Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

- if CR4.SMEP is enabled: since we've turned the page into a kernel page,

  the kernel may now execute it.  We handle this by also setting spte.nx.

  If we get a user fetch or read fault, we'll change spte.u=1 and

  spte.nx=gpte.nx back.

  spte.nx=gpte.nx back.  For this to work, KVM forces EFER.NX to 1 when

  shadow paging is in use.

- if CR4.SMAP is disabled: since the page has been changed to a kernel

  page, it can not be reused when CR4.SMAP is enabled. We set

  CR4.SMAP && !CR0.WP into shadow page's role to avoid this case. Note,

	std	r6, VCPU_ACOP(r9)

	stw	r7, VCPU_GUEST_PID(r9)

	std	r8, VCPU_WORT(r9)

	/*

	 * Restore various registers to 0, where non-zero values

	 * set by the guest could disrupt the host.

	 */

	li	r0, 0

	mtspr	SPRN_IAMR, r0

	mtspr	SPRN_CIABR, r0

	mtspr	SPRN_DAWRX, r0

	mtspr	SPRN_TCSCR, r0

	mtspr	SPRN_WORT, r0

	/* Set MMCRS to 1<<31 to freeze and disable the SPMC counters */

	li	r0, 1

	sldi	r0, r0, 31

	mtspr	SPRN_MMCRS, r0

8:

	/* Save and reset AMR and UAMOR before turning on the MMU */

	/* manually convert vector registers if necessary */

	if (MACHINE_HAS_VX) {

		convert_vx_to_fp(fprs, current->thread.fpu.vxrs);

		convert_vx_to_fp(fprs, (__vector128 *) vcpu->run->s.regs.vrs);

		rc = write_guest_abs(vcpu, gpa + __LC_FPREGS_SAVE_AREA,

				     fprs, 128);

	} else {

void

reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu *context)

{

	bool uses_nx = context->nx || context->base_role.smep_andnot_wp;

	/*

	 * Passing "true" to the last argument is okay; it adds a check

	 * on bit 8 of the SPTEs which KVM doesn't use anyway.

	 */

	__reset_rsvds_bits_mask(vcpu, &context->shadow_zero_check,

				boot_cpu_data.x86_phys_bits,

				context->shadow_root_level, context->nx,

				context->shadow_root_level, uses_nx,

				guest_cpuid_has_gbpages(vcpu), is_pse(vcpu),

				true);

}

			return;

		}

		break;

	case MSR_IA32_PEBS_ENABLE:

		/* PEBS needs a quiescent period after being disabled (to write

		 * a record).  Disabling PEBS through VMX MSR swapping doesn't

		 * provide that period, so a CPU could write host's record into

		 * guest's memory.

		 */

		wrmsrl(MSR_IA32_PEBS_ENABLE, 0);

	}

	for (i = 0; i < m->nr; ++i)

static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset)

{

	u64 guest_efer;

	u64 ignore_bits;

	u64 guest_efer = vmx->vcpu.arch.efer;

	u64 ignore_bits = 0;

	guest_efer = vmx->vcpu.arch.efer;

	if (!enable_ept) {

		/*

		 * NX is needed to handle CR0.WP=1, CR4.SMEP=1.  Testing

		 * host CPUID is more efficient than testing guest CPUID

		 * or CR4.  Host SMEP is anyway a requirement for guest SMEP.

		 */

		if (boot_cpu_has(X86_FEATURE_SMEP))

			guest_efer |= EFER_NX;

		else if (!(guest_efer & EFER_NX))

			ignore_bits |= EFER_NX;

	}

	/*

	 * NX is emulated; LMA and LME handled by hardware; SCE meaningless

	 * outside long mode

	 * LMA and LME handled by hardware; SCE meaningless outside long mode.

	 */

	ignore_bits = EFER_NX | EFER_SCE;

	ignore_bits |= EFER_SCE;

#ifdef CONFIG_X86_64

	ignore_bits |= EFER_LMA | EFER_LME;

	/* SCE is meaningful only in long mode on Intel */

	if (guest_efer & EFER_LMA)

		ignore_bits &= ~(u64)EFER_SCE;

#endif

	guest_efer &= ~ignore_bits;

	guest_efer |= host_efer & ignore_bits;

	vmx->guest_msrs[efer_offset].data = guest_efer;

	vmx->guest_msrs[efer_offset].mask = ~ignore_bits;

	clear_atomic_switch_msr(vmx, MSR_EFER);

	 */

	if (cpu_has_load_ia32_efer ||

	    (enable_ept && ((vmx->vcpu.arch.efer ^ host_efer) & EFER_NX))) {

		guest_efer = vmx->vcpu.arch.efer;

		if (!(guest_efer & EFER_LMA))

			guest_efer &= ~EFER_LME;

		if (guest_efer != host_efer)

			add_atomic_switch_msr(vmx, MSR_EFER,

					      guest_efer, host_efer);

		return false;

	}

	} else {

		guest_efer &= ~ignore_bits;

		guest_efer |= host_efer & ignore_bits;

		vmx->guest_msrs[efer_offset].data = guest_efer;

		vmx->guest_msrs[efer_offset].mask = ~ignore_bits;

		return true;

	}

}

static unsigned long segment_base(u16 selector)

{