On Mon, Dec 18, 2023 at 11:34:16PM +0100, Heinrich Schuchardt wrote:
[snip]
Or take:
load host 0:1 $c kernel.efi load host 0:1 $d initrd.img
How could we ensure that initrd.img is not overwriting a part of kernel.efi without memory allocation?
Today, invalid checksum as part of some part of the kernel fails. But how do we do this tomorrow, are you suggesting that "load" perform malloc() in some predefined size? If $c is below $d and $c + kernel.efi is now above $d we can throw an error before trying to load, yes. But what about: load host 0:1 $d initrd.img load host 0:1 $c kernel.efi
In that case (which is only marginally contrived, the more real case is loading device tree in to unexpectedly large ramdisk because someone didn't understand the general advice on why device tree is lower than ramdisk address) I'm fine with an error that amounts to "you just corrupted another allocation" and then "fail, reset the board" or so.