Commit f4eee308 authored Dec 11, 2025 by Fuad Tabba Committed by Marc Zyngier Jan 15, 2026

KVM: arm64: Do not allow KVM_CAP_ARM_MTE for any guest in pKVM



Supporting MTE in pKVM introduces significant complexity to the
hypervisor at EL2, even for non-protected VMs, since it would require
EL2 to handle tag management.

For now, do not allow KVM_CAP_ARM_MTE for any VM type in protected mode.

Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://patch.msgid.link/20251211104710.151771-7-tabba@google.com


Signed-off-by: Marc Zyngier <maz@kernel.org>

parent 43a21a0f

arch/arm64/include/asm/kvm_pkvm.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -44,6 +44,8 @@ static inline bool kvm_pkvm_ext_allowed(struct kvm *kvm, long ext)
		case KVM_CAP_ARM_PTRAUTH_ADDRESS:
		case KVM_CAP_ARM_PTRAUTH_GENERIC:
		return true;
		case KVM_CAP_ARM_MTE:
		return false;
		default:
		return !kvm \|\| !kvm_vm_is_protected(kvm);
		}