The following issues were found
arch/arm/mach-zynq/platsmp.c
2 issues
Line: 32
CWE codes:
570
int zynq_cpun_start(u32 address, int cpu)
{
u32 trampoline_code_size = &zynq_secondary_trampoline_end -
&zynq_secondary_trampoline;
u32 phy_cpuid = cpu_logical_map(cpu);
/* MS: Expectation that SLCR are directly map and accessible */
/* Not possible to jump to non aligned address */
Reported by Cppcheck.
Line: 41
CWE codes:
570
if (!(address & 3) && (!address || (address >= trampoline_code_size))) {
/* Store pointer to ioremap area which points to address 0x0 */
static u8 __iomem *zero;
u32 trampoline_size = &zynq_secondary_trampoline_jump -
&zynq_secondary_trampoline;
zynq_slcr_cpu_stop(phy_cpuid);
if (address) {
if (__pa(PAGE_OFFSET)) {
Reported by Cppcheck.
arch/arm/mm/mmu.c
2 issues
Line: 73
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EXPORT_SYMBOL(pgprot_kernel);
struct cachepolicy {
const char policy[16];
unsigned int cr_mask;
pmdval_t pmd;
pteval_t pte;
};
Reported by FlawFinder.
Line: 146
Column: 13
CWE codes:
126
int i, selected = -1;
for (i = 0; i < ARRAY_SIZE(cache_policies); i++) {
int len = strlen(cache_policies[i].policy);
if (memcmp(p, cache_policies[i].policy, len) == 0) {
selected = i;
break;
}
Reported by FlawFinder.
arch/arm/mm/pgd.c
2 issues
Line: 48
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Copy over the kernel and IO PGD entries
*/
init_pgd = pgd_offset_k(0);
memcpy(new_pgd + USER_PTRS_PER_PGD, init_pgd + USER_PTRS_PER_PGD,
(PTRS_PER_PGD - USER_PTRS_PER_PGD) * sizeof(pgd_t));
clean_dcache_area(new_pgd, PTRS_PER_PGD * sizeof(pgd_t));
#ifdef CONFIG_ARM_LPAE
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
init_pud = pud_offset(init_p4d, TASK_SIZE);
init_pmd = pmd_offset(init_pud, TASK_SIZE);
new_pmd = pmd_offset(new_pud, TASK_SIZE);
memcpy(new_pmd, init_pmd,
(pmd_index(MODULES_VADDR) - pmd_index(TASK_SIZE))
* sizeof(pmd_t));
clean_dcache_area(new_pmd, PTRS_PER_PMD * sizeof(pmd_t));
#endif /* CONFIG_KASAN */
#endif /* CONFIG_LPAE */
Reported by FlawFinder.
arch/arm/probes/kprobes/opt-arm.c
2 issues
Line: 237
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy arch-dep-instance from template. */
memcpy(code, (unsigned long *)optprobe_template_entry,
TMPL_END_IDX * sizeof(kprobe_opcode_t));
/* Adjust buffer according to instruction. */
BUG_ON(orig->ainsn.stack_space < 0);
Reported by FlawFinder.
Line: 303
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Backup instructions which will be replaced
* by jump address
*/
memcpy(op->optinsn.copied_insn, op->kp.addr,
RELATIVEJUMP_SIZE);
insn = arm_gen_branch((unsigned long)op->kp.addr,
(unsigned long)op->optinsn.insn);
BUG_ON(insn == 0);
Reported by FlawFinder.
arch/arm/probes/kprobes/test-core.c
2 issues
Line: 710
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define COVERAGE_PC (1<<2)
#define COVERAGE_PCWB (1<<3)
static const char coverage_register_lookup[16] = {
[REG_TYPE_ANY] = COVERAGE_ANY_REG | COVERAGE_SP | COVERAGE_PC,
[REG_TYPE_SAMEAS16] = COVERAGE_ANY_REG,
[REG_TYPE_SP] = COVERAGE_SP,
[REG_TYPE_PC] = COVERAGE_PC,
[REG_TYPE_NOSP] = COVERAGE_ANY_REG | COVERAGE_SP,
Reported by FlawFinder.
Line: 1501
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Save results from run without probe */
u32 *mem = (u32 *)result_regs.ARM_sp;
expected_regs = result_regs;
memcpy(expected_memory, mem, expected_memory_size(mem));
/* Insert probe onto test case instruction */
if (register_test_probe(&test_case_probe) < 0) {
test_case_failed("register test_case_probe failed");
goto fail;
Reported by FlawFinder.
arch/arm64/crypto/sha1-ce-glue.c
2 issues
Line: 104
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha1_ce_state *sctx = shash_desc_ctx(desc);
memcpy(out, &sctx->sst, sizeof(struct sha1_state));
return 0;
}
static int sha1_ce_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha1_ce_state *sctx = shash_desc_ctx(desc);
memcpy(&sctx->sst, in, sizeof(struct sha1_state));
sctx->finalize = 0;
return 0;
}
static struct shash_alg alg = {
Reported by FlawFinder.
arch/arm64/crypto/sha2-ce-glue.c
2 issues
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha256_ce_state *sctx = shash_desc_ctx(desc);
memcpy(out, &sctx->sst, sizeof(struct sha256_state));
return 0;
}
static int sha256_ce_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 131
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha256_ce_state *sctx = shash_desc_ctx(desc);
memcpy(&sctx->sst, in, sizeof(struct sha256_state));
sctx->finalize = 0;
return 0;
}
static struct shash_alg algs[] = { {
Reported by FlawFinder.
arch/arm64/crypto/sha3-ce-glue.c
2 issues
Line: 49
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sctx->partial) {
int p = sctx->rsiz - sctx->partial;
memcpy(sctx->buf + sctx->partial, data, p);
kernel_neon_begin();
sha3_ce_transform(sctx->st, sctx->buf, 1, digest_size);
kernel_neon_end();
data += p;
Reported by FlawFinder.
Line: 75
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (len) {
memcpy(sctx->buf + sctx->partial, data, len);
sctx->partial += len;
}
return 0;
}
Reported by FlawFinder.
arch/arm64/include/asm/arch_timer.h
2 issues
Line: 105
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* the code.
*/
static __always_inline
void arch_timer_reg_write_cp15(int access, enum arch_timer_reg reg, u32 val)
{
if (access == ARCH_TIMER_PHYS_ACCESS) {
switch (reg) {
case ARCH_TIMER_REG_CTRL:
write_sysreg(val, cntp_ctl_el0);
Reported by FlawFinder.
Line: 131
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
static __always_inline
u32 arch_timer_reg_read_cp15(int access, enum arch_timer_reg reg)
{
if (access == ARCH_TIMER_PHYS_ACCESS) {
switch (reg) {
case ARCH_TIMER_REG_CTRL:
return read_sysreg(cntp_ctl_el0);
Reported by FlawFinder.
arch/arm64/include/asm/barrier.h
2 issues
Line: 96
Column: 44
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define __smp_store_release(p, v) \
do { \
typeof(p) __p = (p); \
union { __unqual_scalar_typeof(*p) __val; char __c[1]; } __u = \
{ .__val = (__force __unqual_scalar_typeof(*p)) (v) }; \
compiletime_assert_atomic_type(*p); \
kasan_check_write(__p, sizeof(*p)); \
switch (sizeof(*p)) { \
case 1: \
Reported by FlawFinder.
Line: 130
Column: 44
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define __smp_load_acquire(p) \
({ \
union { __unqual_scalar_typeof(*p) __val; char __c[1]; } __u; \
typeof(p) __p = (p); \
compiletime_assert_atomic_type(*p); \
kasan_check_read(__p, sizeof(*p)); \
switch (sizeof(*p)) { \
case 1: \
Reported by FlawFinder.