From: Vincenzo Frascino <vincenzo.frascino@arm.com>

The Tag Checking operation causes a synchronous data abort as
a consequence of a tag check fault when MTE is configured in
synchronous mode.

Enable MTE in Synchronous mode in EL1 to provide a more immediate
way of tag check failure detection in the kernel.

As part of this change enable match-all tag for EL1 to allow the
kernel to access user pages without faulting. This is required because
the kernel does not have knowledge of the tags set by the user in a
page.

Note: For MTE, the TCF bit field in SCTLR_EL1 affects only EL1 in a
similar way as TCF0 affects EL0.

Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
---
 arch/arm64/kernel/cpufeature.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 4d3abb51f7d4..4d94af19d8f6 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c

@@ -1670,6 +1670,9 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
        write_sysreg_s(0, SYS_TFSR_EL1);
        write_sysreg_s(0, SYS_TFSRE0_EL1);

+       /* Enable Match-All at EL1 */
+       sysreg_clear_set(tcr_el1, 0, SYS_TCR_EL1_TCMA1);
+
        /*
         * CnP must be enabled only after the MAIR_EL1 register has been set
         * up. Inconsistent MAIR_EL1 between CPUs sharing the same TLB may

@@ -1687,6 +1690,9 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
        mair &= ~MAIR_ATTRIDX(MAIR_ATTR_MASK, MT_NORMAL_TAGGED);
        mair |= MAIR_ATTRIDX(MAIR_ATTR_NORMAL_TAGGED, MT_NORMAL_TAGGED);
        write_sysreg_s(mair, SYS_MAIR_EL1);
+
+       /* Enable MTE Sync Mode for EL1 */
+       sysreg_clear_set(sctlr_el1, SCTLR_ELx_TCF_MASK, SCTLR_ELx_TCF_SYNC);
        isb();

        local_flush_tlb_all();
--

2.28.0.220.ged08abb693-goog