25 files changed, 124 insertions, 121 deletions
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index 7083c16cccba..bb1376381985 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -14,13 +14,6 @@
 static const char build_str[] = UTS_RELEASE " (" LINUX_COMPILE_BY "@"
                LINUX_COMPILE_HOST ") (" LINUX_COMPILER ") " UTS_VERSION;
-struct kaslr_setup_data {
-        __u64 next;
-        __u32 type;
-        __u32 len;
-        __u8 data[1];
-} kaslr_setup_data;
 #define I8254_PORT_CONTROL      0x43
 #define I8254_PORT_COUNTER0     0x40
 #define I8254_CMD_READBACK      0xC0
@@ -302,29 +295,7 @@ static unsigned long find_random_addr(unsigned long minimum,
        return slots_fetch_random();
 }
-static void add_kaslr_setup_data(struct boot_params *params, __u8 enabled)
+unsigned char *choose_kernel_location(unsigned char *input,
-{
-        struct setup_data *data;
-        kaslr_setup_data.type = SETUP_KASLR;
-        kaslr_setup_data.len = 1;
-        kaslr_setup_data.next = 0;
-        kaslr_setup_data.data[0] = enabled;
-        data = (struct setup_data *)(unsigned long)params->hdr.setup_data;
-        while (data && data->next)
-                data = (struct setup_data *)(unsigned long)data->next;
-        if (data)
-                data->next = (unsigned long)&kaslr_setup_data;
-        else
-                params->hdr.setup_data = (unsigned long)&kaslr_setup_data;
-}
-unsigned char *choose_kernel_location(struct boot_params *params,
-                                      unsigned char *input,
                                      unsigned long input_size,
                                      unsigned char *output,
                                      unsigned long output_size)
@@ -335,17 +306,14 @@ unsigned char *choose_kernel_location(struct boot_params *params,
 #ifdef CONFIG_HIBERNATION
        if (!cmdline_find_option_bool("kaslr")) {
                debug_putstr("KASLR disabled by default...\n");
-                add_kaslr_setup_data(params, 0);
                goto out;
        }
 #else
        if (cmdline_find_option_bool("nokaslr")) {
                debug_putstr("KASLR disabled by cmdline...\n");
-                add_kaslr_setup_data(params, 0);
                goto out;
        }
 #endif
-        add_kaslr_setup_data(params, 1);
        /* Record the various known unsafe memory ranges. */
        mem_avoid_init((unsigned long)input, input_size,
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 5903089c818f..a950864a64da 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -401,8 +401,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
         * the entire decompressed kernel plus relocation table, or the
         * entire decompressed kernel plus .bss and .brk sections.
         */
-        output = choose_kernel_location(real_mode, input_data, input_len,
+        output = choose_kernel_location(input_data, input_len, output,
-                                        output,
                                        output_len > run_size ? output_len
                                                              : run_size);
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index ee3576b2666b..04477d68403f 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -57,8 +57,7 @@ int cmdline_find_option_bool(const char *option);
 #if CONFIG_RANDOMIZE_BASE
 /* aslr.c */
-unsigned char *choose_kernel_location(struct boot_params *params,
+unsigned char *choose_kernel_location(unsigned char *input,
-                                      unsigned char *input,
                                      unsigned long input_size,
                                      unsigned char *output,
                                      unsigned long output_size);
@@ -66,8 +65,7 @@ unsigned char *choose_kernel_location(struct boot_params *params,
 bool has_cpuflag(int flag);
 #else
 static inline
-unsigned char *choose_kernel_location(struct boot_params *params,
+unsigned char *choose_kernel_location(unsigned char *input,
-                                      unsigned char *input,
                                      unsigned long input_size,
                                      unsigned char *output,
                                      unsigned long output_size)
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index 947c6bf52c33..54f60ab41c63 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -1155,7 +1155,7 @@ static int __driver_rfc4106_decrypt(struct aead_request *req)
                src = kmalloc(req->cryptlen + req->assoclen, GFP_ATOMIC);
                if (!src)
                        return -ENOMEM;
-                assoc = (src + req->cryptlen + auth_tag_len);
+                assoc = (src + req->cryptlen);
                scatterwalk_map_and_copy(src, req->src, 0, req->cryptlen, 0);
                scatterwalk_map_and_copy(assoc, req->assoc, 0,
                        req->assoclen, 0);
@@ -1180,7 +1180,7 @@ static int __driver_rfc4106_decrypt(struct aead_request *req)
                scatterwalk_done(&src_sg_walk, 0, 0);
                scatterwalk_done(&assoc_sg_walk, 0, 0);
        } else {
-                scatterwalk_map_and_copy(dst, req->dst, 0, req->cryptlen, 1);
+                scatterwalk_map_and_copy(dst, req->dst, 0, tempCipherLen, 1);
                kfree(src);
        }
        return retval;
diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h
index 0dbc08282291..72ba21a8b5fc 100644
--- a/arch/x86/include/asm/fpu-internal.h
+++ b/arch/x86/include/asm/fpu-internal.h
@@ -370,7 +370,7 @@ static inline void drop_fpu(struct task_struct *tsk)
        preempt_disable();
        tsk->thread.fpu_counter = 0;
        __drop_fpu(tsk);
-        clear_used_math();
+        clear_stopped_child_used_math(tsk);
        preempt_enable();
 }
diff --git a/arch/x86/include/asm/page_types.h b/arch/x86/include/asm/page_types.h
index 95e11f79f123..f97fbe3abb67 100644
--- a/arch/x86/include/asm/page_types.h
+++ b/arch/x86/include/asm/page_types.h
@@ -51,8 +51,6 @@ extern int devmem_is_allowed(unsigned long pagenr);
 extern unsigned long max_low_pfn_mapped;
 extern unsigned long max_pfn_mapped;
-extern bool kaslr_enabled;
 static inline phys_addr_t get_max_mapped(void)
 {
        return (phys_addr_t)max_pfn_mapped << PAGE_SHIFT;
diff --git a/arch/x86/include/asm/pci_x86.h b/arch/x86/include/asm/pci_x86.h
index fa1195dae425..164e3f8d3c3d 100644
--- a/arch/x86/include/asm/pci_x86.h
+++ b/arch/x86/include/asm/pci_x86.h
@@ -93,6 +93,8 @@ extern raw_spinlock_t pci_config_lock;
 extern int (*pcibios_enable_irq)(struct pci_dev *dev);
 extern void (*pcibios_disable_irq)(struct pci_dev *dev);
+extern bool mp_should_keep_irq(struct device *dev);
 struct pci_raw_ops {
        int (*read)(unsigned int domain, unsigned int bus, unsigned int devfn,
                                                int reg, int len, u32 *val);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index 44e6dd7e36a2..225b0988043a 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -7,7 +7,6 @@
 #define SETUP_DTB                       2
 #define SETUP_PCI                       3
 #define SETUP_EFI                       4
-#define SETUP_KASLR                     5
 /* ram_size flags */
 #define RAMDISK_IMAGE_START_MASK        0x07FF
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
index 3d525c6124f6..803b684676ff 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -1338,6 +1338,26 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
 }
 /*
+ * ACPI offers an alternative platform interface model that removes
+ * ACPI hardware requirements for platforms that do not implement
+ * the PC Architecture.
+ *
+ * We initialize the Hardware-reduced ACPI model here:
+ */
+static void __init acpi_reduced_hw_init(void)
+{
+        if (acpi_gbl_reduced_hardware) {
+                /*
+                 * Override x86_init functions and bypass legacy pic
+                 * in Hardware-reduced ACPI mode
+                 */
+                x86_init.timers.timer_init      = x86_init_noop;
+                x86_init.irqs.pre_vector_init   = x86_init_noop;
+                legacy_pic                      = &null_legacy_pic;
+        }
+}
+/*
 * If your system is blacklisted here, but you find that acpi=force
 * works for you, please contact linux-acpi@vger.kernel.org
 */
@@ -1536,6 +1556,11 @@ int __init early_acpi_boot_init(void)
         */
        early_acpi_process_madt();
+        /*
+         * Hardware-reduced ACPI mode initialization:
+         */
+        acpi_reduced_hw_init();
        return 0;
 }
diff --git a/arch/x86/kernel/apic/apic_numachip.c b/arch/x86/kernel/apic/apic_numachip.c
index c2fd21fed002..017149cded07 100644
--- a/arch/x86/kernel/apic/apic_numachip.c
+++ b/arch/x86/kernel/apic/apic_numachip.c
@@ -37,10 +37,12 @@ static const struct apic apic_numachip;
 static unsigned int get_apic_id(unsigned long x)
 {
        unsigned long value;
-        unsigned int id;
+        unsigned int id = (x >> 24) & 0xff;
-        rdmsrl(MSR_FAM10H_NODE_ID, value);
+        if (static_cpu_has_safe(X86_FEATURE_NODEID_MSR)) {
-        id = ((x >> 24) & 0xffU) | ((value << 2) & 0xff00U);
+                rdmsrl(MSR_FAM10H_NODE_ID, value);
+                id |= (value << 2) & 0xff00;
+        }
        return id;
 }
@@ -155,10 +157,18 @@ static int __init numachip_probe(void)
 static void fixup_cpu_id(struct cpuinfo_x86 *c, int node)
 {
-        if (c->phys_proc_id != node) {
+        u64 val;
-                c->phys_proc_id = node;
+        u32 nodes = 1;
-                per_cpu(cpu_llc_id, smp_processor_id()) = node;
+        this_cpu_write(cpu_llc_id, node);
+        /* Account for nodes per socket in multi-core-module processors */
+        if (static_cpu_has_safe(X86_FEATURE_NODEID_MSR)) {
+                rdmsrl(MSR_FAM10H_NODE_ID, val);
+                nodes = ((val >> 3) & 7) + 1;
        }
+        c->phys_proc_id = node / nodes;
 }
 static int __init numachip_system_init(void)
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index 1d74d161687c..2babb393915e 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -364,12 +364,21 @@ system_call_fastpath:
 * Has incomplete stack frame and undefined top of stack.
 */
 ret_from_sys_call:
-        testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
-        jnz int_ret_from_sys_call_fixup /* Go the the slow path */
        LOCKDEP_SYS_EXIT
        DISABLE_INTERRUPTS(CLBR_NONE)
        TRACE_IRQS_OFF
+        /*
+         * We must check ti flags with interrupts (or at least preemption)
+         * off because we must *never* return to userspace without
+         * processing exit work that is enqueued if we're preempted here.
+         * In particular, returning to userspace with any of the one-shot
+         * flags (TIF_NOTIFY_RESUME, TIF_USER_RETURN_NOTIFY, etc) set is
+         * very bad.
+         */
+        testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+        jnz int_ret_from_sys_call_fixup /* Go the the slow path */
        CFI_REMEMBER_STATE
        /*
         * sysretq will re-enable interrupts:
@@ -386,7 +395,7 @@ ret_from_sys_call:
 int_ret_from_sys_call_fixup:
        FIXUP_TOP_OF_STACK %r11, -ARGOFFSET
-        jmp int_ret_from_sys_call
+        jmp int_ret_from_sys_call_irqs_off
        /* Do syscall tracing */
 tracesys:
@@ -432,6 +441,7 @@ tracesys_phase2:
 GLOBAL(int_ret_from_sys_call)
        DISABLE_INTERRUPTS(CLBR_NONE)
        TRACE_IRQS_OFF
+int_ret_from_sys_call_irqs_off:
        movl $_TIF_ALLWORK_MASK,%edi
        /* edi: mask to check */
 GLOBAL(int_with_check)
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
index 9bbb9b35c144..d1ac80b72c72 100644
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
@@ -47,13 +47,21 @@ do {							\
 #ifdef CONFIG_RANDOMIZE_BASE
 static unsigned long module_load_offset;
+static int randomize_modules = 1;
 /* Mutex protects the module_load_offset. */
 static DEFINE_MUTEX(module_kaslr_mutex);
+static int __init parse_nokaslr(char *p)
+{
+        randomize_modules = 0;
+        return 0;
+}
+early_param("nokaslr", parse_nokaslr);
 static unsigned long int get_module_load_offset(void)
 {
-        if (kaslr_enabled) {
+        if (randomize_modules) {
                mutex_lock(&module_kaslr_mutex);
                /*
                 * Calculate the module_load_offset the first time this
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 98dc9317286e..0a2421cca01f 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -122,8 +122,6 @@
 unsigned long max_low_pfn_mapped;
 unsigned long max_pfn_mapped;
-bool __read_mostly kaslr_enabled = false;
 #ifdef CONFIG_DMI
 RESERVE_BRK(dmi_alloc, 65536);
 #endif
@@ -427,11 +425,6 @@ static void __init reserve_initrd(void)
 }
 #endif /* CONFIG_BLK_DEV_INITRD */
-static void __init parse_kaslr_setup(u64 pa_data, u32 data_len)
-{
-        kaslr_enabled = (bool)(pa_data + sizeof(struct setup_data));
-}
 static void __init parse_setup_data(void)
 {
        struct setup_data *data;
@@ -457,9 +450,6 @@ static void __init parse_setup_data(void)
                case SETUP_EFI:
                        parse_efi_setup(pa_data, data_len);
                        break;
-                case SETUP_KASLR:
-                        parse_kaslr_setup(pa_data, data_len);
-                        break;
                default:
                        break;
                }
@@ -842,14 +832,10 @@ static void __init trim_low_memory_range(void)
 static int
 dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p)
 {
-        if (kaslr_enabled)
+        pr_emerg("Kernel Offset: 0x%lx from 0x%lx "
-                pr_emerg("Kernel Offset: 0x%lx from 0x%lx (relocation range: 0x%lx-0x%lx)\n",
+                 "(relocation range: 0x%lx-0x%lx)\n",
-                         (unsigned long)&_text - __START_KERNEL,
+                 (unsigned long)&_text - __START_KERNEL, __START_KERNEL,
-                         __START_KERNEL,
+                 __START_KERNEL_map, MODULES_VADDR-1);
-                         __START_KERNEL_map,
-                         MODULES_VADDR-1);
-        else
-                pr_emerg("Kernel Offset: disabled\n");
        return 0;
 }
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 9d2073e2ecc9..4ff5d162ff9f 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -384,7 +384,7 @@ dotraplinkage void do_bounds(struct pt_regs *regs, long error_code)
                goto exit;
        conditional_sti(regs);
-        if (!user_mode(regs))
+        if (!user_mode_vm(regs))
                die("bounds", regs, error_code);
        if (!cpu_feature_enabled(X86_FEATURE_MPX)) {
@@ -637,7 +637,7 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code)
         * then it's very likely the result of an icebp/int01 trap.
         * User wants a sigtrap for that.
         */
-        if (!dr6 && user_mode(regs))
+        if (!dr6 && user_mode_vm(regs))
                user_icebp = 1;
        /* Catch kmemcheck conditions first of all! */
diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
index 34f66e58a896..cdc6cf903078 100644
--- a/arch/x86/kernel/xsave.c
+++ b/arch/x86/kernel/xsave.c
@@ -379,7 +379,7 @@ int __restore_xstate_sig(void __user *buf, void __user *buf_fx, int size)
                 * thread's fpu state, reconstruct fxstate from the fsave
                 * header. Sanitize the copied state etc.
                 */
-                struct xsave_struct *xsave = &tsk->thread.fpu.state->xsave;
+                struct fpu *fpu = &tsk->thread.fpu;
                struct user_i387_ia32_struct env;
                int err = 0;
@@ -393,14 +393,15 @@ int __restore_xstate_sig(void __user *buf, void __user *buf_fx, int size)
                 */
                drop_fpu(tsk);
-                if (__copy_from_user(xsave, buf_fx, state_size) ||
+                if (__copy_from_user(&fpu->state->xsave, buf_fx, state_size) ||
                    __copy_from_user(&env, buf, sizeof(env))) {
+                        fpu_finit(fpu);
                        err = -1;
                } else {
                        sanitize_restored_xstate(tsk, &env, xstate_bv, fx_only);
-                        set_used_math();
                }
+                set_used_math();
                if (use_eager_fpu()) {
                        preempt_disable();
                        math_state_restore();
diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
index cc31f7c06d3d..9541ba34126b 100644
--- a/arch/x86/kvm/i8259.c
+++ b/arch/x86/kvm/i8259.c
@@ -507,6 +507,7 @@ static int picdev_read(struct kvm_pic *s,
                return -EOPNOTSUPP;
        if (len != 1) {
+                memset(val, 0, len);
                pr_pic_unimpl("non byte read\n");
                return 0;
        }
diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
index b1947e0f3e10..46d4449772bc 100644
--- a/arch/x86/kvm/ioapic.c
+++ b/arch/x86/kvm/ioapic.c
@@ -422,6 +422,7 @@ static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu,
                        struct kvm_ioapic *ioapic, int vector, int trigger_mode)
 {
        int i;
+        struct kvm_lapic *apic = vcpu->arch.apic;
        for (i = 0; i < IOAPIC_NUM_PINS; i++) {
                union kvm_ioapic_redirect_entry *ent = &ioapic->redirtbl[i];
@@ -443,7 +444,8 @@ static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu,
                kvm_notify_acked_irq(ioapic->kvm, KVM_IRQCHIP_IOAPIC, i);
                spin_lock(&ioapic->lock);
-                if (trigger_mode != IOAPIC_LEVEL_TRIG)
+                if (trigger_mode != IOAPIC_LEVEL_TRIG ||
+                    kvm_apic_get_reg(apic, APIC_SPIV) & APIC_SPIV_DIRECTED_EOI)
                        continue;
                ASSERT(ent->fields.trig_mode == IOAPIC_LEVEL_TRIG);
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index bd4e34de24c7..4ee827d7bf36 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -833,8 +833,7 @@ int kvm_apic_compare_prio(struct kvm_vcpu *vcpu1, struct kvm_vcpu *vcpu2)
 static void kvm_ioapic_send_eoi(struct kvm_lapic *apic, int vector)
 {
-        if (!(kvm_apic_get_reg(apic, APIC_SPIV) & APIC_SPIV_DIRECTED_EOI) &&
+        if (kvm_ioapic_handles_vector(apic->vcpu->kvm, vector)) {
-            kvm_ioapic_handles_vector(apic->vcpu->kvm, vector)) {
                int trigger_mode;
                if (apic_test_vector(vector, apic->regs + APIC_TMR))
                        trigger_mode = IOAPIC_LEVEL_TRIG;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index f7b20b417a3a..ae4f6d35d19c 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2168,7 +2168,10 @@ static void vmx_set_msr_bitmap(struct kvm_vcpu *vcpu)
 {
        unsigned long *msr_bitmap;
-        if (irqchip_in_kernel(vcpu->kvm) && apic_x2apic_mode(vcpu->arch.apic)) {
+        if (is_guest_mode(vcpu))
+                msr_bitmap = vmx_msr_bitmap_nested;
+        else if (irqchip_in_kernel(vcpu->kvm) &&
+                apic_x2apic_mode(vcpu->arch.apic)) {
                if (is_long_mode(vcpu))
                        msr_bitmap = vmx_msr_bitmap_longmode_x2apic;
                else
@@ -2476,8 +2479,7 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx)
        if (enable_ept) {
                /* nested EPT: emulate EPT also to L1 */
                vmx->nested.nested_vmx_secondary_ctls_high |=
-                        SECONDARY_EXEC_ENABLE_EPT |
+                        SECONDARY_EXEC_ENABLE_EPT;
-                        SECONDARY_EXEC_UNRESTRICTED_GUEST;
                vmx->nested.nested_vmx_ept_caps = VMX_EPT_PAGE_WALK_4_BIT |
                         VMX_EPTP_WB_BIT | VMX_EPT_2MB_PAGE_BIT |
                         VMX_EPT_INVEPT_BIT;
@@ -2491,6 +2493,10 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx)
        } else
                vmx->nested.nested_vmx_ept_caps = 0;
+        if (enable_unrestricted_guest)
+                vmx->nested.nested_vmx_secondary_ctls_high |=
+                        SECONDARY_EXEC_UNRESTRICTED_GUEST;
        /* miscellaneous data */
        rdmsr(MSR_IA32_VMX_MISC,
                vmx->nested.nested_vmx_misc_low,
@@ -9218,9 +9224,9 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
        }
        if (cpu_has_vmx_msr_bitmap() &&
-            exec_control & CPU_BASED_USE_MSR_BITMAPS &&
+            exec_control & CPU_BASED_USE_MSR_BITMAPS) {
-            nested_vmx_merge_msr_bitmap(vcpu, vmcs12)) {
+                nested_vmx_merge_msr_bitmap(vcpu, vmcs12);
-                vmcs_write64(MSR_BITMAP, __pa(vmx_msr_bitmap_nested));
+                /* MSR_BITMAP will be set by following vmx_set_efer. */
        } else
                exec_control &= ~CPU_BASED_USE_MSR_BITMAPS;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index bd7a70be41b3..32bf19ef3115 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2744,7 +2744,6 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
        case KVM_CAP_USER_NMI:
        case KVM_CAP_REINJECT_CONTROL:
        case KVM_CAP_IRQ_INJECT_STATUS:
-        case KVM_CAP_IRQFD:
        case KVM_CAP_IOEVENTFD:
        case KVM_CAP_IOEVENTFD_NO_LENGTH:
        case KVM_CAP_PIT2:
diff --git a/arch/x86/pci/common.c b/arch/x86/pci/common.c
index 3d2612b68694..2fb384724ebb 100644
--- a/arch/x86/pci/common.c
+++ b/arch/x86/pci/common.c
@@ -513,31 +513,6 @@ void __init pcibios_set_cache_line_size(void)
        }
 }
-/*
- * Some device drivers assume dev->irq won't change after calling
- * pci_disable_device(). So delay releasing of IRQ resource to driver
- * unbinding time. Otherwise it will break PM subsystem and drivers
- * like xen-pciback etc.
- */
-static int pci_irq_notifier(struct notifier_block *nb, unsigned long action,
-                            void *data)
-{
-        struct pci_dev *dev = to_pci_dev(data);
-        if (action != BUS_NOTIFY_UNBOUND_DRIVER)
-                return NOTIFY_DONE;
-        if (pcibios_disable_irq)
-                pcibios_disable_irq(dev);
-        return NOTIFY_OK;
-}
-static struct notifier_block pci_irq_nb = {
-        .notifier_call = pci_irq_notifier,
-        .priority = INT_MIN,
-};
 int __init pcibios_init(void)
 {
        if (!raw_pci_ops) {
@@ -550,9 +525,6 @@ int __init pcibios_init(void)
        if (pci_bf_sort >= pci_force_bf)
                pci_sort_breadthfirst();
-        bus_register_notifier(&pci_bus_type, &pci_irq_nb);
        return 0;
 }
@@ -711,6 +683,12 @@ int pcibios_enable_device(struct pci_dev *dev, int mask)
        return 0;
 }
+void pcibios_disable_device (struct pci_dev *dev)
+{
+        if (!pci_dev_msi_enabled(dev) && pcibios_disable_irq)
+                pcibios_disable_irq(dev);
+}
 int pci_ext_cfg_avail(void)
 {
        if (raw_pci_ext_ops)
diff --git a/arch/x86/pci/intel_mid_pci.c b/arch/x86/pci/intel_mid_pci.c
index efb849323c74..852aa4c92da0 100644
--- a/arch/x86/pci/intel_mid_pci.c
+++ b/arch/x86/pci/intel_mid_pci.c
@@ -234,10 +234,10 @@ static int intel_mid_pci_irq_enable(struct pci_dev *dev)
 static void intel_mid_pci_irq_disable(struct pci_dev *dev)
 {
-        if (dev->irq_managed && dev->irq > 0) {
+        if (!mp_should_keep_irq(&dev->dev) && dev->irq_managed &&
+            dev->irq > 0) {
                mp_unmap_irq(dev->irq);
                dev->irq_managed = 0;
-                dev->irq = 0;
        }
 }
diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c
index e71b3dbd87b8..5dc6ca5e1741 100644
--- a/arch/x86/pci/irq.c
+++ b/arch/x86/pci/irq.c
@@ -1256,9 +1256,22 @@ static int pirq_enable_irq(struct pci_dev *dev)
        return 0;
 }
+bool mp_should_keep_irq(struct device *dev)
+{
+        if (dev->power.is_prepared)
+                return true;
+#ifdef CONFIG_PM
+        if (dev->power.runtime_status == RPM_SUSPENDING)
+                return true;
+#endif
+        return false;
+}
 static void pirq_disable_irq(struct pci_dev *dev)
 {
-        if (io_apic_assign_pci_irqs && dev->irq_managed && dev->irq) {
+        if (io_apic_assign_pci_irqs && !mp_should_keep_irq(&dev->dev) &&
+            dev->irq_managed && dev->irq) {
                mp_unmap_irq(dev->irq);
                dev->irq = 0;
                dev->irq_managed = 0;
diff --git a/arch/x86/vdso/vdso32/sigreturn.S b/arch/x86/vdso/vdso32/sigreturn.S
index 31776d0efc8c..d7ec4e251c0a 100644
--- a/arch/x86/vdso/vdso32/sigreturn.S
+++ b/arch/x86/vdso/vdso32/sigreturn.S
@@ -17,6 +17,7 @@
        .text
        .globl __kernel_sigreturn
        .type __kernel_sigreturn,@function
+        nop /* this guy is needed for .LSTARTFDEDLSI1 below (watch for HACK) */
        ALIGN
 __kernel_sigreturn:
 .LSTART_sigreturn:
diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c
index 740ae3026a14..9f93af56a5fc 100644
--- a/arch/x86/xen/p2m.c
+++ b/arch/x86/xen/p2m.c
@@ -563,7 +563,7 @@ static bool alloc_p2m(unsigned long pfn)
                if (p2m_pfn == PFN_DOWN(__pa(p2m_missing)))
                        p2m_init(p2m);
                else
-                        p2m_init_identity(p2m, pfn);
+                        p2m_init_identity(p2m, pfn & ~(P2M_PER_PAGE - 1));
                spin_lock_irqsave(&p2m_update_lock, flags);