The following issues were found
drivers/infiniband/hw/hfi1/vnic_main.c
1 issues
Line: 424
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(skb->data, packet->ebuf, packet->tlen);
skb_put(skb, packet->tlen);
pad_info = skb->data + skb->len - 1;
skb_trim(skb, (skb->len - OPA_VNIC_ICRC_TAIL_LEN -
((*pad_info) & 0x7)));
Reported by FlawFinder.
drivers/gpu/drm/i915/gt/intel_sseu.c
1 issues
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
int offset = slice * sseu->ss_stride;
memcpy(&sseu->subslice_mask[offset], &ss_mask, sseu->ss_stride);
}
unsigned int
intel_sseu_subslices_per_slice(const struct sseu_dev_info *sseu, u8 slice)
{
Reported by FlawFinder.
drivers/md/bcache/closure.c
1 issues
Line: 118
CWE codes:
562
{
struct closure_syncer s = { .task = current };
cl->s = &s;
continue_at(cl, closure_sync_fn, NULL);
while (1) {
set_current_state(TASK_UNINTERRUPTIBLE);
if (s.done)
Reported by Cppcheck.
drivers/gpu/drm/tegra/sor.c
1 issues
Line: 527
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return container_of(hw, struct tegra_clk_sor_pad, hw);
}
static const char * const tegra_clk_sor_pad_parents[2][2] = {
{ "pll_d_out0", "pll_dp" },
{ "pll_d2_out0", "pll_dp" },
};
/*
Reported by FlawFinder.
drivers/gpu/drm/tegra/hub.c
1 issues
Line: 1095
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < hub->soc->num_wgrps; i++) {
struct tegra_windowgroup *wgrp = &hub->wgrps[i];
char id[8];
snprintf(id, sizeof(id), "wgrp%u", i);
mutex_init(&wgrp->lock);
wgrp->usecount = 0;
wgrp->index = i;
Reported by FlawFinder.
drivers/infiniband/hw/hns/hns_roce_hw_v1.h
1 issues
Line: 491
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le32 u32_16;
union {
unsigned char dgid[GID_LEN];
struct {
__le32 u32_20;
__le32 u32_24;
__le32 u32_28;
__le32 u32_32;
Reported by FlawFinder.
drivers/gpu/drm/tegra/dsi.c
1 issues
Line: 1184
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
}
static const char * const error_report[16] = {
"SoT Error",
"SoT Sync Error",
"EoT Sync Error",
"Escape Mode Entry Command Error",
"Low-Power Transmit Sync Error",
Reported by FlawFinder.
drivers/infiniband/hw/hns/hns_roce_hw_v2_dfx.c
1 issues
Line: 29
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_mailbox;
}
memcpy(buffer, cq_context, sizeof(*cq_context));
err_mailbox:
hns_roce_free_cmd_mailbox(hr_dev, mailbox);
return ret;
Reported by FlawFinder.
drivers/infiniband/hw/hns/hns_roce_main.c
1 issues
Line: 287
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (mask & IB_DEVICE_MODIFY_NODE_DESC) {
spin_lock_irqsave(&to_hr_dev(ib_dev)->sm_lock, flags);
memcpy(ib_dev->node_desc, props->node_desc, NODE_DESC_SIZE);
spin_unlock_irqrestore(&to_hr_dev(ib_dev)->sm_lock, flags);
}
return 0;
}
Reported by FlawFinder.
drivers/infiniband/hw/hns/hns_roce_mr.c
1 issues
Line: 121
Column: 29
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
buf_attr.region[0].size = mr->size;
buf_attr.region[0].hopnum = mr->pbl_hop_num;
buf_attr.region_count = 1;
buf_attr.user_access = mr->access;
/* fast MR's buffer is alloced before mapping, not at creation */
buf_attr.mtt_only = is_fast;
err = hns_roce_mtr_create(hr_dev, &mr->pbl_mtr, &buf_attr,
hr_dev->caps.pbl_ba_pg_sz + PAGE_SHIFT,
Reported by FlawFinder.