Re: [PATCHv6 02/13] kexec_file: Move signature validation ahead

[Pingfan Liu]

On Thu, Feb 26, 2026 at 9:37 PM Philipp Rudo <prudo@xxxxxxxxxx> wrote:
>
> Hi Pingfan,
>
> On Mon, 19 Jan 2026 11:24:13 +0800
> Pingfan Liu <piliu@xxxxxxxxxx> wrote:
>
> > Move the signature validation at the head of the function, so the image
> > can be unfold and handled later.
>
> besides what the bpf-bot already mentioned.
>
> What do you want to achieve by moving signature verification in front
> of probing the image? Do you want to avoid calling
> arch_kexec_kernel_image_probe twice? It would be great if you could add
> the reasoning why the change is needed to the commit message in the
> future. Not only to make review easier but also to document it for the
> future.
>
Here I made a mistake. I think the UKI case and the convention case
should be handled separately. For the UKI case, signature verification
should be applied to the UKI envelope but skipped for the unpacked
kernel image since it has no signature.


Thanks,

Pingfan

> Thanks
> Philipp
>
> > Signed-off-by: Pingfan Liu <piliu@xxxxxxxxxx>
> > Cc: Baoquan He <bhe@xxxxxxxxxx>
> > Cc: Dave Young <dyoung@xxxxxxxxxx>
> > Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> > Cc: Philipp Rudo <prudo@xxxxxxxxxx>
> > To: kexec@xxxxxxxxxxxxxxxxxxx
> > ---
> >  kernel/kexec_file.c | 13 +++++++------
> >  1 file changed, 7 insertions(+), 6 deletions(-)
> >
> > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> > index eb62a97942428..0222d17072d40 100644
> > --- a/kernel/kexec_file.c
> > +++ b/kernel/kexec_file.c
> > @@ -231,18 +231,19 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
> >       kexec_dprintk("kernel: %p kernel_size: %#lx\n",
> >                     image->kernel_buf, image->kernel_buf_len);
> >
> > -     /* Call arch image probe handlers */
> > -     ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
> > -                                         image->kernel_buf_len);
> > -     if (ret)
> > -             goto out;
> > -
> >  #ifdef CONFIG_KEXEC_SIG
> >       ret = kimage_validate_signature(image);
> >
> >       if (ret)
> >               goto out;
> >  #endif
> > +
> > +     /* Call arch image probe handlers */
> > +     ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
> > +                                         image->kernel_buf_len);
> > +     if (ret)
> > +             goto out;
> > +
> >       /* It is possible that there no initramfs is being loaded */
> >       if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
> >               ret = kernel_read_file_from_fd(initrd_fd, 0, &image->initrd_buf,
>