On Mon, Jun 06, 2022 at 05:20:39PM -0700, Peter Collingbourne wrote: > On Sat, Jun 4, 2022 at 1:26 AM Marc Zyngier <maz@xxxxxxxxxx> wrote: > > But the bigger picture here is what ensures that the host cannot mess > > with the guest tags? I don't think we have a any mechanism to > > guarantee that, specially on systems where the tags are only a memory > > carve-out, which the host could map and change at will. > > Right, I forgot about that. We probably only want to expose MTE to > guests if we have some indication (through the device tree or ACPI) of > how to protect the guest tag storage. I think this would be useful irrespective of MTE. Some SoCs (though I hope very rare these days) may allow for physical aliasing of RAM but if the host stage 2 only protects one of the aliases, it's not of much use. I am yet to fully understand how pKVM works but with the separation of the hyp from the host kernel, it may have to actually parse the DT/ACPI/EFI tables itself if it cannot rely on what the host kernel told it. IIUC currently it creates an idmap at stage 2 for the host kernel, only unmapped if the memory was assigned to a guest. But not sure what happens with the rest of the host physical address space (devices etc.), I presume they are fully accessible by the host kernel in stage 2. -- Catalin
