Merge branch 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm

* 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: PIT: free irq source id in handling error path
  KVM: destroy workqueue on kvm_create_pit() failures
  KVM: fix poison overwritten caused by using wrong xstate size

diff --combined arch/x86/kernel/i387.c
index 1f11f5ce668f93aadff67c425fae359da6efc6a8,f855658d27846532adb7e90564e03d4bc0d0c8fd..a46cb3522c0c19d67f2d474c6e1f09fb616004ff
--- 1/arch/x86/kernel/i387.c
--- 2/arch/x86/kernel/i387.c
+++ b/arch/x86/kernel/i387.c
@@@ -40,6 -40,7 +40,7 @@@
  
  static unsigned int           mxcsr_feature_mask __read_mostly = 0xffffffffu;
  unsigned int xstate_size;
+ EXPORT_SYMBOL_GPL(xstate_size);
  unsigned int sig_xstate_ia32_size = sizeof(struct _fpstate_ia32);
  static struct i387_fxsave_struct fx_scratch __cpuinitdata;
  
@@@ -59,18 -60,18 +60,18 @@@ void __cpuinit mxcsr_feature_mask_init(
        stts();
  }
  
 -void __cpuinit init_thread_xstate(void)
 +static void __cpuinit init_thread_xstate(void)
  {
 +      /*
 +       * Note that xstate_size might be overwriten later during
 +       * xsave_init().
 +       */
 +
        if (!HAVE_HWFP) {
                xstate_size = sizeof(struct i387_soft_struct);
                return;
        }
  
 -      if (cpu_has_xsave) {
 -              xsave_cntxt_init();
 -              return;
 -      }
 -
        if (cpu_has_fxsr)
                xstate_size = sizeof(struct i387_fxsave_struct);
  #ifdef CONFIG_X86_32
@@@ -84,7 -85,6 +85,7 @@@
   * Called at bootup to set up the initial FPU state that is later cloned
   * into all processes.
   */
 +
  void __cpuinit fpu_init(void)
  {
        unsigned long oldcr0 = read_cr0();
@@@ -94,24 -94,19 +95,24 @@@
  
        write_cr0(oldcr0 & ~(X86_CR0_TS|X86_CR0_EM)); /* clear TS and EM */
  
 -      /*
 -       * Boot processor to setup the FP and extended state context info.
 -       */
        if (!smp_processor_id())
                init_thread_xstate();
 -      xsave_init();
  
        mxcsr_feature_mask_init();
        /* clean state in init */
        current_thread_info()->status = 0;
        clear_used_math();
  }
 -#endif        /* CONFIG_X86_64 */
 +
 +#else /* CONFIG_X86_64 */
 +
 +void __cpuinit fpu_init(void)
 +{
 +      if (!smp_processor_id())
 +              init_thread_xstate();
 +}
 +
 +#endif        /* CONFIG_X86_32 */
  
  void fpu_finit(struct fpu *fpu)
  {
@@@ -197,8 -192,6 +198,8 @@@ int xfpregs_get(struct task_struct *tar
        if (ret)
                return ret;
  
 +      sanitize_i387_state(target);
 +
        return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
                                   &target->thread.fpu.state->fxsave, 0, -1);
  }
@@@ -216,8 -209,6 +217,8 @@@ int xfpregs_set(struct task_struct *tar
        if (ret)
                return ret;
  
 +      sanitize_i387_state(target);
 +
        ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
                                 &target->thread.fpu.state->fxsave, 0, -1);
  
@@@ -457,8 -448,6 +458,8 @@@ int fpregs_get(struct task_struct *targ
                                           -1);
        }
  
 +      sanitize_i387_state(target);
 +
        if (kbuf && pos == 0 && count == sizeof(env)) {
                convert_from_fxsr(kbuf, target);
                return 0;
@@@ -480,8 -469,6 +481,8 @@@ int fpregs_set(struct task_struct *targ
        if (ret)
                return ret;
  
 +      sanitize_i387_state(target);
 +
        if (!HAVE_HWFP)
                return fpregs_soft_set(target, regset, pos, count, kbuf, ubuf);
  
@@@ -548,9 -535,6 +549,9 @@@ static int save_i387_xsave(void __user 
        struct _fpstate_ia32 __user *fx = buf;
        int err = 0;
  
 +
 +      sanitize_i387_state(tsk);
 +
        /*
         * For legacy compatible, we always set FP/SSE bits in the bit
         * vector while saving the state to the user context.

diff --combined arch/x86/kvm/x86.c
index 25f19078b3210424b091fea80bd8c82b0a9ef254,bb2347a69c07f991f6581dc7eea1ed9d84e05631..3a09c625d5268ad4dc0f7a033d429c234babcb96
--- 1/arch/x86/kvm/x86.c
--- 2/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@@ -733,7 -733,7 +733,7 @@@ static u32 msrs_to_save[] = 
        HV_X64_MSR_GUEST_OS_ID, HV_X64_MSR_HYPERCALL,
        HV_X64_MSR_APIC_ASSIST_PAGE,
        MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
 -      MSR_K6_STAR,
 +      MSR_STAR,
  #ifdef CONFIG_X86_64
        MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR,
  #endif
@@@ -2387,7 -2387,7 +2387,7 @@@ static void kvm_vcpu_ioctl_x86_get_xsav
        if (cpu_has_xsave)
                memcpy(guest_xsave->region,
                        &vcpu->arch.guest_fpu.state->xsave,
-                       sizeof(struct xsave_struct));
+                       xstate_size);
        else {
                memcpy(guest_xsave->region,
                        &vcpu->arch.guest_fpu.state->fxsave,
@@@ -2405,7 -2405,7 +2405,7 @@@ static int kvm_vcpu_ioctl_x86_set_xsave
  
        if (cpu_has_xsave)
                memcpy(&vcpu->arch.guest_fpu.state->xsave,
-                       guest_xsave->region, sizeof(struct xsave_struct));
+                       guest_xsave->region, xstate_size);
        else {
                if (xstate_bv & ~XSTATE_FPSSE)
                        return -EINVAL;