[PATCH v3 3/8] KVM: arm64: Fix MTE flag initialization for protected VMs

Mon Nov 10 07:03:54 PST 2025

Hi Ben,

On Mon, 10 Nov 2025 at 14:51, Ben Horgan <ben.horgan at arm.com> wrote:
>
> Hi Fuad,
>
> On 11/10/25 13:45, Fuad Tabba wrote:
> > The function pkvm_init_features_from_host() initializes guest
> > features, propagating them from the host. The logic to propagate
> > KVM_ARCH_FLAG_MTE_ENABLED (Memory Tagging Extension)
> > has a couple of issues.
> >
> > First, the check was in the common path, before the divergence for
> > protected and non-protected VMs. For non-protected VMs, this was
> > unnecessary, as 'kvm->arch.flags' is completely overwritten by
> > host_arch_flags immediately after, which already contains the MTE flag.
> > For protected VMs, this was setting the flag even if the feature is not
> > allowed.
> >
> > Second, the check was reading 'host_kvm->arch.flags' instead of using
> > the local 'host_arch_flags', which is read once from the host flags.
> >
> > Fix these by moving the MTE flag check inside the protected-VM-only
> > path, checking if the feature is allowed, and changing it to use the
> > correct host_arch_flags local variable. This ensures non-protected VMs
> > get the flag via the bulk copy, and protected VMs get it via an explicit
> > check.
> >
> > Fixes: b7f345fbc32a ("KVM: arm64: Fix FEAT_MTE in pKVM")
> > Signed-off-by: Fuad Tabba <tabba at google.com>
> > ---
> >  arch/arm64/kvm/hyp/nvhe/pkvm.c | 8 +++++---
> >  1 file changed, 5 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > index f6f8996c4f97..7e370e31260d 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > @@ -337,9 +337,6 @@ static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struc
> >       /* CTR_EL0 is always under host control, even for protected VMs. */
> >       hyp_vm->kvm.arch.ctr_el0 = host_kvm->arch.ctr_el0;
> >
> > -     if (test_bit(KVM_ARCH_FLAG_MTE_ENABLED, &host_kvm->arch.flags))
> > -             set_bit(KVM_ARCH_FLAG_MTE_ENABLED, &kvm->arch.flags);
> > -
> >       /* No restrictions for non-protected VMs. */
> >       if (!kvm_vm_is_protected(kvm)) {
> >               hyp_vm->kvm.arch.flags = host_arch_flags;
> > @@ -372,6 +369,11 @@ static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struc
> >               kvm->arch.flags |= host_arch_flags & BIT(KVM_ARCH_FLAG_GUEST_HAS_SVE);
> >       }
> >
> > +     if (kvm_pvm_ext_allowed(KVM_CAP_ARM_MTE)) {
> > +             set_bit(KVM_CAP_ARM_MTE, allowed_features);
>
> Isn't allowed_features a bitmap for the KVM_ARCH_VCPU_ defines? I think
> MTE is treated as a property of the VM.

Right! This line should go. The check should only be to propagate the
flag to kvm->arch.flags, i.e.,

+       if (kvm_pvm_ext_allowed(KVM_CAP_ARM_MTE))
+               kvm->arch.flags |= host_arch_flags &
BIT(KVM_ARCH_FLAG_MTE_ENABLED);

Thanks for pointing this out,
/fuad

> > +             kvm->arch.flags |= host_arch_flags & BIT(KVM_ARCH_FLAG_MTE_ENABLED);
> > +     }
> > +
> >       bitmap_and(kvm->arch.vcpu_features, host_kvm->arch.vcpu_features,
> >                  allowed_features, KVM_VCPU_MAX_FEATURES);
> >  }
>
>
> Thanks,
>
> Ben
>