There are two issues with copyout_from_xsaves and copyin_to_xsaves. The first is a simple bounds checking issue, where the code could potentially clobber memory outside of a userspace buffer before it stops copying data.
The second is more subtle. SSE and YMM XRSTOR depend on two fields inside the legacy FP area. However, if xfeatures XFEATURE_MASK_FP is clear, those fields do not get copied around at all. Fix that. Thanks to Dave Hansen for helping track down that second bug.
