From: Marc Zyngier <maz@kernel.org>
To: "Pierre-Clément Tosi" <ptosi@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
will@kernel.org, suzuki.poulose@arm.com, corbet@lwn.net,
yee.lee@mediatek.com, ascull@google.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org
Subject: Re: [PATCH] arm64: Optionally disable EL0 MTE via command-line
Date: Tue, 17 Feb 2026 13:00:21 +0000 [thread overview]
Message-ID: <86342zbk4a.wl-maz@kernel.org> (raw)
In-Reply-To: <p7wloz3ospiwaytzzns43hbyfrxfjoca6ljols3dq4hpha5y2v@weadvhpdng7a>
On Tue, 17 Feb 2026 11:20:02 +0000,
Pierre-Clément Tosi <ptosi@google.com> wrote:
>
> Hi Catalin,
>
> On Tue, Feb 17, 2026 at 10:51:24AM +0000, Catalin Marinas wrote:
> > On Fri, Feb 13, 2026 at 12:51:07PM +0100, Pierre-Clément Tosi wrote:
> > > Although it is currently possible to fully disable MTE on MTE-capable
> > > CPUs (with arm64.nomte or id_aa64pfr1.mte=0) and to only use MTE in
> > > userspace (with kasan=off), there is no way to limit the use of MTE to
> > > the kernel because CPU capabilities are traditionally exposed directly
> > > to userspace.
> > >
> > > To address this, introduce a new cmdline argument (inspired by the
> > > existing arm64.nomte) to only expose the MTE capability of the CPU to
> > > the kernel. Combined with KASAN, this results in only the kernel using
> > > the feature, while HWCAP2_MTE and the corresponding MSR ID_AA64PFR1_EL1
> > > field are hidden from userspace.
> > [...]
> > > + arm64.nomte_el0 [ARM64] Unconditionally disable Memory Tagging Extension
> > > + support for userspace
> >
> > Why would we need this? It's a user-space choice whether it uses MTE or
> > not. It's not like the kernel is forcing it onto the user processes.
>
> Correct. This patch is useful when working with a pre-compiled distribution to
> ensure that a MTE-enabled userspace falls back to untagged allocations, without
> the need to introduce system-wide policies (and ABIs) for said distribution,
> which would also be inherently less robust than this kernel-level gating.
>
> In Android, we can simply append the flag to the kernel cmdline instead of
> relying on sysprops (or similar early userspace concepts) and hoping that all
> users are properly gated on that sysprop, etc. This can be used for A/B testing
> of the feature or as a highly-reliable "remote kill switch", for example.
>
> I should have mentioned this in the commit message and will in an eventual v2.
What I find odd is that nothing seems to enforce this "disabled at
EL0" behaviour. It is not advertised, but crucially SCTLR_EL1.ATA0
appears to be set.
M.
--
Without deviation from the norm, progress is not possible.
prev parent reply other threads:[~2026-02-17 13:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-13 11:51 [PATCH] arm64: Optionally disable EL0 MTE via command-line Pierre-Clément Tosi
2026-02-17 10:51 ` Catalin Marinas
2026-02-17 11:20 ` Pierre-Clément Tosi
2026-02-17 12:03 ` Will Deacon
2026-02-17 12:31 ` Pierre-Clément Tosi
2026-02-17 15:16 ` Will Deacon
2026-02-17 13:00 ` Marc Zyngier [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86342zbk4a.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=ascull@google.com \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ptosi@google.com \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
--cc=yee.lee@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.