From 2676f4bf004356534d08cefb7737530488beb9da Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Thu, 10 Oct 2024 16:14:20 -0700 Subject: [PATCH] Enable MTE in -eng builds on zuma devices. MTE is a low overhead tool which enables detection of memory safety bugs in interactive workloads. See https://source.android.com/docs/security/test/memory-safety/arm-mte for background and information. This change enables MTE by default on -eng builds on zuma builds. Co-authored-by: Evgenii Stepanov Test: Device boots and no MTE crashes Test: sanitizer-status mte Bug: 316398899 Change-Id: Iff5ab9d7031d8b97bf762d85f6760a092631e121 --- BoardConfig-common.mk | 8 ++++++++ conf/init.eng.memtag.rc | 16 ++++++++++++++++ device-common.mk | 13 +++++++++++-- 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 conf/init.eng.memtag.rc diff --git a/BoardConfig-common.mk b/BoardConfig-common.mk index 27fde6e5..53d3d314 100644 --- a/BoardConfig-common.mk +++ b/BoardConfig-common.mk @@ -38,9 +38,17 @@ BOARD_KERNEL_CMDLINE += rcupdate.rcu_expedited=1 rcu_nocbs=all rcutree.enable_rc BOARD_KERNEL_CMDLINE += swiotlb=1024 BOARD_KERNEL_CMDLINE += cgroup.memory=nokmem BOARD_KERNEL_CMDLINE += sysctl.kernel.sched_pelt_multiplier=4 + ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT))) +ifneq (,$(filter eng,$(TARGET_BUILD_VARIANT))) BOARD_KERNEL_CMDLINE += kasan=off +BOARD_KERNEL_CMDLINE += bootloader.pixel.MTE_FORCE_ON +ifeq ($(filter memtag_heap,$(SANITIZE_TARGET)),) +SANITIZE_TARGET := $(strip $(SANITIZE_TARGET) memtag_heap) endif +endif +endif + BOARD_BOOTCONFIG += androidboot.boot_devices=13200000.ufs TARGET_NO_BOOTLOADER := true diff --git a/conf/init.eng.memtag.rc b/conf/init.eng.memtag.rc new file mode 100644 index 00000000..19071f55 --- /dev/null +++ b/conf/init.eng.memtag.rc @@ -0,0 +1,16 @@ +# MTE in -eng build: litle and mid cores in Sync mode +# Big core in Asymm mode to work around a performance issue (b/266613799) +on init + # Per-core mode overrides. + # Little Cores: sync + write /sys/devices/system/cpu/cpu0/mte_tcf_preferred sync + write /sys/devices/system/cpu/cpu1/mte_tcf_preferred sync + write /sys/devices/system/cpu/cpu2/mte_tcf_preferred sync + write /sys/devices/system/cpu/cpu3/mte_tcf_preferred sync + # Mid Cores: sync + write /sys/devices/system/cpu/cpu4/mte_tcf_preferred sync + write /sys/devices/system/cpu/cpu5/mte_tcf_preferred sync + write /sys/devices/system/cpu/cpu6/mte_tcf_preferred sync + write /sys/devices/system/cpu/cpu7/mte_tcf_preferred sync + # Big Core: asymm + write /sys/devices/system/cpu/cpu8/mte_tcf_preferred asymm diff --git a/device-common.mk b/device-common.mk index f3e33959..41978abb 100644 --- a/device-common.mk +++ b/device-common.mk @@ -49,9 +49,10 @@ PRODUCT_PRODUCT_PROPERTIES += \ ro.preventative_fsck = 1 # Indicate that the bootloader supports the MTE developer option switch -# (MISC_MEMTAG_MODE_MEMTAG_ONCE), with the exception of _fullmte products that -# force enable MTE. +# (MISC_MEMTAG_MODE_MEMTAG_ONCE), with the exception of _fullmte products and +# eng products that force enable MTE ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT))) +ifeq (,$(filter eng,$(TARGET_BUILD_VARIANT))) PRODUCT_PRODUCT_PROPERTIES += ro.arm64.memtag.bootctl_supported=1 # N.B. persist properties in product Makefiles aren't actually persisted to the data # partition, so they will actually go away if we remove them here, or if the user @@ -61,3 +62,11 @@ PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.google.android.blueto PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.nfc=off PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.system_server=off endif +endif + +ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT))) +ifneq (,$(filter eng,$(TARGET_BUILD_VARIANT))) +PRODUCT_COPY_FILES += \ + device/google/zuma/conf/init.eng.memtag.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/init.eng.memtag.rc +endif +endif