The following issues were found
drivers/net/ethernet/sfc/siena_sriov.c
5 issues
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct siena_vf {
struct efx_nic *efx;
unsigned int pci_rid;
char pci_name[13]; /* dddd:bb:dd.f */
unsigned int index;
struct work_struct req;
u64 req_addr;
int req_type;
unsigned req_seqno;
Reported by FlawFinder.
Line: 277
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
from_rid = MC_CMD_MEMCPY_RECORD_TYPEDEF_RID_INLINE;
from_addr = used;
memcpy(_MCDI_PTR(inbuf, used), req->from_buf,
req->length);
used += req->length;
}
MCDI_SET_DWORD(record, MEMCPY_RECORD_TYPEDEF_FROM_RID, from_rid);
Reported by FlawFinder.
Line: 562
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efx_writeo_table(efx, ®, FR_BZ_EVQ_PTR_TBL, abs_evq);
if (vf_evq == 0) {
memcpy(vf->evq0_addrs, req->u.init_evq.addr,
buf_count * sizeof(u64));
vf->evq0_count = buf_count;
}
return VFDI_RC_SUCCESS;
Reported by FlawFinder.
Line: 835
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vf->peer_page_addrs = kcalloc(page_count, sizeof(u64),
GFP_KERNEL);
if (vf->peer_page_addrs) {
memcpy(vf->peer_page_addrs,
req->u.set_status_page.peer_page_addr,
page_count * sizeof(u64));
vf->peer_page_count = page_count;
}
}
Reported by FlawFinder.
Line: 964
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
VFDI_EV_TYPE, VFDI_EV_TYPE_RESET);
vf->msg_seqno++;
for (pos = 0; pos < EFX_PAGE_SIZE; pos += sizeof(event))
memcpy(buffer->addr + pos, &event, sizeof(event));
for (pos = 0; pos < vf->evq0_count; pos += count) {
count = min_t(unsigned, vf->evq0_count - pos,
ARRAY_SIZE(copy_req));
for (k = 0; k < count; k++) {
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/bmi.c
5 issues
Line: 185
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(buffer, resp.read_mem.payload, rxlen);
address += rxlen;
buffer += rxlen;
length -= rxlen;
}
Reported by FlawFinder.
Line: 278
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
txlen = min(length, BMI_MAX_DATA_SIZE - hdrlen);
/* copy before roundup to avoid reading beyond buffer*/
memcpy(cmd.write_mem.payload, buffer, txlen);
txlen = roundup(txlen, 4);
cmd.id = __cpu_to_le32(BMI_WRITE_MEMORY);
cmd.write_mem.addr = __cpu_to_le32(address);
cmd.write_mem.len = __cpu_to_le32(txlen);
Reported by FlawFinder.
Line: 371
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->id = __cpu_to_le32(BMI_LZ_DATA);
cmd->lz_data.len = __cpu_to_le32(txlen);
memcpy(cmd->lz_data.payload, buffer, txlen);
ret = ath10k_hif_exchange_bmi_msg(ar, cmd, hdrlen + txlen,
NULL, NULL);
if (ret) {
ath10k_warn(ar, "unable to write to the device\n");
Reported by FlawFinder.
Line: 412
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd.id = __cpu_to_le32(BMI_LZ_DATA);
cmd.lz_data.len = __cpu_to_le32(txlen);
memcpy(cmd.lz_data.payload, buffer, txlen);
ret = ath10k_hif_exchange_bmi_msg(ar, &cmd, hdrlen + txlen,
NULL, NULL);
if (ret) {
ath10k_warn(ar, "unable to write to the device\n");
Reported by FlawFinder.
Line: 472
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the last word into a zero padded buffer */
if (trailer_len > 0)
memcpy(trailer, buffer + head_len, trailer_len);
if (ar->hw_params.bmi_large_size_download)
ret = ath10k_bmi_lz_data_large(ar, buffer, head_len);
else
ret = ath10k_bmi_lz_data(ar, buffer, head_len);
Reported by FlawFinder.
drivers/net/team/team.c
5 issues
Line: 54
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sockaddr_storage addr;
memcpy(addr.__data, dev_addr, port_dev->addr_len);
addr.ss_family = port_dev->type;
return dev_set_mac_address(port_dev, (struct sockaddr *)&addr, NULL);
}
static int team_port_set_orig_dev_addr(struct team_port *port)
Reported by FlawFinder.
Line: 584
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
team->mode = new_mode;
memcpy(&team->ops, new_mode->ops, sizeof(struct team_mode_ops));
team_adjust_ops(team);
return 0;
}
Reported by FlawFinder.
Line: 1201
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_set_mtu;
}
memcpy(port->orig.dev_addr, port_dev->dev_addr, port_dev->addr_len);
err = team_port_enter(team, port);
if (err) {
netdev_err(dev, "Device %s failed to enter team mode\n",
portname);
Reported by FlawFinder.
Line: 1793
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dev->type == ARPHRD_ETHER && !is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
mutex_lock(&team->lock);
list_for_each_entry(port, &team->port_list, list)
if (team->ops.port_change_dev_addr)
team->ops.port_change_dev_addr(team, port);
mutex_unlock(&team->lock);
Reported by FlawFinder.
Line: 2118
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->needed_headroom = port_dev->needed_headroom;
dev->addr_len = port_dev->addr_len;
dev->mtu = port_dev->mtu;
memcpy(dev->broadcast, port_dev->broadcast, port_dev->addr_len);
eth_hw_addr_inherit(dev, port_dev);
}
static int team_dev_type_check_change(struct net_device *dev,
struct net_device *port_dev)
Reported by FlawFinder.
drivers/net/wireless/ath/wil6210/txrx_edma.c
5 issues
Line: 202
CWE codes:
908
wil_desc_set_addr_edma(&d->dma.addr, &d->dma.addr_high_high, pa);
d->dma.length = cpu_to_le16(sz);
d->mac.buff_id = cpu_to_le16(buff_id);
*_d = *d;
/* Save the physical address in skb->cb for later use in dma_unmap */
memcpy(skb->cb, &pa, sizeof(pa));
return 0;
Reported by Cppcheck.
Line: 205
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*_d = *d;
/* Save the physical address in skb->cb for later use in dma_unmap */
memcpy(skb->cb, &pa, sizeof(pa));
return 0;
}
static inline
Reported by FlawFinder.
Line: 221
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*dr_bit = WIL_GET_BITS(_msg->d0, 31, 31);
/* make sure dr_bit is read before the rest of status msg */
rmb();
memcpy(msg, (void *)_msg, sring->elem_size);
}
static inline void wil_sring_advance_swhead(struct wil_status_ring *sring)
{
sring->swhead = (sring->swhead + 1) % sring->size;
Reported by FlawFinder.
Line: 566
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cid, tid, mc, key_id, pn, cc->pn);
return -EINVAL;
}
memcpy(cc->pn, pn, IEEE80211_GCMP_PN_LEN);
return 0;
}
static bool wil_is_rx_idle_edma(struct wil6210_priv *wil)
Reported by FlawFinder.
Line: 1061
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* used for holding the pa
*/
s = wil_skb_rxstatus(skb);
memcpy(s, msg, sring->elem_size);
return skb;
}
void wil_rx_handle_edma(struct wil6210_priv *wil, int *quota)
Reported by FlawFinder.
drivers/net/wireless/ath/wil6210/txrx.c
5 issues
Line: 291
CWE codes:
908
/* error don't care */
d->dma.status = 0; /* BIT(0) should be 0 for HW_OWNED */
d->dma.length = cpu_to_le16(sz);
*_d = *d;
vring->ctx[i].skb = skb;
return 0;
}
Reported by Cppcheck.
Line: 1199
CWE codes:
562
if (!vif->privacy)
txdata->dot1x_open = true;
rc = wmi_call(wil, WMI_VRING_CFG_CMDID, vif->mid, &cmd, sizeof(cmd),
WMI_VRING_CFG_DONE_EVENTID, &reply, sizeof(reply),
WIL_WMI_CALL_GENERAL_TO_MS);
if (rc)
goto out_free;
Reported by Cppcheck.
Line: 1288
CWE codes:
562
cmd.vring_cfg.tx_sw_ring.ring_mem_base = cpu_to_le64(vring->pa);
rc = wmi_call(wil, WMI_VRING_CFG_CMDID, vif->mid, &cmd, sizeof(cmd),
WMI_VRING_CFG_DONE_EVENTID, &reply, sizeof(reply),
WIL_WMI_CALL_GENERAL_TO_MS);
if (rc)
goto fail;
Reported by Cppcheck.
Line: 1369
CWE codes:
562
if (!vif->privacy)
txdata->dot1x_open = true;
rc = wmi_call(wil, WMI_BCAST_VRING_CFG_CMDID, vif->mid,
&cmd, sizeof(cmd),
WMI_VRING_CFG_DONE_EVENTID, &reply, sizeof(reply),
WIL_WMI_CALL_GENERAL_TO_MS);
if (rc)
goto out_free;
Reported by Cppcheck.
Line: 684
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cid, tid, mc, key_id, pn, cc->pn);
return -EINVAL;
}
memcpy(cc->pn, pn, IEEE80211_GCMP_PN_LEN);
return 0;
}
static int wil_rx_error_check(struct wil6210_priv *wil, struct sk_buff *skb,
Reported by FlawFinder.
drivers/net/hamradio/bpqether.c
5 issues
Line: 104
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head bpq_list; /* list of bpq devices chain */
struct net_device *ethdev; /* link to ethernet device */
struct net_device *axdev; /* bpq device (bpq#) */
char dest_addr[6]; /* ether destination address */
char acpt_addr[6]; /* accept ether frames from this address only */
};
static LIST_HEAD(bpq_devices);
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net_device *ethdev; /* link to ethernet device */
struct net_device *axdev; /* bpq device (bpq#) */
char dest_addr[6]; /* ether destination address */
char acpt_addr[6]; /* accept ether frames from this address only */
};
static LIST_HEAD(bpq_devices);
/*
Reported by FlawFinder.
Line: 305
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sockaddr *sa = (struct sockaddr *)addr;
memcpy(dev->dev_addr, sa->sa_data, dev->addr_len);
return 0;
}
/* Ioctl commands
Reported by FlawFinder.
Line: 459
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->netdev_ops = &bpq_netdev_ops;
dev->needs_free_netdev = true;
memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
dev->flags = 0;
dev->features = NETIF_F_LLTX; /* Allow recursion */
Reported by FlawFinder.
Line: 460
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->needs_free_netdev = true;
memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
dev->flags = 0;
dev->features = NETIF_F_LLTX; /* Allow recursion */
#if IS_ENABLED(CONFIG_AX25)
Reported by FlawFinder.
drivers/net/ethernet/sfc/falcon/ethtool.c
5 issues
Line: 222
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Fill string, if applicable */
if (strings) {
if (strchr(unit_format, '%'))
snprintf(unit_str, sizeof(unit_str),
unit_format, unit_id);
else
strcpy(unit_str, unit_format);
snprintf(test_str, sizeof(test_str), test_format, test_id);
snprintf(strings + test_index * ETH_GSTRING_LEN,
Reported by FlawFinder.
Line: 225
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snprintf(unit_str, sizeof(unit_str),
unit_format, unit_id);
else
strcpy(unit_str, unit_format);
snprintf(test_str, sizeof(test_str), test_format, test_id);
snprintf(strings + test_index * ETH_GSTRING_LEN,
ETH_GSTRING_LEN,
"%-6s %-24s", unit_str, test_str);
}
Reported by FlawFinder.
Line: 226
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
unit_format, unit_id);
else
strcpy(unit_str, unit_format);
snprintf(test_str, sizeof(test_str), test_format, test_id);
snprintf(strings + test_index * ETH_GSTRING_LEN,
ETH_GSTRING_LEN,
"%-6s %-24s", unit_str, test_str);
}
}
Reported by FlawFinder.
Line: 213
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *test, const char *unit_format, int unit_id,
const char *test_format, const char *test_id)
{
char unit_str[ETH_GSTRING_LEN], test_str[ETH_GSTRING_LEN];
/* Fill data value, if applicable */
if (data)
data[test_index] = *test;
Reported by FlawFinder.
Line: 1258
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hfunc)
*hfunc = ETH_RSS_HASH_TOP;
if (indir)
memcpy(indir, efx->rx_indir_table, sizeof(efx->rx_indir_table));
return 0;
}
static int ef4_ethtool_set_rxfh(struct net_device *net_dev, const u32 *indir,
const u8 *key, const u8 hfunc)
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/dvm/rxon.c
5 issues
Line: 77
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->staging.flags &= ~(RXON_FLG_CHANNEL_MODE_MIXED |
RXON_FLG_CHANNEL_MODE_PURE_40);
if (ctx->vif)
memcpy(ctx->staging.node_addr, ctx->vif->addr, ETH_ALEN);
ctx->staging.ofdm_ht_single_stream_basic_rates = 0xff;
ctx->staging.ofdm_ht_dual_stream_basic_rates = 0xff;
ctx->staging.ofdm_ht_triple_stream_basic_rates = 0xff;
}
Reported by FlawFinder.
Line: 383
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(active, &ctx->staging, sizeof(*active));
return 0;
}
static int iwl_set_tx_power(struct iwl_priv *priv, s8 tx_power, bool force)
{
Reported by FlawFinder.
Line: 490
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
IWL_ERR(priv, "Error setting new RXON (%d)\n", ret);
return ret;
}
memcpy(active, &ctx->staging, sizeof(*active));
/* IBSS beacon needs to be sent after setting assoc */
if (ctx->vif && (ctx->vif->type == NL80211_IFTYPE_ADHOC))
if (iwlagn_update_beacon(priv, ctx->vif))
IWL_ERR(priv, "Error sending IBSS beacon\n");
Reported by FlawFinder.
Line: 1095
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(active, &ctx->staging, sizeof(*active));
/*
* We do not commit tx power settings while channel changing,
* do it now if after settings changed.
*/
iwl_set_tx_power(priv, priv->tx_power_next, false);
Reported by FlawFinder.
Line: 1469
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
ctx->staging.flags &= ~RXON_FLG_SELF_CTS_EN;
memcpy(ctx->staging.bssid_addr, bss_conf->bssid, ETH_ALEN);
if (vif->type == NL80211_IFTYPE_AP ||
vif->type == NL80211_IFTYPE_ADHOC) {
if (vif->bss_conf.enable_beacon) {
ctx->staging.filter_flags |= RXON_FILTER_ASSOC_MSK;
Reported by FlawFinder.
drivers/net/ethernet/neterion/vxge/vxge-config.c
5 issues
Line: 1337
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vxge_hw_device_debug_set(hldev, VXGE_ERR, VXGE_COMPONENT_ALL);
/* apply config */
memcpy(&hldev->config, device_config,
sizeof(struct vxge_hw_device_config));
hldev->bar0 = attr->bar0;
hldev->pdev = attr->pdev;
Reported by FlawFinder.
Line: 1660
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
VXGE_HW_VP_NOT_OPEN))
continue;
memcpy(hldev->virtual_paths[i].hw_stats_sav,
hldev->virtual_paths[i].hw_stats,
sizeof(struct vxge_hw_vpath_stats_hw_info));
status = __vxge_hw_vpath_stats_get(
&hldev->virtual_paths[i],
Reported by FlawFinder.
Line: 1669
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hldev->virtual_paths[i].hw_stats);
}
memcpy(hw_stats, &hldev->stats.hw_dev_info_stats,
sizeof(struct vxge_hw_device_stats_hw_info));
return status;
}
Reported by FlawFinder.
Line: 1683
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct __vxge_hw_device *hldev,
struct vxge_hw_device_stats_sw_info *sw_stats)
{
memcpy(sw_stats, &hldev->stats.sw_dev_info_stats,
sizeof(struct vxge_hw_device_stats_sw_info));
return VXGE_HW_OK;
}
Reported by FlawFinder.
Line: 4743
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto exit;
}
memcpy(vpath->hw_stats_sav, vpath->hw_stats,
sizeof(struct vxge_hw_vpath_stats_hw_info));
status = __vxge_hw_vpath_stats_get(vpath, vpath->hw_stats);
exit:
return status;
Reported by FlawFinder.
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c
5 issues
Line: 78
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return mbx_resp->resp_status;
if (resp_data)
memcpy(resp_data, &mbx_resp->additional_info[0], resp_len);
hclgevf_reset_mbx_resp_status(hdev);
if (!(r_code0 == code0 && r_code1 == code1 && !mbx_resp->resp_status)) {
dev_err(&hdev->pdev->dev,
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (need_resp)
hnae3_set_bit(req->mbx_need_resp, HCLGE_MBX_NEED_RESP_B, 1);
memcpy(&req->msg, send_msg, sizeof(struct hclge_vf_to_pf_msg));
trace_hclge_vf_mbx_send(hdev, req);
/* synchronous send */
if (need_resp) {
Reported by FlawFinder.
Line: 259
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* tail the async message in arq */
msg_q = hdev->arq.msg_q[hdev->arq.tail];
memcpy(&msg_q[0], &req->msg,
HCLGE_MBX_MAX_ARQ_MSG_SIZE * sizeof(u16));
hclge_mbx_tail_ptr_move_arq(hdev->arq);
atomic_inc(&hdev->arq.count);
hclgevf_mbx_task_schedule(hdev);
Reported by FlawFinder.
Line: 337
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case HCLGE_MBX_LINK_STAT_MODE:
idx = (u8)msg_q[1];
if (idx)
memcpy(&hdev->hw.mac.supported, &msg_q[2],
sizeof(unsigned long));
else
memcpy(&hdev->hw.mac.advertising, &msg_q[2],
sizeof(unsigned long));
break;
Reported by FlawFinder.
Line: 340
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&hdev->hw.mac.supported, &msg_q[2],
sizeof(unsigned long));
else
memcpy(&hdev->hw.mac.advertising, &msg_q[2],
sizeof(unsigned long));
break;
case HCLGE_MBX_ASSERTING_RESET:
/* PF has asserted reset hence VF should go in pending
* state and poll for the hardware reset status till it
Reported by FlawFinder.