Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm:
  KVM: SVM: Fix FPU leak while emulating clts
  KVM: SVM: Unload guest fpu on vcpu_put()
  KVM: x86 emulator: Use emulator_write_emulated and not emulator_write_std
  KVM: x86 emulator: fix the saving of of the eip value
  KVM: x86 emulator: fix JMP_REL

drivers/kvm/kvm_main.c

@@ -1188,8 +1188,7 @@ int emulate_invlpg(struct kvm_vcpu *vcpu, gva_t address)
 
 int emulate_clts(struct kvm_vcpu *vcpu)
 {
-	vcpu->cr0 &= ~X86_CR0_TS;
-	kvm_x86_ops->set_cr0(vcpu, vcpu->cr0);
+	kvm_x86_ops->set_cr0(vcpu, vcpu->cr0 & ~X86_CR0_TS);
 	return X86EMUL_CONTINUE;
 }
 

drivers/kvm/svm.c

@@ -663,6 +663,7 @@ static void svm_vcpu_put(struct kvm_vcpu *vcpu)
 		wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]);
 
 	rdtscll(vcpu->host_tsc);
+	kvm_put_guest_fpu(vcpu);
 }
 
 static void svm_vcpu_decache(struct kvm_vcpu *vcpu)

drivers/kvm/x86_emulate.c

@@ -448,8 +448,7 @@ struct operand {
 
 #define JMP_REL(rel) 							\
 	do {								\
-		_eip += (int)(rel);					\
-		_eip = ((op_bytes == 2) ? (uint16_t)_eip : (uint32_t)_eip); \
+		register_address_increment(_eip, rel);			\
 	} while (0)
 
 /*
@@ -1147,7 +1146,7 @@ done_prefixes:
 			}
 			register_address_increment(_regs[VCPU_REGS_RSP],
 						   -dst.bytes);
-			if ((rc = ops->write_std(
+			if ((rc = ops->write_emulated(
 				     register_address(ctxt->ss_base,
 						      _regs[VCPU_REGS_RSP]),
 				     &dst.val, dst.bytes, ctxt->vcpu)) != 0)
@@ -1359,6 +1358,7 @@ special_insn:
 		}
 		src.val = (unsigned long) _eip;
 		JMP_REL(rel);
+		op_bytes = ad_bytes;
 		goto push;
 	}
 	case 0xe9: /* jmp rel */