Re: [PATCH v2 05/11] gpu: nova-core: vbios: use checked accesses in `setup_falcon_data`
From: Joel Fernandes
Date: Thu Apr 16 2026 - 12:18:19 EST
On 4/14/2026 7:54 AM, Eliot Courtney wrote:
> Use checked arithmetic for `ucode_offset` in `setup_falcon_data`. This
> prevents a malformed firmware from causing a panic.
>
> Fixes: dc70c6ae2441 ("gpu: nova-core: vbios: Add support to look up PMU table in FWSEC")
> Signed-off-by: Eliot Courtney <ecourtney@xxxxxxxxxx>
Reviewed-by: Joel Fernandes <joelagnelf@xxxxxxxxxx>
Thanks.
> ---
> drivers/gpu/nova-core/vbios.rs | 17 +++++++++--------
> 1 file changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/gpu/nova-core/vbios.rs b/drivers/gpu/nova-core/vbios.rs
> index bc752d135cbf..d8633e61178b 100644
> --- a/drivers/gpu/nova-core/vbios.rs
> +++ b/drivers/gpu/nova-core/vbios.rs
> @@ -955,14 +955,15 @@ fn setup_falcon_data(
> .find_entry_by_type(FALCON_UCODE_ENTRY_APPID_FWSEC_PROD)
> {
> Ok(entry) => {
> - let mut ucode_offset = usize::from_safe_cast(entry.data);
> - ucode_offset -= pci_at_image.base.data.len();
> - if ucode_offset < first_fwsec.base.data.len() {
> - dev_err!(self.base.dev, "Falcon Ucode offset not in second Fwsec.\n");
> - return Err(EINVAL);
> - }
> - ucode_offset -= first_fwsec.base.data.len();
> - self.falcon_ucode_offset = Some(ucode_offset);
> + self.falcon_ucode_offset = Some(
> + usize::from_safe_cast(entry.data)
> + .checked_sub(pci_at_image.base.data.len())
> + .and_then(|o| o.checked_sub(first_fwsec.base.data.len()))
> + .ok_or(EINVAL)
> + .inspect_err(|_| {
> + dev_err!(self.base.dev, "Falcon Ucode offset not in second Fwsec.\n");
> + })?,
> + );
> }
> Err(e) => {
> dev_err!(
>