59 files changed, 956 insertions, 469 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index ee2fb9d37745..5cd6eea9b7b3 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -123,6 +123,7 @@ config X86
        select COMPAT_OLD_SIGACTION if IA32_EMULATION
        select RTC_LIB
        select HAVE_DEBUG_STACKOVERFLOW
+        select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
 config INSTRUCTION_DECODER
        def_bool y
@@ -860,7 +861,7 @@ source "kernel/Kconfig.preempt"
 config X86_UP_APIC
        bool "Local APIC support on uniprocessors"
-        depends on X86_32 && !SMP && !X86_32_NON_STANDARD
+        depends on X86_32 && !SMP && !X86_32_NON_STANDARD && !PCI_MSI
        ---help---
          A local APIC (Advanced Programmable Interrupt Controller) is an
          integrated interrupt controller in the CPU. If you have a single-CPU
@@ -885,11 +886,11 @@ config X86_UP_IOAPIC
 config X86_LOCAL_APIC
        def_bool y
-        depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC
+        depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI
 config X86_IO_APIC
        def_bool y
-        depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_IOAPIC
+        depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_IOAPIC || PCI_MSI
 config X86_VISWS_APIC
        def_bool y
@@ -1033,6 +1034,7 @@ config X86_REBOOTFIXUPS
 config MICROCODE
        tristate "CPU microcode loading support"
+        depends on CPU_SUP_AMD || CPU_SUP_INTEL
        select FW_LOADER
        ---help---
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
index 379814bc41e3..dce69a256896 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -71,7 +71,8 @@ GCOV_PROFILE := n
 $(obj)/bzImage: asflags-y  := $(SVGA_MODE)
 quiet_cmd_image = BUILD   $@
-cmd_image = $(obj)/tools/build $(obj)/setup.bin $(obj)/vmlinux.bin $(obj)/zoffset.h > $@
+cmd_image = $(obj)/tools/build $(obj)/setup.bin $(obj)/vmlinux.bin \
+                               $(obj)/zoffset.h $@
 $(obj)/bzImage: $(obj)/setup.bin $(obj)/vmlinux.bin $(obj)/tools/build FORCE
        $(call if_changed,image)
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index c941d6a8887f..8e15b22391fc 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -5,14 +5,15 @@
 */
 /*
- * This file builds a disk-image from two different files:
+ * This file builds a disk-image from three different files:
 *
 * - setup: 8086 machine code, sets up system parm
 * - system: 80386 code for actual system
+ * - zoffset.h: header with ZO_* defines
 *
- * It does some checking that all files are of the correct type, and
+ * It does some checking that all files are of the correct type, and writes
- * just writes the result to stdout, removing headers and padding to
+ * the result to the specified destination, removing headers and padding to
- * the right amount. It also writes some system data to stderr.
+ * the right amount. It also writes some system data to stdout.
 */
 /*
@@ -136,7 +137,7 @@ static void die(const char * str, ...)
 static void usage(void)
 {
-        die("Usage: build setup system [zoffset.h] [> image]");
+        die("Usage: build setup system zoffset.h image");
 }
 #ifdef CONFIG_EFI_STUB
@@ -265,7 +266,7 @@ int main(int argc, char ** argv)
        int c;
        u32 sys_size;
        struct stat sb;
-        FILE *file;
+        FILE *file, *dest;
        int fd;
        void *kernel;
        u32 crc = 0xffffffffUL;
@@ -280,10 +281,13 @@ int main(int argc, char ** argv)
        startup_64 = 0x200;
 #endif
-        if (argc == 4)
+        if (argc != 5)
-                parse_zoffset(argv[3]);
-        else if (argc != 3)
                usage();
+        parse_zoffset(argv[3]);
+        dest = fopen(argv[4], "w");
+        if (!dest)
+                die("Unable to write `%s': %m", argv[4]);
        /* Copy the setup code */
        file = fopen(argv[1], "r");
@@ -318,7 +322,7 @@ int main(int argc, char ** argv)
        /* Set the default root device */
        put_unaligned_le16(DEFAULT_ROOT_DEV, &buf[508]);
-        fprintf(stderr, "Setup is %d bytes (padded to %d bytes).\n", c, i);
+        printf("Setup is %d bytes (padded to %d bytes).\n", c, i);
        /* Open and stat the kernel file */
        fd = open(argv[2], O_RDONLY);
@@ -327,7 +331,7 @@ int main(int argc, char ** argv)
        if (fstat(fd, &sb))
                die("Unable to stat `%s': %m", argv[2]);
        sz = sb.st_size;
-        fprintf (stderr, "System is %d kB\n", (sz+1023)/1024);
+        printf("System is %d kB\n", (sz+1023)/1024);
        kernel = mmap(NULL, sz, PROT_READ, MAP_SHARED, fd, 0);
        if (kernel == MAP_FAILED)
                die("Unable to mmap '%s': %m", argv[2]);
@@ -348,27 +352,31 @@ int main(int argc, char ** argv)
 #endif
        crc = partial_crc32(buf, i, crc);
-        if (fwrite(buf, 1, i, stdout) != i)
+        if (fwrite(buf, 1, i, dest) != i)
                die("Writing setup failed");
        /* Copy the kernel code */
        crc = partial_crc32(kernel, sz, crc);
-        if (fwrite(kernel, 1, sz, stdout) != sz)
+        if (fwrite(kernel, 1, sz, dest) != sz)
                die("Writing kernel failed");
        /* Add padding leaving 4 bytes for the checksum */
        while (sz++ < (sys_size*16) - 4) {
                crc = partial_crc32_one('\0', crc);
-                if (fwrite("\0", 1, 1, stdout) != 1)
+                if (fwrite("\0", 1, 1, dest) != 1)
                        die("Writing padding failed");
        }
        /* Write the CRC */
-        fprintf(stderr, "CRC %x\n", crc);
+        printf("CRC %x\n", crc);
        put_unaligned_le32(crc, buf);
-        if (fwrite(buf, 1, 4, stdout) != 4)
+        if (fwrite(buf, 1, 4, dest) != 4)
                die("Writing CRC failed");
+        /* Catch any delayed write failures */
+        if (fclose(dest))
+                die("Writing image failed");
        close(fd);
        /* Everything is OK */
diff --git a/arch/x86/configs/i386_defconfig b/arch/x86/configs/i386_defconfig
index 94447086e551..a7fef2621cc9 100644
--- a/arch/x86/configs/i386_defconfig
+++ b/arch/x86/configs/i386_defconfig
@@ -142,6 +142,8 @@ CONFIG_MAC80211=y
 CONFIG_MAC80211_LEDS=y
 CONFIG_RFKILL=y
 CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
 CONFIG_DEBUG_DEVRES=y
 CONFIG_CONNECTOR=y
 CONFIG_BLK_DEV_LOOP=y
diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig
index 671524d0f6c0..c1119d4c1281 100644
--- a/arch/x86/configs/x86_64_defconfig
+++ b/arch/x86/configs/x86_64_defconfig
@@ -141,6 +141,8 @@ CONFIG_MAC80211=y
 CONFIG_MAC80211_LEDS=y
 CONFIG_RFKILL=y
 CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
 CONFIG_DEBUG_DEVRES=y
 CONFIG_CONNECTOR=y
 CONFIG_BLK_DEV_LOOP=y
diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
index 722aa3b04624..da31c8b8a92d 100644
--- a/arch/x86/include/asm/atomic.h
+++ b/arch/x86/include/asm/atomic.h
@@ -6,6 +6,7 @@
 #include <asm/processor.h>
 #include <asm/alternative.h>
 #include <asm/cmpxchg.h>
+#include <asm/rmwcc.h>
 /*
 * Atomic operations that C can't guarantee us.  Useful for
@@ -76,12 +77,7 @@ static inline void atomic_sub(int i, atomic_t *v)
 */
 static inline int atomic_sub_and_test(int i, atomic_t *v)
 {
-        unsigned char c;
+        GEN_BINARY_RMWcc(LOCK_PREFIX "subl", v->counter, i, "%0", "e");
-        asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
-                     : "+m" (v->counter), "=qm" (c)
-                     : "ir" (i) : "memory");
-        return c;
 }
 /**
@@ -118,12 +114,7 @@ static inline void atomic_dec(atomic_t *v)
 */
 static inline int atomic_dec_and_test(atomic_t *v)
 {
-        unsigned char c;
+        GEN_UNARY_RMWcc(LOCK_PREFIX "decl", v->counter, "%0", "e");
-        asm volatile(LOCK_PREFIX "decl %0; sete %1"
-                     : "+m" (v->counter), "=qm" (c)
-                     : : "memory");
-        return c != 0;
 }
 /**
@@ -136,12 +127,7 @@ static inline int atomic_dec_and_test(atomic_t *v)
 */
 static inline int atomic_inc_and_test(atomic_t *v)
 {
-        unsigned char c;
+        GEN_UNARY_RMWcc(LOCK_PREFIX "incl", v->counter, "%0", "e");
-        asm volatile(LOCK_PREFIX "incl %0; sete %1"
-                     : "+m" (v->counter), "=qm" (c)
-                     : : "memory");
-        return c != 0;
 }
 /**
@@ -155,12 +141,7 @@ static inline int atomic_inc_and_test(atomic_t *v)
 */
 static inline int atomic_add_negative(int i, atomic_t *v)
 {
-        unsigned char c;
+        GEN_BINARY_RMWcc(LOCK_PREFIX "addl", v->counter, i, "%0", "s");
-        asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
-                     : "+m" (v->counter), "=qm" (c)
-                     : "ir" (i) : "memory");
-        return c;
 }
 /**
diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
index 0e1cbfc8ee06..3f065c985aee 100644
--- a/arch/x86/include/asm/atomic64_64.h
+++ b/arch/x86/include/asm/atomic64_64.h
@@ -72,12 +72,7 @@ static inline void atomic64_sub(long i, atomic64_t *v)
 */
 static inline int atomic64_sub_and_test(long i, atomic64_t *v)
 {
-        unsigned char c;
+        GEN_BINARY_RMWcc(LOCK_PREFIX "subq", v->counter, i, "%0", "e");
-        asm volatile(LOCK_PREFIX "subq %2,%0; sete %1"
-                     : "=m" (v->counter), "=qm" (c)
-                     : "er" (i), "m" (v->counter) : "memory");
-        return c;
 }
 /**
@@ -116,12 +111,7 @@ static inline void atomic64_dec(atomic64_t *v)
 */
 static inline int atomic64_dec_and_test(atomic64_t *v)
 {
-        unsigned char c;
+        GEN_UNARY_RMWcc(LOCK_PREFIX "decq", v->counter, "%0", "e");
-        asm volatile(LOCK_PREFIX "decq %0; sete %1"
-                     : "=m" (v->counter), "=qm" (c)
-                     : "m" (v->counter) : "memory");
-        return c != 0;
 }
 /**
@@ -134,12 +124,7 @@ static inline int atomic64_dec_and_test(atomic64_t *v)
 */
 static inline int atomic64_inc_and_test(atomic64_t *v)
 {
-        unsigned char c;
+        GEN_UNARY_RMWcc(LOCK_PREFIX "incq", v->counter, "%0", "e");
-        asm volatile(LOCK_PREFIX "incq %0; sete %1"
-                     : "=m" (v->counter), "=qm" (c)
-                     : "m" (v->counter) : "memory");
-        return c != 0;
 }
 /**
@@ -153,12 +138,7 @@ static inline int atomic64_inc_and_test(atomic64_t *v)
 */
 static inline int atomic64_add_negative(long i, atomic64_t *v)
 {
-        unsigned char c;
+        GEN_BINARY_RMWcc(LOCK_PREFIX "addq", v->counter, i, "%0", "s");
-        asm volatile(LOCK_PREFIX "addq %2,%0; sets %1"
-                     : "=m" (v->counter), "=qm" (c)
-                     : "er" (i), "m" (v->counter) : "memory");
-        return c;
 }
 /**
diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
index 41639ce8fd63..6d76d0935989 100644
--- a/arch/x86/include/asm/bitops.h
+++ b/arch/x86/include/asm/bitops.h
@@ -14,6 +14,7 @@
 #include <linux/compiler.h>
 #include <asm/alternative.h>
+#include <asm/rmwcc.h>
 #if BITS_PER_LONG == 32
 # define _BITOPS_LONG_SHIFT 5
@@ -204,12 +205,7 @@ static inline void change_bit(long nr, volatile unsigned long *addr)
 */
 static inline int test_and_set_bit(long nr, volatile unsigned long *addr)
 {
-        int oldbit;
+        GEN_BINARY_RMWcc(LOCK_PREFIX "bts", *addr, nr, "%0", "c");
-        asm volatile(LOCK_PREFIX "bts %2,%1\n\t"
-                     "sbb %0,%0" : "=r" (oldbit), ADDR : "Ir" (nr) : "memory");
-        return oldbit;
 }
 /**
@@ -255,13 +251,7 @@ static inline int __test_and_set_bit(long nr, volatile unsigned long *addr)
 */
 static inline int test_and_clear_bit(long nr, volatile unsigned long *addr)
 {
-        int oldbit;
+        GEN_BINARY_RMWcc(LOCK_PREFIX "btr", *addr, nr, "%0", "c");
-        asm volatile(LOCK_PREFIX "btr %2,%1\n\t"
-                     "sbb %0,%0"
-                     : "=r" (oldbit), ADDR : "Ir" (nr) : "memory");
-        return oldbit;
 }
 /**
@@ -314,13 +304,7 @@ static inline int __test_and_change_bit(long nr, volatile unsigned long *addr)
 */
 static inline int test_and_change_bit(long nr, volatile unsigned long *addr)
 {
-        int oldbit;
+        GEN_BINARY_RMWcc(LOCK_PREFIX "btc", *addr, nr, "%0", "c");
-        asm volatile(LOCK_PREFIX "btc %2,%1\n\t"
-                     "sbb %0,%0"
-                     : "=r" (oldbit), ADDR : "Ir" (nr) : "memory");
-        return oldbit;
 }
 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr)
diff --git a/arch/x86/include/asm/calling.h b/arch/x86/include/asm/calling.h
index 0fa675033912..cb4c73bfeb48 100644
--- a/arch/x86/include/asm/calling.h
+++ b/arch/x86/include/asm/calling.h
@@ -48,6 +48,8 @@ For 32-bit we have the following conventions - kernel is built with
 #include <asm/dwarf2.h>
+#ifdef CONFIG_X86_64
 /*
 * 64-bit system call stack frame layout defines and helpers,
 * for assembly code:
@@ -192,3 +194,51 @@ For 32-bit we have the following conventions - kernel is built with
        .macro icebp
        .byte 0xf1
        .endm
+#else /* CONFIG_X86_64 */
+/*
+ * For 32bit only simplified versions of SAVE_ALL/RESTORE_ALL. These
+ * are different from the entry_32.S versions in not changing the segment
+ * registers. So only suitable for in kernel use, not when transitioning
+ * from or to user space. The resulting stack frame is not a standard
+ * pt_regs frame. The main use case is calling C code from assembler
+ * when all the registers need to be preserved.
+ */
+        .macro SAVE_ALL
+        pushl_cfi %eax
+        CFI_REL_OFFSET eax, 0
+        pushl_cfi %ebp
+        CFI_REL_OFFSET ebp, 0
+        pushl_cfi %edi
+        CFI_REL_OFFSET edi, 0
+        pushl_cfi %esi
+        CFI_REL_OFFSET esi, 0
+        pushl_cfi %edx
+        CFI_REL_OFFSET edx, 0
+        pushl_cfi %ecx
+        CFI_REL_OFFSET ecx, 0
+        pushl_cfi %ebx
+        CFI_REL_OFFSET ebx, 0
+        .endm
+        .macro RESTORE_ALL
+        popl_cfi %ebx
+        CFI_RESTORE ebx
+        popl_cfi %ecx
+        CFI_RESTORE ecx
+        popl_cfi %edx
+        CFI_RESTORE edx
+        popl_cfi %esi
+        CFI_RESTORE esi
+        popl_cfi %edi
+        CFI_RESTORE edi
+        popl_cfi %ebp
+        CFI_RESTORE ebp
+        popl_cfi %eax
+        CFI_RESTORE eax
+        .endm
+#endif /* CONFIG_X86_64 */
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index d3f5c63078d8..89270b4318db 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -374,7 +374,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
                 * Catch too early usage of this before alternatives
                 * have run.
                 */
-                asm goto("1: jmp %l[t_warn]\n"
+                asm_volatile_goto("1: jmp %l[t_warn]\n"
                         "2:\n"
                         ".section .altinstructions,\"a\"\n"
                         " .long 1b - .\n"
@@ -388,7 +388,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
 #endif
-                asm goto("1: jmp %l[t_no]\n"
+                asm_volatile_goto("1: jmp %l[t_no]\n"
                         "2:\n"
                         ".section .altinstructions,\"a\"\n"
                         " .long 1b - .\n"
@@ -453,7 +453,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
 * have. Thus, we force the jump to the widest, 4-byte, signed relative
 * offset even though the last would often fit in less bytes.
 */
-                asm goto("1: .byte 0xe9\n .long %l[t_dynamic] - 2f\n"
+                asm_volatile_goto("1: .byte 0xe9\n .long %l[t_dynamic] - 2f\n"
                         "2:\n"
                         ".section .altinstructions,\"a\"\n"
                         " .long 1b - .\n"              /* src offset */
diff --git a/arch/x86/include/asm/jump_label.h b/arch/x86/include/asm/jump_label.h
index 64507f35800c..6a2cefb4395a 100644
--- a/arch/x86/include/asm/jump_label.h
+++ b/arch/x86/include/asm/jump_label.h
@@ -18,7 +18,7 @@
 static __always_inline bool arch_static_branch(struct static_key *key)
 {
-        asm goto("1:"
+        asm_volatile_goto("1:"
                ".byte " __stringify(STATIC_KEY_INIT_NOP) "\n\t"
                ".pushsection __jump_table,  \"aw\" \n\t"
                _ASM_ALIGN "\n\t"
diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h
index 2d89e3980cbd..5b23e605e707 100644
--- a/arch/x86/include/asm/local.h
+++ b/arch/x86/include/asm/local.h
@@ -52,12 +52,7 @@ static inline void local_sub(long i, local_t *l)
 */
 static inline int local_sub_and_test(long i, local_t *l)
 {
-        unsigned char c;
+        GEN_BINARY_RMWcc(_ASM_SUB, l->a.counter, i, "%0", "e");
-        asm volatile(_ASM_SUB "%2,%0; sete %1"
-                     : "+m" (l->a.counter), "=qm" (c)
-                     : "ir" (i) : "memory");
-        return c;
 }
 /**
@@ -70,12 +65,7 @@ static inline int local_sub_and_test(long i, local_t *l)
 */
 static inline int local_dec_and_test(local_t *l)
 {
-        unsigned char c;
+        GEN_UNARY_RMWcc(_ASM_DEC, l->a.counter, "%0", "e");
-        asm volatile(_ASM_DEC "%0; sete %1"
-                     : "+m" (l->a.counter), "=qm" (c)
-                     : : "memory");
-        return c != 0;
 }
 /**
@@ -88,12 +78,7 @@ static inline int local_dec_and_test(local_t *l)
 */
 static inline int local_inc_and_test(local_t *l)
 {
-        unsigned char c;
+        GEN_UNARY_RMWcc(_ASM_INC, l->a.counter, "%0", "e");
-        asm volatile(_ASM_INC "%0; sete %1"
-                     : "+m" (l->a.counter), "=qm" (c)
-                     : : "memory");
-        return c != 0;
 }
 /**
@@ -107,12 +92,7 @@ static inline int local_inc_and_test(local_t *l)
 */
 static inline int local_add_negative(long i, local_t *l)
 {
-        unsigned char c;
+        GEN_BINARY_RMWcc(_ASM_ADD, l->a.counter, i, "%0", "s");
-        asm volatile(_ASM_ADD "%2,%0; sets %1"
-                     : "+m" (l->a.counter), "=qm" (c)
-                     : "ir" (i) : "memory");
-        return c;
 }
 /**
diff --git a/arch/x86/include/asm/misc.h b/arch/x86/include/asm/misc.h
new file mode 100644
index 000000000000..475f5bbc7f53
--- /dev/null
+++ b/arch/x86/include/asm/misc.h
@@ -0,0 +1,6 @@
+#ifndef _ASM_X86_MISC_H
+#define _ASM_X86_MISC_H
+int num_digits(int val);
+#endif /* _ASM_X86_MISC_H */
diff --git a/arch/x86/include/asm/mutex_64.h b/arch/x86/include/asm/mutex_64.h
index e7e6751648ed..07537a44216e 100644
--- a/arch/x86/include/asm/mutex_64.h
+++ b/arch/x86/include/asm/mutex_64.h
@@ -20,7 +20,7 @@
 static inline void __mutex_fastpath_lock(atomic_t *v,
                                         void (*fail_fn)(atomic_t *))
 {
-        asm volatile goto(LOCK_PREFIX "   decl %0\n"
+        asm_volatile_goto(LOCK_PREFIX "   decl %0\n"
                          "   jns %l[exit]\n"
                          : : "m" (v->counter)
                          : "memory", "cc"
@@ -75,7 +75,7 @@ static inline int __mutex_fastpath_lock_retval(atomic_t *count)
 static inline void __mutex_fastpath_unlock(atomic_t *v,
                                           void (*fail_fn)(atomic_t *))
 {
-        asm volatile goto(LOCK_PREFIX "   incl %0\n"
+        asm_volatile_goto(LOCK_PREFIX "   incl %0\n"
                          "   jg %l[exit]\n"
                          : : "m" (v->counter)
                          : "memory", "cc"
diff --git a/arch/x86/include/asm/percpu.h b/arch/x86/include/asm/percpu.h
index 0da5200ee79d..b3e18f800302 100644
--- a/arch/x86/include/asm/percpu.h
+++ b/arch/x86/include/asm/percpu.h
@@ -128,7 +128,8 @@ do {							\
 do {                                                                    \
        typedef typeof(var) pao_T__;                                    \
        const int pao_ID__ = (__builtin_constant_p(val) &&              \
-                              ((val) == 1 || (val) == -1)) ? (val) : 0; \
+                              ((val) == 1 || (val) == -1)) ?            \
+                                (int)(val) : 0;                         \
        if (0) {                                                        \
                pao_T__ pao_tmp__;                                      \
                pao_tmp__ = (val);                                      \
diff --git a/arch/x86/include/asm/preempt.h b/arch/x86/include/asm/preempt.h
new file mode 100644
index 000000000000..8729723636fd
--- /dev/null
+++ b/arch/x86/include/asm/preempt.h
@@ -0,0 +1,100 @@
+#ifndef __ASM_PREEMPT_H
+#define __ASM_PREEMPT_H
+#include <asm/rmwcc.h>
+#include <asm/percpu.h>
+#include <linux/thread_info.h>
+DECLARE_PER_CPU(int, __preempt_count);
+/*
+ * We mask the PREEMPT_NEED_RESCHED bit so as not to confuse all current users
+ * that think a non-zero value indicates we cannot preempt.
+ */
+static __always_inline int preempt_count(void)
+{
+        return __this_cpu_read_4(__preempt_count) & ~PREEMPT_NEED_RESCHED;
+}
+static __always_inline void preempt_count_set(int pc)
+{
+        __this_cpu_write_4(__preempt_count, pc);
+}
+/*
+ * must be macros to avoid header recursion hell
+ */
+#define task_preempt_count(p) \
+        (task_thread_info(p)->saved_preempt_count & ~PREEMPT_NEED_RESCHED)
+#define init_task_preempt_count(p) do { \
+        task_thread_info(p)->saved_preempt_count = PREEMPT_DISABLED; \
+} while (0)
+#define init_idle_preempt_count(p, cpu) do { \
+        task_thread_info(p)->saved_preempt_count = PREEMPT_ENABLED; \
+        per_cpu(__preempt_count, (cpu)) = PREEMPT_ENABLED; \
+} while (0)
+/*
+ * We fold the NEED_RESCHED bit into the preempt count such that
+ * preempt_enable() can decrement and test for needing to reschedule with a
+ * single instruction.
+ *
+ * We invert the actual bit, so that when the decrement hits 0 we know we both
+ * need to resched (the bit is cleared) and can resched (no preempt count).
+ */
+static __always_inline void set_preempt_need_resched(void)
+{
+        __this_cpu_and_4(__preempt_count, ~PREEMPT_NEED_RESCHED);
+}
+static __always_inline void clear_preempt_need_resched(void)
+{
+        __this_cpu_or_4(__preempt_count, PREEMPT_NEED_RESCHED);
+}
+static __always_inline bool test_preempt_need_resched(void)
+{
+        return !(__this_cpu_read_4(__preempt_count) & PREEMPT_NEED_RESCHED);
+}
+/*
+ * The various preempt_count add/sub methods
+ */
+static __always_inline void __preempt_count_add(int val)
+{
+        __this_cpu_add_4(__preempt_count, val);
+}
+static __always_inline void __preempt_count_sub(int val)
+{
+        __this_cpu_add_4(__preempt_count, -val);
+}
+static __always_inline bool __preempt_count_dec_and_test(void)
+{
+        GEN_UNARY_RMWcc("decl", __preempt_count, __percpu_arg(0), "e");
+}
+/*
+ * Returns true when we need to resched and can (barring IRQ state).
+ */
+static __always_inline bool should_resched(void)
+{
+        return unlikely(!__this_cpu_read_4(__preempt_count));
+}
+#ifdef CONFIG_PREEMPT
+  extern asmlinkage void ___preempt_schedule(void);
+# define __preempt_schedule() asm ("call ___preempt_schedule")
+  extern asmlinkage void preempt_schedule(void);
+# ifdef CONFIG_CONTEXT_TRACKING
+    extern asmlinkage void ___preempt_schedule_context(void);
+#   define __preempt_schedule_context() asm ("call ___preempt_schedule_context")
+# endif
+#endif
+#endif /* __ASM_PREEMPT_H */
diff --git a/arch/x86/include/asm/rmwcc.h b/arch/x86/include/asm/rmwcc.h
new file mode 100644
index 000000000000..1ff990f1de8e
--- /dev/null
+++ b/arch/x86/include/asm/rmwcc.h
@@ -0,0 +1,41 @@
+#ifndef _ASM_X86_RMWcc
+#define _ASM_X86_RMWcc
+#ifdef CC_HAVE_ASM_GOTO
+#define __GEN_RMWcc(fullop, var, cc, ...)                               \
+do {                                                                    \
+        asm_volatile_goto (fullop "; j" cc " %l[cc_label]"              \
+                        : : "m" (var), ## __VA_ARGS__                   \
+                        : "memory" : cc_label);                         \
+        return 0;                                                       \
+cc_label:                                                               \
+        return 1;                                                       \
+} while (0)
+#define GEN_UNARY_RMWcc(op, var, arg0, cc)                              \
+        __GEN_RMWcc(op " " arg0, var, cc)
+#define GEN_BINARY_RMWcc(op, var, val, arg0, cc)                        \
+        __GEN_RMWcc(op " %1, " arg0, var, cc, "er" (val))
+#else /* !CC_HAVE_ASM_GOTO */
+#define __GEN_RMWcc(fullop, var, cc, ...)                               \
+do {                                                                    \
+        char c;                                                         \
+        asm volatile (fullop "; set" cc " %1"                           \
+                        : "+m" (var), "=qm" (c)                         \
+                        : __VA_ARGS__ : "memory");                      \
+        return c != 0;                                                  \
+} while (0)
+#define GEN_UNARY_RMWcc(op, var, arg0, cc)                              \
+        __GEN_RMWcc(op " " arg0, var, cc)
+#define GEN_BINARY_RMWcc(op, var, val, arg0, cc)                        \
+        __GEN_RMWcc(op " %2, " arg0, var, cc, "er" (val))
+#endif /* CC_HAVE_ASM_GOTO */
+#endif /* _ASM_X86_RMWcc */
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 27811190cbd7..c46a46be1ec6 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -28,8 +28,7 @@ struct thread_info {
        __u32                   flags;          /* low level flags */
        __u32                   status;         /* thread synchronous flags */
        __u32                   cpu;            /* current CPU */
-        int                     preempt_count;  /* 0 => preemptable,
+        int                     saved_preempt_count;
-                                                   <0 => BUG */
        mm_segment_t            addr_limit;
        struct restart_block    restart_block;
        void __user             *sysenter_return;
@@ -49,7 +48,7 @@ struct thread_info {
        .exec_domain    = &default_exec_domain, \
        .flags          = 0,                    \
        .cpu            = 0,                    \
-        .preempt_count  = INIT_PREEMPT_COUNT,   \
+        .saved_preempt_count = INIT_PREEMPT_COUNT,      \
        .addr_limit     = KERNEL_DS,            \
        .restart_block = {                      \
                .fn = do_no_restart_syscall,    \
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 5838fa911aa0..8ec57c07b125 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -542,5 +542,103 @@ extern struct movsl_mask {
 # include <asm/uaccess_64.h>
 #endif
+unsigned long __must_check _copy_from_user(void *to, const void __user *from,
+                                           unsigned n);
+unsigned long __must_check _copy_to_user(void __user *to, const void *from,
+                                         unsigned n);
+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+# define copy_user_diag __compiletime_error
+#else
+# define copy_user_diag __compiletime_warning
+#endif
+extern void copy_user_diag("copy_from_user() buffer size is too small")
+copy_from_user_overflow(void);
+extern void copy_user_diag("copy_to_user() buffer size is too small")
+copy_to_user_overflow(void) __asm__("copy_from_user_overflow");
+#undef copy_user_diag
+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+extern void
+__compiletime_warning("copy_from_user() buffer size is not provably correct")
+__copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
+#define __copy_from_user_overflow(size, count) __copy_from_user_overflow()
+extern void
+__compiletime_warning("copy_to_user() buffer size is not provably correct")
+__copy_to_user_overflow(void) __asm__("copy_from_user_overflow");
+#define __copy_to_user_overflow(size, count) __copy_to_user_overflow()
+#else
+static inline void
+__copy_from_user_overflow(int size, unsigned long count)
+{
+        WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count);
+}
+#define __copy_to_user_overflow __copy_from_user_overflow
+#endif
+static inline unsigned long __must_check
+copy_from_user(void *to, const void __user *from, unsigned long n)
+{
+        int sz = __compiletime_object_size(to);
+        might_fault();
+        /*
+         * While we would like to have the compiler do the checking for us
+         * even in the non-constant size case, any false positives there are
+         * a problem (especially when DEBUG_STRICT_USER_COPY_CHECKS, but even
+         * without - the [hopefully] dangerous looking nature of the warning
+         * would make people go look at the respecitive call sites over and
+         * over again just to find that there's no problem).
+         *
+         * And there are cases where it's just not realistic for the compiler
+         * to prove the count to be in range. For example when multiple call
+         * sites of a helper function - perhaps in different source files -
+         * all doing proper range checking, yet the helper function not doing
+         * so again.
+         *
+         * Therefore limit the compile time checking to the constant size
+         * case, and do only runtime checking for non-constant sizes.
+         */
+        if (likely(sz < 0 || sz >= n))
+                n = _copy_from_user(to, from, n);
+        else if(__builtin_constant_p(n))
+                copy_from_user_overflow();
+        else
+                __copy_from_user_overflow(sz, n);
+        return n;
+}
+static inline unsigned long __must_check
+copy_to_user(void __user *to, const void *from, unsigned long n)
+{
+        int sz = __compiletime_object_size(from);
+        might_fault();
+        /* See the comment in copy_from_user() above. */
+        if (likely(sz < 0 || sz >= n))
+                n = _copy_to_user(to, from, n);
+        else if(__builtin_constant_p(n))
+                copy_to_user_overflow();
+        else
+                __copy_to_user_overflow(sz, n);
+        return n;
+}
+#undef __copy_from_user_overflow
+#undef __copy_to_user_overflow
 #endif /* _ASM_X86_UACCESS_H */
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
index 7f760a9f1f61..3c03a5de64d3 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
@@ -184,33 +184,4 @@ __copy_from_user_inatomic_nocache(void *to, const void __user *from,
       return __copy_from_user_ll_nocache_nozero(to, from, n);
 }
-unsigned long __must_check copy_to_user(void __user *to,
-                                        const void *from, unsigned long n);
-unsigned long __must_check _copy_from_user(void *to,
-                                          const void __user *from,
-                                          unsigned long n);
-extern void copy_from_user_overflow(void)
-#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
-        __compiletime_error("copy_from_user() buffer size is not provably correct")
-#else
-        __compiletime_warning("copy_from_user() buffer size is not provably correct")
-#endif
-;
-static inline unsigned long __must_check copy_from_user(void *to,
-                                          const void __user *from,
-                                          unsigned long n)
-{
-        int sz = __compiletime_object_size(to);
-        if (likely(sz == -1 || sz >= n))
-                n = _copy_from_user(to, from, n);
-        else
-                copy_from_user_overflow();
-        return n;
-}
 #endif /* _ASM_X86_UACCESS_32_H */
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index 4f7923dd0007..0acae710fa00 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -46,36 +46,8 @@ copy_user_generic(void *to, const void *from, unsigned len)
 }
 __must_check unsigned long
-_copy_to_user(void __user *to, const void *from, unsigned len);
-__must_check unsigned long
-_copy_from_user(void *to, const void __user *from, unsigned len);
-__must_check unsigned long
 copy_in_user(void __user *to, const void __user *from, unsigned len);
-static inline unsigned long __must_check copy_from_user(void *to,
-                                          const void __user *from,
-                                          unsigned long n)
-{
-        int sz = __compiletime_object_size(to);
-        might_fault();
-        if (likely(sz == -1 || sz >= n))
-                n = _copy_from_user(to, from, n);
-#ifdef CONFIG_DEBUG_VM
-        else
-                WARN(1, "Buffer overflow detected!\n");
-#endif
-        return n;
-}
-static __always_inline __must_check
-int copy_to_user(void __user *dst, const void *src, unsigned size)
-{
-        might_fault();
-        return _copy_to_user(dst, src, size);
-}
 static __always_inline __must_check
 int __copy_from_user(void *dst, const void __user *src, unsigned size)
 {
diff --git a/arch/x86/include/asm/uprobes.h b/arch/x86/include/asm/uprobes.h
index 6e5197910fd8..3087ea9c5f2e 100644
--- a/arch/x86/include/asm/uprobes.h
+++ b/arch/x86/include/asm/uprobes.h
@@ -35,7 +35,10 @@ typedef u8 uprobe_opcode_t;
 struct arch_uprobe {
        u16                             fixups;
-        u8                              insn[MAX_UINSN_BYTES];
+        union {
+                u8                      insn[MAX_UINSN_BYTES];
+                u8                      ixol[MAX_UINSN_BYTES];
+        };
 #ifdef CONFIG_X86_64
        unsigned long                   rip_rela_target_address;
 #endif
@@ -49,11 +52,4 @@ struct arch_uprobe_task {
        unsigned int                    saved_tf;
 };
-extern int  arch_uprobe_analyze_insn(struct arch_uprobe *aup, struct mm_struct *mm, unsigned long addr);
-extern int  arch_uprobe_pre_xol(struct arch_uprobe *aup, struct pt_regs *regs);
-extern int  arch_uprobe_post_xol(struct arch_uprobe *aup, struct pt_regs *regs);
-extern bool arch_uprobe_xol_was_trapped(struct task_struct *tsk);
-extern int  arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, void *data);
-extern void arch_uprobe_abort_xol(struct arch_uprobe *aup, struct pt_regs *regs);
-extern unsigned long arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, struct pt_regs *regs);
 #endif  /* _ASM_UPROBES_H */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index a5408b965c9d..9b0a34e2cd79 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -36,6 +36,8 @@ obj-y			+= tsc.o io_delay.o rtc.o
 obj-y                   += pci-iommu_table.o
 obj-y                   += resource.o
+obj-$(CONFIG_PREEMPT)   += preempt.o
 obj-y                           += process.o
 obj-y                           += i387.o xsave.o
 obj-y                           += ptrace.o
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index 1191ac1c9d25..a419814cea57 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -113,7 +113,7 @@ static int __init early_get_pnodeid(void)
                break;
        case UV3_HUB_PART_NUMBER:
        case UV3_HUB_PART_NUMBER_X:
-                uv_min_hub_revision_id += UV3_HUB_REVISION_BASE - 1;
+                uv_min_hub_revision_id += UV3_HUB_REVISION_BASE;
                break;
        }
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
index 28610822fb3c..9f6b9341950f 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -32,7 +32,6 @@ void common(void) {
        OFFSET(TI_flags, thread_info, flags);
        OFFSET(TI_status, thread_info, status);
        OFFSET(TI_addr_limit, thread_info, addr_limit);
-        OFFSET(TI_preempt_count, thread_info, preempt_count);
        BLANK();
        OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx);
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 2793d1f095a2..5223fe6dec7b 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1095,6 +1095,9 @@ DEFINE_PER_CPU(char *, irq_stack_ptr) =
 DEFINE_PER_CPU(unsigned int, irq_count) __visible = -1;
+DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT;
+EXPORT_PER_CPU_SYMBOL(__preempt_count);
 DEFINE_PER_CPU(struct task_struct *, fpu_owner_task);
 /*
@@ -1169,6 +1172,8 @@ void debug_stack_reset(void)
 DEFINE_PER_CPU(struct task_struct *, current_task) = &init_task;
 EXPORT_PER_CPU_SYMBOL(current_task);
+DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT;
+EXPORT_PER_CPU_SYMBOL(__preempt_count);
 DEFINE_PER_CPU(struct task_struct *, fpu_owner_task);
 #ifdef CONFIG_CC_STACKPROTECTOR
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
index 897783b3302a..8e132931614d 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
@@ -1276,16 +1276,16 @@ void perf_events_lapic_init(void)
 static int __kprobes
 perf_event_nmi_handler(unsigned int cmd, struct pt_regs *regs)
 {
-        int ret;
        u64 start_clock;
        u64 finish_clock;
+        int ret;
        if (!atomic_read(&active_events))
                return NMI_DONE;
-        start_clock = local_clock();
+        start_clock = sched_clock();
        ret = x86_pmu.handle_irq(regs);
-        finish_clock = local_clock();
+        finish_clock = sched_clock();
        perf_sample_event_took(finish_clock - start_clock);
@@ -1888,10 +1888,7 @@ void arch_perf_update_userpage(struct perf_event_mmap_page *userpg, u64 now)
        userpg->cap_user_rdpmc = x86_pmu.attr_rdpmc;
        userpg->pmc_width = x86_pmu.cntval_bits;
-        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC))
+        if (!sched_clock_stable)
-                return;
-        if (!boot_cpu_has(X86_FEATURE_NONSTOP_TSC))
                return;
        userpg->cap_user_time = 1;
@@ -1899,10 +1896,8 @@ void arch_perf_update_userpage(struct perf_event_mmap_page *userpg, u64 now)
        userpg->time_shift = CYC2NS_SCALE_FACTOR;
        userpg->time_offset = this_cpu_read(cyc2ns_offset) - now;
-        if (sched_clock_stable && !check_tsc_disabled()) {
+        userpg->cap_user_time_zero = 1;
-                userpg->cap_user_time_zero = 1;
+        userpg->time_zero = this_cpu_read(cyc2ns_offset);
-                userpg->time_zero = this_cpu_read(cyc2ns_offset);
-        }
 }
 /*
@@ -1994,7 +1989,7 @@ perf_callchain_user32(struct pt_regs *regs, struct perf_callchain_entry *entry)
                frame.return_address = 0;
                bytes = copy_from_user_nmi(&frame, fp, sizeof(frame));
-                if (bytes != sizeof(frame))
+                if (bytes != 0)
                        break;
                if (!valid_user_frame(fp, sizeof(frame)))
@@ -2046,7 +2041,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
                frame.return_address = 0;
                bytes = copy_from_user_nmi(&frame, fp, sizeof(frame));
-                if (bytes != sizeof(frame))
+                if (bytes != 0)
                        break;
                if (!valid_user_frame(fp, sizeof(frame)))
diff --git a/arch/x86/kernel/cpu/perf_event.h b/arch/x86/kernel/cpu/perf_event.h
index cc16faae0538..fd00bb29425d 100644
--- a/arch/x86/kernel/cpu/perf_event.h
+++ b/arch/x86/kernel/cpu/perf_event.h
@@ -164,6 +164,11 @@ struct cpu_hw_events {
        struct perf_guest_switch_msr    guest_switch_msrs[X86_PMC_IDX_MAX];
        /*
+         * Intel checkpoint mask
+         */
+        u64                             intel_cp_status;
+        /*
         * manage shared (per-core, per-cpu) registers
         * used on Intel NHM/WSM/SNB
         */
@@ -440,6 +445,7 @@ struct x86_pmu {
        int             lbr_nr;                    /* hardware stack size */
        u64             lbr_sel_mask;              /* LBR_SELECT valid bits */
        const int       *lbr_sel_map;              /* lbr_select mappings */
+        bool            lbr_double_abort;          /* duplicated lbr aborts */
        /*
         * Extra registers for events
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
index f31a1655d1ff..0fa4f242f050 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
@@ -190,9 +190,9 @@ static struct extra_reg intel_snbep_extra_regs[] __read_mostly = {
        EVENT_EXTRA_END
 };
-EVENT_ATTR_STR(mem-loads, mem_ld_nhm, "event=0x0b,umask=0x10,ldlat=3");
+EVENT_ATTR_STR(mem-loads,       mem_ld_nhm,     "event=0x0b,umask=0x10,ldlat=3");
-EVENT_ATTR_STR(mem-loads, mem_ld_snb, "event=0xcd,umask=0x1,ldlat=3");
+EVENT_ATTR_STR(mem-loads,       mem_ld_snb,     "event=0xcd,umask=0x1,ldlat=3");
-EVENT_ATTR_STR(mem-stores, mem_st_snb, "event=0xcd,umask=0x2");
+EVENT_ATTR_STR(mem-stores,      mem_st_snb,     "event=0xcd,umask=0x2");
 struct attribute *nhm_events_attrs[] = {
        EVENT_PTR(mem_ld_nhm),
@@ -1184,6 +1184,11 @@ static void intel_pmu_disable_fixed(struct hw_perf_event *hwc)
        wrmsrl(hwc->config_base, ctrl_val);
 }
+static inline bool event_is_checkpointed(struct perf_event *event)
+{
+        return (event->hw.config & HSW_IN_TX_CHECKPOINTED) != 0;
+}
 static void intel_pmu_disable_event(struct perf_event *event)
 {
        struct hw_perf_event *hwc = &event->hw;
@@ -1197,6 +1202,7 @@ static void intel_pmu_disable_event(struct perf_event *event)
        cpuc->intel_ctrl_guest_mask &= ~(1ull << hwc->idx);
        cpuc->intel_ctrl_host_mask &= ~(1ull << hwc->idx);
+        cpuc->intel_cp_status &= ~(1ull << hwc->idx);
        /*
         * must disable before any actual event
@@ -1271,6 +1277,9 @@ static void intel_pmu_enable_event(struct perf_event *event)
        if (event->attr.exclude_guest)
                cpuc->intel_ctrl_host_mask |= (1ull << hwc->idx);
+        if (unlikely(event_is_checkpointed(event)))
+                cpuc->intel_cp_status |= (1ull << hwc->idx);
        if (unlikely(hwc->config_base == MSR_ARCH_PERFMON_FIXED_CTR_CTRL)) {
                intel_pmu_enable_fixed(hwc);
                return;
@@ -1289,6 +1298,17 @@ static void intel_pmu_enable_event(struct perf_event *event)
 int intel_pmu_save_and_restart(struct perf_event *event)
 {
        x86_perf_event_update(event);
+        /*
+         * For a checkpointed counter always reset back to 0.  This
+         * avoids a situation where the counter overflows, aborts the
+         * transaction and is then set back to shortly before the
+         * overflow, and overflows and aborts again.
+         */
+        if (unlikely(event_is_checkpointed(event))) {
+                /* No race with NMIs because the counter should not be armed */
+                wrmsrl(event->hw.event_base, 0);
+                local64_set(&event->hw.prev_count, 0);
+        }
        return x86_perf_event_set_period(event);
 }
@@ -1372,6 +1392,13 @@ again:
                x86_pmu.drain_pebs(regs);
        }
+        /*
+         * Checkpointed counters can lead to 'spurious' PMIs because the
+         * rollback caused by the PMI will have cleared the overflow status
+         * bit. Therefore always force probe these counters.
+         */
+        status |= cpuc->intel_cp_status;
        for_each_set_bit(bit, (unsigned long *)&status, X86_PMC_IDX_MAX) {
                struct perf_event *event = cpuc->events[bit];
@@ -1837,6 +1864,20 @@ static int hsw_hw_config(struct perf_event *event)
              event->attr.precise_ip > 0))
                return -EOPNOTSUPP;
+        if (event_is_checkpointed(event)) {
+                /*
+                 * Sampling of checkpointed events can cause situations where
+                 * the CPU constantly aborts because of a overflow, which is
+                 * then checkpointed back and ignored. Forbid checkpointing
+                 * for sampling.
+                 *
+                 * But still allow a long sampling period, so that perf stat
+                 * from KVM works.
+                 */
+                if (event->attr.sample_period > 0 &&
+                    event->attr.sample_period < 0x7fffffff)
+                        return -EOPNOTSUPP;
+        }
        return 0;
 }
@@ -2182,10 +2223,36 @@ static __init void intel_nehalem_quirk(void)
        }
 }
-EVENT_ATTR_STR(mem-loads,      mem_ld_hsw,     "event=0xcd,umask=0x1,ldlat=3");
+EVENT_ATTR_STR(mem-loads,       mem_ld_hsw,     "event=0xcd,umask=0x1,ldlat=3");
-EVENT_ATTR_STR(mem-stores,     mem_st_hsw,     "event=0xd0,umask=0x82")
+EVENT_ATTR_STR(mem-stores,      mem_st_hsw,     "event=0xd0,umask=0x82")
+/* Haswell special events */
+EVENT_ATTR_STR(tx-start,        tx_start,       "event=0xc9,umask=0x1");
+EVENT_ATTR_STR(tx-commit,       tx_commit,      "event=0xc9,umask=0x2");
+EVENT_ATTR_STR(tx-abort,        tx_abort,       "event=0xc9,umask=0x4");
+EVENT_ATTR_STR(tx-capacity,     tx_capacity,    "event=0x54,umask=0x2");
+EVENT_ATTR_STR(tx-conflict,     tx_conflict,    "event=0x54,umask=0x1");
+EVENT_ATTR_STR(el-start,        el_start,       "event=0xc8,umask=0x1");
+EVENT_ATTR_STR(el-commit,       el_commit,      "event=0xc8,umask=0x2");
+EVENT_ATTR_STR(el-abort,        el_abort,       "event=0xc8,umask=0x4");
+EVENT_ATTR_STR(el-capacity,     el_capacity,    "event=0x54,umask=0x2");
+EVENT_ATTR_STR(el-conflict,     el_conflict,    "event=0x54,umask=0x1");
+EVENT_ATTR_STR(cycles-t,        cycles_t,       "event=0x3c,in_tx=1");
+EVENT_ATTR_STR(cycles-ct,       cycles_ct,      "event=0x3c,in_tx=1,in_tx_cp=1");
 static struct attribute *hsw_events_attrs[] = {
+        EVENT_PTR(tx_start),
+        EVENT_PTR(tx_commit),
+        EVENT_PTR(tx_abort),
+        EVENT_PTR(tx_capacity),
+        EVENT_PTR(tx_conflict),
+        EVENT_PTR(el_start),
+        EVENT_PTR(el_commit),
+        EVENT_PTR(el_abort),
+        EVENT_PTR(el_capacity),
+        EVENT_PTR(el_conflict),
+        EVENT_PTR(cycles_t),
+        EVENT_PTR(cycles_ct),
        EVENT_PTR(mem_ld_hsw),
        EVENT_PTR(mem_st_hsw),
        NULL
@@ -2452,6 +2519,7 @@ __init int intel_pmu_init(void)
                x86_pmu.hw_config = hsw_hw_config;
                x86_pmu.get_event_constraints = hsw_get_event_constraints;
                x86_pmu.cpu_events = hsw_events_attrs;
+                x86_pmu.lbr_double_abort = true;
                pr_cont("Haswell events, ");
                break;
diff --git a/arch/x86/kernel/cpu/perf_event_intel_ds.c b/arch/x86/kernel/cpu/perf_event_intel_ds.c
index ab3ba1c1b7dd..ae96cfa5eddd 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_ds.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_ds.c
@@ -12,6 +12,7 @@
 #define BTS_BUFFER_SIZE         (PAGE_SIZE << 4)
 #define PEBS_BUFFER_SIZE        PAGE_SIZE
+#define PEBS_FIXUP_SIZE         PAGE_SIZE
 /*
 * pebs_record_32 for p4 and core not supported
@@ -182,18 +183,32 @@ struct pebs_record_nhm {
 * Same as pebs_record_nhm, with two additional fields.
 */
 struct pebs_record_hsw {
-        struct pebs_record_nhm nhm;
+        u64 flags, ip;
-        /*
+        u64 ax, bx, cx, dx;
-         * Real IP of the event. In the Intel documentation this
+        u64 si, di, bp, sp;
-         * is called eventingrip.
+        u64 r8,  r9,  r10, r11;
-         */
+        u64 r12, r13, r14, r15;
-        u64 real_ip;
+        u64 status, dla, dse, lat;
-        /*
+        u64 real_ip, tsx_tuning;
-         * TSX tuning information field: abort cycles and abort flags.
+};
-         */
-        u64 tsx_tuning;
+union hsw_tsx_tuning {
+        struct {
+                u32 cycles_last_block     : 32,
+                    hle_abort             : 1,
+                    rtm_abort             : 1,
+                    instruction_abort     : 1,
+                    non_instruction_abort : 1,
+                    retry                 : 1,
+                    data_conflict         : 1,
+                    capacity_writes       : 1,
+                    capacity_reads        : 1;
+        };
+        u64         value;
 };
+#define PEBS_HSW_TSX_FLAGS      0xff00000000ULL
 void init_debug_store_on_cpu(int cpu)
 {
        struct debug_store *ds = per_cpu(cpu_hw_events, cpu).ds;
@@ -214,12 +229,14 @@ void fini_debug_store_on_cpu(int cpu)
        wrmsr_on_cpu(cpu, MSR_IA32_DS_AREA, 0, 0);
 }
+static DEFINE_PER_CPU(void *, insn_buffer);
 static int alloc_pebs_buffer(int cpu)
 {
        struct debug_store *ds = per_cpu(cpu_hw_events, cpu).ds;
        int node = cpu_to_node(cpu);
        int max, thresh = 1; /* always use a single PEBS record */
-        void *buffer;
+        void *buffer, *ibuffer;
        if (!x86_pmu.pebs)
                return 0;
@@ -228,6 +245,19 @@ static int alloc_pebs_buffer(int cpu)
        if (unlikely(!buffer))
                return -ENOMEM;
+        /*
+         * HSW+ already provides us the eventing ip; no need to allocate this
+         * buffer then.
+         */
+        if (x86_pmu.intel_cap.pebs_format < 2) {
+                ibuffer = kzalloc_node(PEBS_FIXUP_SIZE, GFP_KERNEL, node);
+                if (!ibuffer) {
+                        kfree(buffer);
+                        return -ENOMEM;
+                }
+                per_cpu(insn_buffer, cpu) = ibuffer;
+        }
        max = PEBS_BUFFER_SIZE / x86_pmu.pebs_record_size;
        ds->pebs_buffer_base = (u64)(unsigned long)buffer;
@@ -248,6 +278,9 @@ static void release_pebs_buffer(int cpu)
        if (!ds || !x86_pmu.pebs)
                return;
+        kfree(per_cpu(insn_buffer, cpu));
+        per_cpu(insn_buffer, cpu) = NULL;
        kfree((void *)(unsigned long)ds->pebs_buffer_base);
        ds->pebs_buffer_base = 0;
 }
@@ -715,6 +748,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
        unsigned long old_to, to = cpuc->lbr_entries[0].to;
        unsigned long ip = regs->ip;
        int is_64bit = 0;
+        void *kaddr;
        /*
         * We don't need to fixup if the PEBS assist is fault like
@@ -738,7 +772,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
         * unsigned math, either ip is before the start (impossible) or
         * the basic block is larger than 1 page (sanity)
         */
-        if ((ip - to) > PAGE_SIZE)
+        if ((ip - to) > PEBS_FIXUP_SIZE)
                return 0;
        /*
@@ -749,29 +783,33 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
                return 1;
        }
+        if (!kernel_ip(ip)) {
+                int size, bytes;
+                u8 *buf = this_cpu_read(insn_buffer);
+                size = ip - to; /* Must fit our buffer, see above */
+                bytes = copy_from_user_nmi(buf, (void __user *)to, size);
+                if (bytes != 0)
+                        return 0;
+                kaddr = buf;
+        } else {
+                kaddr = (void *)to;
+        }
        do {
                struct insn insn;
-                u8 buf[MAX_INSN_SIZE];
-                void *kaddr;
                old_to = to;
-                if (!kernel_ip(ip)) {
-                        int bytes, size = MAX_INSN_SIZE;
-                        bytes = copy_from_user_nmi(buf, (void __user *)to, size);
-                        if (bytes != size)
-                                return 0;
-                        kaddr = buf;
-                } else
-                        kaddr = (void *)to;
 #ifdef CONFIG_X86_64
                is_64bit = kernel_ip(to) || !test_thread_flag(TIF_IA32);
 #endif
                insn_init(&insn, kaddr, is_64bit);
                insn_get_length(&insn);
                to += insn.length;
+                kaddr += insn.length;
        } while (to < ip);
        if (to == ip) {
@@ -786,16 +824,34 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
        return 0;
 }
+static inline u64 intel_hsw_weight(struct pebs_record_hsw *pebs)
+{
+        if (pebs->tsx_tuning) {
+                union hsw_tsx_tuning tsx = { .value = pebs->tsx_tuning };
+                return tsx.cycles_last_block;
+        }
+        return 0;
+}
+static inline u64 intel_hsw_transaction(struct pebs_record_hsw *pebs)
+{
+        u64 txn = (pebs->tsx_tuning & PEBS_HSW_TSX_FLAGS) >> 32;
+        /* For RTM XABORTs also log the abort code from AX */
+        if ((txn & PERF_TXN_TRANSACTION) && (pebs->ax & 1))
+                txn |= ((pebs->ax >> 24) & 0xff) << PERF_TXN_ABORT_SHIFT;
+        return txn;
+}
 static void __intel_pmu_pebs_event(struct perf_event *event,
                                   struct pt_regs *iregs, void *__pebs)
 {
        /*
-         * We cast to pebs_record_nhm to get the load latency data
+         * We cast to the biggest pebs_record but are careful not to
-         * if extra_reg MSR_PEBS_LD_LAT_THRESHOLD used
+         * unconditionally access the 'extra' entries.
         */
        struct cpu_hw_events *cpuc = &__get_cpu_var(cpu_hw_events);
-        struct pebs_record_nhm *pebs = __pebs;
+        struct pebs_record_hsw *pebs = __pebs;
-        struct pebs_record_hsw *pebs_hsw = __pebs;
        struct perf_sample_data data;
        struct pt_regs regs;
        u64 sample_type;
@@ -854,7 +910,7 @@ static void __intel_pmu_pebs_event(struct perf_event *event,
        regs.sp = pebs->sp;
        if (event->attr.precise_ip > 1 && x86_pmu.intel_cap.pebs_format >= 2) {
-                regs.ip = pebs_hsw->real_ip;
+                regs.ip = pebs->real_ip;
                regs.flags |= PERF_EFLAGS_EXACT;
        } else if (event->attr.precise_ip > 1 && intel_pmu_pebs_fixup_ip(&regs))
                regs.flags |= PERF_EFLAGS_EXACT;
@@ -862,9 +918,18 @@ static void __intel_pmu_pebs_event(struct perf_event *event,
                regs.flags &= ~PERF_EFLAGS_EXACT;
        if ((event->attr.sample_type & PERF_SAMPLE_ADDR) &&
-                x86_pmu.intel_cap.pebs_format >= 1)
+            x86_pmu.intel_cap.pebs_format >= 1)
                data.addr = pebs->dla;
+        if (x86_pmu.intel_cap.pebs_format >= 2) {
+                /* Only set the TSX weight when no memory weight. */
+                if ((event->attr.sample_type & PERF_SAMPLE_WEIGHT) && !fll)
+                        data.weight = intel_hsw_weight(pebs);
+                if (event->attr.sample_type & PERF_SAMPLE_TRANSACTION)
+                        data.txn = intel_hsw_transaction(pebs);
+        }
        if (has_branch_stack(event))
                data.br_stack = &cpuc->lbr_stack;
@@ -913,17 +978,34 @@ static void intel_pmu_drain_pebs_core(struct pt_regs *iregs)
        __intel_pmu_pebs_event(event, iregs, at);
 }
-static void __intel_pmu_drain_pebs_nhm(struct pt_regs *iregs, void *at,
+static void intel_pmu_drain_pebs_nhm(struct pt_regs *iregs)
-                                        void *top)
 {
        struct cpu_hw_events *cpuc = &__get_cpu_var(cpu_hw_events);
        struct debug_store *ds = cpuc->ds;
        struct perf_event *event = NULL;
+        void *at, *top;
        u64 status = 0;
        int bit;
+        if (!x86_pmu.pebs_active)
+                return;
+        at  = (struct pebs_record_nhm *)(unsigned long)ds->pebs_buffer_base;
+        top = (struct pebs_record_nhm *)(unsigned long)ds->pebs_index;
        ds->pebs_index = ds->pebs_buffer_base;
+        if (unlikely(at > top))
+                return;
+        /*
+         * Should not happen, we program the threshold at 1 and do not
+         * set a reset value.
+         */
+        WARN_ONCE(top - at > x86_pmu.max_pebs_events * x86_pmu.pebs_record_size,
+                  "Unexpected number of pebs records %ld\n",
+                  (long)(top - at) / x86_pmu.pebs_record_size);
        for (; at < top; at += x86_pmu.pebs_record_size) {
                struct pebs_record_nhm *p = at;
@@ -951,61 +1033,6 @@ static void __intel_pmu_drain_pebs_nhm(struct pt_regs *iregs, void *at,
        }
 }
-static void intel_pmu_drain_pebs_nhm(struct pt_regs *iregs)
-{
-        struct cpu_hw_events *cpuc = &__get_cpu_var(cpu_hw_events);
-        struct debug_store *ds = cpuc->ds;
-        struct pebs_record_nhm *at, *top;
-        int n;
-        if (!x86_pmu.pebs_active)
-                return;
-        at  = (struct pebs_record_nhm *)(unsigned long)ds->pebs_buffer_base;
-        top = (struct pebs_record_nhm *)(unsigned long)ds->pebs_index;
-        ds->pebs_index = ds->pebs_buffer_base;
-        n = top - at;
-        if (n <= 0)
-                return;
-        /*
-         * Should not happen, we program the threshold at 1 and do not
-         * set a reset value.
-         */
-        WARN_ONCE(n > x86_pmu.max_pebs_events,
-                  "Unexpected number of pebs records %d\n", n);
-        return __intel_pmu_drain_pebs_nhm(iregs, at, top);
-}
-static void intel_pmu_drain_pebs_hsw(struct pt_regs *iregs)
-{
-        struct cpu_hw_events *cpuc = &__get_cpu_var(cpu_hw_events);
-        struct debug_store *ds = cpuc->ds;
-        struct pebs_record_hsw *at, *top;
-        int n;
-        if (!x86_pmu.pebs_active)
-                return;
-        at  = (struct pebs_record_hsw *)(unsigned long)ds->pebs_buffer_base;
-        top = (struct pebs_record_hsw *)(unsigned long)ds->pebs_index;
-        n = top - at;
-        if (n <= 0)
-                return;
-        /*
-         * Should not happen, we program the threshold at 1 and do not
-         * set a reset value.
-         */
-        WARN_ONCE(n > x86_pmu.max_pebs_events,
-                  "Unexpected number of pebs records %d\n", n);
-        return __intel_pmu_drain_pebs_nhm(iregs, at, top);
-}
 /*
 * BTS, PEBS probe and setup
 */
@@ -1040,7 +1067,7 @@ void intel_ds_init(void)
                case 2:
                        pr_cont("PEBS fmt2%c, ", pebs_type);
                        x86_pmu.pebs_record_size = sizeof(struct pebs_record_hsw);
-                        x86_pmu.drain_pebs = intel_pmu_drain_pebs_hsw;
+                        x86_pmu.drain_pebs = intel_pmu_drain_pebs_nhm;
                        break;
                default:
diff --git a/arch/x86/kernel/cpu/perf_event_intel_lbr.c b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
index d5be06a5005e..d82d155aca8c 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
@@ -284,6 +284,7 @@ static void intel_pmu_lbr_read_64(struct cpu_hw_events *cpuc)
        int lbr_format = x86_pmu.intel_cap.lbr_format;
        u64 tos = intel_pmu_lbr_tos();
        int i;
+        int out = 0;
        for (i = 0; i < x86_pmu.lbr_nr; i++) {
                unsigned long lbr_idx = (tos - i) & mask;
@@ -306,15 +307,27 @@ static void intel_pmu_lbr_read_64(struct cpu_hw_events *cpuc)
                }
                from = (u64)((((s64)from) << skip) >> skip);
-                cpuc->lbr_entries[i].from       = from;
+                /*
-                cpuc->lbr_entries[i].to         = to;
+                 * Some CPUs report duplicated abort records,
-                cpuc->lbr_entries[i].mispred    = mis;
+                 * with the second entry not having an abort bit set.
-                cpuc->lbr_entries[i].predicted  = pred;
+                 * Skip them here. This loop runs backwards,
-                cpuc->lbr_entries[i].in_tx      = in_tx;
+                 * so we need to undo the previous record.
-                cpuc->lbr_entries[i].abort      = abort;
+                 * If the abort just happened outside the window
-                cpuc->lbr_entries[i].reserved   = 0;
+                 * the extra entry cannot be removed.
+                 */
+                if (abort && x86_pmu.lbr_double_abort && out > 0)
+                        out--;
+                cpuc->lbr_entries[out].from      = from;
+                cpuc->lbr_entries[out].to        = to;
+                cpuc->lbr_entries[out].mispred   = mis;
+                cpuc->lbr_entries[out].predicted = pred;
+                cpuc->lbr_entries[out].in_tx     = in_tx;
+                cpuc->lbr_entries[out].abort     = abort;
+                cpuc->lbr_entries[out].reserved  = 0;
+                out++;
        }
-        cpuc->lbr_stack.nr = i;
+        cpuc->lbr_stack.nr = out;
 }
 void intel_pmu_lbr_read(void)
@@ -478,7 +491,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
                /* may fail if text not present */
                bytes = copy_from_user_nmi(buf, (void __user *)from, size);
-                if (bytes != size)
+                if (bytes != 0)
                        return X86_BR_NONE;
                addr = buf;
diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
index 4118f9f68315..29c248799ced 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
@@ -997,6 +997,20 @@ static int snbep_pci2phy_map_init(int devid)
                }
        }
+        if (!err) {
+                /*
+                 * For PCI bus with no UBOX device, find the next bus
+                 * that has UBOX device and use its mapping.
+                 */
+                i = -1;
+                for (bus = 255; bus >= 0; bus--) {
+                        if (pcibus_to_physid[bus] >= 0)
+                                i = pcibus_to_physid[bus];
+                        else
+                                pcibus_to_physid[bus] = i;
+                }
+        }
        if (ubox_dev)
                pci_dev_put(ubox_dev);
@@ -1099,6 +1113,24 @@ static struct attribute *ivt_uncore_qpi_formats_attr[] = {
        &format_attr_umask.attr,
        &format_attr_edge.attr,
        &format_attr_thresh8.attr,
+        &format_attr_match_rds.attr,
+        &format_attr_match_rnid30.attr,
+        &format_attr_match_rnid4.attr,
+        &format_attr_match_dnid.attr,
+        &format_attr_match_mc.attr,
+        &format_attr_match_opc.attr,
+        &format_attr_match_vnw.attr,
+        &format_attr_match0.attr,
+        &format_attr_match1.attr,
+        &format_attr_mask_rds.attr,
+        &format_attr_mask_rnid30.attr,
+        &format_attr_mask_rnid4.attr,
+        &format_attr_mask_dnid.attr,
+        &format_attr_mask_mc.attr,
+        &format_attr_mask_opc.attr,
+        &format_attr_mask_vnw.attr,
+        &format_attr_mask0.attr,
+        &format_attr_mask1.attr,
        NULL,
 };
@@ -1312,17 +1344,83 @@ static struct intel_uncore_type ivt_uncore_imc = {
        IVT_UNCORE_PCI_COMMON_INIT(),
 };
+/* registers in IRP boxes are not properly aligned */
+static unsigned ivt_uncore_irp_ctls[] = {0xd8, 0xdc, 0xe0, 0xe4};
+static unsigned ivt_uncore_irp_ctrs[] = {0xa0, 0xb0, 0xb8, 0xc0};
+static void ivt_uncore_irp_enable_event(struct intel_uncore_box *box, struct perf_event *event)
+{
+        struct pci_dev *pdev = box->pci_dev;
+        struct hw_perf_event *hwc = &event->hw;
+        pci_write_config_dword(pdev, ivt_uncore_irp_ctls[hwc->idx],
+                               hwc->config | SNBEP_PMON_CTL_EN);
+}
+static void ivt_uncore_irp_disable_event(struct intel_uncore_box *box, struct perf_event *event)
+{
+        struct pci_dev *pdev = box->pci_dev;
+        struct hw_perf_event *hwc = &event->hw;
+        pci_write_config_dword(pdev, ivt_uncore_irp_ctls[hwc->idx], hwc->config);
+}
+static u64 ivt_uncore_irp_read_counter(struct intel_uncore_box *box, struct perf_event *event)
+{
+        struct pci_dev *pdev = box->pci_dev;
+        struct hw_perf_event *hwc = &event->hw;
+        u64 count = 0;
+        pci_read_config_dword(pdev, ivt_uncore_irp_ctrs[hwc->idx], (u32 *)&count);
+        pci_read_config_dword(pdev, ivt_uncore_irp_ctrs[hwc->idx] + 4, (u32 *)&count + 1);
+        return count;
+}
+static struct intel_uncore_ops ivt_uncore_irp_ops = {
+        .init_box       = ivt_uncore_pci_init_box,
+        .disable_box    = snbep_uncore_pci_disable_box,
+        .enable_box     = snbep_uncore_pci_enable_box,
+        .disable_event  = ivt_uncore_irp_disable_event,
+        .enable_event   = ivt_uncore_irp_enable_event,
+        .read_counter   = ivt_uncore_irp_read_counter,
+};
+static struct intel_uncore_type ivt_uncore_irp = {
+        .name                   = "irp",
+        .num_counters           = 4,
+        .num_boxes              = 1,
+        .perf_ctr_bits          = 48,
+        .event_mask             = IVT_PMON_RAW_EVENT_MASK,
+        .box_ctl                = SNBEP_PCI_PMON_BOX_CTL,
+        .ops                    = &ivt_uncore_irp_ops,
+        .format_group           = &ivt_uncore_format_group,
+};
+static struct intel_uncore_ops ivt_uncore_qpi_ops = {
+        .init_box       = ivt_uncore_pci_init_box,
+        .disable_box    = snbep_uncore_pci_disable_box,
+        .enable_box     = snbep_uncore_pci_enable_box,
+        .disable_event  = snbep_uncore_pci_disable_event,
+        .enable_event   = snbep_qpi_enable_event,
+        .read_counter   = snbep_uncore_pci_read_counter,
+        .hw_config      = snbep_qpi_hw_config,
+        .get_constraint = uncore_get_constraint,
+        .put_constraint = uncore_put_constraint,
+};
 static struct intel_uncore_type ivt_uncore_qpi = {
-        .name           = "qpi",
+        .name                   = "qpi",
-        .num_counters   = 4,
+        .num_counters           = 4,
-        .num_boxes      = 3,
+        .num_boxes              = 3,
-        .perf_ctr_bits  = 48,
+        .perf_ctr_bits          = 48,
-        .perf_ctr       = SNBEP_PCI_PMON_CTR0,
+        .perf_ctr               = SNBEP_PCI_PMON_CTR0,
-        .event_ctl      = SNBEP_PCI_PMON_CTL0,
+        .event_ctl              = SNBEP_PCI_PMON_CTL0,
-        .event_mask     = IVT_QPI_PCI_PMON_RAW_EVENT_MASK,
+        .event_mask             = IVT_QPI_PCI_PMON_RAW_EVENT_MASK,
-        .box_ctl        = SNBEP_PCI_PMON_BOX_CTL,
+        .box_ctl                = SNBEP_PCI_PMON_BOX_CTL,
-        .ops            = &ivt_uncore_pci_ops,
+        .num_shared_regs        = 1,
-        .format_group   = &ivt_uncore_qpi_format_group,
+        .ops                    = &ivt_uncore_qpi_ops,
+        .format_group           = &ivt_uncore_qpi_format_group,
 };
 static struct intel_uncore_type ivt_uncore_r2pcie = {
@@ -1346,6 +1444,7 @@ static struct intel_uncore_type ivt_uncore_r3qpi = {
 enum {
        IVT_PCI_UNCORE_HA,
        IVT_PCI_UNCORE_IMC,
+        IVT_PCI_UNCORE_IRP,
        IVT_PCI_UNCORE_QPI,
        IVT_PCI_UNCORE_R2PCIE,
        IVT_PCI_UNCORE_R3QPI,
@@ -1354,6 +1453,7 @@ enum {
 static struct intel_uncore_type *ivt_pci_uncores[] = {
        [IVT_PCI_UNCORE_HA]     = &ivt_uncore_ha,
        [IVT_PCI_UNCORE_IMC]    = &ivt_uncore_imc,
+        [IVT_PCI_UNCORE_IRP]    = &ivt_uncore_irp,
        [IVT_PCI_UNCORE_QPI]    = &ivt_uncore_qpi,
        [IVT_PCI_UNCORE_R2PCIE] = &ivt_uncore_r2pcie,
        [IVT_PCI_UNCORE_R3QPI]  = &ivt_uncore_r3qpi,
@@ -1401,6 +1501,10 @@ static DEFINE_PCI_DEVICE_TABLE(ivt_uncore_pci_ids) = {
                PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0xef1),
                .driver_data = UNCORE_PCI_DEV_DATA(IVT_PCI_UNCORE_IMC, 7),
        },
+        { /* IRP */
+                PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0xe39),
+                .driver_data = UNCORE_PCI_DEV_DATA(IVT_PCI_UNCORE_IRP, 0),
+        },
        { /* QPI0 Port 0 */
                PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0xe32),
                .driver_data = UNCORE_PCI_DEV_DATA(IVT_PCI_UNCORE_QPI, 0),
@@ -1429,6 +1533,16 @@ static DEFINE_PCI_DEVICE_TABLE(ivt_uncore_pci_ids) = {
                PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0xe3e),
                .driver_data = UNCORE_PCI_DEV_DATA(IVT_PCI_UNCORE_R3QPI, 2),
        },
+        { /* QPI Port 0 filter  */
+                PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0xe86),
+                .driver_data = UNCORE_PCI_DEV_DATA(UNCORE_EXTRA_PCI_DEV,
+                                                   SNBEP_PCI_QPI_PORT0_FILTER),
+        },
+        { /* QPI Port 0 filter  */
+                PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0xe96),
+                .driver_data = UNCORE_PCI_DEV_DATA(UNCORE_EXTRA_PCI_DEV,
+                                                   SNBEP_PCI_QPI_PORT1_FILTER),
+        },
        { /* end: all zeroes */ }
 };
diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
index e0e0841eef45..18677a90d6a3 100644
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
@@ -127,12 +127,12 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
        cpu_emergency_vmxoff();
        cpu_emergency_svm_disable();
-        lapic_shutdown();
 #ifdef CONFIG_X86_IO_APIC
        /* Prevent crash_kexec() from deadlocking on ioapic_lock. */
        ioapic_zap_locks();
        disable_IO_APIC();
 #endif
+        lapic_shutdown();
 #ifdef CONFIG_HPET_TIMER
        hpet_disable();
 #endif
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index f0dcb0ceb6a2..fd1bc1b15e6d 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -362,12 +362,9 @@ END(ret_from_exception)
 #ifdef CONFIG_PREEMPT
 ENTRY(resume_kernel)
        DISABLE_INTERRUPTS(CLBR_ANY)
-        cmpl $0,TI_preempt_count(%ebp)  # non-zero preempt_count ?
-        jnz restore_all
 need_resched:
-        movl TI_flags(%ebp), %ecx       # need_resched set ?
+        cmpl $0,PER_CPU_VAR(__preempt_count)
-        testb $_TIF_NEED_RESCHED, %cl
+        jnz restore_all
-        jz restore_all
        testl $X86_EFLAGS_IF,PT_EFLAGS(%esp)    # interrupts off (exception path) ?
        jz restore_all
        call preempt_schedule_irq
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index b077f4cc225a..603be7c70675 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1103,10 +1103,8 @@ retint_signal:
        /* Returning to kernel space. Check if we need preemption */
        /* rcx:  threadinfo. interrupts off. */
 ENTRY(retint_kernel)
-        cmpl $0,TI_preempt_count(%rcx)
+        cmpl $0,PER_CPU_VAR(__preempt_count)
        jnz  retint_restore_args
-        bt  $TIF_NEED_RESCHED,TI_flags(%rcx)
-        jnc  retint_restore_args
        bt   $9,EFLAGS-ARGOFFSET(%rsp)  /* interrupts off? */
        jnc  retint_restore_args
        call preempt_schedule_irq
@@ -1342,7 +1340,7 @@ bad_gs:
        .previous
 /* Call softirq on interrupt stack. Interrupts are off. */
-ENTRY(call_softirq)
+ENTRY(do_softirq_own_stack)
        CFI_STARTPROC
        pushq_cfi %rbp
        CFI_REL_OFFSET rbp,0
@@ -1359,7 +1357,7 @@ ENTRY(call_softirq)
        decl PER_CPU_VAR(irq_count)
        ret
        CFI_ENDPROC
-END(call_softirq)
+END(do_softirq_own_stack)
 #ifdef CONFIG_XEN
 zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c
index 0fa69127209a..05fd74f537d6 100644
--- a/arch/x86/kernel/i386_ksyms_32.c
+++ b/arch/x86/kernel/i386_ksyms_32.c
@@ -37,3 +37,10 @@ EXPORT_SYMBOL(strstr);
 EXPORT_SYMBOL(csum_partial);
 EXPORT_SYMBOL(empty_zero_page);
+#ifdef CONFIG_PREEMPT
+EXPORT_SYMBOL(___preempt_schedule);
+#ifdef CONFIG_CONTEXT_TRACKING
+EXPORT_SYMBOL(___preempt_schedule_context);
+#endif
+#endif
diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
index 9a5c460404dc..2e977b5d61dd 100644
--- a/arch/x86/kernel/i8259.c
+++ b/arch/x86/kernel/i8259.c
@@ -312,8 +312,7 @@ static void init_8259A(int auto_eoi)
         */
        outb_pic(0x11, PIC_MASTER_CMD); /* ICW1: select 8259A-1 init */
-        /* ICW2: 8259A-1 IR0-7 mapped to 0x30-0x37 on x86-64,
+        /* ICW2: 8259A-1 IR0-7 mapped to 0x30-0x37 */
-           to 0x20-0x27 on i386 */
        outb_pic(IRQ0_VECTOR, PIC_MASTER_IMR);
        /* 8259A-1 (the master) has a slave on IR2 */
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
index 4186755f1d7c..d7fcbedc9c43 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -100,9 +100,6 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
        irqctx->tinfo.task = curctx->tinfo.task;
        irqctx->tinfo.previous_esp = current_stack_pointer;
-        /* Copy the preempt_count so that the [soft]irq checks work. */
-        irqctx->tinfo.preempt_count = curctx->tinfo.preempt_count;
        if (unlikely(overflow))
                call_on_stack(print_stack_overflow, isp);
@@ -131,7 +128,6 @@ void irq_ctx_init(int cpu)
                                               THREAD_SIZE_ORDER));
        memset(&irqctx->tinfo, 0, sizeof(struct thread_info));
        irqctx->tinfo.cpu               = cpu;
-        irqctx->tinfo.preempt_count     = HARDIRQ_OFFSET;
        irqctx->tinfo.addr_limit        = MAKE_MM_SEG(0);
        per_cpu(hardirq_ctx, cpu) = irqctx;
@@ -149,35 +145,21 @@ void irq_ctx_init(int cpu)
               cpu, per_cpu(hardirq_ctx, cpu),  per_cpu(softirq_ctx, cpu));
 }
-asmlinkage void do_softirq(void)
+void do_softirq_own_stack(void)
 {
-        unsigned long flags;
        struct thread_info *curctx;
        union irq_ctx *irqctx;
        u32 *isp;
-        if (in_interrupt())
+        curctx = current_thread_info();
-                return;
+        irqctx = __this_cpu_read(softirq_ctx);
+        irqctx->tinfo.task = curctx->task;
-        local_irq_save(flags);
+        irqctx->tinfo.previous_esp = current_stack_pointer;
-        if (local_softirq_pending()) {
-                curctx = current_thread_info();
-                irqctx = __this_cpu_read(softirq_ctx);
-                irqctx->tinfo.task = curctx->task;
-                irqctx->tinfo.previous_esp = current_stack_pointer;
-                /* build the stack frame on the softirq stack */
-                isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
-                call_on_stack(__do_softirq, isp);
+        /* build the stack frame on the softirq stack */
-                /*
+        isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
-                 * Shouldn't happen, we returned above if in_interrupt():
-                 */
-                WARN_ON_ONCE(softirq_count());
-        }
-        local_irq_restore(flags);
+        call_on_stack(__do_softirq, isp);
 }
 bool handle_irq(unsigned irq, struct pt_regs *regs)
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index d04d3ecded62..4d1c746892eb 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -87,24 +87,3 @@ bool handle_irq(unsigned irq, struct pt_regs *regs)
        generic_handle_irq_desc(irq, desc);
        return true;
 }
-extern void call_softirq(void);
-asmlinkage void do_softirq(void)
-{
-        __u32 pending;
-        unsigned long flags;
-        if (in_interrupt())
-                return;
-        local_irq_save(flags);
-        pending = local_softirq_pending();
-        /* Switch to interrupt stack */
-        if (pending) {
-                call_softirq();
-                WARN_ON_ONCE(softirq_count());
-        }
-        local_irq_restore(flags);
-}
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
index 697b93af02dd..b2046e4d0b59 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -609,7 +609,7 @@ static struct dentry *d_kvm_debug;
 struct dentry *kvm_init_debugfs(void)
 {
-        d_kvm_debug = debugfs_create_dir("kvm", NULL);
+        d_kvm_debug = debugfs_create_dir("kvm-guest", NULL);
        if (!d_kvm_debug)
                printk(KERN_WARNING "Could not create 'kvm' debugfs directory\n");
@@ -775,11 +775,22 @@ void __init kvm_spinlock_init(void)
        if (!kvm_para_has_feature(KVM_FEATURE_PV_UNHALT))
                return;
-        printk(KERN_INFO "KVM setup paravirtual spinlock\n");
+        pv_lock_ops.lock_spinning = PV_CALLEE_SAVE(kvm_lock_spinning);
+        pv_lock_ops.unlock_kick = kvm_unlock_kick;
+}
+static __init int kvm_spinlock_init_jump(void)
+{
+        if (!kvm_para_available())
+                return 0;
+        if (!kvm_para_has_feature(KVM_FEATURE_PV_UNHALT))
+                return 0;
        static_key_slow_inc(&paravirt_ticketlocks_enabled);
+        printk(KERN_INFO "KVM setup paravirtual spinlock\n");
-        pv_lock_ops.lock_spinning = PV_CALLEE_SAVE(kvm_lock_spinning);
+        return 0;
-        pv_lock_ops.unlock_kick = kvm_unlock_kick;
 }
+early_initcall(kvm_spinlock_init_jump);
 #endif  /* CONFIG_PARAVIRT_SPINLOCKS */
diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
index ba77ebc2c353..6fcb49ce50a1 100644
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
@@ -113,10 +113,10 @@ static int __kprobes nmi_handle(unsigned int type, struct pt_regs *regs, bool b2
                u64 before, delta, whole_msecs;
                int remainder_ns, decimal_msecs, thishandled;
-                before = local_clock();
+                before = sched_clock();
                thishandled = a->handler(type, regs);
                handled += thishandled;
-                delta = local_clock() - before;
+                delta = sched_clock() - before;
                trace_nmi_handler(a->handler, (int)delta, thishandled);
                if (delta < nmi_longest_ns)
diff --git a/arch/x86/kernel/preempt.S b/arch/x86/kernel/preempt.S
new file mode 100644
index 000000000000..ca7f0d58a87d
--- /dev/null
+++ b/arch/x86/kernel/preempt.S
@@ -0,0 +1,25 @@
+#include <linux/linkage.h>
+#include <asm/dwarf2.h>
+#include <asm/asm.h>
+#include <asm/calling.h>
+ENTRY(___preempt_schedule)
+        CFI_STARTPROC
+        SAVE_ALL
+        call preempt_schedule
+        RESTORE_ALL
+        ret
+        CFI_ENDPROC
+#ifdef CONFIG_CONTEXT_TRACKING
+ENTRY(___preempt_schedule_context)
+        CFI_STARTPROC
+        SAVE_ALL
+        call preempt_schedule_context
+        RESTORE_ALL
+        ret
+        CFI_ENDPROC
+#endif
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index c83516be1052..3fb8d95ab8b5 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -391,9 +391,9 @@ static void amd_e400_idle(void)
                 * The switch back from broadcast mode needs to be
                 * called with interrupts disabled.
                 */
-                 local_irq_disable();
+                local_irq_disable();
-                 clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu);
+                clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu);
-                 local_irq_enable();
+                local_irq_enable();
        } else
                default_idle();
 }
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index 884f98f69354..c2ec1aa6d454 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -292,6 +292,14 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
                set_iopl_mask(next->iopl);
        /*
+         * If it were not for PREEMPT_ACTIVE we could guarantee that the
+         * preempt_count of all tasks was equal here and this would not be
+         * needed.
+         */
+        task_thread_info(prev_p)->saved_preempt_count = this_cpu_read(__preempt_count);
+        this_cpu_write(__preempt_count, task_thread_info(next_p)->saved_preempt_count);
+        /*
         * Now maybe handle debug registers and/or IO bitmaps
         */
        if (unlikely(task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV ||
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index bb1dc51bab05..45ab4d6fc8a7 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -363,6 +363,14 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
        this_cpu_write(old_rsp, next->usersp);
        this_cpu_write(current_task, next_p);
+        /*
+         * If it were not for PREEMPT_ACTIVE we could guarantee that the
+         * preempt_count of all tasks was equal here and this would not be
+         * needed.
+         */
+        task_thread_info(prev_p)->saved_preempt_count = this_cpu_read(__preempt_count);
+        this_cpu_write(__preempt_count, task_thread_info(next_p)->saved_preempt_count);
        this_cpu_write(kernel_stack,
                  (unsigned long)task_stack_page(next_p) +
                  THREAD_SIZE - KERNEL_STACK_OFFSET);
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index e643e744e4d8..618ce264b237 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -326,6 +326,14 @@ static struct dmi_system_id __initdata reboot_dmi_table[] = {
                        DMI_MATCH(DMI_PRODUCT_NAME, "Latitude E6320"),
                },
        },
+        {       /* Handle problems with rebooting on the Latitude E5410. */
+                .callback = set_pci_reboot,
+                .ident = "Dell Latitude E5410",
+                .matches = {
+                        DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+                        DMI_MATCH(DMI_PRODUCT_NAME, "Latitude E5410"),
+                },
+        },
        {       /* Handle problems with rebooting on the Latitude E5420. */
                .callback = set_pci_reboot,
                .ident = "Dell Latitude E5420",
@@ -542,6 +550,10 @@ static void native_machine_emergency_restart(void)
 void native_machine_shutdown(void)
 {
        /* Stop the cpus and apics */
+#ifdef CONFIG_X86_IO_APIC
+        disable_IO_APIC();
+#endif
 #ifdef CONFIG_SMP
        /*
         * Stop all of the others. Also disable the local irq to
@@ -554,10 +566,6 @@ void native_machine_shutdown(void)
        lapic_shutdown();
-#ifdef CONFIG_X86_IO_APIC
-        disable_IO_APIC();
-#endif
 #ifdef CONFIG_HPET_TIMER
        hpet_disable();
 #endif
diff --git a/arch/x86/kernel/rtc.c b/arch/x86/kernel/rtc.c
index 0aa29394ed6f..5b9dd445eb89 100644
--- a/arch/x86/kernel/rtc.c
+++ b/arch/x86/kernel/rtc.c
@@ -192,6 +192,14 @@ static __init int add_rtc_cmos(void)
        if (mrst_identify_cpu())
                return -ENODEV;
+#ifdef CONFIG_ACPI
+        if (acpi_gbl_FADT.boot_flags & ACPI_FADT_NO_CMOS_RTC) {
+                /* This warning can likely go away again in a year or two. */
+                pr_info("ACPI: not registering RTC platform device\n");
+                return -ENODEV;
+        }
+#endif
        platform_device_register(&rtc_device);
        dev_info(&rtc_device.dev,
                 "registered platform RTC device (no PNP device found)\n");
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 6cacab671f9b..2a165580fa16 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -73,11 +73,10 @@
 #include <asm/setup.h>
 #include <asm/uv/uv.h>
 #include <linux/mc146818rtc.h>
 #include <asm/smpboot_hooks.h>
 #include <asm/i8259.h>
 #include <asm/realmode.h>
+#include <asm/misc.h>
 /* State of each CPU */
 DEFINE_PER_CPU(int, cpu_state) = { 0 };
@@ -648,22 +647,46 @@ wakeup_secondary_cpu_via_init(int phys_apicid, unsigned long start_eip)
        return (send_status | accept_status);
 }
+void smp_announce(void)
+{
+        int num_nodes = num_online_nodes();
+        printk(KERN_INFO "x86: Booted up %d node%s, %d CPUs\n",
+               num_nodes, (num_nodes > 1 ? "s" : ""), num_online_cpus());
+}
 /* reduce the number of lines printed when booting a large cpu count system */
 static void announce_cpu(int cpu, int apicid)
 {
        static int current_node = -1;
        int node = early_cpu_to_node(cpu);
-        int max_cpu_present = find_last_bit(cpumask_bits(cpu_present_mask), NR_CPUS);
+        static int width, node_width;
+        if (!width)
+                width = num_digits(num_possible_cpus()) + 1; /* + '#' sign */
+        if (!node_width)
+                node_width = num_digits(num_possible_nodes()) + 1; /* + '#' */
+        if (cpu == 1)
+                printk(KERN_INFO "x86: Booting SMP configuration:\n");
        if (system_state == SYSTEM_BOOTING) {
                if (node != current_node) {
                        if (current_node > (-1))
-                                pr_cont(" OK\n");
+                                pr_cont("\n");
                        current_node = node;
-                        pr_info("Booting Node %3d, Processors ", node);
+                        printk(KERN_INFO ".... node %*s#%d, CPUs:  ",
+                               node_width - num_digits(node), " ", node);
                }
-                pr_cont(" #%4d%s", cpu, cpu == max_cpu_present ? " OK\n" : "");
-                return;
+                /* Add padding for the BSP */
+                if (cpu == 1)
+                        pr_cont("%*s", width + 1, " ");
+                pr_cont("%*s#%d", width - num_digits(cpu), " ", cpu);
        } else
                pr_info("Booting Node %d Processor %d APIC 0x%x\n",
                        node, cpu, apicid);
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 8c8093b146ca..729aa779ff75 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -88,7 +88,7 @@ static inline void conditional_sti(struct pt_regs *regs)
 static inline void preempt_conditional_sti(struct pt_regs *regs)
 {
-        inc_preempt_count();
+        preempt_count_inc();
        if (regs->flags & X86_EFLAGS_IF)
                local_irq_enable();
 }
@@ -103,7 +103,7 @@ static inline void preempt_conditional_cli(struct pt_regs *regs)
 {
        if (regs->flags & X86_EFLAGS_IF)
                local_irq_disable();
-        dec_preempt_count();
+        preempt_count_dec();
 }
 static int __kprobes
diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c
index b014d9414d08..040681928e9d 100644
--- a/arch/x86/kernel/x8664_ksyms_64.c
+++ b/arch/x86/kernel/x8664_ksyms_64.c
@@ -66,3 +66,10 @@ EXPORT_SYMBOL(empty_zero_page);
 #ifndef CONFIG_PARAVIRT
 EXPORT_SYMBOL(native_load_gs_index);
 #endif
+#ifdef CONFIG_PREEMPT
+EXPORT_SYMBOL(___preempt_schedule);
+#ifdef CONFIG_CONTEXT_TRACKING
+EXPORT_SYMBOL(___preempt_schedule_context);
+#endif
+#endif
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 3b8e7459dd4d..2b2fce1b2009 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3255,25 +3255,29 @@ static void vmx_decache_cr4_guest_bits(struct kvm_vcpu *vcpu)
 static void ept_load_pdptrs(struct kvm_vcpu *vcpu)
 {
+        struct kvm_mmu *mmu = vcpu->arch.walk_mmu;
        if (!test_bit(VCPU_EXREG_PDPTR,
                      (unsigned long *)&vcpu->arch.regs_dirty))
                return;
        if (is_paging(vcpu) && is_pae(vcpu) && !is_long_mode(vcpu)) {
-                vmcs_write64(GUEST_PDPTR0, vcpu->arch.mmu.pdptrs[0]);
+                vmcs_write64(GUEST_PDPTR0, mmu->pdptrs[0]);
-                vmcs_write64(GUEST_PDPTR1, vcpu->arch.mmu.pdptrs[1]);
+                vmcs_write64(GUEST_PDPTR1, mmu->pdptrs[1]);
-                vmcs_write64(GUEST_PDPTR2, vcpu->arch.mmu.pdptrs[2]);
+                vmcs_write64(GUEST_PDPTR2, mmu->pdptrs[2]);
-                vmcs_write64(GUEST_PDPTR3, vcpu->arch.mmu.pdptrs[3]);
+                vmcs_write64(GUEST_PDPTR3, mmu->pdptrs[3]);
        }
 }
 static void ept_save_pdptrs(struct kvm_vcpu *vcpu)
 {
+        struct kvm_mmu *mmu = vcpu->arch.walk_mmu;
        if (is_paging(vcpu) && is_pae(vcpu) && !is_long_mode(vcpu)) {
-                vcpu->arch.mmu.pdptrs[0] = vmcs_read64(GUEST_PDPTR0);
+                mmu->pdptrs[0] = vmcs_read64(GUEST_PDPTR0);
-                vcpu->arch.mmu.pdptrs[1] = vmcs_read64(GUEST_PDPTR1);
+                mmu->pdptrs[1] = vmcs_read64(GUEST_PDPTR1);
-                vcpu->arch.mmu.pdptrs[2] = vmcs_read64(GUEST_PDPTR2);
+                mmu->pdptrs[2] = vmcs_read64(GUEST_PDPTR2);
-                vcpu->arch.mmu.pdptrs[3] = vmcs_read64(GUEST_PDPTR3);
+                mmu->pdptrs[3] = vmcs_read64(GUEST_PDPTR3);
        }
        __set_bit(VCPU_EXREG_PDPTR,
@@ -7777,10 +7781,6 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
                vmcs_write64(GUEST_PDPTR1, vmcs12->guest_pdptr1);
                vmcs_write64(GUEST_PDPTR2, vmcs12->guest_pdptr2);
                vmcs_write64(GUEST_PDPTR3, vmcs12->guest_pdptr3);
-                __clear_bit(VCPU_EXREG_PDPTR,
-                                (unsigned long *)&vcpu->arch.regs_avail);
-                __clear_bit(VCPU_EXREG_PDPTR,
-                                (unsigned long *)&vcpu->arch.regs_dirty);
        }
        kvm_register_write(vcpu, VCPU_REGS_RSP, vmcs12->guest_rsp);
diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
index 96b2c6697c9d..992d63bb154f 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -16,7 +16,7 @@ clean-files := inat-tables.c
 obj-$(CONFIG_SMP) += msr-smp.o cache-smp.o
-lib-y := delay.o
+lib-y := delay.o misc.o
 lib-y += thunk_$(BITS).o
 lib-y += usercopy_$(BITS).o usercopy.o getuser.o putuser.o
 lib-y += memcpy_$(BITS).o
diff --git a/arch/x86/lib/misc.c b/arch/x86/lib/misc.c
new file mode 100644
index 000000000000..76b373af03f0
--- /dev/null
+++ b/arch/x86/lib/misc.c
@@ -0,0 +1,21 @@
+/*
+ * Count the digits of @val including a possible sign.
+ *
+ * (Typed on and submitted from hpa's mobile phone.)
+ */
+int num_digits(int val)
+{
+        int m = 10;
+        int d = 1;
+        if (val < 0) {
+                d++;
+                val = -val;
+        }
+        while (val >= m) {
+                m *= 10;
+                d++;
+        }
+        return d;
+}
diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c
index 4f74d94c8d97..ddf9ecb53cc3 100644
--- a/arch/x86/lib/usercopy.c
+++ b/arch/x86/lib/usercopy.c
@@ -11,39 +11,26 @@
 #include <linux/sched.h>
 /*
- * best effort, GUP based copy_from_user() that is NMI-safe
+ * We rely on the nested NMI work to allow atomic faults from the NMI path; the
+ * nested NMI paths are careful to preserve CR2.
 */
 unsigned long
 copy_from_user_nmi(void *to, const void __user *from, unsigned long n)
 {
-        unsigned long offset, addr = (unsigned long)from;
+        unsigned long ret;
-        unsigned long size, len = 0;
-        struct page *page;
-        void *map;
-        int ret;
        if (__range_not_ok(from, n, TASK_SIZE))
-                return len;
+                return 0;
-        do {
+        /*
-                ret = __get_user_pages_fast(addr, 1, 0, &page);
+         * Even though this function is typically called from NMI/IRQ context
-                if (!ret)
+         * disable pagefaults so that its behaviour is consistent even when
-                        break;
+         * called form other contexts.
+         */
-                offset = addr & (PAGE_SIZE - 1);
+        pagefault_disable();
-                size = min(PAGE_SIZE - offset, n - len);
+        ret = __copy_from_user_inatomic(to, from, n);
+        pagefault_enable();
-                map = kmap_atomic(page);
-                memcpy(to, map+offset, size);
+        return ret;
-                kunmap_atomic(map);
-                put_page(page);
-                len  += size;
-                to   += size;
-                addr += size;
-        } while (len < n);
-        return len;
 }
 EXPORT_SYMBOL_GPL(copy_from_user_nmi);
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
index 3eb18acd0e40..e2f5e21c03b3 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -654,14 +654,13 @@ EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero);
 * Returns number of bytes that could not be copied.
 * On success, this will be zero.
 */
-unsigned long
+unsigned long _copy_to_user(void __user *to, const void *from, unsigned n)
-copy_to_user(void __user *to, const void *from, unsigned long n)
 {
        if (access_ok(VERIFY_WRITE, to, n))
                n = __copy_to_user(to, from, n);
        return n;
 }
-EXPORT_SYMBOL(copy_to_user);
+EXPORT_SYMBOL(_copy_to_user);
 /**
 * copy_from_user: - Copy a block of data from user space.
@@ -679,8 +678,7 @@ EXPORT_SYMBOL(copy_to_user);
 * If some data could not be copied, this function will pad the copied
 * data to the requested size using zero bytes.
 */
-unsigned long
+unsigned long _copy_from_user(void *to, const void __user *from, unsigned n)
-_copy_from_user(void *to, const void __user *from, unsigned long n)
 {
        if (access_ok(VERIFY_READ, from, n))
                n = __copy_from_user(to, from, n);
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 3aaeffcfd67a..7a517bb41060 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -51,7 +51,7 @@ kmmio_fault(struct pt_regs *regs, unsigned long addr)
        return 0;
 }
-static inline int __kprobes notify_page_fault(struct pt_regs *regs)
+static inline int __kprobes kprobes_fault(struct pt_regs *regs)
 {
        int ret = 0;
@@ -1048,7 +1048,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
                        return;
                /* kprobes don't want to hook the spurious faults: */
-                if (notify_page_fault(regs))
+                if (kprobes_fault(regs))
                        return;
                /*
                 * Don't take the mm semaphore here. If we fixup a prefetch
@@ -1060,23 +1060,8 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
        }
        /* kprobes don't want to hook the spurious faults: */
-        if (unlikely(notify_page_fault(regs)))
+        if (unlikely(kprobes_fault(regs)))
                return;
-        /*
-         * It's safe to allow irq's after cr2 has been saved and the
-         * vmalloc fault has been handled.
-         *
-         * User-mode registers count as a user access even for any
-         * potential system fault or CPU buglet:
-         */
-        if (user_mode_vm(regs)) {
-                local_irq_enable();
-                error_code |= PF_USER;
-                flags |= FAULT_FLAG_USER;
-        } else {
-                if (regs->flags & X86_EFLAGS_IF)
-                        local_irq_enable();
-        }
        if (unlikely(error_code & PF_RSVD))
                pgtable_bad(regs, error_code, address);
@@ -1088,8 +1073,6 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
                }
        }
-        perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
        /*
         * If we're in an interrupt, have no user context or are running
         * in an atomic region then we must not take the fault:
@@ -1099,6 +1082,24 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
                return;
        }
+        /*
+         * It's safe to allow irq's after cr2 has been saved and the
+         * vmalloc fault has been handled.
+         *
+         * User-mode registers count as a user access even for any
+         * potential system fault or CPU buglet:
+         */
+        if (user_mode_vm(regs)) {
+                local_irq_enable();
+                error_code |= PF_USER;
+                flags |= FAULT_FLAG_USER;
+        } else {
+                if (regs->flags & X86_EFLAGS_IF)
+                        local_irq_enable();
+        }
+        perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
        if (error_code & PF_WRITE)
                flags |= FAULT_FLAG_WRITE;
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index 79c216aa0e2b..516593e1ce33 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -772,13 +772,21 @@ out:
        return;
 }
+static void bpf_jit_free_deferred(struct work_struct *work)
+{
+        struct sk_filter *fp = container_of(work, struct sk_filter, work);
+        unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
+        struct bpf_binary_header *header = (void *)addr;
+        set_memory_rw(addr, header->pages);
+        module_free(NULL, header);
+        kfree(fp);
+}
 void bpf_jit_free(struct sk_filter *fp)
 {
        if (fp->bpf_func != sk_run_filter) {
-                unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
+                INIT_WORK(&fp->work, bpf_jit_free_deferred);
-                struct bpf_binary_header *header = (void *)addr;
+                schedule_work(&fp->work);
-                set_memory_rw(addr, header->pages);
-                module_free(NULL, header);
        }
 }
diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c
index d6aa6e8315d1..5d04be5efb64 100644
--- a/arch/x86/oprofile/backtrace.c
+++ b/arch/x86/oprofile/backtrace.c
@@ -47,7 +47,7 @@ dump_user_backtrace_32(struct stack_frame_ia32 *head)
        unsigned long bytes;
        bytes = copy_from_user_nmi(bufhead, head, sizeof(bufhead));
-        if (bytes != sizeof(bufhead))
+        if (bytes != 0)
                return NULL;
        fp = (struct stack_frame_ia32 *) compat_ptr(bufhead[0].next_frame);
@@ -93,7 +93,7 @@ static struct stack_frame *dump_user_backtrace(struct stack_frame *head)
        unsigned long bytes;
        bytes = copy_from_user_nmi(bufhead, head, sizeof(bufhead));
-        if (bytes != sizeof(bufhead))
+        if (bytes != 0)
                return NULL;
        oprofile_add_trace(bufhead[0].return_address);
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index d1e4777b4e75..31d04758b76f 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -278,6 +278,15 @@ static void __init xen_smp_prepare_boot_cpu(void)
                   old memory can be recycled */
                make_lowmem_page_readwrite(xen_initial_gdt);
+#ifdef CONFIG_X86_32
+                /*
+                 * Xen starts us with XEN_FLAT_RING1_DS, but linux code
+                 * expects __USER_DS
+                 */
+                loadsegment(ds, __USER_DS);
+                loadsegment(es, __USER_DS);
+#endif
                xen_filter_cpu_maps();
                xen_setup_vcpu_info_placement();
        }