The following issues were found

tools/power/cpupower/debug/i386/powernow-k8-decode.c
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 32 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int err = 1;
	uint64_t msr = 0;
	int fd;
	char file[20];

	if (cpu > MCPU)
		goto out;

	sprintf(file, "/dev/cpu/%d/msr", cpu);

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 37 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (cpu > MCPU)
		goto out;

	sprintf(file, "/dev/cpu/%d/msr", cpu);

	fd = open(file, O_RDONLY);
	if (fd < 0)
		goto out;
	lseek(fd, MSR_FIDVID_STATUS, SEEK_CUR);

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 39 Column: 7 CWE codes: 362 

              
	sprintf(file, "/dev/cpu/%d/msr", cpu);

	fd = open(file, O_RDONLY);
	if (fd < 0)
		goto out;
	lseek(fd, MSR_FIDVID_STATUS, SEEK_CUR);
	if (read(fd, &msr, 8) != 8)
		goto err1;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 43 Column: 6 CWE codes: 120 20 

              	if (fd < 0)
		goto out;
	lseek(fd, MSR_FIDVID_STATUS, SEEK_CUR);
	if (read(fd, &msr, 8) != 8)
		goto err1;

	*fid = ((uint32_t )(msr & 0xffffffffull)) & MSR_S_LO_CURRENT_FID;
	*vid = ((uint32_t )(msr>>32 & 0xffffffffull)) & MSR_S_HI_CURRENT_VID;
	err = 0;

Reported by FlawFinder.

tools/testing/selftests/breakpoints/step_after_suspend_test.c
4 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 175 Column: 16 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              
	ksft_print_header();

	while ((opt = getopt(argc, argv, "n")) != -1) {
		switch (opt) {
		case 'n':
			do_suspend = false;
			break;
		default:

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 141 Column: 19 CWE codes: 362 

              	if (getuid() != 0)
		ksft_exit_skip("Please run the test as root - Exiting.\n");

	power_state_fd = open("/sys/power/state", O_RDWR);
	if (power_state_fd < 0)
		ksft_exit_fail_msg(
			"open(\"/sys/power/state\") failed %s)\n",
			strerror(errno));

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 156 Column: 53 CWE codes: 126 

              	if (err < 0)
		ksft_exit_fail_msg("timerfd_settime() failed\n");

	if (write(power_state_fd, "mem", strlen("mem")) != strlen("mem"))
		ksft_exit_fail_msg("Failed to enter Suspend state\n");

	close(timerfd);
	close(power_state_fd);
}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 156 Column: 35 CWE codes: 126 

              	if (err < 0)
		ksft_exit_fail_msg("timerfd_settime() failed\n");

	if (write(power_state_fd, "mem", strlen("mem")) != strlen("mem"))
		ksft_exit_fail_msg("Failed to enter Suspend state\n");

	close(timerfd);
	close(power_state_fd);
}

Reported by FlawFinder.

tools/testing/selftests/cgroup/test_kmem.c
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 34 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	unsigned long i;
	struct stat st;
	char buf[128];

	for (i = 0; i < (unsigned long)arg; i++) {
		snprintf(buf, sizeof(buf),
			"/something-non-existent-with-a-long-name-%64lu-%d",
			 i, getpid());

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 227 Column: 7 CWE codes: 362 

              	ssize_t len;
	int fd;

	fd = open("/proc/kpagecgroup", O_RDONLY);
	if (fd < 0)
		return ret;

	do {
		len = read(fd, buf, sizeof(buf));

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 423 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
int main(int argc, char **argv)
{
	char root[PATH_MAX];
	int i, ret = EXIT_SUCCESS;

	if (cg_find_unified_root(root, sizeof(root)))
		ksft_exit_skip("cgroup v2 isn't mounted\n");

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 232 Column: 9 CWE codes: 120 20 

              		return ret;

	do {
		len = read(fd, buf, sizeof(buf));
	} while (len > 0);

	if (len == 0)
		ret = KSFT_PASS;

Reported by FlawFinder.

tools/bpf/bpftool/jit_disasm.c
4 issues
readlink - This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL.
Security

Line: 36 Column: 8 CWE codes: 362 20
Suggestion: Reconsider approach 

              	const char *path = "/proc/self/exe";
	ssize_t len;

	len = readlink(path, tpath, size - 1);
	assert(len > 0);
	tpath[len] = 0;
}

static int oper_count;

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 106 Column: 27 CWE codes: 134
Suggestion: Use a constant for the format specification 

              				      (fprintf_ftype) fprintf_json);
	else
		init_disassemble_info(&info, stdout,
				      (fprintf_ftype) fprintf);

	/* Update architecture info for offload. */
	if (arch) {
		const bfd_arch_info_type *inf = bfd_scan_arch(arch);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 88 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct disassemble_info info;
	unsigned int nr_skip = 0;
	int count, i, pc = 0;
	char tpath[PATH_MAX];
	bfd *bfdf;

	if (!len)
		return;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 58 Column: 7 CWE codes: 126 

              		int i;

		/* Strip trailing spaces */
		i = strlen(s) - 1;
		while (s[i] == ' ')
			s[i--] = '\0';

		jsonw_string_field(json_wtr, "operation", s);
		jsonw_name(json_wtr, "operands");

Reported by FlawFinder.

tools/power/cpupower/utils/cpufreq-info.c
4 issues
getopt_long - Some older implementations do not protect against internal buffer overflows
Security

Line: 534 Column: 9 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	int output_param = 0;

	do {
		ret = getopt_long(argc, argv, "oefwldpgrasmybn", info_opts,
				  NULL);
		switch (ret) {
		case '?':
			output_param = '?';
			cont = 0;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 26 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static unsigned int count_cpus(void)
{
	FILE *fp;
	char value[LINE_LEN];
	unsigned int ret = 0;
	unsigned int cpunr = 0;

	fp = fopen("/proc/stat", "r");
	if (!fp) {

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 30 Column: 7 CWE codes: 362 

              	unsigned int ret = 0;
	unsigned int cpunr = 0;

	fp = fopen("/proc/stat", "r");
	if (!fp) {
		printf(_("Couldn't count the number of CPUs (%s: %s), assuming 1\n"), "/proc/stat", strerror(errno));
		return 1;
	}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 40 Column: 7 CWE codes: 126 

              		if (!fgets(value, LINE_LEN, fp))
			continue;
		value[LINE_LEN - 1] = '\0';
		if (strlen(value) < (LINE_LEN - 2))
			continue;
		if (strstr(value, "cpu "))
			continue;
		if (sscanf(value, "cpu%d ", &cpunr) != 1)
			continue;

Reported by FlawFinder.

tools/testing/selftests/futex/functional/futex_requeue.c
4 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 51 Column: 14 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              
	f1 = &_f1;

	while ((c = getopt(argc, argv, "cht:v:")) != -1) {
		switch (c) {
		case 'c':
			log_color(1);
			break;
		case 'h':

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 60 Column: 18 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              			usage(basename(argv[0]));
			exit(0);
		case 'v':
			log_verbosity(atoi(optarg));
			break;
		default:
			usage(basename(argv[0]));
			exit(1);
		}

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 79 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              	if (pthread_create(&waiter[0], NULL, waiterfn, NULL))
		error("pthread_create failed\n", errno);

	usleep(WAKE_WAIT_US);

	info("Requeuing 1 futex from f1 to f2\n");
	res = futex_cmp_requeue(f1, 0, &f2, 0, 1, 0);
	if (res != 1) {
		ksft_test_result_fail("futex_requeue simple returned: %d %s\n",

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 112 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              			error("pthread_create failed\n", errno);
	}

	usleep(WAKE_WAIT_US);

	info("Waking 3 futexes at f1 and requeuing 7 futexes from f1 to f2\n");
	res = futex_cmp_requeue(f1, 0, &f2, 3, 7, 0);
	if (res != 10) {
		ksft_test_result_fail("futex_requeue many returned: %d %s\n",

Reported by FlawFinder.

tools/testing/selftests/futex/include/logging.h
4 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 128 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #define info(message, vargs...) \
do { \
	if (_verbose >= VINFO) \
		fprintf(stderr, "\t%s: "message, INFO, ##vargs); \
} while (0)

#define error(message, err, args...) \
do { \
	if (_verbose >= VCRITICAL) {\

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 135 Column: 4 CWE codes: 134
Suggestion: Use a constant for the format specification 

              do { \
	if (_verbose >= VCRITICAL) {\
		if (err) \
			fprintf(stderr, "\t%s: %s: "message, \
				ERROR, strerror(err), ##args); \
		else \
			fprintf(stderr, "\t%s: "message, ERROR, ##args); \
	} \
} while (0)

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 138 Column: 4 CWE codes: 134
Suggestion: Use a constant for the format specification 

              			fprintf(stderr, "\t%s: %s: "message, \
				ERROR, strerror(err), ##args); \
		else \
			fprintf(stderr, "\t%s: "message, ERROR, ##args); \
	} \
} while (0)

#define fail(message, args...) \
do { \

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 145 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #define fail(message, args...) \
do { \
	if (_verbose >= VCRITICAL) \
		fprintf(stderr, "\t%s: "message, FAIL, ##args); \
} while (0)

#endif

Reported by FlawFinder.

tools/testing/selftests/kvm/dirty_log_perf_test.c
4 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 289 Column: 16 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              
	guest_modes_append_default();

	while ((opt = getopt(argc, argv, "hi:p:m:b:f:v:os:")) != -1) {
		switch (opt) {
		case 'i':
			p.iterations = atoi(optarg);
			break;
		case 'p':

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 292 Column: 19 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              	while ((opt = getopt(argc, argv, "hi:p:m:b:f:v:os:")) != -1) {
		switch (opt) {
		case 'i':
			p.iterations = atoi(optarg);
			break;
		case 'p':
			p.phys_offset = strtoull(optarg, NULL, 0);
			break;
		case 'm':

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 304 Column: 17 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              			guest_percpu_mem_size = parse_size(optarg);
			break;
		case 'f':
			p.wr_fract = atoi(optarg);
			TEST_ASSERT(p.wr_fract >= 1,
				    "Write fraction cannot be less than one");
			break;
		case 'v':
			nr_vcpus = atoi(optarg);

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 309 Column: 15 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              				    "Write fraction cannot be less than one");
			break;
		case 'v':
			nr_vcpus = atoi(optarg);
			TEST_ASSERT(nr_vcpus > 0 && nr_vcpus <= max_vcpus,
				    "Invalid number of vcpus, must be between 1 and %d", max_vcpus);
			break;
		case 'o':
			p.partition_vcpu_memory_access = false;

Reported by FlawFinder.

tools/testing/selftests/kvm/dirty_log_test.c
4 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 507 Column: 20 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              	uint64_t i;

	for (i = 0; i < size; i++)
		guest_array[i] = random();
}

static void *vcpu_worker(void *data)
{
	int ret, vcpu_fd;

Reported by FlawFinder.

getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 866 Column: 16 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              
	guest_modes_append_default();

	while ((opt = getopt(argc, argv, "c:hi:I:p:m:M:")) != -1) {
		switch (opt) {
		case 'c':
			test_dirty_ring_count = strtol(optarg, NULL, 10);
			break;
		case 'i':

Reported by FlawFinder.

srandom - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 916 Column: 2 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              	pr_info("Test iterations: %"PRIu64", interval: %"PRIu64" (ms)\n",
		p.iterations, p.interval);

	srandom(time(0));

	/* Ensure that vCPU threads start with SIG_IPI blocked.  */
	sigemptyset(&sigset);
	sigaddset(&sigset, SIG_IPI);
	pthread_sigmask(SIG_BLOCK, &sigset, NULL);

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 788 Column: 3 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              
	while (iteration < p->iterations) {
		/* Give the vcpu thread some time to dirty some pages */
		usleep(p->interval * 1000);
		log_mode_collect_dirty_pages(vm, TEST_MEM_SLOT_INDEX,
					     bmap, host_num_pages);

		/*
		 * See vcpu_sync_stop_requested definition for details on why

Reported by FlawFinder.

tools/testing/selftests/kvm/include/test_util.h
4 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 26 Column: 23 CWE codes: 134
Suggestion: Use a constant for the format specification 

              static inline int _no_printf(const char *format, ...) { return 0; }

#ifdef DEBUG
#define pr_debug(...) printf(__VA_ARGS__)
#else
#define pr_debug(...) _no_printf(__VA_ARGS__)
#endif
#ifndef QUIET
#define pr_info(...) printf(__VA_ARGS__)

Reported by FlawFinder.

printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 31 Column: 22 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #define pr_debug(...) _no_printf(__VA_ARGS__)
#endif
#ifndef QUIET
#define pr_info(...) printf(__VA_ARGS__)
#else
#define pr_info(...) _no_printf(__VA_ARGS__)
#endif

void print_skip(const char *fmt, ...) __attribute__((format(printf, 1, 2)));

Reported by FlawFinder.

printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 36 Column: 61 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #define pr_info(...) _no_printf(__VA_ARGS__)
#endif

void print_skip(const char *fmt, ...) __attribute__((format(printf, 1, 2)));

ssize_t test_write(int fd, const void *buf, size_t count);
ssize_t test_read(int fd, void *buf, size_t count);
int test_seq_read(const char *path, char **bufp, size_t *sizep);

Reported by FlawFinder.

printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 44 Column: 25 CWE codes: 134
Suggestion: Use a constant for the format specification 

              
void test_assert(bool exp, const char *exp_str,
		 const char *file, unsigned int line, const char *fmt, ...)
		__attribute__((format(printf, 5, 6)));

#define TEST_ASSERT(e, fmt, ...) \
	test_assert((e), #e, __FILE__, __LINE__, fmt, ##__VA_ARGS__)

#define ASSERT_EQ(a, b) do { \

Reported by FlawFinder.