The following issues were found
drivers/hwtracing/coresight/coresight-tpiu.c
3 issues
Line: 74
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static int tpiu_enable(struct coresight_device *csdev, u32 mode, void *__unused)
{
tpiu_enable_hw(&csdev->access);
atomic_inc(csdev->refcnt);
dev_dbg(&csdev->dev, "TPIU enabled\n");
return 0;
}
Reported by FlawFinder.
Line: 101
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (atomic_dec_return(csdev->refcnt))
return -EBUSY;
tpiu_disable_hw(&csdev->access);
dev_dbg(&csdev->dev, "TPIU disabled\n");
return 0;
}
Reported by FlawFinder.
Line: 151
Column: 24
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
desc.access = CSDEV_ACCESS_IOMEM(base);
/* Disable tpiu to support older devices */
tpiu_disable_hw(&desc.access);
pdata = coresight_get_platform_data(dev);
if (IS_ERR(pdata))
return PTR_ERR(pdata);
dev->platform_data = pdata;
Reported by FlawFinder.
drivers/i3c/master/i3c-master-cdns.c
3 issues
Line: 434
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nbytes & 3) {
u32 tmp = 0;
memcpy(&tmp, bytes + (nbytes & ~3), nbytes & 3);
writesl(master->regs + TX_FIFO, &tmp, 1);
}
}
static void cdns_i3c_master_rd_from_rx_fifo(struct cdns_i3c_master *master,
Reported by FlawFinder.
Line: 447
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 tmp;
readsl(master->regs + RX_FIFO, &tmp, 1);
memcpy(bytes + (nbytes & ~3), &tmp, nbytes & 3);
}
}
static bool cdns_i3c_master_supports_ccc_cmd(struct i3c_master_controller *m,
const struct i3c_ccc_cmd *cmd)
Reported by FlawFinder.
Line: 1338
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nbytes % 3) {
u32 tmp = __raw_readl(master->regs + IBI_DATA_FIFO);
memcpy(buf + (nbytes & ~3), &tmp, nbytes & 3);
}
slot->len = min_t(unsigned int, IBIR_XFER_BYTES(ibir),
dev->ibi->max_payload_len);
i3c_master_queue_ibi(dev, slot);
Reported by FlawFinder.
drivers/iio/accel/bmc150-accel-core.c
3 issues
Line: 848
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
wm = data->watermark;
mutex_unlock(&data->mutex);
return sprintf(buf, "%d\n", wm);
}
static ssize_t bmc150_accel_get_fifo_state(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 863
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
state = data->fifo_mode;
mutex_unlock(&data->mutex);
return sprintf(buf, "%d\n", state);
}
static const struct iio_mount_matrix *
bmc150_accel_get_mount_matrix(const struct iio_dev *indio_dev,
const struct iio_chan_spec *chan)
Reported by FlawFinder.
Line: 1004
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
j = 0;
for_each_set_bit(bit, indio_dev->active_scan_mask,
indio_dev->masklength)
memcpy(&data->scan.channels[j++], &buffer[i * 3 + bit],
sizeof(data->scan.channels[0]));
iio_push_to_buffers_with_timestamp(indio_dev, &data->scan,
tstamp);
Reported by FlawFinder.
drivers/hwtracing/coresight/coresight-stm.c
3 issues
Line: 261
Column: 37
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct perf_event *event)
{
struct stm_drvdata *drvdata = dev_get_drvdata(csdev->dev.parent);
struct csdev_access *csa = &csdev->access;
/*
* For as long as the tracer isn't disabled another entity can't
* change its status. As such we can read the status here without
* fearing it will change under us.
Reported by FlawFinder.
Line: 311
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 paload[8];
if (stm_addr_unaligned(data, write_bytes)) {
memcpy(paload, data, size);
data = paload;
}
/* now we are 64bit/32bit aligned */
switch (size) {
Reported by FlawFinder.
Line: 616
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct stm_drvdata *drvdata = dev_get_drvdata(dev->parent);
val = drvdata->traceid;
return sprintf(buf, "%#lx\n", val);
}
static ssize_t traceid_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t size)
Reported by FlawFinder.
drivers/iommu/intel/debugfs.c
3 issues
Line: 251
CWE codes:
562
tbl_wlk.devfn = devfn;
tbl_wlk.rt_entry = &iommu->root_entry[bus];
tbl_wlk.ctx_entry = context;
m->private = &tbl_wlk;
if (dmar_readq(iommu->reg + DMAR_RTADDR_REG) & DMA_RTADDR_SMT) {
pasid_dir_ptr = context->lo & VTD_PAGE_MASK;
pasid_dir_size = get_pasid_dir_size(context);
pasid_dir_walk(m, pasid_dir_ptr, pasid_dir_size);
Reported by Cppcheck.
Line: 36
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
#define DEBUG_BUFFER_SIZE 1024
static char debug_buf[DEBUG_BUFFER_SIZE];
#define IOMMU_REGSET_ENTRY(_reg_) \
{ DMAR_##_reg_##_REG, __stringify(_reg_) }
static const struct iommu_regset iommu_regs_32[] = {
Reported by FlawFinder.
Line: 586
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dmar_drhd_unit *drhd;
struct intel_iommu *iommu;
int counting;
char buf[64];
if (cnt > 63)
cnt = 63;
if (copy_from_user(&buf, ubuf, cnt))
Reported by FlawFinder.
drivers/hwmon/ad7414.c
3 issues
Line: 110
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct ad7414_data *data = ad7414_update_device(dev);
return sprintf(buf, "%d\n", ad7414_temp_from_reg(data->temp_input));
}
static SENSOR_DEVICE_ATTR_RO(temp1_input, temp_input, 0);
static ssize_t max_min_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 119
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int index = to_sensor_dev_attr(attr)->index;
struct ad7414_data *data = ad7414_update_device(dev);
return sprintf(buf, "%d\n", data->temps[index] * 1000);
}
static ssize_t max_min_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 155
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int bitnr = to_sensor_dev_attr(attr)->index;
struct ad7414_data *data = ad7414_update_device(dev);
int value = (data->temp_input >> bitnr) & 1;
return sprintf(buf, "%d\n", value);
}
static SENSOR_DEVICE_ATTR_RO(temp1_min_alarm, alarm, 3);
static SENSOR_DEVICE_ATTR_RO(temp1_max_alarm, alarm, 4);
Reported by FlawFinder.
drivers/hwmon/adc128d818.c
3 issues
Line: 159
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return PTR_ERR(data);
val = DIV_ROUND_CLOSEST(data->in[index][nr] * data->vref, 4095);
return sprintf(buf, "%d\n", val);
}
static ssize_t adc128_in_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 199
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return PTR_ERR(data);
temp = sign_extend32(data->temp[index], 8);
return sprintf(buf, "%d\n", temp * 500);/* 0.5 degrees C resolution */
}
static ssize_t adc128_temp_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 245
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
alarms = data->alarms;
data->alarms &= ~mask;
return sprintf(buf, "%u\n", !!(alarms & mask));
}
static umode_t adc128_is_visible(struct kobject *kobj,
struct attribute *attr, int index)
{
Reported by FlawFinder.
drivers/gpu/drm/i915/i915_vma.c
3 issues
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned long *entries;
unsigned int nr_entries;
char buf[512];
if (!vma->node.stack) {
DRM_DEBUG_DRIVER("vma.node [%08llx + %08llx] %s: unknown owner\n",
vma->node.start, vma->node.size, reason);
return;
Reported by FlawFinder.
Line: 278
Column: 31
CWE codes:
362
struct i915_vma *vma;
GEM_BUG_ON(view && !i915_is_ggtt_or_dpt(vm));
GEM_BUG_ON(!atomic_read(&vm->open));
spin_lock(&obj->vma.lock);
vma = i915_vma_lookup(obj, vm, view);
spin_unlock(&obj->vma.lock);
Reported by FlawFinder.
Line: 1321
Column: 35
CWE codes:
362
GEM_BUG_ON(vma->fence);
GEM_BUG_ON(i915_vma_has_userfault(vma));
if (likely(atomic_read(&vma->vm->open))) {
trace_i915_vma_unbind(vma);
vma->ops->unbind_vma(vma->vm, vma);
}
atomic_and(~(I915_VMA_BIND_MASK | I915_VMA_ERROR | I915_VMA_GGTT_WRITE),
&vma->flags);
Reported by FlawFinder.
drivers/iio/adc/mcp3422.c
3 issues
Line: 277
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct mcp3422 *adc = iio_priv(dev_to_iio_dev(dev));
if (adc->id > 4)
return sprintf(buf, "240 60 15\n");
return sprintf(buf, "240 60 15 3\n");
}
static ssize_t mcp3422_show_scales(struct device *dev,
Reported by FlawFinder.
Line: 279
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (adc->id > 4)
return sprintf(buf, "240 60 15\n");
return sprintf(buf, "240 60 15 3\n");
}
static ssize_t mcp3422_show_scales(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 288
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct mcp3422 *adc = iio_priv(dev_to_iio_dev(dev));
u8 sample_rate = MCP3422_SAMPLE_RATE(adc->config);
return sprintf(buf, "0.%09u 0.%09u 0.%09u 0.%09u\n",
mcp3422_scales[sample_rate][0],
mcp3422_scales[sample_rate][1],
mcp3422_scales[sample_rate][2],
mcp3422_scales[sample_rate][3]);
}
Reported by FlawFinder.
drivers/hwmon/lm83.c
3 issues
Line: 157
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct lm83_data *data = lm83_update_device(dev);
return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[attr->index]));
}
static ssize_t temp_store(struct device *dev,
struct device_attribute *devattr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 187
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
struct lm83_data *data = lm83_update_device(dev);
return sprintf(buf, "%d\n", data->alarms);
}
static ssize_t alarm_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 197
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct lm83_data *data = lm83_update_device(dev);
int bitnr = attr->index;
return sprintf(buf, "%d\n", (data->alarms >> bitnr) & 1);
}
static SENSOR_DEVICE_ATTR_RO(temp1_input, temp, 0);
static SENSOR_DEVICE_ATTR_RO(temp2_input, temp, 1);
static SENSOR_DEVICE_ATTR_RO(temp3_input, temp, 2);
Reported by FlawFinder.