The following issues were found

tools/virtio/ringtest/main.c
2 issues
getopt_long - Some older implementations do not protect against internal buffer overflows
Security

Line: 308 Column: 11 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	assert(callfd >= 0);

	for (;;) {
		int o = getopt_long(argc, argv, optstring, longopts, NULL);
		switch (o) {
		case -1:
			goto done;
		case '?':
			help();

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 51 Column: 6 CWE codes: 120 20 

              	int r;

	vmexit();
	r = read(fd, &v, sizeof v);
	assert(r == sizeof v);
	vmentry();
}

void kick(void)

Reported by FlawFinder.

tools/virtio/ringtest/main.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 180 Column: 27 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
#define READ_ONCE(x) \
({									\
	union { typeof(x) __val; char __c[1]; } __u;			\
	__read_once_size(&(x), __u.__c, sizeof(x));		\
	smp_read_barrier_depends(); /* Enforce dependency ordering from x */ \
	__u.__val;							\
})

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 188 Column: 27 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
#define WRITE_ONCE(x, val) \
({							\
	union { typeof(x) __val; char __c[1]; } __u =	\
		{ .__val = (typeof(x)) (val) }; \
	__write_once_size(&(x), __u.__c, sizeof(x));	\
	__u.__val;					\
})

Reported by FlawFinder.

tools/testing/selftests/vm/map_fixed_noreplace.c
2 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 28 Column: 2 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              	char cmd[32];

	snprintf(cmd, sizeof(cmd), "cat /proc/%d/maps", getpid());
	system(cmd);
}

int main(void)
{
	unsigned long flags, addr, size, page_size;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 25 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static void dump_maps(void)
{
	char cmd[32];

	snprintf(cmd, sizeof(cmd), "cat /proc/%d/maps", getpid());
	system(cmd);
}

Reported by FlawFinder.

tools/usb/usbip/src/usbip.c
2 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 123 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	(void) argc;
	(void) argv;

	printf(PROGNAME " (%s)\n", usbip_version_string);
	return 0;
}

static int run_command(const struct command *cmd, int argc, char *argv[])
{

Reported by FlawFinder.

getopt_long - Some older implementations do not protect against internal buffer overflows
Security

Line: 149 Column: 9 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	usbip_use_stderr = 1;
	opterr = 0;
	for (;;) {
		opt = getopt_long(argc, argv, "+dlt:", opts, NULL);

		if (opt == -1)
			break;

		switch (opt) {

Reported by FlawFinder.

tools/virtio/ringtest/virtio_ring_0_9.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 51 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #else
	unsigned short reserved_free_head;
#endif
	unsigned char reserved[HOST_GUEST_PADDING - 10];
} guest;

struct host {
	/* we do not need to track last avail index
	 * unless we have more than one in flight.

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 60 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	 */
	unsigned short used_idx;
	unsigned short called_used_idx;
	unsigned char reserved[HOST_GUEST_PADDING - 4];
} host;

/* implemented by ring */
void alloc_ring(void)
{

Reported by FlawFinder.

tools/testing/selftests/timens/futex.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 65 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              int main(int argc, char *argv[])
{
	int status, len, fd;
	char buf[4096];
	pid_t pid;
	struct timespec mtime_now;

	nscheck();

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 80 Column: 7 CWE codes: 362 

              
	len = snprintf(buf, sizeof(buf), "%d %d 0",
			CLOCK_MONOTONIC, 70 * 24 * 3600);
	fd = open("/proc/self/timens_offsets", O_WRONLY);
	if (fd < 0)
		return pr_perror("/proc/self/timens_offsets");

	if (write(fd, buf, len) != len)
		return pr_perror("/proc/self/timens_offsets");

Reported by FlawFinder.

tools/testing/selftests/x86/fsgsbase.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 281 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			NULL, sizeof(desc),
			PROT_READ | PROT_WRITE,
			MAP_PRIVATE | MAP_ANONYMOUS | MAP_32BIT, -1, 0);
		memcpy(low_desc, &desc, sizeof(desc));

		low_desc->entry_number = set_thread_area_entry_number;

		/* 32-bit set_thread_area */
		long ret;

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 200 Column: 3 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		err(1, "ARCH_SET_GS");

	if (schedule)
		usleep(10);

	asm volatile ("mov %0, %%gs" : : "rm" (0));
	base = read_base(GS);
	if (syscall(SYS_arch_prctl, ARCH_GET_GS, &arch_base) != 0)
		err(1, "ARCH_GET_GS");

Reported by FlawFinder.

tools/testing/selftests/vm/virtual_address_range.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 99 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
int main(int argc, char *argv[])
{
	char *ptr[NR_CHUNKS_LOW];
	char *hptr[NR_CHUNKS_HIGH];
	char *hint;
	unsigned long i, lchunks, hchunks;

	for (i = 0; i < NR_CHUNKS_LOW; i++) {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 100 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              int main(int argc, char *argv[])
{
	char *ptr[NR_CHUNKS_LOW];
	char *hptr[NR_CHUNKS_HIGH];
	char *hint;
	unsigned long i, lchunks, hchunks;

	for (i = 0; i < NR_CHUNKS_LOW; i++) {
		ptr[i] = mmap(NULL, MAP_CHUNK_SIZE, PROT_READ | PROT_WRITE,

Reported by FlawFinder.

tools/testing/selftests/tc-testing/tdc_multibatch.py
2 issues
Starting a process with a shell, possible injection detected, security issue.
Security injection

Line: 62
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b605_start_process_with_a_shell.html 

              
for i in range(num_files):
    file = dir + '/' + file_prefix + str(i)
    os.system("./tdc_batch.py -n {} -a {} -e {} -m {} {} {}".format(
        num_filters, handle, operation, i + mac_prefix, device, file))
    if not duplicate_handles:
        handle += num_filters

Reported by Bandit.

Redefining built-in 'dir'
Error

Line: 51 Column: 1 

              args = parser.parse_args()

device = args.device
dir = args.dir
file_prefix = args.file_prefix + args.operation + "_"
num_filters = args.num_filters
num_files = args.num_files
operation = args.operation
duplicate_handles = args.duplicate_handles

Reported by Pylint.

tools/testing/selftests/vDSO/vdso_test_clock_getres.c
2 issues
Uninitialized variable: ret
Error

Line: 120 CWE codes: 908 

              #endif

#endif
	if (ret > 0)
		return KSFT_FAIL;

	return KSFT_PASS;
}

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 39 Column: 7 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	return ret;
}

const char *vdso_clock_name[12] = {
	"CLOCK_REALTIME",
	"CLOCK_MONOTONIC",
	"CLOCK_PROCESS_CPUTIME_ID",
	"CLOCK_THREAD_CPUTIME_ID",
	"CLOCK_MONOTONIC_RAW",

Reported by FlawFinder.