We have some code that accesses arrays based on values from firmware.
This patch series makes a bunch of those accesses more robust. This
series only touches accesses that are not guaranteed to be safe by local
invariants - some accesses are safe due to earlier checks and I haven't
modified those.

This series also refactors and removes some code that can be simplified.
In particular, it removes `FwSecBiosBuilder`, removes unused fields,
and moves type and constant definitions closer to their usages.

Signed-off-by: Eliot Courtney <ecourtney@nvidia.com>
---
Changes in v5:
- Remove "two fwsec image" logic, instead build contiguous fwsec block
- Extra patch to remove unused `rom_header` member
- Remove no longer useful debug logging
- Also moved IFR register defs into fn and removed pub(crate) (forgot
  to do this before)
- Link to v4: https://patch.msgid.link/20260519-fix-vbios-v4-0-5d3f210c5602@nvidia.com

Changes in v4:
- Split BIOS_MAX_SCAN_LEN patch into multiple per review comments
- Consolidate bios max scan length checking
- Convert more structs to use FromBytes since we assume little endian
- Remove unused PciRomHeader fields
- Drop unused types / imports
- Move constants+helpers closer to usage locations
- Link to v3: https://patch.msgid.link/20260421-fix-vbios-v3-0-8f648aef7a85@nvidia.com

Changes in v3:
- Use first PCI-AT and FWSEC images instead of erroring.
- Expand commit messages.
- Add Joel's Reviewed-by's (thanks!)
- Link to v2: https://patch.msgid.link/20260414-fix-vbios-v2-0-705d30d16bba@nvidia.com

Changes in v2:
- Add Joel's reviewed-by tags.
- Remove unnecessary code like `falcon_data_offset` from
  `FwSecBiosBuilder`
- Push offset handling into `falcon_data_ptr` (renamed)
- Simplify `setup_falcon_data`
- Add checking for spurious PCI-AT and FWSEC images.
- Remove `FwSecBiosBuilder`
- Link to v1: https://patch.msgid.link/20260410-fix-vbios-v1-0-bc6f71d153d6@nvidia.com

---
Eliot Courtney (22):
      gpu: nova-core: vbios: stop scanning at BIOS_MAX_SCAN_LEN
      gpu: nova-core: vbios: use checked arithmetic for bios image range end
      gpu: nova-core: vbios: avoid reading too far in read_more_at_offset
      gpu: nova-core: vbios: read BitToken using FromBytes
      gpu: nova-core: vbios: use checked ops and accesses in `FwSecBiosImage::ucode`
      gpu: nova-core: vbios: use checked access in `FwSecBiosImage::header`
      gpu: nova-core: vbios: use checked accesses in `setup_falcon_data`
      gpu: nova-core: vbios: drop unused falcon_data_offset from FwSecBiosBuilder
      gpu: nova-core: vbios: keep PmuLookupTable local in setup_falcon_data
      gpu: nova-core: vbios: compute FWSEC-relative Falcon data offset
      gpu: nova-core: vbios: simplify setup_falcon_data
      gpu: nova-core: vbios: read PMU lookup entries using FromBytes
      gpu: nova-core: vbios: store PMU lookup entries in a KVVec
      gpu: nova-core: vbios: construct `FwSecBiosImage` directly from BIOS images
      gpu: nova-core: vbios: use the first PCI-AT image
      gpu: nova-core: vbios: use single logical block for the FWSEC section
      gpu: nova-core: vbios: use let-else in Vbios::new
      gpu: nova-core: vbios: remove unnecessary fields in PciRomHeader
      gpu: nova-core: vbios: drop unused image wrappers
      gpu: nova-core: vbios: drop redundant TryFrom import
      gpu: nova-core: vbios: move constants and functions to be associated
      gpu: nova-core: vbios: remove unused rom_header field

 Documentation/gpu/nova/core/vbios.rst |   2 +-
 drivers/gpu/nova-core/vbios.rs        | 701 +++++++++++++---------------------
 2 files changed, 268 insertions(+), 435 deletions(-)
---
base-commit: 8bfe9d72cf2064f679c4192dba84be79eb70675d
change-id: 20260409-fix-vbios-d668e9c21d23

Best regards,
--  
Eliot Courtney <ecourtney@nvidia.com>

On Mon May 25, 2026 at 10:57 PM JST, Eliot Courtney wrote:
> We have some code that accesses arrays based on values from firmware.
> This patch series makes a bunch of those accesses more robust. This
> series only touches accesses that are not guaranteed to be safe by local
> invariants - some accesses are safe due to earlier checks and I haven't
> modified those.
>
> This series also refactors and removes some code that can be simplified.
> In particular, it removes `FwSecBiosBuilder`, removes unused fields,
> and moves type and constant definitions closer to their usages.
>
> Signed-off-by: Eliot Courtney <ecourtney@nvidia.com>

A little bit after the party, but as requested:

Tested-by: Alexandre Courbot <acourbot@nvidia.com>

(made sure probe succeeded on Turing/Ampere/Blackwell).

On Mon, 25 May 2026 22:57:18 +0900, Eliot Courtney wrote:
> [PATCH v5 00/22] gpu: nova-core: vbios: harden various array accesses and refactor

Applied, thanks!

  Branch: drm-rust-next
  Tree:   https://gitlab.freedesktop.org/drm/rust/kernel.git

[1/22] gpu: nova-core: vbios: stop scanning at BIOS_MAX_SCAN_LEN
      commit: fc7c1054b6f9
[2/22] gpu: nova-core: vbios: use checked arithmetic for bios image range end
      commit: 7a1d09e477b6
[3/22] gpu: nova-core: vbios: avoid reading too far in read_more_at_offset
      commit: 33f1402bcfa6
[4/22] gpu: nova-core: vbios: read BitToken using FromBytes
      commit: 237c252be0db
[5/22] gpu: nova-core: vbios: use checked ops and accesses in `FwSecBiosImage::ucode`
      commit: 7c62d0b00652
[6/22] gpu: nova-core: vbios: use checked access in `FwSecBiosImage::header`
      commit: 25ad950b4ee3
[7/22] gpu: nova-core: vbios: use checked accesses in `setup_falcon_data`
      commit: 051ae1b21ff7
[8/22] gpu: nova-core: vbios: drop unused falcon_data_offset from FwSecBiosBuilder
      commit: 56f7c0b3800e
[9/22] gpu: nova-core: vbios: keep PmuLookupTable local in setup_falcon_data
      commit: 8cf15cf2641b
[10/22] gpu: nova-core: vbios: compute FWSEC-relative Falcon data offset
      commit: b2a48fc068ea
[11/22] gpu: nova-core: vbios: simplify setup_falcon_data
      commit: 99e110a36885
[12/22] gpu: nova-core: vbios: read PMU lookup entries using FromBytes
      commit: c22095fddad7
[13/22] gpu: nova-core: vbios: store PMU lookup entries in a KVVec
      commit: 620e7ac19664
[14/22] gpu: nova-core: vbios: construct `FwSecBiosImage` directly from BIOS images
      commit: 7e545bed7b1a
[15/22] gpu: nova-core: vbios: use the first PCI-AT image
      commit: 433730a61f13
[16/22] gpu: nova-core: vbios: use single logical block for the FWSEC section
      commit: 43e7bef8c054
[17/22] gpu: nova-core: vbios: use let-else in Vbios::new
      commit: e8baefdffd4e
[18/22] gpu: nova-core: vbios: remove unnecessary fields in PciRomHeader
      commit: 84eb369da613
[19/22] gpu: nova-core: vbios: drop unused image wrappers
      commit: 91a8ec505e09
[20/22] gpu: nova-core: vbios: drop redundant TryFrom import
      commit: 16c41263240e
[21/22] gpu: nova-core: vbios: move constants and functions to be associated
      commit: c70fe8b2bacf
[22/22] gpu: nova-core: vbios: remove unused rom_header field
      commit: 2cf1840b0fa7

The patches will appear in the next linux-next integration (typically within 24
hours on weekdays).

The patches are queued up for the upcoming merge window for the next major
kernel release.

On Mon May 25, 2026 at 3:57 PM CEST, Eliot Courtney wrote:
> We have some code that accesses arrays based on values from firmware.
> This patch series makes a bunch of those accesses more robust. This
> series only touches accesses that are not guaranteed to be safe by local
> invariants - some accesses are safe due to earlier checks and I haven't
> modified those.
>
> This series also refactors and removes some code that can be simplified.
> In particular, it removes `FwSecBiosBuilder`, removes unused fields,
> and moves type and constant definitions closer to their usages.
>
> Signed-off-by: Eliot Courtney <ecourtney@nvidia.com>

Going to pick this up now, everything else should be easy to follow up
subsequently.

Thanks,
Danilo