The following issues were found

arch/x86/kernel/process.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 86 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

               */
int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
{
	memcpy(dst, src, arch_task_struct_size);
#ifdef CONFIG_VM86
	dst->thread.vm86 = NULL;
#endif
	return fpu_clone(dst);
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 379 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	 * permitted, then the copy needs to cover those as well so they
	 * get turned off.
	 */
	memcpy(tss->io_bitmap.bitmap, iobm->bitmap,
	       max(tss->io_bitmap.prev_max, iobm->max));

	/*
	 * Store the new max and the sequence number of this bitmap
	 * and a pointer to the bitmap itself.

Reported by FlawFinder.

arch/x86/kvm/svm/svm.h
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 182 Column: 18 CWE codes: 120 20 

              
	/* Save desired MSR intercept (read: pass-through) state */
	struct {
		DECLARE_BITMAP(read, MAX_DIRECT_ACCESS_MSRS);
		DECLARE_BITMAP(write, MAX_DIRECT_ACCESS_MSRS);
	} shadow_msr_intercept;

	/* SEV-ES support */
	struct vmcb_save_area *vmsa;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 432 Column: 10 CWE codes: 120 20 

              void svm_set_gif(struct vcpu_svm *svm, bool value);
int svm_invoke_exit_handler(struct kvm_vcpu *vcpu, u64 exit_code);
void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr,
			  int read, int write);

/* nested.c */

#define NESTED_EXIT_HOST	0	/* Exit handled on host level */
#define NESTED_EXIT_DONE	1	/* Exit caused nested vmexit  */

Reported by FlawFinder.

arch/x86/kvm/vmx/nested.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 720 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->vmcs_link_pointer), &map))
		return;

	memcpy(shadow, map.hva, VMCS12_SIZE);
	kvm_vcpu_unmap(vcpu, &map, false);
}

static void nested_flush_cached_shadow_vmcs12(struct kvm_vcpu *vcpu,
					      struct vmcs12 *vmcs12)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 5328 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		 * Load VMCS12 from guest memory since it is not already
		 * cached.
		 */
		memcpy(vmx->nested.cached_vmcs12, new_vmcs12, VMCS12_SIZE);
		kvm_vcpu_unmap(vcpu, &map, false);

		set_current_vmptr(vmx, vmptr);
	}

Reported by FlawFinder.

arch/x86/kvm/vmx/sgx.c
2 issues
syntax error: 0 =
Error

Line: 13 

              #include "vmx.h"
#include "x86.h"

bool __read_mostly enable_sgx = 1;
module_param_named(sgx, enable_sgx, bool, 0444);

/* Initial value of guest's virtual SGX_LEPUBKEYHASHn MSRs */
static u64 sgx_pubkey_hash[4] __ro_after_init;

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 424 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              {
	struct vcpu_vmx *vmx = to_vmx(vcpu);

	memcpy(vmx->msr_ia32_sgxlepubkeyhash, sgx_pubkey_hash,
	       sizeof(sgx_pubkey_hash));
}

/*
 * ECREATE must be intercepted to enforce MISCSELECT, ATTRIBUTES and XFRM

Reported by FlawFinder.

arch/x86/kvm/x86.h
2 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 216 Column: 37 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              }

static inline void vcpu_cache_mmio_info(struct kvm_vcpu *vcpu,
					gva_t gva, gfn_t gfn, unsigned access)
{
	u64 gen = kvm_memslots(vcpu->kvm)->generation;

	if (unlikely(gen & KVM_MEMSLOT_GEN_UPDATE_IN_PROGRESS))
		return;

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 228 Column: 27 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              	 * actually a nGPA.
	 */
	vcpu->arch.mmio_gva = mmu_is_nested(vcpu) ? 0 : gva & PAGE_MASK;
	vcpu->arch.mmio_access = access;
	vcpu->arch.mmio_gfn = gfn;
	vcpu->arch.mmio_gen = gen;
}

static inline bool vcpu_match_mmio_gen(struct kvm_vcpu *vcpu)

Reported by FlawFinder.

arch/x86/lib/usercopy_64.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 126 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!IS_ALIGNED(dest, 8)) {
		unsigned len = min_t(unsigned, size, ALIGN(dest, 8) - dest);

		memcpy((void *) dest, (void *) source, len);
		clean_cache_range((void *) dest, len);
		dest += len;
		source += len;
		size -= len;
		if (!size)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 176 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	/* cache copy for remaining bytes */
	if (size) {
		memcpy((void *) dest, (void *) source, size);
		clean_cache_range((void *) dest, size);
	}
}
EXPORT_SYMBOL_GPL(__memcpy_flushcache);

Reported by FlawFinder.

arch/x86/math-emu/fpu_entry.c
2 issues
The address of local variable 'loaded_data' is accessed at non-zero index.
Error

Line: 369 CWE codes: 758 

              							 (&loaded_data)))) {
							if (FPU_divide_by_zero
							    (0,
							     getsign
							     (&loaded_data))
							    < 0) {
								/* We use the fact here that the unmasked
								   exception in the loaded data was for a
								   denormal operand */

Reported by Cppcheck.

The address of local variable 'loaded_data' is accessed at non-zero index.
Error

Line: 384 CWE codes: 758 

              								    status1 &
								    SW_Denorm_Op;
							} else
								setsign(st0_ptr,
									getsign
									(&loaded_data));
						}
					}
					goto reg_mem_instr_done;

Reported by Cppcheck.

arch/x86/math-emu/reg_divide.c
2 issues
The address of local variable 'x' is accessed at non-zero index.
Error

Line: 79 CWE codes: 758 

              		/* Both regs Valid, this should be the most common case. */
		reg_copy(a, &x);
		reg_copy(b, &y);
		setpositive(&x);
		setpositive(&y);
		tag = FPU_u_div(&x, &y, dest, control_w, sign);

		if (tag < 0)
			return tag;

Reported by Cppcheck.

The address of local variable 'y' is accessed at non-zero index.
Error

Line: 80 CWE codes: 758 

              		reg_copy(a, &x);
		reg_copy(b, &y);
		setpositive(&x);
		setpositive(&y);
		tag = FPU_u_div(&x, &y, dest, control_w, sign);

		if (tag < 0)
			return tag;

Reported by Cppcheck.

arch/x86/mm/mem_encrypt_identity.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 84 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               * section is 2MB aligned to allow for simple pagetable setup using only
 * PMD entries (see vmlinux.lds.S).
 */
static char sme_workarea[2 * PMD_PAGE_SIZE] __section(".init.scratch");

static char sme_cmdline_arg[] __initdata = "mem_encrypt";
static char sme_cmdline_on[]  __initdata = "on";
static char sme_cmdline_off[] __initdata = "off";

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 494 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned long feature_mask;
	bool active_by_default;
	unsigned long me_mask;
	char buffer[16];
	u64 msr;

	/* Check for the SME/SEV support leaf */
	eax = 0x80000000;
	ecx = 0;

Reported by FlawFinder.

arch/x86/mm/pat/memtype.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 208 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	default:           cache = CM(WB);       cache_mode = "WB  "; break;
	}

	memcpy(msg, cache_mode, 4);

	return cache;
}

#undef CM

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 223 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void __init_cache_modes(u64 pat)
{
	enum page_cache_mode cache;
	char pat_msg[33];
	int i;

	WARN_ON_ONCE(pat_cm_initialized);

	pat_msg[32] = 0;

Reported by FlawFinder.