Use kexec_load instead of kexec_file_load

[kvaps]

Signed-off-by: Andrei Kvapil kvapss@gmail.com

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch kexec_load

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @kvaps, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the kexec loading mechanism to utilize the kexec_load syscall instead of kexec_file_load. This change aims to provide a more flexible kernel loading process by bypassing signature verification, which can be beneficial in environments where signed kernels are not available or secure boot configurations are restrictive. The implementation now directly manages memory segments for the kernel, initramfs, and command line, offering finer control over their placement during the kexec operation.

Highlights

• Kexec Syscall Change: The pull request switches from using the kexec_file_load syscall to the older kexec_load syscall for loading Unified Kernel Images (UKIs).
• Memory-based Loading: Kernel and initramfs data are now read directly into memory and passed as defined segments to kexec_load, rather than relying on file descriptors as with kexec_file_load.
• Bypassing Signature Verification: The kexec_load syscall is utilized specifically because it does not perform signature verification, which can simplify the kexec process for unsigned kernels or in certain secure boot configurations.
• Updated Error Handling: Error messages and handling for kexec failures have been adjusted to reflect the behavior of kexec_load, removing signature-related error checks and adding specific handling for EINVAL errors.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request replaces the kexec_file_load syscall with the older kexec_load syscall to avoid kernel signature verification requirements. The changes involve reading the kernel and initramfs into memory instead of using file descriptors, and preparing memory segments for the kexec_load call. My review has identified a few issues. There is a critical risk of a panic when creating kexec segments, as the code doesn't handle cases where kernel or initramfs data might be empty. Additionally, a hardcoded syscall number should be replaced with the constant from the unix package for better maintainability. Overall, the change is in the right direction for the stated goal, but the identified issues should be addressed to ensure robustness.

[gemini-code-assist]

This will cause a panic if kernelData is an empty slice. You should add a check after reading the kernel data (e.g., after line 130) to ensure len(kernelData) > 0 and return an error if it's empty, as an empty kernel is invalid.

[gemini-code-assist]

This will cause a panic if initrdData is an empty slice. An empty initramfs is a valid scenario. The code should handle this by conditionally adding the initramfs segment only if len(initrdData) > 0. The current implementation needs to be refactored to build the segments slice dynamically to support this.

[gemini-code-assist]

For better portability and readability, use the unix.SYS_KEXEC_LOAD constant from the golang.org/x/sys/unix package instead of a locally defined constant with a hardcoded value. This also allows you to remove the SYS_KEXEC_LOAD constant definition on line 197.

Suggested change

	SYS_KEXEC_LOAD,
	unix.SYS_KEXEC_LOAD,