Index: sys/dev/sfxge/common/ef10_mcdi.c =================================================================== --- sys/dev/sfxge/common/ef10_mcdi.c +++ sys/dev/sfxge/common/ef10_mcdi.c @@ -215,13 +215,17 @@ { const efx_mcdi_transport_t *emtp = enp->en_mcdi.em_emtp; efsys_mem_t *esmp = emtp->emt_dma_mem; - unsigned int pos; + unsigned int pos = 0; efx_dword_t data; + size_t remaining = length; + + while (remaining > 0) { + size_t chunk = MIN(remaining, sizeof (data)); - for (pos = 0; pos < length; pos += sizeof (efx_dword_t)) { EFSYS_MEM_READD(esmp, offset + pos, &data); - memcpy((uint8_t *)bufferp + pos, &data, - MIN(sizeof (data), length - pos)); + memcpy((uint8_t *)bufferp + pos, &data, chunk); + pos += chunk; + remaining -= chunk; } } Index: sys/dev/sfxge/common/ef10_nvram.c =================================================================== --- sys/dev/sfxge/common/ef10_nvram.c +++ sys/dev/sfxge/common/ef10_nvram.c @@ -1376,12 +1376,16 @@ */ retry = 10; do { - rc = ef10_nvram_read_tlv_segment(enp, partn, 0, - seg_data, partn_size); - } while ((rc == EAGAIN) && (--retry > 0)); + if ((rc = ef10_nvram_read_tlv_segment(enp, partn, 0, + seg_data, partn_size)) != 0) + --retry; + } while ((rc == EAGAIN) && (retry > 0)); if (rc != 0) { /* Failed to obtain consistent segment data */ + if (rc == EAGAIN) + rc = EIO; + goto fail4; } Index: sys/dev/sfxge/common/ef10_vpd.c =================================================================== --- sys/dev/sfxge/common/ef10_vpd.c +++ sys/dev/sfxge/common/ef10_vpd.c @@ -163,19 +163,22 @@ rc = ENOSPC; goto fail2; } - memcpy(data, dvpd, dvpd_size); + if (dvpd != NULL) + memcpy(data, dvpd, dvpd_size); /* Pad data with all-1s, consistent with update operations */ memset(data + dvpd_size, 0xff, size - dvpd_size); - EFSYS_KMEM_FREE(enp->en_esip, dvpd_size, dvpd); + if (dvpd != NULL) + EFSYS_KMEM_FREE(enp->en_esip, dvpd_size, dvpd); return (0); fail2: EFSYS_PROBE(fail2); - EFSYS_KMEM_FREE(enp->en_esip, dvpd_size, dvpd); + if (dvpd != NULL) + EFSYS_KMEM_FREE(enp->en_esip, dvpd_size, dvpd); fail1: EFSYS_PROBE1(fail1, efx_rc_t, rc); Index: sys/dev/sfxge/common/efx_filter.c =================================================================== --- sys/dev/sfxge/common/efx_filter.c +++ sys/dev/sfxge/common/efx_filter.c @@ -988,6 +988,7 @@ default: EFSYS_ASSERT(B_FALSE); + EFX_ZERO_OWORD(*filter); return (0); } Index: sys/dev/sfxge/common/efx_mcdi.c =================================================================== --- sys/dev/sfxge/common/efx_mcdi.c +++ sys/dev/sfxge/common/efx_mcdi.c @@ -1461,6 +1461,10 @@ efx_mcdi_req_t req; uint8_t payload[MAX(MC_CMD_GET_PHY_CFG_IN_LEN, MC_CMD_GET_PHY_CFG_OUT_LEN)]; +#if EFSYS_OPT_NAMES + const char *namep; + size_t namelen; +#endif efx_rc_t rc; (void) memset(payload, 0, sizeof (payload)); @@ -1484,10 +1488,12 @@ encp->enc_phy_type = MCDI_OUT_DWORD(req, GET_PHY_CFG_OUT_TYPE); #if EFSYS_OPT_NAMES - (void) strncpy(encp->enc_phy_name, - MCDI_OUT2(req, char, GET_PHY_CFG_OUT_NAME), - MIN(sizeof (encp->enc_phy_name) - 1, - MC_CMD_GET_PHY_CFG_OUT_NAME_LEN)); + namep = MCDI_OUT2(req, char, GET_PHY_CFG_OUT_NAME); + namelen = MIN(sizeof (encp->enc_phy_name) - 1, + strnlen(namep, MC_CMD_GET_PHY_CFG_OUT_NAME_LEN)); + (void) memset(encp->enc_phy_name, 0, + sizeof (encp->enc_phy_name)); + memcpy(encp->enc_phy_name, namep, namelen); #endif /* EFSYS_OPT_NAMES */ (void) memset(encp->enc_phy_revision, 0, sizeof (encp->enc_phy_revision)); Index: sys/dev/sfxge/common/efx_phy.c =================================================================== --- sys/dev/sfxge/common/efx_phy.c +++ sys/dev/sfxge/common/efx_phy.c @@ -214,6 +214,7 @@ break; default: EFSYS_ASSERT(B_FALSE); + *maskp = 0; break; } } Index: sys/dev/sfxge/common/siena_mcdi.c =================================================================== --- sys/dev/sfxge/common/siena_mcdi.c +++ sys/dev/sfxge/common/siena_mcdi.c @@ -150,17 +150,21 @@ { efx_mcdi_iface_t *emip = &(enp->en_mcdi.em_emip); unsigned int pdur; - unsigned int pos; + unsigned int pos = 0; efx_dword_t data; + size_t remaining = length; EFSYS_ASSERT(emip->emi_port == 1 || emip->emi_port == 2); pdur = SIENA_MCDI_PDU(emip); - for (pos = 0; pos < length; pos += sizeof (efx_dword_t)) { + while (remaining > 0) { + size_t chunk = MIN(remaining, sizeof (data)); + EFX_BAR_TBL_READD(enp, FR_CZ_MC_TREG_SMEM, pdur + ((offset + pos) >> 2), &data, B_FALSE); - memcpy((uint8_t *)bufferp + pos, &data, - MIN(sizeof (data), length - pos)); + memcpy((uint8_t *)bufferp + pos, &data, chunk); + pos += chunk; + remaining -= chunk; } } Index: sys/dev/sfxge/common/siena_nvram.c =================================================================== --- sys/dev/sfxge/common/siena_nvram.c +++ sys/dev/sfxge/common/siena_nvram.c @@ -333,15 +333,20 @@ if ((rc = siena_nvram_partn_size(enp, partn, &size)) != 0) goto fail1; + if (size < SIENA_NVRAM_CHUNK) { + rc = EINVAL; + goto fail2; + } + EFSYS_KMEM_ALLOC(enp->en_esip, size, dcfg); if (dcfg == NULL) { rc = ENOMEM; - goto fail2; + goto fail3; } if ((rc = siena_nvram_partn_read(enp, partn, 0, (caddr_t)dcfg, SIENA_NVRAM_CHUNK)) != 0) - goto fail3; + goto fail4; /* Verify the magic */ if (EFX_DWORD_FIELD(dcfg->magic, EFX_DWORD_0) @@ -376,7 +381,7 @@ if ((rc = siena_nvram_partn_read(enp, partn, SIENA_NVRAM_CHUNK, (caddr_t)dcfg + SIENA_NVRAM_CHUNK, region - SIENA_NVRAM_CHUNK)) != 0) - goto fail4; + goto fail5; } /* Verify checksum */ @@ -418,13 +423,15 @@ return (0); +fail5: + EFSYS_PROBE(fail5); fail4: EFSYS_PROBE(fail4); -fail3: - EFSYS_PROBE(fail3); EFSYS_KMEM_FREE(enp->en_esip, size, dcfg); +fail3: + EFSYS_PROBE(fail3); fail2: EFSYS_PROBE(fail2); fail1: Index: sys/dev/sfxge/common/siena_vpd.c =================================================================== --- sys/dev/sfxge/common/siena_vpd.c +++ sys/dev/sfxge/common/siena_vpd.c @@ -65,21 +65,26 @@ if ((rc = siena_nvram_partn_size(enp, partn, &size)) != 0) goto fail1; + if (size < SIENA_NVRAM_CHUNK) { + rc = EINVAL; + goto fail2; + } + EFSYS_KMEM_ALLOC(enp->en_esip, size, scfg); if (scfg == NULL) { rc = ENOMEM; - goto fail2; + goto fail3; } if ((rc = siena_nvram_partn_read(enp, partn, 0, (caddr_t)scfg, SIENA_NVRAM_CHUNK)) != 0) - goto fail3; + goto fail4; /* Verify the magic number */ if (EFX_DWORD_FIELD(scfg->magic, EFX_DWORD_0) != SIENA_MC_STATIC_CONFIG_MAGIC) { rc = EINVAL; - goto fail4; + goto fail5; } /* All future versions of the structure must be backwards compatible */ @@ -93,7 +98,7 @@ if (hdr_length > size || vpd_offset > size || vpd_length > size || vpd_length + vpd_offset > size) { rc = EINVAL; - goto fail5; + goto fail6; } /* Read the remainder of scfg + static vpd */ @@ -102,7 +107,7 @@ if ((rc = siena_nvram_partn_read(enp, partn, SIENA_NVRAM_CHUNK, (caddr_t)scfg + SIENA_NVRAM_CHUNK, region - SIENA_NVRAM_CHUNK)) != 0) - goto fail6; + goto fail7; } /* Verify checksum */ @@ -111,7 +116,7 @@ cksum += ((uint8_t *)scfg)[pos]; if (cksum != 0) { rc = EINVAL; - goto fail7; + goto fail8; } if (vpd_length == 0) @@ -121,7 +126,7 @@ EFSYS_KMEM_ALLOC(enp->en_esip, vpd_length, svpd); if (svpd == NULL) { rc = ENOMEM; - goto fail8; + goto fail9; } memcpy(svpd, (caddr_t)scfg + vpd_offset, vpd_length); } @@ -133,6 +138,8 @@ return (0); +fail9: + EFSYS_PROBE(fail9); fail8: EFSYS_PROBE(fail8); fail7: @@ -143,11 +150,11 @@ EFSYS_PROBE(fail5); fail4: EFSYS_PROBE(fail4); -fail3: - EFSYS_PROBE(fail3); EFSYS_KMEM_FREE(enp->en_esip, size, scfg); +fail3: + EFSYS_PROBE(fail3); fail2: EFSYS_PROBE(fail2); fail1: