From nobody Sun Feb  8 12:31:30 2026
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A632281526;
	Thu, 10 Apr 2025 11:13:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.142.43.55
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1744283586; cv=none;
 b=SiXTPffSNWCh4Z4jMlNF3touDHhMEsscrUAB3P3yAxt/8JH5UW2LVnr++Qa7hdS3BmU2q0VNYrotx2KT1S5FXgbeqhz4DewHYy/lILlsOWDb9vYO+pWsnhcR9Krfm2dSkU6lYkyBPGIcyA+eOFD/v/Ske+gLDZv/N4yhOfTENqc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1744283586; c=relaxed/simple;
	bh=FHU4u8PuVea8bLXHi1Wu0u56Y1HC74R8+oFEBtFy7M8=;
	h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version:
	 Message-ID:Content-Type;
 b=o/+khuGFfkDnVLUewKdJzGwz8Wf0gqHrs+tkxZQBg4lGg/hMe1EnoQToaQLKWKgylg60xZNbrZ7wua5CoE0gzqvoWXmejbtvRW7Sx2m71tCZFoay58sw1gOLFwS22aN8ObWGJjrppMZmsRMqOTSCcLhRCgtEDVdlSVQZnvyV/Xw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de;
 spf=pass smtp.mailfrom=linutronix.de;
 dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=ds4UQTfl;
 dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=Ui0Q3b6Z; arc=none smtp.client-ip=193.142.43.55
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="ds4UQTfl";
	dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="Ui0Q3b6Z"
Date: Thu, 10 Apr 2025 11:12:54 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020; t=1744283582;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=5cDtc5dHb2Sa5R4l6Dokh7sAnZhRzA68Wz+z4rg8Rd8=;
	b=ds4UQTflEl6X2ovzoicS4gSKwCjdS48TXhGNYmKdLQcNg88jW7Coydn3tj/ZP0Thy8a5cI
	sn3xlaf2jRWdF5gZry/5cgNsBEYVyCT+sYsF0v8qtnPvzBuiaBlZo/KpoKvpA1VO4Lf5IT
	AIM69FHKynh3rfLQnf1GjvuWeHsUaLcR3sLOtNT28CAGF6N5db7bSY1tNWbjD44Ql2hIgx
	m1BLCBjmNoVH9j6nBarSCqO8Hft7Wxuc9fIVsF+OROQFybN9Eg97ISq/vtxn/l+AAV8vEI
	aykdDBka3J7DCl4SjTuw9hTcgnOHWg5wFo2mWTM0PhzxtiYCDSeTB9/ZmzfegQ==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020e; t=1744283582;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=5cDtc5dHb2Sa5R4l6Dokh7sAnZhRzA68Wz+z4rg8Rd8=;
	b=Ui0Q3b6ZWnZLgATbqbvSjY1kIgLVpWQscHXXuHLLyecsPlC/x+DVqSMceRJNECuz3hm9XN
	JRyZjyBPmBOVCuCA==
From: "tip-bot2 for David Woodhouse" <tip-bot2@linutronix.de>
Sender: tip-bot2@linutronix.de
Reply-to: linux-kernel@vger.kernel.org
To: linux-tip-commits@vger.kernel.org
Subject: [tip: x86/asm] x86/kexec: Invalidate GDT/IDT from relocate_kernel()
 instead of earlier
Cc: David Woodhouse <dwmw@amazon.co.uk>, Ingo Molnar <mingo@kernel.org>,
 Brian Gerst <brgerst@gmail.com>, Juergen Gross <jgross@suse.com>,
 "H. Peter Anvin" <hpa@zytor.com>,
 Linus Torvalds <torvalds@linux-foundation.org>,
 Josh Poimboeuf <jpoimboe@redhat.com>, Kees Cook <keescook@chromium.org>,
 Ard Biesheuvel <ardb@kernel.org>, x86@kernel.org,
 linux-kernel@vger.kernel.org
In-Reply-To: <20250326142404.256980-4-dwmw2@infradead.org>
References: <20250326142404.256980-4-dwmw2@infradead.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Message-ID: <174428357481.31282.17425113277917466268.tip-bot2@tip-bot2>
Robot-ID: <tip-bot2@linutronix.de>
Robot-Unsubscribe: 
 Contact <mailto:tglx@linutronix.de> to get blacklisted from these emails
Precedence: bulk
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The following commit has been merged into the x86/asm branch of tip:

Commit-ID:     de085ddd493bccb77a3ec1b99ae7466133540f4d
Gitweb:        https://git.kernel.org/tip/de085ddd493bccb77a3ec1b99ae746613=
3540f4d
Author:        David Woodhouse <dwmw@amazon.co.uk>
AuthorDate:    Wed, 26 Mar 2025 14:16:03=20
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 10 Apr 2025 12:17:14 +02:00

x86/kexec: Invalidate GDT/IDT from relocate_kernel() instead of earlier

Reduce the window during which exceptions are unhandled, by leaving the
GDT/IDT in place all the way into the relocate_kernel() function, until
the moment that %cr3 gets replaced.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20250326142404.256980-4-dwmw2@infradead.org
---
 arch/x86/kernel/machine_kexec_64.c   | 10 ++--------
 arch/x86/kernel/relocate_kernel_64.S |  9 +++++++--
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_k=
exec_64.c
index ecb0da5..949c9e4 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -434,16 +434,10 @@ void __nocfi machine_kexec(struct kimage *image)
 	 * with from a table in memory.  At no other time is the
 	 * descriptor table in memory accessed.
 	 *
-	 * I take advantage of this here by force loading the
-	 * segments, before I zap the gdt with an invalid value.
+	 * Take advantage of this here by force loading the segments,
+	 * before the GDT is zapped with an invalid value.
 	 */
 	load_segments();
-	/*
-	 * The gdt & idt are now invalid.
-	 * If you want to load them you must set up your own idt & gdt.
-	 */
-	native_idt_invalidate();
-	native_gdt_invalidate();
=20
 	/* now call it */
 	image->start =3D relocate_kernel_ptr((unsigned long)image->head,
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocat=
e_kernel_64.S
index 8808cfc..3062cb3 100644
--- a/arch/x86/kernel/relocate_kernel_64.S
+++ b/arch/x86/kernel/relocate_kernel_64.S
@@ -79,8 +79,13 @@ SYM_CODE_START_NOALIGN(relocate_kernel)
 	pushq %r15
 	pushf
=20
-	/* zero out flags, and disable interrupts */
-	pushq $0
+	/* Invalidate GDT/IDT, zero out flags */
+	pushq	$0
+	pushq	$0
+
+	lidt	(%rsp)
+	lgdt	(%rsp)
+	addq	$8, %rsp
 	popfq
=20
 	/* Switch to the identity mapped page tables */