The following issues were found
drivers/gpu/drm/nouveau/nvkm/engine/gr/nv04.c
2 issues
Line: 1220
if (device->card_type == NV_40)
mask &= ~NV40_PGRAPH_STATUS_SYNC_STALL;
if (nvkm_msec(device, 2000,
if (!(nvkm_rd32(device, NV04_PGRAPH_STATUS) & mask))
break;
) < 0) {
nvkm_error(subdev, "idle timed out with status %08x\n",
nvkm_rd32(device, NV04_PGRAPH_STATUS));
Reported by Cppcheck.
Line: 1288
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 class = nvkm_rd32(device, 0x400180 + subc * 4) & 0xff;
u32 inst = (nvkm_rd32(device, 0x40016c) & 0xffff) << 4;
u32 show = stat;
char msg[128], src[128], sta[128];
struct nv04_gr_chan *chan;
unsigned long flags;
spin_lock_irqsave(&gr->lock, flags);
chan = gr->chan[chid];
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/engine/gr/nv20.c
2 issues
Line: 44
if (chan->chid == chid) {
nvkm_wr32(device, 0x400784, inst >> 4);
nvkm_wr32(device, 0x400788, 0x00000002);
nvkm_msec(device, 2000,
if (!nvkm_rd32(device, 0x400700))
break;
);
nvkm_wr32(device, 0x400144, 0x10000000);
nvkm_mask(device, 0x400148, 0xff000000, 0x1f000000);
Reported by Cppcheck.
Line: 196
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 data = nvkm_rd32(device, NV04_PGRAPH_TRAPPED_DATA);
u32 class = nvkm_rd32(device, 0x400160 + subc * 4) & 0xfff;
u32 show = stat;
char msg[128], src[128], sta[128];
unsigned long flags;
chan = nvkm_fifo_chan_chid(device->fifo, chid, &flags);
nvkm_wr32(device, NV03_PGRAPH_INTR, stat);
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c
2 issues
Line: 109
nvkm_wr32(device, 0x400784, inst);
nvkm_mask(device, 0x400310, 0x00000020, 0x00000020);
nvkm_mask(device, 0x400304, 0x00000001, 0x00000001);
if (nvkm_msec(device, 2000,
if (!(nvkm_rd32(device, 0x400300) & 0x00000001))
break;
) < 0) {
u32 insn = nvkm_rd32(device, 0x400308);
nvkm_warn(subdev, "ctxprog timeout %08x\n", insn);
Reported by Cppcheck.
Line: 248
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 data = nvkm_rd32(device, NV04_PGRAPH_TRAPPED_DATA);
u32 class = nvkm_rd32(device, 0x400160 + subc * 4) & 0xffff;
u32 show = stat;
char msg[128], src[128], sta[128];
unsigned long flags;
spin_lock_irqsave(&gr->base.engine.lock, flags);
list_for_each_entry(temp, &gr->chan, head) {
if (temp->inst >> 4 == inst) {
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/engine/pm/priv.h
2 issues
Line: 80
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head list;
const struct nvkm_funcdom *func;
struct nvkm_perfctr *ctr[4];
char name[32];
u32 addr;
u8 mode;
u32 clk;
u16 signal_nr;
struct nvkm_perfsig signal[];
Reported by FlawFinder.
Line: 91
Column: 9
CWE codes:
120
20
struct nvkm_funcdom {
void (*init)(struct nvkm_pm *, struct nvkm_perfdom *,
struct nvkm_perfctr *);
void (*read)(struct nvkm_pm *, struct nvkm_perfdom *,
struct nvkm_perfctr *);
void (*next)(struct nvkm_pm *, struct nvkm_perfdom *);
};
int nvkm_perfdom_new(struct nvkm_pm *, const char *, u32, u32, u32, u32,
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/subdev/acr/hsfw.c
2 issues
Line: 93
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto done;
}
memcpy(hsfw->image, fw->data + hdr->data_offset, hdr->data_size);
hsfw->image_size = hdr->data_size;
hsfw->non_sec_addr = lhdr->non_sec_code_off;
hsfw->non_sec_size = lhdr->non_sec_code_size;
hsfw->sec_addr = lhdr->apps[0];
hsfw->sec_size = lhdr->apps[lhdr->num_apps];
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hsfw->imem_size = desc->code_size;
hsfw->imem_tag = desc->start_tag;
hsfw->imem = kmalloc(desc->code_size, GFP_KERNEL);
memcpy(hsfw->imem, data + desc->code_off, desc->code_size);
nvkm_firmware_put(fw);
return 0;
}
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/subdev/fb/gp102.c
2 issues
Line: 57
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
patch_loc = *(u32 *)(blob->data + fw_hdr->patch_loc);
patch_sig = *(u32 *)(blob->data + fw_hdr->patch_sig);
if (falcon->debug) {
memcpy(scrub_data + patch_loc,
blob->data + fw_hdr->sig_dbg_offset + patch_sig,
fw_hdr->sig_dbg_size);
} else {
memcpy(scrub_data + patch_loc,
blob->data + fw_hdr->sig_prod_offset + patch_sig,
Reported by FlawFinder.
Line: 61
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
blob->data + fw_hdr->sig_dbg_offset + patch_sig,
fw_hdr->sig_dbg_size);
} else {
memcpy(scrub_data + patch_loc,
blob->data + fw_hdr->sig_prod_offset + patch_sig,
fw_hdr->sig_prod_size);
}
nvkm_falcon_reset(falcon);
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/subdev/i2c/anx9805.c
2 issues
Line: 155
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nvkm_wri2cr(adap, aux->addr, 0xe4, 0x80);
if (!(type & 1)) {
memcpy(buf, data, *size);
AUX_DBG(&aux->base, "%16ph", buf);
for (i = 0; i < *size; i++)
nvkm_wri2cr(adap, aux->addr, 0xf0 + i, buf[i]);
}
nvkm_wri2cr(adap, aux->addr, 0xe5, ((*size - 1) << 4) | type);
Reported by FlawFinder.
Line: 182
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < *size; i++)
buf[i] = nvkm_rdi2cr(adap, aux->addr, 0xf0 + i);
AUX_DBG(&aux->base, "%16ph", buf);
memcpy(data, buf, *size);
}
ret = 0;
done:
nvkm_wri2cr(adap, pad->addr, 0xf7, 0x01);
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxg94.c
2 issues
Line: 103
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nvkm_i2c_aux_autodpcd(i2c, aux->ch, false);
if (!(type & 1)) {
memcpy(xbuf, data, *size);
for (i = 0; i < 16; i += 4) {
AUX_TRACE(&aux->base, "wr %08x", xbuf[i / 4]);
nvkm_wr32(device, 0x00e4c0 + base + i, xbuf[i / 4]);
}
}
Reported by FlawFinder.
Line: 157
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
xbuf[i / 4] = nvkm_rd32(device, 0x00e4d0 + base + i);
AUX_TRACE(&aux->base, "rd %08x", xbuf[i / 4]);
}
memcpy(data, xbuf, *size);
*size = stat & 0x0000001f;
}
out_err:
nvkm_i2c_aux_autodpcd(i2c, aux->ch, true);
out:
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxgm200.c
2 issues
Line: 103
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nvkm_i2c_aux_autodpcd(i2c, aux->ch, false);
if (!(type & 1)) {
memcpy(xbuf, data, *size);
for (i = 0; i < 16; i += 4) {
AUX_TRACE(&aux->base, "wr %08x", xbuf[i / 4]);
nvkm_wr32(device, 0x00d930 + base + i, xbuf[i / 4]);
}
}
Reported by FlawFinder.
Line: 157
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
xbuf[i / 4] = nvkm_rd32(device, 0x00d940 + base + i);
AUX_TRACE(&aux->base, "rd %08x", xbuf[i / 4]);
}
memcpy(data, xbuf, *size);
*size = stat & 0x0000001f;
}
out_err:
nvkm_i2c_aux_autodpcd(i2c, aux->ch, true);
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/subdev/ltc/gf100.c
2 issues
Line: 47
for (c = 0; c < ltc->ltc_nr; c++) {
for (s = 0; s < ltc->lts_nr; s++) {
const u32 addr = 0x1410c8 + (c * 0x2000) + (s * 0x400);
nvkm_msec(device, 2000,
if (!nvkm_rd32(device, addr))
break;
);
}
}
Reported by Cppcheck.
Line: 100
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 base = 0x141000 + (c * 0x2000) + (s * 0x400);
u32 intr = nvkm_rd32(device, base + 0x020);
u32 stat = intr & 0x0000ffff;
char msg[128];
if (stat) {
nvkm_snprintbf(msg, sizeof(msg), gf100_ltc_lts_intr_name, stat);
nvkm_error(subdev, "LTC%d_LTS%d: %08x [%s]\n", c, s, stat, msg);
}
Reported by FlawFinder.