From nobody Sun Feb 8 09:12:52 2026 Received: from SJ2PR03CU001.outbound.protection.outlook.com (mail-westusazon11012002.outbound.protection.outlook.com [52.101.43.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D4D842222C0; Sat, 24 Jan 2026 23:18:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.43.2 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296721; cv=fail; b=u2HUocBTwzSGfUiQ8ja+UXIFAijmCuZ5fqPq92fv214iQIrPHAN+EfTOeWeCIkIznRqBnMBMGnsX3AcAvzWtHyQDrshxh3LPm9+0r5+4peTItFuT6IFE1EKUjLlzRSiHimodb5JA9o0p3gkibTq1ZH1TtpDK06V4YIkTGR/I3aU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296721; c=relaxed/simple; bh=HgVG2U/m8/woKALJfghurcjon/sESZuqo1VHf9QYxFI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: Content-Type:MIME-Version; b=MYob21LZc+rN7XBOpwyz/xZrrYmX/2E3hajmJ7+rM8R5eREpclWIEVg8JEt5EalZLg75l0uMkssGR1yRzNjdrMTfIea/1lU4bASat6GujkL815aXiEendv+wBNlKlPLfHmWOV9egjk/X1siL3OUdk86p6Ffj3b0QUBe6Q/FGVbw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=G0Dk+JSW; arc=fail smtp.client-ip=52.101.43.2 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="G0Dk+JSW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=sCDAcr+YJZa8koj0dmVKkFhH/O/rv8k7xxOCTgaEaF2Ok00pAu9IG8Pe5CvSoLB22E5k/Fe/My7Ubi7lIFGrY7aMzUjfu2Nn5q4dxNvHTCxiHj34wyNrJTMl8HjG9LZb10tf4uQOcpPaHsoqAXGz4dYezkNN00OQznuPu9gsA73V8F1m35e/Q4gFsxQOGJUDj21e6puRKh4B48WGjpDO2De7QZ5aBPWrGdymu495yG91U7USvKCl1RPrxN5CjZnm+0wIO1sOsCMtcBp0GOyEOmHxJsIwFqolEVWTBX67Ak8Gl1cD7PONRAs2zhmeI8QVyKyTsiBlsB0mtTkrNba/cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5uz4m478aqHl3eDMwePEO/2u245mI6tHy2xRkUyZ/Jc=; b=bsB4WnhQPhcHpkgq7hwMQ+Jt4tp3T3JTZoLTS795b8eg5efG8Fc8Gc9J1bTmwWRJCfjpRtLuBN8lJvnOPekVP/y6xF8nVX8Rel15rV9/M7mbvUV4qcN4jaLeuUzbM1DZFVCbGh+h9swczT6lbLuhYWGSNsP1eG4To6Ek1CM6LWBoPPw2LoF3lPAee01etiK9LmNo5WtD8X+iGcVMPQPXlt2ZkSKn9YGU5ZkLc4vBCUt6p7krm9V3Kk/IdgdzCV1FSaFrRR4qUZn8QJk8oeyH6wKl2VkEj2I6m6Uo+cooT2r2HSLcBK4dTa72ikZNN8Irv9ntaKP2IPNU+U2cYhrYYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5uz4m478aqHl3eDMwePEO/2u245mI6tHy2xRkUyZ/Jc=; b=G0Dk+JSWaDaEIuewFCspQYf3VVdHrvYTXjjj4BGZmunYylKiuX7YAAoIo+mJ1GIgiGoNbY+TyK5n6pnol8aHJFICDW8INm1EY8JUWlJd6HT5mBSzy5/fcUHccIqZdPF/UxFoF5wbOWdqBqR4NqOuWoPK937LsypDbNJ6R4qag/CycyHEVi+/y9EciMeGJsQfrDA1kvrJS0LG0K67neqrEb5DtoGGCM8hD7cEqexGO1A5vfajV5OhIO/ixRrTp97eh9Y6IPD+1CmvGsqplYn3WdbYkZbXpfU8ldWHw8XTmSlFjmjR+q4YI+UWr15EU0q4kYtPBj1s3hZE8MYIFKfd7Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) by PH7PR12MB5734.namprd12.prod.outlook.com (2603:10b6:510:1e1::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9542.14; Sat, 24 Jan 2026 23:18:35 +0000 Received: from DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33]) by DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33%4]) with mapi id 15.20.9542.010; Sat, 24 Jan 2026 23:18:35 +0000 From: Joel Fernandes To: linux-kernel@vger.kernel.org, Danilo Krummrich , Alexandre Courbot , Alice Ryhl , David Airlie , Simona Vetter Cc: John Hubbard , Alistair Popple , Timur Tabi , Edwin Peer , Zhi Wang , Bjorn Helgaas , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Trevor Gross , nouveau@lists.freedesktop.org, dri-devel@lists.freedesktop.org, rust-for-linux@vger.kernel.org, Joel Fernandes Subject: [PATCH v1 1/5] gpu: nova-core: use checked arithmetic in FWSEC firmware parsing Date: Sat, 24 Jan 2026 18:18:26 -0500 Message-Id: <20260124231830.3088323-2-joelagnelf@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260124231830.3088323-1-joelagnelf@nvidia.com> References: <20260124231830.3088323-1-joelagnelf@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR07CA0021.namprd07.prod.outlook.com (2603:10b6:208:1a0::31) To DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR12MB6486:EE_|PH7PR12MB5734:EE_ X-MS-Office365-Filtering-Correlation-Id: 3ddcef4b-398c-465e-3b0f-08de5b9ee614 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|366016|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?6Ial8j3LnQr+AoPe1JHsfvWZh5jTNPpQ0Ygh9fyakjdrTvhRiU0puQBpEc7d?= =?us-ascii?Q?jx35W397b1nFju874dl4rA/SAb5tuvo/1mrFqVcle6etxbrjwox16YOP8i6H?= =?us-ascii?Q?3vowL2ZsPzx9uNRtpRmfVXubHE9Sz0HUgPB/ydL6987X8aM2Ru70alpcbtan?= =?us-ascii?Q?fGAPSc0B1E0SytyLaRRgAkgyo8GefbU+aqdkquoJBliWgzZm+Q6yslaR6wQM?= =?us-ascii?Q?dPv6+SEdZ8I841C0rpnjc+mHfRtYrdV0hZmy1rnUDgxnn96rNHbm/q+bUuow?= =?us-ascii?Q?rX3Nq83u/KLCuPqZJ3Z7Q9+rQKcnP3nM7hsLLFfEPIDIBjq0OmEY4KsBQ4VR?= =?us-ascii?Q?7ZzmixJx9JEE0JIC/MEFZZarV5ziHfKO62068/VGLKqHx1t4Ac6DmB4XNFK6?= =?us-ascii?Q?3qiKr5LjGfHqb1qwqqja4KB//UIFbD1LdIv/Jtzrq0uns7D5nsYwmU4xIrKB?= =?us-ascii?Q?/1pveG251kC7pflNMMZlaCrYdGLxGT1U1cOMgGVyqTrpxLzmWQ5FWvFUbqkN?= =?us-ascii?Q?emHwiAYabLEkH+voehBqC0FzijpaaR0sNdIX2pqrOmVNDN+p9i7+WfdhrAOZ?= =?us-ascii?Q?tEaOE6AEarfhCLq+ew99Yh2VLhyzZssGg60gR9husSj4v44y0P/oFJzn7QTp?= =?us-ascii?Q?31sVh4guasuVyII6TeWAOc4BOkSMwEq3yPx3ikkEYbd9pQcc2GALinppFlQz?= =?us-ascii?Q?BK47kxEDhMZAaYpP3TzoaB9JQ9MD/yJp472x98Zzz1eZJbWii5XEGPxqgYPW?= =?us-ascii?Q?73eA+FgE2RijDAgRX89mpUmLAA28MgCMhl7Lex5fEBpUeDj5IWZoN0OGaXWp?= =?us-ascii?Q?u9nedEpFielDYMJSZ60RbdAJmNUawNWbzyIcBFBilDM9ctT2UyIfim+EkU0c?= =?us-ascii?Q?AhgUHId+SQnwPnPj1zyQJHHgir3WjSgV+YqTvohz3ymW6gsRBAUJfS5nHTGr?= =?us-ascii?Q?6OS+LyLTDnsZy2rEvckuheq+u99uCQn9ZWrPm/SFyacl9CezQwMgdVm/P2ti?= =?us-ascii?Q?YyMxclOJlFQ86ksnfXPCY8Z/fi1Fn/vVRsQvLXnsSfxDaUF1fl0r/0CeCHYg?= =?us-ascii?Q?3l6BPyd74nZtUam3DCB4vHDFjNYpW3uV/6YvpcsZ+MHlOVU8/0qDvCc+n3tC?= =?us-ascii?Q?Cdfc3pLJeqMQS8XPTS5oQNW8BUlZP/zkHWxWEEa0jS+nQPpdc640UkYypLE0?= =?us-ascii?Q?d2vuB9AhQygsb8edA7L6pXIzFCgIG7F75ZHab8a9eAvqq+ysWlmxJTyiI/ty?= =?us-ascii?Q?xvEdbhaZLympOLQqdaDnxBS+G5t4nzKbGDlyiioo3TioxAonF422mui3vYqR?= =?us-ascii?Q?wv4E9sFabTNsGoZkofmwvdUoXw0mKsmyTKJ059TOnXmr6Rt4/pb4Uink5h6h?= =?us-ascii?Q?Eix2es6w/mnyOWH3wcd+8YVdXk8y9j9Z4Sv7UsRY3QluEIq8ksrfYVdUUXXH?= =?us-ascii?Q?ALrx3Wue6YWtuzDQgr28/51LHULjN5W7pTSEeskIzdMCJnIWh1ixuPknZT5F?= =?us-ascii?Q?6Ik4xhS2NHCTIJuRasiY1hY4VwiRwl061avyJIiocKrKBTVl5ETGCdciWlJT?= =?us-ascii?Q?CJBtheCQuwJE+zfB+WA=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR12MB6486.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(7416014)(366016)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?8B/AhkxJUhz8fifqXv+f6VaQm3trp0v46SaszwGWBR2oY+8hKEBCZuMcI0qN?= =?us-ascii?Q?xR5n461PKThxwSW2yg1R4WthW7+s6etBNYH8DJNW42n8nHzCmpjR4zcCaLsY?= =?us-ascii?Q?/JbFswy4FwxGQXc5T+BRdV5OLT7LaH8AZVc4uk7nIDpxPjl91Wl5+H0MeIBj?= =?us-ascii?Q?aprRzMkEaUZMrBxJEdZFT0WTiKMNgqZdj8GzBk+L7pDTmB+mMHGIxiylKNZ1?= =?us-ascii?Q?caREQWK7E3iS213FHl//xBmBthV5Cp02TygLR4Iw1MHysZxUI9ueMYQLRMFL?= =?us-ascii?Q?viAYOM4He9fv2KhhUWMHYTTizfgZNCvcL+JgXDOqFtCx0Mb5rZKGpCyJQiI7?= =?us-ascii?Q?llBuJkdRk4sh2rae/gSVBZWbum1qUkHAZ6JVxRidtyj4J4ccs1L9XXauStTe?= =?us-ascii?Q?zhtvtH4QmUlrSrt/RJejfCXByubzTYvLQijg6Q1MG7w8SStVYP/WAz4RMIO5?= =?us-ascii?Q?a/7p5zhErXSXk/tcu9kXavZmG4OJ78gn58avc5Uuu1WoUZxz2NVz35KGa7G0?= =?us-ascii?Q?o7nhnCTTjbJ+tpe8LfMOfDql/Vy74gAxmEyjBeGtQ4vASbyDSYpwXb3M19yD?= =?us-ascii?Q?DFJC3FV0MWnS14zBKeBLcY3G5c5aM57L8GJas1Exfya19s3i8pmW+S7FRVHX?= =?us-ascii?Q?rbZdFTELPYc6+mJWSg6NqnPAjTwa0aaBTh0O2acxoiBmU3abbXst4FZLGtDK?= =?us-ascii?Q?2MeHf3jmlXxsm4mTftL6R/mNq2xlHaB+vM23LoeVD3aKqDEzxxjsoAnBtWTk?= =?us-ascii?Q?rUPmErzE9bA6bItcklmpf/I0MYja0y4BA+4uuQ/95K90KFAFToG04PjRbMhH?= =?us-ascii?Q?kLuT35IRgX+PRiI+eG6AtbPrndY937pm+lnhoWOpvGeZ/NESOjc+rsswRE6o?= =?us-ascii?Q?cZodb9sTz1qUPw+JV0aMGFDyJd+TM7LUc7/lGqj5fq5yq8zQXwKQgo1iC9z6?= =?us-ascii?Q?aBuVXd+gU4B3JmuH8+zOrRwGxs0X7FHr2bOL+NP23hoHstBrwJ8W/hmZQ4m6?= =?us-ascii?Q?1ntWcCn/XtVxcmcRmxuFi6LSTAoTtYaLL2Y9fMmoSV7L1Chb8w4kJ8WcoJ8h?= =?us-ascii?Q?J0G0aQ884OSc9vrKMaUuobymGFBikzF3qzjRVzOV4UruIQhc5gjBv25sHuTt?= =?us-ascii?Q?StIL+6r7qG2LT5Bj6z+DuWSDI13WMJxzn4sig2IEl5Rn9Dmj4AFZQ4/nd7zd?= =?us-ascii?Q?yFcmI0E0lr4yc9XExKV/Y1y40jeq5+9n1YRDNqzae18IOxnmT1Mq82xTqRpx?= =?us-ascii?Q?WkUel6LX2FAMM4P1WG2n7UCddEa2bQFt1pm6jRNpIfbJrPNdpVV4H1iRqexo?= =?us-ascii?Q?uL7mY7x9ehq9gXnx2tzz8DpXKZkQmLII72gl5diw6eeIgnd6uNxs013XFM4W?= =?us-ascii?Q?AynyTznDDXZzWS/DRFF4LtVt4ZMyeFkeK+jJFtxxv54p2jdIsv5T3HtiJ3Zh?= =?us-ascii?Q?LV0xyihG7dj8AJ2JHQT6xPtN+xjIRASlX9VCfAzm7++srkc3x2QQhn5XSMAb?= =?us-ascii?Q?vcC7tIGa55QgOi+uu8h6EyR00cZNi7ojvJk4e8nno0PLWDZiDkJlXN7Y4eTh?= =?us-ascii?Q?SHwIWeugListgc5F5HAAXD59RBfgvQ4HFmFpc//sXDiECWC5Fl3H2Mc/zzJJ?= =?us-ascii?Q?brYQYQIGhazrakFMo+7Ch9FHB4gl3aJmG6kExJpoB+Lv5XGM9kM2p9uME1mw?= =?us-ascii?Q?HuxRbLGeg8xTKaNcONfrQKl+VffMcg91p99bjCCAyBdT2Y44uFrnDJIRaeEn?= =?us-ascii?Q?N+1qbiZ0bQ=3D=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3ddcef4b-398c-465e-3b0f-08de5b9ee614 X-MS-Exchange-CrossTenant-AuthSource: DS0PR12MB6486.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2026 23:18:35.7111 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: h7pl4OPBp0Pf7e+L1dJiNldUlM0Ec4jplCImMp+zsnbr1cCxOuRXJSQzjKmZMY0mjxIgmqERl5nu9YeN1f6/Kw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5734 Content-Type: text/plain; charset="utf-8" Use checked_add() and checked_mul() when computing offsets from firmware-provided values in new_fwsec(). Without checked arithmetic, corrupt firmware could cause integer overflow. = The danger is not just wrapping to a huge value, but potentially wrapping to a small plausible offset that passes validation yet accesses entirely wrong d= ata, causing silent corruption or security issues. Signed-off-by: Joel Fernandes --- drivers/gpu/nova-core/firmware/fwsec.rs | 60 ++++++++++++++----------- 1 file changed, 35 insertions(+), 25 deletions(-) diff --git a/drivers/gpu/nova-core/firmware/fwsec.rs b/drivers/gpu/nova-cor= e/firmware/fwsec.rs index a8ec08a500ac..1a91bbbce3d5 100644 --- a/drivers/gpu/nova-core/firmware/fwsec.rs +++ b/drivers/gpu/nova-core/firmware/fwsec.rs @@ -46,10 +46,7 @@ Signed, Unsigned, // }, - num::{ - FromSafeCast, - IntoSafeCast, // - }, + num::FromSafeCast, vbios::Vbios, }; =20 @@ -267,7 +264,12 @@ fn new_fwsec(dev: &Device, bios: &Vbios= , cmd: FwsecCommand) -> Re let ucode =3D bios.fwsec_image().ucode(&desc)?; let mut dma_object =3D DmaObject::from_data(dev, ucode)?; =20 - let hdr_offset =3D usize::from_safe_cast(desc.imem_load_size() + d= esc.interface_offset()); + // Compute hdr_offset =3D imem_load_size + interface_offset. + let hdr_offset =3D desc + .imem_load_size() + .checked_add(desc.interface_offset()) + .map(usize::from_safe_cast) + .ok_or(EINVAL)?; // SAFETY: we have exclusive access to `dma_object`. let hdr: &FalconAppifHdrV1 =3D unsafe { transmute(&dma_object, hdr= _offset) }?; =20 @@ -277,26 +279,28 @@ fn new_fwsec(dev: &Device, bios: &Vbio= s, cmd: FwsecCommand) -> Re =20 // Find the DMEM mapper section in the firmware. for i in 0..usize::from(hdr.entry_count) { + // Compute entry_offset =3D hdr_offset + header_size + i * ent= ry_size. + let entry_offset =3D hdr_offset + .checked_add(usize::from(hdr.header_size)) + .and_then(|o| o.checked_add(i.checked_mul(usize::from(hdr.= entry_size))?)) + .ok_or(EINVAL)?; // SAFETY: we have exclusive access to `dma_object`. - let app: &FalconAppifV1 =3D unsafe { - transmute( - &dma_object, - hdr_offset + usize::from(hdr.header_size) + i * usize:= :from(hdr.entry_size), - ) - }?; + let app: &FalconAppifV1 =3D unsafe { transmute(&dma_object, en= try_offset) }?; =20 if app.id !=3D NVFW_FALCON_APPIF_ID_DMEMMAPPER { continue; } let dmem_base =3D app.dmem_base; =20 + // Compute dmem_mapper_offset =3D imem_load_size + dmem_base. + let dmem_mapper_offset =3D desc + .imem_load_size() + .checked_add(dmem_base) + .map(usize::from_safe_cast) + .ok_or(EINVAL)?; // SAFETY: we have exclusive access to `dma_object`. - let dmem_mapper: &mut FalconAppifDmemmapperV3 =3D unsafe { - transmute_mut( - &mut dma_object, - (desc.imem_load_size() + dmem_base).into_safe_cast(), - ) - }?; + let dmem_mapper: &mut FalconAppifDmemmapperV3 =3D + unsafe { transmute_mut(&mut dma_object, dmem_mapper_offset= ) }?; =20 dmem_mapper.init_cmd =3D match cmd { FwsecCommand::Frts { .. } =3D> NVFW_FALCON_APPIF_DMEMMAPPE= R_CMD_FRTS, @@ -304,13 +308,15 @@ fn new_fwsec(dev: &Device, bios: &Vbio= s, cmd: FwsecCommand) -> Re }; let cmd_in_buffer_offset =3D dmem_mapper.cmd_in_buffer_offset; =20 + // Compute frts_cmd_offset =3D imem_load_size + cmd_in_buffer_= offset. + let frts_cmd_offset =3D desc + .imem_load_size() + .checked_add(cmd_in_buffer_offset) + .map(usize::from_safe_cast) + .ok_or(EINVAL)?; // SAFETY: we have exclusive access to `dma_object`. - let frts_cmd: &mut FrtsCmd =3D unsafe { - transmute_mut( - &mut dma_object, - (desc.imem_load_size() + cmd_in_buffer_offset).into_sa= fe_cast(), - ) - }?; + let frts_cmd: &mut FrtsCmd =3D + unsafe { transmute_mut(&mut dma_object, frts_cmd_offset) }= ?; =20 frts_cmd.read_vbios =3D ReadVbios { ver: 1, @@ -356,8 +362,12 @@ pub(crate) fn new( // Patch signature if needed. let desc =3D bios.fwsec_image().header()?; let ucode_signed =3D if desc.signature_count() !=3D 0 { - let sig_base_img =3D - usize::from_safe_cast(desc.imem_load_size() + desc.pkc_dat= a_offset()); + // Compute sig_base_img =3D desc.imem_load_size + desc.pkc_dat= a_offset. + let sig_base_img =3D desc + .imem_load_size() + .checked_add(desc.pkc_data_offset()) + .map(usize::from_safe_cast) + .ok_or(EINVAL)?; let desc_sig_versions =3D u32::from(desc.signature_versions()); let reg_fuse_version =3D falcon.signature_reg_fuse_version(bar, desc.engine_id_mask= (), desc.ucode_id())?; --=20 2.34.1 From nobody Sun Feb 8 09:12:52 2026 Received: from SJ2PR03CU001.outbound.protection.outlook.com (mail-westusazon11012002.outbound.protection.outlook.com [52.101.43.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C0B92750ED; Sat, 24 Jan 2026 23:18:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.43.2 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296723; cv=fail; b=Sacxv5cWVppc4XO4mScMoZZSh7P8qYcCLgSsA9VKqFcvjAPphmWFNlH8gFXZyAMtEpcYnnSyEDuy6sK3pYDVOyKF/vaUU2iVFaI7WVGh4/aILpw6Xw3Ee7MMlmq1iexQhltFiZ97OFIwhhQi63J0SLTl+g0wckQr8irG7LySrS8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296723; c=relaxed/simple; bh=cg3nct9uCCQpMS0BqPaiprS6AaCV9AqiJte/g2n+sfg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: Content-Type:MIME-Version; b=PPOATzqyZpcS8UhwLyOr9+Oou+YSKZMaEItjDz5zc+uEhl1Oz/C7mMOr/bgf2zdiE8czKPV2AM5naiunfn4NSipGf1yBA+NIeKxycoMH1oY7m5rtAT2DYJ+kcG0wX13IxGuNq1wR02t0louF7U8Hy7CN5Q2vjh1wVe7d08GK8EY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=FbOzmmsI; arc=fail smtp.client-ip=52.101.43.2 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="FbOzmmsI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=iqWOYu+cluhIWcD7lyX2Avll2VtLM9oXuHMvkGbdfKLqo1B7LemUQp+ohaAJIPJYr/SQR1vZxfOS0fTF1bcyInnaGZ9OIoIog/OJA30JnebTqJ3gQB4gvxWVaX3f1HC9Tw9WGQTDPuMs58Op27/ItiEDG3OfUs3HHnQj1AanPy81OnQ39a7pPMdKqdh7x8p5WfVkLFtGyEdmKlZJlHCUodMEo7H1tEtN86kXfDpR5TBhBT/s8hA5iXYYwtLxJf6LVEjPr7BI4A248f5qCAGTX9ucIFRtKC1I6Gftd+C1aMWH5c4SLl3KbBMqvbL6XKUNXO46pTwkB9vNOnJxRcOZ7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aVTh+Dk4DADi/5QT5h74TE1SuZopp487aNVm3AXhMxM=; b=ud0f4VAVrAkD7UP1puanrdMI2PfpQVtGbl1WlHwJH4cP27X25QyPrCLeB1X84Qm63xBxm9Rh2AGWGhSMRe+JxKRYunIo2vRURVIIvXclkV9TGwGj/hMoT/CaQGXhG12AfJ0ULxehd5JP4C8A/u5QlVJDTAV3GOC/PVlQIXUqtsHDBHDHwPTCgimO5Tt8n8UE5xyCrYwkUEZJaBR7y5X68EvG5XttoU7dREAehZ6IlUFI407JkdSq5PSnfqm24IxLcWnnZTDq1OUJgWZYJfeUnIqJzKtkkiuvxT/jxsdfxtaaco+NxNKbqAqTZxc11JQ4D6Zu+b6v16wCwTxhTKP0jg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aVTh+Dk4DADi/5QT5h74TE1SuZopp487aNVm3AXhMxM=; b=FbOzmmsIJOMaoGfsFxJGGhKVXaYjUBlIwhMvKAFjm/lgoMqAx6mTT9WNM2vBHnOBKxkOZgVSibhXwsd4Vac/UfO9zWWFw4R0V1VyWLz5TjwpRC/0sQfFr+rJeuS18zSJteX+PhcLslpy2v0DqvetNL8/UiSiVXxVxuGnzIt/mSn7dinDUVNR1aswZCXLKdDbFtNtnq84N6DmGsupn3hSTUVYj87pyfvdnDu+olsMAT5M0HcYFHJO3WmVrmqkb4Sup3CzFTi7dkKOkLZ8a4ytGdMoSfEU9JCcL6TiH02g6AwD7Vt61uQq4QHlfwuM5ofnRTtALSTP/rxBZBqCY87UKw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) by PH7PR12MB5734.namprd12.prod.outlook.com (2603:10b6:510:1e1::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9542.14; Sat, 24 Jan 2026 23:18:37 +0000 Received: from DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33]) by DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33%4]) with mapi id 15.20.9542.010; Sat, 24 Jan 2026 23:18:37 +0000 From: Joel Fernandes To: linux-kernel@vger.kernel.org, Danilo Krummrich , Alexandre Courbot , Alice Ryhl , David Airlie , Simona Vetter Cc: John Hubbard , Alistair Popple , Timur Tabi , Edwin Peer , Zhi Wang , Bjorn Helgaas , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Trevor Gross , nouveau@lists.freedesktop.org, dri-devel@lists.freedesktop.org, rust-for-linux@vger.kernel.org, Joel Fernandes Subject: [PATCH v1 2/5] gpu: nova-core: use checked arithmetic in Booter signature parsing Date: Sat, 24 Jan 2026 18:18:27 -0500 Message-Id: <20260124231830.3088323-3-joelagnelf@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260124231830.3088323-1-joelagnelf@nvidia.com> References: <20260124231830.3088323-1-joelagnelf@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR07CA0016.namprd07.prod.outlook.com (2603:10b6:208:1a0::26) To DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR12MB6486:EE_|PH7PR12MB5734:EE_ X-MS-Office365-Filtering-Correlation-Id: c398a821-d298-479d-76eb-08de5b9ee72f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|366016|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?jSDUlb1D/z4uP4jVW/pd+8/UfK9VBRPttyM6tR8HWwL/zEzr7RcRh9eThzNH?= =?us-ascii?Q?QXw8ClUfXvG3xaRtN3eZ+AhVk6HGDwSAQ1Zx2fABtZkFzAJ/zNgRzzm4W5Ea?= =?us-ascii?Q?hLGhCnZSRr5pQXXv+sE4EHPCmxP8sgmGUCMY2m0AQJdeMCW8nEBTSciIHr82?= =?us-ascii?Q?/K1/qKbeg06tHunBmwm6h3q9VPhstbpy4yW7UTbok7QylMY4BN3y8tjxEjFi?= =?us-ascii?Q?7wAdtR8fD6ifpcoOyyeiY8nZlvOi87Wj90r576iX4STNS1kMLBOxPmG5nn0/?= =?us-ascii?Q?vPWYGM9IZdI9kHgXIOUaszgZkjiheWbZvoSgTdTo5IXJblLbnkmllc2qQqHe?= =?us-ascii?Q?oiJCaysmbsvzDnL8sEmnDvxH6g5U4MOy5cWffwPE9AygF+6MjTn0k7FFostd?= =?us-ascii?Q?bQ2pC2lFy8zSTAZhlyjNdiUS7L3O35dm5fMympOdo/qWOMQDIx+wLCBxvfii?= =?us-ascii?Q?a51L17+UMmn1JaefvYICeihPgWe43eYS89Q/y+sJsOegUyP9jnV0SFjWgV2/?= =?us-ascii?Q?5r8QMSI/dSr7BQYyNNHod3txxJcrohejRPb825B06FfzqEluu3kPE0N21HSI?= =?us-ascii?Q?W6Qkzs7YMfHQAJdLVth+cGD88iPH7AN2noeuwJggUUuIqxPyBFgmVuT1cIBM?= =?us-ascii?Q?52Nitee/U4h0pcvR/eGL8UDcZAq8FguvsEcslCFKv0fSwaNp9CVPlNzhnWrc?= =?us-ascii?Q?jMr21fAplt/2DZKexTVomEY08MXSPYG26gyMdc9g6dmNNFYgUBXOaBDGZ64F?= =?us-ascii?Q?79Vqq528XxkBqOOtajLrL24NrQ+1HNA1XEuERc6tNWy04NggKeQjahVTTBnt?= =?us-ascii?Q?WHtVgXQOLFGOd1j8PPnX64JsNYfcyMktvclwW6OmN8mcdRh5o3U3Z8B0U1py?= =?us-ascii?Q?8A6YaSOAavtqy+Nf4izgMedLMkuzjc8zMkrd6u2A4Z4raKWStg8xtb4CiCpu?= =?us-ascii?Q?Z3nMdSB142ptpZXhSSD/u6EoGgjM3Q2h7sPmzHYFWBdqn+zzZSxUo0DWxrAu?= =?us-ascii?Q?g2n9M2NWNmRn8RQmVy+cKYW2Hml4++/PGF23PI4atc80hF7ZkecVazRl3Iqq?= =?us-ascii?Q?hgZqap+mpBZLDFFt82o7vJM7o6d75tpKLjCnfcvsmm0QqFC2KBOF38AyRFaR?= =?us-ascii?Q?bcLgALAY6MgDuiAc5c1mhDdxAJzfddGXyV9koPr5B49dEvahgsKZ7SE3cjEt?= =?us-ascii?Q?aPNe5MdDmhRW1+B3w5I1g/WGz0oT+XXHeSDGDDf3y0lXSSIhHOgGkEc7QmIm?= =?us-ascii?Q?zaWWzzOaGW9M6YDrxpvveOwM3rQPozwh/lNclwdxjRyvKQ6kdLWhk+CN/dQ5?= =?us-ascii?Q?C/wIBscUn0h2wxz8WK82lPzWh/Ch76ugvcMTLNQoA0fBpYpKOfIPa7AGHcuN?= =?us-ascii?Q?OeU3XpjkcuUnZTtOPlpgSLdeE//i4nu1xv91R7Eq6+9e5kKuqkK7SvAKgubb?= =?us-ascii?Q?Aksao8MaTut7UAUBd/o6n/55yDuDA3fcAY1vpBeCjX7tx/QsXlM/1Vvl74Ph?= =?us-ascii?Q?kDtnHmCC9uKlvZb0sWVqCwnxoAzDuc4EcR8ywftKc6DtkTMFAjypJakNkgAz?= =?us-ascii?Q?9GXdoU9PB2vIR2DweYc=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR12MB6486.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(7416014)(366016)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?TVdqvH4Yjuj64HkQnvlZaCs6Qcs+AJ8gtvajjv8w4qFaB0r0ZY5UihXaPh1V?= =?us-ascii?Q?y1GeaXVqskoPMHr+JSx4+0hrGXmCKzVaYZOdg57O0InaObFg70j8wEzJCKmU?= =?us-ascii?Q?jDEqZ+1nVd+Ez6M70stM8BiQI/TMEcVCoPvSo1ec/ZwcBS9uu3ri3ZBb//nI?= =?us-ascii?Q?W5F5mztlBRbcWzSg6ZUtZ6fhyBazIrrOzsjNYIo7xYcGCrHT79NmUwgpLT4A?= =?us-ascii?Q?exS1m3TX9AcsrYRd4Xmu2+ZnmMmJUT0Ia0orNxobz+opESMjjsNdt+D9XNWm?= =?us-ascii?Q?+bV+n9AWkb+dLU8+PLbYM7/Ja1WZKxGbjoPHBrP6EynMKFzeh1YN3f4j/IjL?= =?us-ascii?Q?PUGiRw/OeEsR2XC7UoQbXfmUNqFUOPxziKpwfjHC7HWB+YrI11i+dMuh5j2V?= =?us-ascii?Q?6fQ7DgICJ1MA1HBQxMkxf6052kSSeimn1DqwtmQZY64DipLIYwi4kw15JbN3?= =?us-ascii?Q?qDJKH/Pboc8MgoR5EkmXWriSR6rIMTtUoOBDEIJFzVCWELTv4RLotEGaLOyo?= =?us-ascii?Q?lSkdJem+9f7w/jXAp67kRUtjArEOQSmsEwhZMCfpXK88dcyBX+NDVpv8cxy1?= =?us-ascii?Q?GsPwv1t8ki+m25cYUBYTuhHWjCXgY7qI3y/7b1OI4VKyDns+av49XLcrrsha?= =?us-ascii?Q?xopwlJgXi4ink2Kfihn/JAphpEcQTSIhNSJvN3BbJwj0ExrPGIWD57GPswN4?= =?us-ascii?Q?9bmAwa2zKdoYDYskDUPT00BzZ7WUhxbPgjGQ0Xt6gE3vqWykT7B+HpetiGu8?= =?us-ascii?Q?n1QfiRB54/DYRlpgnvyfuutGdUXzEmttog46pxkLrEPBsUBPRcQeEGLPZCJC?= =?us-ascii?Q?S3c6/6CM+QSYO5iRpvvrevZcA4UtgcPrmbZO1FHXhuV3SbKZcfq3284dSzNN?= =?us-ascii?Q?4co0PwnPSiemdYRrW6/kd0NFf068fUHfpWB3hhWokV+TgD0S/KFgx3LBzU0d?= =?us-ascii?Q?Xin7bXLJe0pK2/hr+ri1alAxcL/zNyer21HFgQeGh0YoMUA01M34q5uC4HdA?= =?us-ascii?Q?3Zdp0LgnRAdsl1WSyXjNby+IE4XRaWE8tELwOU5BsRPizNprcG6XBbDFmEFz?= =?us-ascii?Q?o0Nt5VyMJdDSTltvkL1ebKO8/qrRTrEQdLnHl0y4tKxPQiFgT9nVLCjET1BF?= =?us-ascii?Q?Y0Wlb1CU7Qu8Ati9PEOVu9HUHTfknqbnBnDP7Ha4/Oomq6bRPrvHj2Xz8zt2?= =?us-ascii?Q?PPM2jERspuWefeLjMQJTeqTqktZSR5s/HrWnwXxHC3ppl+c5znWRO1JFiYy2?= =?us-ascii?Q?p0GvBWjHlWY/Qfm+lIyEMHNYSmtYetu6ZLKvjTib83hAjURz4Q9vl1sIIPZK?= =?us-ascii?Q?2EC7vc0WTvTKMPOYzl5Ascym+sKciG3NsORm6J+9CQsUa/NrVcRLgAO/VMNG?= =?us-ascii?Q?zyM7Jl6VZ09k1rwup1vplb2oRgiO5PgZdVxJ0ptmrifgyzWbjbQSSHrVkT+y?= =?us-ascii?Q?O5Y9uatNFQfgmFUHwJ/lt7Z2p2Pd9kS8l+unMhP6bT5fPTMUykIX9ge5dHh/?= =?us-ascii?Q?qVS3kqF1llQomQweoQuHISZl8hUiSva/oRSoNVyuYqQ/9DwNLrHxiiRsVtcn?= =?us-ascii?Q?XtqLpAYLeL/pd287Zz6hKDyab6PMVRnWGPWC7pp+/A3jWo+PzJRFn2TJjdbn?= =?us-ascii?Q?9MxFOr6vO3/Heutb/s59XuAccCcu2gO62HiU5PC477ouu23iBVEsM3BgFQ5X?= =?us-ascii?Q?Q3AK+53Q4udd5vA3gEkQ/M9C1pWGAW0VArL63gTaHc06IQ/3uUUc15lGdR9W?= =?us-ascii?Q?+ezL8AM7ew=3D=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: c398a821-d298-479d-76eb-08de5b9ee72f X-MS-Exchange-CrossTenant-AuthSource: DS0PR12MB6486.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2026 23:18:37.5760 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wAx6gwwglFgPuFqyYI1ILf0Kf46diSzyTUJ/WWBAMpf51nRWYmMh536Ur3FiEvsoOz/nI+kRqDbwn3nWY+NFIA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5734 Content-Type: text/plain; charset="utf-8" Use checked_add() when computing signature offsets from firmware- provided values in signatures_iter(). Without checked arithmetic, overflow could wrap to a small plausible offset that points to entirely wrong data. Signed-off-by: Joel Fernandes Reviewed-by: Zhi Wang --- drivers/gpu/nova-core/firmware/booter.rs | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/nova-core/firmware/booter.rs b/drivers/gpu/nova-co= re/firmware/booter.rs index 86556cee8e67..f5ad619dc055 100644 --- a/drivers/gpu/nova-core/firmware/booter.rs +++ b/drivers/gpu/nova-core/firmware/booter.rs @@ -119,14 +119,23 @@ fn signatures_iter(&'a self) -> Result> Some(sig_size) =3D> { let patch_sig =3D frombytes_at::(self.fw, self.hdr.patch_sig_offset= .into_safe_cast())?; - let signatures_start =3D usize::from_safe_cast(self.hdr.si= g_prod_offset + patch_sig); + + // Compute signatures_start =3D hdr.sig_prod_offset + patc= h_sig. + let signatures_start =3D self + .hdr + .sig_prod_offset + .checked_add(patch_sig) + .map(usize::from_safe_cast) + .ok_or(EINVAL)?; + + // Compute signatures_end =3D signatures_start + hdr.sig_p= rod_size. + let signatures_end =3D signatures_start + .checked_add(usize::from_safe_cast(self.hdr.sig_prod_s= ize)) + .ok_or(EINVAL)?; =20 self.fw // Get signatures range. - .get( - signatures_start - ..signatures_start + usize::from_safe_cast(sel= f.hdr.sig_prod_size), - ) + .get(signatures_start..signatures_end) .ok_or(EINVAL)? .chunks_exact(sig_size.into_safe_cast()) } --=20 2.34.1 From nobody Sun Feb 8 09:12:52 2026 Received: from SJ2PR03CU001.outbound.protection.outlook.com (mail-westusazon11012002.outbound.protection.outlook.com [52.101.43.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1F9D826ED56; Sat, 24 Jan 2026 23:18:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.43.2 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296729; cv=fail; b=POUhDZ1MJdyKLr+nJ90ZNcfg/bHDEj0tyY28X3PB8RJVBrhPpF9atoUMWdPG2VTJTem3d1Rfs7t/XlNeUR8PhwA+r9z1nNwhJHXIHRsDbAecdUbwqlG1FU1uVQx/kbQj9t/Djuj5iSR6XyGLpKQ21FyD3p/mHhCvKRA78dQhS1w= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296729; c=relaxed/simple; bh=bxVIjqQq2a/yyTQ40CBy/xSUhxThKdXU6aKykhM/cgQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: Content-Type:MIME-Version; b=uf2jEk93Qplc+vGoywT0JRBnJN+g15JM4fbFHTJBpkX2MTH2YtnLUgYBpjMVWjtJ6U0fva9/EolEeBUTb77WUT31TG+3PzNlp2sfwtXeuZALSunVw/Lgdjxmo+YtiOq1hRlT+m1jrXCcw5t2pEqC2soAHmEgXIy6hdlpw7hOiNM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=hItbk7ym; arc=fail smtp.client-ip=52.101.43.2 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="hItbk7ym" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GTmDZP1yYKcjccJsHiizP14atj7wvxBN/NMUVrFH1svOXDsaUUdMgjVzKJ32Z63GDfRcy/TT5oTGHZyg/U16IY61ousZ9WEzZp0+Xkp06FEtf6EnWE6gI9y9IeHkc+2dqCZ+XnUxMvwokEjTW8shp2xPB+Z9Cjq7/AJy4ykOYZPpIIhaM9U5+MiDa+wbeHZ9jspiS/yKK7UDLUDf7XfnP1+q+MkZcy/kdmBf9R+7WhQTT23vGtivDBqgdTNEEXx55OA8CuK5/NsVka2e3PKU1EYbH1f6UlP+FT9t5lMyfmDhN3Hg42lLcj8qc3hhG6P8gwPtOR+AGfXs7tV849C2+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5XwDFuw43jEVEUDVl2NZ4heYkvbXkc38y2yaJ5bk3eo=; b=xK7n6oeszOvUdoXSs1exspSvEuZYrIcHKgpR9EXixjhNYeGYUPSkDdkiZvJwz/MKNiFxe0No4c9xwQ1ZH/DarC6IG8WG4cXbH+HRJBN1m2XzKArWvG0OxRj8bEoOnw875ul2oV/y7Unk0PpeYXyRMcHJcqXZQ7BMlUW+pTQoi8m+HYTtNEFRM52zzO6cZSJQGl/rVdXB1pZYpdm8QxUdOveFuZvC1sjwQzMVgOT+iI+D1TxsywtckqqHyVESu2NyKKYcBMlESgrXRxUf846jcaxBUdizsLURvmadK6iu/xlIMjHp6DCJJAE5XtgiZOPwqTQ5Skdlv0vxS6fQePSWBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5XwDFuw43jEVEUDVl2NZ4heYkvbXkc38y2yaJ5bk3eo=; b=hItbk7ymbG3/I4aB1iT6rXknsiiCvYRcjlfHda8NLsQJOsDqqzIgdVokCOuPNRKlmdzmR/jObkQQj76gRRZ93/0adqnvfng9Ox8mK2fvm8Z4zPjPeJIS91niDDDvYyETW62VRp5bjrVfmKPOCs8pGAMN8HiP+/p6hoxWsC2kdcbFvWaqd8xs4cDinzAwdqiYenqSfxGsg9dGh6LonL9/TqApArMUN+Gi6JM4tU9MmvMgufM/HBz/zZwWC5L6LmgywPc5aYw4MjxC2pMyLhnbZmRUEmbU+VA5tln17DUr0Glrj+f5qoMWTcPK6rt8CpJME+4E4/GnVvdUY4NWWso+Xg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) by PH7PR12MB5734.namprd12.prod.outlook.com (2603:10b6:510:1e1::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9542.14; Sat, 24 Jan 2026 23:18:39 +0000 Received: from DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33]) by DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33%4]) with mapi id 15.20.9542.010; Sat, 24 Jan 2026 23:18:39 +0000 From: Joel Fernandes To: linux-kernel@vger.kernel.org, Danilo Krummrich , Alice Ryhl , Alexandre Courbot , David Airlie , Simona Vetter Cc: John Hubbard , Alistair Popple , Timur Tabi , Edwin Peer , Zhi Wang , Bjorn Helgaas , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Trevor Gross , nouveau@lists.freedesktop.org, dri-devel@lists.freedesktop.org, rust-for-linux@vger.kernel.org, Joel Fernandes Subject: [PATCH v1 3/5] gpu: nova-core: use checked arithmetic in frombytes_at helper Date: Sat, 24 Jan 2026 18:18:28 -0500 Message-Id: <20260124231830.3088323-4-joelagnelf@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260124231830.3088323-1-joelagnelf@nvidia.com> References: <20260124231830.3088323-1-joelagnelf@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR07CA0030.namprd07.prod.outlook.com (2603:10b6:208:1a0::40) To DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR12MB6486:EE_|PH7PR12MB5734:EE_ X-MS-Office365-Filtering-Correlation-Id: d2beeb5f-baec-4eb2-cc0a-08de5b9ee82b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|366016|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?HmM19nHZ2eTE1OoEAYXWoE9ouCs/wT4+cUZBEqA7fq2jrCpUNRGb6IDp6/Zd?= =?us-ascii?Q?wGcK0yPALMmDckch/WqZq7X/B1EfhlveGB/CJladertbCEOAVdq1iTDE3fkG?= =?us-ascii?Q?0dLiYTt+kE5YDDMrHbl/VVyFxCr+2urqRhLeJ67IphyeBY+SaFXC0adps/+Q?= =?us-ascii?Q?0Obe5i7OqnedR5AjWwELlbbHcdkuUSh3TasUAH8BYwctIMoMropc2SbCTPme?= =?us-ascii?Q?sUmRBwWCQV1jkeRik/50ZNSban3jkRlVNsFWJTkPU4NXiYag9GHbnNbeo9sB?= =?us-ascii?Q?W9IGFjyDApzIBEEK1W1hqBWe/6g55wCnC7ttovZh23fA3tK6nXVloWfVqf1t?= =?us-ascii?Q?+JoKJ+Wau1LkVsu5UiA66bf3Um22ethRjPnAxYND/4A3rYuulZ7cZwFIF0RD?= =?us-ascii?Q?mGBxTxlJko+BiQVHqm1IhBc4j7T5LMqzPuoobCVwbp2OMzTNG502WeU4f6EC?= =?us-ascii?Q?DWsIdjEfGFU/rPtu6QWdLY/nAR9qn414WpHS6EViFmG4dOyTIuo53pp6EcOR?= =?us-ascii?Q?EjzURhtD2hkviXfmrzh9yJXfdz/CBHeroC5K4Ctkny6N1otLWEqlhVgBos0O?= =?us-ascii?Q?5EzO/lRZZyb327qYvjH7inuPTp8SAjdDaNBdPersySzwABTASXm765beDRGQ?= =?us-ascii?Q?uJ7UGPX6VHylpIbQG09jk05SsewaF4fYCcAurHXIXMxPeoAbCpET87jvcyvo?= =?us-ascii?Q?n/XPG1pdFxp0Vt452m4mcJWlHbKOneEqIVCdCVyzIcWvayHH6qYgCDgIO58Z?= =?us-ascii?Q?gG89+YrQIu+QxoCpLwIffdcH+DduvGguEKZ+9L2SO/rJVDy/+S+kynVFuofW?= =?us-ascii?Q?+eAGq79n21aHbqYtnHnWHcm0ZO270tweCO4FtU/qFHnRI17ZVfZ5jA6nIkIP?= =?us-ascii?Q?YLsQgV5ZoRRumWWjYQMUONuV9CVNRjmrd/+PiyeljWhYFyYxpwgNBcaJ/oQ2?= =?us-ascii?Q?VlKNFku4i/R8CBLdNPTzGnjiwHUSOqOFy7/tInW5jQ2zd16ps4PtS48SHV7U?= =?us-ascii?Q?/RvCTpYNp22tCb4jBqHWXDW74jjLUJtTGSCJRDTzpK8cqU4aJUyabWWH21At?= =?us-ascii?Q?1lX56v8muGAEVY3F2t5hZc7N+z034DpqoYuBJ2JrLR/Zzp/tnD0LVgTmCo7s?= =?us-ascii?Q?V0XwD3eKRNLBGyYrwsFyZNZo3F/xSYnEO2QTKTWTOuc5wvtqPovO99RUYh5A?= =?us-ascii?Q?gY1viDPSk1n0oZljY3dvI+HvUzrXpSNDFXC0I+fnY6IjEAbb3UEZrwME670K?= =?us-ascii?Q?el31TM6Q7It7usV2H00JYjafUMQkvWz/Usf9Kdo98dnlmvz8JihXHxtpvdda?= =?us-ascii?Q?+uCinNZ6OkVcqLe0bC+1ww5PzLPHKq1cT333LyJyfFzjLAIJYbkH2H95J9XM?= =?us-ascii?Q?0NgORRLrXbu27ftMsWUIHWk/n1D+IgealvZqCTnCwILbw2A9jYKjdr8DrybT?= =?us-ascii?Q?j7WE1dgSnjBmEjpfxDYK2C3NbRdCAtP88Xe6oYwdaVz7RSqeUeQWN9hwocP7?= =?us-ascii?Q?tG6WmkogV+Z3TlHDpkyj/6WKA3OpnlH762bVbvPIG5NT7zljzFeNxB5t26Eq?= =?us-ascii?Q?O7OqsLl7ZJ+FLTY1ENA=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR12MB6486.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(7416014)(366016)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?FTWvug7YrtKQg1liXwmIYU6NNd9loB/cpW1K5xSssrpRIgZ6ORj670lichLV?= =?us-ascii?Q?LGItX1qFta6j1kz0SobgL1AF/vWTi9b12brP+mEVS3aPjE7Wq1OIM3LOBEAX?= =?us-ascii?Q?E+DrmbliambRLF2oagkv8IniswrlThKTvgBHjQt4PIVi5byDWrV2lsACGiX6?= =?us-ascii?Q?yWQGP6zmjyIBplC9sl67YnnLLQdaCty2yHda1ORWM3CGG5flxSSQJznZuLnS?= =?us-ascii?Q?eirW6J8Al+BcyCq814spL2r+Y6YckbM+1HKCtQLSIu63+sxkqIlEFNgLNtGi?= =?us-ascii?Q?ItPQOJlswxGvQ4fO0mwmBFOD8J/jyiGyr+lMzYxd0B5/Pyxl/hzegXqqIp+S?= =?us-ascii?Q?Xpoaw7JMApE7j6w4QhliBEseWPh3jwgJB9TgT5jACuW9kw8HKWK+v1QQIc9X?= =?us-ascii?Q?jtlgQJLKjc0t2SG/qzDyM6yF3g+29m5WKwVaCvoE0dUIeGF0kfxhDkHo2ks7?= =?us-ascii?Q?K5nzfSbSSsjDOo/btCXi1+ter1UOxWqyvJMO8dwvNsYnE/qZs6K6Z4lFC7XB?= =?us-ascii?Q?Da2XJxFPcCySg9KaR2ZbIUOLrwGYvsbAJZ1BNN9a1q+XjbcY2T9iG6ohfxbg?= =?us-ascii?Q?touqUvgi7ED3eC0PdG0UJeSx1+VTNz1WVSDyWPW5fMG/ZmNHHOkji7HhhqYH?= =?us-ascii?Q?L3mCU8zUWaT+fdUDt/EzDC/I0vtCw1zpbG7MH5I6GLl7g+T2fUYh/tyWiRJC?= =?us-ascii?Q?dnL3e/ZIAmo99FtPbJ1r4srRAnNyd1td1dnghY+usmj8I0qgHrHEY4zU8kx5?= =?us-ascii?Q?pKLRDYFrM6xgEjYlNykBnR6ZO9/oci56XuJlsg9FD9BczsJN0yMX8n9LlKks?= =?us-ascii?Q?4ZNvKSk5NdM8EESk3AAhJoGHrQCVqp0GqNRWweioWYREVQx0IQQGc/PRtJAF?= =?us-ascii?Q?ZqSwslR3y1rdDfHwLCw7+dU/6Q/c+cHeVmIY8G35uze91rmgu21tuB3W161+?= =?us-ascii?Q?XeZPHqQH9gU+1ZY8vALoDOKwjmoWkx5ew/p183Ogh3/ln5S8aulQWAkT7k3E?= =?us-ascii?Q?BkyvBtGsKSyom2Po1SAG7OP31CWt+NXuguBNQCOB0e4QHiNXlxnAFAKYzwbz?= =?us-ascii?Q?lk0hh1w67rlJD3eFtczF/LstdEShq+a5aOoqnomtFrD9FF267J7RkDjzEmC1?= =?us-ascii?Q?gTSQJVXARmK+Fby75KtwbPrHTrvhftw9RkvIDkwa+NPV9wiECOVM9FEJ41M4?= =?us-ascii?Q?KVb5hXcXdbfEDSfh0eXlxC53H5D/o218xNk4saXi/7alKBvPrthlPZ0xKncj?= =?us-ascii?Q?0Jdfzqucx/raQ98c8noahx0EcgntAWvhEFWEW5q5sUzacZwxkfSkMTySyol4?= =?us-ascii?Q?mW8cfsh4+hGMfUtD1U/VT4vDmsHcHb4K3XgckkJhb8xD81BCNexAJSmbvhvW?= =?us-ascii?Q?2UiLqKBeMxMMeZ/j3MEtaWYIDWVj7XdzbhRdwYwZi4htRLECModoxu8AYNvI?= =?us-ascii?Q?mgjwLD6BUoGmfROpGmDLYOuxh7uX1Ot4DHAuc5dUWbX8lkqoKYFhH2PMwigN?= =?us-ascii?Q?ubjmt7UarSjX5TX9DCpOVMAJeh/pH5DHc9RGUnoLAy6CF8/Vobngu/I7qvwR?= =?us-ascii?Q?DA88dD7ifqX4dDHS3BXjCPBUVdofYA80awVD9LaTEwiPKujoU/AD/U+jxtf5?= =?us-ascii?Q?IeYugpWxs5b0UwVXBluxosweqP2lbwBvC92AoLfY+J+eAKxCByaUuvZ9hr5D?= =?us-ascii?Q?4x2aZG89SJU9hohldtZrm23WKeafsJ8DSK2vSciIGNsPpTaSFamahu0p92ef?= =?us-ascii?Q?bU/RVD9J3g=3D=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: d2beeb5f-baec-4eb2-cc0a-08de5b9ee82b X-MS-Exchange-CrossTenant-AuthSource: DS0PR12MB6486.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2026 23:18:39.2266 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WkZGMUEkofocIYkouJ5JDkiBMCE1tSTcbP42FhyV8GBuPP2EWSiliYStGqA4qEhS/dLuEG52hdrXQ16jJaTIrg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5734 Content-Type: text/plain; charset="utf-8" Use checked_add() when computing the end offset in the frombytes_at() helper function. This function is called with firmware-provided offsets. Signed-off-by: Joel Fernandes Reviewed-by: Zhi Wang --- drivers/gpu/nova-core/firmware/booter.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/nova-core/firmware/booter.rs b/drivers/gpu/nova-co= re/firmware/booter.rs index f5ad619dc055..1e2b2efe838f 100644 --- a/drivers/gpu/nova-core/firmware/booter.rs +++ b/drivers/gpu/nova-core/firmware/booter.rs @@ -43,8 +43,9 @@ /// Local convenience function to return a copy of `S` by reinterpreting t= he bytes starting at /// `offset` in `slice`. fn frombytes_at(slice: &[u8], offset: usize) -> Resu= lt { + let end =3D offset.checked_add(size_of::()).ok_or(EINVAL)?; slice - .get(offset..offset + size_of::()) + .get(offset..end) .and_then(S::from_bytes_copy) .ok_or(EINVAL) } --=20 2.34.1 From nobody Sun Feb 8 09:12:52 2026 Received: from SJ2PR03CU001.outbound.protection.outlook.com (mail-westusazon11012002.outbound.protection.outlook.com [52.101.43.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3759720E31C; Sat, 24 Jan 2026 23:18:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.43.2 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296730; cv=fail; b=tU2cLJGsSrCVAJoG1v6dMFwGnbs1KvkRzfsD5YUk5dkFPSaXtC8vw4H2bGH2OfhKvGIaVdtSrkxV3W3N9T6FDXJvRI9vALYRuLHmvrdQaRCPvnd2ge8doHnm5sUuwbYLM0nftmB/pd4QHVmZLpOYNfqw/db8flDpSyjCWeIFI6Q= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296730; c=relaxed/simple; bh=/5k3HVfujMdRMhUDRhZj1h3sVD0FQZRynUXqYdaZGnE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: Content-Type:MIME-Version; b=txn20lapDsJyINe3mephGpDwLfB1TwOUAG/8dfvyh4L/I/xmuwG7Xfc7Nnnw5Gb6OfSBMYXAIVAAMIXMnM1eUO7abAivV0Qctq4dmGYBi9X7IuAsNszTy9BXI8Q2Xp/dV+71ft10lb0nZK3z8b/zIyhdmCCK/DjM9ZYpDR9n20A= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=k+ZzUlz/; arc=fail smtp.client-ip=52.101.43.2 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="k+ZzUlz/" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Sdy/Y46Yn1vfwm2EmCxhzqrtedVGSxqVfnYvTaKQ4GWUfZqZxdjv0zl0IcWrNLDXppRINdagIFLWy8NkbAOQvZYFenAjLH6oDWmH94ndoacN1N7mRcdPvB55WSy6H627A+DfMpPOQquElWvdx7cSjcFNG6KqOAInQq/Co7puZfdFJg6fw0g79XFcM3xNwASJHzTwkkzVqihY0GTOBOmJ9lJoqZKfIjDH1Brlc7XHW9ykmo3rJHsw/oU+P9+lGtrYa5JyG8NQG2Vj2YFU0qjR6pM6Th2IcTiZcHWuWqDO7OC3atOo9fMX431tLTtg7/008SE5iXFc8ansQaq48AJpZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/TFhm7IjfWFoSii9sLWhfXwM8sVY3OHm60hxo6vB0BE=; b=ahmsUVNEnyVLo5reuYL0iJ3uXACdxsQ1rdDVV/hbAO0AxlSm77aJQdmeQAy7kya1eFrlXPBgidKmZy8MXyW4VwvFsRqrpGoLhdJ6xV4t9gKZaINMCCTZXfK3dpMsuIryWEjF/ZE8AsoxpYAe2FnR/geFSbtmQ+L483or0kCXWzrkCmT5pIhG+uW8YP2TQtph9d1lTtNK5pGiA6hyjR5eHAJnFYyGE6euLCteWA7boIhz8a/L17K1Bu3brNavR4xDWKuTRyFnGpbvo6glnjnuLm7Fk16Vk1wZ+dWU1uMkN7XyD7W04s1u9gvSX+gBecYiztetz14sRlM6OJc2vEk8nQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/TFhm7IjfWFoSii9sLWhfXwM8sVY3OHm60hxo6vB0BE=; b=k+ZzUlz/YQS3u2NpHCLgnH4+u09MIOEeOUchXZU4XPslY2uaNjIftDjdxbrBOqQ08QcdarZL3e293ri9QaerJOMQK6ENg0XqWsin+8jg7g56zifj/YhMwIaQjWHwvKxAnfsYjG6mhorPI72ize70acfR6HF9wlpqOgfBQSUb37oukh1WqOU/DXxFhppD7ik0MpT2iAMB94hz3DD4NDjU7+qkZrg2njxu8aWP9IkQm3rI2MUuQZbWp9iOfHskg7RCdkWrj1W3D0nO7z97KuYqdGa386ennvi32Y6w86Kmm4zRjou7om5qeMtYMymLmdxUJH7ruhXo4MisEH2ccZ9HUA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) by PH7PR12MB5734.namprd12.prod.outlook.com (2603:10b6:510:1e1::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9542.14; Sat, 24 Jan 2026 23:18:41 +0000 Received: from DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33]) by DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33%4]) with mapi id 15.20.9542.010; Sat, 24 Jan 2026 23:18:40 +0000 From: Joel Fernandes To: linux-kernel@vger.kernel.org, Danilo Krummrich , Alexandre Courbot , Alice Ryhl , David Airlie , Simona Vetter Cc: John Hubbard , Alistair Popple , Timur Tabi , Edwin Peer , Zhi Wang , Bjorn Helgaas , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Trevor Gross , nouveau@lists.freedesktop.org, dri-devel@lists.freedesktop.org, rust-for-linux@vger.kernel.org, Joel Fernandes Subject: [PATCH v1 4/5] gpu: nova-core: use checked arithmetic in BinFirmware::data Date: Sat, 24 Jan 2026 18:18:29 -0500 Message-Id: <20260124231830.3088323-5-joelagnelf@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260124231830.3088323-1-joelagnelf@nvidia.com> References: <20260124231830.3088323-1-joelagnelf@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BLAPR03CA0171.namprd03.prod.outlook.com (2603:10b6:208:32f::31) To DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR12MB6486:EE_|PH7PR12MB5734:EE_ X-MS-Office365-Filtering-Correlation-Id: f1879395-e9ba-4a71-efc3-08de5b9ee928 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|366016|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?bULeOwLjW/ZCiQJMD8cs4RInzQ2N5pC3zT0wJ9KltEt2xre+nWCADxGOnqLc?= =?us-ascii?Q?SBiWNiEGqK4jNtmUr25syvdKtqQe6ac1M8uUDkMe4GdKMXoS4OqECVeyFGW3?= =?us-ascii?Q?Rt9Arw18jBDuYFgT+5+KlrLJhBa4ruTUmOaiT1+073w6Vbw5Sa2FtkNNi4lt?= =?us-ascii?Q?/RwFAmPdqPCqHzOCoOG3KXenx5VS/WFNiQc78xnp9NfXFGhw/wIovpSerOeO?= =?us-ascii?Q?DvsEfF6rQdKW0xn0b2ZIYkpJX5OQ0Kqw8IUi/YzZFAq6QbEeahZdEUZEh+l8?= =?us-ascii?Q?hpx+4W5BQS9VzBcYWDNJ3veNZGHt6UOJP8aISeeFf38zLZ3583Dbuk0Ovpo5?= =?us-ascii?Q?d/8OWgIj8idomFzdCU58u4T7/R36HsTVdA0ZjE+MVXv+5oYbYzfacxbVOXTI?= =?us-ascii?Q?2jxqt3h7t+xmtqwWkGoX/KiPyS7bnIygL83mK2xBk5PgyMkPymICqMnMFEo+?= =?us-ascii?Q?z37txIwmtj8/hpXs4PnlVfr3rxHy2QhI7Zrriiwqz1Y5uTzQ+KmGiS5a//FE?= =?us-ascii?Q?cW2xZQrPMaiNhM4o3KAGrLYeh59S8Ltq83roOjiNwmrOspoP7jyZfzZcBXHp?= =?us-ascii?Q?qfdN27RKRUma8FToopnO9yzJv8ZEix4lc69yBm/RFRPGbpyDwH2qw9s+uszz?= =?us-ascii?Q?v2pK6oXlZpd3SfS5KXvhx4KuvWwCwYw6qlz6FuGXEb2wip5remPG2PchLiMl?= =?us-ascii?Q?cAtbCAOhftbU9RNz56zOJG8Gxw9p4Io3ibQCkNfwbuujllvIPtbpY88v83Rt?= =?us-ascii?Q?55tDYaySV6DWcxMfbeoiUgob1VBPrJS5JIX972WH/m0zRcUfaTnIxDEaoCPK?= =?us-ascii?Q?Uc7HqMBcGCHUD8MllBmm6KEWD/Ht0qcr06X+Ec6EKpsP1exjCuneixGIkcM9?= =?us-ascii?Q?+CE2xgOuGXvDwMkbR83PnEh4H0ykfR74Driux3wP4QKjNMIembFMUzdTaBRP?= =?us-ascii?Q?G/TaEx6qWMOAuuak6TOImmoSV4rkYfweXGWeXvhc5zp0BzVTufkEbJg1jh5S?= =?us-ascii?Q?FbeQKMTW18R5xNsPqoZhBJoM8pXEFajsodAX7/Ysjm3qCQgew/OeQBUQwglU?= =?us-ascii?Q?3Kc49rYDgQNxR+QgAJnKd2v36irPnRFBDA7i5FpzBkg5QLnNBJWjmJdtRzdX?= =?us-ascii?Q?i9zurWrDuB5RG1yFRm/4/H7c5OCS/vIbY8VyBl1giUkKBM67gwG3UdqsS389?= =?us-ascii?Q?nm+l3TZGAgc8O8zzcUs04WKiwpDatWSdXbI/ZoUl+ev9OJ70aFVaQO1xf2tN?= =?us-ascii?Q?1tK8iC6FCRxP6xVuiM4TkqbkH85oleEH7Am+F9f1AsKpb1i17ap071kqhLd1?= =?us-ascii?Q?ImbjBIn7QRBcsZj1bv4MpOVceEdgR1k2O7hwQ4HCKKPLww29nB2yQjWFv2Q6?= =?us-ascii?Q?9yeWTwYPRKlEDUKl2eQrUoMQVSJZMv1uKxKkEuh2xCI6BpyCjuLAo8wOW1gk?= =?us-ascii?Q?hP/0v5l5BaQJu3LsEbs1n/rOtAUyezozPtwOcDDXpZd+XCjA+PAmUY4Shb2V?= =?us-ascii?Q?PaUYZVCz2CDX94jpPrO4eOJRgX5QMZm7dfbi5Y4fzOCtBej9gJqRNd33uPY8?= =?us-ascii?Q?cuhmo7mslPYs0NiSots=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR12MB6486.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(7416014)(366016)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?m4Gju/0aKgdIHaRZkOZXtLKt0i3pt+sAEDUzYXqkn2mgRcO/n1ohAd58fKT6?= =?us-ascii?Q?MYJuE8J1oqtBFMZkjERA68XqzgxL/YcTqW2ZiVm9WUtALP3NoMGui2wmY73V?= =?us-ascii?Q?yJpKbbhx0UtPwVtS/hSks4a/l5SxiZ5JDCnxgSnDBcCvJ28OCqxwYPqDWEU+?= =?us-ascii?Q?Zg7xFZbcLidTWxmhOQNiyuYQzxAog9yTBXH4AJITbiffdNQqruKGVZqMnsr0?= =?us-ascii?Q?UX/vqCfnnjF95dfusp8YgLLI/hrrwp594t6f0nqSXvSG4jXI6QZTe8a6KcYb?= =?us-ascii?Q?kkpzKGk/oYuF3TT3APN8WuQAyg6ydbnqa9MtzU5iPaIUYQM+q07Y7mVo2OnU?= =?us-ascii?Q?TGSL2fZNCc0P+msE9kuUGtUiWivOzMPfKpEg9dA/pceK7NYT37EEIY4ZM4Q7?= =?us-ascii?Q?1jkhB9/WuZHLlinv7kAWZS/Hb47883/vXUfw8fj6BEZmszg0pUWFhaoH234X?= =?us-ascii?Q?gVaoGgaHBDjXlW+56ig6GfTj/mMiuUEpE0oHLZR/r8LbBT9t29x+CHnFnb5j?= =?us-ascii?Q?iHeyalB03BLvtVy8tSYxfFfYla5haapf13w+oQNrUWKBy4thEPCKVLoU0zUg?= =?us-ascii?Q?hiPEouqylgaogCLNI6G304XHEcMpTY54Iy7IYm/GxYFZrVNnkD4qKPHDY5qG?= =?us-ascii?Q?YGjhtteNp/dboU+MyEpL0tCycpneagXDcE3VXcMMgzHKKWgpfnuCZUrZUDZz?= =?us-ascii?Q?3Zj8U/aJ+h1vF1mtcgMUuehr0Qv2A5k7KvCN+Xg1rrhZMdlzXB6b1Iq9yUCr?= =?us-ascii?Q?l8XAqL2G/K/w1d4gTYRQ0JTEraNNnaQO1AimGJybyMQxoozgS+bKo7zevon5?= =?us-ascii?Q?heci4UXjpdDlXA7XGl6MIjCQc8pN0iQTglRmlEkXnmdBdthjYuVRm90HUMiC?= =?us-ascii?Q?JTdVLSOnnidjpW9M+SZekdJ5WyA3GEuuPvr+iz6r9pBJKgPzEndQDrXdZ+8S?= =?us-ascii?Q?H4x48mw94UdMo0e/EQ2D/jWLPbG3ELKZ0B4l4aVNicN1EbCAnAIDVmyVeyxd?= =?us-ascii?Q?RCxN32sEilLi6BnKd9Kd+J2Uij0hYTFG2zmOCz4PCCcaMCeaJ9HwSaouFiuH?= =?us-ascii?Q?+v/BfcrH82vpN7nYpQtEsRazxt1pSMkHDu+JksD409tJCankgeGK8xxgjLn7?= =?us-ascii?Q?2YHdgL9Kd+t6dtd4csW0AifqICnP8ZEiEcAAtpFCv2x2xvn828I0RXZjkfy9?= =?us-ascii?Q?fNx/trpeLYOQxvZ7rxwp9EJWcwAZFVmoFykh2gEqkrpIyLER6LSPf8teql5N?= =?us-ascii?Q?W2cz2dF7PLMETTWoP+y7nQlclRY0u4/Ae4OjeT3Kik7E+Co1Atx2OSSxddLP?= =?us-ascii?Q?7L9VOXQEh0JFkP91qVxaw2FTMp5/A0cNI8djuVYWyzwzjtYGXWEkfKjH1OiY?= =?us-ascii?Q?/9YDJK4L6D2j1hfK8vbAqNwSGcH5gSXkSkhJ6eDLm9/a7EvwVYMuxZjfF+HZ?= =?us-ascii?Q?IO90Pz9650xp0Sg/IN8uVXGStbVV70QD1J5HgSyuOSYZlzU1oI9TdGucs1yS?= =?us-ascii?Q?1Qu2REq1C61M6FQTmguPfeAQ5Z3cc7yYuhfwZbJDtY1xdh/xu+ktvbROXk48?= =?us-ascii?Q?QmDQBHZxmwkFDfE8SeGrW2Zad2bIKDEQ54DtNmFhg41RfeJVD0vSQMfeZVdO?= =?us-ascii?Q?kFEcxxbVSQ2U7//60usF1Lz+Y+G8etuIL1nJIfgVRAbdwv7BHwpCk7lxOA02?= =?us-ascii?Q?SE0Ed+0qqeeS9KVjAs4+eFFv+v95quKtCRTeYlRY+qivPJskIWmg+u13AFeD?= =?us-ascii?Q?AVL5uhHClQ=3D=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: f1879395-e9ba-4a71-efc3-08de5b9ee928 X-MS-Exchange-CrossTenant-AuthSource: DS0PR12MB6486.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2026 23:18:40.8919 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: as1QLUoL7xuqoMaWoktbaB0lQw5ku4CQIVevkXCBiuVyfkwZDkM5DYv/m+lyfuORBNHv9Vs+t9GtFlWHnDEHTQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5734 Content-Type: text/plain; charset="utf-8" Use checked_add() when computing the firmware data end offset in the BinFirmware::data() method. The data_offset and data_size fields come from the BinHdr structure parsed from the firmware file header. Signed-off-by: Joel Fernandes Reviewed-by: Zhi Wang --- drivers/gpu/nova-core/firmware.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/nova-core/firmware.rs b/drivers/gpu/nova-core/firm= ware.rs index 68779540aa28..4f57a270e142 100644 --- a/drivers/gpu/nova-core/firmware.rs +++ b/drivers/gpu/nova-core/firmware.rs @@ -394,8 +394,9 @@ fn new(fw: &'a firmware::Firmware) -> Result { fn data(&self) -> Option<&[u8]> { let fw_start =3D usize::from_safe_cast(self.hdr.data_offset); let fw_size =3D usize::from_safe_cast(self.hdr.data_size); + let fw_end =3D fw_start.checked_add(fw_size)?; =20 - self.fw.get(fw_start..fw_start + fw_size) + self.fw.get(fw_start..fw_end) } } =20 --=20 2.34.1 From nobody Sun Feb 8 09:12:52 2026 Received: from SJ2PR03CU001.outbound.protection.outlook.com (mail-westusazon11012002.outbound.protection.outlook.com [52.101.43.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9928322D785; Sat, 24 Jan 2026 23:18:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.43.2 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296734; cv=fail; b=sdxu9mISVhS5PU5Zr/CuhN3TQL6cmBn5wQ1hJz1SCaqQd35asmRuXG0CRHFFj8LK0WXwUHnUX6d0m03SKbLghQEaUB7Gadn5AZR5W9sP7RPCjPTfWWz0R3Kx7cqbBOorhaiv6qpkgLPCYxtIqAR33bcUctRuqTHXPbgq4C6sPIw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769296734; c=relaxed/simple; bh=F86XM6yXjNu5AiBzfDWpR/lVpZwpA33Z5/QgPIh0rng=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: Content-Type:MIME-Version; b=EAKKoMox+mCiPbYZOrSA6BswCCzuriPas5AXQijcNZtVXdZF5+YSt8bxVNSPi0sZA0x4kyedS1TExl8yuLaFq72mA5KvtkyWaeypbM1rntNSyeD7aH+04ZOJlg0oMv9MXFgOOuqxYH1SZelWTgFxyH0gP8RlKJ1Nyv4YfizlFKg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=agQhG8jo; arc=fail smtp.client-ip=52.101.43.2 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="agQhG8jo" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VY8TWGfr7JHZQCwmgCEAuIEk2pbr7YWDvUBoDz2y1yFBKXzWwttupUVYNjAM2vEYV5u4jIeaEthli3yM76A62yF1QaprUi+T1EABUBhAqK9cmSHdyIEP0jRKqKMLDRdo4lRgHfFMJfSKuO78xX8grrOlBK20lwfz0vjbe2dw3bMT8zDPm5CWdO9UcqblxIYUfuuCL1+9M3MvEZEhKaJEiYA+NUMZZkA+maWDhjrmM3JD9VDSZbTc37RnuKLq+LsPxcvRt3f2ZnEZPKkTKoZoetYc8+xxxlEKQv+TKWUz03dZfWvDyaHPFyOkxVaUGvtoxx5934tYf/2lwXqCwETwhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x9JkVqePk0p4SMlF6/nB9oQrcWzdjkLxl0KHSQkSf5k=; b=nhDeLG+BWHuJf0ntl0iDH2GwvvAqhg9KZFQUCe/xQWqsFOTbg5F8UEhK3b7STQP64+AJ3/lXzeDbA3zvR71wovwIOS5hfm9PwNaK18gEIrQu1sHWklNibaimtY7TNXyES/t/xyqHbGzMji9zRNi46USMnLKhR8RuTLnzj91M6558fOXY5s1slD44D9iJtBoZERmVl+mEgy+Znme1jbhs+KQESdHy09sIDDypekJu50B/IxFWn2jNmAW0p5tPv4hS0uTgiPOr2n5p9TWDBBG1IyJdkkY59qPuOGLS1xCn8hudPpisTqZDxPf8yYycCfG6bdvUIr7Fy7kazmnve8Exeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x9JkVqePk0p4SMlF6/nB9oQrcWzdjkLxl0KHSQkSf5k=; b=agQhG8joT1lwtINPYCIBTMyfmeV09GF8gdFGNjmOsz7mYJGI2AWQe5N9bk8NStG6+0jy7PIUCxDRfIC35scWo555f44dfG1KfOKj0b1xfG0x16etHFHGcctk262Aysp7qCRvhilrZG1ef3KRRVoxWLZAICAKxbMkvdOTRGKMr+/eVTliDmhYZxpNLWzHvzPeKjh3f+qPLDJyPw5UXeOsI8MnQ0vbbCV0zQ0N5F0NyNuEoHFTBEKT/4nBJEbVSidYmS22AD5LZo3Gntu64UhJxDXGYeEgUKKn6gvZIqqRYLYGNjjoKFG0wdMyIESoIIX5QM3wyxicFhXb2E2GSCAj0g== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) by PH7PR12MB5734.namprd12.prod.outlook.com (2603:10b6:510:1e1::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9542.14; Sat, 24 Jan 2026 23:18:42 +0000 Received: from DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33]) by DS0PR12MB6486.namprd12.prod.outlook.com ([fe80::88a9:f314:c95f:8b33%4]) with mapi id 15.20.9542.010; Sat, 24 Jan 2026 23:18:42 +0000 From: Joel Fernandes To: linux-kernel@vger.kernel.org, Danilo Krummrich , Alexandre Courbot , Alice Ryhl , David Airlie , Simona Vetter , Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti Cc: John Hubbard , Alistair Popple , Timur Tabi , Edwin Peer , Zhi Wang , Bjorn Helgaas , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Trevor Gross , nouveau@lists.freedesktop.org, dri-devel@lists.freedesktop.org, rust-for-linux@vger.kernel.org, Joel Fernandes , linux-riscv@lists.infradead.org Subject: [PATCH v1 5/5] gpu: nova-core: use checked arithmetic in RISC-V firmware parsing Date: Sat, 24 Jan 2026 18:18:30 -0500 Message-Id: <20260124231830.3088323-6-joelagnelf@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260124231830.3088323-1-joelagnelf@nvidia.com> References: <20260124231830.3088323-1-joelagnelf@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BLAPR03CA0162.namprd03.prod.outlook.com (2603:10b6:208:32f::22) To DS0PR12MB6486.namprd12.prod.outlook.com (2603:10b6:8:c5::21) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR12MB6486:EE_|PH7PR12MB5734:EE_ X-MS-Office365-Filtering-Correlation-Id: ce35bc7f-4f0f-4ab0-bbaa-08de5b9eea24 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|366016|1800799024|921020; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?DrSyecaD33SQ2moPS/QpV4aGFY5Slm+B7q+4h8OiI+t+O2ila/S2a7JIJ1y+?= =?us-ascii?Q?yoOSrjrwedilxE15B17cmvIlm6CFd6zYxHsxBL7lxis925BfqvMG5SPbvxMT?= =?us-ascii?Q?9/0YUOW+4wEm1oYPs6cF85mebJS5znMiujR6LRd0HDkjjkIcSdMCbIeDmrrg?= =?us-ascii?Q?s7WsQkWSSShV1/fD4ORQG0Jg9ONRiXdxdLRIY9hMFD37a27sNMts1t6rRPfE?= =?us-ascii?Q?YeOzaARhZDfWBDMGhn82vehhnhxrNhQIbpnEsQU3zlKYmHKVt6/+W90lL2q2?= =?us-ascii?Q?drccv6/ukYTC9Q604Tc3VrDWJ7SlMeyQdrY+v0/xSnlxkHzf8alGVlgZH4+E?= =?us-ascii?Q?5rqbi/NYCuWZmjcI15AEAE6uc76aD4gtpCounZ+nGbrA9s0sFdxbWpB7czbZ?= =?us-ascii?Q?jQAOLWJeWeJJDEKKoYs5cEJ8YB7DrWQ1yn6pYeRVIHFh1VRkTKYYy7oBq22h?= =?us-ascii?Q?Wx4WIJTwv7y5DT0TXjnD3AFFJ6xp3K2TF1qGh3GUbqyNBTZI4thpJTcN6ax7?= =?us-ascii?Q?NA7ePPXnmjVrqG5IrGwxcycaXmFSCn+JVd3iTAVP8bVWAZsmaRzlT2exUdXP?= =?us-ascii?Q?z2Kd7M4xE4e1fTZghDUZGxDiZs4m+3X/DM9BtW9V1fwTilETXTb+jRICOwZC?= =?us-ascii?Q?+wlYWhB744J0/Ntc2Ego7U17iEfeNZzKzRdWs5zoqa3uAS7YlHYNdQ6DzQXm?= =?us-ascii?Q?XCFK4NF5JvOPgVtdd4ioOn0zG6mSY5kXdXQmALvuMhiNjBaGlmBUc+eOdv9Z?= =?us-ascii?Q?Hw5Cyja2QVCHvaK5RrKzQZEdZK7I6I8m9vQcxWsbRo8pyOulaIoyZkkqy8cL?= =?us-ascii?Q?3nx9eA63V1BtUonxfvFvyt28fbn6xSHxirMBK8MtDF2HQYMjdUQ7pXplPjU3?= =?us-ascii?Q?FsiL0hu8QWks3fi1dgHTlWmXvq/FageV0MxZpVTdNFXcDICDSCZVSq+Pe3VW?= =?us-ascii?Q?wN1BGXDtW3lkufcjb0N5UBislWh8MMfc6n7yfdH/ba6+B6HIvL4MdWXbjwAg?= =?us-ascii?Q?f+p8xh2EoJ4wIIq4u4/276FsFBVZg/XbWqN0OmVzr0iY5JHycFNQWbRRPteO?= =?us-ascii?Q?7o6PVzJuntm5he6W0s1gZtHPt9rkWvQGQUvX8rehm4k/6Gt7SdZ2pROFqQCU?= =?us-ascii?Q?9K2k65cacsvrdqXu6ld5Uvnm1L/nGG1pWLpOVLJkOKxk9jajk+GQql3EUw1l?= =?us-ascii?Q?XAH73fcQn65kb6QXaYTowQd7dWvB46gagt2w4ybGdbeZa2EYHtMnjmr0Fu/V?= =?us-ascii?Q?Zv9J00LzihLHDnA2ogh3K8iZDuHpAWuSz3Z4BbUmk+QQTwWszo59zbXjCA4x?= =?us-ascii?Q?152KT+LbABiNnZ4H4mNuVx0xdtO5w8f+VsYUSxNcoouLJDNc0SyoSSIiGSA7?= =?us-ascii?Q?AOQpn3t3AWsZJ1TQSrBARNgeisQSDgGheJwxYn4Kz+rwXa29H5a52ZeB7GH0?= =?us-ascii?Q?uj+UaWl9UAAtxrgEj4gsu/7YBgB3JNvwnZaHM8dgMZsfDfsnklZj8A9QqzJM?= =?us-ascii?Q?xfiTwXY3GOILbYnYlVcwIevqGa42fXrYOaMPwA2/11oyGpSCvvgPZ68sCn1S?= =?us-ascii?Q?ywLUiBnXT8mqq8F08aMjNFj82sHoUzh06vDYuzR7mZrYeJ3miPlfbOWr3Nlf?= =?us-ascii?Q?Ew=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR12MB6486.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(7416014)(366016)(1800799024)(921020);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?5wgIXmpeBWZCxR7x5vPqMlXiWKOI30qEvGPkKWLPRwuRMKV3JEQfPJ2L1PEQ?= =?us-ascii?Q?ilz7O8RI1bSw/CQUJL2VgA2KbYoS7wVRS3aqNX13riulvt9ztsoVnKraalmS?= =?us-ascii?Q?bDrHNab0DlXUYGobTOkaBzKCDNOg5wuob7ELoNHH7hnYL9eMBibpl0HOt4G/?= =?us-ascii?Q?GvzNka4HbiNDC/JPb2sBKVsu7QigGL5lZio3pGieVbBXkeHFsQAoC0dEgp9t?= =?us-ascii?Q?v71nB5supLe5IGOe59lwZ5mSTAW5/Y3/2FX8UrTKqCPmdWJXCE0H1goFfKKU?= =?us-ascii?Q?SPZce6fhPK8obJhduu5ZKzlSPobVMI/+7jHPmKO9IIpzu5PLJkXoUQhwGX+z?= =?us-ascii?Q?ibeweZzA0/uM0mawm+mAFsRYSuSyrTXAXINSwUsarQHOvEJN/yIry0lN4fMS?= =?us-ascii?Q?/oqeDt+seal/llux2PCDuPxRLevgVNHBR91T0/4N68+lm3xk/77hcHSyOwtx?= =?us-ascii?Q?PC7yn8ZmAIDyDM4Lvp983L5PFBnj/TVdsSfG5wA2lYiWZ38KhzmGPmBcqJUm?= =?us-ascii?Q?AHDdFBOM88mySv3oNzoT/B0kksYhwX0AOHM/rJvv+prixNzMYATiI7/PlaUu?= =?us-ascii?Q?vTdIFAxZEK61AqC+gfK7eeClcUuqT82dKZNyh31+friVAfFIuEQ6iDwIsPFY?= =?us-ascii?Q?OH7Et3etRh6XnNXEpnDoTQHHPjhYvZWO+eVA2T3WscSz1xFYEfb2xdkOG1I5?= =?us-ascii?Q?kFzdqJGi55x7U65O5TL3sOmLii7dX4jSCzGivvzz+GT+ApbnA3DVfJ/J/ssT?= =?us-ascii?Q?99qjWvhOwE3jo3LkmKD6SpKEnjytJ/rzOHMsMJeed9u4SFjslGcFMqfxcDQA?= =?us-ascii?Q?FJz0rWMXq/JYBVvYOzqKsqHJTEOPZSMC8liZPS5XN4kq18t09yAbPTiXdYlV?= =?us-ascii?Q?fdBBnp2EXko27YZAYaVA2hkgsnxsbn7wu6/uxo9sa37STDj8m8X6BpJ0QDxz?= =?us-ascii?Q?HIdIxLKLiNawT0e5rHLOBl//qA+i9rWAXHw5V431aAmNJu2eaIHT97WdGqB5?= =?us-ascii?Q?ThS9QZrlfLkBmjGxv3xondX2qs0qCjicdubi5pjXFJpx7eemlJkoHro+LExW?= =?us-ascii?Q?bE+AWrgq4KKWqhTkh51Iwory/6X2DxTuiHAYuSvjCuCFnZEKJgTSZ2YIAaJ5?= =?us-ascii?Q?s340GMNc6PsIvMNEjE0RV0BmO/0vvjYW8NzyLjiEpHBhI5EPsr1RVCfCG95p?= =?us-ascii?Q?KEqA6fQEVXDRzRudkGx5kX5ev8LlNOiiAuyvmNt7ZolMLYUf2VDjwEB6+mNQ?= =?us-ascii?Q?Jd8R3KSvNJE119gjWY/3hOmtAfoi9EnBPdamVG/HIgee1TixQrPduasij/Oy?= =?us-ascii?Q?ELlA0zorZ1CCuCGkepvMjfJlCwxlAnjg/jTCWQPwp6m6LPbGSrHFwzWvS89M?= =?us-ascii?Q?8sDkxuZmVneRkZxXeY+2OvXLdlzjFDwtfLi6IQlSAJtd7J0LWs5zwE4i9A0w?= =?us-ascii?Q?+XS9QlxFp5z8/LGDB/hh6EChHkMVQwbyUsym9cqxC389DvRfOftQa1FRuiX+?= =?us-ascii?Q?6pXCtZFVUtU1VXbgF0nz4/IeC1HeA02/lvkfFojcs4wjy1VQ9d1sg/Nh6HF+?= =?us-ascii?Q?BXlIxAMkVifnKRnYBiAfKpky04csCNajywOLuqTL3Jw9/NYB7j6MssA3QpgM?= =?us-ascii?Q?1PxdYHHrWvKvR6/gtO0L2JNVko1Bttvm81xx582FIjSRj8iioOsyfBHg/hIv?= =?us-ascii?Q?86sQkdoBl+5uW7l0JDfBIdkGOorvjj028Ms/8UOKGT6YBIK+TwDaaK1Lxh0v?= =?us-ascii?Q?U2CRqNPUDg=3D=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce35bc7f-4f0f-4ab0-bbaa-08de5b9eea24 X-MS-Exchange-CrossTenant-AuthSource: DS0PR12MB6486.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2026 23:18:42.5291 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 12/9MptU47jvOaTFPUrSBrENRmO5dq/ufYvmcs8I01ok5SbKriQdwqjmQ1yI5pmNHFu5VlkkXzESvJA7ok3FYA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5734 Content-Type: text/plain; charset="utf-8" Use checked_add() when computing offsets from firmware-provided values in the RISC-V firmware parsing code. These values come from the BinHdr structure parsed from the firmware file header. Signed-off-by: Joel Fernandes Reviewed-by: Zhi Wang --- drivers/gpu/nova-core/firmware/riscv.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/nova-core/firmware/riscv.rs b/drivers/gpu/nova-cor= e/firmware/riscv.rs index 28dfef63657a..97030bdd9991 100644 --- a/drivers/gpu/nova-core/firmware/riscv.rs +++ b/drivers/gpu/nova-core/firmware/riscv.rs @@ -47,10 +47,11 @@ impl RmRiscvUCodeDesc { /// Fails if the header pointed at by `bin_fw` is not within the bound= s of the firmware image. fn new(bin_fw: &BinFirmware<'_>) -> Result { let offset =3D usize::from_safe_cast(bin_fw.hdr.header_offset); + let end =3D offset.checked_add(size_of::()).ok_or(EINVAL)?; =20 bin_fw .fw - .get(offset..offset + size_of::()) + .get(offset..end) .and_then(Self::from_bytes_copy) .ok_or(EINVAL) } @@ -80,8 +81,9 @@ pub(crate) fn new(dev: &device::Device, fw= : &Firmware) -> Result< let ucode =3D { let start =3D usize::from_safe_cast(bin_fw.hdr.data_offset); let len =3D usize::from_safe_cast(bin_fw.hdr.data_size); + let end =3D start.checked_add(len).ok_or(EINVAL)?; =20 - DmaObject::from_data(dev, fw.data().get(start..start + len).ok= _or(EINVAL)?)? + DmaObject::from_data(dev, fw.data().get(start..end).ok_or(EINV= AL)?)? }; =20 Ok(Self { --=20 2.34.1