1 files changed, 7 insertions, 0 deletions
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index a821b1cd4fa7..72bf2680f819 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -427,6 +427,13 @@ sysretl_from_sys_call:
         * cs and ss are loaded from MSRs.
         * (Note: 32bit->32bit SYSRET is different: since r11
         * does not exist, it merely sets eflags.IF=1).
+         *
+         * NB: On AMD CPUs with the X86_BUG_SYSRET_SS_ATTRS bug, the ss
+         * descriptor is not reinitialized.  This means that we must
+         * avoid SYSRET with SS == NULL, which could happen if we schedule,
+         * exit the kernel, and re-enter using an interrupt vector.  (All
+         * interrupt entries on x86_64 set SS to NULL.)  We prevent that
+         * from happening by reloading SS in __switch_to.
         */
        USERGS_SYSRET32

diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S index a821b1cd4fa7..72bf2680f819 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S
@@ -427,6 +427,13 @@ sysretl_from_sys_call:
427	* cs and ss are loaded from MSRs.	427	* cs and ss are loaded from MSRs.
428	* (Note: 32bit->32bit SYSRET is different: since r11	428	* (Note: 32bit->32bit SYSRET is different: since r11
429	* does not exist, it merely sets eflags.IF=1).	429	* does not exist, it merely sets eflags.IF=1).
		430	*
		431	* NB: On AMD CPUs with the X86_BUG_SYSRET_SS_ATTRS bug, the ss
		432	* descriptor is not reinitialized. This means that we must
		433	* avoid SYSRET with SS == NULL, which could happen if we schedule,
		434	* exit the kernel, and re-enter using an interrupt vector. (All
		435	* interrupt entries on x86_64 set SS to NULL.) We prevent that
		436	* from happening by reloading SS in __switch_to.
430	*/	437	*/
431	USERGS_SYSRET32	438	USERGS_SYSRET32
432		439