteval)
+{
+        /*
+         * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this
+         * way clearly states that the intent is that protnone and numa
+         * hinting ptes are considered present for the purposes of
+         * pagetable operations like zapping, protection changes, gup etc.
+         */
+        return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA);
+}
 static inline int pte_present(pte_t a)
 {
-        return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE |
+        return pteval_present(pte_flags(a));
-                               _PAGE_NUMA);
 }
 #define pte_accessible pte_accessible
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index e6d90babc245..04905bfc508b 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -62,7 +62,7 @@ static inline void __flush_tlb_all(void)
 static inline void __flush_tlb_one(unsigned long addr)
 {
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ONE);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
        __flush_tlb_single(addr);
 }
@@ -93,13 +93,13 @@ static inline void __flush_tlb_one(unsigned long addr)
 */
 static inline void __flush_tlb_up(void)
 {
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        __flush_tlb();
 }
 static inline void flush_tlb_all(void)
 {
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        __flush_tlb_all();
 }
diff --git a/arch/x86/include/asm/tsc.h b/arch/x86/include/asm/tsc.h
index 57ae63cd6ee2..94605c0e9cee 100644
--- a/arch/x86/include/asm/tsc.h
+++ b/arch/x86/include/asm/tsc.h
@@ -66,6 +66,6 @@ extern void tsc_save_sched_clock_state(void);
 extern void tsc_restore_sched_clock_state(void);
 /* MSR based TSC calibration for Intel Atom SoC platforms */
-int try_msr_calibrate_tsc(unsigned long *fast_calibrate);
+unsigned long try_msr_calibrate_tsc(void);
 #endif /* _ASM_X86_TSC_H */
diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h
index 787e1bb5aafc..3e276eb23d1b 100644
--- a/arch/x86/include/asm/xen/page.h
+++ b/arch/x86/include/asm/xen/page.h
@@ -52,8 +52,7 @@ extern unsigned long set_phys_range_identity(unsigned long pfn_s,
 extern int m2p_add_override(unsigned long mfn, struct page *page,
                            struct gnttab_map_grant_ref *kmap_op);
 extern int m2p_remove_override(struct page *page,
-                               struct gnttab_map_grant_ref *kmap_op,
+                                struct gnttab_map_grant_ref *kmap_op);
-                               unsigned long mfn);
 extern struct page *m2p_find_override(unsigned long mfn);
 extern unsigned long m2p_find_override_pfn(unsigned long mfn, unsigned long pfn);
@@ -122,7 +121,7 @@ static inline unsigned long mfn_to_pfn(unsigned long mfn)
                pfn = m2p_find_override_pfn(mfn, ~0);
        }
-        /*
+        /* 
         * pfn is ~0 if there are no entries in the m2p for mfn or if the
         * entry doesn't map back to the mfn and m2p_override doesn't have a
         * valid entry for it.
diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
index 59554dca96ec..dec8de4e1663 100644
--- a/arch/x86/kernel/amd_nb.c
+++ b/arch/x86/kernel/amd_nb.c
@@ -179,7 +179,7 @@ int amd_get_subcaches(int cpu)
        return (mask >> (4 * cuid)) & 0xf;
 }
-int amd_set_subcaches(int cpu, int mask)
+int amd_set_subcaches(int cpu, unsigned long mask)
 {
        static unsigned int reset, ban;
        struct amd_northbridge *nb = node_to_amd_nb(amd_get_nb_id(cpu));
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index d3153e281d72..c67ffa686064 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -767,10 +767,7 @@ static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size)
 static void cpu_set_tlb_flushall_shift(struct cpuinfo_x86 *c)
 {
-        tlb_flushall_shift = 5;
+        tlb_flushall_shift = 6;
-        if (c->x86 <= 0x11)
-                tlb_flushall_shift = 4;
 }
 static void cpu_detect_tlb_amd(struct cpuinfo_x86 *c)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 24b6fd10625a..8e28bf2fc3ef 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -284,8 +284,13 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
        raw_local_save_flags(eflags);
        BUG_ON(eflags & X86_EFLAGS_AC);
-        if (cpu_has(c, X86_FEATURE_SMAP))
+        if (cpu_has(c, X86_FEATURE_SMAP)) {
+#ifdef CONFIG_X86_SMAP
                set_in_cr4(X86_CR4_SMAP);
+#else
+                clear_in_cr4(X86_CR4_SMAP);
+#endif
+        }
 }
 /*
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 3db61c644e44..5cd9bfabd645 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -640,21 +640,17 @@ static void intel_tlb_flushall_shift_set(struct cpuinfo_x86 *c)
        case 0x61d: /* six-core 45 nm xeon "Dunnington" */
                tlb_flushall_shift = -1;
                break;
+        case 0x63a: /* Ivybridge */
+                tlb_flushall_shift = 2;
+                break;
        case 0x61a: /* 45 nm nehalem, "Bloomfield" */
        case 0x61e: /* 45 nm nehalem, "Lynnfield" */
        case 0x625: /* 32 nm nehalem, "Clarkdale" */
        case 0x62c: /* 32 nm nehalem, "Gulftown" */
        case 0x62e: /* 45 nm nehalem-ex, "Beckton" */
        case 0x62f: /* 32 nm Xeon E7 */
-                tlb_flushall_shift = 6;
-                break;
        case 0x62a: /* SandyBridge */
        case 0x62d: /* SandyBridge, "Romely-EP" */
-                tlb_flushall_shift = 5;
-                break;
-        case 0x63a: /* Ivybridge */
-                tlb_flushall_shift = 1;
-                break;
        default:
                tlb_flushall_shift = 6;
        }
diff --git a/arch/x86/kernel/cpu/microcode/amd_early.c b/arch/x86/kernel/cpu/microcode/amd_early.c
index 8384c0fa206f..617a9e284245 100644
--- a/arch/x86/kernel/cpu/microcode/amd_early.c
+++ b/arch/x86/kernel/cpu/microcode/amd_early.c
@@ -285,6 +285,15 @@ static void __init collect_cpu_sig_on_bsp(void *arg)
        uci->cpu_sig.sig = cpuid_eax(0x00000001);
 }
+static void __init get_bsp_sig(void)
+{
+        unsigned int bsp = boot_cpu_data.cpu_index;
+        struct ucode_cpu_info *uci = ucode_cpu_info + bsp;
+        if (!uci->cpu_sig.sig)
+                smp_call_function_single(bsp, collect_cpu_sig_on_bsp, NULL, 1);
+}
 #else
 void load_ucode_amd_ap(void)
 {
@@ -337,31 +346,37 @@ void load_ucode_amd_ap(void)
 int __init save_microcode_in_initrd_amd(void)
 {
+        unsigned long cont;
        enum ucode_state ret;
        u32 eax;
-#ifdef CONFIG_X86_32
+        if (!container)
-        unsigned int bsp = boot_cpu_data.cpu_index;
+                return -EINVAL;
-        struct ucode_cpu_info *uci = ucode_cpu_info + bsp;
-        if (!uci->cpu_sig.sig)
-                smp_call_function_single(bsp, collect_cpu_sig_on_bsp, NULL, 1);
+#ifdef CONFIG_X86_32
+        get_bsp_sig();
+        cont = (unsigned long)container;
+#else
        /*
-         * Take into account the fact that the ramdisk might get relocated
+         * We need the physical address of the container for both bitness since
-         * and therefore we need to recompute the container's position in
+         * boot_params.hdr.ramdisk_image is a physical address.
-         * virtual memory space.
         */
-        container = (u8 *)(__va((u32)relocated_ramdisk) +
+        cont = __pa(container);
-                           ((u32)container - boot_params.hdr.ramdisk_image));
 #endif
+        /*
+         * Take into account the fact that the ramdisk might get relocated and
+         * therefore we need to recompute the container's position in virtual
+         * memory space.
+         */
+        if (relocated_ramdisk)
+                container = (u8 *)(__va(relocated_ramdisk) +
+                             (cont - boot_params.hdr.ramdisk_image));
        if (ucode_new_rev)
                pr_info("microcode: updated early to new patch_level=0x%08x\n",
                        ucode_new_rev);
-        if (!container)
-                return -EINVAL;
        eax   = cpuid_eax(0x00000001);
        eax   = ((eax >> 8) & 0xf) + ((eax >> 20) & 0xff);
diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c
index ce2d0a2c3e4f..0e25a1bc5ab5 100644
--- a/arch/x86/kernel/cpu/mtrr/generic.c
+++ b/arch/x86/kernel/cpu/mtrr/generic.c
@@ -683,7 +683,7 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
        }
        /* Flush all TLBs via a mov %cr3, %reg; mov %reg, %cr3 */
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        __flush_tlb();
        /* Save MTRR state */
@@ -697,7 +697,7 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
 static void post_set(void) __releases(set_atomicity_lock)
 {
        /* Flush TLBs (no need to flush caches - they are disabled) */
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        __flush_tlb();
        /* Intel (P6) standard MTRRs */
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
index b88645191fe5..79f9f848bee4 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
@@ -1192,6 +1192,9 @@ static void x86_pmu_del(struct perf_event *event, int flags)
        for (i = 0; i < cpuc->n_events; i++) {
                if (event == cpuc->event_list[i]) {
+                        if (i >= cpuc->n_events - cpuc->n_added)
+                                --cpuc->n_added;
                        if (x86_pmu.put_event_constraints)
                                x86_pmu.put_event_constraints(cpuc, event);
@@ -1521,6 +1524,8 @@ static int __init init_hw_perf_events(void)
        pr_cont("%s PMU driver.\n", x86_pmu.name);
+        x86_pmu.attr_rdpmc = 1; /* enable userspace RDPMC usage by default */
        for (quirk = x86_pmu.quirks; quirk; quirk = quirk->next)
                quirk->func();
@@ -1534,7 +1539,6 @@ static int __init init_hw_perf_events(void)
                __EVENT_CONSTRAINT(0, (1ULL << x86_pmu.num_counters) - 1,
                                   0, x86_pmu.num_counters, 0, 0);
-        x86_pmu.attr_rdpmc = 1; /* enable userspace RDPMC usage by default */
        x86_pmu_format_group.attrs = x86_pmu.format_attrs;
        if (x86_pmu.event_attrs)
@@ -1820,9 +1824,12 @@ static ssize_t set_attr_rdpmc(struct device *cdev,
        if (ret)
                return ret;
+        if (x86_pmu.attr_rdpmc_broken)
+                return -ENOTSUPP;
        if (!!val != !!x86_pmu.attr_rdpmc) {
                x86_pmu.attr_rdpmc = !!val;
-                smp_call_function(change_rdpmc, (void *)val, 1);
+                on_each_cpu(change_rdpmc, (void *)val, 1);
        }
        return count;
diff --git a/arch/x86/kernel/cpu/perf_event.h b/arch/x86/kernel/cpu/perf_event.h
index c1a861829d81..4972c244d0bc 100644
--- a/arch/x86/kernel/cpu/perf_event.h
+++ b/arch/x86/kernel/cpu/perf_event.h
@@ -409,6 +409,7 @@ struct x86_pmu {
        /*
         * sysfs attrs
         */
+        int             attr_rdpmc_broken;
        int             attr_rdpmc;
        struct attribute **format_attrs;
        struct attribute **event_attrs;
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
index 0fa4f242f050..aa333d966886 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
@@ -1361,10 +1361,8 @@ static int intel_pmu_handle_irq(struct pt_regs *regs)
        intel_pmu_disable_all();
        handled = intel_pmu_drain_bts_buffer();
        status = intel_pmu_get_status();
-        if (!status) {
+        if (!status)
-                intel_pmu_enable_all(0);
+                goto done;
-                return handled;
-        }
        loops = 0;
 again:
@@ -2310,10 +2308,7 @@ __init int intel_pmu_init(void)
        if (version > 1)
                x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3);
-        /*
+        if (boot_cpu_has(X86_FEATURE_PDCM)) {
-         * v2 and above have a perf capabilities MSR
-         */
-        if (version > 1) {
                u64 capabilities;
                rdmsrl(MSR_IA32_PERF_CAPABILITIES, capabilities);
diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
index 29c248799ced..c88f7f4b03ee 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
@@ -501,8 +501,11 @@ static struct extra_reg snbep_uncore_cbox_extra_regs[] = {
        SNBEP_CBO_EVENT_EXTRA_REG(SNBEP_CBO_PMON_CTL_TID_EN,
                                  SNBEP_CBO_PMON_CTL_TID_EN, 0x1),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0334, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4334, 0xffff, 0x6),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0534, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4534, 0xffff, 0x6),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0934, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4934, 0xffff, 0x6),
        SNBEP_CBO_EVENT_EXTRA_REG(0x4134, 0xffff, 0x6),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0135, 0xffff, 0x8),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0335, 0xffff, 0x8),
@@ -1178,10 +1181,15 @@ static struct extra_reg ivt_uncore_cbox_extra_regs[] = {
        SNBEP_CBO_EVENT_EXTRA_REG(SNBEP_CBO_PMON_CTL_TID_EN,
                                  SNBEP_CBO_PMON_CTL_TID_EN, 0x1),
        SNBEP_CBO_EVENT_EXTRA_REG(0x1031, 0x10ff, 0x2),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x1134, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4134, 0xffff, 0xc),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x5134, 0xffff, 0xc),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0334, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4334, 0xffff, 0xc),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0534, 0xffff, 0x4),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4534, 0xffff, 0xc),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0934, 0xffff, 0x4),
-        SNBEP_CBO_EVENT_EXTRA_REG(0x4134, 0xffff, 0xc),
+        SNBEP_CBO_EVENT_EXTRA_REG(0x4934, 0xffff, 0xc),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0135, 0xffff, 0x10),
        SNBEP_CBO_EVENT_EXTRA_REG(0x0335, 0xffff, 0x10),
        SNBEP_CBO_EVENT_EXTRA_REG(0x2135, 0xffff, 0x10),
diff --git a/arch/x86/kernel/cpu/perf_event_p6.c b/arch/x86/kernel/cpu/perf_event_p6.c
index b1e2fe115323..7c1a0c07b607 100644
--- a/arch/x86/kernel/cpu/perf_event_p6.c
+++ b/arch/x86/kernel/cpu/perf_event_p6.c
@@ -231,31 +231,49 @@ static __initconst const struct x86_pmu p6_pmu = {
 };
+static __init void p6_pmu_rdpmc_quirk(void)
+{
+        if (boot_cpu_data.x86_mask < 9) {
+                /*
+                 * PPro erratum 26; fixed in stepping 9 and above.
+                 */
+                pr_warn("Userspace RDPMC support disabled due to a CPU erratum\n");
+                x86_pmu.attr_rdpmc_broken = 1;
+                x86_pmu.attr_rdpmc = 0;
+        }
+}
 __init int p6_pmu_init(void)
 {
+        x86_pmu = p6_pmu;
        switch (boot_cpu_data.x86_model) {
-        case 1:
+        case  1: /* Pentium Pro */
-        case 3:  /* Pentium Pro */
+                x86_add_quirk(p6_pmu_rdpmc_quirk);
-        case 5:
+                break;
-        case 6:  /* Pentium II */
-        case 7:
+        case  3: /* Pentium II - Klamath */
-        case 8:
+        case  5: /* Pentium II - Deschutes */
-        case 11: /* Pentium III */
+        case  6: /* Pentium II - Mendocino */
-        case 9:
-        case 13:
-                /* Pentium M */
                break;
+        case  7: /* Pentium III - Katmai */
+        case  8: /* Pentium III - Coppermine */
+        case 10: /* Pentium III Xeon */
+        case 11: /* Pentium III - Tualatin */
+                break;
+        case  9: /* Pentium M - Banias */
+        case 13: /* Pentium M - Dothan */
+                break;
        default:
-                pr_cont("unsupported p6 CPU model %d ",
+                pr_cont("unsupported p6 CPU model %d ", boot_cpu_data.x86_model);
-                        boot_cpu_data.x86_model);
                return -ENODEV;
        }
-        x86_pmu = p6_pmu;
        memcpy(hw_cache_event_ids, p6_hw_cache_event_ids,
                sizeof(hw_cache_event_ids));
        return 0;
 }
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index d4bdd253fea7..e6253195a301 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -77,8 +77,7 @@ within(unsigned long addr, unsigned long start, unsigned long end)
        return addr >= start && addr < end;
 }
-static int
+static unsigned long text_ip_addr(unsigned long ip)
-do_ftrace_mod_code(unsigned long ip, const void *new_code)
 {
        /*
         * On x86_64, kernel text mappings are mapped read-only with
@@ -91,7 +90,7 @@ do_ftrace_mod_code(unsigned long ip, const void *new_code)
        if (within(ip, (unsigned long)_text, (unsigned long)_etext))
                ip = (unsigned long)__va(__pa_symbol(ip));
-        return probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE);
+        return ip;
 }
 static const unsigned char *ftrace_nop_replace(void)
@@ -123,8 +122,10 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
        if (memcmp(replaced, old_code, MCOUNT_INSN_SIZE) != 0)
                return -EINVAL;
+        ip = text_ip_addr(ip);
        /* replace the text with the new text */
-        if (do_ftrace_mod_code(ip, new_code))
+        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
                return -EPERM;
        sync_core();
@@ -221,37 +222,51 @@ int ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr,
        return -EINVAL;
 }
-int ftrace_update_ftrace_func(ftrace_func_t func)
+static unsigned long ftrace_update_func;
+static int update_ftrace_func(unsigned long ip, void *new)
 {
-        unsigned long ip = (unsigned long)(&ftrace_call);
+        unsigned char old[MCOUNT_INSN_SIZE];
-        unsigned char old[MCOUNT_INSN_SIZE], *new;
        int ret;
-        memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
+        memcpy(old, (void *)ip, MCOUNT_INSN_SIZE);
-        new = ftrace_call_replace(ip, (unsigned long)func);
+        ftrace_update_func = ip;
+        /* Make sure the breakpoints see the ftrace_update_func update */
+        smp_wmb();
        /* See comment above by declaration of modifying_ftrace_code */
        atomic_inc(&modifying_ftrace_code);
        ret = ftrace_modify_code(ip, old, new);
+        atomic_dec(&modifying_ftrace_code);
+        return ret;
+}
+int ftrace_update_ftrace_func(ftrace_func_t func)
+{
+        unsigned long ip = (unsigned long)(&ftrace_call);
+        unsigned char *new;
+        int ret;
+        new = ftrace_call_replace(ip, (unsigned long)func);
+        ret = update_ftrace_func(ip, new);
        /* Also update the regs callback function */
        if (!ret) {
                ip = (unsigned long)(&ftrace_regs_call);
-                memcpy(old, &ftrace_regs_call, MCOUNT_INSN_SIZE);
                new = ftrace_call_replace(ip, (unsigned long)func);
-                ret = ftrace_modify_code(ip, old, new);
+                ret = update_ftrace_func(ip, new);
        }
-        atomic_dec(&modifying_ftrace_code);
        return ret;
 }
 static int is_ftrace_caller(unsigned long ip)
 {
-        if (ip == (unsigned long)(&ftrace_call) ||
+        if (ip == ftrace_update_func)
-                ip == (unsigned long)(&ftrace_regs_call))
                return 1;
        return 0;
@@ -677,45 +692,41 @@ int __init ftrace_dyn_arch_init(void *data)
 #ifdef CONFIG_DYNAMIC_FTRACE
 extern void ftrace_graph_call(void);
-static int ftrace_mod_jmp(unsigned long ip,
+static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr)
-                          int old_offset, int new_offset)
 {
-        unsigned char code[MCOUNT_INSN_SIZE];
+        static union ftrace_code_union calc;
-        if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
+        /* Jmp not a call (ignore the .e8) */
-                return -EFAULT;
+        calc.e8         = 0xe9;
+        calc.offset     = ftrace_calc_offset(ip + MCOUNT_INSN_SIZE, addr);
-        if (code[0] != 0xe9 || old_offset != *(int *)(&code[1]))
+        /*
-                return -EINVAL;
+         * ftrace external locks synchronize the access to the static variable.
+         */
+        return calc.code;
+}
-        *(int *)(&code[1]) = new_offset;
+static int ftrace_mod_jmp(unsigned long ip, void *func)
+{
+        unsigned char *new;
-        if (do_ftrace_mod_code(ip, &code))
+        new = ftrace_jmp_replace(ip, (unsigned long)func);
-                return -EPERM;
-        return 0;
+        return update_ftrace_func(ip, new);
 }
 int ftrace_enable_ftrace_graph_caller(void)
 {
        unsigned long ip = (unsigned long)(&ftrace_graph_call);
-        int old_offset, new_offset;
-        old_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
+        return ftrace_mod_jmp(ip, &ftrace_graph_caller);
-        new_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
-        return ftrace_mod_jmp(ip, old_offset, new_offset);
 }
 int ftrace_disable_ftrace_graph_caller(void)
 {
        unsigned long ip = (unsigned long)(&ftrace_graph_call);
-        int old_offset, new_offset;
-        old_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
-        new_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
-        return ftrace_mod_jmp(ip, old_offset, new_offset);
+        return ftrace_mod_jmp(ip, &ftrace_stub);
 }
 #endif /* !CONFIG_DYNAMIC_FTRACE */
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index 81ba27679f18..f36bd42d6f0c 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -544,6 +544,10 @@ ENDPROC(early_idt_handlers)
        /* This is global to keep gas from relaxing the jumps */
 ENTRY(early_idt_handler)
        cld
+        cmpl $2,(%esp)          # X86_TRAP_NMI
+        je is_nmi               # Ignore NMI
        cmpl $2,%ss:early_recursion_flag
        je hlt_loop
        incl %ss:early_recursion_flag
@@ -594,8 +598,9 @@ ex_entry:
        pop %edx
        pop %ecx
        pop %eax
-        addl $8,%esp            /* drop vector number and error code */
        decl %ss:early_recursion_flag
+is_nmi:
+        addl $8,%esp            /* drop vector number and error code */
        iret
 ENDPROC(early_idt_handler)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index e1aabdb314c8..a468c0a65c42 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -343,6 +343,9 @@ early_idt_handlers:
 ENTRY(early_idt_handler)
        cld
+        cmpl $2,(%rsp)          # X86_TRAP_NMI
+        je is_nmi               # Ignore NMI
        cmpl $2,early_recursion_flag(%rip)
        jz  1f
        incl early_recursion_flag(%rip)
@@ -405,8 +408,9 @@ ENTRY(early_idt_handler)
        popq %rdx
        popq %rcx
        popq %rax
-        addq $16,%rsp           # drop vector number and error code
        decl early_recursion_flag(%rip)
+is_nmi:
+        addq $16,%rsp           # drop vector number and error code
        INTERRUPT_RETURN
 ENDPROC(early_idt_handler)
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index dbb60878b744..d99f31d9a750 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -266,6 +266,14 @@ __visible void smp_trace_x86_platform_ipi(struct pt_regs *regs)
 EXPORT_SYMBOL_GPL(vector_used_by_percpu_irq);
 #ifdef CONFIG_HOTPLUG_CPU
+/* These two declarations are only used in check_irq_vectors_for_cpu_disable()
+ * below, which is protected by stop_machine().  Putting them on the stack
+ * results in a stack frame overflow.  Dynamically allocating could result in a
+ * failure so declare these two cpumasks as global.
+ */
+static struct cpumask affinity_new, online_new;
 /*
 * This cpu is going to be removed and its vectors migrated to the remaining
 * online cpus.  Check to see if there are enough vectors in the remaining cpus.
@@ -277,7 +285,6 @@ int check_irq_vectors_for_cpu_disable(void)
        unsigned int this_cpu, vector, this_count, count;
        struct irq_desc *desc;
        struct irq_data *data;
-        struct cpumask affinity_new, online_new;
        this_cpu = smp_processor_id();
        cpumask_copy(&online_new, cpu_online_mask);
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 4eabc160696f..679cef0791cd 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -279,5 +279,7 @@ void arch_crash_save_vmcoreinfo(void)
        VMCOREINFO_SYMBOL(node_data);
        VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
 #endif
+        vmcoreinfo_append_str("KERNELOFFSET=%lx\n",
+                              (unsigned long)&_text - __START_KERNEL);
 }
diff --git a/arch/x86/kernel/pci-dma.c b/arch/x86/kernel/pci-dma.c
index 872079a67e4d..f7d0672481fd 100644
--- a/arch/x86/kernel/pci-dma.c
+++ b/arch/x86/kernel/pci-dma.c
@@ -100,8 +100,10 @@ void *dma_generic_alloc_coherent(struct device *dev, size_t size,
        flag |= __GFP_ZERO;
 again:
        page = NULL;
-        if (!(flag & GFP_ATOMIC))
+        /* CMA can be used only in the context which permits sleeping */
+        if (flag & __GFP_WAIT)
                page = dma_alloc_from_contiguous(dev, count, get_order(size));
+        /* fallback */
        if (!page)
                page = alloc_pages_node(dev_to_node(dev), flag, get_order(size));
        if (!page)
diff --git a/arch/x86/kernel/quirks.c b/arch/x86/kernel/quirks.c
index 04ee1e2e4c02..7c6acd4b8995 100644
--- a/arch/x86/kernel/quirks.c
+++ b/arch/x86/kernel/quirks.c
@@ -571,3 +571,40 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_NB_F5,
                        quirk_amd_nb_node);
 #endif
+#ifdef CONFIG_PCI
+/*
+ * Processor does not ensure DRAM scrub read/write sequence
+ * is atomic wrt accesses to CC6 save state area. Therefore
+ * if a concurrent scrub read/write access is to same address
+ * the entry may appear as if it is not written. This quirk
+ * applies to Fam16h models 00h-0Fh
+ *
+ * See "Revision Guide" for AMD F16h models 00h-0fh,
+ * document 51810 rev. 3.04, Nov 2013
+ */
+static void amd_disable_seq_and_redirect_scrub(struct pci_dev *dev)
+{
+        u32 val;
+        /*
+         * Suggested workaround:
+         * set D18F3x58[4:0] = 00h and set D18F3x5C[0] = 0b
+         */
+        pci_read_config_dword(dev, 0x58, &val);
+        if (val & 0x1F) {
+                val &= ~(0x1F);
+                pci_write_config_dword(dev, 0x58, val);
+        }
+        pci_read_config_dword(dev, 0x5C, &val);
+        if (val & BIT(0)) {
+                val &= ~BIT(0);
+                pci_write_config_dword(dev, 0x5c, val);
+        }
+}
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_NB_F3,
+                        amd_disable_seq_and_redirect_scrub);
+#endif
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 06853e670354..ce72964b2f46 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1239,14 +1239,8 @@ void __init setup_arch(char **cmdline_p)
        register_refined_jiffies(CLOCK_TICK_RATE);
 #ifdef CONFIG_EFI
-        /* Once setup is done above, unmap the EFI memory map on
+        if (efi_enabled(EFI_BOOT))
-         * mismatched firmware/kernel archtectures since there is no
+                efi_apply_memmap_quirks();
-         * support for runtime services.
-         */
-        if (efi_enabled(EFI_BOOT) && !efi_is_native()) {
-                pr_info("efi: Setup done, disabling due to 32/64-bit mismatch\n");
-                efi_unmap_memmap();
-        }
 #endif
 }
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 19e5adb49a27..cfbe99f88830 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -209,7 +209,7 @@ static inline unsigned long long cycles_2_ns(unsigned long long cyc)
         * dance when its actually needed.
         */
-        preempt_disable();
+        preempt_disable_notrace();
        data = this_cpu_read(cyc2ns.head);
        tail = this_cpu_read(cyc2ns.tail);
@@ -229,7 +229,7 @@ static inline unsigned long long cycles_2_ns(unsigned long long cyc)
                if (!--data->__count)
                        this_cpu_write(cyc2ns.tail, data);
        }
-        preempt_enable();
+        preempt_enable_notrace();
        return ns;
 }
@@ -653,13 +653,10 @@ unsigned long native_calibrate_tsc(void)
        /* Calibrate TSC using MSR for Intel Atom SoCs */
        local_irq_save(flags);
-        i = try_msr_calibrate_tsc(&fast_calibrate);
+        fast_calibrate = try_msr_calibrate_tsc();
        local_irq_restore(flags);
-        if (i >= 0) {
+        if (fast_calibrate)
-                if (i == 0)
-                        pr_warn("Fast TSC calibration using MSR failed\n");
                return fast_calibrate;
-        }
        local_irq_save(flags);
        fast_calibrate = quick_pit_calibrate();
diff --git a/arch/x86/kernel/tsc_msr.c b/arch/x86/kernel/tsc_msr.c
index 8b5434f4389f..92ae6acac8a7 100644
--- a/arch/x86/kernel/tsc_msr.c
+++ b/arch/x86/kernel/tsc_msr.c
@@ -53,7 +53,7 @@ static struct freq_desc freq_desc_tables[] = {
        /* TNG */
        { 6, 0x4a, 1, { 0, FREQ_100, FREQ_133, 0, 0, 0, 0, 0 } },
        /* VLV2 */
-        { 6, 0x37, 1, { 0, FREQ_100, FREQ_133, FREQ_166, 0, 0, 0, 0 } },
+        { 6, 0x37, 1, { FREQ_83, FREQ_100, FREQ_133, FREQ_166, 0, 0, 0, 0 } },
        /* ANN */
        { 6, 0x5a, 1, { FREQ_83, FREQ_100, FREQ_133, FREQ_100, 0, 0, 0, 0 } },
 };
@@ -77,21 +77,18 @@ static int match_cpu(u8 family, u8 model)
 /*
 * Do MSR calibration only for known/supported CPUs.
- * Return values:
+ *
- * -1: CPU is unknown/unsupported for MSR based calibration
+ * Returns the calibration value or 0 if MSR calibration failed.
- *  0: CPU is known/supported, but calibration failed
- *  1: CPU is known/supported, and calibration succeeded
 */
-int try_msr_calibrate_tsc(unsigned long *fast_calibrate)
+unsigned long try_msr_calibrate_tsc(void)
 {
-        int cpu_index;
        u32 lo, hi, ratio, freq_id, freq;
+        unsigned long res;
+        int cpu_index;
        cpu_index = match_cpu(boot_cpu_data.x86, boot_cpu_data.x86_model);
        if (cpu_index < 0)
-                return -1;
+                return 0;
-        *fast_calibrate = 0;
        if (freq_desc_tables[cpu_index].msr_plat) {
                rdmsr(MSR_PLATFORM_INFO, lo, hi);
@@ -103,7 +100,7 @@ int try_msr_calibrate_tsc(unsigned long *fast_calibrate)
        pr_info("Maximum core-clock to bus-clock ratio: 0x%x\n", ratio);
        if (!ratio)
-                return 0;
+                goto fail;
        /* Get FSB FREQ ID */
        rdmsr(MSR_FSB_FREQ, lo, hi);
@@ -112,16 +109,19 @@ int try_msr_calibrate_tsc(unsigned long *fast_calibrate)
        pr_info("Resolved frequency ID: %u, frequency: %u KHz\n",
                                freq_id, freq);
        if (!freq)
-                return 0;
+                goto fail;
        /* TSC frequency = maximum resolved freq * maximum resolved bus ratio */
-        *fast_calibrate = freq * ratio;
+        res = freq * ratio;
-        pr_info("TSC runs at %lu KHz\n", *fast_calibrate);
+        pr_info("TSC runs at %lu KHz\n", res);
 #ifdef CONFIG_X86_LOCAL_APIC
        lapic_timer_frequency = (freq * 1000) / HZ;
        pr_info("lapic_timer_frequency = %d\n", lapic_timer_frequency);
 #endif
+        return res;
-        return 1;
+fail:
+        pr_warn("Fast TSC calibration using MSR failed\n");
+        return 0;
 }
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index e50425d0f5f7..9b531351a587 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2672,6 +2672,7 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
                        break;
                }
+                drop_large_spte(vcpu, iterator.sptep);
                if (!is_shadow_present_pte(*iterator.sptep)) {
                        u64 base_addr = iterator.addr;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index a06f101ef64b..392752834751 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6688,7 +6688,7 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
                else if (is_page_fault(intr_info))
                        return enable_ept;
                else if (is_no_device(intr_info) &&
-                         !(nested_read_cr0(vmcs12) & X86_CR0_TS))
+                         !(vmcs12->guest_cr0 & X86_CR0_TS))
                        return 0;
                return vmcs12->exception_bitmap &
                                (1u << (intr_info & INTR_INFO_VECTOR_MASK));
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 39c28f09dfd5..2b8578432d5b 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6186,7 +6186,7 @@ static int complete_emulated_mmio(struct kvm_vcpu *vcpu)
                frag->len -= len;
        }
-        if (vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments) {
+        if (vcpu->mmio_cur_fragment >= vcpu->mmio_nr_fragments) {
                vcpu->mmio_needed = 0;
                /* FIXME: return into emulator if single-stepping.  */
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 9d591c895803..a10c8c792161 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -1001,6 +1001,12 @@ static int fault_in_kernel_space(unsigned long address)
 static inline bool smap_violation(int error_code, struct pt_regs *regs)
 {
+        if (!IS_ENABLED(CONFIG_X86_SMAP))
+                return false;
+        if (!static_cpu_has(X86_FEATURE_SMAP))
+                return false;
        if (error_code & PF_USER)
                return false;
@@ -1014,13 +1020,17 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
 * This routine handles page faults.  It determines the address,
 * and the problem, and then passes it off to one of the appropriate
 * routines.
+ *
+ * This function must have noinline because both callers
+ * {,trace_}do_page_fault() have notrace on. Having this an actual function
+ * guarantees there's a function trace entry.
 */
-static void __kprobes
+static void __kprobes noinline
-__do_page_fault(struct pt_regs *regs, unsigned long error_code)
+__do_page_fault(struct pt_regs *regs, unsigned long error_code,
+                unsigned long address)
 {
        struct vm_area_struct *vma;
        struct task_struct *tsk;
-        unsigned long address;
        struct mm_struct *mm;
        int fault;
        unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE;
@@ -1028,9 +1038,6 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
        tsk = current;
        mm = tsk->mm;
-        /* Get the faulting address: */
-        address = read_cr2();
        /*
         * Detect and handle instructions that would cause a page fault for
         * both a tracked kernel page and a userspace page.
@@ -1087,11 +1094,9 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
        if (unlikely(error_code & PF_RSVD))
                pgtable_bad(regs, error_code, address);
-        if (static_cpu_has(X86_FEATURE_SMAP)) {
+        if (unlikely(smap_violation(error_code, regs))) {
-                if (unlikely(smap_violation(error_code, regs))) {
+                bad_area_nosemaphore(regs, error_code, address);
-                        bad_area_nosemaphore(regs, error_code, address);
+                return;
-                        return;
-                }
        }
        /*
@@ -1244,32 +1249,50 @@ good_area:
        up_read(&mm->mmap_sem);
 }
-dotraplinkage void __kprobes
+dotraplinkage void __kprobes notrace
 do_page_fault(struct pt_regs *regs, unsigned long error_code)
 {
+        unsigned long address = read_cr2(); /* Get the faulting address */
        enum ctx_state prev_state;
+        /*
+         * We must have this function tagged with __kprobes, notrace and call
+         * read_cr2() before calling anything else. To avoid calling any kind
+         * of tracing machinery before we've observed the CR2 value.
+         *
+         * exception_{enter,exit}() contain all sorts of tracepoints.
+         */
        prev_state = exception_enter();
-        __do_page_fault(regs, error_code);
+        __do_page_fault(regs, error_code, address);
        exception_exit(prev_state);
 }
-static void trace_page_fault_entries(struct pt_regs *regs,
+#ifdef CONFIG_TRACING
+static void trace_page_fault_entries(unsigned long address, struct pt_regs *regs,
                                     unsigned long error_code)
 {
        if (user_mode(regs))
-                trace_page_fault_user(read_cr2(), regs, error_code);
+                trace_page_fault_user(address, regs, error_code);
        else
-                trace_page_fault_kernel(read_cr2(), regs, error_code);
+                trace_page_fault_kernel(address, regs, error_code);
 }
-dotraplinkage void __kprobes
+dotraplinkage void __kprobes notrace
 trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
 {
+        /*
+         * The exception_enter and tracepoint processing could
+         * trigger another page faults (user space callchain
+         * reading) and destroy the original cr2 value, so read
+         * the faulting address now.
+         */
+        unsigned long address = read_cr2();
        enum ctx_state prev_state;
        prev_state = exception_enter();
-        trace_page_fault_entries(regs, error_code);
+        trace_page_fault_entries(address, regs, error_code);
-        __do_page_fault(regs, error_code);
+        __do_page_fault(regs, error_code, address);
        exception_exit(prev_state);
 }
+#endif /* CONFIG_TRACING */
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
index 81b2750f3666..27aa0455fab3 100644
--- a/arch/x86/mm/numa.c
+++ b/arch/x86/mm/numa.c
@@ -493,14 +493,6 @@ static int __init numa_register_memblks(struct numa_meminfo *mi)
                struct numa_memblk *mb = &mi->blk[i];
                memblock_set_node(mb->start, mb->end - mb->start,
                                  &memblock.memory, mb->nid);
-                /*
-                 * At this time, all memory regions reserved by memblock are
-                 * used by the kernel. Set the nid in memblock.reserved will
-                 * mark out all the nodes the kernel resides in.
-                 */
-                memblock_set_node(mb->start, mb->end - mb->start,
-                                  &memblock.reserved, mb->nid);
        }
        /*
@@ -565,10 +557,21 @@ static void __init numa_init_array(void)
 static void __init numa_clear_kernel_node_hotplug(void)
 {
        int i, nid;
-        nodemask_t numa_kernel_nodes;
+        nodemask_t numa_kernel_nodes = NODE_MASK_NONE;
        unsigned long start, end;
        struct memblock_type *type = &memblock.reserved;
+        /*
+         * At this time, all memory regions reserved by memblock are
+         * used by the kernel. Set the nid in memblock.reserved will
+         * mark out all the nodes the kernel resides in.
+         */
+        for (i = 0; i < numa_meminfo.nr_blks; i++) {
+                struct numa_memblk *mb = &numa_meminfo.blk[i];
+                memblock_set_node(mb->start, mb->end - mb->start,
+                                  &memblock.reserved, mb->nid);
+        }
        /* Mark all kernel nodes. */
        for (i = 0; i < type->cnt; i++)
                node_set(type->regions[i].nid, numa_kernel_nodes);
diff --git a/arch/x86/mm/numa_32.c b/arch/x86/mm/numa_32.c
index 0342d27ca798..47b6436e41c2 100644
--- a/arch/x86/mm/numa_32.c
+++ b/arch/x86/mm/numa_32.c
@@ -52,6 +52,8 @@ void memory_present(int nid, unsigned long start, unsigned long end)
                        nid, start, end);
        printk(KERN_DEBUG "  Setting physnode_map array to node %d for pfns:\n", nid);
        printk(KERN_DEBUG "  ");
+        start = round_down(start, PAGES_PER_SECTION);
+        end = round_up(end, PAGES_PER_SECTION);
        for (pfn = start; pfn < end; pfn += PAGES_PER_SECTION) {
                physnode_map[pfn / PAGES_PER_SECTION] = nid;
                printk(KERN_CONT "%lx ", pfn);
diff --git a/arch/x86/mm/srat.c b/arch/x86/mm/srat.c
index 1a25187e151e..1953e9c9391a 100644
--- a/arch/x86/mm/srat.c
+++ b/arch/x86/mm/srat.c
@@ -42,15 +42,25 @@ static __init inline int srat_disabled(void)
        return acpi_numa < 0;
 }
-/* Callback for SLIT parsing */
+/*
+ * Callback for SLIT parsing.  pxm_to_node() returns NUMA_NO_NODE for
+ * I/O localities since SRAT does not list them.  I/O localities are
+ * not supported at this point.
+ */
 void __init acpi_numa_slit_init(struct acpi_table_slit *slit)
 {
        int i, j;
-        for (i = 0; i < slit->locality_count; i++)
+        for (i = 0; i < slit->locality_count; i++) {
-                for (j = 0; j < slit->locality_count; j++)
+                if (pxm_to_node(i) == NUMA_NO_NODE)
+                        continue;
+                for (j = 0; j < slit->locality_count; j++) {
+                        if (pxm_to_node(j) == NUMA_NO_NODE)
+                                continue;
                        numa_set_distance(pxm_to_node(i), pxm_to_node(j),
                                slit->entry[slit->locality_count * i + j]);
+                }
+        }
 }
 /* Callback for Proximity Domain -> x2APIC mapping */
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index ae699b3bbac8..dd8dda167a24 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -103,7 +103,7 @@ static void flush_tlb_func(void *info)
        if (f->flush_mm != this_cpu_read(cpu_tlbstate.active_mm))
                return;
-        count_vm_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
        if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK) {
                if (f->flush_end == TLB_FLUSH_ALL)
                        local_flush_tlb();
@@ -131,7 +131,7 @@ void native_flush_tlb_others(const struct cpumask *cpumask,
        info.flush_start = start;
        info.flush_end = end;
-        count_vm_event(NR_TLB_REMOTE_FLUSH);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH);
        if (is_uv_system()) {
                unsigned int cpu;
@@ -151,44 +151,19 @@ void flush_tlb_current_task(void)
        preempt_disable();
-        count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
        local_flush_tlb();
        if (cpumask_any_but(mm_cpumask(mm), smp_processor_id()) < nr_cpu_ids)
                flush_tlb_others(mm_cpumask(mm), mm, 0UL, TLB_FLUSH_ALL);
        preempt_enable();
 }
-/*
- * It can find out the THP large page, or
- * HUGETLB page in tlb_flush when THP disabled
- */
-static inline unsigned long has_large_page(struct mm_struct *mm,
-                                 unsigned long start, unsigned long end)
-{
-        pgd_t *pgd;
-        pud_t *pud;
-        pmd_t *pmd;
-        unsigned long addr = ALIGN(start, HPAGE_SIZE);
-        for (; addr < end; addr += HPAGE_SIZE) {
-                pgd = pgd_offset(mm, addr);
-                if (likely(!pgd_none(*pgd))) {
-                        pud = pud_offset(pgd, addr);
-                        if (likely(!pud_none(*pud))) {
-                                pmd = pmd_offset(pud, addr);
-                                if (likely(!pmd_none(*pmd)))
-                                        if (pmd_large(*pmd))
-                                                return addr;
-                        }
-                }
-        }
-        return 0;
-}
 void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
                                unsigned long end, unsigned long vmflag)
 {
        unsigned long addr;
        unsigned act_entries, tlb_entries = 0;
+        unsigned long nr_base_pages;
        preempt_disable();
        if (current->active_mm != mm)
@@ -210,21 +185,20 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
                tlb_entries = tlb_lli_4k[ENTRIES];
        else
                tlb_entries = tlb_lld_4k[ENTRIES];
        /* Assume all of TLB entries was occupied by this task */
-        act_entries = mm->total_vm > tlb_entries ? tlb_entries : mm->total_vm;
+        act_entries = tlb_entries >> tlb_flushall_shift;
+        act_entries = mm->total_vm > act_entries ? act_entries : mm->total_vm;
+        nr_base_pages = (end - start) >> PAGE_SHIFT;
        /* tlb_flushall_shift is on balance point, details in commit log */
-        if ((end - start) >> PAGE_SHIFT > act_entries >> tlb_flushall_shift) {
+        if (nr_base_pages > act_entries) {
-                count_vm_event(NR_TLB_LOCAL_FLUSH_ALL);
+                count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
                local_flush_tlb();
        } else {
-                if (has_large_page(mm, start, end)) {
-                        local_flush_tlb();
-                        goto flush_all;
-                }
                /* flush range by one by one 'invlpg' */
                for (addr = start; addr < end;  addr += PAGE_SIZE) {
-                        count_vm_event(NR_TLB_LOCAL_FLUSH_ONE);
+                        count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
                        __flush_tlb_single(addr);
                }
@@ -262,7 +236,7 @@ void flush_tlb_page(struct vm_area_struct *vma, unsigned long start)
 static void do_flush_tlb_all(void *info)
 {
-        count_vm_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
        __flush_tlb_all();
        if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_LAZY)
                leave_mm(smp_processor_id());
@@ -270,7 +244,7 @@ static void do_flush_tlb_all(void *info)
 void flush_tlb_all(void)
 {
-        count_vm_event(NR_TLB_REMOTE_FLUSH);
+        count_vm_tlb_event(NR_TLB_REMOTE_FLUSH);
        on_each_cpu(do_flush_tlb_all, NULL, 1);
 }
diff --git a/arch/x86/platform/efi/efi-bgrt.c b/arch/x86/platform/efi/efi-bgrt.c
index 7145ec63c520..f15103dff4b4 100644
--- a/arch/x86/platform/efi/efi-bgrt.c
+++ b/arch/x86/platform/efi/efi-bgrt.c
@@ -42,14 +42,15 @@ void __init efi_bgrt_init(void)
        if (bgrt_tab->header.length < sizeof(*bgrt_tab))
                return;
-        if (bgrt_tab->version != 1)
+        if (bgrt_tab->version != 1 || bgrt_tab->status != 1)
                return;
        if (bgrt_tab->image_type != 0 || !bgrt_tab->image_address)
                return;
        image = efi_lookup_mapped_addr(bgrt_tab->image_address);
        if (!image) {
-                image = ioremap(bgrt_tab->image_address, sizeof(bmp_header));
+                image = early_memremap(bgrt_tab->image_address,
+                                       sizeof(bmp_header));
                ioremapped = true;
                if (!image)
                        return;
@@ -57,7 +58,7 @@ void __init efi_bgrt_init(void)
        memcpy_fromio(&bmp_header, image, sizeof(bmp_header));
        if (ioremapped)
-                iounmap(image);
+                early_iounmap(image, sizeof(bmp_header));
        bgrt_image_size = bmp_header.size;
        bgrt_image = kmalloc(bgrt_image_size, GFP_KERNEL);
@@ -65,7 +66,8 @@ void __init efi_bgrt_init(void)
                return;
        if (ioremapped) {
-                image = ioremap(bgrt_tab->image_address, bmp_header.size);
+                image = early_memremap(bgrt_tab->image_address,
+                                       bmp_header.size);
                if (!image) {
                        kfree(bgrt_image);
                        bgrt_image = NULL;
@@ -75,5 +77,5 @@ void __init efi_bgrt_init(void)
        memcpy_fromio(bgrt_image, image, bgrt_image_size);
        if (ioremapped)
-                iounmap(image);
+                early_iounmap(image, bmp_header.size);
 }
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index d62ec87a2b26..b97acecf3fd9 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -52,6 +52,7 @@
 #include <asm/tlbflush.h>
 #include <asm/x86_init.h>
 #include <asm/rtc.h>
+#include <asm/uv/uv.h>
 #define EFI_DEBUG
@@ -792,7 +793,7 @@ void __init efi_set_executable(efi_memory_desc_t *md, bool executable)
                set_memory_nx(addr, npages);
 }
-static void __init runtime_code_page_mkexec(void)
+void __init runtime_code_page_mkexec(void)
 {
        efi_memory_desc_t *md;
        void *p;
@@ -1069,8 +1070,7 @@ void __init efi_enter_virtual_mode(void)
        efi.update_capsule = virt_efi_update_capsule;
        efi.query_capsule_caps = virt_efi_query_capsule_caps;
-        if (efi_enabled(EFI_OLD_MEMMAP) && (__supported_pte_mask & _PAGE_NX))
+        efi_runtime_mkexec();
-                runtime_code_page_mkexec();
        kfree(new_memmap);
@@ -1211,3 +1211,22 @@ static int __init parse_efi_cmdline(char *str)
        return 0;
 }
 early_param("efi", parse_efi_cmdline);
+void __init efi_apply_memmap_quirks(void)
+{
+        /*
+         * Once setup is done earlier, unmap the EFI memory map on mismatched
+         * firmware/kernel architectures since there is no support for runtime
+         * services.
+         */
+        if (!efi_is_native()) {
+                pr_info("efi: Setup done, disabling due to 32/64-bit mismatch\n");
+                efi_unmap_memmap();
+        }
+        /*
+         * UV doesn't support the new EFI pagetable mapping yet.
+         */
+        if (is_uv_system())
+                set_bit(EFI_OLD_MEMMAP, &x86_efi_facility);
+}
diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
index 249b183cf417..0b74cdf7f816 100644
--- a/arch/x86/platform/efi/efi_32.c
+++ b/arch/x86/platform/efi/efi_32.c
@@ -77,3 +77,9 @@ void efi_call_phys_epilog(void)
        local_irq_restore(efi_rt_eflags);
 }
+void __init efi_runtime_mkexec(void)
+{
+        if (__supported_pte_mask & _PAGE_NX)
+                runtime_code_page_mkexec();
+}
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
index 6284f158a47d..0c2a234fef1e 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -233,3 +233,12 @@ void __init parse_efi_setup(u64 phys_addr, u32 data_len)
 {
        efi_setup = phys_addr + sizeof(struct setup_data);
 }
+void __init efi_runtime_mkexec(void)
+{
+        if (!efi_enabled(EFI_OLD_MEMMAP))
+                return;
+        if (__supported_pte_mask & _PAGE_NX)
+                runtime_code_page_mkexec();
+}
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index a4d7b647867f..201d09a7c46b 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1473,6 +1473,18 @@ static void xen_pvh_set_cr_flags(int cpu)
         * X86_CR0_TS, X86_CR0_PE, X86_CR0_ET are set by Xen for HVM guests
         * (which PVH shared codepaths), while X86_CR0_PG is for PVH. */
        write_cr0(read_cr0() | X86_CR0_MP | X86_CR0_NE | X86_CR0_WP | X86_CR0_AM);
+        if (!cpu)
+                return;
+        /*
+         * For BSP, PSE PGE are set in probe_page_size_mask(), for APs
+         * set them here. For all, OSFXSR OSXMMEXCPT are set in fpu_init.
+        */
+        if (cpu_has_pse)
+                set_in_cr4(X86_CR4_PSE);
+        if (cpu_has_pge)
+                set_in_cr4(X86_CR4_PGE);
 }
 /*
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 2423ef04ffea..256282e7888b 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr,
 /* Assume pteval_t is equivalent to all the other *val_t types. */
 static pteval_t pte_mfn_to_pfn(pteval_t val)
 {
-        if (val & _PAGE_PRESENT) {
+        if (pteval_present(val)) {
                unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
                unsigned long pfn = mfn_to_pfn(mfn);
@@ -381,7 +381,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
 static pteval_t pte_pfn_to_mfn(pteval_t val)
 {
-        if (val & _PAGE_PRESENT) {
+        if (pteval_present(val)) {
                unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
                pteval_t flags = val & PTE_FLAGS_MASK;
                unsigned long mfn;
diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c
index 8009acbe41e4..696c694986d0 100644
--- a/arch/x86/xen/p2m.c
+++ b/arch/x86/xen/p2m.c
@@ -899,6 +899,13 @@ int m2p_add_override(unsigned long mfn, struct page *page,
                                        "m2p_add_override: pfn %lx not mapped", pfn))
                        return -EINVAL;
        }
+        WARN_ON(PagePrivate(page));
+        SetPagePrivate(page);
+        set_page_private(page, mfn);
+        page->index = pfn_to_mfn(pfn);
+        if (unlikely(!set_phys_to_machine(pfn, FOREIGN_FRAME(mfn))))
+                return -ENOMEM;
        if (kmap_op != NULL) {
                if (!PageHighMem(page)) {
@@ -937,16 +944,19 @@ int m2p_add_override(unsigned long mfn, struct page *page,
 }
 EXPORT_SYMBOL_GPL(m2p_add_override);
 int m2p_remove_override(struct page *page,
-                        struct gnttab_map_grant_ref *kmap_op,
+                struct gnttab_map_grant_ref *kmap_op)
-                        unsigned long mfn)
 {
        unsigned long flags;
+        unsigned long mfn;
        unsigned long pfn;
        unsigned long uninitialized_var(address);
        unsigned level;
        pte_t *ptep = NULL;
        pfn = page_to_pfn(page);
+        mfn = get_phys_to_machine(pfn);
+        if (mfn == INVALID_P2M_ENTRY || !(mfn & FOREIGN_FRAME_BIT))
+                return -EINVAL;
        if (!PageHighMem(page)) {
                address = (unsigned long)__va(pfn << PAGE_SHIFT);
@@ -960,7 +970,10 @@ int m2p_remove_override(struct page *page,
        spin_lock_irqsave(&m2p_override_lock, flags);
        list_del(&page->lru);
        spin_unlock_irqrestore(&m2p_override_lock, flags);
+        WARN_ON(!PagePrivate(page));
+        ClearPagePrivate(page);
+        set_phys_to_machine(pfn, page->index);
        if (kmap_op != NULL) {
                if (!PageHighMem(page)) {
                        struct multicall_space mcs;