The following issues were found
drivers/net/ethernet/intel/ixgbevf/vf.c
2 issues
Line: 416
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (msgbuf[0] != (IXGBE_VF_GET_RSS_KEY | IXGBE_VT_MSGTYPE_ACK))
return IXGBE_ERR_MBX;
memcpy(rss_key, msgbuf + 1, IXGBEVF_RSS_HASH_KEY_SIZE);
return 0;
}
/**
Reported by FlawFinder.
Line: 708
Column: 15
CWE codes:
120
20
/* if the read failed it could just be a mailbox collision, best wait
* until we are called again and don't report an error
*/
if (mbx->ops.read(hw, &in_msg, 1))
goto out;
if (!(in_msg & IXGBE_VT_MSGTYPE_CTS)) {
/* msg is not CTS and is NACK we must have lost CTS status */
if (in_msg & IXGBE_VT_MSGTYPE_NACK)
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/diag/en_rep_tracepoint.h
2 issues
Line: 37
if (mn->family == AF_INET) {
*p32 = mn->dst_ip.v4;
ipv6_addr_set_v4mapped(*p32, pin6);
} else if (mn->family == AF_INET6) {
*pin6 = mn->dst_ip.v6;
}
),
TP_printk("netdev: %s MAC: %pM IPv4: %pI4 IPv6: %pI6c neigh_connected=%d\n",
__get_str(devname), __entry->ha,
Reported by Cppcheck.
Line: 30
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__assign_str(devname, nhe->neigh_dev->name);
__entry->neigh_connected = neigh_connected;
memcpy(__entry->ha, ha, ETH_ALEN);
p32 = (__be32 *)__entry->v4;
pin6 = (struct in6_addr *)__entry->v6;
if (mn->family == AF_INET) {
*p32 = mn->dst_ip.v4;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/diag/en_tc_tracepoint.h
2 issues
Line: 97
if (mn->family == AF_INET) {
*p32 = mn->dst_ip.v4;
ipv6_addr_set_v4mapped(*p32, pin6);
} else if (mn->family == AF_INET6) {
*pin6 = mn->dst_ip.v6;
}
),
TP_printk("netdev: %s IPv4: %pI4 IPv6: %pI6c neigh_used=%d\n",
__get_str(devname), __entry->v4, __entry->v6,
Reported by Cppcheck.
Line: 97
if (mn->family == AF_INET) {
*p32 = mn->dst_ip.v4;
ipv6_addr_set_v4mapped(*p32, pin6);
} else if (mn->family == AF_INET6) {
*pin6 = mn->dst_ip.v6;
}
),
TP_printk("netdev: %s IPv4: %pI4 IPv6: %pI6c neigh_used=%d\n",
__get_str(devname), __entry->v4, __entry->v6,
Reported by Cppcheck.
drivers/net/ethernet/mellanox/mlx5/core/en/devlink.c
2 issues
Line: 14
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
parent_id = mlx5_query_nic_system_image_guid(dev);
ppid->id_len = sizeof(parent_id);
memcpy(ppid->id, &parent_id, sizeof(parent_id));
}
int mlx5e_devlink_port_register(struct mlx5e_priv *priv)
{
struct devlink *devlink = priv_to_devlink(priv->mdev);
Reported by FlawFinder.
Line: 30
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attrs.phys.port_number = PCI_FUNC(priv->mdev->pdev->devfn);
if (MLX5_ESWITCH_MANAGER(priv->mdev)) {
mlx5e_devlink_get_port_parent_id(priv->mdev, &ppid);
memcpy(attrs.switch_id.id, ppid.id, ppid.id_len);
attrs.switch_id.id_len = ppid.id_len;
}
dl_port_index = mlx5_esw_vport_to_devlink_port_index(priv->mdev,
MLX5_VPORT_UPLINK);
} else {
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en/mapping.c
2 issues
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!mi)
goto err_alloc;
memcpy(mi->data, data, ctx->data_size);
hash_add(ctx->ht, &mi->node, hash_key);
err = xa_alloc(&ctx->xarray, &mi->id, mi, XA_LIMIT(1, ctx->max_id),
GFP_KERNEL);
if (err)
Reported by FlawFinder.
Line: 135
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!mi)
goto err_find;
memcpy(data, mi->data, ctx->data_size);
err = 0;
err_find:
rcu_read_unlock();
return err;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c
2 issues
Line: 539
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void mlx5e_reporter_tx_err_cqe(struct mlx5e_txqsq *sq)
{
char err_str[MLX5E_REPORTER_PER_Q_MAX_LEN];
struct mlx5e_priv *priv = sq->priv;
struct mlx5e_err_ctx err_ctx = {};
err_ctx.ctx = sq;
err_ctx.recover = mlx5e_tx_reporter_err_cqe_recover;
Reported by FlawFinder.
Line: 553
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mlx5e_reporter_tx_timeout(struct mlx5e_txqsq *sq)
{
char err_str[MLX5E_REPORTER_PER_Q_MAX_LEN];
struct mlx5e_tx_timeout_ctx to_ctx = {};
struct mlx5e_priv *priv = sq->priv;
struct mlx5e_err_ctx err_ctx = {};
to_ctx.sq = sq;
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbevf/mbx.c
2 issues
Line: 67
Column: 16
CWE codes:
120
20
struct ixgbe_mbx_info *mbx = &hw->mbx;
s32 ret_val = IXGBE_ERR_MBX;
if (!mbx->ops.read)
goto out;
ret_val = ixgbevf_poll_for_msg(hw);
/* if ack received read message, otherwise we timed out */
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_geneve.c
2 issues
Line: 270
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* point querying at this stage.
*/
memcpy(&opt_data_key, option_key->opt_data, option_key->length * 4);
memcpy(&opt_data_mask, option_mask->opt_data, option_mask->length * 4);
MLX5_SET(fte_match_set_misc3, misc_3_v,
geneve_tlv_option_0_data, be32_to_cpu(opt_data_key));
MLX5_SET(fte_match_set_misc3, misc_3_c,
geneve_tlv_option_0_data, be32_to_cpu(opt_data_mask));
Reported by FlawFinder.
Line: 271
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(&opt_data_key, option_key->opt_data, option_key->length * 4);
memcpy(&opt_data_mask, option_mask->opt_data, option_mask->length * 4);
MLX5_SET(fte_match_set_misc3, misc_3_v,
geneve_tlv_option_0_data, be32_to_cpu(opt_data_key));
MLX5_SET(fte_match_set_misc3, misc_3_c,
geneve_tlv_option_0_data, be32_to_cpu(opt_data_mask));
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
2 issues
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
crypto_data_len = (x->aead->alg_key_len + 7) / 8;
key_len = crypto_data_len - 4; /* 4 bytes salt at end */
memcpy(aes_gcm->aes_key, x->aead->alg_key, key_len);
aes_gcm->key_len = key_len * 8;
/* salt and seq_iv */
aead = x->data;
geniv_ctx = crypto_aead_ctx(aead);
Reported by FlawFinder.
Line: 171
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aead = x->data;
geniv_ctx = crypto_aead_ctx(aead);
ivsize = crypto_aead_ivsize(aead);
memcpy(&aes_gcm->seq_iv, &geniv_ctx->salt, ivsize);
memcpy(&aes_gcm->salt, x->aead->alg_key + key_len,
sizeof(aes_gcm->salt));
/* iv len */
aes_gcm->icv_len = x->aead->alg_icv_len;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_stats.c
2 issues
Line: 90
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (priv->ipsec)
for (i = 0; i < NUM_IPSEC_SW_COUNTERS; i++)
strcpy(data + (idx++) * ETH_GSTRING_LEN,
mlx5e_ipsec_sw_stats_desc[i].format);
return idx;
}
static MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS(ipsec_sw)
Reported by FlawFinder.
Line: 128
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (priv->ipsec && mlx5_fpga_ipsec_device_caps(priv->mdev))
for (i = 0; i < NUM_IPSEC_HW_COUNTERS; i++)
strcpy(data + (idx++) * ETH_GSTRING_LEN,
mlx5e_ipsec_hw_stats_desc[i].format);
return idx;
}
Reported by FlawFinder.