The following issues were found
drivers/net/wireless/ath/ath10k/snoc.c
3 issues
Line: 1448
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->length = cpu_to_le32(ar->msa.mem_size);
if (current_region->len < ar->msa.mem_size) {
memcpy(buf, ar->msa.vaddr, current_region->len);
ath10k_warn(ar, "msa dump length is less than msa size %x, %x\n",
current_region->len, ar->msa.mem_size);
} else {
memcpy(buf, ar->msa.vaddr, ar->msa.mem_size);
}
Reported by FlawFinder.
Line: 1452
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ath10k_warn(ar, "msa dump length is less than msa size %x, %x\n",
current_region->len, ar->msa.mem_size);
} else {
memcpy(buf, ar->msa.vaddr, ar->msa.mem_size);
}
}
void ath10k_snoc_fw_crashed_dump(struct ath10k *ar)
{
Reported by FlawFinder.
Line: 1459
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void ath10k_snoc_fw_crashed_dump(struct ath10k *ar)
{
struct ath10k_fw_crash_data *crash_data;
char guid[UUID_STRING_LEN + 1];
mutex_lock(&ar->dump_mutex);
spin_lock_bh(&ar->data_lock);
ar->stats.fw_crash_counter++;
Reported by FlawFinder.
drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c
3 issues
Line: 284
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
snprintf(bus_id, MII_BUS_ID_SIZE, "sxgbe-%x",
priv->plat->bus_id);
snprintf(phy_id_fmt, MII_BUS_ID_SIZE + 3, PHY_ID_FMT, bus_id,
priv->plat->phy_addr);
netdev_dbg(ndev, "%s: trying to attach to %s\n", __func__, phy_id_fmt);
phydev = phy_connect(ndev, phy_id_fmt, &sxgbe_adjust_link, phy_iface);
Reported by FlawFinder.
Line: 266
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int sxgbe_init_phy(struct net_device *ndev)
{
char phy_id_fmt[MII_BUS_ID_SIZE + 3];
char bus_id[MII_BUS_ID_SIZE];
struct phy_device *phydev;
struct sxgbe_priv_data *priv = netdev_priv(ndev);
int phy_iface = priv->plat->interface;
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sxgbe_init_phy(struct net_device *ndev)
{
char phy_id_fmt[MII_BUS_ID_SIZE + 3];
char bus_id[MII_BUS_ID_SIZE];
struct phy_device *phydev;
struct sxgbe_priv_data *priv = netdev_priv(ndev);
int phy_iface = priv->plat->interface;
/* assign default link status */
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
3 issues
Line: 490
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
in_match_value = MLX5_ADDR_OF(flow_context, in_flow_context,
match_value);
memcpy(in_match_value, &fte->val, sizeof(fte->val));
in_dests = MLX5_ADDR_OF(flow_context, in_flow_context, destination);
if (fte->action.action & MLX5_FLOW_CONTEXT_ACTION_FWD_DEST) {
int list_size = 0;
Reported by FlawFinder.
Line: 749
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(packet_reformat_context_in, packet_reformat_context_in,
reformat_param_1, params->param_1);
if (params->data && params->size)
memcpy(reformat, params->data, params->size);
err = mlx5_cmd_exec(dev, in, inlen, out, sizeof(out));
pkt_reformat->id = MLX5_GET(alloc_packet_reformat_context_out,
out, packet_reformat_id);
Reported by FlawFinder.
Line: 833
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(alloc_modify_header_context_in, in, num_of_actions, num_actions);
actions_in = MLX5_ADDR_OF(alloc_modify_header_context_in, in, actions);
memcpy(actions_in, modify_actions, actions_size);
err = mlx5_cmd_exec(dev, in, inlen, out, sizeof(out));
modify_hdr->id = MLX5_GET(alloc_modify_header_context_out, out, modify_header_id);
kfree(in);
Reported by FlawFinder.
drivers/net/ethernet/sfc/efx.c
3 issues
Line: 671
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static void efx_update_name(struct efx_nic *efx)
{
strcpy(efx->name, efx->net_dev->name);
efx_mtd_rename(efx);
efx_set_channel_names(efx);
}
static int efx_netdev_event(struct notifier_block *this,
Reported by FlawFinder.
Line: 696
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct efx_nic *efx = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", efx->phy_type);
}
static DEVICE_ATTR_RO(phy_type);
static int efx_register_netdev(struct efx_nic *efx)
{
Reported by FlawFinder.
Line: 910
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void efx_probe_vpd_strings(struct efx_nic *efx)
{
struct pci_dev *dev = efx->pci_dev;
char vpd_data[SFC_VPD_LEN];
ssize_t vpd_size;
int ro_start, ro_size, i, j;
/* Get the vpd data from the device */
vpd_size = pci_read_vpd(dev, 0, sizeof(vpd_data), vpd_data);
Reported by FlawFinder.
drivers/net/ethernet/sfc/falcon/efx.c
3 issues
Line: 2235
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static void ef4_update_name(struct ef4_nic *efx)
{
strcpy(efx->name, efx->net_dev->name);
ef4_mtd_rename(efx);
ef4_set_channel_names(efx);
}
static int ef4_netdev_event(struct notifier_block *this,
Reported by FlawFinder.
Line: 2260
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
phy_type_show(struct device *dev, struct device_attribute *attr, char *buf)
{
struct ef4_nic *efx = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", efx->phy_type);
}
static DEVICE_ATTR_RO(phy_type);
static int ef4_register_netdev(struct ef4_nic *efx)
{
Reported by FlawFinder.
Line: 2791
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void ef4_probe_vpd_strings(struct ef4_nic *efx)
{
struct pci_dev *dev = efx->pci_dev;
char vpd_data[SFC_VPD_LEN];
ssize_t vpd_size;
int ro_start, ro_size, i, j;
/* Get the vpd data from the device */
vpd_size = pci_read_vpd(dev, 0, sizeof(vpd_data), vpd_data);
Reported by FlawFinder.
drivers/net/ethernet/sfc/falcon/rx.c
3 issues
Line: 487
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
EF4_BUG_ON_PARANOID(rx_buf->len < hdr_len);
memcpy(skb->data + efx->rx_ip_align, eh - efx->rx_prefix_size,
efx->rx_prefix_size + hdr_len);
skb_reserve(skb, efx->rx_ip_align + efx->rx_prefix_size);
__skb_put(skb, hdr_len);
/* Append the remaining page(s) onto the frag list */
Reported by FlawFinder.
Line: 866
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spec.rem_host[0] = fk.addrs.v4addrs.src;
spec.loc_host[0] = fk.addrs.v4addrs.dst;
} else {
memcpy(spec.rem_host, &fk.addrs.v6addrs.src, sizeof(struct in6_addr));
memcpy(spec.loc_host, &fk.addrs.v6addrs.dst, sizeof(struct in6_addr));
}
spec.rem_port = fk.ports.src;
spec.loc_port = fk.ports.dst;
Reported by FlawFinder.
Line: 867
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spec.loc_host[0] = fk.addrs.v4addrs.dst;
} else {
memcpy(spec.rem_host, &fk.addrs.v6addrs.src, sizeof(struct in6_addr));
memcpy(spec.loc_host, &fk.addrs.v6addrs.dst, sizeof(struct in6_addr));
}
spec.rem_port = fk.ports.src;
spec.loc_port = fk.ports.dst;
Reported by FlawFinder.
drivers/net/ethernet/sfc/falcon/selftest.c
3 issues
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iphdr ip;
struct udphdr udp;
__be16 iteration;
char msg[64];
} __packed;
/* Loopback test source MAC address */
static const u8 payload_source[ETH_ALEN] __aligned(2) = {
0x00, 0x0f, 0x53, 0x1b, 0x1b, 0x1b,
Reported by FlawFinder.
Line: 402
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Fill out payload */
payload->iteration = htons(ntohs(payload->iteration) + 1);
memcpy(&payload->msg, payload_msg, sizeof(payload_msg));
/* Fill out remaining state members */
atomic_set(&state->rx_good, 0);
atomic_set(&state->rx_bad, 0);
smp_wmb();
Reported by FlawFinder.
Line: 432
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the payload in, incrementing the source address to
* exercise the rss vectors */
payload = skb_put(skb, sizeof(state->payload));
memcpy(payload, &state->payload, sizeof(state->payload));
payload->ip.saddr = htonl(INADDR_LOOPBACK | (i << 2));
/* Ensure everything we've written is visible to the
* interrupt handler. */
smp_wmb();
Reported by FlawFinder.
drivers/net/ethernet/sfc/mcdi_port_common.c
3 issues
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void efx_link_set_advertising(struct efx_nic *efx,
const unsigned long *advertising)
{
memcpy(efx->link_advertising, advertising,
sizeof(__ETHTOOL_DECLARE_LINK_MODE_MASK()));
efx->link_advertising[0] |= ADVERTISED_Autoneg;
if (advertising[0] & ADVERTISED_Pause)
efx->wanted_fc |= (EFX_FC_TX | EFX_FC_RX);
Reported by FlawFinder.
Line: 541
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mcdi_to_ethtool_linkset(phy_cfg->media, phy_cfg->supported_cap,
cmd->link_modes.supported);
memcpy(cmd->link_modes.advertising, efx->link_advertising,
sizeof(__ETHTOOL_DECLARE_LINK_MODE_MASK()));
BUILD_BUG_ON(MC_CMD_GET_LINK_IN_LEN != 0);
rc = efx_mcdi_rpc(efx, MC_CMD_GET_LINK, NULL, 0,
outbuf, sizeof(outbuf), NULL);
Reported by FlawFinder.
Line: 919
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (payload_len != SFP_PAGE_SIZE)
return -EIO;
memcpy(data, MCDI_PTR(outbuf, GET_PHY_MEDIA_INFO_OUT_DATA) + offset,
to_copy);
return to_copy;
}
Reported by FlawFinder.
drivers/net/ethernet/sfc/rx.c
3 issues
Line: 86
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
EFX_WARN_ON_ONCE_PARANOID(rx_buf->len < hdr_len);
memcpy(skb->data + efx->rx_ip_align, eh - efx->rx_prefix_size,
efx->rx_prefix_size + hdr_len);
skb_reserve(skb, efx->rx_ip_align + efx->rx_prefix_size);
__skb_put(skb, hdr_len);
/* Append the remaining page(s) onto the frag list */
Reported by FlawFinder.
Line: 286
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Save the rx prefix. */
EFX_WARN_ON_PARANOID(efx->rx_prefix_size > EFX_MAX_RX_PREFIX_SIZE);
memcpy(rx_prefix, *ehp - efx->rx_prefix_size,
efx->rx_prefix_size);
xdp_init_buff(&xdp, efx->rx_page_buf_step, &rx_queue->xdp_rxq_info);
/* No support yet for XDP metadata */
xdp_prepare_buff(&xdp, *ehp - EFX_XDP_HEADROOM, EFX_XDP_HEADROOM,
Reported by FlawFinder.
Line: 305
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*ehp += offset;
rx_buf->page_offset += offset;
rx_buf->len -= offset;
memcpy(*ehp - efx->rx_prefix_size, rx_prefix,
efx->rx_prefix_size);
}
break;
case XDP_TX:
Reported by FlawFinder.
drivers/net/ethernet/sfc/selftest.c
3 issues
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iphdr ip;
struct udphdr udp;
__be16 iteration;
char msg[64];
} __packed;
/* Loopback test source MAC address */
static const u8 payload_source[ETH_ALEN] __aligned(2) = {
0x00, 0x0f, 0x53, 0x1b, 0x1b, 0x1b,
Reported by FlawFinder.
Line: 400
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Fill out payload */
payload->iteration = htons(ntohs(payload->iteration) + 1);
memcpy(&payload->msg, payload_msg, sizeof(payload_msg));
/* Fill out remaining state members */
atomic_set(&state->rx_good, 0);
atomic_set(&state->rx_bad, 0);
smp_wmb();
Reported by FlawFinder.
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the payload in, incrementing the source address to
* exercise the rss vectors */
payload = skb_put(skb, sizeof(state->payload));
memcpy(payload, &state->payload, sizeof(state->payload));
payload->ip.saddr = htonl(INADDR_LOOPBACK | (i << 2));
/* Ensure everything we've written is visible to the
* interrupt handler. */
smp_wmb();
Reported by FlawFinder.