Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:

 - PAE and PKU bugfixes for x86

 - selftests fix for new binutils

 - MMU notifier fix for arm64

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: arm64: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set
  KVM: Pass MMU notifier range flags to kvm_unmap_hva_range()
  kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode
  kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode
  KVM: x86: fix access code passed to gva_to_gpa
  selftests: kvm: Use a shorter encoding to clear RAX

diff --combined arch/x86/kvm/x86.c
index 599d732,539ea1c..3394528
--- 1/arch/x86/kvm/x86.c
--- 2/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@@ -975,7 -975,7 +975,7 @@@ int kvm_set_cr4(struct kvm_vcpu *vcpu, 
  {
        unsigned long old_cr4 = kvm_read_cr4(vcpu);
        unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE |
-                                  X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE;
+                                  X86_CR4_SMEP;
  
        if (kvm_valid_cr4(vcpu, cr4))
                return 1;
@@@ -10667,17 -10667,11 +10667,17 @@@ int kvm_arch_irq_bypass_add_producer(st
  {
        struct kvm_kernel_irqfd *irqfd =
                container_of(cons, struct kvm_kernel_irqfd, consumer);
 +      int ret;
  
        irqfd->producer = prod;
 +      kvm_arch_start_assignment(irqfd->kvm);
 +      ret = kvm_x86_ops.update_pi_irte(irqfd->kvm,
 +                                       prod->irq, irqfd->gsi, 1);
 +
 +      if (ret)
 +              kvm_arch_end_assignment(irqfd->kvm);
  
 -      return kvm_x86_ops.update_pi_irte(irqfd->kvm,
 -                                         prod->irq, irqfd->gsi, 1);
 +      return ret;
  }
  
  void kvm_arch_irq_bypass_del_producer(struct irq_bypass_consumer *cons,
@@@ -10700,8 -10694,6 +10700,8 @@@
        if (ret)
                printk(KERN_INFO "irq bypass consumer (token %p) unregistration"
                       " fails: %d\n", irqfd->consumer.token, ret);
 +
 +      kvm_arch_end_assignment(irqfd->kvm);
  }
  
  int kvm_arch_update_irqfd_routing(struct kvm *kvm, unsigned int host_irq,
@@@ -10751,9 -10743,11 +10751,11 @@@ EXPORT_SYMBOL_GPL(kvm_spec_ctrl_test_va
  void kvm_fixup_and_inject_pf_error(struct kvm_vcpu *vcpu, gva_t gva, u16 error_code)
  {
        struct x86_exception fault;
+       u32 access = error_code &
+               (PFERR_WRITE_MASK | PFERR_FETCH_MASK | PFERR_USER_MASK);
  
        if (!(error_code & PFERR_PRESENT_MASK) ||
-           vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, error_code, &fault) != UNMAPPED_GVA) {
+           vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, &fault) != UNMAPPED_GVA) {
                /*
                 * If vcpu->arch.walk_mmu->gva_to_gpa succeeded, the page
                 * tables probably do not match the TLB.  Just proceed

diff --combined virt/kvm/kvm_main.c
index 737666d,4eaa4e4..67cd0b8
--- 1/virt/kvm/kvm_main.c
--- 2/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@@ -482,7 -482,8 +482,8 @@@ static int kvm_mmu_notifier_invalidate_
         * count is also read inside the mmu_lock critical section.
         */
        kvm->mmu_notifier_count++;
-       need_tlb_flush = kvm_unmap_hva_range(kvm, range->start, range->end);
+       need_tlb_flush = kvm_unmap_hva_range(kvm, range->start, range->end,
+                                            range->flags);
        need_tlb_flush |= kvm->tlbs_dirty;
        /* we've to flush the tlb before the pages can be freed */
        if (need_tlb_flush)
@@@ -1893,7 -1894,7 +1894,7 @@@ static int hva_to_pfn_remapped(struct v
                 * not call the fault handler, so do it here.
                 */
                bool unlocked = false;
 -              r = fixup_user_fault(current, current->mm, addr,
 +              r = fixup_user_fault(current->mm, addr,
                                     (write_fault ? FAULT_FLAG_WRITE : 0),
                                     &unlocked);
                if (unlocked)