KVM: x86: emulate: correct page fault error code for NoWrite instructions

NoWrite instructions (e.g. cmp or test) never set the "write access"
bit in the error code, even if one of the operands is treated as a
destination.

Fixes: c205fb7d7d4f81e46fc577b707ceb9e356af1456
Cc: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/kvm/emulate.c

@@ -4954,7 +4954,8 @@ int x86_emulate_insn(struct x86_emulate_ctxt *ctxt)
 		rc = segmented_read(ctxt, ctxt->dst.addr.mem,
 				   &ctxt->dst.val, ctxt->dst.bytes);
 		if (rc != X86EMUL_CONTINUE) {
-			if (rc == X86EMUL_PROPAGATE_FAULT &&
+			if (!(ctxt->d & NoWrite) &&
+			    rc == X86EMUL_PROPAGATE_FAULT &&
 			    ctxt->exception.vector == PF_VECTOR)
 				ctxt->exception.error_code |= PFERR_WRITE_MASK;
 			goto done;