Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM updates from Paolo Bonzini:
 "One NULL pointer dereference, and two fixes for regressions introduced
  during the merge window.

  The rest are fixes for MIPS, s390 and nested VMX"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  kvm: x86: Check memopp before dereference (CVE-2016-8630)
  kvm: nVMX: VMCLEAR an active shadow VMCS after last use
  KVM: x86: drop TSC offsetting kvm_x86_ops to fix KVM_GET/SET_CLOCK
  KVM: x86: fix wbinvd_dirty_mask use-after-free
  kvm/x86: Show WRMSR data is in hex
  kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
  KVM: document lock orders
  KVM: fix OOPS on flush_work
  KVM: s390: Fix STHYI buffer alignment for diag224
  KVM: MIPS: Precalculate MMIO load resume PC
  KVM: MIPS: Make ERET handle ERL before EXL
  KVM: MIPS: Fix lazy user ASID regenerate for SMP

diff --combined virt/kvm/kvm_main.c
index 2907b7b7865455dea81a236a56c411ef1d7d44ac,d92c3d5b0fbe618cfb056d46fdb89d6a7d288ccf..5c360347a1e9fc2091f5abf0bbb6a3432e13add9
--- 1/virt/kvm/kvm_main.c
--- 2/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@@ -1346,19 -1346,21 +1346,19 @@@ unsigned long kvm_vcpu_gfn_to_hva_prot(
  static int get_user_page_nowait(unsigned long start, int write,
                struct page **page)
  {
 -      int flags = FOLL_TOUCH | FOLL_NOWAIT | FOLL_HWPOISON | FOLL_GET;
 +      int flags = FOLL_NOWAIT | FOLL_HWPOISON;
  
        if (write)
                flags |= FOLL_WRITE;
  
 -      return __get_user_pages(current, current->mm, start, 1, flags, page,
 -                      NULL, NULL);
 +      return get_user_pages(start, 1, flags, page, NULL);
  }
  
  static inline int check_user_page_hwpoison(unsigned long addr)
  {
 -      int rc, flags = FOLL_TOUCH | FOLL_HWPOISON | FOLL_WRITE;
 +      int rc, flags = FOLL_HWPOISON | FOLL_WRITE;
  
 -      rc = __get_user_pages(current, current->mm, addr, 1,
 -                            flags, NULL, NULL, NULL);
 +      rc = get_user_pages(addr, 1, flags, NULL, NULL);
        return rc == -EHWPOISON;
  }
  
@@@ -3844,7 -3846,12 +3844,12 @@@ int kvm_init(void *opaque, unsigned vcp
         * kvm_arch_init makes sure there's at most one caller
         * for architectures that support multiple implementations,
         * like intel and amd on x86.
+        * kvm_arch_init must be called before kvm_irqfd_init to avoid creating
+        * conflicts in case kvm is already setup for another implementation.
         */
+       r = kvm_irqfd_init();
+       if (r)
+               goto out_irqfd;
  
        if (!zalloc_cpumask_var(&cpus_hardware_enabled, GFP_KERNEL)) {
                r = -ENOMEM;
@@@ -3926,6 -3933,7 +3931,7 @@@ out_free_0a
        free_cpumask_var(cpus_hardware_enabled);
  out_free_0:
        kvm_irqfd_exit();
+ out_irqfd:
        kvm_arch_exit();
  out_fail:
        return r;