lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87o6n3ae16.fsf@rasp.cworth.amperemail.amperecomputing.com>
Date: Thu, 08 Jan 2026 15:19:17 -0800
From: Carl Worth <carl@...amperecomputing.com>
To: Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
 Taehyun Noh <taehyun@...xas.edu>, andreyknvl@...il.com, pcc@...gle.com,
 yeoreum.yun@....com
Subject: Re: [PATCH 2/2] arm64: mte: Defer disabling of TCO until
 user_access_begin/end

Catalin Marinas <catalin.marinas@....com> writes:
> On Thu, Jan 08, 2026 at 03:06:30PM +0000, Will Deacon wrote:
>> 
>> What about all the uaccess routines that don't call user_access_begin? For
>> example, copy_from_user().

It's possible I missed some code paths here. Thanks for pointing that
out.

> We might as well ignore tag checking for all uaccess for specific
> hardware. It's a relaxation but you get this with futex already and some
> combination of read/write() syscalls with O_DIRECT.

I'm not sure I agree with that. I mean, you could argue that since the
current implementation doesn't guarantee all uaccess gets tag checking
we have cover for skipping tag checking in other cases.

But I think the system is strictly better if we prefer to have kernel
uaccess use tag checking wherever possible.

> Reading the Arm ARM section again, I wonder whether always setting TCMA1
> does the trick for the Ampere hardware. With KASAN disabled in the
> kernel, all addresses will star with 0xff... so behave as match-all. We
> do this with KASAN_HW_TAGS enabled but it won't have any effect with
> kasan disabled.

I'm not familiar with any "match-all" semantics associated with a
tag-value of 0xf. Maybe I'm missing something?

But I'm clearly not aware of everything regarding MTE, since TCMA1 was
new to me too.

Having read up on it now, I agree it looks like a good approach to try
addressing the performance problem here. And this would let us leave the
TCO handling as-is so we could skip past Will's two concerns above,
(potential performance slowdown to other uses cases than what I've
reported on, and potential code paths where I missed the toggling of
TCO).

> Carl, could you please try the patch below?

I'll do that and report back here soon.

Thanks,

-Carl

> ----------------8<----------------------------------------
> diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
> index 01e868116448..8b1f0de00fd3 100644
> --- a/arch/arm64/mm/proc.S
> +++ b/arch/arm64/mm/proc.S
> @@ -48,14 +48,14 @@
>  #define TCR_KASAN_SW_FLAGS 0
>  #endif
>  
> -#ifdef CONFIG_KASAN_HW_TAGS
> -#define TCR_MTE_FLAGS TCR_EL1_TCMA1 | TCR_EL1_TBI1 | TCR_EL1_TBID1
> -#elif defined(CONFIG_ARM64_MTE)
> +#ifdef CONFIG_ARM64_MTE
>  /*
>   * The mte_zero_clear_page_tags() implementation uses DC GZVA, which relies on
> - * TBI being enabled at EL1.
> + * TBI being enabled at EL1. TCMA1 is needed to treat accesses with the
> + * match-all tag (0xF) as Tag Unchecked, irrespective of the SCTLR_EL1.TCF
> + * setting.
>   */
> -#define TCR_MTE_FLAGS TCR_EL1_TBI1 | TCR_EL1_TBID1
> +#define TCR_MTE_FLAGS TCR_EL1_TCMA1 | TCR_EL1_TBI1 | TCR_EL1_TBID1
>  #else
>  #define TCR_MTE_FLAGS 0
>  #endif

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ