Commit 731d4375 authored Nov 18, 2025 by Sohil Mehta Committed by Dave Hansen Nov 18, 2025

x86/kexec: Disable LASS during relocate kernel



The relocate kernel mechanism uses an identity mapping to copy the new
kernel, which leads to a LASS violation when executing from a low
address.

LASS must be disabled after the original CR4 value is saved because
kexec paths that preserve context need to restore CR4.LASS. But,
disabling it along with CET during identity_mapped() is too late. So,
disable LASS immediately after saving CR4, along with PGE, and before
jumping to the identity-mapped page.

Signed-off-by: Sohil Mehta <sohil.mehta@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://patch.msgid.link/20251118182911.2983253-6-sohil.mehta%40intel.com

parent b3a7e973

arch/x86/kernel/relocate_kernel_64.S

+5 −2

Original line number	Diff line number	Diff line
		@@ -95,9 +95,12 @@ SYM_CODE_START_NOALIGN(relocate_kernel)
		/* Leave CR4 in %r13 to enable the right paging mode later. */
		movq %cr4, %r13

		/* Disable global pages immediately to ensure this mapping is RWX */
		/*
		* Disable global pages immediately to ensure this mapping is RWX.
		* Disable LASS before jumping to the identity mapped page.
		*/
		movq %r13, %r12
		andq $~(X86_CR4_PGE), %r12
		andq $~(X86_CR4_PGE \| X86_CR4_LASS), %r12
		movq %r12, %cr4

		/* Save %rsp and CRs. */