From: sashiko-bot@kernel.org
To: "John Hubbard" <jhubbard@nvidia.com>,
"Alexandre Courbot" <acourbot@nvidia.com>,
"Danilo Krummrich" <dakr@kernel.org>
Cc: "Alex Gaynor" <alex.gaynor@gmail.com>,
"Timur Tabi" <ttabi@nvidia.com>,
"Shashank Sharma" <shashanks@nvidia.com>,
"Gary Guo" <gary@garyguo.net>, "Benno Lossin" <lossin@kernel.org>,
"David Airlie" <airlied@gmail.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
nova-gpu@lists.linux.dev, LKML <linux-kernel@vger.kernel.org>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"John Hubbard" <jhubbard@nvidia.com>,
"Simona Vetter" <simona@ffwll.ch>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Eliot Courtney" <ecourtney@nvidia.com>,
"Alexandre Courbot" <acourbot@nvidia.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alistair Popple" <apopple@nvidia.com>,
"Zhi Wang" <zhiw@nvidia.com>, "Miguel Ojeda" <ojeda@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Danilo Krummrich" <dakr@kernel.org>
Subject: Re: [PATCH v12 13/22] gpu: nova-core: Hopper/Blackwell: add FMC signature extraction
Date: Tue, 02 Jun 2026 03:32:10 +0000 [thread overview]
Message-ID: <20260602033211.479711F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260602032111.224790-14-jhubbard@nvidia.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] The patch uses `field: expr` instead of `field <- expr` inside `init!`, violating Rust subsystem guidelines and defeating the goal of avoiding stack allocation.
--
commit 7149f8afdf16eef886b0d72d3c2139493024923e
Author: John Hubbard <jhubbard@nvidia.com>
gpu: nova-core: Hopper/Blackwell: add FMC signature extraction
This commit extracts the SHA-384 hash, RSA public key, and RSA signature
from FMC ELF32 firmware sections. The signatures are stored in a
heap-allocated structure used for FSP Chain of Trust verification.
> diff --git a/drivers/gpu/nova-core/firmware/fsp.rs b/drivers/gpu/nova-core/firmware/fsp.rs
> index 011be1e571c25..db61905eac9de 100644
> --- a/drivers/gpu/nova-core/firmware/fsp.rs
> +++ b/drivers/gpu/nova-core/firmware/fsp.rs
[ ... ]
> @@ -41,7 +63,73 @@ pub(crate) fn new(
>
> Ok(Self {
> fmc_image,
> - fmc_elf: fw,
> + fmc_sigs: Self::extract_fmc_signatures(&fw, dev)?,
> })
> }
> +
> + /// Extract FMC firmware signatures for Chain of Trust verification.
[ ... ]
> + // Initialize the signatures in place to avoid building the large `FmcSignatures` on the
> + // stack, then fill each section from the firmware.
> + let signatures = KBox::init(
> + init!(FmcSignatures {
> + hash384: [0; _],
> + public_key: [0; _],
> + signature: [0; _],
> + })
[Severity: Medium]
Does this init! block allocate these arrays on the stack before moving them
to the heap?
According to the Rust subsystem coding guidelines, fields that require in-place
initialization should use the `field <- expr` syntax rather than `field: expr`.
Because `hash384: [0; _]` and the other fields use the colon syntax, the
arrays (which are up to 384 bytes each) might be evaluated as temporaries on
the stack, which defeats the goal mentioned in the comment above.
Could these be updated to use the in-place initialization syntax, such as
`hash384 <- kernel::init::zeroed()` or similar?
> + .chain(|sigs| {
> + // PANIC: src and dst lengths are both FSP_HASH_SIZE (verified above).
> + sigs.hash384.copy_from_slice(hash_section);
> + // PANIC: dst is sliced to src.len(); src.len() <= FSP_PKEY_SIZE per `get_section`.
> + sigs.public_key[..pkey_section.len()].copy_from_slice(pkey_section);
> + // PANIC: dst is sliced to src.len(); src.len() <= FSP_SIG_SIZE per `get_section`.
> + sigs.signature[..sig_section.len()].copy_from_slice(sig_section);
> + Ok(())
> + }),
> + GFP_KERNEL,
> + )?;
> +
> + Ok(signatures)
> + }
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260602032111.224790-1-jhubbard@nvidia.com?part=13
next prev parent reply other threads:[~2026-06-02 3:32 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-02 3:20 [PATCH v12 00/22] gpu: nova-core: firmware: Hopper/Blackwell support John Hubbard
2026-06-02 3:20 ` [PATCH v12 01/22] gpu: nova-core: set DMA mask width based on GPU architecture John Hubbard
2026-06-02 6:40 ` Eliot Courtney
2026-06-02 3:20 ` [PATCH v12 02/22] gpu: nova-core: Hopper/Blackwell: new location for PCI config mirror John Hubbard
2026-06-02 3:20 ` [PATCH v12 03/22] gpu: nova-core: Blackwell: compute PMU-reserved framebuffer size John Hubbard
2026-06-02 3:20 ` [PATCH v12 04/22] gpu: nova-core: Hopper/Blackwell: larger non-WPR heap John Hubbard
2026-06-02 3:20 ` [PATCH v12 05/22] gpu: nova-core: Hopper/Blackwell: larger WPR2 (GSP) heap John Hubbard
2026-06-02 3:20 ` [PATCH v12 06/22] gpu: nova-core: Blackwell: use correct sysmem flush registers John Hubbard
2026-06-02 3:30 ` sashiko-bot
2026-06-02 8:00 ` Alexandre Courbot
2026-06-02 7:12 ` Eliot Courtney
2026-06-02 8:26 ` Alexandre Courbot
2026-06-02 3:20 ` [PATCH v12 07/22] gpu: nova-core: don't assume 64-bit firmware images John Hubbard
2026-06-02 3:20 ` [PATCH v12 08/22] gpu: nova-core: add support for 32-bit " John Hubbard
2026-06-02 3:20 ` [PATCH v12 09/22] gpu: nova-core: add auto-detection of 32-bit, 64-bit " John Hubbard
2026-06-02 3:20 ` [PATCH v12 10/22] gpu: nova-core: Hopper/Blackwell: add FSP falcon engine stub John Hubbard
2026-06-02 6:50 ` Eliot Courtney
2026-06-02 3:20 ` [PATCH v12 11/22] gpu: nova-core: Hopper/Blackwell: add FMC firmware image John Hubbard
2026-06-02 7:18 ` Eliot Courtney
2026-06-02 3:21 ` [PATCH v12 12/22] gpu: nova-core: Hopper/Blackwell: add FSP secure boot completion waiting John Hubbard
2026-06-02 7:56 ` Eliot Courtney
2026-06-02 8:22 ` Alexandre Courbot
2026-06-02 3:21 ` [PATCH v12 13/22] gpu: nova-core: Hopper/Blackwell: add FMC signature extraction John Hubbard
2026-06-02 3:32 ` sashiko-bot [this message]
2026-06-02 7:56 ` Alexandre Courbot
2026-06-02 8:11 ` Eliot Courtney
2026-06-02 8:28 ` Alexandre Courbot
2026-06-03 0:04 ` Timur Tabi
2026-06-03 0:20 ` Alexandre Courbot
2026-06-03 3:09 ` Timur Tabi
2026-06-03 3:53 ` John Hubbard
2026-06-02 3:21 ` [PATCH v12 14/22] gpu: nova-core: Hopper/Blackwell: add FSP falcon EMEM operations John Hubbard
2026-06-02 11:42 ` Eliot Courtney
2026-06-02 14:55 ` Alexandre Courbot
2026-06-02 15:02 ` Alexandre Courbot
2026-06-02 3:21 ` [PATCH v12 15/22] gpu: nova-core: Hopper/Blackwell: add FSP message infrastructure John Hubbard
2026-06-02 3:33 ` sashiko-bot
2026-06-03 1:14 ` Alexandre Courbot
2026-06-03 1:41 ` Eliot Courtney
2026-06-02 12:21 ` Eliot Courtney
2026-06-03 1:34 ` Alexandre Courbot
2026-06-03 4:49 ` Eliot Courtney
2026-06-03 5:00 ` Alexandre Courbot
2026-06-03 1:00 ` Alexandre Courbot
2026-06-02 3:21 ` [PATCH v12 16/22] gpu: nova-core: add MCTP/NVDM protocol types for firmware communication John Hubbard
2026-06-02 5:36 ` sashiko-bot
2026-06-03 2:41 ` Alexandre Courbot
2026-06-02 12:53 ` Eliot Courtney
2026-06-02 3:21 ` [PATCH v12 17/22] gpu: nova-core: Hopper/Blackwell: add FSP send/receive messaging John Hubbard
2026-06-02 3:35 ` sashiko-bot
2026-06-02 3:21 ` [PATCH v12 18/22] gpu: nova-core: Hopper/Blackwell: select FSP Chain of Trust version John Hubbard
2026-06-02 12:55 ` Eliot Courtney
2026-06-02 3:21 ` [PATCH v12 19/22] gpu: nova-core: Hopper/Blackwell: add FSP Chain of Trust boot John Hubbard
2026-06-02 3:40 ` sashiko-bot
2026-06-03 5:23 ` Alexandre Courbot
2026-06-03 5:19 ` Alexandre Courbot
2026-06-02 3:21 ` [PATCH v12 20/22] gpu: nova-core: Hopper/Blackwell: add GSP lockdown release polling John Hubbard
2026-06-02 3:38 ` sashiko-bot
2026-06-03 5:45 ` Alexandre Courbot
2026-06-02 3:21 ` [PATCH v12 21/22] gpu: nova-core: add non-sec2 unload path John Hubbard
2026-06-02 3:21 ` [PATCH v12 22/22] gpu: nova-core: gsp: enable FSP boot path John Hubbard
2026-06-02 3:38 ` sashiko-bot
2026-06-02 12:38 ` [PATCH v12 00/22] gpu: nova-core: firmware: Hopper/Blackwell support Danilo Krummrich
2026-06-02 13:37 ` Alexandre Courbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260602033211.479711F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=acourbot@nvidia.com \
--cc=airlied@gmail.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=apopple@nvidia.com \
--cc=bhelgaas@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=ecourtney@nvidia.com \
--cc=gary@garyguo.net \
--cc=jhubbard@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=nova-gpu@lists.linux.dev \
--cc=ojeda@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=shashanks@nvidia.com \
--cc=simona@ffwll.ch \
--cc=tmgross@umich.edu \
--cc=ttabi@nvidia.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox