On Tue, Jul 14, 2020 at 02:08:29PM +0200, Joerg Roedel wrote: > From: Joerg Roedel <jroedel@suse.de> > > With SEV-ES, exception handling is needed very early, even before the > kernel has cleared the bss segment. In order to prevent clearing the > currently used IDT, move the IDT to the data segment. > > Signed-off-by: Joerg Roedel <jroedel@suse.de> Reviewed-by: Kees Cook <keescook@chromium.org>
diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c index 0db21206f2f3..b920f2352df5 100644 --- a/arch/x86/kernel/idt.c +++ b/arch/x86/kernel/idt.c @@ -158,7 +158,7 @@ static const __initconst struct idt_data apic_idts[] = { }; /* Must be page-aligned because the real IDT is used in the cpu entry area */ -static gate_desc idt_table[IDT_ENTRIES] __page_aligned_bss; +static gate_desc idt_table[IDT_ENTRIES] __page_aligned_data; struct desc_ptr idt_descr __ro_after_init = { .size = IDT_TABLE_SIZE - 1,