summaryrefslogtreecommitdiff
path: root/arch/x86/kernel/fpu/signal.c
diff options
context:
space:
mode:
Diffstat (limited to 'arch/x86/kernel/fpu/signal.c')
-rw-r--r--arch/x86/kernel/fpu/signal.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 629106e51a297..da68ea1c3a442 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -324,11 +324,16 @@ static int __fpu__restore_sig(void __user *buf, void __user *buf_fx, int size)
*/
fpu__drop(fpu);
- if (using_compacted_format())
+ if (using_compacted_format()) {
err = copy_user_to_xstate(&fpu->state.xsave, buf_fx);
- else
+ } else {
err = __copy_from_user(&fpu->state.xsave, buf_fx, state_size);
+ /* xcomp_bv must be 0 when using uncompacted format */
+ if (!err && state_size > offsetof(struct xregs_state, header) && fpu->state.xsave.header.xcomp_bv)
+ err = -EINVAL;
+ }
+
if (err || __copy_from_user(&env, buf, sizeof(env))) {
fpstate_init(&fpu->state);
trace_x86_fpu_init_state(fpu);
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-06 10:09:38 +0000