[PATCH v4 6/8] KVM: arm64: Do not allow KVM_CAP_ARM_MTE for any guest in pKVM
Fuad Tabba
tabba at google.com
Wed Nov 12 01:20:49 PST 2025
Supporting MTE in pKVM introduces significant complexity to the
hypervisor at EL2, even for non-protected VMs, since it would require
EL2 to handle tag management.
For now, do not allow KVM_CAP_ARM_MTE for all VM types in protected
mode.
Signed-off-by: Fuad Tabba <tabba at google.com>
---
arch/arm64/include/asm/kvm_pkvm.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h
index 7195be508d99..5b564576160d 100644
--- a/arch/arm64/include/asm/kvm_pkvm.h
+++ b/arch/arm64/include/asm/kvm_pkvm.h
@@ -44,6 +44,8 @@ static inline bool kvm_pkvm_ext_allowed(struct kvm *kvm, long ext)
case KVM_CAP_ARM_PTRAUTH_ADDRESS:
case KVM_CAP_ARM_PTRAUTH_GENERIC:
return true;
+ case KVM_CAP_ARM_MTE:
+ return false;
default:
return !kvm || !kvm_vm_is_protected(kvm);
}
--
2.51.2.1041.gc1ab5b90ca-goog
More information about the linux-arm-kernel
mailing list