Xen project Mailing List

Re: [PATCH 5/7] x86/kexec: Implement new EFI load types

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Kevin Lampis <kevin.lampis@xxxxxxxxxx>

Date: Mon, 15 Jun 2026 19:34:14 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=r6aSlzydHYF9pgKPn1kSt8F5KMI/Y5LhfNx96QOGIvU=; b=vl8ujNFWM4l41hTbNCtAH0fvl6SWNviPSKqXkASl/Y7EiS4ASZdHIaFyDJuPKV54iHCbhJI3zBzYDlQSBfbjriOPJ9Fr8OJPsjEzpmzCV8xWGSOL7TxwgP8sS8KFzRc7S4W+AIMGsJELzLQ6JI3nzZDTAXsVSF0l2z0odnEJlVIgaC53zPfqXOjTS1DToxGrAyz/VbDqdGxVL8K+f7skAKoFgAupDNC7d8IX/di7t7J4K0IPRvMtjAyvpoS/nHj4fUZj9SiJzlzS6OeDgEJrYY3C095W5VIoRP1JUVao6Yy3m4MzVOb5VGA7RB3IygoXBOtJW0ZP6kEX1YGp9kLs6g==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=amrqswVXF17eZ5Gx2w86j4TMmFblloCE20EV4Zc1UXj1gMTDi+uchI8EjFKZmKux0vmii/5+h12a7Gg2HwsDenYCE76gi5amBsOlwrz/fI3op8XfF+A42y+1dTqex/keh3BqauL5MIW9sM8UZkeSKpOuq5u+3HnnL4PG7h0wiP5MknW2sgGfyGfe59Y6we5QC3cY4MGfbxFSwlFoR2ERT17ZAo1VjMq4UyxORdhNO2VGRmqg2VWbw/LFz7fdm8z0WY7HeqNnRpR1BjJeUszuRlghPZgpivvUHhXDDJ4QxgJwz1XQeA6ZOxwCd5N28Ys3K1WwBeUcUoLK6wx3lgK34g==

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:x-ms-exchange-senderadcheck"

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Gerald Elder-Vass <gerald.elder-vass@xxxxxxxxx>

Delivery-date: Mon, 15 Jun 2026 19:34:23 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Msip_labels:

Thread-index: AQHc+CbxFmOq1F1kZkKmEXG/eV0SdLY/euqAgACCoWM=

Thread-topic: [PATCH 5/7] x86/kexec: Implement new EFI load types

>Ok, so here is startup_64, hidden as a magic constant.

>... you're applying the alignment to the pointer and picking

>startup_64 out of thin air.

I'm going to be cheeky and play the Linux-does-it-too card.

https://github.com/torvalds/linux/blob/master/arch/x86/kernel/kexec-bzimage64.c#L660

>Either it was loaded correctly (and the alignment is correct), or it was

>loaded incorrectly and this is unsafe to do, is it not?

This is what the kernel kexec segment looks like in memory

.- dest_maddr + alignment

.-dest_maddr |

v v

+--------------------------------------+--------------------...

| padding | real-mode setup | kernel

+--------------------------------------+--------------------...

0x000000 0x200000

In the old non-EFI kexec the 16-bit real-mode setup portion is

chopped off by the userspace tools and the segment buffer that Xen

receives is just the "kernel" part. But we need to pass both the

real-mode setup + kernel to kexec_load to pass Secure Boot

verification. And add padding so it straddles a 2M boundary like this.

What the 0x200000 "alignment" variable is doing is skipping over the

real-mode setup and padding.

It won't necessarily be 0x200000 though which is why we need to read

the value from Linux's setup_header->kernel_alignment.

If you're hinting that perhaps userspace should take care of all this

and just tell Xen where startup_64 is then perhaps. That would be a

bigger change we need to get input from Ross on though.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.