From: coverity-bot <keescook@chromium.org>
To: Mustafa Ismail <mustafa.ismail@intel.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>,
Shiraz Saleem <shiraz.saleem@intel.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org
Subject: Coverity: irdma_clr_wqes(): BUFFER_SIZE
Date: Tue, 8 Jun 2021 11:01:30 -0700 [thread overview]
Message-ID: <202106081101.37506CC0CD@keescook> (raw)
Hello!
This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20210608 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan
You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:
Wed Jun 2 19:55:18 2021 -0300
551c46edc769 ("RDMA/irdma: Add user/kernel shared libraries")
Coverity reported the following:
*** CID 1505156: (BUFFER_SIZE)
/drivers/infiniband/hw/irdma/uk.c: 104 in irdma_clr_wqes()
98 u32 wqe_idx;
99
100 if (!(qp_wqe_idx & 0x7F)) {
101 wqe_idx = (qp_wqe_idx + 128) % qp->sq_ring.size;
102 wqe = qp->sq_base[wqe_idx].elem;
103 if (wqe_idx)
vvv CID 1505156: (BUFFER_SIZE)
vvv You might overrun the 32 byte destination string "wqe" by writing the maximum 4096 bytes from "qp->swqe_polarity ? 0 : 255".
104 memset(wqe, qp->swqe_polarity ? 0 : 0xFF, 0x1000);
105 else
106 memset(wqe, qp->swqe_polarity ? 0xFF : 0, 0x1000);
107 }
108 }
109
/drivers/infiniband/hw/irdma/uk.c: 106 in irdma_clr_wqes()
100 if (!(qp_wqe_idx & 0x7F)) {
101 wqe_idx = (qp_wqe_idx + 128) % qp->sq_ring.size;
102 wqe = qp->sq_base[wqe_idx].elem;
103 if (wqe_idx)
104 memset(wqe, qp->swqe_polarity ? 0 : 0xFF, 0x1000);
105 else
vvv CID 1505156: (BUFFER_SIZE)
vvv You might overrun the 32 byte destination string "wqe" by writing the maximum 4096 bytes from "qp->swqe_polarity ? 255 : 0".
106 memset(wqe, qp->swqe_polarity ? 0xFF : 0, 0x1000);
107 }
108 }
109
110 /**
111 * irdma_uk_qp_post_wr - ring doorbell
If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1505156 ("BUFFER_SIZE")
Fixes: 551c46edc769 ("RDMA/irdma: Add user/kernel shared libraries")
Thanks for your attention!
--
Coverity-bot
reply other threads:[~2021-06-08 18:01 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202106081101.37506CC0CD@keescook \
--to=keescook@chromium.org \
--cc=gustavo@embeddedor.com \
--cc=jgg@nvidia.com \
--cc=linux-next@vger.kernel.org \
--cc=mustafa.ismail@intel.com \
--cc=shiraz.saleem@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox