Merge branch 'fixes' of git://git.kernel.org/pub/scm/virt/kvm/kvm

	return rc;

}

static int em_ret_far_imm(struct x86_emulate_ctxt *ctxt)

{

        int rc;

        rc = em_ret_far(ctxt);

        if (rc != X86EMUL_CONTINUE)

                return rc;

        rsp_increment(ctxt, ctxt->src.val);

        return X86EMUL_CONTINUE;

}

static int em_cmpxchg(struct x86_emulate_ctxt *ctxt)

{

	/* Save real source value, then compare EAX against destination. */

	G(ByteOp, group11), G(0, group11),

	/* 0xC8 - 0xCF */

	I(Stack | SrcImmU16 | Src2ImmByte, em_enter), I(Stack, em_leave),

	N, I(ImplicitOps | Stack, em_ret_far),

	I(ImplicitOps | Stack | SrcImmU16, em_ret_far_imm),

	I(ImplicitOps | Stack, em_ret_far),

	D(ImplicitOps), DI(SrcImmByte, intn),

	D(ImplicitOps | No64), II(ImplicitOps, em_iret, iret),

	/* 0xD0 - 0xD7 */

	pt_element_t prefetch_ptes[PTE_PREFETCH_NUM];

	gpa_t pte_gpa[PT_MAX_FULL_LEVELS];

	pt_element_t __user *ptep_user[PT_MAX_FULL_LEVELS];

	bool pte_writable[PT_MAX_FULL_LEVELS];

	unsigned pt_access;

	unsigned pte_access;

	gfn_t gfn;

		if (pte == orig_pte)

			continue;

		/*

		 * If the slot is read-only, simply do not process the accessed

		 * and dirty bits.  This is the correct thing to do if the slot

		 * is ROM, and page tables in read-as-ROM/write-as-MMIO slots

		 * are only supported if the accessed and dirty bits are already

		 * set in the ROM (so that MMIO writes are never needed).

		 *

		 * Note that NPT does not allow this at all and faults, since

		 * it always wants nested page table entries for the guest

		 * page tables to be writable.  And EPT works but will simply

		 * overwrite the read-only memory to set the accessed and dirty

		 * bits.

		 */

		if (unlikely(!walker->pte_writable[level - 1]))

			continue;

		ret = FNAME(cmpxchg_gpte)(vcpu, mmu, ptep_user, index, orig_pte, pte);

		if (ret)

			return ret;

			goto error;

		real_gfn = gpa_to_gfn(real_gfn);

		host_addr = gfn_to_hva(vcpu->kvm, real_gfn);

		host_addr = gfn_to_hva_prot(vcpu->kvm, real_gfn,

					    &walker->pte_writable[walker->level - 1]);

		if (unlikely(kvm_is_error_hva(host_addr)))

			goto error;

		return 0;

	}

	/*

	 * EPT violation happened while executing iret from NMI,

	 * "blocked by NMI" bit has to be set before next VM entry.

	 * There are errata that may cause this bit to not be set:

	 * AAK134, BY25.

	 */

	if (exit_qualification & INTR_INFO_UNBLOCK_NMI)

		vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI);

	gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);

	trace_kvm_page_fault(gpa, exit_qualification);

		vmcs_write64(GUEST_PDPTR1, vmcs12->guest_pdptr1);

		vmcs_write64(GUEST_PDPTR2, vmcs12->guest_pdptr2);

		vmcs_write64(GUEST_PDPTR3, vmcs12->guest_pdptr3);

		__clear_bit(VCPU_EXREG_PDPTR,

				(unsigned long *)&vcpu->arch.regs_avail);

		__clear_bit(VCPU_EXREG_PDPTR,

				(unsigned long *)&vcpu->arch.regs_dirty);

	}

	kvm_register_write(vcpu, VCPU_REGS_RSP, vmcs12->guest_rsp);

struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn);

unsigned long gfn_to_hva(struct kvm *kvm, gfn_t gfn);

unsigned long gfn_to_hva_prot(struct kvm *kvm, gfn_t gfn, bool *writable);

unsigned long gfn_to_hva_memslot(struct kvm_memory_slot *slot, gfn_t gfn);

void kvm_release_page_clean(struct page *page);

void kvm_release_page_dirty(struct page *page);

				   typeof(*work), queue);

		cancel_work_sync(&work->work);

		list_del(&work->queue);

		if (!work->done) /* work was canceled */

		if (!work->done) { /* work was canceled */

			mmdrop(work->mm);

			kvm_put_kvm(vcpu->kvm); /* == work->vcpu->kvm */

			kmem_cache_free(async_pf_cache, work);

		}

	}

	spin_lock(&vcpu->async_pf.lock);

	while (!list_empty(&vcpu->async_pf.done)) {