On Mon Jan 26, 2026 at 8:23 PM GMT, Joel Fernandes wrote:
> Changes from v1 to v2:
> - Added Reviewed-by tags from Zhi
> - Fixed comment formatting nits raised by Dirk/Zhi
>
> This series adds checked arithmetic throughout nova-core's firmware parsing
> code to guard rust code against integer overflow from corrupt firmware.
>
> Without checked arithmetic, firmware could cause integer overflow when
> computing offsets. The danger is not just wrapping to a huge value (which may
> fail validation in other paths), but potentially wrapping to a small plausible
> offset that accesses entirely wrong data, causing silent corruption or security
> issues.
>
> This series has been rebased on drm-rust-next. If possible, I would like us to
> consider merging for the upcoming merge window to avoid future conflicts.
> Tested probing with GPU name printed in dmesg on my GA102 (Ampere).
>
> The git tree with all patches can be found at:
> git://git.kernel.org/pub/scm/linux/kernel/git/jfern/linux.git (tag: nova-checked-arith-v2-20260126)
>
> Link to v1: https://lore.kernel.org/all/20260124231830.3088323-1-joelagnelf@nvidia.com/
>
> Joel Fernandes (5):
> gpu: nova-core: use checked arithmetic in FWSEC firmware parsing
> gpu: nova-core: use checked arithmetic in Booter signature parsing
> gpu: nova-core: use checked arithmetic in frombytes_at helper
> gpu: nova-core: use checked arithmetic in BinFirmware::data
> gpu: nova-core: use checked arithmetic in RISC-V firmware parsing
>
> drivers/gpu/nova-core/firmware.rs | 3 +-
> drivers/gpu/nova-core/firmware/booter.rs | 22 ++++++---
> drivers/gpu/nova-core/firmware/fwsec.rs | 60 ++++++++++++++----------
> drivers/gpu/nova-core/firmware/riscv.rs | 6 ++-
> 4 files changed, 57 insertions(+), 34 deletions(-)
>
Reviewed-by: Gary Guo <gary@garyguo.net>
>
> base-commit: cea7b66a80412e2a5b74627b89ae25f1d0110a4b
> --
> 2.34.1