Re: [PATCH v2 03/15] KVM: x86/xen: Don't truncate RAX when handling hypercall from protected guest

From: David Woodhouse

Date: Wed May 20 2026 - 04:38:47 EST

On Thu, 2026-05-14 at 14:53 -0700, Sean Christopherson wrote:
> Don't truncate RAX when handling a Xen hypercall for a guest with protected
> state, as KVM's ABI is to assume the guest is in 64-bit for such cases
> (the guest leaving garbage in 63:32 after a transition to 32-bit mode is
> far less likely than 63:32 being necessary to complete the hypercall).
>

The latter isn't likely either. RAX is the system call number, and
those numbers are only in double digits; it'll be a while before we
need more than 8 bits for those, let alone 32 :)

But sure, as a cleanup it makes sense. Thanks.

Reviewed-by: David Woodhouse <dwmw@xxxxxxxxxxxx>

> Fixes: b5aead0064f3 ("KVM: x86: Assume a 64-bit hypercall for guests with protected state")
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> ---
>  arch/x86/kvm/xen.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
> index 6d9be74bb673..895095dc684e 100644
> --- a/arch/x86/kvm/xen.c
> +++ b/arch/x86/kvm/xen.c
> @@ -1678,15 +1678,14 @@ int kvm_xen_hypercall(struct kvm_vcpu *vcpu)
>   bool handled = false;
>   u8 cpl;
>  
> - input = (u64)kvm_register_read(vcpu, VCPU_REGS_RAX);
> -
>   /* Hyper-V hypercalls get bit 31 set in EAX */
> - if ((input & 0x80000000) &&
> + if ((kvm_rax_read(vcpu) & 0x80000000) &&
>       kvm_hv_hypercall_enabled(vcpu))
>   return kvm_hv_hypercall(vcpu);
>  
>   longmode = is_64_bit_hypercall(vcpu);
>   if (!longmode) {
> + input = (u32)kvm_rax_read(vcpu);
>   params[0] = (u32)kvm_rbx_read(vcpu);
>   params[1] = (u32)kvm_rcx_read(vcpu);
>   params[2] = (u32)kvm_rdx_read(vcpu);
> @@ -1696,6 +1695,7 @@ int kvm_xen_hypercall(struct kvm_vcpu *vcpu)
>   }
>   else {
>  #ifdef CONFIG_X86_64
> + input = (u64)kvm_rax_read(vcpu);
>   params[0] = (u64)kvm_rdi_read(vcpu);
>   params[1] = (u64)kvm_rsi_read(vcpu);
>   params[2] = (u64)kvm_rdx_read(vcpu);

Attachment: smime.p7s
Description: S/MIME cryptographic signature