The following issues were found
arch/x86/kvm/mmu/spte.c
3 issues
Line: 54
Column: 65
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return mask;
}
u64 make_mmio_spte(struct kvm_vcpu *vcpu, u64 gfn, unsigned int access)
{
u64 gen = kvm_vcpu_memslots(vcpu)->generation & MMIO_SPTE_GEN_MASK;
u64 spte = generation_mmio_spte_mask(gen);
u64 gpa = gfn << PAGE_SHIFT;
Reported by FlawFinder.
Line: 62
Column: 2
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
WARN_ON_ONCE(!shadow_mmio_value);
access &= shadow_mmio_access_mask;
spte |= shadow_mmio_value | access;
spte |= gpa | shadow_nonpresent_or_rsvd_mask;
spte |= (gpa & shadow_nonpresent_or_rsvd_mask)
<< SHADOW_NONPRESENT_OR_RSVD_MASK_LEN;
Reported by FlawFinder.
Line: 63
Column: 30
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
WARN_ON_ONCE(!shadow_mmio_value);
access &= shadow_mmio_access_mask;
spte |= shadow_mmio_value | access;
spte |= gpa | shadow_nonpresent_or_rsvd_mask;
spte |= (gpa & shadow_nonpresent_or_rsvd_mask)
<< SHADOW_NONPRESENT_OR_RSVD_MASK_LEN;
return spte;
Reported by FlawFinder.
arch/sparc/kernel/sys_sparc_32.c
3 issues
Line: 201
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SYSCALL_DEFINE2(getdomainname, char __user *, name, int, len)
{
int nlen, err;
char tmp[__NEW_UTS_LEN + 1];
if (len < 0)
return -EINVAL;
down_read(&uts_sem);
Reported by FlawFinder.
Line: 212
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = -EINVAL;
if (nlen > len)
goto out_unlock;
memcpy(tmp, utsname()->domainname, nlen);
up_read(&uts_sem);
if (copy_to_user(name, tmp, nlen))
return -EFAULT;
Reported by FlawFinder.
Line: 208
Column: 9
CWE codes:
126
down_read(&uts_sem);
nlen = strlen(utsname()->domainname) + 1;
err = -EINVAL;
if (nlen > len)
goto out_unlock;
memcpy(tmp, utsname()->domainname, nlen);
Reported by FlawFinder.
arch/x86/kernel/cpu/cacheinfo.c
3 issues
Line: 357
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
index = amd_get_l3_disable_slot(nb, slot);
if (index >= 0)
return sprintf(buf, "%d\n", index);
return sprintf(buf, "FREE\n");
}
#define SHOW_CACHE_DISABLE(slot) \
Reported by FlawFinder.
Line: 359
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (index >= 0)
return sprintf(buf, "%d\n", index);
return sprintf(buf, "FREE\n");
}
#define SHOW_CACHE_DISABLE(slot) \
static ssize_t \
cache_disable_##slot##_show(struct device *dev, \
Reported by FlawFinder.
Line: 479
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct cacheinfo *this_leaf = dev_get_drvdata(dev);
int cpu = cpumask_first(&this_leaf->shared_cpu_map);
return sprintf(buf, "%x\n", amd_get_subcaches(cpu));
}
static ssize_t subcaches_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
arch/powerpc/platforms/512x/clock-commonclk.c
3 issues
Line: 521
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *name_mux0;
const char *name_en0;
const char *name_div0;
const char *parent_names_mux1[2];
const char *name_mclk;
};
#define MCLK_SETUP_DATA_PSC(id) { \
MCLK_TYPE_PSC, 0, \
Reported by FlawFinder.
Line: 822
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
/* for PSCs there is a "registers" gate and a bitrate MCLK subtree */
for (mclk_idx = 0; mclk_idx < soc_max_pscnum(); mclk_idx++) {
char name[12];
snprintf(name, sizeof(name), "psc%d", mclk_idx);
clks[MPC512x_CLK_PSC0 + mclk_idx] = mpc512x_clk_gated(
name, "ips", &clkregs->sccr1, 27 - mclk_idx);
mpc512x_clk_setup_mclk(&mclk_psc_data[mclk_idx], mclk_idx);
}
Reported by FlawFinder.
Line: 1031
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_node *np;
struct resource res;
int idx;
char devname[32];
did_register = 0;
FOR_NODES(mpc512x_select_psc_compat()) {
NODE_PREP;
Reported by FlawFinder.
arch/um/os-Linux/drivers/tuntap_user.c
3 issues
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *buffer, int buffer_len, int *used_out)
{
struct tuntap_pre_exec_data data;
char version_buf[sizeof("nnnnn\0")];
char *argv[] = { "uml_net", version_buf, "tuntap", "up", gate,
NULL };
char buf[CMSG_SPACE(sizeof(*fd_out))];
struct msghdr msg;
struct cmsghdr *cmsg;
Reported by FlawFinder.
Line: 69
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char version_buf[sizeof("nnnnn\0")];
char *argv[] = { "uml_net", version_buf, "tuntap", "up", gate,
NULL };
char buf[CMSG_SPACE(sizeof(*fd_out))];
struct msghdr msg;
struct cmsghdr *cmsg;
struct iovec iov;
int pid, n, err;
Reported by FlawFinder.
Line: 75
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct iovec iov;
int pid, n, err;
sprintf(version_buf, "%d", UML_NET_VERSION);
data.stdout_fd = remote;
data.close_me = me;
pid = run_helper(tuntap_pre_exec, &data, argv);
Reported by FlawFinder.
arch/powerpc/crypto/aes-spe-glue.c
3 issues
Line: 345
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
scatterwalk_map_and_copy(b[0], req->dst, offset, AES_BLOCK_SIZE, 0);
memcpy(b[1], b[0], tail);
scatterwalk_map_and_copy(b[0], req->src, offset + AES_BLOCK_SIZE, tail, 0);
spe_begin();
ppc_encrypt_xts(b[0], b[0], ctx->key_enc, ctx->rounds, AES_BLOCK_SIZE,
req->iv, NULL);
Reported by FlawFinder.
Line: 394
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ppc_decrypt_xts(b[1], b[1], ctx->key_dec, ctx->rounds, AES_BLOCK_SIZE,
(u8 *)&twk, NULL);
memcpy(b[0], b[2], tail);
memcpy(b[0] + tail, b[1] + tail, AES_BLOCK_SIZE - tail);
ppc_decrypt_xts(b[0], b[0], ctx->key_dec, ctx->rounds, AES_BLOCK_SIZE,
req->iv, NULL);
spe_end();
Reported by FlawFinder.
Line: 395
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ppc_decrypt_xts(b[1], b[1], ctx->key_dec, ctx->rounds, AES_BLOCK_SIZE,
(u8 *)&twk, NULL);
memcpy(b[0], b[2], tail);
memcpy(b[0] + tail, b[1] + tail, AES_BLOCK_SIZE - tail);
ppc_decrypt_xts(b[0], b[0], ctx->key_dec, ctx->rounds, AES_BLOCK_SIZE,
req->iv, NULL);
spe_end();
scatterwalk_map_and_copy(b[0], req->dst, offset, AES_BLOCK_SIZE + tail, 1);
Reported by FlawFinder.
arch/x86/kernel/cpu/cpu.h
3 issues
Line: 10
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *c_vendor;
/* some have two possibilities for cpuid string */
const char *c_ident[2];
void (*c_early_init)(struct cpuinfo_x86 *);
void (*c_bsp_init)(struct cpuinfo_x86 *);
void (*c_init)(struct cpuinfo_x86 *);
void (*c_identify)(struct cpuinfo_x86 *);
Reported by FlawFinder.
Line: 26
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Family/stepping-based lookup table for model names. */
struct legacy_cpu_model_info {
int family;
const char *model_names[16];
} legacy_models[5];
#endif
};
struct _tlb_table {
Reported by FlawFinder.
Line: 36
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char tlb_type;
unsigned int entries;
/* unsigned int ways; */
char info[128];
};
#define cpu_dev_register(cpu_devX) \
static const struct cpu_dev *const __cpu_dev_##cpu_devX __used \
__section(".x86_cpu_dev.init") = \
Reported by FlawFinder.
arch/s390/include/uapi/asm/tape390.h
3 issues
Line: 35
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct display_struct {
char cntrl;
char message1[8];
char message2[8];
} display_struct;
/*
* Tape encryption support
Reported by FlawFinder.
Line: 36
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct display_struct {
char cntrl;
char message1[8];
char message2[8];
} display_struct;
/*
* Tape encryption support
*/
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tape390_kekl {
unsigned char type;
unsigned char type_on_tape;
char label[65];
} __attribute__ ((packed));
struct tape390_kekl_pair {
struct tape390_kekl kekl[2];
} __attribute__ ((packed));
Reported by FlawFinder.
arch/x86/kernel/cpu/cyrix.c
3 issues
Line: 354
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
dir0_msn = 7;
break;
}
strcpy(buf, Cx86_model[dir0_msn & 7]);
if (p)
strcat(buf, p);
return;
}
Reported by FlawFinder.
Line: 356
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
}
strcpy(buf, Cx86_model[dir0_msn & 7]);
if (p)
strcat(buf, p);
return;
}
/*
* Handle National Semiconductor branded processors
Reported by FlawFinder.
Line: 418
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (c->x86 == 4 && test_cyrix_52div()) {
unsigned char dir0, dir1;
strcpy(c->x86_vendor_id, "CyrixInstead");
c->x86_vendor = X86_VENDOR_CYRIX;
/* Actually enable cpuid on the older cyrix */
/* Retrieve CPU revisions */
Reported by FlawFinder.
arch/powerpc/platforms/powernv/opal-async.c
3 issues
Line: 151
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
opal_wake_poller();
wait_event(opal_async_wait, opal_async_tokens[token].state
== ASYNC_TOKEN_COMPLETED);
memcpy(msg, &opal_async_tokens[token].response, sizeof(*msg));
return 0;
}
EXPORT_SYMBOL_GPL(opal_async_wait_response);
Reported by FlawFinder.
Line: 205
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
opal_async_tokens[token].state ==
ASYNC_TOKEN_COMPLETED);
if (!ret)
memcpy(msg, &opal_async_tokens[token].response, sizeof(*msg));
return ret;
}
EXPORT_SYMBOL_GPL(opal_async_wait_response_interruptible);
Reported by FlawFinder.
Line: 234
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
opal_async_release_token(token);
return 0;
}
memcpy(&opal_async_tokens[token].response, comp_msg, sizeof(*comp_msg));
wake_up(&opal_async_wait);
return 0;
}
Reported by FlawFinder.