The following issues were found
drivers/net/ethernet/qlogic/qed/qed_iwarp.c
6 issues
Line: 1213
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ep->cm_info.private_data_len = iparams->cm_info.private_data_len +
mpa_data_size;
memcpy((u8 *)ep->ep_buffer_virt->out_pdata + mpa_data_size,
iparams->cm_info.private_data,
iparams->cm_info.private_data_len);
ep->mss = iparams->mss;
ep->mss = min_t(u16, QED_IWARP_MAX_FW_MSS, ep->mss);
Reported by FlawFinder.
Line: 1502
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ep->cm_info.private_data_len = iparams->private_data_len +
mpa_data_size;
memcpy((u8 *)ep->ep_buffer_virt->out_pdata + mpa_data_size,
iparams->private_data, iparams->private_data_len);
rc = qed_iwarp_mpa_offload(p_hwfn, ep);
if (rc)
qed_iwarp_modify_qp(p_hwfn,
Reported by FlawFinder.
Line: 1536
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ep->cm_info.private_data_len = iparams->private_data_len +
mpa_data_size;
memcpy((u8 *)ep->ep_buffer_virt->out_pdata + mpa_data_size,
iparams->private_data, iparams->private_data_len);
return qed_iwarp_mpa_offload(p_hwfn, ep);
}
Reported by FlawFinder.
Line: 1908
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fpdu->mpa_frag_virt, fpdu->mpa_frag_len,
(u8 *)(buf->data) + first_mpa_offset, tcp_payload_size);
memcpy(tmp_buf, fpdu->mpa_frag_virt, fpdu->mpa_frag_len);
memcpy(tmp_buf + fpdu->mpa_frag_len,
(u8 *)(buf->data) + first_mpa_offset, tcp_payload_size);
rc = qed_iwarp_recycle_pkt(p_hwfn, fpdu, fpdu->mpa_buf);
if (rc)
Reported by FlawFinder.
Line: 1909
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(u8 *)(buf->data) + first_mpa_offset, tcp_payload_size);
memcpy(tmp_buf, fpdu->mpa_frag_virt, fpdu->mpa_frag_len);
memcpy(tmp_buf + fpdu->mpa_frag_len,
(u8 *)(buf->data) + first_mpa_offset, tcp_payload_size);
rc = qed_iwarp_recycle_pkt(p_hwfn, fpdu, fpdu->mpa_buf);
if (rc)
return rc;
Reported by FlawFinder.
Line: 1919
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* If we managed to post the buffer copy the data to the new buffer
* o/w this will occur in the next round...
*/
memcpy((u8 *)(buf->data), tmp_buf,
fpdu->mpa_frag_len + tcp_payload_size);
fpdu->mpa_buf = buf;
/* fpdu->pkt_hdr remains as is */
/* fpdu->mpa_frag is overridden with new buf */
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_l2.c
6 issues
Line: 783
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct qed_sp_vport_update_params s_params;
memset(&s_params, 0, sizeof(s_params));
memcpy(&s_params.accept_flags, p_accept_flags,
sizeof(struct qed_filter_accept_flags));
return qed_vf_pf_vport_update(p_hwfn, &s_params);
}
Reported by FlawFinder.
Line: 1335
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p_second_filter->vport_id = vport_to_add_to;
} else if (p_filter_cmd->opcode == QED_FILTER_REPLACE) {
p_first_filter->vport_id = vport_to_add_to;
memcpy(p_second_filter, p_first_filter,
sizeof(*p_second_filter));
p_first_filter->action = ETH_FILTER_ACTION_REMOVE_ALL;
p_second_filter->action = ETH_FILTER_ACTION_ADD;
} else {
action = qed_filter_action(p_filter_cmd->opcode);
Reported by FlawFinder.
Line: 1449
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u32 packet_buf[2] = { 0 };
memcpy((u8 *)(&packet_buf[0]), &mac[0], 6);
return qed_calc_crc32c((u8 *)packet_buf, 8, seed, 0);
}
u8 qed_mcast_bin_from_mac(u8 *mac)
{
Reported by FlawFinder.
Line: 2377
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rss->update_rss_ind_table = 1;
rss->update_rss_key = 1;
rss->rss_caps = input->rss_caps;
memcpy(rss->rss_key, input->rss_key, QED_RSS_KEY_SIZE * sizeof(u32));
/* In regular scenario, we'd simply need to take input handlers.
* But in CMT, we'd have to split the handlers according to the
* engine they were configured on. We'd then have to understand
* whether RSS is really required, since 2-queues on CMT doesn't
Reported by FlawFinder.
Line: 2386
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* require RSS.
*/
if (cdev->num_hwfns == 1) {
memcpy(rss->rss_ind_table,
input->rss_ind_table,
QED_RSS_IND_TABLE_SIZE * sizeof(void *));
rss->rss_table_size_log = 7;
return 0;
}
Reported by FlawFinder.
Line: 2394
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Start by copying the non-spcific information to the 2nd copy */
memcpy(&rss[1], &rss[0], sizeof(struct qed_rss_params));
/* CMT should be round-robin */
for (i = 0; i < QED_RSS_IND_TABLE_SIZE; i++) {
struct qed_queue_cid *cid = input->rss_ind_table[i];
struct qed_rss_params *t_rss;
Reported by FlawFinder.
drivers/net/wireless/ath/ath5k/base.c
6 issues
Line: 375
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (test_bit(AR5K_MODE_11G, ah->ah_capabilities.cap_mode)) {
/* G mode */
memcpy(sband->bitrates, &ath5k_rates[0],
sizeof(struct ieee80211_rate) * 12);
sband->n_bitrates = 12;
sband->channels = ah->channels;
sband->n_channels = ath5k_setup_channels(ah, sband->channels,
Reported by FlawFinder.
Line: 388
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
max_c -= count_c;
} else if (test_bit(AR5K_MODE_11B, ah->ah_capabilities.cap_mode)) {
/* B mode */
memcpy(sband->bitrates, &ath5k_rates[0],
sizeof(struct ieee80211_rate) * 4);
sband->n_bitrates = 4;
/* 5211 only supports B rates and uses 4bit rate codes
* (e.g normally we have 0x1B for 1M, but on 5211 we have 0x0B)
Reported by FlawFinder.
Line: 421
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sband->band = NL80211_BAND_5GHZ;
sband->bitrates = &ah->rates[NL80211_BAND_5GHZ][0];
memcpy(sband->bitrates, &ath5k_rates[4],
sizeof(struct ieee80211_rate) * 8);
sband->n_bitrates = 8;
sband->channels = &ah->channels[count_c];
sband->n_channels = ath5k_setup_channels(ah, sband->channels,
Reported by FlawFinder.
Line: 490
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!iter_data->found_active) {
iter_data->found_active = true;
memcpy(iter_data->active_mac, mac, ETH_ALEN);
}
if (iter_data->need_set_hw_addr && iter_data->hw_macaddr)
if (ether_addr_equal(iter_data->hw_macaddr, mac))
iter_data->need_set_hw_addr = false;
Reported by FlawFinder.
Line: 543
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ieee80211_iterate_active_interfaces_atomic(
ah->hw, IEEE80211_IFACE_ITER_RESUME_ALL,
ath5k_vif_iter, &iter_data);
memcpy(ah->bssidmask, iter_data.mask, ETH_ALEN);
ah->opmode = iter_data.opmode;
if (ah->opmode == NL80211_IFTYPE_UNSPECIFIED)
/* Nothing active, default to station mode */
ah->opmode = NL80211_IFTYPE_STATION;
Reported by FlawFinder.
Line: 1679
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info = IEEE80211_SKB_CB(skb);
size = min_t(int, sizeof(info->status.rates), sizeof(bf->rates));
memcpy(info->status.rates, bf->rates, size);
tries[0] = info->status.rates[0].count;
tries[1] = info->status.rates[1].count;
tries[2] = info->status.rates[2].count;
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_vf.c
6 issues
Line: 1124
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CHANNEL_TLV_VPORT_UPDATE_MCAST, size);
resp_size += sizeof(struct pfvf_def_resp_tlv);
memcpy(p_mcast_tlv->bins, p_params->bins,
sizeof(u32) * ETH_MULTICAST_MAC_BINS_IN_REGS);
}
update_rx = p_params->accept_flags.update_rx_mode_config;
update_tx = p_params->accept_flags.update_tx_mode_config;
Reported by FlawFinder.
Line: 1187
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p_queue = rss_params->rss_ind_table[i];
p_rss_tlv->rss_ind_table[i] = p_queue->rel.queue_id;
}
memcpy(p_rss_tlv->rss_key, rss_params->rss_key,
sizeof(rss_params->rss_key));
}
if (p_params->update_accept_any_vlan_flg) {
struct vfpf_vport_update_accept_any_vlan_tlv *p_any_vlan_tlv;
Reported by FlawFinder.
Line: 1290
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req = qed_vf_pf_prep(p_hwfn, CHANNEL_TLV_UCAST_FILTER, sizeof(*req));
req->opcode = (u8) p_ucast->opcode;
req->type = (u8) p_ucast->type;
memcpy(req->mac, p_ucast->mac, ETH_ALEN);
req->vlan = p_ucast->vlan;
/* add list termination tlv */
qed_add_tlv(p_hwfn, &p_iov->offset,
CHANNEL_TLV_LIST_END, sizeof(struct channel_list_end_tlv));
Reported by FlawFinder.
Line: 1486
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*p_change = 0;
/* Need to guarantee PF is not in the middle of writing it */
memcpy(&shadow, p_iov->bulletin.p_virt, p_iov->bulletin.size);
/* If version did not update, no need to do anything */
if (shadow.version == p_iov->bulletin_shadow.version)
return 0;
Reported by FlawFinder.
Line: 1499
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EAGAIN;
/* Set the shadow bulletin and process it */
memcpy(&p_iov->bulletin_shadow, &shadow, p_iov->bulletin.size);
DP_VERBOSE(p_hwfn, QED_MSG_IOV,
"Read a bulletin update %08x\n", shadow.version);
*p_change = 1;
Reported by FlawFinder.
Line: 1590
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void qed_vf_get_port_mac(struct qed_hwfn *p_hwfn, u8 *port_mac)
{
memcpy(port_mac,
p_hwfn->vf_iov_info->acquire_resp.pfdev_info.port_mac, ETH_ALEN);
}
void qed_vf_get_num_vlan_filters(struct qed_hwfn *p_hwfn, u8 *num_vlan_filters)
{
Reported by FlawFinder.
drivers/net/ethernet/intel/e1000/e1000_main.c
6 issues
Line: 1106
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e_err(probe, "EEPROM Read Error\n");
}
/* don't block initialization here due to bad MAC address */
memcpy(netdev->dev_addr, hw->mac_addr, netdev->addr_len);
if (!is_valid_ether_addr(netdev->dev_addr))
e_err(probe, "Invalid MAC Address\n");
Reported by FlawFinder.
Line: 1200
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* reset the hardware with the new settings */
e1000_reset(adapter);
strcpy(netdev->name, "eth%d");
err = register_netdev(netdev);
if (err)
goto err_register;
e1000_vlan_filter_on_off(adapter, false);
Reported by FlawFinder.
Line: 2212
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hw->mac_type == e1000_82542_rev2_0)
e1000_enter_82542_rst(adapter);
memcpy(netdev->dev_addr, addr->sa_data, netdev->addr_len);
memcpy(hw->mac_addr, addr->sa_data, netdev->addr_len);
e1000_rar_set(hw, hw->mac_addr, 0);
if (hw->mac_type == e1000_82542_rev2_0)
Reported by FlawFinder.
Line: 2213
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e1000_enter_82542_rst(adapter);
memcpy(netdev->dev_addr, addr->sa_data, netdev->addr_len);
memcpy(hw->mac_addr, addr->sa_data, netdev->addr_len);
e1000_rar_set(hw, hw->mac_addr, 0);
if (hw->mac_type == e1000_82542_rev2_0)
e1000_leave_82542_rst(adapter);
Reported by FlawFinder.
Line: 4240
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
vaddr = kmap_atomic(p);
memcpy(skb_tail_pointer(skb), vaddr,
length);
kunmap_atomic(vaddr);
/* re-use the page, so don't erase
* buffer_info->rxbuf.page
*/
Reported by FlawFinder.
Line: 1017
Column: 2
CWE codes:
120
netdev->watchdog_timeo = 5 * HZ;
netif_napi_add(netdev, &adapter->napi, e1000_clean, 64);
strncpy(netdev->name, pci_name(pdev), sizeof(netdev->name) - 1);
adapter->bd_number = cards_found;
/* setup the private structure */
Reported by FlawFinder.
drivers/net/wireless/ath/ath11k/reg.c
6 issues
Line: 82
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* reg info
*/
init_country_param.flags = ALPHA_IS_SET;
memcpy(&init_country_param.cc_info.alpha2, request->alpha2, 2);
init_country_param.cc_info.alpha2[2] = 0;
ret = ath11k_wmi_send_init_country_cmd(ar, init_country_param);
if (ret)
ath11k_warn(ar->ab,
Reported by FlawFinder.
Line: 194
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 i;
/* The caller should have checked error conditions */
memcpy(regd_copy, regd_orig, sizeof(*regd_orig));
for (i = 0; i < regd_orig->n_reg_rules; i++)
memcpy(®d_copy->reg_rules[i], ®d_orig->reg_rules[i],
sizeof(struct ieee80211_reg_rule));
}
Reported by FlawFinder.
Line: 197
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(regd_copy, regd_orig, sizeof(*regd_orig));
for (i = 0; i < regd_orig->n_reg_rules; i++)
memcpy(®d_copy->reg_rules[i], ®d_orig->reg_rules[i],
sizeof(struct ieee80211_reg_rule));
}
int ath11k_regd_update(struct ath11k *ar, bool init)
{
Reported by FlawFinder.
Line: 574
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 num_rules;
u16 max_bw;
u32 flags;
char alpha2[3];
num_rules = reg_info->num_5g_reg_rules + reg_info->num_2g_reg_rules;
if (!num_rules)
goto ret;
Reported by FlawFinder.
Line: 591
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!tmp_regd)
goto ret;
memcpy(tmp_regd->alpha2, reg_info->alpha2, REG_ALPHA2_LEN + 1);
memcpy(alpha2, reg_info->alpha2, REG_ALPHA2_LEN + 1);
alpha2[2] = '\0';
tmp_regd->dfs_region = ath11k_map_fw_dfs_region(reg_info->dfs_region);
ath11k_dbg(ab, ATH11K_DBG_REG,
Reported by FlawFinder.
Line: 592
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto ret;
memcpy(tmp_regd->alpha2, reg_info->alpha2, REG_ALPHA2_LEN + 1);
memcpy(alpha2, reg_info->alpha2, REG_ALPHA2_LEN + 1);
alpha2[2] = '\0';
tmp_regd->dfs_region = ath11k_map_fw_dfs_region(reg_info->dfs_region);
ath11k_dbg(ab, ATH11K_DBG_REG,
"\r\nCountry %s, CFG Regdomain %s FW Regdomain %d, num_reg_rules %d\n",
Reported by FlawFinder.
drivers/net/wireless/ath/ath11k/qmi.h
6 issues
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 board_id;
u32 soc_id;
u32 fw_version;
char fw_build_timestamp[ATH11K_QMI_WLANFW_MAX_TIMESTAMP_LEN_V01 + 1];
char fw_build_id[ATH11K_QMI_WLANFW_MAX_BUILD_ID_LEN_V01 + 1];
char bdf_ext[ATH11K_QMI_BDF_EXT_STR_LENGTH];
};
struct m3_mem_region {
Reported by FlawFinder.
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 soc_id;
u32 fw_version;
char fw_build_timestamp[ATH11K_QMI_WLANFW_MAX_TIMESTAMP_LEN_V01 + 1];
char fw_build_id[ATH11K_QMI_WLANFW_MAX_BUILD_ID_LEN_V01 + 1];
char bdf_ext[ATH11K_QMI_BDF_EXT_STR_LENGTH];
};
struct m3_mem_region {
u32 size;
Reported by FlawFinder.
Line: 109
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 fw_version;
char fw_build_timestamp[ATH11K_QMI_WLANFW_MAX_TIMESTAMP_LEN_V01 + 1];
char fw_build_id[ATH11K_QMI_WLANFW_MAX_BUILD_ID_LEN_V01 + 1];
char bdf_ext[ATH11K_QMI_BDF_EXT_STR_LENGTH];
};
struct m3_mem_region {
u32 size;
dma_addr_t paddr;
Reported by FlawFinder.
Line: 343
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qmi_wlanfw_fw_version_info_s_v01 {
u32 fw_version;
char fw_build_timestamp[ATH11K_QMI_WLANFW_MAX_TIMESTAMP_LEN_V01 + 1];
};
enum qmi_wlanfw_cal_temp_id_enum_v01 {
QMI_WLANFW_CAL_TEMP_IDX_0_V01 = 0,
QMI_WLANFW_CAL_TEMP_IDX_1_V01 = 1,
Reported by FlawFinder.
Line: 366
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 fw_version_info_valid;
struct qmi_wlanfw_fw_version_info_s_v01 fw_version_info;
u8 fw_build_id_valid;
char fw_build_id[ATH11K_QMI_WLANFW_MAX_BUILD_ID_LEN_V01 + 1];
u8 num_macs_valid;
u8 num_macs;
};
struct qmi_wlanfw_cap_req_msg_v01 {
Reported by FlawFinder.
Line: 444
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qmi_wlanfw_wlan_cfg_req_msg_v01 {
u8 host_version_valid;
char host_version[QMI_WLANFW_MAX_STR_LEN_V01 + 1];
u8 tgt_cfg_valid;
u32 tgt_cfg_len;
struct qmi_wlanfw_ce_tgt_pipe_cfg_s_v01
tgt_cfg[QMI_WLANFW_MAX_NUM_CE_V01];
u8 svc_cfg_valid;
Reported by FlawFinder.
drivers/net/phy/phy_device.c
6 issues
Line: 508
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
mode = phy_modes(phydev->interface);
return sprintf(buf, "%s\n", mode);
}
static DEVICE_ATTR_RO(phy_interface);
static ssize_t
phy_has_fixups_show(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 493
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct phy_device *phydev = to_phy_device(dev);
return sprintf(buf, "0x%.8lx\n", (unsigned long)phydev->phy_id);
}
static DEVICE_ATTR_RO(phy_id);
static ssize_t
phy_interface_show(struct device *dev, struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 518
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct phy_device *phydev = to_phy_device(dev);
return sprintf(buf, "%d\n", phydev->has_fixups);
}
static DEVICE_ATTR_RO(phy_has_fixups);
static ssize_t phy_dev_flags_show(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 528
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct phy_device *phydev = to_phy_device(dev);
return sprintf(buf, "0x%08x\n", phydev->dev_flags);
}
static DEVICE_ATTR_RO(phy_dev_flags);
static struct attribute *phy_dev_attrs[] = {
&dev_attr_phy_id.attr,
Reported by FlawFinder.
Line: 1193
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *phy_attached_info_irq(struct phy_device *phydev)
{
char *irq_str;
char irq_num[8];
switch(phydev->irq) {
case PHY_POLL:
irq_str = "POLL";
break;
Reported by FlawFinder.
Line: 1268
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct phy_device *phydev = to_phy_device(dev);
return sprintf(buf, "%d\n", !phydev->attached_dev);
}
static DEVICE_ATTR_RO(phy_standalone);
/**
* phy_sfp_attach - attach the SFP bus to the PHY upstream network device
Reported by FlawFinder.
drivers/net/ethernet/ti/davinci_mdio.c
6 issues
Line: 65
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u32 __reserved_1[20];
struct {
u32 access;
#define USERACCESS_GO BIT(31)
#define USERACCESS_WRITE BIT(30)
#define USERACCESS_ACK BIT(29)
#define USERACCESS_READ (0)
#define USERACCESS_DATA (0xffff)
Reported by FlawFinder.
Line: 184
Column: 30
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u32 reg;
while (time_after(timeout, jiffies)) {
reg = readl(®s->user[0].access);
if ((reg & USERACCESS_GO) == 0)
return 0;
reg = readl(®s->control);
if ((reg & CONTROL_IDLE) == 0) {
Reported by FlawFinder.
Line: 204
Column: 29
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return -EAGAIN;
}
reg = readl(®s->user[0].access);
if ((reg & USERACCESS_GO) == 0)
return 0;
dev_err(data->dev, "timed out waiting for user access\n");
return -ETIMEDOUT;
Reported by FlawFinder.
Line: 251
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (ret < 0)
break;
writel(reg, &data->regs->user[0].access);
ret = wait_for_user_access(data);
if (ret == -EAGAIN)
continue;
if (ret < 0)
Reported by FlawFinder.
Line: 259
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (ret < 0)
break;
reg = readl(&data->regs->user[0].access);
ret = (reg & USERACCESS_ACK) ? (reg & USERACCESS_DATA) : -EIO;
break;
}
pm_runtime_mark_last_busy(data->dev);
Reported by FlawFinder.
Line: 295
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (ret < 0)
break;
writel(reg, &data->regs->user[0].access);
ret = wait_for_user_access(data);
if (ret == -EAGAIN)
continue;
break;
Reported by FlawFinder.
drivers/net/ethernet/huawei/hinic/hinic_sriov.c
6 issues
Line: 36
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mac_info.func_idx = func_id;
mac_info.vlan_id = vlan_id;
memcpy(mac_info.mac, mac_addr, ETH_ALEN);
err = hinic_port_msg_cmd(hwdev, HINIC_PORT_CMD_SET_MAC, &mac_info,
sizeof(mac_info), &mac_info, &out_size);
if (err || out_size != sizeof(mac_info) ||
(mac_info.status && mac_info.status != HINIC_MGMT_STATUS_EXIST)) {
Reported by FlawFinder.
Line: 331
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nic_io = &dev->func_to_io;
vf_info = nic_io->vf_infos + HW_VF_ID_TO_OS(vf_id);
memcpy(mac_info->mac, vf_info->vf_mac_addr, ETH_ALEN);
mac_info->status = 0;
*out_size = sizeof(*mac_info);
return 0;
}
Reported by FlawFinder.
Line: 533
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mac_info.func_id = func_id;
mac_info.vlan_id = vlan_id;
memcpy(mac_info.old_mac, old_mac, ETH_ALEN);
memcpy(mac_info.new_mac, new_mac, ETH_ALEN);
err = hinic_port_msg_cmd(hwdev, HINIC_PORT_CMD_UPDATE_MAC, &mac_info,
sizeof(mac_info), &mac_info, &out_size);
Reported by FlawFinder.
Line: 534
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mac_info.func_id = func_id;
mac_info.vlan_id = vlan_id;
memcpy(mac_info.old_mac, old_mac, ETH_ALEN);
memcpy(mac_info.new_mac, new_mac, ETH_ALEN);
err = hinic_port_msg_cmd(hwdev, HINIC_PORT_CMD_UPDATE_MAC, &mac_info,
sizeof(mac_info), &mac_info, &out_size);
if (err || !out_size ||
Reported by FlawFinder.
Line: 561
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vfinfo = hwdev->func_to_io.vf_infos + HW_VF_ID_TO_OS(vf_id);
ivi->vf = HW_VF_ID_TO_OS(vf_id);
memcpy(ivi->mac, vfinfo->vf_mac_addr, ETH_ALEN);
ivi->vlan = vfinfo->pf_vlan;
ivi->qos = vfinfo->pf_qos;
ivi->spoofchk = vfinfo->spoofchk;
ivi->trusted = vfinfo->trust;
ivi->max_tx_rate = vfinfo->max_rate;
Reported by FlawFinder.
Line: 617
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
}
memcpy(vf_info->vf_mac_addr, mac_addr, ETH_ALEN);
return 0;
}
int hinic_ndo_set_vf_mac(struct net_device *netdev, int vf, u8 *mac)
Reported by FlawFinder.