ANDROID: KVM: arm64: Disable Memory Tagging for all guests if not supported

Currently, pKVM trusts the host for the state of HCR_EL2, which controls
Memory Tagging, for non-protected guests. However, if Memory Tagging is
disabled for the host, a buggy or a malicious host could enable it for
its (non-protected) guests.

Avoid this from happening by always disabling it for all guests when
activating traps.

Note: An upcoming patch going upstream will solve this by ensuring that
HCR_ATA (which enabled Memory Tagging) is not set to begin with. For
now, let's use the more aggressive approach to ensure we don't miss
anything. Drop this patch once the upstream one is in.

Bug: 459479964
Change-Id: I05ea9655ceadcbdf46ca9f63d8dcecd333d3e91c
Signed-off-by: Fuad Tabba <tabba@google.com>

arch/arm64/kvm/hyp/include/hyp/switch.h

diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h
index 33f6af1..839ac8a 100644
--- a/arch/arm64/kvm/hyp/include/hyp/switch.h
+++ b/arch/arm64/kvm/hyp/include/hyp/switch.h
@@ -135,6 +135,9 @@ static inline void ___activate_traps(struct kvm_vcpu *vcpu)
 	if (cpus_have_final_cap(ARM64_WORKAROUND_CAVIUM_TX2_219_TVM))
 		hcr |= HCR_TVM;
 
+	if (!system_supports_mte())
+		hcr &= ~(HCR_DCT | HCR_ATA);
+
 	write_sysreg(hcr, hcr_el2);
 
 	if (cpus_have_final_cap(ARM64_HAS_RAS_EXTN) && (hcr & HCR_VSE))