ANDROID: KVM: arm64: Force CMOs with FWB when reclaiming guest pages

__clean_dcache_guest_page() is optimized to elide cache maintenance
operations on CPUs with FWB. The underlying assumption is that FWB is
always used by KVM when available. Although correct in the normal KVM
world, pKVM actively disables FWB for the host stage-2. As such,
omitting CMOs when guest memory is being reclaimed may provide a
malicious host with the ability to read the content of the recently
reclaimed pages.

Fix this by using the lower level kvm_flush_dcache_to_poc() helper
directly from the reclaim path.

Bug: 243501419
Reported-by: Will Deacon <willdeacon@google.com>
Signed-off-by: Quentin Perret <qperret@google.com>
Change-Id: I8e96ef7a8ccab2a59d3df46cd4d1a73190a2f457

arch/arm64/kvm/hyp/nvhe/mem_protect.c

@@ -1915,7 +1915,14 @@ static int hyp_zero_page(phys_addr_t phys)
 	if (!addr)
 		return -EINVAL;
 	memset(addr, 0, PAGE_SIZE);
-	__clean_dcache_guest_page(addr, PAGE_SIZE);
+	/*
+	 * Prefer kvm_flush_dcache_to_poc() over __clean_dcache_guest_page()
+	 * here as the latter may elide the CMO under the assumption that FWB
+	 * will be enabled on CPUs that support it. This is incorrect for the
+	 * host stage-2 and would otherwise lead to a malicious host potentially
+	 * being able to read the content of newly reclaimed guest pages.
+	 */
+	kvm_flush_dcache_to_poc(addr, PAGE_SIZE);
 
 	return hyp_fixmap_unmap();
 }