The following issues were found

drivers/net/ethernet/intel/iavf/iavf_client.h
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 124 Column: 8 CWE codes: 362 

              	/* Should be called from register_client() or whenever the driver is
	 * ready to create a specific client instance.
	 */
	int (*open)(struct iavf_info *ldev, struct iavf_client *client);

	/* Should be closed when netdev is unavailable or when unregister
	 * call comes in. If the close happens due to a reset, set the reset
	 * bit to true.
	 */

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 154 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct iavf_client {
	struct list_head list;		/* list of registered clients */
	char name[IAVF_CLIENT_STR_LENGTH];
	struct iavf_client_version version;
	unsigned long state;		/* client state */
	atomic_t ref_cnt;  /* Count of all the client devices of this kind */
	u32 flags;
#define IAVF_CLIENT_FLAGS_LAUNCH_ON_PROBE	BIT(0)

Reported by FlawFinder.

drivers/net/geneve.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1394 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	dst_cache_reset(&geneve->cfg.info.dst_cache);
	memcpy(&geneve->cfg, cfg, sizeof(*cfg));

	err = register_netdevice(dev);
	if (err)
		return err;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1720 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	geneve_quiesce(geneve, &gs4, &gs6);
	memcpy(&geneve->cfg, &cfg, sizeof(cfg));
	geneve_unquiesce(geneve, gs4, gs6);

	return 0;
}

Reported by FlawFinder.

drivers/net/ethernet/intel/iavf/iavf.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 110 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u8 num_ringpairs;	/* total number of ring pairs in vector */
	u16 v_idx;		/* index in the vsi->q_vector array. */
	u16 reg_idx;		/* register index of the interrupt */
	char name[IFNAMSIZ + 15];
	bool arm_wb_state;
	cpumask_t affinity_mask;
	struct irq_affinity_notify affinity_notify;
};

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 241 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct list_head mac_filter_list;
	/* Lock to protect accesses to MAC and VLAN lists */
	spinlock_t mac_vlan_list_lock;
	char misc_vector_name[IFNAMSIZ + 9];
	int num_active_queues;
	int num_req_queues;

	/* TX */
	struct iavf_ring *tx_rings;

Reported by FlawFinder.

drivers/net/ethernet/intel/i40e/i40e_prototype.h
2 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 174 Column: 39 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              				struct i40e_asq_cmd_details *cmd_details);
i40e_status i40e_aq_request_resource(struct i40e_hw *hw,
				enum i40e_aq_resources_ids resource,
				enum i40e_aq_resource_access_type access,
				u8 sdp_number, u64 *timeout,
				struct i40e_asq_cmd_details *cmd_details);
i40e_status i40e_aq_release_resource(struct i40e_hw *hw,
				enum i40e_aq_resources_ids resource,
				u8 sdp_number,

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 321 Column: 45 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              /* prototype for functions used for NVM access */
i40e_status i40e_init_nvm(struct i40e_hw *hw);
i40e_status i40e_acquire_nvm(struct i40e_hw *hw,
				      enum i40e_aq_resource_access_type access);
void i40e_release_nvm(struct i40e_hw *hw);
i40e_status i40e_read_nvm_word(struct i40e_hw *hw, u16 offset,
					 u16 *data);
enum i40e_status_code i40e_read_nvm_module_data(struct i40e_hw *hw,
						u8 module_ptr,

Reported by FlawFinder.

drivers/net/hyperv/netvsc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 882 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			return;
		}
		/* Copy the response back */
		memcpy(&net_device->channel_init_pkt, nvsp_packet,
		       sizeof(struct nvsp_message));
		complete(&net_device->channel_init_wait);
		break;

	case NVSP_MSG1_TYPE_SEND_RNDIS_PKT_COMPLETE:

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 942 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		u32 offset = pb[i].offset;
		u32 len = pb[i].len;

		memcpy(dest, (src + offset), len);
		dest += len;
	}

	if (padding)
		memset(dest, 0, padding);

Reported by FlawFinder.

drivers/net/wireless/intel/iwlwifi/mvm/rs.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 217 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define IWL_MAX_MCS_DISPLAY_SIZE	12

struct iwl_rate_mcs_info {
	char	mbps[IWL_MAX_MCS_DISPLAY_SIZE];
	char	mcs[IWL_MAX_MCS_DISPLAY_SIZE];
};

/**
 * struct iwl_lq_sta_rs_fw - rate and related statistics for RS in FW

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 218 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct iwl_rate_mcs_info {
	char	mbps[IWL_MAX_MCS_DISPLAY_SIZE];
	char	mcs[IWL_MAX_MCS_DISPLAY_SIZE];
};

/**
 * struct iwl_lq_sta_rs_fw - rate and related statistics for RS in FW
 * @last_rate_n_flags: last rate reported by FW

Reported by FlawFinder.

drivers/net/ieee802154/atusb.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 435 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (changed & IEEE802154_AFILT_IEEEADDR_CHANGED) {
		u8 i, addr[IEEE802154_EXTENDED_ADDR_LEN];

		memcpy(addr, &filt->ieee_addr, IEEE802154_EXTENDED_ADDR_LEN);
		dev_vdbg(dev, "%s called for IEEE addr\n", __func__);
		for (i = 0; i < 8; i++)
			atusb_write_reg(atusb, RG_IEEE_ADDR_0 + i, addr[i]);
	}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 998 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return ret;
	}

	memcpy(&extended_addr, buffer, IEEE802154_EXTENDED_ADDR_LEN);
	/* Check if read address is not empty and the unicast bit is set correctly */
	if (!ieee802154_is_valid_extended_unicast_addr(extended_addr)) {
		dev_info(&usb_dev->dev, "no permanent extended address found, random address set\n");
		ieee802154_random_extended_addr(&atusb->hw->phy->perm_extended_addr);
	} else {

Reported by FlawFinder.

drivers/net/ieee802154/mcr20a.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 590 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (changed & IEEE802154_AFILT_IEEEADDR_CHANGED) {
		u8 addr[8], i;

		memcpy(addr, &filt->ieee_addr, 8);
		for (i = 0; i < 8; i++)
			regmap_write(lp->regmap_iar,
				     IAR_MACLONGADDRS0_0 + i, addr[i]);
	}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 943 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	lp->reg_msg.complete = mcr20a_irq_clean_complete;
	lp->reg_cmd[0] = MCR20A_WRITE_REG(DAR_IRQ_STS1);
	memcpy(lp->reg_data, lp->irq_data, MCR20A_IRQSTS_NUM);
	lp->reg_xfer_data.len = MCR20A_IRQSTS_NUM;

	ret = spi_async(lp->spi, &lp->reg_msg);

	if (ret)

Reported by FlawFinder.

drivers/net/mdio/mdio-mux-meson-g12a.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 222 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int g12a_ephy_glue_clk_register(struct device *dev)
{
	struct g12a_mdio_mux *priv = dev_get_drvdata(dev);
	const char *parent_names[PLL_MUX_NUM_PARENT];
	struct clk_init_data init;
	struct g12a_ephy_pll *pll;
	struct clk_mux *mux;
	struct clk *clk;
	char *name;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 232 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	/* get the mux parents */
	for (i = 0; i < PLL_MUX_NUM_PARENT; i++) {
		char in_name[8];

		snprintf(in_name, sizeof(in_name), "clkin%d", i);
		clk = devm_clk_get(dev, in_name);
		if (IS_ERR(clk)) {
			if (PTR_ERR(clk) != -EPROBE_DEFER)

Reported by FlawFinder.

drivers/net/netdevsim/netdev.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 90 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* Only refuse multicast addresses, zero address can mean unset/any. */
	if (vf >= nsim_bus_dev->num_vfs || is_multicast_ether_addr(mac))
		return -EINVAL;
	memcpy(nsim_bus_dev->vfconfigs[vf].vf_mac, mac, ETH_ALEN);

	return 0;
}

static int nsim_set_vf_vlan(struct net_device *dev, int vf,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 182 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	ivi->vlan = nsim_bus_dev->vfconfigs[vf].vlan;
	ivi->vlan_proto = nsim_bus_dev->vfconfigs[vf].vlan_proto;
	ivi->qos = nsim_bus_dev->vfconfigs[vf].qos;
	memcpy(&ivi->mac, nsim_bus_dev->vfconfigs[vf].vf_mac, ETH_ALEN);
	ivi->spoofchk = nsim_bus_dev->vfconfigs[vf].spoofchk_enabled;
	ivi->trusted = nsim_bus_dev->vfconfigs[vf].trusted;
	ivi->rss_query_en = nsim_bus_dev->vfconfigs[vf].rss_query_enabled;

	return 0;

Reported by FlawFinder.