Re: [PATCH v4 07/20] gpu: nova-core: vbios: use checked accesses in `setup_falcon_data`
From: John Hubbard
Date: Fri May 22 2026 - 22:55:18 EST
On 5/18/26 7:55 PM, Eliot Courtney wrote:
> Use checked arithmetic for `ucode_offset` in `setup_falcon_data`. This
> prevents a malformed firmware from causing a panic.
>
> Fixes: dc70c6ae2441 ("gpu: nova-core: vbios: Add support to look up PMU table in FWSEC")
> Reviewed-by: Joel Fernandes <joelagnelf@xxxxxxxxxx>
> Signed-off-by: Eliot Courtney <ecourtney@xxxxxxxxxx>
> ---
> drivers/gpu/nova-core/vbios.rs | 17 +++++++++--------
> 1 file changed, 9 insertions(+), 8 deletions(-)
Reviewed-by: John Hubbard <jhubbard@xxxxxxxxxx>
thanks,
--
John Hubbard
>
> diff --git a/drivers/gpu/nova-core/vbios.rs b/drivers/gpu/nova-core/vbios.rs
> index 48a46684e279..871f455bb720 100644
> --- a/drivers/gpu/nova-core/vbios.rs
> +++ b/drivers/gpu/nova-core/vbios.rs
> @@ -1036,14 +1036,15 @@ fn setup_falcon_data(
> .find_entry_by_type(FALCON_UCODE_ENTRY_APPID_FWSEC_PROD)
> {
> Ok(entry) => {
> - let mut ucode_offset = usize::from_safe_cast(entry.data);
> - ucode_offset -= pci_at_image.base.data.len();
> - if ucode_offset < first_fwsec.base.data.len() {
> - dev_err!(self.base.dev, "Falcon Ucode offset not in second Fwsec.\n");
> - return Err(EINVAL);
> - }
> - ucode_offset -= first_fwsec.base.data.len();
> - self.falcon_ucode_offset = Some(ucode_offset);
> + self.falcon_ucode_offset = Some(
> + usize::from_safe_cast(entry.data)
> + .checked_sub(pci_at_image.base.data.len())
> + .and_then(|o| o.checked_sub(first_fwsec.base.data.len()))
> + .ok_or(EINVAL)
> + .inspect_err(|_| {
> + dev_err!(self.base.dev, "Falcon Ucode offset not in second Fwsec.\n");
> + })?,
> + );
> }
> Err(e) => {
> dev_err!(
>