]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 43a21a0)
KVM: arm64: Do not allow KVM_CAP_ARM_MTE for any guest in pKVM
authorFuad Tabba <tabba@google.com>
Thu, 11 Dec 2025 10:47:06 +0000 (10:47 +0000)
committerMarc Zyngier <maz@kernel.org>
Thu, 15 Jan 2026 15:43:15 +0000 (15:43 +0000)
Supporting MTE in pKVM introduces significant complexity to the
hypervisor at EL2, even for non-protected VMs, since it would require
EL2 to handle tag management.

For now, do not allow KVM_CAP_ARM_MTE for any VM type in protected mode.

Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://patch.msgid.link/20251211104710.151771-7-tabba@google.com
Signed-off-by: Marc Zyngier <maz@kernel.org>
arch/arm64/include/asm/kvm_pkvm.h patch | blob | blame | history

diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h
index cccfff96f0629a52114a4149b3aa2e55b701e09d..09a7599716531e2d6673dc48b7f009f647d2dd3a 100644 (file)
--- a/arch/arm64/include/asm/kvm_pkvm.h
+++ b/arch/arm64/include/asm/kvm_pkvm.h
@@ -44,6 +44,8 @@ static inline bool kvm_pkvm_ext_allowed(struct kvm *kvm, long ext)
        case KVM_CAP_ARM_PTRAUTH_ADDRESS:
        case KVM_CAP_ARM_PTRAUTH_GENERIC:
                return true;
+       case KVM_CAP_ARM_MTE:
+               return false;
        default:
                return !kvm || !kvm_vm_is_protected(kvm);
        }
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git