From: Joerg Roedel <jroedel@xxxxxxx> With SEV-ES, exception handling is needed very early, even before the kernel has cleared the bss segment. In order to prevent clearing the currently used IDT, move the IDT to the data segment. Signed-off-by: Joerg Roedel <jroedel@xxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> Link: https://lore.kernel.org/r/20200724160336.5435-28-joro@xxxxxxxxxx --- arch/x86/kernel/idt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c index 7ecf9babf0cb..34fcc58b81b5 100644 --- a/arch/x86/kernel/idt.c +++ b/arch/x86/kernel/idt.c @@ -158,7 +158,7 @@ static const __initconst struct idt_data apic_idts[] = { }; /* Must be page-aligned because the real IDT is used in the cpu entry area */ -static gate_desc idt_table[IDT_ENTRIES] __page_aligned_bss; +static gate_desc idt_table[IDT_ENTRIES] __page_aligned_data; static struct desc_ptr idt_descr __ro_after_init = { .size = IDT_TABLE_SIZE - 1, -- 2.28.0