All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alistair Popple <apopple@nvidia.com>
To: Eliot Courtney <ecourtney@nvidia.com>
Cc: Danilo Krummrich <dakr@kernel.org>,
	 Alexandre Courbot <acourbot@nvidia.com>,
	Alice Ryhl <aliceryhl@google.com>,
	 David Airlie <airlied@gmail.com>,
	Simona Vetter <simona@ffwll.ch>,
	 Benno Lossin <lossin@kernel.org>, Gary Guo <gary@garyguo.net>,
	John Hubbard <jhubbard@nvidia.com>,
	 Timur Tabi <ttabi@nvidia.com>,
	nova-gpu@lists.linux.dev, dri-devel@lists.freedesktop.org,
	 linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org
Subject: Re: [PATCH 01/13] gpu: nova-core: fsp: limit FSP receive message allocation size
Date: Tue, 16 Jun 2026 17:33:33 +1000	[thread overview]
Message-ID: <ajD7wnvZOxfXM7AX@nvdebian.thelocal> (raw)
In-Reply-To: <20260615-blackwell-fixes-v1-1-f2853e49ff7d@nvidia.com>

On 2026-06-16 at 00:40 +1000, Eliot Courtney <ecourtney@nvidia.com> wrote...
> Currently, the FSP receive message code will try to allocate whatever
> was sent without checking it at all. But the actual size allowed is
> limited to 1024 anyway, so discard any messages over that size as bogus.
> 
> Signed-off-by: Eliot Courtney <ecourtney@nvidia.com>

I've read through this and it seems reasonable to me, so:

Reviewed-by: Alistair Popple <apopple@nvidia.com>

> ---
>  drivers/gpu/nova-core/falcon/fsp.rs | 36 ++++++++++++++++++++++++------------
>  1 file changed, 24 insertions(+), 12 deletions(-)
> 
> diff --git a/drivers/gpu/nova-core/falcon/fsp.rs b/drivers/gpu/nova-core/falcon/fsp.rs
> index 52cdb84ef0e8..e7419a6e71e2 100644
> --- a/drivers/gpu/nova-core/falcon/fsp.rs
> +++ b/drivers/gpu/nova-core/falcon/fsp.rs
> @@ -35,6 +35,9 @@
>  /// FSP message timeout in milliseconds.
>  const FSP_MSG_TIMEOUT_MS: i64 = 2000;
>  
> +/// Size of the FSP EMEM channel 0 that we can use.
> +const FSP_EMEM_CHANNEL_0_SIZE: usize = 1024;
> +
>  /// Type specifying the `Fsp` falcon engine. Cannot be instantiated.
>  pub(crate) struct Fsp(());
>  
> @@ -149,23 +152,32 @@ pub(crate) fn send_msg(&mut self, bar: Bar0<'_>, packet: &[u8]) -> Result {
>      /// Returns `ETIMEDOUT` if no message was available until timeout, or a regular error code if a
>      /// memory allocation error occurred.
>      pub(crate) fn recv_msg(&mut self, bar: Bar0<'_>) -> Result<KVec<u8>> {
> -        let msg_size = read_poll_timeout(
> -            || Ok(self.poll_msgq(bar)),
> -            |&size| size > 0,
> -            Delta::from_millis(10),
> -            Delta::from_millis(FSP_MSG_TIMEOUT_MS),
> -        )
> -        .map(num::u32_as_usize)?;
> +        let result = (|| {
> +            let msg_size = read_poll_timeout(
> +                || Ok(self.poll_msgq(bar)),
> +                |&size| size > 0,
> +                Delta::from_millis(10),
> +                Delta::from_millis(FSP_MSG_TIMEOUT_MS),
> +            )
> +            .map(num::u32_as_usize)?;
>  
> -        let mut buffer = KVec::<u8>::new();
> -        buffer.resize(msg_size, 0, GFP_KERNEL)?;
> +            // Don't blindly allocate more than the maximum we expect from FSP.
> +            if msg_size > FSP_EMEM_CHANNEL_0_SIZE {
> +                return Err(EIO);
> +            }
>  
> -        self.read_emem(bar, &mut buffer)?;
> +            let mut buffer = KVec::<u8>::new();
> +            buffer.resize(msg_size, 0, GFP_KERNEL)?;
>  
> -        // Reset message queue pointers after reading.
> +            self.read_emem(bar, &mut buffer)?;
> +
> +            Ok(buffer)
> +        })();
> +
> +        // Reset the message queue pointers regardless of outcome.
>          bar.write(Array::at(0), regs::NV_PFSP_MSGQ_TAIL::zeroed().with_val(0));
>          bar.write(Array::at(0), regs::NV_PFSP_MSGQ_HEAD::zeroed().with_val(0));
>  
> -        Ok(buffer)
> +        result
>      }
>  }
> 
> -- 
> 2.54.0
> 

  parent reply	other threads:[~2026-06-16  7:33 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-15 14:40 [PATCH 00/13] gpu: nova-core: blackwell follow-ups and fixes Eliot Courtney
2026-06-15 14:40 ` [PATCH 01/13] gpu: nova-core: fsp: limit FSP receive message allocation size Eliot Courtney
2026-06-15 17:11   ` Gary Guo
2026-06-16  7:33   ` Alistair Popple [this message]
2026-06-15 14:40 ` [PATCH 02/13] gpu: nova-core: fsp: catch bogus queue pointer issues Eliot Courtney
2026-06-15 17:15   ` Gary Guo
2026-06-16  7:57     ` Alistair Popple
2026-06-16 10:57       ` Gary Guo
2026-06-15 14:40 ` [PATCH 03/13] gpu: nova-core: fsp: try to enforce exclusive access to FSP channel Eliot Courtney
2026-06-15 17:16   ` Gary Guo
2026-06-15 14:40 ` [PATCH 04/13] gpu: nova-core: falcon: gsp: move PRIV target mask constants Eliot Courtney
2026-06-15 17:17   ` Gary Guo
2026-06-16  8:02   ` Alistair Popple
2026-06-15 14:40 ` [PATCH 05/13] gpu: nova-core: gsp: keep FMC boot params DMA region alive during error Eliot Courtney
2026-06-15 17:23   ` Gary Guo
2026-06-15 14:40 ` [PATCH 06/13] gpu: nova-core: fsp: move FMC firmware loading into wait_secure_boot Eliot Courtney
2026-06-15 17:24   ` Gary Guo
2026-06-15 14:40 ` [PATCH 07/13] gpu: nova-core: gsp: ensure lifetime for FMC boot DMA allocations Eliot Courtney
2026-06-15 14:40 ` [PATCH 08/13] gpu: nova-core: gsp: ensure LibOS DMA allocation lives long enough Eliot Courtney
2026-06-15 14:40 ` [PATCH 09/13] gpu: nova-core: wait for FSP boot earlier Eliot Courtney
2026-06-15 14:40 ` [PATCH 10/13] gpu: nova-core: split FbLayout into FSP and non-FSP versions Eliot Courtney
2026-06-15 14:40 ` [PATCH 11/13] gpu: nova-core: correct FRTS vidmem offset calculation Eliot Courtney
2026-06-15 14:40 ` [PATCH 12/13] gpu: nova-core: rename heap size field Eliot Courtney
2026-06-15 14:40 ` [PATCH 13/13] gpu: nova-core: return non-WPR heap size as u64 from HALs Eliot Courtney

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ajD7wnvZOxfXM7AX@nvdebian.thelocal \
    --to=apopple@nvidia.com \
    --cc=acourbot@nvidia.com \
    --cc=airlied@gmail.com \
    --cc=aliceryhl@google.com \
    --cc=dakr@kernel.org \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=ecourtney@nvidia.com \
    --cc=gary@garyguo.net \
    --cc=jhubbard@nvidia.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lossin@kernel.org \
    --cc=nova-gpu@lists.linux.dev \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=simona@ffwll.ch \
    --cc=ttabi@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.