Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86: Flush TLB if PGD entry is changed in i386 PAE mode
  x86, dumpstack: Correct stack dump info when frame pointer is available
  x86: Clean up csum-copy_64.S a bit
  x86: Fix common misspellings
  x86: Fix misspelling and align params
  x86: Use PentiumPro-optimized partial_csum() on VIA C7

diff --combined arch/x86/kernel/apic/io_apic.c
index 795ba310cb1dae61ca4d6a7e956258d056ce19c3,f15c6f76071cd23f4e9776af29f7503256744c9d..180ca240e03c108f810178c90511d2cc7b0fd9bd
--- 1/arch/x86/kernel/apic/io_apic.c
--- 2/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@@ -1886,7 -1886,7 +1886,7 @@@ void disable_IO_APIC(void
         *
         * With interrupt-remapping, for now we will use virtual wire A mode,
         * as virtual wire B is little complex (need to configure both
-        * IOAPIC RTE aswell as interrupt-remapping table entry).
+        * IOAPIC RTE as well as interrupt-remapping table entry).
         * As this gets called during crash dump, keep this simple for now.
         */
        if (ioapic_i8259.pin != -1 && !intr_remapping_enabled) {
@@@ -2905,7 -2905,7 +2905,7 @@@ void __init setup_IO_APIC(void
  }
  
  /*
-  *      Called after all the initialization is done. If we didnt find any
+  *      Called after all the initialization is done. If we didn't find any
   *      APIC bugs then we can allow the modify fast path
   */
  
@@@ -3983,7 -3983,7 +3983,7 @@@ int mp_find_ioapic_pin(int ioapic, u32 
  static __init int bad_ioapic(unsigned long address)
  {
        if (nr_ioapics >= MAX_IO_APICS) {
 -              printk(KERN_WARNING "WARING: Max # of I/O APICs (%d) exceeded "
 +              printk(KERN_WARNING "WARNING: Max # of I/O APICs (%d) exceeded "
                       "(found %d), skipping\n", MAX_IO_APICS, nr_ioapics);
                return 1;
        }

diff --combined arch/x86/kernel/apm_32.c
index 9079926a5b188f2e62cda0308f63abdf48c2fda1,a10e516dd78d4e8bb84693cfdbc5e37f9d138569..0b4be431c620ab30ac0bd348888fdf3e9dd3a5b8
--- 1/arch/x86/kernel/apm_32.c
--- 2/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@@ -66,7 -66,7 +66,7 @@@
   *    1.5: Fix segment register reloading (in case of bad segments saved
   *         across BIOS call).
   *         Stephen Rothwell
-  *    1.6: Cope with complier/assembler differences.
+  *    1.6: Cope with compiler/assembler differences.
   *         Only try to turn off the first display device.
   *         Fix OOPS at power off with no APM BIOS by Jan Echternach
   *                   <echter@informatik.uni-rostock.de>
@@@ -227,7 -227,6 +227,7 @@@
  #include <linux/suspend.h>
  #include <linux/kthread.h>
  #include <linux/jiffies.h>
 +#include <linux/acpi.h>
  
  #include <asm/system.h>
  #include <asm/uaccess.h>
@@@ -976,10 -975,20 +976,10 @@@ recalc
  
  static void apm_power_off(void)
  {
 -      unsigned char po_bios_call[] = {
 -              0xb8, 0x00, 0x10,       /* movw  $0x1000,ax  */
 -              0x8e, 0xd0,             /* movw  ax,ss       */
 -              0xbc, 0x00, 0xf0,       /* movw  $0xf000,sp  */
 -              0xb8, 0x07, 0x53,       /* movw  $0x5307,ax  */
 -              0xbb, 0x01, 0x00,       /* movw  $0x0001,bx  */
 -              0xb9, 0x03, 0x00,       /* movw  $0x0003,cx  */
 -              0xcd, 0x15              /* int   $0x15       */
 -      };
 -
        /* Some bioses don't like being called from CPU != 0 */
        if (apm_info.realmode_power_off) {
                set_cpus_allowed_ptr(current, cpumask_of(0));
 -              machine_real_restart(po_bios_call, sizeof(po_bios_call));
 +              machine_real_restart(MRR_APM);
        } else {
                (void)set_system_power_state(APM_STATE_OFF);
        }
@@@ -2322,11 -2331,12 +2322,11 @@@ static int __init apm_init(void
                apm_info.disabled = 1;
                return -ENODEV;
        }
 -      if (pm_flags & PM_ACPI) {
 +      if (!acpi_disabled) {
                printk(KERN_NOTICE "apm: overridden by ACPI.\n");
                apm_info.disabled = 1;
                return -ENODEV;
        }
 -      pm_flags |= PM_APM;
  
        /*
         * Set up the long jump entry point to the APM BIOS, which is called
@@@ -2418,6 -2428,7 +2418,6 @@@ static void __exit apm_exit(void
                kthread_stop(kapmd_task);
                kapmd_task = NULL;
        }
 -      pm_flags &= ~PM_APM;
  }
  
  module_init(apm_init);

diff --combined arch/x86/kernel/cpu/cpufreq/powernow-k8.c
index 1ae4133e6bd65421761682f7b0ca5fc8da8cd9b2,b41f7da4555bf9a267798cdfdd640cbea3c705cc..2368e38327b351dc1d0b983a12c79d7f3d558960
--- 1/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
--- 2/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
+++ b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
@@@ -630,7 -630,8 +630,7 @@@ static void print_basics(struct powerno
                                        data->powernow_table[j].frequency/1000);
                        } else {
                                printk(KERN_INFO PFX
 -                                      "   %d : fid 0x%x (%d MHz), vid 0x%x\n",
 -                                      j,
 +                                      "fid 0x%x (%d MHz), vid 0x%x\n",
                                        data->powernow_table[j].index & 0xff,
                                        data->powernow_table[j].frequency/1000,
                                        data->powernow_table[j].index >> 8);
@@@ -1275,7 -1276,7 +1275,7 @@@ static int __cpuinit powernowk8_cpu_ini
  
        if (powernow_k8_cpu_init_acpi(data)) {
                /*
-                * Use the PSB BIOS structure. This is only availabe on
+                * Use the PSB BIOS structure. This is only available on
                 * an UP version, and is deprecated by AMD.
                 */
                if (num_online_cpus() != 1) {

diff --combined arch/x86/kernel/cpu/perf_event.c
index e8dbe179587fcf58f2f3094e825fc1c10512c2bd,30612764cd3bafdb63e10a4ebac2b8748a0c0928..87eab4a27dfccc0ad75d17338d6a8be5c5a1a1e0
--- 1/arch/x86/kernel/cpu/perf_event.c
--- 2/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
@@@ -178,6 -178,8 +178,6 @@@ struct cpu_hw_events 
   */
  #define INTEL_UEVENT_CONSTRAINT(c, n) \
        EVENT_CONSTRAINT(c, n, INTEL_ARCH_EVENT_MASK)
 -#define PEBS_EVENT_CONSTRAINT(c, n)   \
 -      INTEL_UEVENT_CONSTRAINT(c, n)
  
  #define EVENT_CONSTRAINT_END          \
        EVENT_CONSTRAINT(0, 0, 0)
@@@ -1109,7 -1111,7 +1109,7 @@@ static int x86_pmu_add(struct perf_even
  
        /*
         * If group events scheduling transaction was started,
-        * skip the schedulability test here, it will be peformed
+        * skip the schedulability test here, it will be performed
         * at commit time (->commit_txn) as a whole
         */
        if (cpuc->group_flag & PERF_EVENT_TXN)
@@@ -1790,7 -1792,7 +1790,7 @@@ perf_callchain_kernel(struct perf_callc
  
        perf_callchain_store(entry, regs->ip);
  
-       dump_trace(NULL, regs, NULL, &backtrace_ops, entry);
+       dump_trace(NULL, regs, NULL, 0, &backtrace_ops, entry);
  }
  
  #ifdef CONFIG_COMPAT

diff --combined arch/x86/kvm/paging_tmpl.h
index 751405097d8cc209c51c3e94b6186abc2de670ae,a51517d9eb51ed83a0bbe3a6fa2694b192072bf3..c6397795d865357cda212faf91c3a59f6938d341
--- 1/arch/x86/kvm/paging_tmpl.h
--- 2/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@@ -31,6 -31,7 +31,6 @@@
        #define PT_LVL_ADDR_MASK(lvl) PT64_LVL_ADDR_MASK(lvl)
        #define PT_LVL_OFFSET_MASK(lvl) PT64_LVL_OFFSET_MASK(lvl)
        #define PT_INDEX(addr, level) PT64_INDEX(addr, level)
 -      #define PT_LEVEL_MASK(level) PT64_LEVEL_MASK(level)
        #define PT_LEVEL_BITS PT64_LEVEL_BITS
        #ifdef CONFIG_X86_64
        #define PT_MAX_FULL_LEVELS 4
@@@ -47,6 -48,7 +47,6 @@@
        #define PT_LVL_ADDR_MASK(lvl) PT32_LVL_ADDR_MASK(lvl)
        #define PT_LVL_OFFSET_MASK(lvl) PT32_LVL_OFFSET_MASK(lvl)
        #define PT_INDEX(addr, level) PT32_INDEX(addr, level)
 -      #define PT_LEVEL_MASK(level) PT32_LEVEL_MASK(level)
        #define PT_LEVEL_BITS PT32_LEVEL_BITS
        #define PT_MAX_FULL_LEVELS 2
        #define CMPXCHG cmpxchg
@@@ -325,7 -327,7 +325,7 @@@ no_present
  }
  
  static void FNAME(update_pte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
 -                            u64 *spte, const void *pte)
 +                            u64 *spte, const void *pte, unsigned long mmu_seq)
  {
        pt_element_t gpte;
        unsigned pte_access;
@@@ -337,16 -339,16 +337,16 @@@
  
        pgprintk("%s: gpte %llx spte %p\n", __func__, (u64)gpte, spte);
        pte_access = sp->role.access & FNAME(gpte_access)(vcpu, gpte);
 -      if (gpte_to_gfn(gpte) != vcpu->arch.update_pte.gfn)
 +      pfn = gfn_to_pfn_atomic(vcpu->kvm, gpte_to_gfn(gpte));
 +      if (is_error_pfn(pfn)) {
 +              kvm_release_pfn_clean(pfn);
                return;
 -      pfn = vcpu->arch.update_pte.pfn;
 -      if (is_error_pfn(pfn))
 -              return;
 -      if (mmu_notifier_retry(vcpu, vcpu->arch.update_pte.mmu_seq))
 +      }
 +      if (mmu_notifier_retry(vcpu, mmu_seq))
                return;
 -      kvm_get_pfn(pfn);
 +
        /*
-        * we call mmu_set_spte() with host_writable = true beacuse that
+        * we call mmu_set_spte() with host_writable = true because that
         * vcpu->arch.update_pte.pfn was fetched from get_user_pages(write = 1).
         */
        mmu_set_spte(vcpu, spte, sp->role.access, pte_access, 0, 0,
@@@ -827,6 -829,7 +827,6 @@@ static int FNAME(sync_page)(struct kvm_
  #undef FNAME
  #undef PT_BASE_ADDR_MASK
  #undef PT_INDEX
 -#undef PT_LEVEL_MASK
  #undef PT_LVL_ADDR_MASK
  #undef PT_LVL_OFFSET_MASK
  #undef PT_LEVEL_BITS

diff --combined arch/x86/kvm/x86.c
index f1e4025f1ae27dfd505950434efa2cb023d7eceb,e3a9e4b17d664c84c06fbd73adaa70a358793756..58f517b59645458cf4dbf7705fdd7e4e3a82281c
--- 1/arch/x86/kvm/x86.c
--- 2/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@@ -81,10 -81,9 +81,10 @@@
   * - enable LME and LMA per default on 64 bit KVM
   */
  #ifdef CONFIG_X86_64
 -static u64 __read_mostly efer_reserved_bits = 0xfffffffffffffafeULL;
 +static
 +u64 __read_mostly efer_reserved_bits = ~((u64)(EFER_SCE | EFER_LME | EFER_LMA));
  #else
 -static u64 __read_mostly efer_reserved_bits = 0xfffffffffffffffeULL;
 +static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
  #endif
  
  #define VM_STAT(x) offsetof(struct kvm, stat.x), KVM_STAT_VM
@@@ -361,8 -360,8 +361,8 @@@ void kvm_propagate_fault(struct kvm_vcp
  
  void kvm_inject_nmi(struct kvm_vcpu *vcpu)
  {
 +      kvm_make_request(KVM_REQ_NMI, vcpu);
        kvm_make_request(KVM_REQ_EVENT, vcpu);
 -      vcpu->arch.nmi_pending = 1;
  }
  EXPORT_SYMBOL_GPL(kvm_inject_nmi);
  
@@@ -526,10 -525,8 +526,10 @@@ int kvm_set_cr0(struct kvm_vcpu *vcpu, 
  
        kvm_x86_ops->set_cr0(vcpu, cr0);
  
 -      if ((cr0 ^ old_cr0) & X86_CR0_PG)
 +      if ((cr0 ^ old_cr0) & X86_CR0_PG) {
                kvm_clear_async_pf_completion_queue(vcpu);
 +              kvm_async_pf_hash_reset(vcpu);
 +      }
  
        if ((cr0 ^ old_cr0) & update_bits)
                kvm_mmu_reset_context(vcpu);
@@@ -1020,7 -1017,7 +1020,7 @@@ void kvm_write_tsc(struct kvm_vcpu *vcp
        unsigned long flags;
        s64 sdiff;
  
 -      spin_lock_irqsave(&kvm->arch.tsc_write_lock, flags);
 +      raw_spin_lock_irqsave(&kvm->arch.tsc_write_lock, flags);
        offset = data - native_read_tsc();
        ns = get_kernel_ns();
        elapsed = ns - kvm->arch.last_tsc_nsec;
@@@ -1031,7 -1028,7 +1031,7 @@@
        /*
         * Special case: close write to TSC within 5 seconds of
         * another CPU is interpreted as an attempt to synchronize
-        * The 5 seconds is to accomodate host load / swapping as
+        * The 5 seconds is to accommodate host load / swapping as
         * well as any reset of TSC during the boot process.
         *
         * In that case, for a reliable TSC, we can match TSC offsets,
@@@ -1053,7 -1050,7 +1053,7 @@@
        kvm->arch.last_tsc_write = data;
        kvm->arch.last_tsc_offset = offset;
        kvm_x86_ops->write_tsc_offset(vcpu, offset);
 -      spin_unlock_irqrestore(&kvm->arch.tsc_write_lock, flags);
 +      raw_spin_unlock_irqrestore(&kvm->arch.tsc_write_lock, flags);
  
        /* Reset of TSC must disable overshoot protection below */
        vcpu->arch.hv_clock.tsc_timestamp = 0;
@@@ -1456,14 -1453,6 +1456,14 @@@ static int kvm_pv_enable_async_pf(struc
        return 0;
  }
  
 +static void kvmclock_reset(struct kvm_vcpu *vcpu)
 +{
 +      if (vcpu->arch.time_page) {
 +              kvm_release_page_dirty(vcpu->arch.time_page);
 +              vcpu->arch.time_page = NULL;
 +      }
 +}
 +
  int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
  {
        switch (msr) {
@@@ -1521,7 -1510,10 +1521,7 @@@
                break;
        case MSR_KVM_SYSTEM_TIME_NEW:
        case MSR_KVM_SYSTEM_TIME: {
 -              if (vcpu->arch.time_page) {
 -                      kvm_release_page_dirty(vcpu->arch.time_page);
 -                      vcpu->arch.time_page = NULL;
 -              }
 +              kvmclock_reset(vcpu);
  
                vcpu->arch.time = data;
                kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
@@@ -1600,12 -1592,6 +1600,12 @@@
                } else
                        return set_msr_hyperv(vcpu, msr, data);
                break;
 +      case MSR_IA32_BBL_CR_CTL3:
 +              /* Drop writes to this legacy MSR -- see rdmsr
 +               * counterpart for further detail.
 +               */
 +              pr_unimpl(vcpu, "ignored wrmsr: 0x%x data %llx\n", msr, data);
 +              break;
        default:
                if (msr && (msr == vcpu->kvm->arch.xen_hvm_config.msr))
                        return xen_hvm_config(vcpu, data);
@@@ -1860,19 -1846,6 +1860,19 @@@ int kvm_get_msr_common(struct kvm_vcpu 
                } else
                        return get_msr_hyperv(vcpu, msr, pdata);
                break;
 +      case MSR_IA32_BBL_CR_CTL3:
 +              /* This legacy MSR exists but isn't fully documented in current
 +               * silicon.  It is however accessed by winxp in very narrow
 +               * scenarios where it sets bit #19, itself documented as
 +               * a "reserved" bit.  Best effort attempt to source coherent
 +               * read data here should the balance of the register be
 +               * interpreted by the guest:
 +               *
 +               * L2 cache control register 3: 64GB range, 256KB size,
 +               * enabled, latency 0x1, configured
 +               */
 +              data = 0xbe702111;
 +              break;
        default:
                if (!ignore_msrs) {
                        pr_unimpl(vcpu, "unhandled rdmsr: 0x%x\n", msr);
@@@ -2127,8 -2100,8 +2127,8 @@@ void kvm_arch_vcpu_load(struct kvm_vcp
                if (check_tsc_unstable()) {
                        kvm_x86_ops->adjust_tsc_offset(vcpu, -tsc_delta);
                        vcpu->arch.tsc_catchup = 1;
 -                      kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
                }
 +              kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
                if (vcpu->cpu != cpu)
                        kvm_migrate_timers(vcpu);
                vcpu->cpu = cpu;
@@@ -2602,6 -2575,9 +2602,6 @@@ static int kvm_vcpu_ioctl_x86_set_mce(s
        if (mce->status & MCI_STATUS_UC) {
                if ((vcpu->arch.mcg_status & MCG_STATUS_MCIP) ||
                    !kvm_read_cr4_bits(vcpu, X86_CR4_MCE)) {
 -                      printk(KERN_DEBUG "kvm: set_mce: "
 -                             "injects mce exception while "
 -                             "previous one is in progress!\n");
                        kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
                        return 0;
                }
@@@ -2672,6 -2648,8 +2672,6 @@@ static int kvm_vcpu_ioctl_x86_set_vcpu_
        vcpu->arch.interrupt.pending = events->interrupt.injected;
        vcpu->arch.interrupt.nr = events->interrupt.nr;
        vcpu->arch.interrupt.soft = events->interrupt.soft;
 -      if (vcpu->arch.interrupt.pending && irqchip_in_kernel(vcpu->kvm))
 -              kvm_pic_clear_isr_ack(vcpu->kvm);
        if (events->flags & KVM_VCPUEVENT_VALID_SHADOW)
                kvm_x86_ops->set_interrupt_shadow(vcpu,
                                                  events->interrupt.shadow);
@@@ -4162,8 -4140,8 +4162,8 @@@ static unsigned long emulator_get_cache
        return get_segment_base(vcpu, seg);
  }
  
 -static bool emulator_get_cached_descriptor(struct desc_struct *desc, int seg,
 -                                         struct kvm_vcpu *vcpu)
 +static bool emulator_get_cached_descriptor(struct desc_struct *desc, u32 *base3,
 +                                         int seg, struct kvm_vcpu *vcpu)
  {
        struct kvm_segment var;
  
@@@ -4176,10 -4154,6 +4176,10 @@@
                var.limit >>= 12;
        set_desc_limit(desc, var.limit);
        set_desc_base(desc, (unsigned long)var.base);
 +#ifdef CONFIG_X86_64
 +      if (base3)
 +              *base3 = var.base >> 32;
 +#endif
        desc->type = var.type;
        desc->s = var.s;
        desc->dpl = var.dpl;
@@@ -4192,8 -4166,8 +4192,8 @@@
        return true;
  }
  
 -static void emulator_set_cached_descriptor(struct desc_struct *desc, int seg,
 -                                         struct kvm_vcpu *vcpu)
 +static void emulator_set_cached_descriptor(struct desc_struct *desc, u32 base3,
 +                                         int seg, struct kvm_vcpu *vcpu)
  {
        struct kvm_segment var;
  
@@@ -4201,9 -4175,6 +4201,9 @@@
        kvm_get_segment(vcpu, &var, seg);
  
        var.base = get_desc_base(desc);
 +#ifdef CONFIG_X86_64
 +      var.base |= ((u64)base3) << 32;
 +#endif
        var.limit = get_desc_limit(desc);
        if (desc->g)
                var.limit = (var.limit << 12) | 0xfff;
@@@ -4419,16 -4390,41 +4419,16 @@@ int x86_emulate_instruction(struct kvm_
                vcpu->arch.emulate_ctxt.have_exception = false;
                vcpu->arch.emulate_ctxt.perm_ok = false;
  
 +              vcpu->arch.emulate_ctxt.only_vendor_specific_insn
 +                      = emulation_type & EMULTYPE_TRAP_UD;
 +
                r = x86_decode_insn(&vcpu->arch.emulate_ctxt, insn, insn_len);
 -              if (r == X86EMUL_PROPAGATE_FAULT)
 -                      goto done;
  
                trace_kvm_emulate_insn_start(vcpu);
 -
 -              /* Only allow emulation of specific instructions on #UD
 -               * (namely VMMCALL, sysenter, sysexit, syscall)*/
 -              if (emulation_type & EMULTYPE_TRAP_UD) {
 -                      if (!c->twobyte)
 -                              return EMULATE_FAIL;
 -                      switch (c->b) {
 -                      case 0x01: /* VMMCALL */
 -                              if (c->modrm_mod != 3 || c->modrm_rm != 1)
 -                                      return EMULATE_FAIL;
 -                              break;
 -                      case 0x34: /* sysenter */
 -                      case 0x35: /* sysexit */
 -                              if (c->modrm_mod != 0 || c->modrm_rm != 0)
 -                                      return EMULATE_FAIL;
 -                              break;
 -                      case 0x05: /* syscall */
 -                              if (c->modrm_mod != 0 || c->modrm_rm != 0)
 -                                      return EMULATE_FAIL;
 -                              break;
 -                      default:
 -                              return EMULATE_FAIL;
 -                      }
 -
 -                      if (!(c->modrm_reg == 0 || c->modrm_reg == 3))
 -                              return EMULATE_FAIL;
 -              }
 -
                ++vcpu->stat.insn_emulation;
                if (r)  {
 +                      if (emulation_type & EMULTYPE_TRAP_UD)
 +                              return EMULATE_FAIL;
                        if (reexecute_instruction(vcpu, cr2))
                                return EMULATE_DONE;
                        if (emulation_type & EMULTYPE_SKIP)
@@@ -4456,6 -4452,7 +4456,6 @@@ restart
                return handle_emulation_failure(vcpu);
        }
  
 -done:
        if (vcpu->arch.emulate_ctxt.have_exception) {
                inject_emulated_exception(vcpu);
                r = EMULATE_DONE;
@@@ -4565,7 -4562,7 +4565,7 @@@ static int kvmclock_cpufreq_notifier(st
  
        smp_call_function_single(freq->cpu, tsc_khz_changed, freq, 1);
  
 -      spin_lock(&kvm_lock);
 +      raw_spin_lock(&kvm_lock);
        list_for_each_entry(kvm, &vm_list, vm_list) {
                kvm_for_each_vcpu(i, vcpu, kvm) {
                        if (vcpu->cpu != freq->cpu)
@@@ -4575,7 -4572,7 +4575,7 @@@
                                send_ipi = 1;
                }
        }
 -      spin_unlock(&kvm_lock);
 +      raw_spin_unlock(&kvm_lock);
  
        if (freq->old < freq->new && send_ipi) {
                /*
@@@ -5188,8 -5185,6 +5188,8 @@@ static int vcpu_enter_guest(struct kvm_
                        r = 1;
                        goto out;
                }
 +              if (kvm_check_request(KVM_REQ_NMI, vcpu))
 +                      vcpu->arch.nmi_pending = true;
        }
  
        r = kvm_mmu_reload(vcpu);
@@@ -5218,18 -5213,14 +5218,18 @@@
                kvm_load_guest_fpu(vcpu);
        kvm_load_guest_xcr0(vcpu);
  
 -      atomic_set(&vcpu->guest_mode, 1);
 -      smp_wmb();
 +      vcpu->mode = IN_GUEST_MODE;
 +
 +      /* We should set ->mode before check ->requests,
 +       * see the comment in make_all_cpus_request.
 +       */
 +      smp_mb();
  
        local_irq_disable();
  
 -      if (!atomic_read(&vcpu->guest_mode) || vcpu->requests
 +      if (vcpu->mode == EXITING_GUEST_MODE || vcpu->requests
            || need_resched() || signal_pending(current)) {
 -              atomic_set(&vcpu->guest_mode, 0);
 +              vcpu->mode = OUTSIDE_GUEST_MODE;
                smp_wmb();
                local_irq_enable();
                preempt_enable();
@@@ -5265,7 -5256,7 +5265,7 @@@
  
        kvm_get_msr(vcpu, MSR_IA32_TSC, &vcpu->arch.last_guest_tsc);
  
 -      atomic_set(&vcpu->guest_mode, 0);
 +      vcpu->mode = OUTSIDE_GUEST_MODE;
        smp_wmb();
        local_irq_enable();
  
@@@ -5583,7 -5574,7 +5583,7 @@@ int kvm_arch_vcpu_ioctl_set_sregs(struc
                                  struct kvm_sregs *sregs)
  {
        int mmu_reset_needed = 0;
 -      int pending_vec, max_bits;
 +      int pending_vec, max_bits, idx;
        struct desc_ptr dt;
  
        dt.size = sregs->idt.limit;
@@@ -5612,13 -5603,10 +5612,13 @@@
        kvm_x86_ops->set_cr4(vcpu, sregs->cr4);
        if (sregs->cr4 & X86_CR4_OSXSAVE)
                update_cpuid(vcpu);
 +
 +      idx = srcu_read_lock(&vcpu->kvm->srcu);
        if (!is_long_mode(vcpu) && is_pae(vcpu)) {
                load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu));
                mmu_reset_needed = 1;
        }
 +      srcu_read_unlock(&vcpu->kvm->srcu, idx);
  
        if (mmu_reset_needed)
                kvm_mmu_reset_context(vcpu);
@@@ -5629,6 -5617,8 +5629,6 @@@
        if (pending_vec < max_bits) {
                kvm_queue_interrupt(vcpu, pending_vec, false);
                pr_debug("Set back pending irq %d\n", pending_vec);
 -              if (irqchip_in_kernel(vcpu->kvm))
 -                      kvm_pic_clear_isr_ack(vcpu->kvm);
        }
  
        kvm_set_segment(vcpu, &sregs->cs, VCPU_SREG_CS);
@@@ -5824,7 -5814,10 +5824,7 @@@ void kvm_put_guest_fpu(struct kvm_vcpu 
  
  void kvm_arch_vcpu_free(struct kvm_vcpu *vcpu)
  {
 -      if (vcpu->arch.time_page) {
 -              kvm_release_page_dirty(vcpu->arch.time_page);
 -              vcpu->arch.time_page = NULL;
 -      }
 +      kvmclock_reset(vcpu);
  
        free_cpumask_var(vcpu->arch.wbinvd_dirty_mask);
        fx_free(vcpu);
@@@ -5885,8 -5878,6 +5885,8 @@@ int kvm_arch_vcpu_reset(struct kvm_vcp
        kvm_make_request(KVM_REQ_EVENT, vcpu);
        vcpu->arch.apf.msr_val = 0;
  
 +      kvmclock_reset(vcpu);
 +
        kvm_clear_async_pf_completion_queue(vcpu);
        kvm_async_pf_hash_reset(vcpu);
        vcpu->arch.apf.halted = false;
@@@ -6014,7 -6005,7 +6014,7 @@@ int kvm_arch_init_vm(struct kvm *kvm
        /* Reserve bit 0 of irq_sources_bitmap for userspace irq source */
        set_bit(KVM_USERSPACE_IRQ_SOURCE_ID, &kvm->arch.irq_sources_bitmap);
  
 -      spin_lock_init(&kvm->arch.tsc_write_lock);
 +      raw_spin_lock_init(&kvm->arch.tsc_write_lock);
  
        return 0;
  }
@@@ -6112,7 -6103,7 +6112,7 @@@ void kvm_arch_commit_memory_region(stru
                                int user_alloc)
  {
  
 -      int npages = mem->memory_size >> PAGE_SHIFT;
 +      int nr_mmu_pages = 0, npages = mem->memory_size >> PAGE_SHIFT;
  
        if (!user_alloc && !old.user_alloc && old.rmap && !npages) {
                int ret;
@@@ -6127,12 -6118,12 +6127,12 @@@
                               "failed to munmap memory\n");
        }
  
 +      if (!kvm->arch.n_requested_mmu_pages)
 +              nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm);
 +
        spin_lock(&kvm->mmu_lock);
 -      if (!kvm->arch.n_requested_mmu_pages) {
 -              unsigned int nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm);
 +      if (nr_mmu_pages)
                kvm_mmu_change_mmu_pages(kvm, nr_mmu_pages);
 -      }
 -
        kvm_mmu_slot_remove_write_access(kvm, mem->slot);
        spin_unlock(&kvm->mmu_lock);
  }
@@@ -6166,7 -6157,7 +6166,7 @@@ void kvm_vcpu_kick(struct kvm_vcpu *vcp
  
        me = get_cpu();
        if (cpu != me && (unsigned)cpu < nr_cpu_ids && cpu_online(cpu))
 -              if (atomic_xchg(&vcpu->guest_mode, 0))
 +              if (kvm_vcpu_exiting_guest_mode(vcpu) == IN_GUEST_MODE)
                        smp_send_reschedule(cpu);
        put_cpu();
  }

diff --combined arch/x86/xen/mmu.c
index 5695fa66d56589ca76038a52e12b71fea2d98a6b,a2d78ad35a55bfb5ad8198a9f3cb3210dd35ca7c..39ee7182fd18a148569c7d7faf2c31a4a90bbb94
--- 1/arch/x86/xen/mmu.c
--- 2/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@@ -79,7 -79,8 +79,7 @@@
  
  /*
   * Protects atomic reservation decrease/increase against concurrent increases.
 - * Also protects non-atomic updates of current_pages and driver_pages, and
 - * balloon lists.
 + * Also protects non-atomic updates of current_pages and balloon lists.
   */
  DEFINE_SPINLOCK(xen_reservation_lock);
  
@@@ -1744,7 -1745,7 +1744,7 @@@ static void convert_pfn_mfn(void *v
  }
  
  /*
-  * Set up the inital kernel pagetable.
+  * Set up the initial kernel pagetable.
   *
   * We can construct this by grafting the Xen provided pagetable into
   * head_64.S's preconstructed pagetables.  We copy the Xen L2's into