Re: [PATCH v2 0/5] gpu: nova-core: use checked arithmetic for firmware parsing robustness

[Alexandre Courbot]

On Wed Jan 28, 2026 at 4:59 PM JST, Alexandre Courbot wrote:
> On Tue Jan 27, 2026 at 5:23 AM JST, Joel Fernandes wrote:
>> Changes from v1 to v2:
>> - Added Reviewed-by tags from Zhi
>> - Fixed comment formatting nits raised by Dirk/Zhi
>>
>> This series adds checked arithmetic throughout nova-core's firmware parsing
>> code to guard rust code against integer overflow from corrupt firmware.
>>
>> Without checked arithmetic, firmware could cause integer overflow when
>> computing offsets. The danger is not just wrapping to a huge value (which may
>> fail validation in other paths), but potentially wrapping to a small plausible
>> offset that accesses entirely wrong data, causing silent corruption or security
>> issues.
>>
>> This series has been rebased on drm-rust-next. If possible, I would like us to
>> consider merging for the upcoming merge window to avoid future conflicts.
>> Tested probing with GPU name printed in dmesg on my GA102 (Ampere).
>>
>> The git tree with all patches can be found at:
>> git://git.kernel.org/pub/scm/linux/kernel/git/jfern/linux.git (tag: nova-checked-arith-v2-20260126)
>>
>> Link to v1: https://lore.kernel.org/all/20260124231830.3088323-1-joelagnelf@xxxxxxxxxx/
>>
>> Joel Fernandes (5):
>>   gpu: nova-core: use checked arithmetic in FWSEC firmware parsing
>>   gpu: nova-core: use checked arithmetic in Booter signature parsing
>>   gpu: nova-core: use checked arithmetic in frombytes_at helper
>>   gpu: nova-core: use checked arithmetic in BinFirmware::data
>>   gpu: nova-core: use checked arithmetic in RISC-V firmware parsing
>
> Looking good, thanks! I'm staging these into a local branch and will
> push as soon as `drm-rust-next` reopens.

Pushed into `drm-rust-next`.