Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

    Contains the value of cr4.smep && !cr0.wp for which the page is valid

    (pages for which this is true are different from other pages; see the

    treatment of cr0.wp=0 below).

  role.smap_andnot_wp:

    Contains the value of cr4.smap && !cr0.wp for which the page is valid

    (pages for which this is true are different from other pages; see the

    treatment of cr0.wp=0 below).

  gfn:

    Either the guest page table containing the translations shadowed by this

    page, or the base page frame for linear translations.  See role.direct.

(user write faults generate a #PF)

In the first case there is an additional complication if CR4.SMEP is

enabled: since we've turned the page into a kernel page, the kernel may now

execute it.  We handle this by also setting spte.nx.  If we get a user

fetch or read fault, we'll change spte.u=1 and spte.nx=gpte.nx back.

In the first case there are two additional complications:

- if CR4.SMEP is enabled: since we've turned the page into a kernel page,

  the kernel may now execute it.  We handle this by also setting spte.nx.

  If we get a user fetch or read fault, we'll change spte.u=1 and

  spte.nx=gpte.nx back.

- if CR4.SMAP is disabled: since the page has been changed to a kernel

  page, it can not be reused when CR4.SMAP is enabled. We set

  CR4.SMAP && !CR0.WP into shadow page's role to avoid this case. Note,

  here we do not care the case that CR4.SMAP is enabled since KVM will

  directly inject #PF to guest due to failed permission check.

To prevent an spte that was converted into a kernel page with cr0.wp=0

from being written by the kernel after cr0.wp has changed to 1, we make

 */

static noinline void kvmppc_run_core(struct kvmppc_vcore *vc)

{

	struct kvm_vcpu *vcpu;

	struct kvm_vcpu *vcpu, *vnext;

	int i;

	int srcu_idx;

	 */

	if ((threads_per_core > 1) &&

	    ((vc->num_threads > threads_per_subcore) || !on_primary_thread())) {

		list_for_each_entry(vcpu, &vc->runnable_threads, arch.run_list) {

		list_for_each_entry_safe(vcpu, vnext, &vc->runnable_threads,

					 arch.run_list) {

			vcpu->arch.ret = -EBUSY;

			kvmppc_remove_runnable(vc, vcpu);

			wake_up(&vcpu->arch.cpu_run);

		unsigned nxe:1;

		unsigned cr0_wp:1;

		unsigned smep_andnot_wp:1;

		unsigned smap_andnot_wp:1;

	};

};

	struct kvm_mmu_memory_cache mmu_page_header_cache;

	struct fpu guest_fpu;

	bool eager_fpu;

	u64 xcr0;

	u64 guest_supported_xcr0;

	u32 guest_xstate_size;

	void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg);

	unsigned long (*get_rflags)(struct kvm_vcpu *vcpu);

	void (*set_rflags)(struct kvm_vcpu *vcpu, unsigned long rflags);

	void (*fpu_activate)(struct kvm_vcpu *vcpu);

	void (*fpu_deactivate)(struct kvm_vcpu *vcpu);

	void (*tlb_flush)(struct kvm_vcpu *vcpu);

#include <linux/module.h>

#include <linux/vmalloc.h>

#include <linux/uaccess.h>

#include <asm/i387.h> /* For use_eager_fpu.  Ugh! */

#include <asm/fpu-internal.h> /* For use_eager_fpu.  Ugh! */

#include <asm/user.h>

#include <asm/xsave.h>

#include "cpuid.h"

	if (best && (best->eax & (F(XSAVES) | F(XSAVEC))))

		best->ebx = xstate_required_size(vcpu->arch.xcr0, true);

	vcpu->arch.eager_fpu = guest_cpuid_has_mpx(vcpu);

	/*

	 * The existing code assumes virtual address is 48-bit in the canonical

	 * address checks; exit if it is ever changed.

	best = kvm_find_cpuid_entry(vcpu, 7, 0);

	return best && (best->ebx & bit(X86_FEATURE_RTM));

}

static inline bool guest_cpuid_has_mpx(struct kvm_vcpu *vcpu)

{

	struct kvm_cpuid_entry2 *best;

	best = kvm_find_cpuid_entry(vcpu, 7, 0);

	return best && (best->ebx & bit(X86_FEATURE_MPX));

}

#endif