The following issues were found

arch/powerpc/kvm/book3s_64_mmu.c
2 issues
Array 'pteg[16]' accessed at index 16, which is out of bounds.
Error

Line: 288 CWE codes: 788 

              		goto do_second;
	}

	v = be64_to_cpu(pteg[i]);
	r = be64_to_cpu(pteg[i+1]);
	pp = (r & HPTE_R_PP) | key;
	if (r & HPTE_R_PP0)
		pp |= 8;

Reported by Cppcheck.

Array 'pteg[16]' accessed at index 17, which is out of bounds.
Error

Line: 289 CWE codes: 788 

              	}

	v = be64_to_cpu(pteg[i]);
	r = be64_to_cpu(pteg[i+1]);
	pp = (r & HPTE_R_PP) | key;
	if (r & HPTE_R_PP0)
		pp |= 8;

	gpte->eaddr = eaddr;

Reported by Cppcheck.

arch/powerpc/kvm/mpic.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1240 Column: 8 CWE codes: 120 20 

              }

struct mem_reg {
	int (*read)(void *opaque, gpa_t addr, u32 *ptr);
	int (*write)(void *opaque, gpa_t addr, u32 val);
	gpa_t start_addr;
	int size;
};

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1349 Column: 14 CWE codes: 120 20 

              		if (mr->start_addr > addr || addr >= mr->start_addr + mr->size)
			continue;

		return mr->read(opp, addr - mr->start_addr, ptr);
	}

	return -ENXIO;
}

Reported by FlawFinder.

arch/powerpc/kvm/timing.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 100 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			TIMEINGUEST);
}

static const char *kvm_exit_names[__NUMBER_OF_KVM_EXIT_TYPES] = {
	[MMIO_EXITS] =              "MMIO",
	[SIGNAL_EXITS] =            "SIGNAL",
	[ITLB_REAL_MISS_EXITS] =    "ITLBREAL",
	[ITLB_VIRT_MISS_EXITS] =    "ITLBVIRT",
	[DTLB_REAL_MISS_EXITS] =    "DTLBREAL",

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 209 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
void kvmppc_create_vcpu_debugfs(struct kvm_vcpu *vcpu, unsigned int id)
{
	static char dbg_fname[50];
	struct dentry *debugfs_file;

	snprintf(dbg_fname, sizeof(dbg_fname), "vm%u_vcpu%u_timing",
		 current->pid, id);
	debugfs_file = debugfs_create_file(dbg_fname, 0666, kvm_debugfs_dir,

Reported by FlawFinder.

arch/powerpc/lib/restart_table.c
2 issues
Comparing pointers that point to different objects
Error

Line: 26 CWE codes: 570 

              {
	struct soft_mask_table_entry *smte = __start___soft_mask_table;

	while (smte < __stop___soft_mask_table) {
		unsigned long start = smte->start;
		unsigned long end = smte->end;

		if (addr >= start && addr < end)
			return true;

Reported by Cppcheck.

Comparing pointers that point to different objects
Error

Line: 44 CWE codes: 570 

              {
	struct restart_table_entry *rte = __start___restart_table;

	while (rte < __stop___restart_table) {
		unsigned long start = rte->start;
		unsigned long end = rte->end;
		unsigned long fixup = rte->fixup;

		if (addr >= start && addr < end)

Reported by Cppcheck.

arch/powerpc/perf/callchain_32.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 42 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               * Layout for non-RT signal frames
 */
struct signal_frame_32 {
	char			dummy[__SIGNAL_FRAMESIZE32];
	struct sigcontext32	sctx;
	struct mcontext32	mctx;
	int			abigap[56];
};

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 52 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               * Layout for RT signal frames
 */
struct rt_signal_frame_32 {
	char			dummy[__SIGNAL_FRAMESIZE32 + 16];
	compat_siginfo_t	info;
	struct ucontext32	uc;
	int			abigap[56];
};

Reported by FlawFinder.

arch/powerpc/perf/hv-gpci-requests.h
2 issues
There is an unknown macro here somewhere. Configuration is required. If REQUEST is a macro then please configure it.
Error

Line: 52 

              #define REQUEST_NUM 0x10
#define REQUEST_IDX_KIND "phys_processor_idx=?"
#include I(REQUEST_BEGIN)
REQUEST(__count(0,	8,	processor_time_in_timebase_cycles)
	__field(0x8,	4,	hw_processor_id)
	__field(0xC,	2,	owning_part_id)
	__field(0xE,	1,	processor_state)
	__field(0xF,	1,	version)
	__field(0x10,	4,	hw_chip_id)

Reported by Cppcheck.

There is an unknown macro here somewhere. Configuration is required. If REQUEST is a macro then please configure it.
Error

Line: 52 

              #define REQUEST_NUM 0x10
#define REQUEST_IDX_KIND "phys_processor_idx=?"
#include I(REQUEST_BEGIN)
REQUEST(__count(0,	8,	processor_time_in_timebase_cycles)
	__field(0x8,	4,	hw_processor_id)
	__field(0xC,	2,	owning_part_id)
	__field(0xE,	1,	processor_state)
	__field(0xF,	1,	version)
	__field(0x10,	4,	hw_chip_id)

Reported by Cppcheck.

arch/powerpc/perf/hv-gpci.c
2 issues
sprintf - Potential format string problem
Security

Line: 88 Column: 9 CWE codes: 134
Suggestion: Make format string constant 

              	if (hret)						\
		return -EIO;					\
								\
	return sprintf(page, _format, caps._name);		\
}								\
static struct device_attribute hv_caps_attr_##_name = __ATTR_RO(_name)

static ssize_t kernel_version_show(struct device *dev,
				   struct device_attribute *attr,

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 96 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              				   struct device_attribute *attr,
				   char *page)
{
	return sprintf(page, "0x%x\n", COUNTER_INFO_VERSION_CURRENT);
}

static ssize_t cpumask_show(struct device *dev,
			    struct device_attribute *attr, char *buf)
{

Reported by FlawFinder.

arch/powerpc/platforms/4xx/cpm.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 132 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
	for (i = 0; i < ARRAY_SIZE(idle_mode); i++) {
		if (idle_mode[i].enabled)
			s += sprintf(s, "[%s] ", idle_mode[i].name);
		else
			s += sprintf(s, "%s ", idle_mode[i].name);
	}

	*(s-1) = '\n'; /* convert the last space to a newline */

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 134 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              		if (idle_mode[i].enabled)
			s += sprintf(s, "[%s] ", idle_mode[i].name);
		else
			s += sprintf(s, "%s ", idle_mode[i].name);
	}

	*(s-1) = '\n'; /* convert the last space to a newline */

	return s - buf;

Reported by FlawFinder.

arch/powerpc/platforms/85xx/mpc85xx_mds.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 292 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int __init board_fixups(void)
{
	char phy_id[20];
	char *compstrs[2] = {"fsl,gianfar-mdio", "fsl,ucc-mdio"};
	struct device_node *mdio;
	struct resource res;
	int i;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 293 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int __init board_fixups(void)
{
	char phy_id[20];
	char *compstrs[2] = {"fsl,gianfar-mdio", "fsl,ucc-mdio"};
	struct device_node *mdio;
	struct resource res;
	int i;

	for (i = 0; i < ARRAY_SIZE(compstrs); i++) {

Reported by FlawFinder.

arch/powerpc/platforms/cell/spu_base.c
2 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 171 Column: 54 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              	return 0;
}

extern int hash_page(unsigned long ea, unsigned long access,
		     unsigned long trap, unsigned long dsisr); //XXX
static int __spu_trap_data_map(struct spu *spu, unsigned long ea, u64 dsisr)
{
	int ret;

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 649 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              {
	struct spu *spu = container_of(dev, struct spu, dev);

	return sprintf(buf, "%s %llu %llu %llu %llu "
		      "%llu %llu %llu %llu %llu %llu %llu %llu\n",
		spu_state_names[spu->stats.util_state],
		spu_acct_time(spu, SPU_UTIL_USER),
		spu_acct_time(spu, SPU_UTIL_SYSTEM),
		spu_acct_time(spu, SPU_UTIL_IOWAIT),

Reported by FlawFinder.