diff --git a/hypervisor/arch/x86/guest/vmcall.c b/hypervisor/arch/x86/guest/vmcall.c
index 46a91af38..0e7747723 100644
--- a/hypervisor/arch/x86/guest/vmcall.c
+++ b/hypervisor/arch/x86/guest/vmcall.c
@@ -192,15 +192,15 @@ int32_t vmcall_vmexit_handler(struct acrn_vcpu *vcpu)
 	/* hypercall ID from guest*/
 	uint64_t hypcall_id = vcpu_get_gpreg(vcpu, CPU_REG_R8);
 
-	if (!is_hypercall_from_ring0()) {
-		pr_err("hypercall is only allowed from RING-0!\n");
-	        ret = -EACCES;
-	} else if (!is_sos_vm(vm) && (hypcall_id != HC_WORLD_SWITCH) &&
+	if (!is_sos_vm(vm) && (hypcall_id != HC_WORLD_SWITCH) &&
 		(hypcall_id != HC_INITIALIZE_TRUSTY) &&
 		(hypcall_id != HC_SAVE_RESTORE_SWORLD_CTX)) {
 		vcpu_inject_ud(vcpu);
 		pr_err("hypercall %d is only allowed from SOS_VM!\n", hypcall_id);
 	        ret = -EACCES;
+	} else if (!is_hypercall_from_ring0()) {
+		pr_err("hypercall is only allowed from RING-0!\n");
+	        ret = -EACCES;
 	} else {
 		/* Dispatch the hypercall handler */
 		ret = dispatch_hypercall(vcpu);