Hello! This is an experimental semi-automated report about issues detected by Coverity from a scan of next-20210608 as part of the linux-next scan project: https://scan.coverity.com/projects/linux-next-weekly-scan You're getting this email because you were associated with the identified lines of code (noted below) that were touched by commits: Wed Jun 2 19:55:18 2021 -0300 551c46edc769 ("RDMA/irdma: Add user/kernel shared libraries") Coverity reported the following: *** CID 1505156: (BUFFER_SIZE) /drivers/infiniband/hw/irdma/uk.c: 104 in irdma_clr_wqes() 98 u32 wqe_idx; 99 100 if (!(qp_wqe_idx & 0x7F)) { 101 wqe_idx = (qp_wqe_idx + 128) % qp->sq_ring.size; 102 wqe = qp->sq_base[wqe_idx].elem; 103 if (wqe_idx) vvv CID 1505156: (BUFFER_SIZE) vvv You might overrun the 32 byte destination string "wqe" by writing the maximum 4096 bytes from "qp->swqe_polarity ? 0 : 255". 104 memset(wqe, qp->swqe_polarity ? 0 : 0xFF, 0x1000); 105 else 106 memset(wqe, qp->swqe_polarity ? 0xFF : 0, 0x1000); 107 } 108 } 109 /drivers/infiniband/hw/irdma/uk.c: 106 in irdma_clr_wqes() 100 if (!(qp_wqe_idx & 0x7F)) { 101 wqe_idx = (qp_wqe_idx + 128) % qp->sq_ring.size; 102 wqe = qp->sq_base[wqe_idx].elem; 103 if (wqe_idx) 104 memset(wqe, qp->swqe_polarity ? 0 : 0xFF, 0x1000); 105 else vvv CID 1505156: (BUFFER_SIZE) vvv You might overrun the 32 byte destination string "wqe" by writing the maximum 4096 bytes from "qp->swqe_polarity ? 255 : 0". 106 memset(wqe, qp->swqe_polarity ? 0xFF : 0, 0x1000); 107 } 108 } 109 110 /** 111 * irdma_uk_qp_post_wr - ring doorbell If this is a false positive, please let us know so we can mark it as such, or teach the Coverity rules to be smarter. If not, please make sure fixes get into linux-next. :) For patches fixing this, please include these lines (but double-check the "Fixes" first): Reported-by: coverity-bot <keescook+coverity-bot@xxxxxxxxxxxx> Addresses-Coverity-ID: 1505156 ("BUFFER_SIZE") Fixes: 551c46edc769 ("RDMA/irdma: Add user/kernel shared libraries") Thanks for your attention! -- Coverity-bot
