[PATCH v2 12/15] KVM: x86: Harden is_64_bit_hypercall() against bugs on 32-bit kernels

Next message: Lukasz Raczylo: "[PATCH net-next v2 0/3] net: macb: candidate fixes for silent TX stall on BCM2712/RP1"
Previous message: Sean Christopherson: "[PATCH v2 05/15] KVM: x86: Trace hypercall register *after* truncating values for 32-bit"
In reply to: Binbin Wu: "Re: [PATCH v2 05/15] KVM: x86: Trace hypercall register *after* truncating values for 32-bit"
Next in thread: Binbin Wu: "Re: [PATCH v2 12/15] KVM: x86: Harden is_64_bit_hypercall() against bugs on 32-bit kernels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson

Date: Thu May 14 2026 - 18:00:24 EST

Unconditionally return %false for is_64_bit_hypercall() on 32-bit kernels
to guard against incorrectly setting guest_state_protected, and because
in a (very) hypothetical world where 32-bit KVM supports protected guests,
assuming a hypercall was made in 64-bit mode is flat out wrong.

Reviewed-by: Kai Huang <kai.huang@xxxxxxxxx>
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/regs.h | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/arch/x86/kvm/regs.h b/arch/x86/kvm/regs.h
index 52bed14f43e3..d4d2a47a4968 100644
--- a/arch/x86/kvm/regs.h
+++ b/arch/x86/kvm/regs.h
@@ -39,12 +39,16 @@ static inline bool is_64_bit_mode(struct kvm_vcpu *vcpu)

static inline bool is_64_bit_hypercall(struct kvm_vcpu *vcpu)
{
+#ifdef CONFIG_X86_64
/*
* If running with protected guest state, the CS register is not
* accessible. The hypercall register values will have had to been
* provided in 64-bit mode, so assume the guest is in 64-bit.
*/
return vcpu->arch.guest_state_protected || is_64_bit_mode(vcpu);
+#else
+ return false;
+#endif
}

static __always_inline unsigned long kvm_reg_mode_mask(struct kvm_vcpu *vcpu)
--
2.54.0.563.g4f69b47b94-goog