Enable MTE in -eng builds on zuma devices.

MTE is a low overhead tool which enables detection of memory safety bugs in interactive workloads. See https://source.android.com/docs/security/test/memory-safety/arm-mte for background and information. This change enables MTE by default on -eng builds on zuma builds. Co-authored-by: Evgenii Stepanov <eugenis@google.com> Test: Device boots and no MTE crashes Test: sanitizer-status mte Bug: 316398899 Change-Id: Iff5ab9d7031d8b97bf762d85f6760a092631e121
2026-01-27 17:24:46 +00:00 · 2024-10-10 16:14:20 -07:00
parent bb0ccb1c08
commit 2676f4bf00
3 changed files with 35 additions and 2 deletions
--- a/BoardConfig-common.mk
+++ b/BoardConfig-common.mk
@@ -38,9 +38,17 @@ BOARD_KERNEL_CMDLINE += rcupdate.rcu_expedited=1 rcu_nocbs=all rcutree.enable_rc
 BOARD_KERNEL_CMDLINE += swiotlb=1024
 BOARD_KERNEL_CMDLINE += cgroup.memory=nokmem
 BOARD_KERNEL_CMDLINE += sysctl.kernel.sched_pelt_multiplier=4
+
 ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT)))
+ifneq (,$(filter eng,$(TARGET_BUILD_VARIANT)))
 BOARD_KERNEL_CMDLINE += kasan=off
+BOARD_KERNEL_CMDLINE += bootloader.pixel.MTE_FORCE_ON
+ifeq ($(filter memtag_heap,$(SANITIZE_TARGET)),)
+SANITIZE_TARGET := $(strip $(SANITIZE_TARGET) memtag_heap)
 endif
+endif
+endif
+
 BOARD_BOOTCONFIG += androidboot.boot_devices=13200000.ufs

 TARGET_NO_BOOTLOADER := true
--- a/conf/init.eng.memtag.rc
+++ b/conf/init.eng.memtag.rc
@@ -0,0 +1,16 @@
+# MTE in -eng build: litle and mid cores in Sync mode
+# Big core in Asymm mode to work around a performance issue (b/266613799)
+on init
+    # Per-core mode overrides.
+    # Little Cores: sync
+    write /sys/devices/system/cpu/cpu0/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu1/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu2/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu3/mte_tcf_preferred sync
+    # Mid Cores: sync
+    write /sys/devices/system/cpu/cpu4/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu5/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu6/mte_tcf_preferred sync
+    write /sys/devices/system/cpu/cpu7/mte_tcf_preferred sync
+    # Big Core: asymm
+    write /sys/devices/system/cpu/cpu8/mte_tcf_preferred asymm
--- a/device-common.mk
+++ b/device-common.mk
@@ -49,9 +49,10 @@ PRODUCT_PRODUCT_PROPERTIES += \
    ro.preventative_fsck = 1

 # Indicate that the bootloader supports the MTE developer option switch
-# (MISC_MEMTAG_MODE_MEMTAG_ONCE), with the exception of _fullmte products that
-# force enable MTE.
+# (MISC_MEMTAG_MODE_MEMTAG_ONCE), with the exception of _fullmte products and
+# eng products that force enable MTE
 ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT)))
+ifeq (,$(filter eng,$(TARGET_BUILD_VARIANT)))
 PRODUCT_PRODUCT_PROPERTIES += ro.arm64.memtag.bootctl_supported=1
 # N.B. persist properties in product Makefiles aren't actually persisted to the data
 # partition, so they will actually go away if we remove them here, or if the user
@@ -61,3 +62,11 @@ PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.google.android.blueto
 PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.nfc=off
 PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.system_server=off
 endif
+endif
+
+ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT)))
+ifneq (,$(filter eng,$(TARGET_BUILD_VARIANT)))
+PRODUCT_COPY_FILES += \
+       device/google/zuma/conf/init.eng.memtag.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/init.eng.memtag.rc
+endif
+endif