linux kernel: enable CONFIG_X86_X2APIC

It's recommended for CVE-2022-21233 mitigation.  And, if the BIOS has
enabled x2APIC but CONFIG_X86_X2APIC=n, the kernel will panic on boot.

If x2APIC is disabled or not available, the kernel with
CONFIG_X86_X2APIC=y can still boot normally.

No need to tag anything again because interrupt handling cannot affect
userspace.

chapter10/kernel.xml

@@ -149,6 +149,21 @@ File systems  --->
    [*] Inotify support for userspace [CONFIG_INOTIFY_USER]
        Pseudo filesystems  --->
         [*] Tmpfs POSIX Access Control Lists [CONFIG_TMPFS_POSIX_ACL]</screen>
+
+      <para>Enable some additional features if you are building a 64-bit
+      system.  If you are using menuconfig, enable them in the order of
+      <parameter>CONFIG_PCI_MSI</parameter> first, then
+      <parameter>CONFIG_IRQ_REMAP</parameter>, at last
+      <parameter>CONFIG_X86_X2APIC</parameter> because an option only
+      shows up after its dependencies are selected.</para>
+
+      <screen role="nodump">Processor type and features ---&gt;
+  [*] Support x2apic [CONFIG_X86_X2APIC]
+Device Drivers ---&gt;
+  [*] PCI Support ---&gt; [CONFIG_PCI]
+    [*] Message Signaled Interrupts (MSI and MSI-X) [CONFIG_PCI_MSI]
+  [*] IOMMU Hardware Support ---&gt; [CONFIG_IOMMU_SUPPORT]
+    [*] Support for Interrupt Remapping [CONFIG_IRQ_REMAP]</screen>
     </note>
 
     <note revision="systemd">
@@ -225,6 +240,16 @@ File systems  ---&gt;
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><parameter>Support x2apic</parameter></term>
+        <listitem>
+          <para>Avoid a kernel panic booting on a system with x2APIC enabled
+          by the BIOS.  This option does no harm if x2APIC is not enabled
+          or not available, but it's recommended to enable x2APIC in the
+          BIOS setting for a modern 64-bit x86 system.</para>
+        </listitem>
+      </varlistentry>
+
     </variablelist>
 
     <para>Alternatively, <command>make oldconfig</command> may be more