The following issues were found
drivers/net/macvlan.c
4 issues
Line: 54
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int count;
struct hlist_head vlan_source_hash[MACVLAN_HASH_SIZE];
DECLARE_BITMAP(mc_filter, MACVLAN_MC_FILTER_SZ);
unsigned char perm_addr[ETH_ALEN];
};
struct macvlan_source_entry {
struct hlist_node hlist;
struct macvlan_dev *vlan;
Reported by FlawFinder.
Line: 60
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct macvlan_source_entry {
struct hlist_node hlist;
struct macvlan_dev *vlan;
unsigned char addr[6+2] __aligned(sizeof(u16));
struct rcu_head rcu;
};
struct macvlan_skb_cb {
const struct macvlan_dev *src;
Reported by FlawFinder.
Line: 205
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Now that we are unhashed it is safe to change the device
* address without confusing packet delivery.
*/
memcpy(vlan->dev->dev_addr, addr, ETH_ALEN);
macvlan_hash_add(vlan);
}
static bool macvlan_addr_busy(const struct macvlan_port *port,
const unsigned char *addr)
Reported by FlawFinder.
Line: 1264
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sockaddr sa;
sa.sa_family = port->dev->type;
memcpy(&sa.sa_data, port->perm_addr, port->dev->addr_len);
dev_set_mac_address(port->dev, &sa, NULL);
}
kfree(port);
}
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/offloading.c
4 issues
Line: 112
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addrs[i].addr = mvmvif->target_ipv6_addrs[i];
addrs[i].config_num = cpu_to_le32(j);
nsc[j].dest_ipv6_addr = solicited_addr;
memcpy(nsc[j].target_mac_addr, vif->addr, ETH_ALEN);
}
if (mvmvif->num_target_ipv6_addrs - num_skipped)
enabled |= IWL_D3_PROTO_IPV6_VALID;
Reported by FlawFinder.
Line: 144
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (found) {
enabled |= IWL_D3_PROTO_IPV6_VALID;
memcpy(cmd.v2.ndp_mac_addr, vif->addr, ETH_ALEN);
}
} else {
bool found = false;
BUILD_BUG_ON(sizeof(cmd.v1.target_ipv6_addr[0]) !=
sizeof(mvmvif->target_ipv6_addrs[0]));
Reported by FlawFinder.
Line: 166
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (found) {
enabled |= IWL_D3_PROTO_IPV6_VALID;
memcpy(cmd.v1.ndp_mac_addr, vif->addr, ETH_ALEN);
}
}
if (offload_ns && (enabled & IWL_D3_PROTO_IPV6_VALID))
enabled |= IWL_D3_PROTO_OFFLOAD_NS;
Reported by FlawFinder.
Line: 199
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (vif->bss_conf.arp_addr_cnt) {
enabled |= IWL_D3_PROTO_OFFLOAD_ARP | IWL_D3_PROTO_IPV4_VALID;
common->host_ipv4_addr = vif->bss_conf.arp_addr_list[0];
memcpy(common->arp_mac_addr, vif->addr, ETH_ALEN);
}
if (!disable_offloading)
common->enabled = cpu_to_le32(enabled);
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c
4 issues
Line: 177
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pfn_mac.version = BRCMF_PFN_MACADDR_CFG_VER;
pfn_mac.flags = BRCMF_PFN_MAC_OUI_ONLY | BRCMF_PFN_SET_MAC_UNASSOC;
memcpy(pfn_mac.mac, mac_addr, ETH_ALEN);
for (i = 0; i < ETH_ALEN; i++) {
pfn_mac.mac[i] &= mac_mask[i];
pfn_mac.mac[i] |= get_random_int() & ~(mac_mask[i]);
}
/* Clear multi bit */
Reported by FlawFinder.
Line: 212
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (active)
pfn.flags = cpu_to_le32(1 << BRCMF_PNO_HIDDEN_BIT);
pfn.ssid.SSID_len = cpu_to_le32(ssid->ssid_len);
memcpy(pfn.ssid.SSID, ssid->ssid, ssid->ssid_len);
brcmf_dbg(SCAN, "adding ssid=%.32s (active=%d)\n", ssid->ssid, active);
err = brcmf_fil_iovar_data_set(ifp, "pfn_add", &pfn, sizeof(pfn));
if (err < 0)
bphy_err(drvr, "adding failed: err=%d\n", err);
Reported by FlawFinder.
Line: 227
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct brcmf_pno_bssid_le bssid_cfg;
int err;
memcpy(bssid_cfg.bssid, bssid, ETH_ALEN);
bssid_cfg.flags = 0;
brcmf_dbg(SCAN, "adding bssid=%pM\n", bssid);
err = brcmf_fil_iovar_data_set(ifp, "pfn_add_bssid", &bssid_cfg,
sizeof(bssid_cfg));
Reported by FlawFinder.
Line: 437
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gscan_cfg->flags = BRCMF_GSCAN_CFG_ALL_BUCKETS_IN_1ST_SCAN;
gscan_cfg->count_of_channel_buckets = n_buckets;
memcpy(&gscan_cfg->bucket[0], buckets,
n_buckets * sizeof(*buckets));
err = brcmf_fil_iovar_data_set(ifp, "pfn_gscan_cfg", gscan_cfg, gsz);
if (err < 0)
Reported by FlawFinder.
drivers/net/ethernet/intel/igb/e1000_i210.c
4 issues
Line: 549
Column: 29
CWE codes:
120
20
* the one that skips this for a while.
* We have semaphore taken already here.
*/
read_op_ptr = hw->nvm.ops.read;
hw->nvm.ops.read = igb_read_nvm_eerd;
status = igb_validate_nvm_checksum(hw);
/* Revert original read operation. */
Reported by FlawFinder.
Line: 733
Column: 36
CWE codes:
120
20
* @read: boolean flag to indicate read or write
**/
static s32 __igb_access_xmdio_reg(struct e1000_hw *hw, u16 address,
u8 dev_addr, u16 *data, bool read)
{
s32 ret_val = 0;
ret_val = hw->phy.ops.write_reg(hw, E1000_MMDAC, dev_addr);
if (ret_val)
Reported by FlawFinder.
Line: 750
Column: 6
CWE codes:
120
20
if (ret_val)
return ret_val;
if (read)
ret_val = hw->phy.ops.read_reg(hw, E1000_MMDAAD, data);
else
ret_val = hw->phy.ops.write_reg(hw, E1000_MMDAAD, *data);
if (ret_val)
return ret_val;
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/nfp_net.h
4 issues
Line: 446
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 irq_vector;
irq_handler_t handler;
char name[IFNAMSIZ + 8];
cpumask_t affinity_mask;
} ____cacheline_aligned;
/* Firmware version as it is written in the 32bit value in the BAR */
struct nfp_net_fw_version {
Reported by FlawFinder.
Line: 635
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct msix_entry irq_entries[NFP_NET_MAX_IRQS];
irq_handler_t lsc_handler;
char lsc_name[IFNAMSIZ + 8];
irq_handler_t exn_handler;
char exn_name[IFNAMSIZ + 8];
irq_handler_t shared_handler;
Reported by FlawFinder.
Line: 638
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char lsc_name[IFNAMSIZ + 8];
irq_handler_t exn_handler;
char exn_name[IFNAMSIZ + 8];
irq_handler_t shared_handler;
char shared_name[IFNAMSIZ + 8];
u32 me_freq_mhz;
Reported by FlawFinder.
Line: 641
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char exn_name[IFNAMSIZ + 8];
irq_handler_t shared_handler;
char shared_name[IFNAMSIZ + 8];
u32 me_freq_mhz;
bool link_up;
spinlock_t link_status_lock;
Reported by FlawFinder.
drivers/net/ethernet/smsc/epic100.c
4 issues
Line: 279
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct timer_list timer; /* Media selection timer. */
int tx_threshold;
unsigned char mc_filter[8];
signed char phys[4]; /* MII device addresses. */
u16 advertising; /* NWay media advertisement */
int mii_phy_cnt;
u32 ethtool_ops_nesting;
struct mii_if_info mii;
Reported by FlawFinder.
Line: 280
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct timer_list timer; /* Media selection timer. */
int tx_threshold;
unsigned char mc_filter[8];
signed char phys[4]; /* MII device addresses. */
u16 advertising; /* NWay media advertisement */
int mii_phy_cnt;
u32 ethtool_ops_nesting;
struct mii_if_info mii;
unsigned int tx_full:1; /* The Tx queue is full. */
Reported by FlawFinder.
Line: 1355
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct epic_private *ep = netdev_priv(dev);
void __iomem *ioaddr = ep->ioaddr;
unsigned char mc_filter[8]; /* Multicast hash filter */
int i;
if (dev->flags & IFF_PROMISC) { /* Set promiscuous. */
ew32(RxCtrl, 0x002c);
/* Unconditionally log net taps. */
Reported by FlawFinder.
Line: 1385
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (memcmp(mc_filter, ep->mc_filter, sizeof(mc_filter))) {
for (i = 0; i < 4; i++)
ew16(MC0 + i*4, ((u16 *)mc_filter)[i]);
memcpy(ep->mc_filter, mc_filter, sizeof(mc_filter));
}
}
static void netdev_get_drvinfo (struct net_device *dev, struct ethtool_drvinfo *info)
{
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/nfp_net_common.c
4 issues
Line: 628
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
entry = &nn->irq_entries[vector_idx];
snprintf(name, name_sz, format, nfp_net_name(nn));
err = request_irq(entry->vector, handler, 0, name, nn);
if (err) {
nn_err(nn, "Failed to request IRQ %d (err=%d).\n",
entry->vector, err);
return err;
Reported by FlawFinder.
Line: 442
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nn->max_r_vecs = n - NFP_NET_NON_Q_VECTORS;
dp->num_r_vecs = nn->max_r_vecs;
memcpy(nn->irq_entries, irq_entries, sizeof(*irq_entries) * n);
if (dp->num_rx_rings > dp->num_r_vecs ||
dp->num_tx_rings > dp->num_r_vecs)
dev_warn(nn->dp.dev, "More rings (%d,%d) than vectors (%d).\n",
dp->num_rx_rings, dp->num_tx_rings,
Reported by FlawFinder.
Line: 892
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u64_stats_update_end(&r_vec->tx_sync);
}
memcpy(tls_handle, ntls->fw_handle, sizeof(ntls->fw_handle));
ntls->next_seq += datalen;
#endif
return skb;
}
Reported by FlawFinder.
Line: 959
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* compare it to zero
*/
data -= 8;
memcpy(data, &tls_handle, sizeof(tls_handle));
meta_id <<= NFP_NET_META_FIELD_SIZE;
meta_id |= NFP_NET_META_CONN_HANDLE;
}
data -= 4;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/lib/hv.c
4 issues
Line: 9
Column: 23
CWE codes:
120
20
#include "lib/hv.h"
static int mlx5_hv_config_common(struct mlx5_core_dev *dev, void *buf, int len,
int offset, bool read)
{
int rc = -EOPNOTSUPP;
int bytes_returned;
int block_id;
Reported by FlawFinder.
Line: 20
Column: 7
CWE codes:
120
20
block_id = offset / HV_CONFIG_BLOCK_SIZE_MAX;
rc = read ?
hyperv_read_cfg_blk(dev->pdev, buf,
HV_CONFIG_BLOCK_SIZE_MAX, block_id,
&bytes_returned) :
hyperv_write_cfg_blk(dev->pdev, buf,
HV_CONFIG_BLOCK_SIZE_MAX, block_id);
Reported by FlawFinder.
Line: 28
Column: 6
CWE codes:
120
20
HV_CONFIG_BLOCK_SIZE_MAX, block_id);
/* Make sure len bytes were read successfully */
if (read && !rc && len != bytes_returned)
rc = -EIO;
if (rc) {
mlx5_core_err(dev, "Failed to %s hv config, err = %d, len = %d, offset = %d\n",
read ? "read" : "write", rc, len,
Reported by FlawFinder.
Line: 33
Column: 10
CWE codes:
120
20
if (rc) {
mlx5_core_err(dev, "Failed to %s hv config, err = %d, len = %d, offset = %d\n",
read ? "read" : "write", rc, len,
offset);
return rc;
}
return 0;
Reported by FlawFinder.
drivers/net/ethernet/smsc/smc91c92_cs.c
4 issues
Line: 713
Column: 12
CWE codes:
362
{
struct net_device *dev = link->priv;
if (link->open)
netif_device_detach(dev);
return 0;
}
Reported by FlawFinder.
Line: 746
Column: 12
CWE codes:
362
return i;
}
}
if (link->open) {
smc_reset(dev);
netif_device_attach(dev);
}
return 0;
Reported by FlawFinder.
Line: 1547
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned int ioaddr = dev->base_addr;
struct smc_private *smc = netdev_priv(dev);
unsigned char multicast_table[8];
unsigned long flags;
u_short rx_cfg_setting;
int i;
memset(multicast_table, 0, sizeof(multicast_table));
Reported by FlawFinder.
Line: 352
Column: 9
CWE codes:
126
{
int i, j, da, c;
if (strlen(s) != 12)
return -1;
for (i = 0; i < 6; i++) {
da = 0;
for (j = 0; j < 2; j++) {
c = *s++;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/debugfs.c
4 issues
Line: 130
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlx5_cmd_stats *stats;
u64 field = 0;
int ret;
char tbuf[22];
stats = filp->private_data;
spin_lock_irq(&stats->lock);
if (stats->n)
field = div64_u64(stats->sum, stats->n);
Reported by FlawFinder.
Line: 364
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlx5_field_desc *desc;
struct mlx5_rsc_debug *d;
char tbuf[18];
int is_str = 0;
u64 field;
int ret;
desc = filp->private_data;
Reported by FlawFinder.
Line: 408
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rsn, char **field, int nfile, void *data)
{
struct mlx5_rsc_debug *d;
char resn[32];
int i;
d = kzalloc(struct_size(d, fields, nfile), GFP_KERNEL);
if (!d)
return -ENOMEM;
Reported by FlawFinder.
Line: 418
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
d->dev = dev;
d->object = data;
d->type = type;
sprintf(resn, "0x%x", rsn);
d->root = debugfs_create_dir(resn, root);
for (i = 0; i < nfile; i++) {
d->fields[i].i = i;
debugfs_create_file(field[i], 0400, d->root, &d->fields[i],
Reported by FlawFinder.