From 2bf5d31904b3df3e26f11d193d22bfc88df2c739 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 25 Oct 2024 16:10:03 -0700
Subject: [PATCH] Enable MTE in -eng builds on zumapro devices.

MTE is a low overhead tool which enables detection of memory
safety bugs in interactive workloads. See
https://source.android.com/docs/security/test/memory-safety/arm-mte
for background and information.

This change enables MTE by default on -eng builds. See
go/mte-eng for more information.

Co-authored-by: Evgenii Stepanov <eugenis@google.com>
Test: Device boots and no MTE crashes
Bug: 316398899
Flag: EXEMPT only affects eng builds, not shipping code
Change-Id: I8be52af4f0349907651ae661972c85ea46e2aa72
---
 BoardConfig-common.mk   |  8 ++++++++
 conf/init.eng.memtag.rc | 14 ++++++++++++++
 device-common.mk        | 13 +++++++++++--
 3 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 conf/init.eng.memtag.rc

diff --git a/BoardConfig-common.mk b/BoardConfig-common.mk
index f3ae9d5..e01a56f 100644
--- a/BoardConfig-common.mk
+++ b/BoardConfig-common.mk
@@ -40,9 +40,17 @@ BOARD_KERNEL_CMDLINE += rcupdate.rcu_expedited=1 rcu_nocbs=all rcutree.enable_rc
 BOARD_KERNEL_CMDLINE += swiotlb=noforce
 BOARD_KERNEL_CMDLINE += disable_dma32=on
 BOARD_KERNEL_CMDLINE += sysctl.kernel.sched_pelt_multiplier=4
+
 ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT)))
+ifneq (,$(filter eng,$(TARGET_BUILD_VARIANT)))
 BOARD_KERNEL_CMDLINE += kasan=off
+BOARD_KERNEL_CMDLINE += bootloader.pixel.MTE_FORCE_ON
+ifeq ($(filter memtag_heap,$(SANITIZE_TARGET)),)
+SANITIZE_TARGET := $(strip $(SANITIZE_TARGET) memtag_heap)
 endif
+endif
+endif
+
 BOARD_BOOTCONFIG += androidboot.boot_devices=13200000.ufs
 
 # Enable KUnit for userdebug and eng builds
diff --git a/conf/init.eng.memtag.rc b/conf/init.eng.memtag.rc
new file mode 100644
index 0000000..e0e13f0
--- /dev/null
+++ b/conf/init.eng.memtag.rc
@@ -0,0 +1,14 @@
+# MTE in -eng build: all cores in Sync mode
+on init
+    # Per-core mode overrides.
+    # Little Cores: sync
+    write /sys/devices/system/cpu/cpu0/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu1/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu2/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu3/mte_tcf_preferred sync
+    # Mid Cores: sync
+    write /sys/devices/system/cpu/cpu4/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu5/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu6/mte_tcf_preferred sync
+    # Big Core: sync
+    write /sys/devices/system/cpu/cpu7/mte_tcf_preferred sync
diff --git a/device-common.mk b/device-common.mk
index 1e4691a..54e363d 100644
--- a/device-common.mk
+++ b/device-common.mk
@@ -51,12 +51,21 @@ PRODUCT_VENDOR_PROPERTIES += \
 	vendor.zram.size?=50p
 
 # Indicate that the bootloader supports the MTE developer option switch
-# (MISC_MEMTAG_MODE_MEMTAG_ONCE), with the exception of _fullmte products that
-# force enable MTE.
+# (MISC_MEMTAG_MODE_MEMTAG_ONCE), with the exception of _fullmte products and
+# eng products that force enable MTE
 ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT)))
+ifeq (,$(filter eng,$(TARGET_BUILD_VARIANT)))
 PRODUCT_PRODUCT_PROPERTIES += ro.arm64.memtag.bootctl_supported=1
 PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.se=off
 PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.google.android.bluetooth=off
 PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.nfc=off
 PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.system_server=off
 endif
+endif
+
+ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT)))
+ifneq (,$(filter eng,$(TARGET_BUILD_VARIANT)))
+PRODUCT_COPY_FILES += \
+       device/google/zumapro/conf/init.eng.memtag.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/init.eng.memtag.rc
+endif
+endif