[PATCH 2/2] arm64: mte: Defer disabling of TCO until user_access_begin/end

[Catalin Marinas]

On Fri, Jan 09, 2026 at 11:29:29PM -0600, Taehyun Noh wrote:
> On Thu Jan 8, 2026 at 12:45 PM CST, Catalin Marinas wrote:
> > Reading the Arm ARM section again, I wonder whether always setting TCMA1
> > does the trick for the Ampere hardware. With KASAN disabled in the
> > kernel, all addresses will star with 0xff... so behave as match-all. We
> > do this with KASAN_HW_TAGS enabled but it won't have any effect with
> > kasan disabled.
> 
> Our team agrees with Catalin’s TCMA1 solution. It disables every kernel
> tag checking but the user address will get tag checked as far as TCO is
> clear. Also, Carl’s initial testing confirms that
> `mem_access_checked*:k` counters drop with the TCMA1 patch. While we
> haven’t run the memcached benchmark yet, we will follow up with those
> results shortly.

That's great. Carl, could you please respin the patch with just setting
the TCMA1 bit? Just add a suggested-by me (I could post the patch as
well but I don't have the data to back it up and include in the commit
log).

> Additionally, we’ve observed that Pixel 9 behaves differently; the
> kernel does not perform any tag checking when the user process enables
> MTE. I’ve tested a simple kernel module that accesses kernel memory on
> user ioctl, and measured the MTE perf counters on both AmpereOne and
> Pixel 9. Pixel 9 shows no increases in checked access counters, but
> AmpereOne shows proportional increases depending on the buffer size that
> is accessed inside the kernel module.

It's an implementation choice. I think the Arm Ltd CPUs ignore tag
checking if SCTLR_EL1.TCF==0, irrespective of TCMA1 or TCO. But always
setting TCMA1 is completely harmless and it's covered by the text in the
Arm ARM.

-- 
Catalin