On 2018-11-28 23:20:35 [+0100], To linux-kernel@vger.kernel.org wrote:
> diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
> index fb16d0da71bca..f552b1d6c6958 100644
> --- a/arch/x86/kernel/fpu/signal.c
> +++ b/arch/x86/kernel/fpu/signal.c
> @@ -292,43 +295,51 @@ static int __fpu__restore_sig(void __user *buf, void
> __user *buf_fx, int size)
> u64 init_bv = xfeatures_mask & ~xfeatures;
>
> if (using_compacted_format()) {
> - ret = copy_user_to_xstate(&state->xsave, buf_fx);
> + ret = copy_user_to_xstate(&fpu->state.xsave, buf_fx);
> } else {
> - ret = __copy_from_user(&state->xsave, buf_fx,
> state_size);
> + ret = __copy_from_user(&fpu->state.xsave, buf_fx,
> state_size);
>
> if (!ret && state_size > offsetof(struct xregs_state,
> header))
> - ret =
> validate_xstate_header(&state->xsave.header);
> + ret =
> validate_xstate_header(&fpu->state.xsave.header);
> }
> if (ret)
> goto err_out;
>
> - sanitize_restored_xstate(state, envp, xfeatures, fx_only);
> + sanitize_restored_xstate(&fpu->state, envp, xfeatures, fx_only);
>
> + __fpregs_changes_begin();
> if (unlikely(init_bv))
> copy_kernel_to_xregs(&init_fpstate.xsave, init_bv);
> - ret = copy_users_to_xregs(&state->xsave, xfeatures);
> + ret = copy_users_to_xregs(&fpu->state.xsave, xfeatures);
>
> } else if (use_fxsr()) {
> - ret = __copy_from_user(&state->fxsave, buf_fx, state_size);
> - if (ret)
> + ret = __copy_from_user(&fpu->state.fxsave, buf_fx, state_size);
> + if (ret) {
> + err = -EFAULT;
> goto err_out;
> + }
>
> - sanitize_restored_xstate(state, envp, xfeatures, fx_only);
> + sanitize_restored_xstate(&fpu->state, &env, xfeatures, fx_only);
This should have remained `envp' and not become `&env'.
Sebastian
