The following issues were found

tools/testing/selftests/resctrl/mba_test.c
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 29 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	static int runs_per_allocation, allocation = 100;
	struct resctrl_val_param *p;
	char allocation_str[64];
	va_list param;

	va_start(param, num);
	p = va_arg(param, struct resctrl_val_param *);
	va_end(param);

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 46 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (allocation < ALLOCATION_MIN || allocation > ALLOCATION_MAX)
		return -1;

	sprintf(allocation_str, "%d", allocation);

	write_schemata(p->ctrlgrp, allocation_str, p->cpu_no, p->resctrl_val);
	allocation -= ALLOCATION_STEP;

	return 0;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 104 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int check_results(void)
{
	char *token_array[8], output[] = RESULT_FILE_NAME, temp[512];
	unsigned long bw_imc[1024], bw_resc[1024];
	int runs;
	FILE *fp;

	fp = fopen(output, "r");

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 109 Column: 7 CWE codes: 362 

              	int runs;
	FILE *fp;

	fp = fopen(output, "r");
	if (!fp) {
		perror(output);

		return errno;
	}

Reported by FlawFinder.

tools/testing/selftests/resctrl/resctrl.h
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 58 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               */
struct resctrl_val_param {
	char		*resctrl_val;
	char		ctrlgrp[64];
	char		mongrp[64];
	int		cpu_no;
	unsigned long	span;
	int		mum_resctrlfs;
	char		filename[64];

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 59 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct resctrl_val_param {
	char		*resctrl_val;
	char		ctrlgrp[64];
	char		mongrp[64];
	int		cpu_no;
	unsigned long	span;
	int		mum_resctrlfs;
	char		filename[64];
	char		*bw_report;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 63 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int		cpu_no;
	unsigned long	span;
	int		mum_resctrlfs;
	char		filename[64];
	char		*bw_report;
	unsigned long	mask;
	int		num_of_runs;
	int		(*setup)(int num, ...);
};

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 77 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
extern pid_t bm_pid, ppid;

extern char llc_occup_path[1024];
extern bool is_amd;

bool check_resctrlfs_support(void);
int filter_dmesg(void);
int remount_resctrlfs(bool mum_resctrlfs);

Reported by FlawFinder.

tools/perf/arch/powerpc/util/header.c
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 46 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              int arch_get_runtimeparam(struct pmu_event *pe)
{
	int count;
	char path[PATH_MAX] = "/devices/hv_24x7/interface/";

	atoi(pe->aggr_mode) == PerChip ? strcat(path, "sockets") : strcat(path, "coresperchip");
	return sysfs__read_int(path, &count) < 0 ? 1 : count;
}

Reported by FlawFinder.

strcat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 48 Column: 35 CWE codes: 120
Suggestion: Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused) 

              	int count;
	char path[PATH_MAX] = "/devices/hv_24x7/interface/";

	atoi(pe->aggr_mode) == PerChip ? strcat(path, "sockets") : strcat(path, "coresperchip");
	return sysfs__read_int(path, &count) < 0 ? 1 : count;
}

Reported by FlawFinder.

strcat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 48 Column: 61 CWE codes: 120
Suggestion: Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused) 

              	int count;
	char path[PATH_MAX] = "/devices/hv_24x7/interface/";

	atoi(pe->aggr_mode) == PerChip ? strcat(path, "sockets") : strcat(path, "coresperchip");
	return sysfs__read_int(path, &count) < 0 ? 1 : count;
}

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 48 Column: 2 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              	int count;
	char path[PATH_MAX] = "/devices/hv_24x7/interface/";

	atoi(pe->aggr_mode) == PerChip ? strcat(path, "sockets") : strcat(path, "coresperchip");
	return sysfs__read_int(path, &count) < 0 ? 1 : count;
}

Reported by FlawFinder.

tools/testing/selftests/bpf/flow_dissector_load.c
4 issues
sprintf - Does not check for buffer overflows
Security

Line: 52 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              		error(1, 0, "bpf_prog_detach");

	/* To unpin, it is necessary and sufficient to just remove this dir */
	sprintf(command, "rm -r %s", cfg_pin_path);
	ret = system(command);
	if (ret)
		error(1, errno, "%s", command);
}

Reported by FlawFinder.

system - This causes a new program to execute and is difficult to use safely
Security

Line: 53 Column: 8 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              
	/* To unpin, it is necessary and sufficient to just remove this dir */
	sprintf(command, "rm -r %s", cfg_pin_path);
	ret = system(command);
	if (ret)
		error(1, errno, "%s", command);
}

static void parse_opts(int argc, char **argv)

Reported by FlawFinder.

getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 64 Column: 14 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	bool detach = false;
	int c;

	while ((c = getopt(argc, argv, "adp:s:")) != -1) {
		switch (c) {
		case 'a':
			if (detach)
				error(1, 0, "attach/detach are exclusive");
			attach = true;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 44 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static void detach_program(void)
{
	char command[64];
	int ret;

	ret = bpf_prog_detach(0, BPF_FLOW_DISSECTOR);
	if (ret)
		error(1, 0, "bpf_prog_detach");

Reported by FlawFinder.

tools/testing/selftests/bpf/get_cgroup_id_user.c
4 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 28 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	int __ret = !!(condition);			\
	if (__ret) {					\
		printf("%s:FAIL:%s ", __func__, tag);	\
		printf(format);				\
	} else {					\
		printf("%s:PASS:%s\n", __func__, tag);	\
	}						\
	__ret;						\
})

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 59 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	__u64 kcgid = 0, ucgid;
	__u32 key = 0, pid;
	int exit_code = 1;
	char buf[256];
	const struct timespec req = {
		.tv_sec = 1,
		.tv_nsec = 0,
	};

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 88 Column: 8 CWE codes: 362 

              
	snprintf(buf, sizeof(buf),
		 "/sys/kernel/debug/tracing/events/%s/id", probe_name);
	efd = open(buf, O_RDONLY, 0);
	if (CHECK(efd < 0, "open", "err %d errno %d\n", efd, errno))
		goto close_prog;
	bytes = read(efd, buf, sizeof(buf));
	close(efd);
	if (CHECK(bytes <= 0 || bytes >= sizeof(buf), "read",

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 91 Column: 10 CWE codes: 120 20 

              	efd = open(buf, O_RDONLY, 0);
	if (CHECK(efd < 0, "open", "err %d errno %d\n", efd, errno))
		goto close_prog;
	bytes = read(efd, buf, sizeof(buf));
	close(efd);
	if (CHECK(bytes <= 0 || bytes >= sizeof(buf), "read",
		  "bytes %d errno %d\n", bytes, errno))
		goto close_prog;

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/attach_probe.c
4 issues
fscanf - The scanf() family's %s operation, without a limit specification, permits buffer overflows
Security

Line: 52 Column: 9 CWE codes: 120 20
Suggestion: Specify a limit to %s, or use a different input function 

              	if (!f)
		return -errno;

	while (fscanf(f, "%zx-%*x %s %zx %*[^\n]\n",
		      &start, buf, &offset) == 3) {
		if (strcmp(buf, "r-xp") == 0) {
			fclose(f);
			return start - offset;
		}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 45 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
ssize_t get_base_addr() {
	size_t start, offset;
	char buf[256];
	FILE *f;

	f = fopen("/proc/self/maps", "r");
	if (!f)
		return -errno;

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 48 Column: 6 CWE codes: 362 

              	char buf[256];
	FILE *f;

	f = fopen("/proc/self/maps", "r");
	if (!f)
		return -errno;

	while (fscanf(f, "%zx-%*x %s %zx %*[^\n]\n",
		      &start, buf, &offset) == 3) {

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 118 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              	skel->links.handle_uretprobe = uretprobe_link;

	/* trigger & validate kprobe && kretprobe */
	usleep(1);

	if (CHECK(skel->bss->kprobe_res != 1, "check_kprobe_res",
		  "wrong kprobe res: %d\n", skel->bss->kprobe_res))
		goto cleanup;
	if (CHECK(skel->bss->kretprobe_res != 2, "check_kretprobe_res",

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/bpf_obj_id.c
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 27 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	 * returned by kernel.
	 */
	__u32 map_ids[nr_iters + 1];
	char jited_insns[128], xlated_insns[128], zeros[128], tp_name[128];
	__u32 i, next_id, info_len, nr_id_found, duration = 0;
	struct timespec real_time_ts, boot_time_ts;
	int err = 0;
	__u64 array_value;
	uid_t my_uid = getuid();

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 91 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			  map_infos[i].max_entries != 1 ||
			  map_infos[i].map_flags != 0 ||
			  info_len != sizeof(struct bpf_map_info) ||
			  strcmp((char *)map_infos[i].name, expected_map_name),
			  "get-map-info(fd)",
			  "err %d errno %d type %d(%d) info_len %u(%zu) key_size %u value_size %u max_entries %u map_flags %X name %s(%s)\n",
			  err, errno,
			  map_infos[i].type, BPF_MAP_TYPE_ARRAY,
			  info_len, sizeof(struct bpf_map_info),

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 137 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			  prog_infos[i].created_by_uid != my_uid ||
			  prog_infos[i].nr_map_ids != 1 ||
			  *(int *)(long)prog_infos[i].map_ids != map_infos[i].id ||
			  strcmp((char *)prog_infos[i].name, expected_prog_name),
			  "get-prog-info(fd)",
			  "err %d errno %d i %d type %d(%d) info_len %u(%zu) "
			  "jit_enabled %d jited_prog_len %u xlated_prog_len %u "
			  "jited_prog %d xlated_prog %d load_time %lu(%lu) "
			  "uid %u(%u) nr_map_ids %u(%u) map_id %u(%u) "

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 181 Column: 13 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			  link_infos[i].type, BPF_LINK_TYPE_RAW_TRACEPOINT,
			  link_infos[i].id,
			  link_infos[i].prog_id, prog_infos[i].id,
			  (const char *)u64_to_ptr(link_infos[i].raw_tracepoint.tp_name),
			  "sys_enter"))
			goto done;

	}

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/flow_dissector_reattach.c
4 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 81 Column: 12 CWE codes: 362 

              		perror("unshare(CLONE_NEWNET)");
		return -1;
	}
	new_net = open("/proc/self/ns/net", O_RDONLY);
	if (CHECK_FAIL(new_net < 0)) {
		perror("open(/proc/self/ns/net)");
		setns(old_net, CLONE_NEWNET);
		return -1;
	}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 608 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		  test_link_get_info },
	};
	int i, progs[2] = { -1, -1 };
	char test_name[80];

	for (i = 0; i < ARRAY_SIZE(progs); i++) {
		progs[i] = load_prog(BPF_PROG_TYPE_FLOW_DISSECTOR);
		if (progs[i] < 0)
			goto out_close;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 635 Column: 14 CWE codes: 362 

              {
	int err, new_net, saved_net;

	saved_net = open("/proc/self/ns/net", O_RDONLY);
	if (CHECK_FAIL(saved_net < 0)) {
		perror("open(/proc/self/ns/net");
		return;
	}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 641 Column: 13 CWE codes: 362 

              		return;
	}

	init_net = open("/proc/1/ns/net", O_RDONLY);
	if (CHECK_FAIL(init_net < 0)) {
		perror("open(/proc/1/ns/net)");
		goto out_close;
	}

Reported by FlawFinder.

tools/perf/util/auxtrace.c
4 issues
realpath - This function does not protect against buffer overflows, and some implementations can overflow internally
Security

Line: 2562 Column: 8 CWE codes: 120/785!
Suggestion: Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN 

              
	if (filt->filename) {
		at = "@";
		fn = realpath(filt->filename, filename_buf);
		if (!fn)
			return NULL;
	}

	if (filt->range) {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 425 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	union perf_event *event;
	int err;
	char buf[PERF_SAMPLE_MAX_SIZE];

	err = perf_session__peek_event(session, file_offset, buf,
				       PERF_SAMPLE_MAX_SIZE, &event, NULL);
	if (err)
		return err;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 2554 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static char *addr_filter__to_str(struct addr_filter *filt)
{
	char filename_buf[PATH_MAX];
	const char *at = "";
	const char *fn = "";
	char *filter;
	int err;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 1194 Column: 9 CWE codes: 126 

              	strlcpy(auxtrace_error->msg, msg, MAX_AUXTRACE_ERROR_MSG);

	size = (void *)auxtrace_error->msg - (void *)auxtrace_error +
	       strlen(auxtrace_error->msg) + 1;
	auxtrace_error->header.size = PERF_ALIGN(size, sizeof(u64));
}

int perf_event__synthesize_auxtrace_info(struct auxtrace_record *itr,
					 struct perf_tool *tool,

Reported by FlawFinder.

tools/objtool/include/objtool/warn.h
4 issues
sprintf - Does not check for buffer overflows
Security

Line: 36 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	str = malloc(strlen(name) + 20);

	if (func)
		sprintf(str, "%s()+0x%lx", name, name_off);
	else
		sprintf(str, "%s+0x%lx", name, name_off);

	return str;
}

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 38 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (func)
		sprintf(str, "%s()+0x%lx", name, name_off);
	else
		sprintf(str, "%s+0x%lx", name, name_off);

	return str;
}

#define WARN(format, ...)				\

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 44 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              }

#define WARN(format, ...)				\
	fprintf(stderr,					\
		"%s: warning: objtool: " format "\n",	\
		objname, ##__VA_ARGS__)

#define WARN_FUNC(format, sec, offset, ...)		\
({							\

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 33 Column: 15 CWE codes: 126 

              		name_off = offset;
	}

	str = malloc(strlen(name) + 20);

	if (func)
		sprintf(str, "%s()+0x%lx", name, name_off);
	else
		sprintf(str, "%s+0x%lx", name, name_off);

Reported by FlawFinder.