From nobody Thu Apr  2 20:24:33 2026
Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com
 [209.85.208.51])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3F3E3347BDC
	for <linux-kernel@vger.kernel.org>; Fri, 13 Feb 2026 11:51:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.208.51
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1770983480; cv=none;
 b=beututVRvdncXvumiAcWay/QtQv8ge38u2/vPvKbs3j+o/8Q7ytbnHARTFXFqNyyDf4mjfsy3ZyivPRfDCAQ4YJz9Iu1OAxzfQbALroq6T10kqOsGPMwdtxjqC/1AVFXPA3gI5O4Pvd+Jw56tl4hm9edaau52OSzGBLv4Etha3U=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1770983480; c=relaxed/simple;
	bh=o1U/AW+9c8uIQ2cLYfOvQNLg0AKgTqaqFLJ6LfTtD/s=;
	h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type:
	 Content-Disposition;
 b=pxmHjv3QLWjW6LUO7p90y1eCF03uK8eZ+pw4381KYRubNVKBFEp1L48zs3Bp0s6ojUZY4z21vQQuUM6mM1Od/9772LKCMy74G3uh7Y1Ibqfn9Niha6NWl0MEfrtHwxfOvRC6i/aaHx3utvU+tMOPksCCHFa3rYBMNZW5+4ZzXr0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=jdxfzcHR; arc=none smtp.client-ip=209.85.208.51
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="jdxfzcHR"
Received: by mail-ed1-f51.google.com with SMTP id
 4fb4d7f45d1cf-65a43a512b0so931814a12.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 13 Feb 2026 03:51:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1770983477; x=1771588277;
 darn=vger.kernel.org;
        h=content-transfer-encoding:content-disposition:mime-version
         :message-id:subject:cc:to:from:date:from:to:cc:subject:date
         :message-id:reply-to;
        bh=1sfEh3PBJWD07hYds4N9dI7mviBas2gIyECRd0DbjpM=;
        b=jdxfzcHRaKy94VfAvan/IR6g7yaGngyYGgBH/YYjGn6frkXC1hA3HbrEMOKdqFWvT7
         zEIF47xKuPI7LXNm01JC/eRy8OXlflQZmCUpOEcO32E3IetLzzlhORt3+2GlVkzgMzBM
         sPqBOQmidy0oIVxRNns9UXfveg3V35HcSZeZiohHe2A3L5YLi2odaSIjdWB+9kbV/5WK
         eIo1Z7DrOi/PTIYvIKbZiWWG651f7aR2p0MxKt2XkE5TR8T9llHMl7k5wUjiXynjD7zI
         LKcXsAdp98LpSyghjrpDSRGJJRlz0520efritxH3WQ6GjDUzbW9GqUeMK62kznQfN6/E
         JaAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1770983477; x=1771588277;
        h=content-transfer-encoding:content-disposition:mime-version
         :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=1sfEh3PBJWD07hYds4N9dI7mviBas2gIyECRd0DbjpM=;
        b=sS/wC/VfP4B4zjuDKOm+JRNVQCKpwfpmcE4VCGeTTTInixS6nZaXdlwvU4J4P/4eXy
         28PXnnQAD0Wg4cNS+/5rM6EwoCqR9gBrX6NcixX6tVlK+Te45RcsGq7Tx+dDfZktIk4k
         4BK1wIAm7/lH22Nx3o2Fw6/wOxi8r7xr0DjA5/Yk5jAaR28Z5W71DbvJBgPJnALBTUTz
         KdYPjJ4PfnQv2CpGGvnL7wrU/L26HMBg6rx7PNna2Ep1U08OJiMunh7Z7+w6mZdRj/5h
         a3DBKAWg+IhEi/O+aKpgQucajpdPmXa7N0exrD5ERmMjoKwOTT/nxivFWEtjRCucTCOF
         3Gxg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVK/NSBrfQ3n+7q9aXtGu0NksgDTc1fkO7mDpBPTcqxv8etVBjIOH+yoZJSnhrZPmNU4q6avAikx6y4Rmc=@vger.kernel.org
X-Gm-Message-State: AOJu0YyU/Tu6MXAUCSabaUgz/MABKyBRBdzhOB0KaWsraE2RbDQGwR3u
	TtQNkqo9emkLM5LI1mmNQgms+QwglSJ9PzRIKSltVEecSTiMCdfyvgCRNoClkthg2g==
X-Gm-Gg: AZuq6aKAkQmfY5lonRaROdt4a6Tvrk96PMwyNKqENv5W6M2dRs3zEItSYS0zui4AEpc
	bsHiy64p9k809VjJwKj1Bul0cSwKlSMno5u1BhD5vc8/A4l3y2lbaRKPgPbnhi0I0QQjZkrQ3+c
	j+uzulmd+QHj5Kmhay89RHIbbNAUEP1wFvRweIW82N9ReoFfaqiDoJaFeGRj37JQzhTLcjW+BaP
	SiTUtxaE50k4VRa/lLHQ4Lfnyj5bpJWnxP6WfPQlA5pej7Dsgoh8rcklDyuEmXuE9Kz3NC21Qdi
	TF8qU2UPlc7axpGQeCEf4T5u+MlJlK3KiPAbu3bj9k+bKMAGjF41plIDJugpGaHA/ekKqzglE98
	78pzWLpPQsjdwZaB9Xhwm8/DkybZWZb2YsL8pA2PmKtsI+JHRcir0halUI6NCRl0fu31MbjdhP1
	kXHfLLUOlFGDlW3aqGKF3ulDiTUnhp7W+4yq/1XsEArzEZwC2f87T7v5kxTphG
X-Received: by 2002:a05:6402:5252:b0:65a:39ad:d655 with SMTP id
 4fb4d7f45d1cf-65bb116de4amr646620a12.20.1770983477058;
        Fri, 13 Feb 2026 03:51:17 -0800 (PST)
Received: from google.com (105.165.204.35.bc.googleusercontent.com.
 [35.204.165.105])
        by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-65bad3f0d09sm585900a12.25.2026.02.13.03.51.15
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 13 Feb 2026 03:51:15 -0800 (PST)
Date: Fri, 13 Feb 2026 12:51:07 +0100
From: =?utf-8?Q?Pierre-Cl=C3=A9ment?= Tosi <ptosi@google.com>
To: catalin.marinas@arm.com, will@kernel.org, suzuki.poulose@arm.com,
	maz@kernel.org, corbet@lwn.net
Cc: yee.lee@mediatek.com, ascull@google.com,
	linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
 linux-doc@vger.kernel.org
Subject: [PATCH] arm64: Optionally disable EL0 MTE via command-line
Message-ID: <plslbeuzfag5dfizunxmhyw5axxbuz7r3jdlhjluzdwrm4rtzk@bm5xmxzmy6v3>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Although it is currently possible to fully disable MTE on MTE-capable
CPUs (with arm64.nomte or id_aa64pfr1.mte=3D0) and to only use MTE in
userspace (with kasan=3Doff), there is no way to limit the use of MTE to
the kernel because CPU capabilities are traditionally exposed directly
to userspace.

To address this, introduce a new cmdline argument (inspired by the
existing arm64.nomte) to only expose the MTE capability of the CPU to
the kernel. Combined with KASAN, this results in only the kernel using
the feature, while HWCAP2_MTE and the corresponding MSR ID_AA64PFR1_EL1
field are hidden from userspace.

Implement it as a software-only feature override, similar to nokaslr.

Signed-off-by: Pierre-Cl=C3=A9ment Tosi <ptosi@google.com>
---
 Documentation/admin-guide/kernel-parameters.txt | 3 +++
 arch/arm64/include/asm/cpufeature.h             | 1 +
 arch/arm64/kernel/cpufeature.c                  | 8 ++++++++
 arch/arm64/kernel/pi/idreg-override.c           | 2 ++
 4 files changed, 14 insertions(+)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentatio=
n/admin-guide/kernel-parameters.txt
index 0869294363b3..4d138c1826f0 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -564,6 +564,9 @@ Kernel parameters
 	arm64.nomte	[ARM64] Unconditionally disable Memory Tagging Extension
 			support
=20
+	arm64.nomte_el0	[ARM64] Unconditionally disable Memory Tagging Extension
+			support for userspace
+
 	arm64.nopauth	[ARM64] Unconditionally disable Pointer Authentication
 			support
=20
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/c=
pufeature.h
index 4de51f8d92cb..0944ff5084a2 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -18,6 +18,7 @@
 #define ARM64_SW_FEATURE_OVERRIDE_NOKASLR	0
 #define ARM64_SW_FEATURE_OVERRIDE_HVHE		4
 #define ARM64_SW_FEATURE_OVERRIDE_RODATA_OFF	8
+#define ARM64_SW_FEATURE_OVERRIDE_NOMTE_EL0	12
=20
 #ifndef __ASSEMBLER__
=20
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 6044d463d3fb..81ea00050e56 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2412,6 +2412,14 @@ static void user_feature_fixup(void)
 		if (regp)
 			regp->user_mask &=3D ~ID_AA64PFR1_EL1_SSBS_MASK;
 	}
+
+	if (arm64_test_sw_feature_override(ARM64_SW_FEATURE_OVERRIDE_NOMTE_EL0)) {
+		struct arm64_ftr_reg *regp;
+
+		regp =3D get_arm64_ftr_reg(SYS_ID_AA64PFR1_EL1);
+		if (regp)
+			regp->user_mask &=3D ~ID_AA64PFR1_EL1_MTE_MASK;
+	}
 }
=20
 static void elf_hwcap_fixup(void)
diff --git a/arch/arm64/kernel/pi/idreg-override.c b/arch/arm64/kernel/pi/i=
dreg-override.c
index bc57b290e5e7..758141bf9e37 100644
--- a/arch/arm64/kernel/pi/idreg-override.c
+++ b/arch/arm64/kernel/pi/idreg-override.c
@@ -211,6 +211,7 @@ static const struct ftr_set_desc sw_features __prel64_i=
nitconst =3D {
 		FIELD("nokaslr", ARM64_SW_FEATURE_OVERRIDE_NOKASLR, NULL),
 		FIELD("hvhe", ARM64_SW_FEATURE_OVERRIDE_HVHE, hvhe_filter),
 		FIELD("rodataoff", ARM64_SW_FEATURE_OVERRIDE_RODATA_OFF, NULL),
+		FIELD("nomte_el0", ARM64_SW_FEATURE_OVERRIDE_NOMTE_EL0, NULL),
 		{}
 	},
 };
@@ -244,6 +245,7 @@ static const struct {
 	  "id_aa64isar2.gpa3=3D0 id_aa64isar2.apa3=3D0"	   },
 	{ "arm64.nomops",		"id_aa64isar2.mops=3D0" },
 	{ "arm64.nomte",		"id_aa64pfr1.mte=3D0" },
+	{ "arm64.nomte_el0",		"arm64_sw.nomte_el0=3D1" },
 	{ "nokaslr",			"arm64_sw.nokaslr=3D1" },
 	{ "rodata=3Doff",			"arm64_sw.rodataoff=3D1" },
 	{ "arm64.nolva",		"id_aa64mmfr2.varange=3D0" },
--=20
2.53.0.273.g2a3d683680-goog


--=20
Pierre