The following issues were found
drivers/infiniband/ulp/iser/iscsi_iser.h
3 issues
Line: 272
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iser_rx_desc {
struct iser_ctrl iser_header;
struct iscsi_hdr iscsi_header;
char data[ISER_RECV_DATA_SEG_LEN];
u64 dma_addr;
struct ib_sge rx_sg;
struct ib_cqe cqe;
char pad[ISER_RX_PAD_SIZE];
} __packed;
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 dma_addr;
struct ib_sge rx_sg;
struct ib_cqe cqe;
char pad[ISER_RX_PAD_SIZE];
} __packed;
/**
* struct iser_login_desc - iSER login descriptor
*
Reported by FlawFinder.
Line: 428
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned qp_max_recv_dtos_mask;
unsigned min_posted_rx;
u16 max_cmds;
char name[ISER_OBJECT_NAME_SIZE];
struct work_struct release_work;
struct mutex state_mutex;
struct completion stop_completion;
struct completion ib_completion;
struct completion up_completion;
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/engine/gr/g84.c
3 issues
Line: 168
nvkm_wr32(device, 0x100c80, 0x00000001);
nvkm_msec(device, 2000,
if (!(nvkm_rd32(device, 0x100c80) & 0x00000001))
break;
);
nvkm_mask(device, 0x400500, 0x00000001, 0x00000001);
spin_unlock_irqrestore(&gr->lock, flags);
Reported by Cppcheck.
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nvkm_subdev *subdev = &gr->base.engine.subdev;
u32 stat = status;
u8 mask = 0x00;
char msg[64];
int i;
for (i = 0; units[i].name && status; i++) {
if ((status & 7) == 1)
mask |= (1 << i);
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nvkm_timer *tmr = device->timer;
bool idle, timeout = false;
unsigned long flags;
char status[128];
u64 start;
u32 tmp;
spin_lock_irqsave(&gr->lock, flags);
nvkm_mask(device, 0x400500, 0x00000001, 0x00000000);
Reported by FlawFinder.
drivers/infiniband/hw/mthca/mthca_mcg.c
3 issues
Line: 77
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
mgid = mailbox->buf;
memcpy(mgid, gid, 16);
err = mthca_MGID_HASH(dev, mailbox, hash);
if (err) {
mthca_err(dev, "MGID_HASH failed (%d)\n", err);
goto out;
Reported by FlawFinder.
Line: 144
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (index != -1) {
if (!memcmp(mgm->gid, zero_gid, 16))
memcpy(mgm->gid, gid->raw, 16);
} else {
link = 1;
index = mthca_alloc(&dev->mcg_table.alloc);
if (index == -1) {
Reported by FlawFinder.
Line: 161
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memset(mgm, 0, sizeof *mgm);
memcpy(mgm->gid, gid->raw, 16);
}
for (i = 0; i < MTHCA_QP_PER_MGM; ++i)
if (mgm->qp[i] == cpu_to_be32(ibqp->qp_num | (1 << 31))) {
mthca_dbg(dev, "QP %06x already a member of MGM\n",
Reported by FlawFinder.
drivers/infiniband/hw/mthca/mthca_cmd.c
3 issues
Line: 1892
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return PTR_ERR(outmailbox);
}
memcpy(inbox, in_mad, 256);
/*
* Key check traps can't be generated unless we have in_wc to
* tell us where to send the trap.
*/
Reported by FlawFinder.
Line: 1922
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MTHCA_PUT(inbox, in_wc->pkey_index, MAD_IFC_PKEY_OFFSET);
if (in_grh)
memcpy(inbox + MAD_IFC_GRH_OFFSET, in_grh, 40);
op_modifier |= 0x4;
in_modifier |= ib_lid_cpu16(in_wc->slid) << 16;
}
Reported by FlawFinder.
Line: 1934
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CMD_MAD_IFC, CMD_TIME_CLASS_C);
if (!err)
memcpy(response_mad, outmailbox->buf, 256);
mthca_free_mailbox(dev, inmailbox);
mthca_free_mailbox(dev, outmailbox);
return err;
}
Reported by FlawFinder.
drivers/md/dm-clone-target.c
3 issues
Line: 1435
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ssize_t sz = 0;
dm_block_t nr_free_metadata_blocks = 0;
dm_block_t nr_metadata_blocks = 0;
char buf[BDEVNAME_SIZE];
struct clone *clone = ti->private;
switch (type) {
case STATUSTYPE_INFO:
if (get_clone_mode(clone) == CM_FAIL) {
Reported by FlawFinder.
Line: 1680
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int r;
sector_t metadata_dev_size;
char b[BDEVNAME_SIZE];
r = dm_get_device(clone->ti, dm_shift_arg(as), FMODE_READ | FMODE_WRITE,
&clone->metadata_dev);
if (r) {
*error = "Error opening metadata device";
Reported by FlawFinder.
Line: 2031
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct block_device *dest_dev = clone->dest_dev->bdev;
struct queue_limits *dest_limits = &bdev_get_queue(dest_dev)->limits;
const char *reason = NULL;
char buf[BDEVNAME_SIZE];
if (!test_bit(DM_CLONE_DISCARD_PASSDOWN, &clone->flags))
return;
if (!bdev_supports_discards(dest_dev))
Reported by FlawFinder.
drivers/infiniband/ulp/opa_vnic/opa_vnic_netdev.c
3 issues
Line: 75
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock(&adapter->stats_lock);
adapter->rn_ops->ndo_get_stats64(netdev, &vstats.netstats);
spin_unlock(&adapter->stats_lock);
memcpy(stats, &vstats.netstats, sizeof(*stats));
}
/* opa_netdev_start_xmit - transmit function */
static netdev_tx_t opa_netdev_start_xmit(struct sk_buff *skb,
struct net_device *netdev)
Reported by FlawFinder.
Line: 149
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ARRAY_SIZE(info->vport.base_mac_addr))) {
struct sockaddr saddr;
memcpy(saddr.sa_data, info->vport.base_mac_addr,
ARRAY_SIZE(info->vport.base_mac_addr));
mutex_lock(&adapter->lock);
eth_commit_mac_addr_change(netdev, &saddr);
memcpy(adapter->vema_mac_addr,
info->vport.base_mac_addr, ETH_ALEN);
Reported by FlawFinder.
Line: 153
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ARRAY_SIZE(info->vport.base_mac_addr));
mutex_lock(&adapter->lock);
eth_commit_mac_addr_change(netdev, &saddr);
memcpy(adapter->vema_mac_addr,
info->vport.base_mac_addr, ETH_ALEN);
mutex_unlock(&adapter->lock);
}
rn->set_id(netdev, info->vesw.vesw_id);
Reported by FlawFinder.
drivers/iommu/intel/irq_remapping.c
3 issues
Line: 511
CWE codes:
908
iommu->gcmd |= DMA_GCMD_IRE;
writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
readl, (sts & DMA_GSTS_IRES), sts);
/* Block compatibility-format MSIs */
if (sts & DMA_GSTS_CFIS) {
iommu->gcmd &= ~DMA_GCMD_CFI;
writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
Reported by Cppcheck.
Line: 835
}
if (!setup)
goto error;
irq_remapping_enabled = 1;
set_irq_posting_cap();
Reported by Cppcheck.
Line: 454
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
/* Copy data over */
memcpy(iommu->ir_table->base, old_ir_table, size);
__iommu_flush_cache(iommu, iommu->ir_table->base, size);
/*
* Now check the table for used entries and mark those as
Reported by FlawFinder.
drivers/leds/leds-lm3530.c
3 issues
Line: 359
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
drvdata = container_of(led_cdev, struct lm3530_data, led_dev);
for (i = 0; i < ARRAY_SIZE(mode_map); i++)
if (drvdata->mode == mode_map[i].mode_val)
len += sprintf(buf + len, "[%s] ", mode_map[i].mode);
else
len += sprintf(buf + len, "%s ", mode_map[i].mode);
len += sprintf(buf + len, "\n");
Reported by FlawFinder.
Line: 361
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (drvdata->mode == mode_map[i].mode_val)
len += sprintf(buf + len, "[%s] ", mode_map[i].mode);
else
len += sprintf(buf + len, "%s ", mode_map[i].mode);
len += sprintf(buf + len, "\n");
return len;
}
Reported by FlawFinder.
Line: 363
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
len += sprintf(buf + len, "%s ", mode_map[i].mode);
len += sprintf(buf + len, "\n");
return len;
}
static ssize_t mode_store(struct device *dev, struct device_attribute
Reported by FlawFinder.
drivers/md/dm-cache-target.c
3 issues
Line: 2026
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int r;
sector_t metadata_dev_size;
char b[BDEVNAME_SIZE];
if (!at_least_one_arg(as, error))
return -EINVAL;
r = dm_get_device(ca->ti, dm_shift_arg(as), FMODE_READ | FMODE_WRITE,
Reported by FlawFinder.
Line: 3040
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ssize_t sz = 0;
dm_block_t nr_free_blocks_metadata = 0;
dm_block_t nr_blocks_metadata = 0;
char buf[BDEVNAME_SIZE];
struct cache *cache = ti->private;
dm_cblock_t residency;
bool needs_check;
switch (type) {
Reported by FlawFinder.
Line: 3332
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct block_device *origin_bdev = cache->origin_dev->bdev;
struct queue_limits *origin_limits = &bdev_get_queue(origin_bdev)->limits;
const char *reason = NULL;
char buf[BDEVNAME_SIZE];
if (!cache->features.discard_passdown)
return;
if (!origin_dev_supports_discard(origin_bdev))
Reported by FlawFinder.
drivers/infiniband/hw/mlx5/qp.c
3 issues
Line: 158
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!copy_length)
break;
memcpy(buffer + bytes_copied, p, copy_length);
bytes_copied += copy_length;
wqe_index = (wqe_index + 1) & qp->sq.fbc.sz_m1;
p = mlx5_frag_buf_get_wqe(&qp->sq.fbc, wqe_index);
}
Reported by FlawFinder.
Line: 1709
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
MLX5_SET(tirc, tirc, rx_hash_fn, MLX5_RX_HASH_FN_TOEPLITZ);
memcpy(rss_key, ucmd->rx_hash_key, len);
break;
}
default:
err = -EOPNOTSUPP;
goto err;
Reported by FlawFinder.
Line: 3341
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(ads, path, hop_limit, grh->hop_limit);
MLX5_SET(ads, path, tclass, grh->traffic_class);
MLX5_SET(ads, path, flow_label, grh->flow_label);
memcpy(MLX5_ADDR_OF(ads, path, rgid_rip), grh->dgid.raw,
sizeof(grh->dgid.raw));
}
err = ib_rate_to_mlx5(dev, rdma_ah_get_static_rate(ah));
if (err < 0)
Reported by FlawFinder.