The following issues were found
drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.h
3 issues
Line: 250
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
entry->desc_size = sizeof(struct tx_desc);
entry->num_desc = txq->size;
entry->data_size = txq->size * sizeof(struct tx_desc);
memcpy(entry->data, txq->desc, entry->data_size);
}
static inline void cudbg_fill_qdesc_rxq(const struct sge_rspq *rxq,
enum cudbg_qdesc_qtype type,
struct cudbg_qdesc_entry *entry)
Reported by FlawFinder.
Line: 262
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
entry->desc_size = rxq->iqe_len;
entry->num_desc = rxq->size;
entry->data_size = rxq->size * rxq->iqe_len;
memcpy(entry->data, rxq->desc, entry->data_size);
}
static inline void cudbg_fill_qdesc_flq(const struct sge_fl *flq,
enum cudbg_qdesc_qtype type,
struct cudbg_qdesc_entry *entry)
Reported by FlawFinder.
Line: 274
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
entry->desc_size = sizeof(__be64);
entry->num_desc = flq->size;
entry->data_size = flq->size * sizeof(__be64);
memcpy(entry->data, flq->desc, entry->data_size);
}
static inline
struct cudbg_qdesc_entry *cudbg_next_qdesc(struct cudbg_qdesc_entry *e)
{
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb4/l2t.c
3 issues
Line: 725
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
if (e->state == L2T_STATE_SWITCHING)
ip[0] = '\0';
else
sprintf(ip, e->v6 ? "%pI6c" : "%pI4", e->addr);
seq_printf(seq, "%4u %-25s %17pM %4d %u %2u %c %5u %s\n",
e->idx + d->l2t_start, ip, e->dmac,
e->vlan & VLAN_VID_MASK, vlan_prio(e), e->lport,
l2e_state(e), atomic_read(&e->refcnt),
e->neigh ? e->neigh->dev->name : "");
Reported by FlawFinder.
Line: 456
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->state = L2T_STATE_RESOLVING;
if (neigh->dev->flags & IFF_LOOPBACK)
memcpy(e->dmac, physdev->dev_addr, sizeof(e->dmac));
memcpy(e->addr, addr, addr_len);
e->ifindex = ifidx;
e->hash = hash;
e->lport = lport;
e->v6 = addr_len == 16;
atomic_set(&e->refcnt, 1);
Reported by FlawFinder.
Line: 717
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
seq_puts(seq, " Idx IP address "
"Ethernet address VLAN/P LP State Users Port\n");
else {
char ip[60];
struct l2t_data *d = seq->private;
struct l2t_entry *e = v;
spin_lock_bh(&e->lock);
if (e->state == L2T_STATE_SWITCHING)
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c
3 issues
Line: 1985
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
seq_printf(seq, "%10u %15llu %5d %5d",
entry->seqno, entry->timestamp,
entry->access, entry->execute);
for (i = 0; i < MBOX_LEN / 8; i++) {
u64 flit = entry->cmd[i];
u32 hi = (u32)(flit >> 32);
u32 lo = (u32)flit;
Reported by FlawFinder.
Line: 1221
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret < 0)
return ret;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
return 0;
}
#ifdef CONFIG_NET_POLL_CONTROLLER
/*
Reported by FlawFinder.
Line: 1788
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
switch (sset) {
case ETH_SS_STATS:
memcpy(data, stats_strings, sizeof(stats_strings));
break;
}
}
/*
Reported by FlawFinder.
drivers/net/ethernet/cisco/enic/vnic_dev.c
3 issues
Line: 125
Column: 28
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
vdev->res[type].count = count;
vdev->res[type].vaddr = (char __iomem *)bar[bar_num].vaddr +
bar_offset;
vdev->res[type].bus_addr = bar[bar_num].bus_addr + bar_offset;
}
return 0;
Reported by FlawFinder.
Line: 906
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
do {
csum = 0;
memcpy(&vdev->notify_copy, vdev->notify, vdev->notify_sz);
words = (u32 *)&vdev->notify_copy;
for (i = 1; i < nwords; i++)
csum += words[i];
} while (csum != words[0]);
Reported by FlawFinder.
Line: 1133
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!prov_buf)
return -ENOMEM;
memcpy(prov_buf, buf, len);
a0 = prov_pa;
ret = vnic_dev_cmd(vdev, CMD_INIT_PROV_INFO2, &a0, &a1, wait);
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/coredump.c
3 issues
Line: 1555
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dump_tlv = (struct ath10k_tlv_dump_data *)(buf + sofar);
dump_tlv->type = cpu_to_le32(ATH10K_FW_CRASH_DUMP_REGISTERS);
dump_tlv->tlv_len = cpu_to_le32(sizeof(crash_data->registers));
memcpy(dump_tlv->tlv_data, &crash_data->registers,
sizeof(crash_data->registers));
sofar += sizeof(*dump_tlv) + sizeof(crash_data->registers);
}
if (test_bit(ATH10K_FW_CRASH_DUMP_CE_DATA, &ath10k_coredump_mask)) {
Reported by FlawFinder.
Line: 1568
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ce_hdr = (struct ath10k_ce_crash_hdr *)(dump_tlv->tlv_data);
ce_hdr->ce_count = cpu_to_le32(CE_COUNT);
memset(ce_hdr->reserved, 0, sizeof(ce_hdr->reserved));
memcpy(ce_hdr->entries, crash_data->ce_crash_data,
CE_COUNT * sizeof(ce_hdr->entries[0]));
sofar += sizeof(*dump_tlv) + sizeof(*ce_hdr) +
CE_COUNT * sizeof(ce_hdr->entries[0]);
}
Reported by FlawFinder.
Line: 1580
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dump_tlv->type = cpu_to_le32(ATH10K_FW_CRASH_DUMP_RAM_DATA);
dump_tlv->tlv_len = cpu_to_le32(crash_data->ramdump_buf_len);
if (crash_data->ramdump_buf_len) {
memcpy(dump_tlv->tlv_data, crash_data->ramdump_buf,
crash_data->ramdump_buf_len);
sofar += sizeof(*dump_tlv) + crash_data->ramdump_buf_len;
}
}
Reported by FlawFinder.
drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c
3 issues
Line: 302
Column: 37
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
static int intel_crosststamp(ktime_t *device,
struct system_counterval_t *system,
void *ctx)
{
struct intel_priv_data *intel_priv;
struct stmmac_priv *priv = (struct stmmac_priv *)ctx;
Reported by FlawFinder.
Line: 530
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
plat->eee_usecs_rate = plat->clk_ptp_rate;
/* Set system clock */
sprintf(clk_name, "%s-%s", "stmmac", pci_name(pdev));
plat->stmmac_clk = clk_register_fixed_rate(&pdev->dev,
clk_name, NULL, 0,
plat->clk_ptp_rate);
Reported by FlawFinder.
Line: 446
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int intel_mgbe_common_data(struct pci_dev *pdev,
struct plat_stmmacenet_data *plat)
{
char clk_name[20];
int ret;
int i;
plat->pdev = pdev;
plat->phy_addr = -1;
Reported by FlawFinder.
drivers/net/ethernet/intel/ice/ice_dcb_lib.c
3 issues
Line: 335
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rtnl_lock();
ice_dis_vsi(pf_vsi, true);
memcpy(curr_cfg, new_cfg, sizeof(*curr_cfg));
memcpy(&curr_cfg->etsrec, &curr_cfg->etscfg, sizeof(curr_cfg->etsrec));
memcpy(&new_cfg->etsrec, &curr_cfg->etscfg, sizeof(curr_cfg->etsrec));
/* Only send new config to HW if we are in SW LLDP mode. Otherwise,
* the new config came from the HW in the first place.
Reported by FlawFinder.
Line: 337
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(curr_cfg, new_cfg, sizeof(*curr_cfg));
memcpy(&curr_cfg->etsrec, &curr_cfg->etscfg, sizeof(curr_cfg->etsrec));
memcpy(&new_cfg->etsrec, &curr_cfg->etscfg, sizeof(curr_cfg->etsrec));
/* Only send new config to HW if we are in SW LLDP mode. Otherwise,
* the new config came from the HW in the first place.
*/
if (pf->hw.port_info->qos_cfg.is_sw_lldp) {
Reported by FlawFinder.
Line: 347
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret) {
dev_err(dev, "Set DCB Config failed\n");
/* Restore previous settings to local config */
memcpy(curr_cfg, old_cfg, sizeof(*curr_cfg));
goto out;
}
}
ret = ice_query_port_ets(pf->hw.port_info, &buf, sizeof(buf), NULL);
Reported by FlawFinder.
drivers/net/wireless/ath/ath.h
3 issues
Line: 303
Column: 40
CWE codes:
134
Suggestion:
Use a constant for the format specification
#else
static inline __attribute__ ((format (printf, 3, 4)))
void _ath_dbg(struct ath_common *common, enum ATH_DEBUG dbg_mask,
const char *fmt, ...)
{
}
#define ath_dbg(common, dbg_mask, fmt, ...) \
Reported by FlawFinder.
Line: 81
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct ath_regulatory {
char alpha2[2];
enum nl80211_dfs_regions region;
u16 country_code;
u16 max_power_level;
u16 current_rd;
int16_t power_limit;
Reported by FlawFinder.
Line: 126
Column: 17
CWE codes:
120
20
* @write_flush: flush buffered register writes and disable buffering
*/
struct ath_ops {
unsigned int (*read)(void *, u32 reg_offset);
void (*multi_read)(void *, u32 *addr, u32 *val, u16 count);
void (*write)(void *, u32 val, u32 reg_offset);
void (*enable_write_buffer)(void *);
void (*write_flush) (void *);
u32 (*rmw)(void *, u32 reg_offset, u32 set, u32 clr);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/rl.c
3 issues
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_CMD_OP_CREATE_SCHEDULING_ELEMENT);
MLX5_SET(create_scheduling_element_in, in, scheduling_hierarchy,
hierarchy);
memcpy(schedc, ctx, MLX5_ST_SZ_BYTES(scheduling_context));
err = mlx5_cmd_exec_inout(dev, create_scheduling_element, in, out);
if (err)
return err;
Reported by FlawFinder.
Line: 81
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
modify_bitmask);
MLX5_SET(modify_scheduling_element_in, in, scheduling_hierarchy,
hierarchy);
memcpy(schedc, ctx, MLX5_ST_SZ_BYTES(scheduling_context));
return mlx5_cmd_exec_in(dev, modify_scheduling_element, in);
}
int mlx5_destroy_scheduling_element_cmd(struct mlx5_core_dev *dev, u8 hierarchy,
Reported by FlawFinder.
Line: 157
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(set_pp_rate_limit_in, in, uid, entry->uid);
MLX5_SET(set_pp_rate_limit_in, in, rate_limit_index, entry->index);
if (set)
memcpy(pp_context, entry->rl_raw, sizeof(entry->rl_raw));
return mlx5_cmd_exec_in(dev, set_pp_rate_limit, in);
}
bool mlx5_rl_is_in_range(struct mlx5_core_dev *dev, u32 rate)
{
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_cmd.c
3 issues
Line: 350
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(alloc_modify_header_context_in, in, table_type, table_type);
MLX5_SET(alloc_modify_header_context_in, in, num_of_actions, num_of_actions);
p_actions = MLX5_ADDR_OF(alloc_modify_header_context_in, in, actions);
memcpy(p_actions, actions, num_of_actions * sizeof(u64));
err = mlx5_cmd_exec(mdev, in, inlen, out, sizeof(out));
if (err)
goto out;
Reported by FlawFinder.
Line: 525
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(packet_reformat_context_in, prctx, reformat_param_1, reformat_param_1);
MLX5_SET(packet_reformat_context_in, prctx, reformat_data_size, reformat_size);
if (reformat_data && reformat_size)
memcpy(pdata, reformat_data, reformat_size);
err = mlx5_cmd_exec(mdev, in, inlen, out, sizeof(out));
if (err)
return err;
Reported by FlawFinder.
Line: 704
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
in_match_value = MLX5_ADDR_OF(flow_context, in_flow_context,
match_value);
memcpy(in_match_value, fte->val, sizeof(u32) * MLX5_ST_SZ_DW_MATCH_PARAM);
in_dests = MLX5_ADDR_OF(flow_context, in_flow_context, destination);
if (fte->action.action & MLX5_FLOW_CONTEXT_ACTION_FWD_DEST) {
int list_size = 0;
Reported by FlawFinder.