Hello. I ran a SAST tool, CodeQL, against trunk and found a couple of instances (below) where the 16-bit integer `i` is compared to the 32-bit integer `max_rx_queues` or `max_tx_queues` in ixg(4). If `max_rx_queues` (or `max_tx_queues`) is sufficiently large, it could lead to an infinite loop.
sys/dev/pci/ixgbe/ixgbe_vf.c:280 sys/dev/pci/ixgbe/ixgbe_vf.c:284 sys/dev/pci/ixgbe/ixgbe_common.c:1158 sys/dev/pci/ixgbe/ixgbe_common.c:1162 **NOTE: this patch needs to be tested, as I have not tested it beyond re-compiling the kernel.** diff --git a/sys/dev/pci/ixgbe/ixgbe_common.c b/sys/dev/pci/ixgbe/ixgbe_common.c index 04aac162f..b3b14e263 100644 --- a/sys/dev/pci/ixgbe/ixgbe_common.c +++ b/sys/dev/pci/ixgbe/ixgbe_common.c @@ -1115,7 +1115,7 @@ void ixgbe_set_lan_id_multi_port_pcie(struct ixgbe_hw *hw) s32 ixgbe_stop_adapter_generic(struct ixgbe_hw *hw) { u32 reg_val; - u16 i; + u32 i; DEBUGFUNC("ixgbe_stop_adapter_generic"); diff --git a/sys/dev/pci/ixgbe/ixgbe_vf.c b/sys/dev/pci/ixgbe/ixgbe_vf.c index 63fceacdd..924ac2963 100644 --- a/sys/dev/pci/ixgbe/ixgbe_vf.c +++ b/sys/dev/pci/ixgbe/ixgbe_vf.c @@ -262,7 +262,7 @@ s32 ixgbe_reset_hw_vf(struct ixgbe_hw *hw) s32 ixgbe_stop_adapter_vf(struct ixgbe_hw *hw) { u32 reg_val; - u16 i; + u32 i; /* * Set the adapter_stopped flag so other driver functions stop touching