SYSRET

Return From Fast System Call

Opcodes

Hex Mnemonic Encoding Long Mode Legacy Mode Description
REX.W + 0F 07 SYSRET A Valid Invalid Return to 64-bit mode from fast system call
0F 07 SYSRET A Valid Invalid Return to compatibility mode from fast system call

Instruction Operand Encoding

Op/En Operand 0 Operand 1 Operand 2 Operand 3
A NA NA NA NA

Description

SYSCALL saves the RIP of the instruction following the SYSCALL into RCX and loads the new RIP from the LSTAR (64-bit mode only). Upon return, SYSRET copies the value saved in RCX to the RIP.

In a return to 64-bit mode using Osize 64, SYSRET sets the CS selector value to MSR IA32_STAR[63:48] +16. The SS is set to IA32_STAR[63:48] + 8.

SYSRET transfer control to compatibility mode using Osize 32. The CS selector value is set to MSR IA32_STAR[63:48]. The SS is set to IA32_STAR[63:48] + 8.

It is the responsibility of the OS to keep descriptors in the GDT/LDT that correspond to selectors loaded by SYSCALL/SYSRET consistent with the base, limit and attribute values forced by the these instructions.

Software should not alter the CS or SS descriptors in a manner that violates the following assumptions made by SYSCALL/SYSRET:

Pseudo Code

IF (CS.L != 1) or (IA32_EFER.LMA != 1) or (IA32_EFER.SCE != 1) (* Not in 64-Bit Mode or SYSCALL/SYSRET not enabled in IA32_EFER *)
	#UD;
FI;
IF (CPL != 0)
	#GP(0);
FI;
IF (RCX != CANONICAL_ADDRESS)
	#GP(0);
FI;
IF (OPERAND_SIZE = 64)
	(* Return to 64-Bit Mode *)
	EFLAGS = R11;
	CPL = 0x3;
	CS(SEL) = IA32_STAR[63:48] + 16;
	CS(PL) = 0x3;
	SS(SEL) = IA32_STAR[63:48] + 8;
	SS(PL) = 0x3;
	RIP = RCX;
ELSE
	(* Return to Compatibility Mode *)
	EFLAGS = R11;
	CPL = 0x3;
	CS(SEL) = IA32_STAR[63:48] ;
	CS(PL) = 0x3;
	SS(SEL) = IA32_STAR[63:48] + 8;
	SS(PL) = 0x3;
	EIP = ECX;
FI;

Flags Affected

VM, IF, RF.

Exceptions

64-Bit Mode Exceptions

Exception Description
#GP(0) If CPL != 0. If ECX contains a non-canonical address.
#UD If IA32_EFER.SCE bit = 0. If the LOCK prefix is used.

Compatibility Mode Exceptions

Exception Description
#UD If Mode != 64-Bit.

Virtual-8086 Mode Exceptions

Exception Description
#UD If Mode != 64-Bit.

Real-Address Mode Exceptions

Exception Description
#UD If Mode != 64-Bit.

Protected Mode Exceptions

Exception Description
#UD If Mode != 64-Bit.