git.ipfire.org Git - thirdparty/linux.git/commit

author	Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
	Thu, 28 Aug 2025 11:20:08 +0000 (16:50 +0530)
committer	Borislav Petkov (AMD) <bp@alien8.de>
	Mon, 1 Sep 2025 11:06:08 +0000 (13:06 +0200)
commit	c8018325dd3e7c75c19b1e9263c358c4c96214f9
tree	095fe7e698f906ffc58923751d50acb997f9dd22	tree \| snapshot
parent	43b6687ac8777821973d790ff9e9565a84cf6b98	commit \| diff

x86/apic: Add kexec support for Secure AVIC

Add a apic->teardown() callback to disable Secure AVIC before rebooting into
the new kernel. This ensures that the new kernel does not access the old APIC
backing page which was allocated by the previous kernel.

Such accesses can happen if there are any APIC accesses done during the guest
boot before Secure AVIC driver probe is done by the new kernel (as Secure AVIC
would have remained enabled in the Secure AVIC control MSR).

Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250828112008.209013-1-Neeraj.Upadhyay@amd.com

arch/x86/coco/sev/core.c		diff \| blob \| blame \| history
arch/x86/include/asm/apic.h		diff \| blob \| blame \| history
arch/x86/include/asm/sev.h		diff \| blob \| blame \| history
arch/x86/kernel/apic/apic.c		diff \| blob \| blame \| history
arch/x86/kernel/apic/x2apic_savic.c		diff \| blob \| blame \| history