ANDROID: KVM: arm64: Relax checks in module_change_host_page_prot

Modules can only relax permissions to RWX. This seems rather arbitrary. Instead, allow any valid permissions to be set, as long as the page is a pristine host page, or already module owned. Bug: 308373293 Change-Id: I905786fad6543f47a00bd9b9f07e17dd660d457c Signed-off-by: Keir Fraser <keirf@google.com>
2023-11-01 15:54:56 +00:00 · 2023-11-01 15:54:56 +00:00 · fd720ebc6a
commit fd720ebc6a
parent f082d22541
1 changed files with 4 additions and 7 deletions
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@ -2041,15 +2041,12 @@ int module_change_host_page_prot(u64 pfn, enum kvm_pgtable_prot prot)
 	page = hyp_phys_to_page(addr);

 	/*
-	 * Modules can only relax permissions of pages they own, and restrict
-	 * permissions of pristine pages.
+	 * Modules can only modify pages they already own, and pristine host
+	 * pages.
 	 */
-	if (prot == KVM_PGTABLE_PROT_RWX) {
-		if (!(page->flags & MODULE_OWNED_PAGE))
-			goto unlock;
-	} else if (host_get_page_state(pte, addr) != PKVM_PAGE_OWNED) {
+	if (!(page->flags & MODULE_OWNED_PAGE) &&
+	    (host_get_page_state(pte, addr) != PKVM_PAGE_OWNED))
 		goto unlock;
-	}

 update:
 	if (!prot) {