[PATCH] x86/tdx: Fix zero-extension for CPUID emulation

Next message: Odoben: "Re: [PATCH] i2c: acpi: Add ELAN0678 to i2c_acpi_force_100khz_device_ids"
Previous message: David Laight: "Re: [PATCH net 2/3] rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg"
Next in thread: Edgecombe, Rick P: "Re: [PATCH] x86/tdx: Fix zero-extension for CPUID emulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Carlos López

Date: Tue May 12 2026 - 17:37:49 EST

In the x86 architecture, 32-bit operations zero-extend the result in the
destination register to 64 bits. This includes the CPUID instruction,
which writes 32-bit values EAX/EBX/ECX/EDX.

When handling the CPUID instruction via #VE, copy only the lower 32-bits
provided by the hypervisor for the output registers, and zero out the
upper half.

Fixes: c141fa2c2bba ("x86/tdx: Handle CPUID via #VE")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Carlos López <clopez@xxxxxxx>
---
arch/x86/coco/tdx/tdx.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index c8b9e86d0488..a2fe1ae019bd 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -543,10 +543,10 @@ static int handle_cpuid(struct pt_regs *regs, struct ve_info *ve)
* EAX, EBX, ECX, EDX registers after the CPUID instruction execution.
* So copy the register contents back to pt_regs.
*/
- regs->ax = args.r12;
- regs->bx = args.r13;
- regs->cx = args.r14;
- regs->dx = args.r15;
+ regs->ax = lower_32_bits(args.r12);
+ regs->bx = lower_32_bits(args.r13);
+ regs->cx = lower_32_bits(args.r14);
+ regs->dx = lower_32_bits(args.r15);

return ve_instr_len(ve);
}
--
2.51.0