ANDROID: KVM: iommu: Fix hyp share check in __pkvm_host_use_dma_page

The hypervisor keeps track of mapped pages in the IOMMU page tables,
and checks the ownership of the host overthese pages.
There is also a hardening check to prevent mapping a page in the
IOMMU that is shared with the hyp, this mainly an extra hardening
as there shouldn't be such use case.

However, there is a bug in this path where the address passed to the
function was the physical address instead of virtual address. As this
is a hardening check it should lead to security problems, but only
failed IOMMU map pages which should have passed.

Bug: 277989609
Bug: 278749606

Change-Id: Ib571e90c358b2ffd9545c83674c407d0ddc11cb2
Signed-off-by: Mostafa Saleh <[email protected]>

Author: misaleh

arch/arm64/kvm/hyp/nvhe/mem_protect.c

@@ -2478,7 +2478,8 @@ static int __pkvm_host_use_dma_page(phys_addr_t phys_addr)
 	 * host shared the page.
 	 */
 	if (state & PKVM_PAGE_SHARED_BORROWED || state & PKVM_PAGE_SHARED_OWNED) {
-		ret = __hyp_check_page_state_range(phys_addr, PAGE_SIZE, PKVM_NOPAGE);
+		ret = __hyp_check_page_state_range((u64)hyp_phys_to_virt(phys_addr),
+						   PAGE_SIZE, PKVM_NOPAGE);
 		if (ret)
 			return ret;
 	}