The following issues were found
drivers/infiniband/hw/qib/qib_iba6120.c
2 issues
Line: 269
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 xmit_wait; /* # of ticks no data sent (sample result) */
struct timer_list pma_timer;
struct qib_pportdata *ppd;
char emsgbuf[128];
char bitsmsgbuf[64];
u8 pma_sample_status;
};
/* ibcctrl bits */
Reported by FlawFinder.
Line: 270
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct timer_list pma_timer;
struct qib_pportdata *ppd;
char emsgbuf[128];
char bitsmsgbuf[64];
u8 pma_sample_status;
};
/* ibcctrl bits */
#define QLOGIC_IB_IBCC_LINKINITCMD_DISABLE 1
Reported by FlawFinder.
drivers/infiniband/hw/qib/qib_qsfp.h
2 issues
Line: 80
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* D4..7 select from 15 choices, translated by table:
*/
#define QSFP_MOD_TECH_OFFS 147
extern const char *const qib_qsfp_devtech[16];
/* Active Equalization includes fiber, copper full EQ, and copper near Eq */
#define QSFP_IS_ACTIVE(tech) ((0xA2FF >> ((tech) >> 4)) & 1)
/* Active Equalization includes fiber, copper full EQ, and copper far Eq */
#define QSFP_IS_ACTIVE_FAR(tech) ((0x32FF >> ((tech) >> 4)) & 1)
/* Attenuation should be valid for copper other than full/near Eq */
Reported by FlawFinder.
Line: 158
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 pwr; /* in D6,7 */
u8 len; /* in meters, Cu only */
u8 tech;
char vendor[QSFP_VEND_LEN];
u8 xt_xcv; /* Ext. tranceiver codes, 4 lsbs are IB speed supported */
u8 oui[QSFP_VOUI_LEN];
u8 partnum[QSFP_PN_LEN];
u8 rev[QSFP_REV_LEN];
u8 atten[QSFP_ATTEN_LEN];
Reported by FlawFinder.
drivers/infiniband/hw/usnic/usnic_debugfs.c
2 issues
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t usnic_debugfs_buildinfo_read(struct file *f, char __user *data,
size_t count, loff_t *ppos)
{
char buf[500];
int res;
if (*ppos > 0)
return 0;
Reported by FlawFinder.
Line: 76
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int n;
int left;
char *ptr;
char buf[512];
qp_flow = f->private_data;
ptr = buf;
left = count;
Reported by FlawFinder.
drivers/infiniband/hw/usnic/usnic_fwd.c
2 issues
Line: 96
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ufdev->netdev = pci_get_drvdata(pdev);
spin_lock_init(&ufdev->lock);
BUILD_BUG_ON(sizeof(ufdev->name) != sizeof(ufdev->netdev->name));
strcpy(ufdev->name, ufdev->netdev->name);
return ufdev;
}
void usnic_fwd_dev_free(struct usnic_fwd_dev *ufdev)
Reported by FlawFinder.
Line: 106
Column: 53
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
kfree(ufdev);
}
void usnic_fwd_set_mac(struct usnic_fwd_dev *ufdev, char mac[ETH_ALEN])
{
spin_lock(&ufdev->lock);
memcpy(&ufdev->mac, mac, sizeof(ufdev->mac));
spin_unlock(&ufdev->lock);
}
Reported by FlawFinder.
drivers/infiniband/hw/usnic/usnic_transport.c
2 issues
Line: 149
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct socket *sock;
int err;
char buf[25];
/* sockfd_lookup will internally do a fget */
sock = sockfd_lookup(sock_fd, &err);
if (!sock) {
usnic_err("Unable to lookup socket for fd %d with err %d\n",
Reported by FlawFinder.
Line: 167
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void usnic_transport_put_socket(struct socket *sock)
{
char buf[100];
usnic_transport_sock_to_str(buf, sizeof(buf), sock);
usnic_dbg("Put sock %s\n", buf);
sockfd_put(sock);
}
Reported by FlawFinder.
drivers/infiniband/hw/vmw_pvrdma/pvrdma_cmd.c
2 issues
Line: 69
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
spin_lock(&dev->cmd_lock);
memcpy(resp, dev->resp_slot, sizeof(*resp));
spin_unlock(&dev->cmd_lock);
if (resp->hdr.ack != resp_code) {
dev_warn(&dev->pdev->dev,
"unknown response %#x expected %#x\n",
Reported by FlawFinder.
Line: 97
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct pvrdma_cmd_modify_qp));
spin_lock(&dev->cmd_lock);
memcpy(dev->cmd_slot, req, sizeof(*req));
spin_unlock(&dev->cmd_lock);
init_completion(&dev->cmd_done);
pvrdma_write_reg(dev, PVRDMA_REG_REQUEST, 0);
Reported by FlawFinder.
drivers/infiniband/sw/rdmavt/mr.c
2 issues
Line: 657
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* Returns 0 on success.
*/
int rvt_fast_reg_mr(struct rvt_qp *qp, struct ib_mr *ibmr, u32 key,
int access)
{
struct rvt_mr *mr = to_imr(ibmr);
if (qp->ibqp.pd != mr->mr.pd)
return -EACCES;
Reported by FlawFinder.
Line: 674
Column: 24
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
ibmr->lkey = key;
ibmr->rkey = key;
mr->mr.lkey = key;
mr->mr.access_flags = access;
mr->mr.iova = ibmr->iova;
atomic_set(&mr->mr.lkey_invalid, 0);
return 0;
}
Reported by FlawFinder.
drivers/infiniband/sw/rxe/rxe_qp.c
2 issues
Line: 141
Column: 12
CWE codes:
120
20
if (res->type == RXE_ATOMIC_MASK) {
kfree_skb(res->atomic.skb);
} else if (res->type == RXE_READ_MASK) {
if (res->read.mr)
rxe_drop_ref(res->read.mr);
}
res->type = 0;
}
Reported by FlawFinder.
Line: 142
Column: 22
CWE codes:
120
20
kfree_skb(res->atomic.skb);
} else if (res->type == RXE_READ_MASK) {
if (res->read.mr)
rxe_drop_ref(res->read.mr);
}
res->type = 0;
}
static void cleanup_rd_atomic_resources(struct rxe_qp *qp)
Reported by FlawFinder.
drivers/infiniband/sw/rxe/rxe_req.c
2 issues
Line: 605
Column: 31
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
mr = to_rmr(wqe->wr.wr.reg.mr);
rxe_add_ref(mr);
mr->state = RXE_MR_STATE_VALID;
mr->access = wqe->wr.wr.reg.access;
mr->ibmr.lkey = wqe->wr.wr.reg.key;
mr->ibmr.rkey = wqe->wr.wr.reg.key;
mr->iova = wqe->wr.wr.reg.mr->iova;
rxe_drop_ref(mr);
break;
Reported by FlawFinder.
Line: 483
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *tmp = &wqe->dma.inline_data[wqe->dma.sge_offset];
crc = rxe_crc32(rxe, crc, tmp, paylen);
memcpy(payload_addr(pkt), tmp, paylen);
wqe->dma.resid -= paylen;
wqe->dma.sge_offset += paylen;
} else {
err = copy_data(qp->pd, 0, &wqe->dma,
Reported by FlawFinder.
drivers/infiniband/sw/rxe/rxe_sysfs.c
2 issues
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int len;
int err = 0;
char intf[32];
struct net_device *ndev;
struct rxe_dev *exists;
if (!rxe_initialized) {
pr_err("Module parameters are not supported, use rdma link add or rxe_cfg\n");
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int rxe_param_set_remove(const char *val, const struct kernel_param *kp)
{
int len;
char intf[32];
struct ib_device *ib_dev;
len = sanitize_arg(val, intf, sizeof(intf));
if (!len) {
pr_err("add: invalid interface name\n");
Reported by FlawFinder.