KVM: nVMX: fix AD condition when handling EPT violation

I have introduced this bug when applying and simplifying Paolo's patch
as we agreed on the list.  The original was "x &= ~y; if (z) x |= y;".

Here is the story of a bad workflow:

  A maintainer was already testing with the intended change, but it was
  applied only to a testing repo on a different machine.  When the time
  to push tested patches to kvm/next came, he realized that this change
  was missing and quickly added it to the maintenance repo, didn't test
  again (because the change is trivial, right), and pushed the world to
  fire.

Fixes: ae1e2d1082ae ("kvm: nVMX: support EPT accessed/dirty bits")
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index cfdb0d9..837f6dd 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6221,7 +6221,7 @@
 		 * page table accesses are reads or writes.
 		 */
 		u64 eptp = nested_ept_get_cr3(vcpu);
-		if (eptp & VMX_EPT_AD_ENABLE_BIT)
+		if (!(eptp & VMX_EPT_AD_ENABLE_BIT))
 			exit_qualification &= ~EPT_VIOLATION_ACC_WRITE;
 	}