The following issues were found
drivers/net/ethernet/ti/am65-cpsw-nuss.c
2 issues
Line: 2452
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attrs.flavour = DEVLINK_PORT_FLAVOUR_PHYSICAL;
attrs.phys.port_number = port->port_id;
attrs.switch_id.id_len = sizeof(resource_size_t);
memcpy(attrs.switch_id.id, common->switch_id, attrs.switch_id.id_len);
devlink_port_attrs_set(dl_port, &attrs);
ret = devlink_port_register(common->devlink, dl_port, port->port_id);
if (ret) {
dev_err(dev, "devlink_port reg fail for port %d, ret:%d\n",
Reported by FlawFinder.
Line: 2642
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
common->cpsw_base = common->ss_base + AM65_CPSW_CPSW_NU_BASE;
/* Use device's physical base address as switch id */
id_temp = cpu_to_be64(res->start);
memcpy(common->switch_id, &id_temp, sizeof(res->start));
node = of_get_child_by_name(dev->of_node, "ethernet-ports");
if (!node)
return -ENOENT;
common->port_num = of_get_child_count(node);
Reported by FlawFinder.
drivers/net/ethernet/ti/am65-cpsw-nuss.h
2 issues
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int irq;
u32 id;
u32 descs_num;
char tx_chn_name[128];
};
struct am65_cpsw_rx_chn {
struct device *dev;
struct device *dma_dev;
Reported by FlawFinder.
Line: 142
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct devlink *devlink;
struct net_device *hw_bridge_dev;
struct notifier_block am65_cpsw_netdevice_nb;
unsigned char switch_id[MAX_PHYS_ITEM_ID_LEN];
};
struct am65_cpsw_ndev_stats {
u64 tx_packets;
u64 tx_bytes;
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/power.c
2 issues
Line: 458
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iwl_mvm_power_build_cmd(mvm, vif, &cmd);
iwl_mvm_power_log(mvm, &cmd);
#ifdef CONFIG_IWLWIFI_DEBUGFS
memcpy(&iwl_mvm_vif_from_mac80211(vif)->mac_pwr_cmd, &cmd, sizeof(cmd));
#endif
return iwl_mvm_send_cmd_pdu(mvm, MAC_PM_POWER_TABLE, 0,
sizeof(cmd), &cmd);
}
Reported by FlawFinder.
Line: 513
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* so no explicit protection is needed
*/
if (mvmvif->ap_sta_id == *ap_sta_id)
memcpy(mvmvif->uapsd_misbehaving_bssid, vif->bss_conf.bssid,
ETH_ALEN);
}
void iwl_mvm_power_uapsd_misbehaving_ap_notif(struct iwl_mvm *mvm,
struct iwl_rx_cmd_buffer *rxb)
Reported by FlawFinder.
drivers/net/ethernet/ti/cpsw_ethtool.c
2 issues
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct cpsw_stats {
char stat_string[ETH_GSTRING_LEN];
int type;
int sizeof_stat;
int stat_offset;
};
Reported by FlawFinder.
Line: 260
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < CPSW_STATS_COMMON_LEN; i++) {
memcpy(p, cpsw_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
cpsw_add_ch_strings(&p, cpsw->rx_ch_num, 1);
Reported by FlawFinder.
drivers/net/ethernet/ti/netcp.h
2 issues
Line: 60
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct netcp_addr {
struct netcp_intf *netcp;
unsigned char addr[ETH_ALEN];
enum netcp_addr_type type;
unsigned int flags;
struct list_head node;
};
Reported by FlawFinder.
Line: 202
Column: 8
CWE codes:
362
int (*attach)(void *inst_priv, struct net_device *ndev,
struct device_node *node, void **intf_priv);
int (*release)(void *intf_priv);
int (*open)(void *intf_priv, struct net_device *ndev);
int (*close)(void *intf_priv, struct net_device *ndev);
int (*add_addr)(void *intf_priv, struct netcp_addr *naddr);
int (*del_addr)(void *intf_priv, struct netcp_addr *naddr);
int (*add_vid)(void *intf_priv, int vid);
int (*del_vid)(void *intf_priv, int vid);
Reported by FlawFinder.
drivers/net/ethernet/intel/iavf/iavf_txrx.c
2 issues
Line: 1314
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
headlen = eth_get_headlen(skb->dev, va, IAVF_RX_HDR_SIZE);
/* align pull length to size of long to optimize memcpy performance */
memcpy(__skb_put(skb, headlen), va, ALIGN(headlen, sizeof(long)));
/* update all of the pointers */
size -= headlen;
if (size) {
skb_add_rx_frag(skb, 0, rx_buffer->page,
Reported by FlawFinder.
Line: 905
Column: 12
CWE codes:
120
20
/* Refresh the desc even if buffer_addrs didn't change
* because each write-back erases this info.
*/
rx_desc->read.pkt_addr = cpu_to_le64(bi->dma + bi->page_offset);
rx_desc++;
bi++;
ntu++;
if (unlikely(ntu == rx_ring->count)) {
Reported by FlawFinder.
drivers/net/ethernet/intel/iavf/iavf_fdir.c
2 issues
Line: 300
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!memcmp(&fltr->ip_mask.v6_addrs.src_ip, &ipv6_addr_full_mask,
sizeof(struct in6_addr))) {
memcpy(&iph->saddr, &fltr->ip_data.v6_addrs.src_ip,
sizeof(struct in6_addr));
VIRTCHNL_ADD_PROTO_HDR_FIELD_BIT(hdr, IPV6, SRC);
}
if (!memcmp(&fltr->ip_mask.v6_addrs.dst_ip, &ipv6_addr_full_mask,
Reported by FlawFinder.
Line: 307
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!memcmp(&fltr->ip_mask.v6_addrs.dst_ip, &ipv6_addr_full_mask,
sizeof(struct in6_addr))) {
memcpy(&iph->daddr, &fltr->ip_data.v6_addrs.dst_ip,
sizeof(struct in6_addr));
VIRTCHNL_ADD_PROTO_HDR_FIELD_BIT(hdr, IPV6, DST);
}
fltr->ip_ver = 6;
Reported by FlawFinder.
drivers/net/ethernet/toshiba/spider_net_ethtool.c
2 issues
Line: 19
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct {
const char str[ETH_GSTRING_LEN];
} ethtool_stats_keys[] = {
{ "tx_packets" },
{ "tx_bytes" },
{ "rx_packets" },
{ "rx_bytes" },
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void spider_net_get_strings(struct net_device *netdev, u32 stringset,
u8 *data)
{
memcpy(data, ethtool_stats_keys, sizeof(ethtool_stats_keys));
}
const struct ethtool_ops spider_net_ethtool_ops = {
.get_drvinfo = spider_net_ethtool_get_drvinfo,
.get_wol = spider_net_ethtool_get_wol,
Reported by FlawFinder.
drivers/net/ethernet/xircom/xirc2ps_cs.c
2 issues
Line: 945
Column: 12
CWE codes:
362
{
struct net_device *dev = link->priv;
if (link->open) {
netif_device_detach(dev);
do_powerdown(dev);
}
return 0;
Reported by FlawFinder.
Line: 957
Column: 12
CWE codes:
362
{
struct net_device *dev = link->priv;
if (link->open) {
do_reset(dev,1);
netif_device_attach(dev);
}
return 0;
Reported by FlawFinder.
drivers/net/fddi/defza.c
2 issues
Line: 1284
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.ndo_get_stats = fza_get_stats,
};
static int version_printed;
char rom_rev[4], fw_rev[4], rmc_rev[4];
struct tc_dev *tdev = to_tc_dev(bdev);
struct fza_cmd_init __iomem *init;
resource_size_t start, len;
struct net_device *dev;
struct fza_private *fp;
Reported by FlawFinder.
Line: 1383
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_out_irq;
fza_reads(&init->hw_addr, &hw_addr, sizeof(hw_addr));
memcpy(dev->dev_addr, &hw_addr, FDDI_K_ALEN);
fza_reads(&init->rom_rev, &rom_rev, sizeof(rom_rev));
fza_reads(&init->fw_rev, &fw_rev, sizeof(fw_rev));
fza_reads(&init->rmc_rev, &rmc_rev, sizeof(rmc_rev));
for (i = 3; i >= 0 && rom_rev[i] == ' '; i--)
Reported by FlawFinder.