Re: [PATCHv6 02/13] kexec_file: Move signature validation ahead
From: Philipp Rudo
Date: Thu Feb 26 2026 - 08:43:03 EST
Hi Pingfan,
On Mon, 19 Jan 2026 11:24:13 +0800
Pingfan Liu <piliu@xxxxxxxxxx> wrote:
> Move the signature validation at the head of the function, so the image
> can be unfold and handled later.
besides what the bpf-bot already mentioned.
What do you want to achieve by moving signature verification in front
of probing the image? Do you want to avoid calling
arch_kexec_kernel_image_probe twice? It would be great if you could add
the reasoning why the change is needed to the commit message in the
future. Not only to make review easier but also to document it for the
future.
Thanks
Philipp
> Signed-off-by: Pingfan Liu <piliu@xxxxxxxxxx>
> Cc: Baoquan He <bhe@xxxxxxxxxx>
> Cc: Dave Young <dyoung@xxxxxxxxxx>
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: Philipp Rudo <prudo@xxxxxxxxxx>
> To: kexec@xxxxxxxxxxxxxxxxxxx
> ---
> kernel/kexec_file.c | 13 +++++++------
> 1 file changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index eb62a97942428..0222d17072d40 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -231,18 +231,19 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
> kexec_dprintk("kernel: %p kernel_size: %#lx\n",
> image->kernel_buf, image->kernel_buf_len);
>
> - /* Call arch image probe handlers */
> - ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
> - image->kernel_buf_len);
> - if (ret)
> - goto out;
> -
> #ifdef CONFIG_KEXEC_SIG
> ret = kimage_validate_signature(image);
>
> if (ret)
> goto out;
> #endif
> +
> + /* Call arch image probe handlers */
> + ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
> + image->kernel_buf_len);
> + if (ret)
> + goto out;
> +
> /* It is possible that there no initramfs is being loaded */
> if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
> ret = kernel_read_file_from_fd(initrd_fd, 0, &image->initrd_buf,