arm64: mm: Permit contiguous descriptors to be manipulated

Currently, pgattr_change_is_safe() is overly pedantic when it comes to
descriptors with the contiguous hint attribute set, as it rejects
assignments even if the old and the new value are the same.

In fact, as per ARM ARM RJQQTC, manipulating descriptors with the
contiguous bit set is safe as long as the bit itself does not change
value, in the sense that no TLB conflict aborts or other exceptions may
be raised as a result. Inconsistent permission attributes within the
contiguous region may result in any of the alternatives to be taken to
apply to the entire region, which might be a programming error, but it
does not constitute an unsafe manipulation in terms of what
pgattr_change_is_safe() is intended to detect.

So drop the special PTE_CONT check, but still omit PTE_CONT from 'mask'
so that modifying the bit is still regarded as unsafe.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 1f2ec06a8736ec036d24650370eb0536ef90f3a4..da81444015dc0bda9313c10dd68628936e0c1619 100644 (file)
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -134,10 +134,6 @@ bool pgattr_change_is_safe(pteval_t old, pteval_t new)
        if (pte_pfn(__pte(old)) != pte_pfn(__pte(new)))
                return false;
 
-       /* live contiguous mappings may not be manipulated at all */
-       if ((old | new) & PTE_CONT)
-               return false;
-
        /* Transitioning from Non-Global to Global is unsafe */
        if (old & ~new & PTE_NG)
                return false;