[PATCH 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O

Next message: Wei Fang: "[PATCH v4 net-next 04/14] net: enetc: add basic operations to the FDB table"
Previous message: Wei Fang: "[PATCH v4 net-next 03/14] net: enetc: add pre-boot initialization for i.MX94 switch"
In reply to: Huang, Kai: "Re: [PATCH 1/2] x86/tdx: Fix off-by-one in port I/O handling"
Next in thread: Kuppuswamy Sathyanarayanan: "Re: [PATCH 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kiryl Shutsemau (Meta)

Date: Tue Mar 31 2026 - 07:31:23 EST

According to x86 architecture rules, 32-bit operations zero-extend the
result to 64 bits. The current implementation of handle_in() only masks
the lower 32 bits, which preserves the upper 32 bits of RAX when a
32-bit port IN instruction is emulated.

Update handle_in() to zero out the entire RAX register when the I/O size
is 4 bytes to ensure correct zero-extension. For smaller sizes (1 or 2
bytes), continue to preserve the unaffected upper bits.

Fixes: 03149948832a ("x86/tdx: Port I/O: Add runtime hypercalls")
Reported-by: Borys Tsyrulnikov <tsyrulnikov.borys@xxxxxxxxx>
Signed-off-by: Kiryl Shutsemau (Meta) <kas@xxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
---
arch/x86/coco/tdx/tdx.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 4d7f71d50122..b9b9a2d75119 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -703,8 +703,17 @@ static bool handle_in(struct pt_regs *regs, int size, int port)
*/
success = !__tdx_hypercall(&args);

- /* Update part of the register affected by the emulated instruction */
- regs->ax &= ~mask;
+ /*
+ * Update part of the register affected by the emulated instruction.
+ *
+ * 32-bit operands generate a 32-bit result, zero-extended to a 64-bit
+ * result.
+ */
+ if (size < 4)
+ regs->ax &= ~mask;
+ else
+ regs->ax = 0;
+
if (success)
regs->ax |= args.r11 & mask;

--
2.51.2