The following issues were found
arch/s390/include/uapi/asm/ucontext.h
2 issues
Line: 27
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_sigregs uc_mcontext;
sigset_t uc_sigmask;
/* Allow for uc_sigmask growth. Glibc uses a 1024-bit sigset_t. */
unsigned char __unused[128 - sizeof(sigset_t)];
_sigregs_ext uc_mcontext_ext;
};
struct ucontext {
unsigned long uc_flags;
Reported by FlawFinder.
Line: 38
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_sigregs uc_mcontext;
sigset_t uc_sigmask;
/* Allow for uc_sigmask growth. Glibc uses a 1024-bit sigset_t. */
unsigned char __unused[128 - sizeof(sigset_t)];
};
#endif /* !_ASM_S390_UCONTEXT_H */
Reported by FlawFinder.
arch/s390/kernel/idle.c
2 issues
Line: 85
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (READ_ONCE(idle->clock_idle_enter))
idle_count++;
} while (read_seqcount_retry(&idle->seqcount, seq));
return sprintf(buf, "%lu\n", idle_count);
}
DEVICE_ATTR(idle_count, 0444, show_idle_count, NULL);
static ssize_t show_idle_time(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 112
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
idle_time += in_idle;
return sprintf(buf, "%lu\n", idle_time >> 12);
}
DEVICE_ATTR(idle_time_us, 0444, show_idle_time, NULL);
u64 arch_cpu_idle_time(int cpu)
{
Reported by FlawFinder.
arch/s390/kernel/machine_kexec.c
2 issues
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* This need to be done *after* s390_reset_system set the
* prefix register of this CPU to zero
*/
memcpy((void *) __LC_FPREGS_SAVE_AREA,
(void *)(prefix + __LC_FPREGS_SAVE_AREA), 512);
__load_psw_mask(PSW_MASK_BASE | PSW_DEFAULT_KEY | PSW_MASK_EA | PSW_MASK_BA);
start_kdump = (void *)((struct kimage *) image)->start;
start_kdump(1);
Reported by FlawFinder.
Line: 214
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reboot_code_buffer = (void *) page_to_phys(image->control_code_page);
/* Then copy it */
memcpy(reboot_code_buffer, relocate_kernel, relocate_kernel_len);
return 0;
}
void machine_kexec_cleanup(struct kimage *image)
{
Reported by FlawFinder.
arch/s390/kernel/machine_kexec_file.c
2 issues
Line: 234
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = -EINVAL;
goto out;
}
memcpy(data.parm->command_line, image->cmdline_buf,
image->cmdline_buf_len);
if (image->type == KEXEC_TYPE_CRASH) {
data.parm->oldmem_base = crashk_res.start;
data.parm->oldmem_size = crashk_res.end - crashk_res.start + 1;
Reported by FlawFinder.
Line: 255
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (data.kernel_mem == 0) {
unsigned long restart_psw = 0x0008000080000000UL;
restart_psw += image->start;
memcpy(data.kernel_buf, &restart_psw, sizeof(restart_psw));
image->start = 0;
}
ret = kexec_file_add_ipl_report(image, &data);
out:
Reported by FlawFinder.
arch/s390/kernel/perf_cpum_sf.c
2 issues
Line: 2120
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
if (!cpum_sf_avail())
return -ENODEV;
return sprintf(buffer, "%lu,%lu", CPUM_SF_MIN_SDB, CPUM_SF_MAX_SDB);
}
static int param_set_sfb_size(const char *val, const struct kernel_param *kp)
{
int rc;
Reported by FlawFinder.
Line: 2130
Column: 15
CWE codes:
126
if (!cpum_sf_avail())
return -ENODEV;
if (!val || !strlen(val))
return -EINVAL;
/* Valid parameter values: "min,max" or "max" */
min = CPUM_SF_MIN_SDB;
max = CPUM_SF_MAX_SDB;
Reported by FlawFinder.
arch/s390/kernel/sysinfo.c
2 issues
Line: 560
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
debugfs_create_file(sf->name, 0400, stsi_root, NULL, sf->fops);
}
if (IS_ENABLED(CONFIG_SCHED_TOPOLOGY) && MACHINE_HAS_TOPOLOGY) {
char link_to[10];
sprintf(link_to, "15_1_%d", topology_mnest_limit());
debugfs_create_symlink("topology", stsi_root, link_to);
}
return 0;
Reported by FlawFinder.
Line: 562
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ENABLED(CONFIG_SCHED_TOPOLOGY) && MACHINE_HAS_TOPOLOGY) {
char link_to[10];
sprintf(link_to, "15_1_%d", topology_mnest_limit());
debugfs_create_symlink("topology", stsi_root, link_to);
}
return 0;
}
device_initcall(stsi_init_debugfs);
Reported by FlawFinder.
arch/s390/kernel/vdso.c
2 issues
Line: 177
CWE codes:
570
return -EINTR;
if (is_compat_task()) {
vdso_text_len = vdso32_end - vdso32_start;
vdso_mapping = &vdso32_mapping;
} else {
vdso_text_len = vdso64_end - vdso64_start;
vdso_mapping = &vdso64_mapping;
}
Reported by Cppcheck.
Line: 180
CWE codes:
570
vdso_text_len = vdso32_end - vdso32_start;
vdso_mapping = &vdso32_mapping;
} else {
vdso_text_len = vdso64_end - vdso64_start;
vdso_mapping = &vdso64_mapping;
}
vdso_mapping_len = vdso_text_len + VVAR_NR_PAGES * PAGE_SIZE;
vvar_start = get_unmapped_area(NULL, 0, vdso_mapping_len, 0, 0);
rc = vvar_start;
Reported by Cppcheck.
arch/s390/lib/test_unwind.c
2 issues
Line: 72
Column: 14
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
sprint_symbol(sym, addr);
if (bt_pos < BT_BUF_SIZE) {
bt_pos += snprintf(bt + bt_pos, BT_BUF_SIZE - bt_pos,
state.reliable ? " [%-7s%px] %pSR\n" :
"([%-7s%px] %pSR)\n",
stack_type_name(state.stack_info.type),
(void *)state.sp, (void *)state.ip);
if (bt_pos >= BT_BUF_SIZE)
Reported by FlawFinder.
Line: 61
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
seen_func2_func1 = 0;
unwind_for_each_frame(&state, task, regs, sp) {
unsigned long addr = unwind_get_return_address(&state);
char sym[KSYM_SYMBOL_LEN];
if (frame_count++ == max_frames)
break;
if (state.reliable && !addr) {
pr_err("unwind state reliable but addr is 0\n");
Reported by FlawFinder.
arch/s390/pci/pci_sysfs.c
2 issues
Line: 26
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
{ \
struct zpci_dev *zdev = to_zpci(to_pci_dev(dev)); \
\
return sprintf(buf, fmt, zdev->member); \
} \
static DEVICE_ATTR_RO(name)
zpci_attr(function_id, "0x%08x\n", fid);
zpci_attr(function_handle, "0x%08x\n", fh);
Reported by FlawFinder.
Line: 48
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
{
struct zpci_dev *zdev = to_zpci(to_pci_dev(dev));
return sprintf(buf, zpci_use_mio(zdev) ? "1\n" : "0\n");
}
static DEVICE_ATTR_RO(mio_enabled);
static ssize_t recover_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
arch/sh/boards/mach-highlander/setup.c
2 issues
Line: 388
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pm_power_off = r7780rp_power_off;
}
static unsigned char irl2irq[HL_NR_IRL];
static int highlander_irq_demux(int irq)
{
if (irq >= HL_NR_IRL || irq < 0 || !irl2irq[irq])
return irq;
Reported by FlawFinder.
Line: 404
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ucp) {
plat_irq_setup_pins(IRQ_MODE_IRL3210);
memcpy(irl2irq, ucp, HL_NR_IRL);
}
}
/*
* The Machine Vector
Reported by FlawFinder.