From nobody Mon Jun 15 12:15:56 2026 Received: from PH0PR06CU001.outbound.protection.outlook.com (mail-westus3azon11011043.outbound.protection.outlook.com [40.107.208.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A84393AB277; Fri, 10 Apr 2026 08:39:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.208.43 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810359; cv=fail; b=k+bIBHcwh0gu8+u9LqwscUIr4vr1uzb3iqRb5USM9l/FrxpC9SuyzIun48jw9Bzny78NctR1miGcEEdP2spwasBLuyvA2HmgnpVs2ilLmMBOzLX+nm9u0M/2vzA6TBZzoMdHwqqb6c/8Fss0aSS2CMhf4ThixsADsxkBMIZ6S0E= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810359; c=relaxed/simple; bh=y/0Eaa1YjxoAFu7sRur8QgAflbbEj4kXLnDEU0SH+aU=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=lM9GziaEjpjBRWD6mTaGoXx/8xIZcVVDcWBYHsWdfNdd8gsFctWjZehIV3lO4NC0jFOnFip4TcDfywhtAVKKDChSmHo1YS89xmIfbnYJzlw2GPujfu7QeTfJkrHYzVpFXIWhuBLp252K1rIJD89AGiJHiSkKXWj9/X3VP1Rnrtk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=MEUwh8/Z; arc=fail smtp.client-ip=40.107.208.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="MEUwh8/Z" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=RyeOouiPU4P8M68x0M/IjpsbsQKF7kpmq0G9bsoHac9t7VBCl4epBQ9a1bejuXtBfZ6FPrBoTGJASK4ybCyMh6NI44PEMehX880aAmaFqeH83rtCtAkcT1zxEkL40HrttJ5Kyz2qOn88duB2UtPrYLJN7k0H4YJJ8ubVeDtZInzy9xplo0Ubk1zEEdgMX+VtqUdfiSgvmTqOURHj8pF7ytsmZDxnGGwTF9bK0e44cqQt55go+z0/fnyGv/sPgBjst0CpzW4VymzUBoUm5NzflFqrEt5Q5WEQk3LLSyxucaHJicYozvC3vK9Jh4vmlUBDI4DFWtxS6nfU/uQWYcVh1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m+XeYFUOBB3kR9uHCrtYrcfUUK5mZgjN08mJPDv0LdQ=; b=X4qo9p4L/kN3RFA8h5e7bPQ9BeuRsJo52ZEQNPRmLjtCHdOO5oeYgKqNzEAIzSPOzEczJr7HMk6vpLQ+iJbZINg/SZCAL6MIcBZxlAC3gGvxTPq7yJXsZBAW2eko6NBWSDa5n0tuWYfk+Dd/EdJyze1yv9f51Ey6lKPZaOkzpEVmDn7P2SlCNnj83uVGfn2ZB1Cx29hyhDb3o7dIeLCbq5XozuOVB5misnmwRm2noLQuz9wDIQIX86jeBdpifVtDZPBzSFUiy15hoztHWV6nWzXU6XO1usO6SWeSrgBAo+PwWNPI2XH7A88gC6SZYXKLmZWrx+fuJumaiN14v18y7A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m+XeYFUOBB3kR9uHCrtYrcfUUK5mZgjN08mJPDv0LdQ=; b=MEUwh8/ZaTdeT7wa3pVCfaDOi8FX2NS93DysP7mnb3DoceeIWUIrVJGOnUaluyTDSmqE6RCh4WKVDKJMIYjUeOCP//SsKcyau/pCOoTeUQnJkZJrhwRPD7RUWbVur9jYPU5NS4F310O1D3zEvafp4rkp8lpmLU1bmWIR096OBO41AYX3/wJIB+Yl1B3A284qIeXbYG/pq8cRZZCbznXudS3DkYGhxcZTOW2/3uSKdaXeHzmBOvp5g+EzJr8t/GrCzfgTsKPyXt3IAChdijd6hyVBK1z1tJCp+QNyr/CgNmAomQ7q7N3yokB/4NfjV8Flycm6IS5nXCH8F0LkqOOSyQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) by SN7PR12MB6861.namprd12.prod.outlook.com (2603:10b6:806:266::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.42; Fri, 10 Apr 2026 08:39:15 +0000 Received: from BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0]) by BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0%4]) with mapi id 15.20.9791.032; Fri, 10 Apr 2026 08:39:15 +0000 From: Eliot Courtney Date: Fri, 10 Apr 2026 17:38:50 +0900 Subject: [PATCH 1/5] gpu: nova-core: vbios: fix various cases of reading past `BIOS_MAX_SCAN_LEN` Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260410-fix-vbios-v1-1-bc6f71d153d6@nvidia.com> References: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> In-Reply-To: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> To: Danilo Krummrich , Alice Ryhl , Alexandre Courbot , David Airlie , Simona Vetter , Joel Fernandes Cc: John Hubbard , Alistair Popple , Timur Tabi , rust-for-linux@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Eliot Courtney X-Mailer: b4 0.15.1 X-ClientProxiedBy: DM6PR18CA0029.namprd18.prod.outlook.com (2603:10b6:5:15b::42) To BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL0PR12MB2353:EE_|SN7PR12MB6861:EE_ X-MS-Office365-Filtering-Correlation-Id: db4f1ca9-0e2c-4378-42e6-08de96dca596 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|10070799003|18002099003|56012099003|22082099003; X-Microsoft-Antispam-Message-Info: 6A+rKQRGOu+BEBrv92FK0jPe+oqnHK87rUtbDGMu77j1LAZgidkoYzZC7vUHei+m82TwTmPWlG3034WZmYKuK0OW4H6zYTKmzppJg9eZjtpckj98KZckvy8bdZEH/7U8QbYv6bgK80Euo79p2hCk4L6sV4GDTK8v/qd1LzUeNUT0zTEh2ihAoVzjRAyx8zDD5+8Vuo+6OMpaVUmy3Jrpg6iBaqziHiJU5xoLQ9xjtWl0QqYbrsv3X0CMABpHiy1YJIRgISO551dKMoaqJ3/M5DZWHfSQ16D2MioxjD3SRH8l9d461Zn2M8FxE5vV9fXiPrx/lUu0AanWspwwokZgKr/0gBEGbDOC7qrIIx2OhiY5W5weU540D0S6rif+ZVdlUdUO/Mx8hT5I2bcU1vqlbBg+8u58eGiLSC1LvE9wF9jY3Y/JGTpoGwhWxJQp03q3rymLXyFa6/gIdvIDMMigULzO12fQcnD/fF+XxX9jF+1W7wTbFZxVe65wHe6+SXS2bL2VWPb5BqKyntlSGPW0LpD3FifpM2ZS2Vn3l2BiO3nCY1M9SSJCMOG2EUUcEenzhxm15qGEN1h/PWz9oSvb3UxKhot9ge5pPQMzB6Vzc4e74f9mNEF+cw1zCz50UzF0LwZrT+o6jqxCP22WlS3coPHRQezEHsuXsHLfSNHW+hj94dPR1ISleqK4pYCJ0URLMrZjxPfnf2pXZLIGgWhYY+85voZwVPwYZgqH42AFHrI= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL0PR12MB2353.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(10070799003)(18002099003)(56012099003)(22082099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RmN3OFRvNVZHdEhTbFFZWmxXWm8wK2RlUHJ0THl4Sm51YlBYMlF2a2hFd1Yw?= =?utf-8?B?TEhaald1NTI0RkpzUHhKUlZUeC9tZG1ZeERkTktzcWVSdDhqNnpMYjBJbFhO?= =?utf-8?B?Q3ZyUlF1VUt3SmZZWVlIcjlaY29DT1dnLzdvMDRRR2NTRWhJdVBIcUduclJE?= =?utf-8?B?TS9Yb3NPMTB1MmowZ0g2ZDhUMUVpbHRJT2hNR1RMSFROVHVIYkR3dHhiU0tN?= =?utf-8?B?aXBxZWpONHZtVlkyNlRlbzZkVzJQT04xNHUyVWwzNUdyU0dRVmo5T0V6bXRD?= =?utf-8?B?dC9uR0NZSjZYeGJ2NVdWamI4WXU0NEV6Z3ByODE0d3VqRDF0S2FoMlBoZEda?= =?utf-8?B?OW9uOTZRWEVuZTVUdXpsQ1VIcTVCT1hGZDBDeTVVMDRKNmVUQ2d2K3doMi9V?= =?utf-8?B?Y0RyN2kzMUIvNG5rQlF4Z2hpOU1RYUI1b1UxWjhEZnU0SUIyZUdhc0pqWXpE?= =?utf-8?B?cDlHWm04TlA5bGZXSlRwZTRORWNWeHlIZUJzS3EwdWtUL0dTdUF6ZEtJeXd6?= =?utf-8?B?T2NWeHQ0bm1DYzNRYVdBNXE1MUtMRlQyeTZvYUZCNFpwdFhZcHU2amJLUG5o?= =?utf-8?B?dGtZTDljQXVYN3hmbDRxMGQ1SlpjR3FKVXNUQkZIYmUrQjZZYzZBZFdpZWw1?= =?utf-8?B?S3VicWNYNlZrMHYxYXZLSzVXSjE2UHYyRExjbytBYTBxR1I5QlhITXRrL2ZR?= =?utf-8?B?QlgxZGNyc1NPTmlydWFXM2JCUEp1NmR3TTh2VVNrR0hMOTZRa2VoK1JkUGNM?= =?utf-8?B?QnNQeHF1NkN0UHdQeVdic3FHaTZKVXZEcXJEclpnY2ZiSkZzNUo5cjJocHhJ?= =?utf-8?B?aUE1Q3hTREVUR0RsYnZCaXF4alJOUmhsd2Z5cnRhdVVHQ3ZQSG1Wdkd4NGw0?= =?utf-8?B?NlpHNXdqYnFOOFVsSDBEUlM5STh1R3VHM0RGRngrZUI3TTE2Tk5mMXpjMjcw?= =?utf-8?B?dEpsQkJmdVh5dEpsZXdQbDdPYkoyKzI2SXVwSXdrQ3crekd2alAwc1JCNXhZ?= =?utf-8?B?ZENmRGVEdi9RL2ZQdE84QVg5ZjFCOU4zTnl6bndEWk5FdjZyWmVONDRuZzRV?= =?utf-8?B?NVE3SndvMTE1WFdlSTFiR2wyL2JicWViMDFHS0tvSi9mUCtqemJmcS9SYkpm?= =?utf-8?B?WCtMSG43ZlVlZGNqdWxHdFdTNy9LUlVFallBKzJpSURSRmRTNnZYQWFPOUdT?= =?utf-8?B?UkpyZ2I4eW1waFdzRDdPRDZMTHpHbFpJS1pGQVRGMVhZQUV2L0kwL0NCN000?= =?utf-8?B?VnlHTWlERS9LcEdHVHd2UGNVVmV0d3lxQUVxU0dNK1orbStMMEE1dGFISW55?= =?utf-8?B?a2ZVei9TMmQrOFlkcnpoMmVUOGlDRUV0VEtuUnh5Z2twdmxpVTd3YTVNbSth?= =?utf-8?B?dUlBb2hVem9kM3RRR0hPNW1DNlJOTjVMMXYvci9sZzdHS2xXOE1kQlpjY2I3?= =?utf-8?B?NGF3Q1FVWFlNSE5JT0NlNlRPV3BmZ1ZUQmdjZDhBdXB5TTM5ZFhaK1FwWFpZ?= =?utf-8?B?cUVpR2t6aEpGQmFkZ0dxMWZxNnBFdk9Cb0xwRldlLzh0d2Y3OUdUNjRocWNZ?= =?utf-8?B?L0Z0SmlJNEpraGxVM1hNV0VHN1VyMTBoMGM3djhWeS9OczFSejhDdERLOGIw?= =?utf-8?B?UDA4MnpVWFZuV3pCSVZMbUQvdklhb0puTFdna2JUWTdwbUltLzVQUUZVMlZ1?= =?utf-8?B?dDN2dDcxQ1hnTU4zYjJvT0V6SmtJMVBnU0k0ZlRHSUYzQkpwZVVrSnRGelBx?= =?utf-8?B?VG1UQlVUeTh5a0IwZ1ZLTTVSdTlaem1XaUpBWmJoV090RnFZV3NZUHZmSE5J?= =?utf-8?B?MVM3QXJ1K0JJTlpXdVBHNWRGamg1M1BraUYwdnRtZHNEREs3a2Fsb0hoSC9C?= =?utf-8?B?UnlseEFWd3lJR2lvaHNFVjZMY3g2ZitYOERzY29rZmZWRG9ua1IvRG1DQjRo?= =?utf-8?B?eTBRVHloTCt6VnJvTmppQ291SHpGc0Zra0pKRUdMR05JSUt2blJteFhWRERv?= =?utf-8?B?OFgwRExha2Z4OGUwM0g5dXBTdDlTYkZDWWNwWFFjdzRqRlZFeUVmLzFLYU9Q?= =?utf-8?B?TWV5R3FTWkJXYzF3R1pvYzlwOURTdHJKS2c5bzJCOTN4Z0tXcWpSNHZ1UkIw?= =?utf-8?B?ZTF1bHkvUk8xVDBhTU53Nm5NS2MxSEJkSlJVOGFhaHR5Tk5TK25NSk5XRTR0?= =?utf-8?B?YW42M0dJZzFMMGRDcDRCU0Y5ek9jaXIrWVU4VUhxVWtDempkWEFKMVpvRW5P?= =?utf-8?B?ZFpzSlZ3WHlTbHpqY1ZIeXh3VmlydDdRRGsrWDlTblI1eDJURXB2ZEttZGNE?= =?utf-8?B?bE92Wkp5NzJlUkVDQzRaeDVPeHVjaHd3SjNWRnJ2Y1ZMSDVVMEZCWnplb05q?= =?utf-8?Q?ENqvgYRYUEdP9USr6awFmgx3z5sm7yqGNVUxJVvRUbM+o?= X-MS-Exchange-AntiSpam-MessageData-1: H/pg5KcaMqOqXg== X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: db4f1ca9-0e2c-4378-42e6-08de96dca596 X-MS-Exchange-CrossTenant-AuthSource: BL0PR12MB2353.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Apr 2026 08:39:14.9435 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 10T52K5wy+EQ5tpVlDqqXK8bd2gazgMyNqB3pluJnkt4g4Vnio0+VIth5Tn4evqZw2GQ4r6ULbnISldlZOPbZA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6861 Fix various cases that allow reading past `BIOS_MAX_SCAN_LEN` when scanning the VBIOS. Fix bug where `read_more_at_offset` would unnecessarily read more data. This happens when the window to read has some part cached and some part not. It would read `len` bytes instead of just the uncached portion, which could read past `BIOS_MAX_SCAN_LEN`. Also add more checked arithmetic to catch potential overflows. `read_bios_image_at_offset` is called with a length from the VBIOS header, so we should be more defensive here. Fixes: 6fda04e7f0cd ("gpu: nova-core: vbios: Add base support for VBIOS con= struction and iteration") Signed-off-by: Eliot Courtney Reviewed-by: Joel Fernandes --- drivers/gpu/nova-core/vbios.rs | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/nova-core/vbios.rs b/drivers/gpu/nova-core/vbios.rs index ebda28e596c5..6de7e58e0da0 100644 --- a/drivers/gpu/nova-core/vbios.rs +++ b/drivers/gpu/nova-core/vbios.rs @@ -132,17 +132,14 @@ fn read_more(&mut self, len: usize) -> Result { =20 /// Read bytes at a specific offset, filling any gap. fn read_more_at_offset(&mut self, offset: usize, len: usize) -> Result= { - if offset > BIOS_MAX_SCAN_LEN { + let end =3D offset.checked_add(len).ok_or(EINVAL)?; + + if end > BIOS_MAX_SCAN_LEN { dev_err!(self.dev, "Error: exceeded BIOS scan limit.\n"); return Err(EINVAL); } =20 - // If `offset` is beyond current data size, fill the gap first. - let current_len =3D self.data.len(); - let gap_bytes =3D offset.saturating_sub(current_len); - - // Now read the requested bytes at the offset. - self.read_more(gap_bytes + len) + self.read_more(end.saturating_sub(self.data.len())) } =20 /// Read a BIOS image at a specific offset and create a [`BiosImage`] = from it. @@ -155,8 +152,9 @@ fn read_bios_image_at_offset( len: usize, context: &str, ) -> Result { + let end =3D offset.checked_add(len).ok_or(EINVAL)?; let data_len =3D self.data.len(); - if offset + len > data_len { + if end > data_len { self.read_more_at_offset(offset, len).inspect_err(|e| { dev_err!( self.dev, @@ -167,7 +165,7 @@ fn read_bios_image_at_offset( })?; } =20 - BiosImage::new(self.dev, &self.data[offset..offset + len]).inspect= _err(|err| { + BiosImage::new(self.dev, &self.data[offset..end]).inspect_err(|err= | { dev_err!( self.dev, "Failed to {} at offset {:#x}: {:?}\n", @@ -189,7 +187,7 @@ fn next(&mut self) -> Option { return None; } =20 - if self.current_offset > BIOS_MAX_SCAN_LEN { + if self.current_offset >=3D BIOS_MAX_SCAN_LEN { dev_err!(self.dev, "Error: exceeded BIOS scan limit, stopping = scan\n"); return None; } --=20 2.53.0 From nobody Mon Jun 15 12:15:56 2026 Received: from CY7PR03CU001.outbound.protection.outlook.com (mail-westcentralusazon11010006.outbound.protection.outlook.com [40.93.198.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 235CE3AD50D; Fri, 10 Apr 2026 08:39:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.93.198.6 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810365; cv=fail; b=pzq9So2CHzr2ayZniAE9OQYmE6WDzPgnAeFx8Oxx51tM3r9NDWV11gtn2kBeUBMWZIn/OfmBbFkpUL/5sGeOunKmKmdd6cHmktN1/ReqBeMIWOC0EAG4h92jLgl57hFRjJ+E6MoxzrqBZXT2iE315yoHq7HWplxbU8ZkTcrUD/Y= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810365; c=relaxed/simple; bh=8iK6PUuJiz7jq0YXkp6GnhjFdCcG28DHmqVdKit7yqA=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=ekypk3Pjd3eL+8WtaFMHaMl7H1iQ309DqvuZGSZeu9F/sfXBxROLNW13id3M8MYjwwRiQrKD/KnZoD2WXNLyEmFldRsT4rS+vzKkmp4EQDna2CRuopNo19Qz/elezoFdGKSd1mJcoRqYlJGMN6T+agqeNRfM0MSYCMC/wCgNGFA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=mGr4/iO5; arc=fail smtp.client-ip=40.93.198.6 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="mGr4/iO5" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JzB2z47TdgMq0XMa5mSJhDsHhpB9a4iVDEqPSBoRGZmat+GgtzVbsOJzuQ81yX7NCKxXqes6/GqoE1nNMn1cfxditb5riKdwgMR1EAibEnpokbwiAdsVn4zwe1xfn7qe2qnpug6JeYD1zImbLDMl/VQUw4syc2vCxu8eqWrVBPc/G2DeQNPfUr/623QMLsqQhTKuovjbX0XwKfvWU6fiGoEvBmFIabeC/gXRWk1S0T2mp+RuiicAu/nGvCfnCKrkcZvcOBrI8oFuup61rdZOXLelONpI0Edjgzs8IzPqfEvonM9f+V8LXwi+DiBcFJE24P7lJCbKH74rMTDuKcNNEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4BwER6Nk5cO4ECkE0QPerqfD8CuRQzIVdWOBZNVMWqA=; b=DTpnYa5dt7jnHx0YhjxARE0hR4FjXgpWLW5Z5Kfdvf2RsiIxBRlX8s6RK/PjksNmYQWcesxEjswiUkpGB6pMAJw80nv/4HZexp/0AcvCumPP5kenLq1bVCsTd+5xE9wsboFLQtCNfzKiv2CWfoLBu7mndZyqvC11Tp1CLJ3xCWj0h487M0GshZCnkZ3l8C2M2M6z5euQeIl3igqbXN/UWk952Yn4A5x0zxRjSpVXmdGWgVmacf9iNHoOfD0zVWtAX/H9wGkCb80avCYAMDJ040204YkvLKB5EFlPEIZOMz2Oz6DANyoHdxzjgC8qGJzqdSZ1fzyCEgs38jm0XoHS2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4BwER6Nk5cO4ECkE0QPerqfD8CuRQzIVdWOBZNVMWqA=; b=mGr4/iO5LqqTd55s2oihFcYuSqwRJHO0gv6x8/svD8VtK+5A5YJNSaR1pVcHTMVHWvOhWgOUPKmP5Rb/Awkirywv312n41UOcnwcy47VzUBYpcFZHvU/L0isuOCQ37hNgOQzXMr2rZh9wlMMrM0u5tPj8LtkWIJVBrqfdNv8UQbkCpQjgmFcMIVVqkE56rIVEwoRF2BdIACIpFmGYL/Dvjv4zKysPYkpBNHJ1VQSlLz5koMi27g5+XvQaR3uGXwRf8N9EEW5ZOJmHKVyR0ADwXX4VY2gia+JK0MKer4ovS62Hq9sUncgfMfUoupbYH8NtimVeM8i++WmSwiKRrjwSw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) by SN7PR12MB6861.namprd12.prod.outlook.com (2603:10b6:806:266::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.42; Fri, 10 Apr 2026 08:39:18 +0000 Received: from BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0]) by BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0%4]) with mapi id 15.20.9791.032; Fri, 10 Apr 2026 08:39:18 +0000 From: Eliot Courtney Date: Fri, 10 Apr 2026 17:38:51 +0900 Subject: [PATCH 2/5] gpu: nova-core: vbios: limit `BitToken` entry reads Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260410-fix-vbios-v1-2-bc6f71d153d6@nvidia.com> References: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> In-Reply-To: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> To: Danilo Krummrich , Alice Ryhl , Alexandre Courbot , David Airlie , Simona Vetter , Joel Fernandes Cc: John Hubbard , Alistair Popple , Timur Tabi , rust-for-linux@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Eliot Courtney X-Mailer: b4 0.15.1 X-ClientProxiedBy: DM6PR01CA0010.prod.exchangelabs.com (2603:10b6:5:296::15) To BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL0PR12MB2353:EE_|SN7PR12MB6861:EE_ X-MS-Office365-Filtering-Correlation-Id: c0ca196c-622c-490b-a627-08de96dca76c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|10070799003|18002099003|56012099003|22082099003; X-Microsoft-Antispam-Message-Info: 4ifJjT5iFNvRqDpWFko+hDqlkR/kHq334s5tUpgSHe+z+6KYY0HpAW+9x5cztxak7TSEfUGE4C2arroWZL6iOLOSrKb7/sx5W2r6fSliyBsD5ACBq9NxcMJ16Iu0gzG9iEl/5yvIzLNpPAcB0JefAkMEnHv97JJbt3hJiRR7plQ1pnxqT5K8r9jR9DyAhV2HrJjCKu4vHOLIWlzkeTcprTPvZnVYgtddplwh9S465Z25vxcFom4mRGeoX+Ggp9sUQMdtVNuMBYIj9HWQ1kDs4kWOEHVKOb0LuIRcvorpDeRMZQx2Y53VLTqJTS+WwcJVCiVPXMGmjrK21+UTatIxKmnQTzu8pCtqNhNXPVs0j16Gq/Zi55V9fCAin8FKfncjnLGzpEXt0dFQGVEAJQJXRUwkipq28uBvjWlqaZKpxLJ3FHL5weGyhMPmrJvFlzUGI2rhOfbeg55IQkqXW2A68nipdvYywY+JIbKGXJW1sORJgSwfuz7wd/vbKhWy+6xsBUL9HwSbHg8BAJPaA9fh5Bje9vpjjt2OpWfRT9yLFIQARJovTXhLjmlwDsSuMB1c2en3ycQcKp3DInZBWL2U+9ep7Ou5+nsMyPJFccdE/yfNT5i95NCKZIMrbWaH41iycMLnomlROr+Szu2oP1cQY4qSDP5csCfVpj4KczAlutLEQILuKa1j6hgvWYOSzmjyi7oeWhbJkzSa9+ssust46GB/ynT7ovAJBn3UNLNbnHQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL0PR12MB2353.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(10070799003)(18002099003)(56012099003)(22082099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Uy9EVUxxd1lvYmd4YVF1aU8rNkNiZGZNQ3BPOXA5SFVxUytaTTlZclhPS1or?= =?utf-8?B?Q3R0eVhPajQ1U2hab3pRRGpzdk10c3NXK1cxSHpNSGRXS2w2a2laTnpzb2tK?= =?utf-8?B?b1hzcjZmMmMxVFY2TnZYdHNkUytMeWpieTk1dEROUjZhQmp3WTBBelBzOGFt?= =?utf-8?B?NkM2U1RYaWhIQnVjOGRHU3UzOGliWU9Fd3JWWVZBOUtuV2ZZWkxPQ3BnME5Z?= =?utf-8?B?UXlnSEZ0dHk4Y0IrUXFkZVExQS9pb3pGb0M5YllqakM2MEhoRE5GZjlVWUxS?= =?utf-8?B?V1p6MTJwZWNvTDRtVXU1ZWRIV2txNGhEaVZIcWJaaGhXTHc5TlNRcVhIelFO?= =?utf-8?B?NzhMUHZjYk9HVGNRVTlncVRaaGZxa1M1cGl3Yis3Y0ROQXhWc0F1eWhyOUp0?= =?utf-8?B?RVVmUE8wWHltZ3VmWjlWakNtQmdhT1A2TDZvR3FibkVPZEFKNGdVWVlOU1dL?= =?utf-8?B?UUZIMnVmSnJBNmNxdHE4ZmpWc3cvUEZpY3ZXb001VWZHdjJoaWVjbHcyWkNi?= =?utf-8?B?WnlvSU14YldZTlFUWmhLeXVIY0tVNGFLVHZqZXZraVBsMWRLOFI0cDZEekFq?= =?utf-8?B?T0hrWGMvNWljWFo5bzI0dHpJZXkvLzZKNmlGR1lOSE8yMGozbG53UGZ0ZG1a?= =?utf-8?B?amVLbTMwNVdCV2lIdklWME9MY1pHb2xBNXVWd3V0cXltQ2lSdy9PTHp2dlg5?= =?utf-8?B?Qlk5M2M1UnQ5YXF1MjdxUGNLZ2Q0MU5jcHlXa29DTWRDeVZ2ZExITTkraGRz?= =?utf-8?B?RlFxcDB1SXJUOEJpVlgvWG4yMXRhVk1GQTE4TXliWEo0c0t1Sm5MLzIrZnMz?= =?utf-8?B?a1lkSkk4eXc3Ymw5c2R3Q1lIbGJlM2U5TjNQSXBMUHl4WjJJM0grL1hXeWRN?= =?utf-8?B?d3ArOFVtWlZXRDB1RVNHRlhuSi96dmJxcitMT2lMRzBONXJZbW4vWEZuZ0tE?= =?utf-8?B?UjNEUjc1VnMrVTlFRUxKaTR3bzRnc05QdkFQa21xaTM3ZmZCN2hkbTFieVV0?= =?utf-8?B?aGY3UHlLa3hOYzRlMUx4Mi9TZTMyN092Y05YcHo2MjJBbXhOZXNWV0piVDJG?= =?utf-8?B?elVXbnZmRHV6ek5oeCtkc2NTUXk5ZWl1Y2owMmlEUm9OY2lmZVI0WE5qWkRG?= =?utf-8?B?L1dzQjZWZy9OQTViYjJTRm85ZjBXSjBVM3Y3K3hjRGtiSGwwNUlxZGU1aVY5?= =?utf-8?B?VHl4ZDVva3AxV2N6Q1EzYzRVakc0amFSa0F5Uzc3SzNsZHg1R1VDekF1YzZO?= =?utf-8?B?QTNpdGlZM2U3bmFxaEVvYVFKYk5JdlF5bXNXTWlMaFF2bUdiMEhaUEw5MlVn?= =?utf-8?B?QXlOYTBQSFAydVVtWGtReExyZ05CYjJlZ0VXMFY4SkxpZlg4bFFsYmdwalRY?= =?utf-8?B?dmZqQ21OOHRoQ04wazByRzNPcVZSMUhYRFEvQ1VPeFpHMlNWdndQUXJqaktB?= =?utf-8?B?dE4xb3JHMFpKa0J0c1NBVlduSmxxK3BaZmRQRjBTRm44RjRHa0Q1eHh4c00x?= =?utf-8?B?TTNmOHJFN05CTGczL1FZZXU0NE41YVVaS2NnR3BNUnphNCtIZnQ2bDZtVFQ5?= =?utf-8?B?ZzVoaFhzdkY1L05wS01TVWJTbGIzUE0xaVZaZjAxTTFiNUVWaE9mcHRLWndC?= =?utf-8?B?NFJOWkNMbDQ5MnhOZGduN0xNYWJGWkwxMGFhS0dETGZXSEQ2bkpiZ0RQekFr?= =?utf-8?B?SEt3NmVoNDVHYTVYcW05L01uTGVDczZpYVN5a0lIa29nbXJaZStJMG9XMjls?= =?utf-8?B?SHYzN2ZJMVNaZHlIWFFOQ0Y2Y1pFSkRWV1B2NDE4NVBnL0IwT3dhRlJNWW04?= =?utf-8?B?c2o4Vm9CcFN1Y2toczVoMTRXL2tSUzBMcUdQM0VCSHhUVVZoY2s0Qk9DTEJT?= =?utf-8?B?K1JQWnhsLzdFLzlEcTF2MTQwOVd4VXY5c2ZiS2pvWmxUSytMRHVsOFRRYnlR?= =?utf-8?B?K24wc2ZVaHZUV1V2aysrL2dXMDBsU0xGYitZZEFLeFhyZHdDM2V2ekhzSk5C?= =?utf-8?B?UGZBVkZ5SStqMWZVNFFxVk0vQTFzK1Z0a1lCbld2QlBRWmNFdGdBaFZ1S1pS?= =?utf-8?B?UU9mSjRIaWVWTklzWS93RFU2ZngrdkZLMnp2dnMrYW1nYklCNy9LamxUdmNJ?= =?utf-8?B?ZS9FWGR0aldOVUlWVnBSLy9IZmRzU1RvNFdXYnZNMGZEQ1B1Qmc4L1VzTEs0?= =?utf-8?B?Z1d1dVQzZktaWkRoQjZIZCtFTGNRQW1VS2RUb3Rhc2hXeGdpU0NrNmRTQ3JB?= =?utf-8?B?TmVzMUR4ZTE2R29jeXlFQ25kZmUvY0hpOXFkUXAxMlZMZStmNC90bVRWeFRR?= =?utf-8?B?VUE0U05rV0hRbmIvVWpteG40RnF5WUxZV2h1cUhGZWEySDZab0kvN04weU1v?= =?utf-8?Q?gSsPbelrhcahdIh+A+Wx4yh/TTnE0WPWqHITx8dkP9bfa?= X-MS-Exchange-AntiSpam-MessageData-1: r5Mc4cq01tHZKQ== X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: c0ca196c-622c-490b-a627-08de96dca76c X-MS-Exchange-CrossTenant-AuthSource: BL0PR12MB2353.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Apr 2026 08:39:18.0482 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: snToGPUK1gE+hR66hQqFgsP3mL8iJsCJ+69UB6bFKzweJeG7C8l3JX947yQ0KXDf+w+yYI2fs6KGnTYBmfnybg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6861 If `header.token_size` is smaller than `BitToken`, then we currently can read past the end of `image.base.data`. Check that the token size is at least as big as `BitToken`. Fixes: dc70c6ae2441 ("gpu: nova-core: vbios: Add support to look up PMU tab= le in FWSEC") Signed-off-by: Eliot Courtney Reviewed-by: Joel Fernandes --- drivers/gpu/nova-core/vbios.rs | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/drivers/gpu/nova-core/vbios.rs b/drivers/gpu/nova-core/vbios.rs index 6de7e58e0da0..de856000de23 100644 --- a/drivers/gpu/nova-core/vbios.rs +++ b/drivers/gpu/nova-core/vbios.rs @@ -423,31 +423,31 @@ impl BitToken { /// Find a BIT token entry by BIT ID in a PciAtBiosImage fn from_id(image: &PciAtBiosImage, token_id: u8) -> Result { let header =3D &image.bit_header; + let entry_size =3D usize::from(header.token_size); + + if entry_size < size_of::() { + return Err(EINVAL); + } =20 // Offset to the first token entry let tokens_start =3D image.bit_offset + usize::from(header.header_= size); =20 for i in 0..usize::from(header.token_entries) { - let entry_offset =3D tokens_start + (i * usize::from(header.to= ken_size)); - - // Make sure we don't go out of bounds - if entry_offset + usize::from(header.token_size) > image.base.= data.len() { - return Err(EINVAL); - } + let entry_offset =3D tokens_start + (i * entry_size); + let entry =3D image + .base + .data + .get(entry_offset..) + .and_then(|data| data.get(..entry_size)) + .ok_or(EINVAL)?; =20 // Check if this token has the requested ID - if image.base.data[entry_offset] =3D=3D token_id { + if entry[0] =3D=3D token_id { return Ok(BitToken { - id: image.base.data[entry_offset], - data_version: image.base.data[entry_offset + 1], - data_size: u16::from_le_bytes([ - image.base.data[entry_offset + 2], - image.base.data[entry_offset + 3], - ]), - data_offset: u16::from_le_bytes([ - image.base.data[entry_offset + 4], - image.base.data[entry_offset + 5], - ]), + id: entry[0], + data_version: entry[1], + data_size: u16::from_le_bytes([entry[2], entry[3]]), + data_offset: u16::from_le_bytes([entry[4], entry[5]]), }); } } --=20 2.53.0 From nobody Mon Jun 15 12:15:56 2026 Received: from PH0PR06CU001.outbound.protection.outlook.com (mail-westus3azon11011060.outbound.protection.outlook.com [40.107.208.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D54E53AD53F; Fri, 10 Apr 2026 08:39:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.208.60 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810369; cv=fail; b=pCZWP91PPyX8jgdJG8m+7j9Fnjz+hK9F7nxQJ4AuuT3w3Rm+K/e4/0s+iv5sPtcd3fA7V861ujmhqA9U/MHO7mNtRVa/XepZovnPbja09JCJx33WDNcAXt4LegkPUinKB9wD28zvgKVLw4kFgBlHnTYD6BOfusqNqTaYequoHzg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810369; c=relaxed/simple; bh=T/P2lES2x/Ub3hg131kckcRrEHnjY+/WE/eNhnkqDOg=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=sTh6kfTqpzuTA2iu9TInx2mpBgBR/EqEZq82187sX0DyShwGoEhnyuqww4pPOvEzu+4W7eroBj9Yn/4fc+eM2cIa9JSprZBE8Z8FnMtgYO9ay7NUBC/wSKEhC1Q++TS7xh27kDB+XsrlmIpGE4eF68fY7jMkYZG0N09An990UvA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=AC+7Qbmj; arc=fail smtp.client-ip=40.107.208.60 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="AC+7Qbmj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=sUC4Ig+f61cqE/TwUtI9uGBc2CKs4JBj8fJOZZnq1ZOAQTcv1rw1f5Frf1pSt6ArIvVXfNrI+Ydd+vggtcsybL+In3avkdQFhWJavRQmBxw8IqpTkenQ99xIdmcqk4A5UfW990uyJ+Iub7bnQnraYFncT60eiYZxA3Ct6ZEC38pBmPYuI1vFko0opR9/TBoANckXKsJHNWH12aTLGv2dnSbuSRdA8kSmqQex8wNKtOcJGJnRW3ERRtSp5IppwHADdij5N6gBZ2gOasGcu+b1FDQTqnNV21f3Pq+XRE/UTpPfRuGWnA7rGylQ+nuRp1jytMOKBIMdmuzjbUqkYG2/WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EydaJV+AGxZ0vvE2UykCsVBFqBrsGVxSycpkXYeuumw=; b=bBZ+4mDc/onCT9uxoPQO3y7+FwAnqTCHvbEqwJiEqwGQ7L+iO6mwJh5WUvzxRZ6UVf06pyqxfe8/7zX+3BMoNZHHx5348hBl+p0Ndpb/HzzJVufjT4iVC8EYzIIy4MfEcAtyM13E3WMak1oip+wzis6tDj3fRgcmws+gOPnG7+BDTi8SYIPugCV8vLGGRXsL6eDkZ8bcOlWqnBLULBFgZbHdHgdwt2ViwQgtrTNTjmxBZDgvaf3RqPA5Az8moNBAOy4Gk3xR54BoaqbO7Z4Ox1l7Iwhjqaxv4jOa0AkfCyo6jG9KwfyDWPMZFw3ZI7o+rHWRznj4S/ce5uiSlwhj2Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EydaJV+AGxZ0vvE2UykCsVBFqBrsGVxSycpkXYeuumw=; b=AC+7QbmjiG6fV6XTG1d+f14OGrsWXX7j0Hi2L2h/XM9h2j8cMGDX0bDuKf10pIBhNN/PXZXTOkt3whF0DXB4Z6Ghb7s10xmcwIt+b8Mr+zDmM+/BvunezxIOdNsnZ07c5FrAdBmC5afjicjvJkPyOrs7X1azHGIlMGLoHgK3udF4U0NZXsQz8X7SUJubJDDp1qk/dcHmh0sCf5JONB1FuV+CIWMnW6cOvHxJ3scm6YkwdnQkdHQdvpIXcElxn+zvuo/cVzGRU5TqA6fbrPtTFzzca2OhDJDwvDovZimS2CrNSqyCxeMm0AKSRUluuquwXVx3Upa0KOFjm9Iw6MgJhQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) by SN7PR12MB6861.namprd12.prod.outlook.com (2603:10b6:806:266::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.42; Fri, 10 Apr 2026 08:39:22 +0000 Received: from BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0]) by BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0%4]) with mapi id 15.20.9791.032; Fri, 10 Apr 2026 08:39:22 +0000 From: Eliot Courtney Date: Fri, 10 Apr 2026 17:38:52 +0900 Subject: [PATCH 3/5] gpu: nova-core: vbios: use checked accesses in `setup_falcon_data` Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260410-fix-vbios-v1-3-bc6f71d153d6@nvidia.com> References: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> In-Reply-To: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> To: Danilo Krummrich , Alice Ryhl , Alexandre Courbot , David Airlie , Simona Vetter , Joel Fernandes Cc: John Hubbard , Alistair Popple , Timur Tabi , rust-for-linux@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Eliot Courtney X-Mailer: b4 0.15.1 X-ClientProxiedBy: TYCP286CA0078.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:2b3::15) To BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL0PR12MB2353:EE_|SN7PR12MB6861:EE_ X-MS-Office365-Filtering-Correlation-Id: aaa7a795-a66e-4912-2394-08de96dca9f5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|10070799003|18002099003|56012099003|22082099003; X-Microsoft-Antispam-Message-Info: ToetGcc2fK4azCq3UEU05pUctCAP2RzMEWePQmlI0Jtfbi+603CzF3G5EHzO3jf8jlkY9/Q9bAUwnH1Q2pvsa9NQs19eMuAbSjdi8XVtfZi8QLAhyqOA5rVlhZQb7iL44daAeww+EjKXDYlHjM6Ytw+oQKsTdSS1B4lPkLRLil+J9WgGTG254QCa5ZN+mT9XDPvAtIEm+45kpQz+lTfTKFdKbRf1iZCq1dFHd++fCf3RfHYNx38YanN1jaFTgxoBlR9ZLUfkVgtaNONzplfD5dxc3RCFWIueTI5grHk56Koe1vWK/8AAU8YFtGcZLxDrwTKSchTW7hb7YNfwBcPSvyYqeVtqJuWEM8Zw6oECC9C+uW/ldnFPN8eLXJ2crzPGR3h2LoDOXwimLNbquSmbDpKJxJSv00J01ltH06rKJv1puynGv9wbRWLQVkhKwyrsaOdaRUK38QejRjPP68JIXQVFFl2JxXC298b6vL+quVdnwZol2HqZkOYGbTy76KvDqEcrkczMdY+3bjd7dbETXTvKPdDXWjKF5sIZqJlAEaUYxvxf0vQDgoT2o3/LOgdCTWIyHmXtySqbm0uT/I7pXSa55aa11NailjXbR+THnFvlLNEn28TBZZ/CJlmIyLmsSLr03iAC9jZxVTUWkR8R/9Nh1Rx7KKHFcA0CkhGEjSyoXaZkic0DtwUAOI4kn3GUTgBcEf34MMyOqwB65LKHCJPR/NRQjlCCX93h8pmVLTE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL0PR12MB2353.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(10070799003)(18002099003)(56012099003)(22082099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?aWdlcGdTSkpUaTRnSDR5aGNaQUVUYmdqbVNvazYvT2V6QWtqS21GRHVnb3N3?= =?utf-8?B?dGJucU9PUWoyRmZ3Rkk3bW81K0liWlNNWGc5cmRuM2hjMjJPYWs1ZzdOVGVF?= =?utf-8?B?Yk9pem1YT1M3OUVjb2gwVzFUK0t4MmRZWGt2Zm9QT3NIeG41Z1hNbzRXOEU2?= =?utf-8?B?cjlJZEpNc0dzUUliaDJVNUtKMSsrc291LzZyTUF2Wk4xTHNudU5nSlk5bDVF?= =?utf-8?B?M2c4Sm0zWUdLa1N6Z2N6MVpEdzlTWEVveTViQ0RJVWVOd3I3bkdvT1dSdFNh?= =?utf-8?B?ZjBGemc0cXJXZEVVUC9VZFp5S1RXaExwNUV6TzhoZVRZZjBPRllaanJXU1ZR?= =?utf-8?B?VUViWm9QRDBaV0ZqOGluMTlDOTMzdnZMNHVacDBTQkkyTUFCM0lqazlzTjVB?= =?utf-8?B?bHcxbUVjRWw4c0t5NlhmMWV5UDUyVzlBNzBCeWV6TGp2YW1IajZkcnR6Q0lx?= =?utf-8?B?ZWRESXE3bDhITGxReW1RVU1ndjB3MVZVcExxbkVVcktNRDFwaTB4YTlud1RM?= =?utf-8?B?ZFhnd1hVV2pWYjNwV2hUUmhKb09lV2IxcFN6bWc3TmdlanVhby82RFVVZUtS?= =?utf-8?B?TVlQaGdyMXBJUDE1S1lyM09mc1k4YjA4YjRQTzN2dVRoaHJ5akpwQVAreXls?= =?utf-8?B?R0ZoeU90MkhqcUhNazM3cDB2Q0ZObU1TNHg4RW0zZkpFcEZyZGdsNzQ4eVox?= =?utf-8?B?UGxSV1haRjZSeER4d3BMZ094OEk0OXBjVzVqS1BMZjFFek4xRnQvUTFUTXk0?= =?utf-8?B?cXNRVXFTa29YcEZTLzBmZnJzbWE2dlZHSnpuVGQ5R1E1bHNpak4xZTBhSGI2?= =?utf-8?B?T3JXVFN5RVh0NlpXNkNDOUEvT0dPKzlKU0UrZjNPMERnSzRFcmo5T3Z3SlM4?= =?utf-8?B?SzhDQXJUM1lVQldjNUFXMHBoc21qS1prT1FjNU9lNFFOeHVtSnJ0dFJub0V2?= =?utf-8?B?Y3M0R0gwOFhEQmYrcjJmLzdTN01LMzExbUZ1OVB0d1ZGWldLZHpQT2FyN1VU?= =?utf-8?B?cFBJT1VVMkpTekhiMDVzaWNuR0Rra1pSTStCdlVhRnNFRGc0elV4WitnTVd3?= =?utf-8?B?OXZsVjJVODFHK2trTmhQNHlRMFBHb0FrKytHQnBwTUlaRW0vWmJEaFgyaFUy?= =?utf-8?B?aHpvZytJYUpKR09BdzBwQytkZGExU1pZWFM3MWFCbzRMbERVWXd0RmZRcC9p?= =?utf-8?B?SEFCdWdPSlJWVytEMjF0UWRLTllidmF5cmRuektsekZoOGJRMlpUUWJocHgw?= =?utf-8?B?RWhxUk9zejVMWHphS3RDSGwxMjArVWZ4ZTJPSjE3NGkrZFluWXJVQUNmSkcx?= =?utf-8?B?VmVpeFRwWWxpeXFMbFVLVEc3cHVoUzVwWmNFckxGbFMrZVZXWkljRVkxTmVY?= =?utf-8?B?MDJuUlF2dnllbkpRem1nTFg2RzNKNjNUQUdiUkdoWllybUhlV3hOVE1nSjEv?= =?utf-8?B?Uk1QallxcmN2UEt5QXJFREZqckJ5cVUrMDYvOU5zeEdBQnRhMGREZWhHT3kr?= =?utf-8?B?SjFJbHBFcVNNdTNDbFdvbGliY203dnZkMEVoWXdyQ2xxOHBjVHFuM2VINktM?= =?utf-8?B?YXVqTmpPRlJzaU1xbW5scjNqVTA4VFdNMmNQd0RQWU1rTHRydDhXMWZaVFVE?= =?utf-8?B?YWQyeTdYQ3I2WWFLWHhFWEh2MGJROUgxbUR1TXhTN2JwRFcvL1pEd211b1h4?= =?utf-8?B?QWNjUU1PVUh3RTNHa1VMeVpkTHlIY2NMMHVtRnB0TjcwK29DaXU1OVFGV2pI?= =?utf-8?B?a1lVNGRCa0pmanpnNWp3b1pudmVscDZHbjZPekhBVktKRDdIREpQWVZYSy9q?= =?utf-8?B?eUo5c010TUdlRUpSRWtQelJITHBTUkNwcUxJOU1LRXVlVnEwYlh4dUJpWjdm?= =?utf-8?B?WS9IWWZja2w0VXM2N1RJV3NHZHUvaytGQW12QmZUQ1FRRFFuTktkYnl3RjlP?= =?utf-8?B?WkFZa2svbldwbGQwMlVObmNYWHhKT2NWSWFHY1FTT2RvbjB4UXMxc1NKNnEw?= =?utf-8?B?ZDlHNUlQcHJVTzN5dDZRRCtLVnEzd2pQTStpbnpzaDN6RHJWOCt5NmdqT28y?= =?utf-8?B?blFrdmZKcWdYUHk1QnBxZVR4MFVYSTNrRkFkQUJXWEtwaDkxL2RjenhFNWZt?= =?utf-8?B?RTNUZS95TGlRSWdCbWllNWNCZjRpY0dvcTFXYmNlQ1RpRWZhVFJPdUdyeHZw?= =?utf-8?B?bFplQmYyZEkreWVuTWxuekdtZ2FIcjdnelpVSW5OY2RHeFBaa0o4M3plTEht?= =?utf-8?B?MlRDRys5dUhMK2Q2Q3pmTy9BWjZncEZRYXVaUDNxTEhOcm05VmIrVHh5akNm?= =?utf-8?B?UEZpaER6aVlMV2NLeHZWUlJES1FKVGFaVEdFMFk0VXdWTE1HMDY5bkZuYkYv?= =?utf-8?Q?mek+3xOzrYC1+HpZWxP4ZfzpDQxu6fhQ2bBnLcy0cxSct?= X-MS-Exchange-AntiSpam-MessageData-1: FNwtSu+fyKylZg== X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: aaa7a795-a66e-4912-2394-08de96dca9f5 X-MS-Exchange-CrossTenant-AuthSource: BL0PR12MB2353.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Apr 2026 08:39:22.2520 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5YUM9m6MJFAPTkwPSQGsJHcNMXIhurVpi/kgfEWjUh8OA2QxAMti+gB35uskQ9Tg4Z02vBV5uuAY6W16nFQQXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6861 Use checked arithmetic and accesses where the values are firmware derived to prevent potential overflow. Fixes: dc70c6ae2441 ("gpu: nova-core: vbios: Add support to look up PMU tab= le in FWSEC") Signed-off-by: Eliot Courtney Reviewed-by: Joel Fernandes --- drivers/gpu/nova-core/vbios.rs | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/drivers/gpu/nova-core/vbios.rs b/drivers/gpu/nova-core/vbios.rs index de856000de23..2b0dc1a9125d 100644 --- a/drivers/gpu/nova-core/vbios.rs +++ b/drivers/gpu/nova-core/vbios.rs @@ -936,17 +936,12 @@ fn setup_falcon_data( =20 self.falcon_data_offset =3D Some(offset); =20 - if pmu_in_first_fwsec { - self.pmu_lookup_table =3D Some(PmuLookupTable::new( - &self.base.dev, - &first_fwsec.base.data[offset..], - )?); + let pmu_lookup_data =3D if pmu_in_first_fwsec { + &first_fwsec.base.data[offset..] } else { - self.pmu_lookup_table =3D Some(PmuLookupTable::new( - &self.base.dev, - &self.base.data[offset..], - )?); - } + self.base.data.get(offset..).ok_or(EINVAL)? + }; + self.pmu_lookup_table =3D Some(PmuLookupTable::new(&self.base.dev,= pmu_lookup_data)?); =20 match self .pmu_lookup_table @@ -955,8 +950,9 @@ fn setup_falcon_data( .find_entry_by_type(FALCON_UCODE_ENTRY_APPID_FWSEC_PROD) { Ok(entry) =3D> { - let mut ucode_offset =3D usize::from_safe_cast(entry.data); - ucode_offset -=3D pci_at_image.base.data.len(); + let mut ucode_offset =3D usize::from_safe_cast(entry.data) + .checked_sub(pci_at_image.base.data.len()) + .ok_or(EINVAL)?; if ucode_offset < first_fwsec.base.data.len() { dev_err!(self.base.dev, "Falcon Ucode offset not in se= cond Fwsec.\n"); return Err(EINVAL); --=20 2.53.0 From nobody Mon Jun 15 12:15:56 2026 Received: from CY7PR03CU001.outbound.protection.outlook.com (mail-westcentralusazon11010055.outbound.protection.outlook.com [40.93.198.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6EAF23ACA7C; Fri, 10 Apr 2026 08:39:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.93.198.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810373; cv=fail; b=AhBSHlC6n2s5DZl5TEBW0GUDnnSkEaKUmGohI3CI2AzW/h3wBVeLLlzYiUkfhdRSF2tSgSnDyjO6T5wgNJBHpG2IG2B0T2AsseswdB4IT1pawdhoxupW3rBLCnffAkm49CNqKcnilvXol50dpIwsdjk99M2Rfk2/xH+WT5Y1m10= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810373; c=relaxed/simple; bh=+ZV/dGJS51//7iWoKBhSqjQfdCzNQLKBN0iCGzSFC9k=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=nBvCDPCvEuojHnt4Y1nHera3z2jenb2LMua7xPbT8w6fbLkgSYu+AqVv0urSj1a82X3sG2OciIjz/7r8ayKX0SNEYx++zv+uxAmlBR7ZQTAj/5ZZ1zzw2CzXT/V89SGdM3/l18TsnhyE/YLz8+1dMWwGtQKBaerPBstlC/bNH5Y= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=CXyoaewC; arc=fail smtp.client-ip=40.93.198.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="CXyoaewC" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AYhFmIxWOSq36zJCc3Pobhr7p5BYaGrwAwH+3j/IGLvHrmH13RbAEqpEgbkNCgdc2N+4fvqyCu9qknMv+qUkEQ7U4UivbSqXMR69EvivEUeJUhfnR0QhN+/Or3fTRJgzvoJCe9o+jHHGza+M2SRALkZBRUuWqujbznJdB52361UpBM6VKvcA37zcV3d3gKmbwTeQME6Ok7si3UHezqQz25CrMAS+lVRClrZ8wDBO7TIq3meM9fNuexUQNoM/u4c8rV/MFmAdtylWETufLSMs+CQLPK44YN08YSmYTWkU9WTB0jRrfqpLSiBVgseh7Dj6jS0Nv474uiwfeSqlHBeVIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=L1ZcVTMHbLandu8LRIBJAGQpcSfyeXMEvJnXiD7UwsA=; b=KCoKdRG13XlEG8PLqfty9NWIKfSzUUYGQqk6ngD0OEYM2qTKgjXpxml+6T/tGL5rqb55Nrmkoxp4BVBVNZ3C2cWa5gfIMZjSbSAOHO811Ufi7GP1dctEGyOv5h1e2DLnKmj1onvL1QeqpTw40oCDDQwx3PZ9LxXSYUEGcVMFmdaJjzLlotEciWmExR1Jd9UG8PcBhmpJlPKU0p34gbJ6eXScUEYCpf695ppw51/+8jK7mdxf9x80ulB4emek1Q/eE/yKLyrOh4NeUI/6pHPagWb8otnB9AO/yCqmwytLmg3ivA9fZ6o5QbUb4OBsCiG59yyS1YiABlbgqcB3niVCWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L1ZcVTMHbLandu8LRIBJAGQpcSfyeXMEvJnXiD7UwsA=; b=CXyoaewCKfVC/x69E/+pHns68Upv0iz+VKvsZS8WJAW+S4SXg6HKUkD1QCDYfNzh7yI9zqDPSipk17zGm2Zcvd0WTBfFbKPPnd/BHtEnN7AingcpAOfgD6qN0cKganiBbKAkSXzvPN/54sNqsq5akbbtIRzDXuayyxDn7HLvPgyTCS7vwL2vjrsPy16qson2XBTurj3Nru+EfemY+cWKKV/XTuZqkFLDHh6bGp76cChLhuKbFjhEpkmteEJiUVNrgBCllhBZD7h6glK0zMTx7JVPDyHYnElbXnh4xENLaE2rfWeOzVApq1XWKYkhQP0zrVDD1ueRaxrPutnfVq60Hw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) by SN7PR12MB6861.namprd12.prod.outlook.com (2603:10b6:806:266::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.42; Fri, 10 Apr 2026 08:39:26 +0000 Received: from BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0]) by BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0%4]) with mapi id 15.20.9791.032; Fri, 10 Apr 2026 08:39:26 +0000 From: Eliot Courtney Date: Fri, 10 Apr 2026 17:38:53 +0900 Subject: [PATCH 4/5] gpu: nova-core: vbios: use checked access in `FwSecBiosImage::header` Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260410-fix-vbios-v1-4-bc6f71d153d6@nvidia.com> References: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> In-Reply-To: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> To: Danilo Krummrich , Alice Ryhl , Alexandre Courbot , David Airlie , Simona Vetter , Joel Fernandes Cc: John Hubbard , Alistair Popple , Timur Tabi , rust-for-linux@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Eliot Courtney X-Mailer: b4 0.15.1 X-ClientProxiedBy: TYCPR01CA0189.jpnprd01.prod.outlook.com (2603:1096:400:2b0::14) To BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL0PR12MB2353:EE_|SN7PR12MB6861:EE_ X-MS-Office365-Filtering-Correlation-Id: d4b51e39-487b-4276-705e-08de96dcac52 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|10070799003|18002099003|56012099003|22082099003; X-Microsoft-Antispam-Message-Info: Aug601WM7HHNp1AgdgDccAQ3xbK+Sh9rE3zVEns+tyU71k9gFG4c8UUSAbQlqoyJP/EM0HPP/M1OtnStrRyuy3PIhQw35dOKFKYW2YsnzkbSvhRWCbpVbcABi5se5759p+ghBpKXvJM7XzgvlrPDwhxWIBYJwAqa0tZrtRbmc1KzUHkeo2xL2L2J/Vome88bYUn9ZQoDtf5auISE/kNDtG9nSFzCsAbVM+pDj8XCE17D9KThvUgJZX7G6drqPqUpqGJsEtZsyhTbLRjzG6QYXQXDpUqPPhS6QHo8tNbUXcI+186b01fJU/PibhYA8JjcJLsVQWy875q6WNXNGksBJTH36mvYQGZ47bqmNuHASaofPH3kWqhSj9L1Ijz25F3191F8DfsUKE6sDL4L+q43HjlDHoTr1nUg2ol9ZvEYeo9eXHuxKIdi40JUAJzmXy5Ty+JlYcG+d/X0Db/00tXbYW4AVEPTfLV65OO5Cq45c2kG+S/Np6hZpzKBPINwdlaAaJTtjiyguYO0J9VPVM2EyDJN4uXUiWDtkKf0ZjPdPKpd96dvlzmcz75o1IOy5ys9pi+s4RbaY6SpzHpuNVe3rnzCVGtvLUCJJD4nvb/Pjxmf4770obpB7x62m60DwaGIrYJBz3R2COLO/5np8LuOrSECrq/JoTgnAZxurjOLO//h5ZxopPXAQ44Lxl7pxSTmKxrf5rBKLVsh6PLYpam4RPzFftFq33kcmWQJjHeyRwY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL0PR12MB2353.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(10070799003)(18002099003)(56012099003)(22082099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dlltQWxBSW9lNkE4ZlhZby9wbDdvMjYvSzI0a2daajVwb2ZwbEw5dXVJT3Mr?= =?utf-8?B?b1dOSE9pL0xtOVE2ZUFqTGNBdEE3ajNMVVZXYkNCV1dveUpUa0p2ODExTm5E?= =?utf-8?B?SmN3WXhMeG5wTXlQa2JlVkpuSUxVWVcrK0pQOHNhVnVBMVZyaFZEelBMVzlw?= =?utf-8?B?V0VKbW9kK1lCeFFZYnh2dHhNdEJNdDFyMVhlT1Z0SHc5d1lvZXFjVVlxaWE1?= =?utf-8?B?RENDZ3ZaazVoWGorSUlxTDkzQWN4dlFNZ3hsMVY4S2x0YW1yWE1RaDhqOExx?= =?utf-8?B?N3RVYkJPZTFHd0xFaldUV25iMUYxMmxMRXJ3QlNFY3RkaC9ocUpqaUh4Y1pl?= =?utf-8?B?dkV2Y0R6bVUrL1Y4STlKYi9zVkVSZUcyczNqRlUxanFxZUNCZXl0aWpZNUZI?= =?utf-8?B?MnMzYTJreHJxYW1IT2dDSlJacjlpVDBUeUEzWXUxaVQ4M1RLQWNvZmpUYzJ6?= =?utf-8?B?NzlQTmlsbldYVmhKcmVUcGcrVXh0Tmw0amdITlFVV0IzZ0tQc3hCQlNYaUx4?= =?utf-8?B?dERNWWVvNWtERUlLWmROR3lRbGIvbXBCSmdKUHVmMkZNZ1BCMEV3eHYxZEZZ?= =?utf-8?B?OVVBU0Y2ano3RFI2SzZ6K0dlamRQamlKYmdYN2IzNE1aT0Y0SHVXcDJjcjF3?= =?utf-8?B?U05xOWxEN21ML1U0QlhQSDVDdVFyZTdnMFV4V2cvSER6dkZtcmw2QTk2TkF6?= =?utf-8?B?c0oxWGRBZFFjSWZsMDIvOGNMM0kySWZES2NRQXJmbW1LcWJ1WCtYN1BtZzVF?= =?utf-8?B?T0theVo1NVh5YjNDQnNPYmhSUmR4S0VyMUJkcDlEQUVtV2ZVWE12R0tRQUtK?= =?utf-8?B?MXdoNnRQWFhPT1JmTTJvaFlNRzFEa0JJbzNNaUN6ejc4OC9QZ0pHMHdzalZ3?= =?utf-8?B?TGhrTXFsR2xtLzRlSHdMYlBQZTR5MDBrY3RBVGpYWkt5RmtJbGM1VkNHa094?= =?utf-8?B?MFlmMG95eDNYOUhaZVV5cHNoRWZkaWxLOFcrNEVLRlQ1Zmd0Y282VDRDTDk2?= =?utf-8?B?djRTKzNBUm1sZkN3YmFYODVvMzc2Qlp6OCs4aWttTVdwT2Uyc0tndERxV2Vv?= =?utf-8?B?NHRnc1l0RjM0UTVwR1dONE9LaXdVMHlVaGg0a0UyNjF4WHFlU1VyejVOVnQv?= =?utf-8?B?UHQwNlpMenRlZXRIR2VVdlkxajJQcy9nckhhVkRhcGF6T0Vsa2NDVGR3STdF?= =?utf-8?B?SFN2MmVTRmJReGRGeVk1VHY0TDBxVUlIRUt2OWY5cFRSSXhLTGkrc3Examkv?= =?utf-8?B?TTJyaHhNTEhRanhvVFc2Qk9KZ21tT291YUtva05Ma3FYSEtBMEszc1dub2tH?= =?utf-8?B?ZE5ZbDdBb3IwaFJ3Q0ZNVnZqdFoxM3ZIcllxU0M1dUVkck5leVFVaTNzMlpk?= =?utf-8?B?a0E4Vk5rQ1NQTmxIbTRNa0k0V1MrL0pIZ0xoRlpWZjg4bDY1ZW9aeVI1VWZY?= =?utf-8?B?UTAxSy8wdFo3aSsxMSthRXJUQ1hoTzA1ZWNyTFdhdHpXejZ2ZXpaMkhHVkMz?= =?utf-8?B?cE52RWZDU1o2OTFPN05za3IrMURaWkpUNk5OaXpBMGpFbmlTQzZiQ3NhR08w?= =?utf-8?B?M3ZtcWZvc1FqWFRxMmsxVjhheFdBZmRyLzU5SU43ZzhTTW1RbGFQMVQzdmF1?= =?utf-8?B?SnRCSXNQZzIwM1ZocDJyUHozbUpPUUJDb0lRVU1KclA0eUxjM1dEM3BDK2Z5?= =?utf-8?B?UCtUcklDM202cWVIejNUZklkeTlNUDFLSWk2aXNlWWx2bXNVYWdaMEJ0SGpt?= =?utf-8?B?T2Q1d3o3ck1iY0V3NVZJWWpCeXM0MklCMDhXSXYzUWNsYW9GVklDeE9JeDEy?= =?utf-8?B?Y0ZwOFRJVkI4Mnp3Q0kybGo3UU9MWGZKU1JGdGM4bzdSU1RrRHVUZWxoL2FT?= =?utf-8?B?bFNiRGxsa0ZSTmJML1FvSVlWeVhlb0hQcUI0VzQ1MFE1QVBIWWxjcTZTTUFt?= =?utf-8?B?Tml6NUFSS0F4UFVzSDlnQnAyaFZIRVV5bWtXMDlkZGc4d2g5a1FtN3FZN2Y2?= =?utf-8?B?bmphL0ludm11VXlaakNqQWxrMUJWTWwwQ0hwMTI2SlVtdENwVThlT2l2V0c4?= =?utf-8?B?aWRUN2dSeU1IZHpSbEREaWlVejBZR29ISVhqM2xkb1hNdEIwTkVJMWF0RXY1?= =?utf-8?B?UHVSL0JGdnVjcE0rL2RLQkpVZGtuVjI2ajcxQk9KK1BaMGN2bFhQSDZMRUFT?= =?utf-8?B?VHp4UWNZelhQWU9RRXFzTUFZMTN6aExaYVJSdXJocXM1aXVCelpvSmNYN3VD?= =?utf-8?B?eTFZdjlGcjJPSXVZR0JITmhiVlIveWZ2eWJscFdSWlp6YktVdGxybEhPd2RH?= =?utf-8?B?OUdCWmVyYzk1Q0h0bEdBalc2SVdobXVGSEdsUkR5NHB5K0lXOE5UaVkyclpv?= =?utf-8?Q?cHtLq+zxm2nJW/p01NIDpBQL7nog2N0Sn8sDO62Ryxwru?= X-MS-Exchange-AntiSpam-MessageData-1: ZGhtgNKsNDr8Qg== X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: d4b51e39-487b-4276-705e-08de96dcac52 X-MS-Exchange-CrossTenant-AuthSource: BL0PR12MB2353.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Apr 2026 08:39:26.3007 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uqhw8uzh/wgllKrL5jhx3+y5CbRGfsMBhJt4tUIuqIe4t5F8EQOs6CN2MjLnwhaDc8h7KhN53FLwP0njnHqi3w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6861 Use checked access in `FwSecBiosImage::header` for getting the header version since the value is firmware derived. Fixes: 47c4846e4319 ("gpu: nova-core: vbios: Add support for FWSEC ucode ex= traction") Signed-off-by: Eliot Courtney Reviewed-by: Joel Fernandes --- drivers/gpu/nova-core/vbios.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/nova-core/vbios.rs b/drivers/gpu/nova-core/vbios.rs index 2b0dc1a9125d..3bd3ac3a69f2 100644 --- a/drivers/gpu/nova-core/vbios.rs +++ b/drivers/gpu/nova-core/vbios.rs @@ -995,14 +995,16 @@ pub(crate) fn header(&self) -> Result { // Get the falcon ucode offset that was found in setup_falcon_data. let falcon_ucode_offset =3D self.falcon_ucode_offset; =20 + let data =3D self.base.data.get(falcon_ucode_offset..).ok_or(EINVA= L)?; + // Read the first 4 bytes to get the version. - let hdr_bytes: [u8; 4] =3D self.base.data[falcon_ucode_offset..fal= con_ucode_offset + 4] + let hdr_bytes: [u8; 4] =3D data + .get(..4) + .ok_or(EINVAL)? .try_into() .map_err(|_| EINVAL)?; let hdr =3D u32::from_le_bytes(hdr_bytes); let ver =3D (hdr & 0xff00) >> 8; - - let data =3D self.base.data.get(falcon_ucode_offset..).ok_or(EINVA= L)?; match ver { 2 =3D> { let v2 =3D FalconUCodeDescV2::from_bytes_copy_prefix(data) --=20 2.53.0 From nobody Mon Jun 15 12:15:56 2026 Received: from CY7PR03CU001.outbound.protection.outlook.com (mail-westcentralusazon11010055.outbound.protection.outlook.com [40.93.198.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB1103AEF5C; Fri, 10 Apr 2026 08:39:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.93.198.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810375; cv=fail; b=WcldqWCzW0u4aUi2sITgIJRGaO9+kEAyrTrmyrk/vYljisRNqtfT/0ibfJd9oHjoOCgJCPnpoi3ZZVeE+OdJX3Vpg/lNRDfyxU1+PVf04pq6ByPv1iKMFF/H8DgMg3729m5SgWxsYV6NIgceTiCAexwxrgWPqS27lKtHXmn5Uw8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775810375; c=relaxed/simple; bh=fSTgYCPDsO3yq1tB9h1Z+zSMP4ORiNwytNmhmeIMtD8=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=giFnAcKaTRz776Cl/B8IMzTV3mreknBbPF+Vs4d6+n2qsA5crnwXJwraQ1OymyaEINBs5vxsT3PiMibFVVPMMeLeXfJRx4gYoAKLYBaWaQJdBlPisTJnoBkneoqBWsGIPuvCSFG9EUkcXsrmdbSO1yt/fCd3Iso8NYhMXJTafwI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=C5nskQIL; arc=fail smtp.client-ip=40.93.198.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="C5nskQIL" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=bzdn9h3mzmnGsaBC1eqhWMpqko7OYOu+10KOJ7ZCgv9nAJgqo9mLmty3XhqHF7qO6cHfUy7CQoHyMwwuZ3dxuSNd9ExbxGzVIBtWmuk350CgmuxeFVnVMeh9NoNpccqEzojrAkcPJjGKpNwHSf91WOqb0n58Fbr4CyrAkNNWTXowzTTbjgFFf/1mBQul6Sq/S3OfVYECCNNFNfJYq9VGAIt+2/UdORkOxGRPpy3EZQ9wTJfY8EaZpn3VT++CCOjT21BZWkLmkHHQQKUKFkZqurlxDo/31b/6uaHXpIF9yMjuLlXOkUex7uBTy/L+Qx0drZ8Qh0ZQOWuwHz6SSShTPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZRCh2daE8VDA8Se9OdsE0H6TIFWcBUKC7duXRLrCBDs=; b=YQibg452OxfASZC5nrJTg08E7OHVqiVk53oIRskrA+BuKQNbXbxSqZn0mwegrtL9qQtZxYuF5zluHtu0yUQD4ls1tohcUTPtsutaucvBS0q96MOQRrhUfuA/Ae3D2eoI0fEzOfnRSdbXBfRVCkwM3t5440MT55WxIn38YkiMGtkDOU7tJkql1LsgU+iodTPxcDfff93NeoT6EEnV4couDwA8Uj0AFJSepst8X9OQbBkH3a+WURKETtkJIf2eTFZQ+qOjw+L03/fjaKOWm7AeQ1OlEo1DIu/o0ypvFQifBXuseye/qn0ctwezdFgF0ZfaUuL+4XD6amWIFRhJDhNC9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZRCh2daE8VDA8Se9OdsE0H6TIFWcBUKC7duXRLrCBDs=; b=C5nskQIL53ssycLnRXLe6h//4dy6m6jsxDbEmr35ZFmhuw/2dgRN4Jv7zKhEaEJh3k8L0XizsJwiwSr58/5PAXSo0iiOkbfbc4jAiObvP53kn5zhM4yhd5E7gYI+mxmKqg0qay10LCoq55FpMTinfNJDli43F+droreCgmObaSV8+KbPMkCv5ZqnhceR1+2TO7E9d5WBoUSWSsA+csaySyFEHVI225NDRw0b8r8rnwj9Db3f1lk+Q/kKBdydhda9QLEhF1V/kZkKarYemf0efS+ubypIT8pDQf10+I01i9+WDQ1BYJym5K8uoIkPORNviH2+sX23vjZcltK0ZLBZQg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) by SN7PR12MB6861.namprd12.prod.outlook.com (2603:10b6:806:266::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.42; Fri, 10 Apr 2026 08:39:30 +0000 Received: from BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0]) by BL0PR12MB2353.namprd12.prod.outlook.com ([fe80::99b:dcff:8d6d:78e0%4]) with mapi id 15.20.9791.032; Fri, 10 Apr 2026 08:39:30 +0000 From: Eliot Courtney Date: Fri, 10 Apr 2026 17:38:54 +0900 Subject: [PATCH 5/5] gpu: nova-core: vbios: use checked ops and accesses in `FwSecBiosImage::ucode` Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260410-fix-vbios-v1-5-bc6f71d153d6@nvidia.com> References: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> In-Reply-To: <20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com> To: Danilo Krummrich , Alice Ryhl , Alexandre Courbot , David Airlie , Simona Vetter , Joel Fernandes Cc: John Hubbard , Alistair Popple , Timur Tabi , rust-for-linux@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Eliot Courtney X-Mailer: b4 0.15.1 X-ClientProxiedBy: TYCP286CA0079.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:2b3::17) To BL0PR12MB2353.namprd12.prod.outlook.com (2603:10b6:207:4c::31) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL0PR12MB2353:EE_|SN7PR12MB6861:EE_ X-MS-Office365-Filtering-Correlation-Id: 79844229-e85a-4680-1528-08de96dcaefa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|10070799003|18002099003|56012099003|22082099003; X-Microsoft-Antispam-Message-Info: 0PGmH6NTcXvhkb2BOS5i+/OPwkRVqILSQXXrY7hCTJcuQQQL3Piu/6EejKyT50MWAA0TW7iSvE11JOJHORBZDW7qOTh04kyBzuGm6AGqFWhRq/aHUl/gHPr4q7W5ZFssA6r9DKQ8QB1R/F6XiAzXglKM18EyO7Vd2zNeHhsg3f8ecaxT6b7XwxYM9npWFGaTI+oe0tamsSsnETiuJmRxD45xb6gjrx9C86VfCub0PLU59mMdnbs1VFu6Y30ZxjBAurlA3A0ificjpJzUcaMuz0N+BuP36nihDmdMwe6yYNfRgur3SDPnqIG/hsh7KfAnhbIpSfPICRMR4LWwx3Zp1m+cVk+sLWtmXu5dTZYwe9ArLUvQZ967/fXPifTeW6gvDsVkaTTCx0oqWd4XnhZTx6T+/U/XbQkEYl3nCozLVdJKn5u/ilY1Gp7z4HzLfgKk7Z5Su7vkkMLfZo5413RIYc6dBxhWWbFlKxB0qdnIO69gkxjnSDdsJyRQHgbW61iMt7u/gnY8tItIWjVXtf2oKMMRq5FkUgEAEUhI50svZq9mI7ZfP4mZcTIlkvcckLtpuq6i9gdk50DZYa7BJZ5sZJO1ziL+IJ+mwE3COpIP0tgl7AgYmYU/hdY3FxfaBZpNiLI98rGXZVgap2gBNs3yMWG9Uf921B5NsEJLA+5/Y30DVaYb+BOOlYV8Of81y8uFzu+WbZ2FFdcgFoKEliXezcg9iu8tmSV8/TlXZYTZEcM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL0PR12MB2353.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(10070799003)(18002099003)(56012099003)(22082099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RUEzWVUzQ3NhQnRzMlVnbDEzWGlKUVNBZ0IrQVUzRndPQ0JnTFROZkpqbkVT?= =?utf-8?B?enJwQUlvSk13SElTdU85RVBnSGZtYUtHNG5DQURqMkxNcEU4aGtWWHlVNmI2?= =?utf-8?B?QWVDZm80azI5QW5PNHg1S0lLNXhtMnRNWGUxZWR3amtIZkRQUHRBTEhON1RC?= =?utf-8?B?KzBWK3RYeTRycUpWOW9VdTJkZGJoZi8vUnUzOFFqNnlva2dQRm5JdDhvbE93?= =?utf-8?B?VTZqa3FDQmdUT2xGeUtDYU5tOC8wWmlDM2l5b0kwVHVJeXlJUmYvTWxrcGln?= =?utf-8?B?T0o3eG10NFplT1I0NUNLanJrVWVwSWk0R1FxQy93WVQybTU4ZzN6QW9saVVL?= =?utf-8?B?ZzcySVVFbFR1TG9oZHdtWjVHMGtKcUc5MldJWlRVemNLQ2luNzhBVG5vclhM?= =?utf-8?B?cmRNbWVZYkNjQ3lQM3JUTjljQ2VQR2EyYXNlMm9FQzVubmYzaFRqZHlZS1B6?= =?utf-8?B?QWlDaFJQQ1JsMUk2MjdmZjFYVWVtenVSckJTOXdSSWtnMXBVaHJiUytES3ds?= =?utf-8?B?QmMxdENPa29hZXBJL3NaNXRUSDljMjBSd3lVOTVBTGh5Y1E5ZU1DVW5Eb1RE?= =?utf-8?B?TUE4NTBaVnFqRFA5V01BTUpqRFl5dnJvL0VSZzcycW9Pbjl1WEhlTHg4VG41?= =?utf-8?B?TmsreWZ4YlNCeTQ4NnJ3cUN0WFpldDJKcmh2enJmUXprMmZuQ2pFZVROVHJZ?= =?utf-8?B?NzlWN2dlTEp1eGxaamY2eXRlRDMyYXF2aS9uUWl2NUM4Nk40MXVlakNsblc1?= =?utf-8?B?UGY1VU9nK1Q5U0pBTWdPcXUyM1NkaGV4MTc1NDVFcVM0aHp4cmZBM05YMCtG?= =?utf-8?B?ZGk3VXJIZGROSVZqOE93Z1RUUU5iRC9KeVpUSlBrcXZIYjk2MHN0Qk1IZkVN?= =?utf-8?B?dDhKS1JUaGt1eHpiZjhHVjZSOHpzVE1maHc1d2RwYUVoU1QvMVdkSlhOUHFa?= =?utf-8?B?L0xkWEd6YXlIMTAyRG0yUmNzaS9nU2o5L1ArbHdsQ21zWk9WT1NtNFlkZnNx?= =?utf-8?B?eW5CUUVzMFRlQTNZbk9uZUpJaVBzQ2M5RHRxRDdFYTNvazQrNjJUTEZXL3Y0?= =?utf-8?B?WENsUzBFZ1VNeXFDMC9GRFc2Z04ycnpjeGdtNW0rbTZxMUtKZU54Zmt5a3pG?= =?utf-8?B?QTV6YUFJM3ByRHRqZWwxdGR4QVZQMXkyb2dhVzZzU3JzNnR5ck10NTIxYlNn?= =?utf-8?B?TVZSSFE4TjVwWU5uK0xjSTRXU1ZNYUk2SzNieTBrVWJzd29VTXFtcFZ0dHNw?= =?utf-8?B?bEMxclg0eWZ0OWJNUjlEcW1DMWlqNys4TTlFV3RHMm1sNHFqcDlnelBFanRY?= =?utf-8?B?aTNPb0NMMWp5cXhpS1FjTUUzVGVTR1I3QTF2d2k3ME5WcTJKdExXY21FMEZF?= =?utf-8?B?cU1qd0UyMVptWjV5YXBGaDNzTFJEQlltMWcyYzZicUhzd1pqNUJoT0ltNFlD?= =?utf-8?B?REpyQXNYRnpvUjIyTkJ6cGdTeGZ4TjFhbEh2ZU9OQzZBa045eEE2NkR3Vkt3?= =?utf-8?B?STVSa3hHblJCY3ZBWTViWUFJc1VWcjVBTUV5VW1SemJlYmFLUno0TzVWdE4y?= =?utf-8?B?R2dNNDVDSGtWUDlQc3g4SGJzenJDWFZDQVc4T2RFQXFKeWUySm1nb1dadlJY?= =?utf-8?B?eWp1bnljTGZPdHowa2d2SmdYWHVibU84Q2czb3pkWHlBTDFFcnVQQ3lkNExq?= =?utf-8?B?a2F1S1FlOENnYThCTlFtTVhXRFdxN0M2WE04Zm9ZTzUzdFllUFhHZmlwRUFI?= =?utf-8?B?ekpDQTlnUzhLMWpmVEh0M2k3N09iZjFZa2NUVmptR3cxdDFQeWtYRzVyNTNn?= =?utf-8?B?bmpFN2ttakdhWFB5R1oyakV3T2h0dlJBblZwbzd4ajNTZmhtSEJ1T1pTR3pM?= =?utf-8?B?dVJzTWpWTktoVThFc0w5K3dZMm03UjJVakNYc25ZS1BWQnhHQm50bzFvNzF1?= =?utf-8?B?MjNmMzRPTTlMRWpKRHQyeHRTYmJxR1NKdS9reHd2VklndHdsMXREaEhVUnJk?= =?utf-8?B?TjJvNmVMVnJqMEdOeW0rK0dJNkdLRGJIQ0pKU2htTzY3TSs5QTFoK1BFbWhk?= =?utf-8?B?UUp6R2d6cEVCcFRmQm5EZzQ2eHlURGRDNVRPSHVoenZBNXVaWmloNUt2VVBH?= =?utf-8?B?Q3UvOE5hUm9uY3pxZUtDNEFZV1hRMm50bW1jM0lBVlJCeFNrSzFCUDh0Q0tB?= =?utf-8?B?blVudjFlSFZaWlJvWWZhWDNuMFAvTWJpaC9KTS9CQjVZdjVRL0tTTWdFYnVn?= =?utf-8?B?NmZJT2szckVNOWdiZWVhTjJpdUVNbG5rWU5QcERsc0Nuam9vR2swM1FaTFdL?= =?utf-8?B?MzJVemtqUHVTeHEzemFJOVpGc3dmQytlZVpGNThiYWswU1U1bU00U2dwbVlL?= =?utf-8?Q?AjR32G/wr0jKtRZ9N0AvoflCGo3Zi6DjzbgmPGR3K93d6?= X-MS-Exchange-AntiSpam-MessageData-1: 7wPlYkjuaUks2g== X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 79844229-e85a-4680-1528-08de96dcaefa X-MS-Exchange-CrossTenant-AuthSource: BL0PR12MB2353.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Apr 2026 08:39:30.8652 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ViHEBSHH5PAYaRc6dxEehv0GeO55wfDLnh0oQ5gsiae3YceX6xWtnij62YcHOToQZpBzVRQ5h/PX0ITbmhShsQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6861 Use checked arithmetic and access for extracting the microcode since the offsets are firmware derived. Fixes: 47c4846e4319 ("gpu: nova-core: vbios: Add support for FWSEC ucode ex= traction") Signed-off-by: Eliot Courtney Reviewed-by: Joel Fernandes , one comment below --- drivers/gpu/nova-core/vbios.rs | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/nova-core/vbios.rs b/drivers/gpu/nova-core/vbios.rs index 3bd3ac3a69f2..b509cd8407a5 100644 --- a/drivers/gpu/nova-core/vbios.rs +++ b/drivers/gpu/nova-core/vbios.rs @@ -1027,16 +1027,21 @@ pub(crate) fn header(&self) -> Result { =20 /// Get the ucode data as a byte slice pub(crate) fn ucode(&self, desc: &FalconUCodeDesc) -> Result<&[u8]> { - let falcon_ucode_offset =3D self.falcon_ucode_offset; - // The ucode data follows the descriptor. - let ucode_data_offset =3D falcon_ucode_offset + desc.size(); - let size =3D usize::from_safe_cast(desc.imem_load_size() + desc.dm= em_load_size()); + let data =3D self + .base + .data + .get(self.falcon_ucode_offset..) + .ok_or(ERANGE)?; + let size =3D usize::from_safe_cast( + desc.imem_load_size() + .checked_add(desc.dmem_load_size()) + .ok_or(ERANGE)?, + ); =20 // Get the data slice, checking bounds in a single operation. - self.base - .data - .get(ucode_data_offset..ucode_data_offset + size) + data.get(desc.size()..) + .and_then(|data| data.get(..size)) .ok_or(ERANGE) .inspect_err(|_| { dev_err!( --=20 2.53.0