The following issues were found
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_txrx.c
2 issues
Line: 40
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gcm_iv = MLX5_ADDR_OF(tls_static_params, ctx, gcm_iv);
initial_rn = MLX5_ADDR_OF(tls_static_params, ctx, initial_record_number);
memcpy(gcm_iv, salt, salt_sz);
memcpy(initial_rn, rec_seq, rec_seq_sz);
tls_version = MLX5E_STATIC_PARAMS_CONTEXT_TLS_1_2;
MLX5_SET(tls_static_params, ctx, tls_version, tls_version);
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
initial_rn = MLX5_ADDR_OF(tls_static_params, ctx, initial_record_number);
memcpy(gcm_iv, salt, salt_sz);
memcpy(initial_rn, rec_seq, rec_seq_sz);
tls_version = MLX5E_STATIC_PARAMS_CONTEXT_TLS_1_2;
MLX5_SET(tls_static_params, ctx, tls_version, tls_version);
MLX5_SET(tls_static_params, ctx, const_1, 1);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
2 issues
Line: 81
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u32 ci = mlx5_cqwq_ctr2ix(wq, cqcc);
memcpy(data, mlx5_cqwq_get_wqe(wq, ci), sizeof(struct mlx5_cqe64));
}
static inline void mlx5e_read_title_slot(struct mlx5e_rq *rq,
struct mlx5_cqwq *wq,
u32 cqcc)
Reported by FlawFinder.
Line: 519
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pi = mlx5e_icosq_get_next_pi(sq, MLX5E_UMR_WQEBBS);
umr_wqe = mlx5_wq_cyc_get_wqe(wq, pi);
memcpy(umr_wqe, &rq->mpwqe.umr_wqe, offsetof(struct mlx5e_umr_wqe, inline_mtts));
for (i = 0; i < MLX5_MPWRQ_PAGES_PER_WQE; i++, dma_info++) {
err = mlx5e_page_alloc(rq, dma_info);
if (unlikely(err))
goto err_unmap;
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbevf/defines.h
2 issues
Line: 195
Column: 4
CWE codes:
120
20
__le64 buffer_addr; /* Address of descriptor's data buf */
__le32 cmd_type_len;
__le32 olinfo_status;
} read;
struct {
__le64 rsvd; /* Reserved */
__le32 nxtseq_seed;
__le32 status;
} wb;
Reported by FlawFinder.
Line: 208
Column: 4
CWE codes:
120
20
struct {
__le64 pkt_addr; /* Packet buffer address */
__le64 hdr_addr; /* Header buffer address */
} read;
struct {
struct {
union {
__le32 data;
struct {
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/esw/diag/bridge_tracepoint.h
2 issues
Line: 27
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
strncpy(__entry->dev_name,
netdev_name(fdb->dev),
IFNAMSIZ);
memcpy(__entry->addr, fdb->key.addr, ETH_ALEN);
__entry->vid = fdb->key.vid;
__entry->flags = fdb->flags;
__entry->used = jiffies_to_msecs(jiffies - fdb->lastuse)
),
TP_printk("net_device=%s addr=%pM vid=%hu flags=%hx used=%u",
Reported by FlawFinder.
Line: 24
Column: 8
CWE codes:
120
__field(unsigned int, used)
),
TP_fast_assign(
strncpy(__entry->dev_name,
netdev_name(fdb->dev),
IFNAMSIZ);
memcpy(__entry->addr, fdb->key.addr, ETH_ALEN);
__entry->vid = fdb->key.vid;
__entry->flags = fdb->flags;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/esw/indir_table.c
2 issues
Line: 180
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(MLX5_ADDR_OF(fte_match_param, rule_spec->match_criteria,
outer_headers.dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
0xff, len);
memcpy(MLX5_ADDR_OF(fte_match_param, rule_spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&esw_attr->rx_tun_attr->dst_ip.v6, len);
}
MLX5_SET_TO_ONES(fte_match_param, rule_spec->match_criteria,
Reported by FlawFinder.
Line: 233
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rule->handle = handle;
rule->vni = esw_attr->rx_tun_attr->vni;
rule->mh = flow_act.modify_hdr;
memcpy(&rule->dst_ip, &esw_attr->rx_tun_attr->dst_ip,
sizeof(esw_attr->rx_tun_attr->dst_ip));
refcount_set(&rule->refcnt, 1);
list_add(&rule->list, &e->recirc_rules);
e->recirc_cnt++;
goto out;
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c
2 issues
Line: 393
Column: 26
CWE codes:
120
20
* not continue or we could be in for a very long wait while every
* EEPROM read fails
*/
status = hw->eeprom.ops.read(hw, 0, &checksum);
if (status) {
hw_dbg(hw, "EEPROM read failed\n");
return status;
}
Reported by FlawFinder.
Line: 451
Column: 26
CWE codes:
120
20
* not continue or we could be in for a very long wait while every
* EEPROM read fails
*/
status = hw->eeprom.ops.read(hw, 0, &checksum);
if (status) {
hw_dbg(hw, "EEPROM read failed\n");
return status;
}
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/mcg.c
2 issues
Line: 47
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(attach_to_mcg_in, in, opcode, MLX5_CMD_OP_ATTACH_TO_MCG);
MLX5_SET(attach_to_mcg_in, in, qpn, qpn);
gid = MLX5_ADDR_OF(attach_to_mcg_in, in, multicast_gid);
memcpy(gid, mgid, sizeof(*mgid));
return mlx5_cmd_exec_in(dev, attach_to_mcg, in);
}
EXPORT_SYMBOL(mlx5_core_attach_mcg);
int mlx5_core_detach_mcg(struct mlx5_core_dev *dev, union ib_gid *mgid, u32 qpn)
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(detach_from_mcg_in, in, opcode, MLX5_CMD_OP_DETACH_FROM_MCG);
MLX5_SET(detach_from_mcg_in, in, qpn, qpn);
gid = MLX5_ADDR_OF(detach_from_mcg_in, in, multicast_gid);
memcpy(gid, mgid, sizeof(*mgid));
return mlx5_cmd_exec_in(dev, detach_from_mcg, in);
}
EXPORT_SYMBOL(mlx5_core_detach_mcg);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_ethtool.c
2 issues
Line: 48
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static const struct {
const char string[ETH_GSTRING_LEN];
} mlxbf_gige_ethtool_stats_keys[] = {
{ "hw_access_errors" },
{ "tx_invalid_checksums" },
{ "tx_small_frames" },
{ "tx_index_errors" },
Reported by FlawFinder.
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (stringset != ETH_SS_STATS)
return;
memcpy(buf, &mlxbf_gige_ethtool_stats_keys,
sizeof(mlxbf_gige_ethtool_stats_keys));
}
static void mlxbf_gige_get_ethtool_stats(struct net_device *netdev,
struct ethtool_stats *estats,
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c
2 issues
Line: 216
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 comp_max_write_size;
u8 comp_align_bits;
u32 comp_max_size;
char comp_name[8];
u16 block_size;
u8 *block_ptr;
u32 offset;
int err;
Reported by FlawFinder.
Line: 222
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u32 offset;
int err;
sprintf(comp_name, "%u", comp->index);
err = mlxfw_dev->ops->component_query(mlxfw_dev, comp->index,
&comp_max_size, &comp_align_bits,
&comp_max_write_size);
if (err) {
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
2 issues
Line: 78
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MLXSW_AFA_SET_LEN 0xA8
struct mlxsw_afa_set_ht_key {
char enc_actions[MLXSW_AFA_SET_LEN]; /* Encoded set */
bool is_first;
};
/* Set structure holds one action set record. It contains up to three
* actions (depends on size of particular actions). The set is either
Reported by FlawFinder.
Line: 740
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!cookie)
return ERR_PTR(-ENOMEM);
refcount_set(&cookie->ref_count, 1);
memcpy(&cookie->fa_cookie, fa_cookie,
sizeof(*fa_cookie) + fa_cookie->cookie_len);
err = rhashtable_insert_fast(&mlxsw_afa->cookie_ht, &cookie->ht_node,
mlxsw_afa_cookie_ht_params);
if (err)
Reported by FlawFinder.