[PATCH v2 2/5] gpu: nova-core: use checked arithmetic in Booter signature parsing
Joel Fernandes
joelagnelf at nvidia.com
Mon Jan 26 12:23:02 PST 2026
Use checked_add() when computing signature offsets from firmware-
provided values in signatures_iter().
Without checked arithmetic, overflow could wrap to a small plausible
offset that points to entirely wrong data.
Reviewed-by: Zhi Wang <zhiw at nvidia.com>
Signed-off-by: Joel Fernandes <joelagnelf at nvidia.com>
---
drivers/gpu/nova-core/firmware/booter.rs | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/nova-core/firmware/booter.rs b/drivers/gpu/nova-core/firmware/booter.rs
index 86556cee8e67..40ac7e66d228 100644
--- a/drivers/gpu/nova-core/firmware/booter.rs
+++ b/drivers/gpu/nova-core/firmware/booter.rs
@@ -119,14 +119,23 @@ fn signatures_iter(&'a self) -> Result<impl Iterator<Item = BooterSignature<'a>>
Some(sig_size) => {
let patch_sig =
frombytes_at::<u32>(self.fw, self.hdr.patch_sig_offset.into_safe_cast())?;
- let signatures_start = usize::from_safe_cast(self.hdr.sig_prod_offset + patch_sig);
+
+ // Compute signatures_start = sig_prod_offset + patch_sig.
+ let signatures_start = self
+ .hdr
+ .sig_prod_offset
+ .checked_add(patch_sig)
+ .map(usize::from_safe_cast)
+ .ok_or(EINVAL)?;
+
+ // Compute signatures_end = signatures_start + sig_prod_size.
+ let signatures_end = signatures_start
+ .checked_add(usize::from_safe_cast(self.hdr.sig_prod_size))
+ .ok_or(EINVAL)?;
self.fw
// Get signatures range.
- .get(
- signatures_start
- ..signatures_start + usize::from_safe_cast(self.hdr.sig_prod_size),
- )
+ .get(signatures_start..signatures_end)
.ok_or(EINVAL)?
.chunks_exact(sig_size.into_safe_cast())
}
--
2.34.1
More information about the linux-riscv
mailing list