From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6956427472; Tue, 17 Feb 2026 13:00:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771333225; cv=none; b=se6BXoRPfumghFnw/9Ezts1JI932BcUre1mNGQeOSX3M3hVblqP7JIxK6LQ0Z2HjNqdO3y+hppjpvbOSHBAWgcIEb4CrKzillYUnyCBZL4pKfsvRi8skPW/QXpt3E2ECFVGRhSpfykHXX+SqJ7Vouo6OB5qIQZQjtXG15bXGcd0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771333225; c=relaxed/simple; bh=/jgRvAH6/qkall4xmNykuaxBNxUpJABVCi9DbhjS4MA=; h=Date:Message-ID:From:To:Cc:Subject:In-Reply-To:References: MIME-Version:Content-Type; b=V4XJbHdgT0vIT/pY9aOa9uC24YtyZQobpCVJdHVSrIGaAuMjzZL9OpQoIZUrirqzIzQZN8PPr099RBhBtDHTvsgfNBMDyrJ+sCy0PxjgF5Of5vz/On7gq51JP2kwysQYn2N0MnRpU/KxOVXtTpiFu138dShX2KoPviOQ26wPqxg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cT4kbB5d; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cT4kbB5d" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E2E0DC4CEF7; Tue, 17 Feb 2026 13:00:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1771333224; bh=/jgRvAH6/qkall4xmNykuaxBNxUpJABVCi9DbhjS4MA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=cT4kbB5ddNQH8+xhRR7XQ/oRHj/qtrdD/iKNe9GUkLEK6Bo0ZsemDKZbmQ3TVNser YiIWtJTk8voFjG+aCdjyr/bGj987pEa9gNy4EHhF3lemUEoYXHtztORcb69uliWvL8 MUDSbg68YFfyx0/ZkFAsdH3lGFlW1rSO9SU+6tZeZwtGKpXPW+y1r2wMW/PklUJraS l6zVc8R+HWjWbuQt+3719wWhdQZ22YxUjuUjPk66Db+z92MSbKGhB5sq+5KragJjAH qtYv6BjohyvhXAskjV4Wp9TRkyxgf/W0XAhtSDrj5rwkiqLO9O5/URKFm+51rrNbyh WiuWh6MmQEoYg== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1vsKgf-0000000BdQk-3sf5; Tue, 17 Feb 2026 13:00:22 +0000 Date: Tue, 17 Feb 2026 13:00:21 +0000 Message-ID: <86342zbk4a.wl-maz@kernel.org> From: Marc Zyngier To: =?UTF-8?B?UGllcnJlLUNsw6ltZW50?= Tosi Cc: Catalin Marinas , will@kernel.org, suzuki.poulose@arm.com, corbet@lwn.net, yee.lee@mediatek.com, ascull@google.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH] arm64: Optionally disable EL0 MTE via command-line In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/30.1 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: ptosi@google.com, catalin.marinas@arm.com, will@kernel.org, suzuki.poulose@arm.com, corbet@lwn.net, yee.lee@mediatek.com, ascull@google.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false On Tue, 17 Feb 2026 11:20:02 +0000, Pierre-Cl=C3=A9ment Tosi wrote: >=20 > Hi Catalin, >=20 > On Tue, Feb 17, 2026 at 10:51:24AM +0000, Catalin Marinas wrote: > > On Fri, Feb 13, 2026 at 12:51:07PM +0100, Pierre-Cl=C3=A9ment Tosi wrot= e: > > > Although it is currently possible to fully disable MTE on MTE-capable > > > CPUs (with arm64.nomte or id_aa64pfr1.mte=3D0) and to only use MTE in > > > userspace (with kasan=3Doff), there is no way to limit the use of MTE= to > > > the kernel because CPU capabilities are traditionally exposed directly > > > to userspace. > > >=20 > > > To address this, introduce a new cmdline argument (inspired by the > > > existing arm64.nomte) to only expose the MTE capability of the CPU to > > > the kernel. Combined with KASAN, this results in only the kernel using > > > the feature, while HWCAP2_MTE and the corresponding MSR ID_AA64PFR1_E= L1 > > > field are hidden from userspace. > > [...] > > > + arm64.nomte_el0 [ARM64] Unconditionally disable Memory Tagging Exte= nsion > > > + support for userspace > >=20 > > Why would we need this? It's a user-space choice whether it uses MTE or > > not. It's not like the kernel is forcing it onto the user processes. >=20 > Correct. This patch is useful when working with a pre-compiled distributi= on to > ensure that a MTE-enabled userspace falls back to untagged allocations, w= ithout > the need to introduce system-wide policies (and ABIs) for said distributi= on, > which would also be inherently less robust than this kernel-level gating. >=20 > In Android, we can simply append the flag to the kernel cmdline instead of > relying on sysprops (or similar early userspace concepts) and hoping that= all > users are properly gated on that sysprop, etc. This can be used for A/B t= esting > of the feature or as a highly-reliable "remote kill switch", for example. >=20 > I should have mentioned this in the commit message and will in an eventua= l v2. What I find odd is that nothing seems to enforce this "disabled at EL0" behaviour. It is not advertised, but crucially SCTLR_EL1.ATA0 appears to be set. M. --=20 Without deviation from the norm, progress is not possible.