From: Joel Fernandes <joelagnelf@nvidia.com>
To: Dirk Behme <dirk.behme@gmail.com>
Cc: linux-kernel@vger.kernel.org,
"Danilo Krummrich" <dakr@kernel.org>,
"Alexandre Courbot" <acourbot@nvidia.com>,
"Alice Ryhl" <aliceryhl@google.com>,
"Simona Vetter" <simona@ffwll.ch>,
"Alistair Popple" <apopple@nvidia.com>,
"Zhi Wang" <zhiw@nvidia.com>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Bj��rn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
nouveau@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
rust-for-linux@vger.kernel.org
Subject: Re: [PATCH v1 1/5] gpu: nova-core: use checked arithmetic in FWSEC firmware parsing
Date: Sun, 25 Jan 2026 10:13:27 -0500 [thread overview]
Message-ID: <1769354007.1899374.21094@nvidia.com> (raw)
In-Reply-To: <8d930ac7-11b1-437b-be18-7a785f20a72f@gmail.com>
On Jan 25, 2026, at 4:09 AM, Dirk Behme <dirk.behme@gmail.com> wrote:
>
> Hi Joel,
>
> On 25.01.26 00:18, Joel Fernandes wrote:
>> Use checked_add() and checked_mul() when computing offsets from
>> firmware-provided values in new_fwsec().
>>
>> Without checked arithmetic, corrupt firmware could cause integer overflow. The
>> danger is not just wrapping to a huge value, but potentially wrapping to a
>> small plausible offset that passes validation yet accesses entirely wrong data,
>> causing silent corruption or security issues.
>>
>> Signed-off-by: Joel Fernandes <joelagnelf@nvidia.com>
>> ---
>> drivers/gpu/nova-core/firmware/fwsec.rs | 60 ++++++++++++++-----------
>> 1 file changed, 35 insertions(+), 25 deletions(-)
>>
>> diff --git a/drivers/gpu/nova-core/firmware/fwsec.rs b/drivers/gpu/nova-core/firmware/fwsec.rs
>> index a8ec08a500ac..1a91bbbce3d5 100644
>> --- a/drivers/gpu/nova-core/firmware/fwsec.rs
>> +++ b/drivers/gpu/nova-core/firmware/fwsec.rs
>> @@ -46,10 +46,7 @@
> ...
>> @@ -356,8 +362,12 @@ pub(crate) fn new(
>> // Patch signature if needed.
>> let desc = bios.fwsec_image().header()?;
>> let ucode_signed = if desc.signature_count() != 0 {
>> - let sig_base_img =
>> - usize::from_safe_cast(desc.imem_load_size() + desc.pkc_data_offset());
>> + // Compute sig_base_img = desc.imem_load_size + desc.pkc_data_offset.
>
> Nit: Drop `desc.` to make it consistent with the other comments.
Ok, thanks. I request anyone applying the patch to fix that on apply, but I can
totally do that if respinning/resending.
--
Joel Fernandes
WARNING: multiple messages have this Message-ID (diff)
From: Joel Fernandes <joelagnelf@nvidia.com>
To: Dirk Behme <dirk.behme@gmail.com>
Cc: <linux-kernel@vger.kernel.org>,
Danilo Krummrich <dakr@kernel.org>,
Alexandre Courbot <acourbot@nvidia.com>,
Alice Ryhl <aliceryhl@google.com>,
David Airlie <airlied@gmail.com>, Simona Vetter <simona@ffwll.ch>,
John Hubbard <jhubbard@nvidia.com>,
Alistair Popple <apopple@nvidia.com>,
Timur Tabi <ttabi@nvidia.com>, Edwin Peer <epeer@nvidia.com>,
Zhi Wang <zhiw@nvidia.com>, Bjorn Helgaas <bhelgaas@google.com>,
Miguel Ojeda <ojeda@kernel.org>,
Alex Gaynor <alex.gaynor@gmail.com>,
Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>,
Björn Roy Baron <bjorn3_gh@protonmail.com>,
Benno Lossin <lossin@kernel.org>,
Andreas Hindborg <a.hindborg@kernel.org>,
Trevor Gross <tmgross@umich.edu>, <nouveau@lists.freedesktop.org>,
<dri-devel@lists.freedesktop.org>,
<rust-for-linux@vger.kernel.org>
Subject: Re: [PATCH v1 1/5] gpu: nova-core: use checked arithmetic in FWSEC firmware parsing
Date: Sun, 25 Jan 2026 10:13:27 -0500 [thread overview]
Message-ID: <1769354007.1899374.21094@nvidia.com> (raw)
In-Reply-To: <8d930ac7-11b1-437b-be18-7a785f20a72f@gmail.com>
On Jan 25, 2026, at 4:09 AM, Dirk Behme <dirk.behme@gmail.com> wrote:
>
> Hi Joel,
>
> On 25.01.26 00:18, Joel Fernandes wrote:
>> Use checked_add() and checked_mul() when computing offsets from
>> firmware-provided values in new_fwsec().
>>
>> Without checked arithmetic, corrupt firmware could cause integer overflow. The
>> danger is not just wrapping to a huge value, but potentially wrapping to a
>> small plausible offset that passes validation yet accesses entirely wrong data,
>> causing silent corruption or security issues.
>>
>> Signed-off-by: Joel Fernandes <joelagnelf@nvidia.com>
>> ---
>> drivers/gpu/nova-core/firmware/fwsec.rs | 60 ++++++++++++++-----------
>> 1 file changed, 35 insertions(+), 25 deletions(-)
>>
>> diff --git a/drivers/gpu/nova-core/firmware/fwsec.rs b/drivers/gpu/nova-core/firmware/fwsec.rs
>> index a8ec08a500ac..1a91bbbce3d5 100644
>> --- a/drivers/gpu/nova-core/firmware/fwsec.rs
>> +++ b/drivers/gpu/nova-core/firmware/fwsec.rs
>> @@ -46,10 +46,7 @@
> ...
>> @@ -356,8 +362,12 @@ pub(crate) fn new(
>> // Patch signature if needed.
>> let desc = bios.fwsec_image().header()?;
>> let ucode_signed = if desc.signature_count() != 0 {
>> - let sig_base_img =
>> - usize::from_safe_cast(desc.imem_load_size() + desc.pkc_data_offset());
>> + // Compute sig_base_img = desc.imem_load_size + desc.pkc_data_offset.
>
> Nit: Drop `desc.` to make it consistent with the other comments.
Ok, thanks. I request anyone applying the patch to fix that on apply, but I can
totally do that if respinning/resending.
--
Joel Fernandes
next prev parent reply other threads:[~2026-01-25 15:15 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-24 23:18 [PATCH v1 0/5] gpu: nova-core: use checked arithmetic for firmware parsing robustness Joel Fernandes
2026-01-24 23:18 ` Joel Fernandes
2026-01-24 23:18 ` Joel Fernandes
2026-01-24 23:18 ` [PATCH v1 1/5] gpu: nova-core: use checked arithmetic in FWSEC firmware parsing Joel Fernandes
2026-01-24 23:18 ` Joel Fernandes
2026-01-25 9:09 ` Dirk Behme
2026-01-25 9:09 ` Dirk Behme
2026-01-25 15:13 ` Joel Fernandes [this message]
2026-01-25 15:13 ` Joel Fernandes
2026-01-24 23:18 ` [PATCH v1 2/5] gpu: nova-core: use checked arithmetic in Booter signature parsing Joel Fernandes
2026-01-24 23:18 ` Joel Fernandes
2026-01-26 8:08 ` Zhi Wang
2026-01-26 8:08 ` Zhi Wang
2026-01-26 11:00 ` Joel Fernandes
2026-01-26 11:00 ` Joel Fernandes
2026-01-24 23:18 ` [PATCH v1 3/5] gpu: nova-core: use checked arithmetic in frombytes_at helper Joel Fernandes
2026-01-24 23:18 ` Joel Fernandes
2026-01-26 8:00 ` Zhi Wang
2026-01-26 8:00 ` Zhi Wang
2026-01-24 23:18 ` [PATCH v1 4/5] gpu: nova-core: use checked arithmetic in BinFirmware::data Joel Fernandes
2026-01-24 23:18 ` Joel Fernandes
2026-01-26 8:01 ` Zhi Wang
2026-01-26 8:01 ` Zhi Wang
2026-01-24 23:18 ` [PATCH v1 5/5] gpu: nova-core: use checked arithmetic in RISC-V firmware parsing Joel Fernandes
2026-01-24 23:18 ` Joel Fernandes
2026-01-24 23:18 ` Joel Fernandes
2026-01-26 8:01 ` Zhi Wang
2026-01-26 8:01 ` Zhi Wang
2026-01-26 8:01 ` Zhi Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1769354007.1899374.21094@nvidia.com \
--to=joelagnelf@nvidia.com \
--cc=a.hindborg@kernel.org \
--cc=acourbot@nvidia.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=apopple@nvidia.com \
--cc=bhelgaas@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=dirk.behme@gmail.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=nouveau@lists.freedesktop.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=simona@ffwll.ch \
--cc=tmgross@umich.edu \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.