From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 53F87D1D899 for ; Thu, 4 Dec 2025 09:15:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:MIME-Version: References:In-Reply-To:Subject:Cc:To:From:Message-ID:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Qyw/k2OnmjPjtT2rKDGnNc+/WFSiS9sV47SfOc6mIO0=; b=xhfmGtF3iS1t+dIFFs855mqcMO LkV8kS2fbK86Uw+0MwUmpVeykAf+7meyZxAvk1QxqNphPszS11wpbQDnf3o+dsu7umi6dynLPLW+H FAhwkWubzFndV1XQSCgp/fq0YC3NSo8am/4l0z+HjzKeqRuTArdTUVJ7VHpM1qR7DTYEMzL4N54d0 80eU75NBRVapCRvIAPJ+LvKCMrS8Nt72XBsy3cA/Eqx90YkW7Nv81hX9u48TJdIaRR9EvBDWZgSEz jJJVnXLBmY6pGQVZMwZmmfAd86SjwBOty46MstM8TrDJSzTrJh0P62ZDEw9EeBCkU+EPPz+xrtHV+ Pub2YJKA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1vR5R3-00000007kQS-1KV5; Thu, 04 Dec 2025 09:15:37 +0000 Received: from sea.source.kernel.org ([2600:3c0a:e001:78e:0:1991:8:25]) by bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux)) id 1vR5Qz-00000007kPX-2ZOF for linux-arm-kernel@lists.infradead.org; Thu, 04 Dec 2025 09:15:36 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id EADBF404C1; Thu, 4 Dec 2025 09:15:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C534DC4CEFB; Thu, 4 Dec 2025 09:15:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1764839732; bh=K3gy0rmSpIpm7yaBoRNjlGIffAUZIS36kNrGbuYni/M=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=FtjMzEX00awr8umHm6juQmlCUvxy4ZxGd1WQAnZwrap+3D/eB5qu9dTrRLISzf4fe FUc9cgtcYsS7wPi9jkrpxgONI2jNeyV8ATzzGlFkhs7QyuV0ymi7gWBAqNgAxQjMbL +OT/vtK9l0dQR0G6Shux3d1/QKGWsIbZPAD+3mdGFOKLr3QWrzp5GHt3ODUV3H1Ilk vGeospboWaqRhc18X3axBa/uVJTnw8FkUCuzQN26lnp9yhCeQL2QFDLeQl+gyYXIQM xvLaAo5/s4wpY3Pj9vxLffgbup8KxTXWO8wYpuxr0Xf54Hhy21llYaZcyLjdr8+y9H A3nRbz2ZPhbPA== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1vR5Qw-0000000AOcH-1ONt; Thu, 04 Dec 2025 09:15:30 +0000 Date: Thu, 04 Dec 2025 09:15:29 +0000 Message-ID: <86ecpappzi.wl-maz@kernel.org> From: Marc Zyngier To: Pavan Kondeti Cc: Catalin Marinas , Will Deacon , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, rsalveti@oss.qualcomm.com Subject: Re: Alternative to arm64.nopauth cmdline for disabling Pointer Authentication In-Reply-To: <3fcf6614-ee83-4a06-9024-83573b2e642e@quicinc.com> References: <3fcf6614-ee83-4a06-9024-83573b2e642e@quicinc.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/30.1 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: pavan.kondeti@oss.qualcomm.com, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, rsalveti@oss.qualcomm.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20251204_011534_966827_8ABDA2BC X-CRM114-Status: GOOD ( 31.43 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, 04 Dec 2025 04:07:15 +0000, Pavan Kondeti wrote: > > Hi > > The pointer authentication feature (PAuth) is only supported on > 0-3 CPUs but it is not supported on 4-7 CPUS on QCS8300. On what grounds? Hardware incompatibility? I seriously doubt it, since nobody glues pre-8.3 CPUs to anything more modern. Or, as I expect it, a firmware implemented with little understanding of what is required? > The ARM64 cpufeature discovery code expects late CPUs to have > this feature if boot CPU feature has it since PAuth is enabled > early. When a conflict like this is detected, the late CPUs are > not allowed to boot. It is expected that system will continue > to be functional with CPUs with Pauth feature supported and enabled. > This is not a desired behavior in production. What is even less desirable is to produce this sort of contraption. > We started seeing this problem when Linux is booted in EL2. When Linux > is running under Gunyah (Type-1 hypervisor), Pointer Authentication > feature is hidden from EL1 via HCR_EL2.TID3. > > arm64.nopauth can be passed on kernel cmdline to disable the feature > in kernel so that all all CPUs can boot on QCS8300. I am told > maintaining a custom kernel commandline per SoC in a Generic OS > distribution is not recommended and asked to discuss the problem with > the comunity [1] Well, you get to own the problem you have created for yourself. You build hardware/firmware that cannot run generic SW, and yet you want generic SW to run seamlessly on it. Spot the issue? > This patch [2] from Catalin adds a devicetree property under memory {} > to disable MTE. I believe this work predates the id-reg override > mechanism. However, this made me think if workarounds like this can be > detected via devicetree, for example a property under cpu { } node. Not only it predates it, but it also doesn't work in general. For a start, it is DT specific. How are you going to make that work for ACPI? I know you don't care, but I do. > Given that what we put in `chosen { bootargs="" }` kernel under > respective SoC devicetree can be overridden by bootloader, should we > have a **sticky** cmdline to specify critical workarounds like this? > This would be more generic than introducing any new parameters. You already have a way to have a sticky command-line, by building it into the kernel. Yes, I understand that this isn't what you want, but: (1) a user should be allowed to pass the kernel command-line *they* want, not what someone has decided for them (2) the generic mechanism exists, doesn't rely on additional firmware specifications, and is used for a whole lot of other QC platforms suffering from the same issue of broken firmware. What are you going to do for these? (3) what if you, by miracle, happened to *fix* the firmware? To sum it up, the kernel is not in the business of papering over these issues. You have a tool to work around the problem you have created, use it. Alternatively, you can always boot on a non-PAC CPU, and be done with it. Thanks, M. -- Without deviation from the norm, progress is not possible.