From fd720ebc6a4049162e3bec2f16b95fd57931164d Mon Sep 17 00:00:00 2001
From: Keir Fraser <keirf@google.com>
Date: Wed, 1 Nov 2023 15:54:56 +0000
Subject: [PATCH] ANDROID: KVM: arm64: Relax checks in
 module_change_host_page_prot

Modules can only relax permissions to RWX. This seems rather arbitrary.
Instead, allow any valid permissions to be set, as long as the page is
a pristine host page, or already module owned.

Bug: 308373293
Change-Id: I905786fad6543f47a00bd9b9f07e17dd660d457c
Signed-off-by: Keir Fraser <keirf@google.com>
---
 arch/arm64/kvm/hyp/nvhe/mem_protect.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index 4ba504f5f4bd..f7f1c184b4fd 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -2041,15 +2041,12 @@ int module_change_host_page_prot(u64 pfn, enum kvm_pgtable_prot prot)
 	page = hyp_phys_to_page(addr);
 
 	/*
-	 * Modules can only relax permissions of pages they own, and restrict
-	 * permissions of pristine pages.
+	 * Modules can only modify pages they already own, and pristine host
+	 * pages.
 	 */
-	if (prot == KVM_PGTABLE_PROT_RWX) {
-		if (!(page->flags & MODULE_OWNED_PAGE))
-			goto unlock;
-	} else if (host_get_page_state(pte, addr) != PKVM_PAGE_OWNED) {
+	if (!(page->flags & MODULE_OWNED_PAGE) &&
+	    (host_get_page_state(pte, addr) != PKVM_PAGE_OWNED))
 		goto unlock;
-	}
 
 update:
 	if (!prot) {