On Tue Jan 27, 2026 at 5:23 AM JST, Joel Fernandes wrote: > Changes from v1 to v2: > - Added Reviewed-by tags from Zhi > - Fixed comment formatting nits raised by Dirk/Zhi > > This series adds checked arithmetic throughout nova-core's firmware parsing > code to guard rust code against integer overflow from corrupt firmware. > > Without checked arithmetic, firmware could cause integer overflow when > computing offsets. The danger is not just wrapping to a huge value (which may > fail validation in other paths), but potentially wrapping to a small plausible > offset that accesses entirely wrong data, causing silent corruption or > security > issues. > > This series has been rebased on drm-rust-next. If possible, I would like us to > consider merging for the upcoming merge window to avoid future conflicts. > Tested probing with GPU name printed in dmesg on my GA102 (Ampere). > > The git tree with all patches can be found at: > git://git.kernel.org/pub/scm/linux/kernel/git/jfern/linux.git (tag: > nova-checked-arith-v2-20260126) > > Link to v1: > https://lore.kernel.org/all/[email protected]/ > > Joel Fernandes (5): > gpu: nova-core: use checked arithmetic in FWSEC firmware parsing > gpu: nova-core: use checked arithmetic in Booter signature parsing > gpu: nova-core: use checked arithmetic in frombytes_at helper > gpu: nova-core: use checked arithmetic in BinFirmware::data > gpu: nova-core: use checked arithmetic in RISC-V firmware parsing
Looking good, thanks! I'm staging these into a local branch and will push as soon as `drm-rust-next` reopens.
