Hi Pingfan, On Mon, 19 Jan 2026 11:24:13 +0800 Pingfan Liu <[email protected]> wrote:
> Move the signature validation at the head of the function, so the image > can be unfold and handled later. besides what the bpf-bot already mentioned. What do you want to achieve by moving signature verification in front of probing the image? Do you want to avoid calling arch_kexec_kernel_image_probe twice? It would be great if you could add the reasoning why the change is needed to the commit message in the future. Not only to make review easier but also to document it for the future. Thanks Philipp > Signed-off-by: Pingfan Liu <[email protected]> > Cc: Baoquan He <[email protected]> > Cc: Dave Young <[email protected]> > Cc: Andrew Morton <[email protected]> > Cc: Philipp Rudo <[email protected]> > To: [email protected] > --- > kernel/kexec_file.c | 13 +++++++------ > 1 file changed, 7 insertions(+), 6 deletions(-) > > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c > index eb62a97942428..0222d17072d40 100644 > --- a/kernel/kexec_file.c > +++ b/kernel/kexec_file.c > @@ -231,18 +231,19 @@ kimage_file_prepare_segments(struct kimage *image, int > kernel_fd, int initrd_fd, > kexec_dprintk("kernel: %p kernel_size: %#lx\n", > image->kernel_buf, image->kernel_buf_len); > > - /* Call arch image probe handlers */ > - ret = arch_kexec_kernel_image_probe(image, image->kernel_buf, > - image->kernel_buf_len); > - if (ret) > - goto out; > - > #ifdef CONFIG_KEXEC_SIG > ret = kimage_validate_signature(image); > > if (ret) > goto out; > #endif > + > + /* Call arch image probe handlers */ > + ret = arch_kexec_kernel_image_probe(image, image->kernel_buf, > + image->kernel_buf_len); > + if (ret) > + goto out; > + > /* It is possible that there no initramfs is being loaded */ > if (!(flags & KEXEC_FILE_NO_INITRAMFS)) { > ret = kernel_read_file_from_fd(initrd_fd, 0, &image->initrd_buf,
