lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DFKNU3AVF9EW.3GHYYELNT4V9E@utexas.edu>
Date: Fri, 09 Jan 2026 23:29:29 -0600
From: "Taehyun Noh" <taehyun@...xas.edu>
To: "Catalin Marinas" <catalin.marinas@....com>, "Will Deacon"
 <will@...nel.org>
Cc: "Carl Worth" <carl@...amperecomputing.com>,
 <linux-arm-kernel@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
 <andreyknvl@...il.com>, <pcc@...gle.com>, <yeoreum.yun@....com>
Subject: Re: [PATCH 2/2] arm64: mte: Defer disabling of TCO until
 user_access_begin/end

Hi,

On Thu Jan 8, 2026 at 12:45 PM CST, Catalin Marinas wrote:
> Reading the Arm ARM section again, I wonder whether always setting TCMA1
> does the trick for the Ampere hardware. With KASAN disabled in the
> kernel, all addresses will star with 0xff... so behave as match-all. We
> do this with KASAN_HW_TAGS enabled but it won't have any effect with
> kasan disabled.

Our team agrees with Catalin’s TCMA1 solution. It disables every kernel
tag checking but the user address will get tag checked as far as TCO is
clear. Also, Carl’s initial testing confirms that
`mem_access_checked*:k` counters drop with the TCMA1 patch. While we
haven’t run the memcached benchmark yet, we will follow up with those
results shortly.

Additionally, we’ve observed that Pixel 9 behaves differently; the
kernel does not perform any tag checking when the user process enables
MTE. I’ve tested a simple kernel module that accesses kernel memory on
user ioctl, and measured the MTE perf counters on both AmpereOne and
Pixel 9. Pixel 9 shows no increases in checked access counters, but
AmpereOne shows proportional increases depending on the buffer size that
is accessed inside the kernel module.

We will keep you posted as more data becomes available.

Taehyun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ