From: "Eliot Courtney" <ecourtney@nvidia.com>
To: "Joel Fernandes" <joelagnelf@nvidia.com>,
"Eliot Courtney" <ecourtney@nvidia.com>,
"Danilo Krummrich" <dakr@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Alexandre Courbot" <acourbot@nvidia.com>,
"David Airlie" <airlied@gmail.com>,
"Simona Vetter" <simona@ffwll.ch>
Cc: "John Hubbard" <jhubbard@nvidia.com>,
"Alistair Popple" <apopple@nvidia.com>,
"Timur Tabi" <ttabi@nvidia.com>, <rust-for-linux@vger.kernel.org>,
<dri-devel@lists.freedesktop.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 5/5] gpu: nova-core: vbios: use checked ops and accesses in `FwSecBiosImage::ucode`
Date: Mon, 13 Apr 2026 15:20:37 +0900 [thread overview]
Message-ID: <DHRT5WO1KNM9.7QPD97ADIC3O@nvidia.com> (raw)
In-Reply-To: <edff8db4-a3a5-4b21-a8e6-9871206ddeb9@nvidia.com>
On Sat Apr 11, 2026 at 12:05 AM JST, Joel Fernandes wrote:
> Reviewed-by: Joel Fernandes <joelagnelf@nvidia.com> , one comment below
>
> On 4/10/2026 4:38 AM, Eliot Courtney wrote:
>> Use checked arithmetic and access for extracting the microcode since the
>> offsets are firmware derived.
>>
>> Fixes: 47c4846e4319 ("gpu: nova-core: vbios: Add support for FWSEC ucode extraction")
>> Signed-off-by: Eliot Courtney <ecourtney@nvidia.com>
>> ---
>> drivers/gpu/nova-core/vbios.rs | 19 ++++++++++++-------
>> 1 file changed, 12 insertions(+), 7 deletions(-)
>>
>> diff --git a/drivers/gpu/nova-core/vbios.rs b/drivers/gpu/nova-core/vbios.rs
>> index 3bd3ac3a69f2..b509cd8407a5 100644
>> --- a/drivers/gpu/nova-core/vbios.rs
>> +++ b/drivers/gpu/nova-core/vbios.rs
>> @@ -1027,16 +1027,21 @@ pub(crate) fn header(&self) -> Result<FalconUCodeDesc> {
>>
>> /// Get the ucode data as a byte slice
>> pub(crate) fn ucode(&self, desc: &FalconUCodeDesc) -> Result<&[u8]> {
>> - let falcon_ucode_offset = self.falcon_ucode_offset;
>> -
>> // The ucode data follows the descriptor.
>> - let ucode_data_offset = falcon_ucode_offset + desc.size();
>> - let size = usize::from_safe_cast(desc.imem_load_size() + desc.dmem_load_size());
>> + let data = self
>> + .base
>> + .data
>> + .get(self.falcon_ucode_offset..)
>> + .ok_or(ERANGE)?;
>> + let size = usize::from_safe_cast(
>> + desc.imem_load_size()
>> + .checked_add(desc.dmem_load_size())
>> + .ok_or(ERANGE)?,
>> + );
>>
>> // Get the data slice, checking bounds in a single operation.
>> - self.base
>> - .data
>> - .get(ucode_data_offset..ucode_data_offset + size)
>> + data.get(desc.size()..)
>> + .and_then(|data| data.get(..size))
>
> It might be worth adding something like:
>
> data.get_slice(start, size) -> Result
>
> in R4L longer term if the data.get(start..).and_then(|data|
> data.get(..size)) pattern is common. It seems to be so in this series.
Yeah, this sounds reasonable although I think we'd need a name that
makes it more obvious it takes a size. I had a look at rust standard
library code and it seems a common pattern is to use split_at_checked
for the initial split. Unfortunately we can't use that yet I think since
it's in 1.80.0, but maybe we can use it very soon.
I had a look and it looks like there aren't really other existing
patterns like .get(start..).and_then(.. get(..size)) in the rust kernel
code. And in nova-core other usages of getting start..start+size slices
have local proofs that start+size doesn't overflow.
For the most part in other code hopefully we have local proofs that
start..start+size won't overflow and we can just .get(start..start+size).
next prev parent reply other threads:[~2026-04-13 6:20 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 8:38 [PATCH 0/5] gpu: nova-core: vbios: harden various array accesses Eliot Courtney
2026-04-10 8:38 ` [PATCH 1/5] gpu: nova-core: vbios: fix various cases of reading past `BIOS_MAX_SCAN_LEN` Eliot Courtney
2026-04-10 14:08 ` Joel Fernandes
2026-04-10 8:38 ` [PATCH 2/5] gpu: nova-core: vbios: limit `BitToken` entry reads Eliot Courtney
2026-04-10 14:30 ` Joel Fernandes
2026-04-10 8:38 ` [PATCH 3/5] gpu: nova-core: vbios: use checked accesses in `setup_falcon_data` Eliot Courtney
2026-04-10 14:53 ` Joel Fernandes
2026-04-13 6:04 ` Eliot Courtney
2026-04-13 7:10 ` Alexandre Courbot
2026-04-14 3:13 ` Eliot Courtney
2026-04-10 8:38 ` [PATCH 4/5] gpu: nova-core: vbios: use checked access in `FwSecBiosImage::header` Eliot Courtney
2026-04-10 15:00 ` Joel Fernandes
2026-04-10 8:38 ` [PATCH 5/5] gpu: nova-core: vbios: use checked ops and accesses in `FwSecBiosImage::ucode` Eliot Courtney
2026-04-10 15:05 ` Joel Fernandes
2026-04-13 6:20 ` Eliot Courtney [this message]
2026-04-13 12:59 ` Alexandre Courbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DHRT5WO1KNM9.7QPD97ADIC3O@nvidia.com \
--to=ecourtney@nvidia.com \
--cc=acourbot@nvidia.com \
--cc=airlied@gmail.com \
--cc=aliceryhl@google.com \
--cc=apopple@nvidia.com \
--cc=dakr@kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=jhubbard@nvidia.com \
--cc=joelagnelf@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=simona@ffwll.ch \
--cc=ttabi@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox