The following issues were found

arch/x86/mm/pgtable.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 312 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		pmd_t *pmd = pmds[i];

		if (i >= KERNEL_PGD_BOUNDARY)
			memcpy(pmd, (pmd_t *)pgd_page_vaddr(swapper_pg_dir[i]),
			       sizeof(pmd_t) * PTRS_PER_PMD);

		pud_populate(mm, pud, pmd);
	}
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 338 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	for (i = 0; i < PREALLOCATED_USER_PMDS; i++, u_pud++, s_pgd++) {
		pmd_t *pmd = pmds[i];

		memcpy(pmd, (pmd_t *)pgd_page_vaddr(*s_pgd),
		       sizeof(pmd_t) * PTRS_PER_PMD);

		pud_populate(mm, u_pud, pmd);
	}

Reported by FlawFinder.

arch/x86/pci/common.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 44 Column: 23 CWE codes: 120 20 

              						int reg, int len, u32 *val)
{
	if (domain == 0 && reg < 256 && raw_pci_ops)
		return raw_pci_ops->read(domain, bus, devfn, reg, len, val);
	if (raw_pci_ext_ops)
		return raw_pci_ext_ops->read(domain, bus, devfn, reg, len, val);
	return -EINVAL;
}

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 46 Column: 27 CWE codes: 120 20 

              	if (domain == 0 && reg < 256 && raw_pci_ops)
		return raw_pci_ops->read(domain, bus, devfn, reg, len, val);
	if (raw_pci_ext_ops)
		return raw_pci_ext_ops->read(domain, bus, devfn, reg, len, val);
	return -EINVAL;
}

int raw_pci_write(unsigned int domain, unsigned int bus, unsigned int devfn,
						int reg, int len, u32 val)

Reported by FlawFinder.

arch/x86/pci/direct.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 208 Column: 10 CWE codes: 120 20 

              		return 1;

	for (devfn = 0; devfn < 0x100; devfn++) {
		if (o->read(0, 0, devfn, PCI_CLASS_DEVICE, 2, &x))
			continue;
		if (x == PCI_CLASS_BRIDGE_HOST || x == PCI_CLASS_DISPLAY_VGA)
			return 1;

		if (o->read(0, 0, devfn, PCI_VENDOR_ID, 2, &x))

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 213 Column: 10 CWE codes: 120 20 

              		if (x == PCI_CLASS_BRIDGE_HOST || x == PCI_CLASS_DISPLAY_VGA)
			return 1;

		if (o->read(0, 0, devfn, PCI_VENDOR_ID, 2, &x))
			continue;
		if (x == PCI_VENDOR_ID_INTEL || x == PCI_VENDOR_ID_COMPAQ)
			return 1;
	}

Reported by FlawFinder.

arch/x86/platform/olpc/olpc-xo1-sci.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 139 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              				  struct device_attribute *attr, char *buf)
{
	const char *mode = lid_wake_mode_names[lid_wake_mode];
	return sprintf(buf, "%s\n", mode);
}
static ssize_t lid_wake_mode_set(struct device *dev,
				 struct device_attribute *attr,
				 const char *buf, size_t count)
{

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 148 Column: 7 CWE codes: 126 

              	int i;
	for (i = 0; i < ARRAY_SIZE(lid_wake_mode_names); i++) {
		const char *mode = lid_wake_mode_names[i];
		if (strlen(mode) != count || strncasecmp(mode, buf, count))
			continue;

		lid_wake_mode = i;
		return count;
	}

Reported by FlawFinder.

arch/x86/power/cpu.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 164 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	set_tss_desc(cpu, &get_cpu_entry_area(cpu)->tss.x86_tss);

#ifdef CONFIG_X86_64
	memcpy(&tss, &desc[GDT_ENTRY_TSS], sizeof(tss_desc));
	tss.type = 0x9; /* The available 64-bit TSS (see AMD vol 2, pg 91 */
	write_gdt_entry(desc, GDT_ENTRY_TSS, &tss, DESC_TSS);

	syscall_init();				/* This sets MSR_*STAR and related */
#else

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 419 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		 * Multiple callbacks can invoke this function, so copy any
		 * MSR save requests from previous invocations.
		 */
		memcpy(msr_array, saved_msrs->array,
		       sizeof(struct saved_msr) * saved_msrs->num);

		kfree(saved_msrs->array);
	}

Reported by FlawFinder.

arch/x86/um/signal.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 345 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct sigcontext sc;
	struct _xstate fpstate;
	unsigned long extramask[_NSIG_WORDS-1];
	char retcode[8];
};

struct rt_sigframe
{
	char __user *pretcode;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 357 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct siginfo info;
	struct ucontext uc;
	struct _xstate fpstate;
	char retcode[8];
};

int setup_signal_stack_sc(unsigned long stack_top, struct ksignal *ksig,
			  struct pt_regs *regs, sigset_t *mask)
{

Reported by FlawFinder.

arch/x86/xen/mmu_pv.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1937 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	/* Now copy the old p2m info to the new area. */
	memcpy(new_p2m, xen_p2m_addr, size);
	xen_p2m_addr = new_p2m;

	/* Release the old p2m list and set new list info. */
	p2m_pfn = PFN_DOWN(xen_early_virt_to_phys(xen_start_info->mfn_list));
	BUG_ON(!p2m_pfn);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1993 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	}
}

static unsigned char dummy_mapping[PAGE_SIZE] __page_aligned_bss;

static void xen_set_fixmap(unsigned idx, phys_addr_t phys, pgprot_t prot)
{
	pte_t pte;

Reported by FlawFinder.

arch/x86/xen/multicalls.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 46 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct multicall_entry debug[MC_BATCH];
	void *caller[MC_BATCH];
#endif
	unsigned char args[MC_ARGS];
	struct callback {
		void (*fn)(void *);
		void *data;
	} callbacks[MC_BATCH];
};

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 73 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	trace_xen_mc_flush(b->mcidx, b->argidx, b->cbidx);

#if MC_DEBUG
	memcpy(b->debug, b->entries,
	       b->mcidx * sizeof(struct multicall_entry));
#endif

	switch (b->mcidx) {
	case 0:

Reported by FlawFinder.

arch/x86/xen/time.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 307 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct xen_clock_event_device {
	struct clock_event_device evt;
	char name[16];
};
static DEFINE_PER_CPU(struct xen_clock_event_device, xen_clock_events) = { .evt.irq = -1 };

static irqreturn_t xen_timer_interrupt(int irq, void *dev_id)
{

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 356 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				      xevt->name, NULL);
	(void)xen_set_irq_priority(irq, XEN_IRQ_PRIORITY_MAX);

	memcpy(evt, xen_clockevent, sizeof(*evt));

	evt->cpumask = cpumask_of(cpu);
	evt->irq = irq;
}

Reported by FlawFinder.

arch/xtensa/include/asm/cacheflush.h
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 174 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
#define copy_to_user_page(vma, page, vaddr, dst, src, len)		\
	do {								\
		memcpy(dst, src, len);					\
		__flush_dcache_range((unsigned long) dst, len);		\
		__invalidate_icache_range((unsigned long) dst, len);	\
	} while (0)

#define copy_from_user_page(vma, page, vaddr, dst, src, len) \

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 180 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	} while (0)

#define copy_from_user_page(vma, page, vaddr, dst, src, len) \
	memcpy(dst, src, len)

#endif

#endif /* _XTENSA_CACHEFLUSH_H */

Reported by FlawFinder.