The following issues were found

drivers/net/ethernet/intel/igb/e1000_hw.h
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 333 Column: 8 CWE codes: 120 20 

              
struct e1000_nvm_operations {
	s32 (*acquire)(struct e1000_hw *);
	s32 (*read)(struct e1000_hw *, u16, u16, u16 *);
	void (*release)(struct e1000_hw *);
	s32 (*write)(struct e1000_hw *, u16, u16, u16 *);
	s32 (*update)(struct e1000_hw *);
	s32 (*validate)(struct e1000_hw *);
	s32 (*valid_led_default)(struct e1000_hw *, u16 *);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 476 Column: 8 CWE codes: 120 20 

              
struct e1000_mbx_operations {
	s32 (*init_params)(struct e1000_hw *hw);
	s32 (*read)(struct e1000_hw *hw, u32 *msg, u16 size, u16 mbx_id,
		    bool unlock);
	s32 (*write)(struct e1000_hw *hw, u32 *msg, u16 size, u16 mbx_id);
	s32 (*read_posted)(struct e1000_hw *hw, u32 *msg, u16 size, u16 mbx_id);
	s32 (*write_posted)(struct e1000_hw *hw, u32 *msg, u16 size,
			    u16 mbx_id);

Reported by FlawFinder.

drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 311 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	area->cpp = cpp;
	area->resource.name = (void *)area + sizeof(*area) +
		cpp->op->area_priv_size;
	memcpy((char *)area->resource.name, name, name_len);

	area->resource.cpp_id = dest;
	area->resource.start = address;
	area->resource.end = area->resource.start + size - 1;
	INIT_LIST_HEAD(&area->resource.list);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 302 Column: 13 CWE codes: 126 

              	if (!name)
		name = "(reserved)";

	name_len = strlen(name) + 1;
	area = kzalloc(sizeof(*area) + cpp->op->area_priv_size + name_len,
		       GFP_KERNEL);
	if (!area)
		return NULL;

Reported by FlawFinder.

drivers/net/ethernet/netronome/nfp/nfpcore/nfp_mip.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 37 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	__le32 strtab_addr;
	__le32 strtab_size;

	char name[16];
	char toolchain[32];
};

/* Read memory and check if it could be a valid MIP */
static int

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 38 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	__le32 strtab_size;

	char name[16];
	char toolchain[32];
};

/* Read memory and check if it could be a valid MIP */
static int
nfp_mip_try_read(struct nfp_cpp *cpp, u32 cpp_id, u64 addr, struct nfp_mip *mip)

Reported by FlawFinder.

drivers/net/ethernet/netronome/nfp/nfpcore/nfp_resource.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 62 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              					 sizeof(struct nfp_resource_entry))

struct nfp_resource {
	char name[NFP_RESOURCE_ENTRY_NAME_SZ + 1];
	u32 cpp_id;
	u64 addr;
	u64 size;
	struct nfp_cpp_mutex *mutex;
};

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 162 Column: 2 CWE codes: 120 

              	if (!res)
		return ERR_PTR(-ENOMEM);

	strncpy(res->name, name, NFP_RESOURCE_ENTRY_NAME_SZ);

	dev_mutex = nfp_cpp_mutex_alloc(cpp, NFP_RESOURCE_TBL_TARGET,
					NFP_RESOURCE_TBL_BASE,
					NFP_RESOURCE_TBL_KEY);
	if (!dev_mutex) {

Reported by FlawFinder.

drivers/net/ethernet/intel/igb/e1000_82575.h
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 67 Column: 4 CWE codes: 120 20 

              	struct {
		__le64 pkt_addr;             /* Packet buffer address */
		__le64 hdr_addr;             /* Header buffer address */
	} read;
	struct {
		struct {
			struct {
				__le16 pkt_info;   /* RSS type, Packet type */
				__le16 hdr_info;   /* Split Head, buf len */

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 101 Column: 4 CWE codes: 120 20 

              		__le64 buffer_addr;    /* Address of descriptor's data buf */
		__le32 cmd_type_len;
		__le32 olinfo_status;
	} read;
	struct {
		__le64 rsvd;       /* Reserved */
		__le32 nxtseq_seed;
		__le32 status;
	} wb;

Reported by FlawFinder.

drivers/net/ethernet/nxp/lpc_eth.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1066 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		(len - 1) | TXDESC_CONTROL_LAST | TXDESC_CONTROL_INT;

	/* Copy data to the DMA buffer */
	memcpy(pldat->tx_buff_v + txidx * ENET_MAXF_SIZE, skb->data, len);

	/* Save the buffer and increment the buffer counter */
	pldat->skblen[txidx] = len;
	pldat->num_used_tx_buffs++;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1096 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	if (!is_valid_ether_addr(addr->sa_data))
		return -EADDRNOTAVAIL;
	memcpy(ndev->dev_addr, addr->sa_data, ETH_ALEN);

	spin_lock_irqsave(&pldat->lock, flags);

	/* Set station address */
	__lpc_set_mac(pldat, ndev->dev_addr);

Reported by FlawFinder.

drivers/net/ethernet/intel/ice/ice_xsk.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 445 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return NULL;

	skb_reserve(skb, rx_buf->xdp->data - rx_buf->xdp->data_hard_start);
	memcpy(__skb_put(skb, datasize), rx_buf->xdp->data, datasize);
	if (metasize)
		skb_metadata_set(skb, metasize);

	xsk_buff_free(rx_buf->xdp);
	rx_buf->xdp = NULL;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 385 Column: 12 CWE codes: 120 20 

              		}

		dma = xsk_buff_xdp_get_dma(rx_buf->xdp);
		rx_desc->read.pkt_addr = cpu_to_le64(dma);
		rx_desc->wb.status_error0 = 0;

		rx_desc++;
		rx_buf++;
		ntu++;

Reported by FlawFinder.

drivers/net/ethernet/pasemi/pasemi_mac.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 79 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct pasemi_mac_txring *tx;
	struct pasemi_mac_rxring *rx;
	struct pasemi_mac_csring *cs[MAX_CS];
	char		tx_irq_name[10];		/* "eth%d tx" */
	char		rx_irq_name[10];		/* "eth%d rx" */
	int	link;
	int	speed;
	int	duplex;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 80 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct pasemi_mac_rxring *rx;
	struct pasemi_mac_csring *cs[MAX_CS];
	char		tx_irq_name[10];		/* "eth%d tx" */
	char		rx_irq_name[10];		/* "eth%d rx" */
	int	link;
	int	speed;
	int	duplex;

	unsigned int	msg_enable;

Reported by FlawFinder.

drivers/net/ethernet/pasemi/pasemi_mac_ethtool.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #include "pasemi_mac.h"

static struct {
	const char str[ETH_GSTRING_LEN];
} ethtool_stats_keys[] = {
	{ "rx-drops" },
	{ "rx-bytes" },
	{ "rx-packets" },
	{ "rx-broadcast-packets" },

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 107 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              static void pasemi_mac_get_strings(struct net_device *netdev, u32 stringset,
				   u8 *data)
{
	memcpy(data, ethtool_stats_keys, sizeof(ethtool_stats_keys));
}

const struct ethtool_ops pasemi_mac_ethtool_ops = {
	.get_msglevel		= pasemi_mac_ethtool_get_msglevel,
	.set_msglevel		= pasemi_mac_ethtool_set_msglevel,

Reported by FlawFinder.

drivers/net/ethernet/pensando/ionic/ionic_phc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 94 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		 * to match the device's reset state, and run with it.
		 */
		config = &ts;
		memcpy(config, &lif->phc->ts_config, sizeof(*config));
		memset(&lif->phc->ts_config, 0, sizeof(lif->phc->ts_config));
		lif->phc->ts_config_tx_mode = 0;
		lif->phc->ts_config_rx_filt = 0;
	}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 155 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			goto err_rxall;
	}

	memcpy(&lif->phc->ts_config, config, sizeof(*config));
	lif->phc->ts_config_rx_filt = rx_filt;
	lif->phc->ts_config_tx_mode = tx_mode;

	mutex_unlock(&lif->phc->config_lock);

Reported by FlawFinder.