1. Patchew
  2. Xen
  3. View series

[PATCH] x86/kexec: Replace CALL+UD2 pattern with JMP

Andrew Cooper posted 1 patch 5 days, 13 hours ago 
xen/arch/x86/x86_64/kexec_reloc.S | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
[PATCH] x86/kexec: Replace CALL+UD2 pattern with JMP
Posted by Andrew Cooper 5 days, 13 hours ago 
Linux jumps to the target image rather than calling it.  Switch to using JMP,
and drop the trailing UD2s.

Linux does have a mode, named CONFIG_KEXEC_JUMP, where the target image can be
returned from, but that involves extra metadata and setting up a stack within
the target image which Xen doesn't support at the moment.

No functional change.

Reported-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
---
 xen/arch/x86/x86_64/kexec_reloc.S | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/xen/arch/x86/x86_64/kexec_reloc.S b/xen/arch/x86/x86_64/kexec_reloc.S
index 50ba454abd48..b52d31a654e0 100644
--- a/xen/arch/x86/x86_64/kexec_reloc.S
+++ b/xen/arch/x86/x86_64/kexec_reloc.S
@@ -75,10 +75,8 @@ FUNC(kexec_reloc, PAGE_SIZE)
         testq   $KEXEC_RELOC_FLAG_COMPAT, %r8
         jnz     .L_call_32_bit
 
-.L_call_64_bit:
-        /* Call the image entry point.  This should never return. */
-        callq   *%rbp
-        ud2
+        /* Jump to the image entry point */
+        jmp     *%rbp
 
 .L_call_32_bit:
         /* Setup IDT. */
@@ -170,9 +168,8 @@ FUNC_LOCAL(compatibility_mode)
         xorl    %eax, %eax
         movl    %eax, %cr4
 
-        /* Call the image entry point.  This should never return. */
-        call    *%ebp
-        ud2
+        /* Jump to the image entry point. */
+        jmp     *%ebp
 END(compatibility_mode)
 
         /* Separate code and data into into different cache lines */

base-commit: 351d41e8aecc3f7566a0baa7b4066d06dedd7113
-- 
2.39.5
Re: [PATCH] x86/kexec: Replace CALL+UD2 pattern with JMP
Posted by Jan Beulich 2 days, 21 hours ago 
On 05.12.2025 16:29, Andrew Cooper wrote:
> Linux jumps to the target image rather than calling it.  Switch to using JMP,
> and drop the trailing UD2s.
> 
> Linux does have a mode, named CONFIG_KEXEC_JUMP, where the target image can be
> returned from, but that involves extra metadata and setting up a stack within
> the target image which Xen doesn't support at the moment.
> 
> No functional change.
> 
> Reported-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>

I wonder though why CALL was used in the first place. Usually this would be
to e.g. have the callee have a call frame in order to e.g. unwind. For kexec
that may not be overly relevant though.

Jan

> --- a/xen/arch/x86/x86_64/kexec_reloc.S
> +++ b/xen/arch/x86/x86_64/kexec_reloc.S
> @@ -75,10 +75,8 @@ FUNC(kexec_reloc, PAGE_SIZE)
>          testq   $KEXEC_RELOC_FLAG_COMPAT, %r8
>          jnz     .L_call_32_bit
>  
> -.L_call_64_bit:
> -        /* Call the image entry point.  This should never return. */
> -        callq   *%rbp
> -        ud2
> +        /* Jump to the image entry point */
> +        jmp     *%rbp
>  
>  .L_call_32_bit:
>          /* Setup IDT. */
> @@ -170,9 +168,8 @@ FUNC_LOCAL(compatibility_mode)
>          xorl    %eax, %eax
>          movl    %eax, %cr4
>  
> -        /* Call the image entry point.  This should never return. */
> -        call    *%ebp
> -        ud2
> +        /* Jump to the image entry point. */
> +        jmp     *%ebp
>  END(compatibility_mode)
>  
>          /* Separate code and data into into different cache lines */
> 
> base-commit: 351d41e8aecc3f7566a0baa7b4066d06dedd7113

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.