Volume 3: General-Purpose and System Instructions - Stanford ...

AMD64 Technology 24594 Rev. 3.10 February 2005In both cases, the CPL is forced to 3, effectively ignoring STAR bits 49–48. The SSselector is updated to point to the next descriptor-table entry after the CS descriptor(STAR.SYSRET_CS + 8), and its RPL is not forced to 3.The hidden portions of the CS and SS segment registers are not loaded from thedescriptor table as they would be using a legacy x86 RET instruction. Instead, thehidden portions are forced by the processor to the following values:• The CS base value is forced to 0.• The CS limit value is forced to 4 Gbytes.• The CS segment attributes are set to execute-read 32 bits or 64 bits (see below).• The SS segment base, limit, and attributes are not modified.When SYSCALLed system software is running in 64-bit mode, it has been enteredfrom either 64-bit mode or compatibility mode. The corresponding SYSRET needs toknow the mode to which it must return. Executing SYSRET in non-64-bit mode or witha 16- or 32-bit operand size, returns to 32-bit mode with a 32-bit stack pointer.Executing SYSRET in 64-bit mode with a 64-bit operand size returns to 64-bit modewith a 64-bit stack pointer.The instruction pointer is updated with the return address based on the operatingmode in which SYSRET is executed:• If returning to 64-bit mode, SYSRET loads RIP with the value of RCX.• If returning to 32-bit mode, SYSRET loads EIP with the value of ECX.How SYSRET handles RFLAGS, depends on the processor’s operating mode:• If executed in 64-bit mode, SYSRET loads the lower-32 RFLAGS bits fromR11[31:0] and clears the upper 32 RFLAGS bits.• If executed in legacy mode or compatibility mode, SYSRET sets EFLAGS.IF.For further details on the SYSCALL and SYSRET instructions and their associatedMSR registers (STAR, LSTAR, and CSTAR), see “Fast System Call and Return” inVolume 2.Mnemonic Opcode DescriptionSYSRET 0F 07 Return from operating system.Action// See “Pseudocode Definitions” on page 49.SYSRET_START:364 SYSRET