[PATCH 04/10] x86/fpu: Document reasoning of FX-only fallback

From: Andrei Vagin

Date: Mon Jun 15 2026 - 15:39:05 EST


Add a comment to check_xstate_in_sigframe() to explain reasoning behind
falling back to the FX-only state when signal frame metadata is
inconsistent.

The fallback is intended to preserve backward compatibility with legacy
user-space processes that are not aware of XSAVE states and might only
fill or copy just the legacy FP state.

This fallback is dangerous as it can trigger silent corruptions of
user-space state by resetting extended registers if the process was
using them but the frame metadata was malformed.

XSAVE was introduced 15 years ago, we may need to consider removing this
fallback entirely or introducing a sysctl to enable/disable it.

Signed-off-by: Andrei Vagin <avagin@xxxxxxxxxx>
---
arch/x86/kernel/fpu/signal.c | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 6a14b528ac7f..85021c5ea649 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -54,6 +54,14 @@ static inline bool check_xstate_in_sigframe(struct fxregs_state __user *buf_fx,
if (likely(magic2 == FP_XSTATE_MAGIC2))
return true;
err_setfx:
+ /*
+ * The fallback to FX-only state is used to preserve backward
+ * compatibility with user-space processes that are not aware of xsave
+ * states.
+ *
+ * In all other cases, returning false (to trigger SIGSEGV) is
+ * preferred to avoid silent user-space state corruption.
+ */
trace_x86_fpu_xstate_check_failed(x86_task_fpu(current));

/* Set the parameters for fx only state */
--
2.54.0.1189.g8c84645362-goog