Intel 64 and IA-32 Architectures Software Developers Manual Volume 2B, Instruction Set Reference, N-Z
4-370 Vol. 2B
INSTRUCTION SET REFERENCE, N-Z
SYSRET—Return From Fast System Call
Description
SYSCALL saves the RIP of the instruction following the SYSCALL into RCX and loads
the new RIP from the LSTAR (64-bit mode only). Upon return, SYSRET copies the
value saved in RCX to the RIP.
In a return to 64-bit mode using Osize 64, SYSRET sets the CS selector value to MSR
IA32_STAR[63:48] +16. The SS is set to IA32_STAR[63:48] + 8.
SYSRET transfer control to compatibility mode using Osize 32. The CS selector value
is set to MSR IA32_STAR[63:48]. The SS is set to IA32_STAR[63:48] + 8.
It is the responsibility of the OS to keep descriptors in the GDT/LDT that correspond
to selectors loaded by SYSCALL/SYSRET consistent with the base, limit and attribute
values forced by the these instructions.
Software should not alter the CS or SS descriptors in a manner that violates the
following assumptions made by SYSCALL/SYSRET:
• CS and SS base and limit remain the same for all processes, including the
operating system.
• CS of the SYSCALL target has a privilege level of 0.
• CS of the SYSRET target has a privilege level of 3.
SYSCALL/SYSRET do not check for violations of these assumptions.
Operation
IF (CS.L ≠ 1 ) or (IA32_EFER.LMA ≠ 1) or (IA32_EFER.SCE ≠ 1)
(* Not in 64-Bit Mode or SYSCALL/SYSRET not enabled in IA32_EFER *)
THEN #UD; FI;
IF (CPL
≠ 0)
THEN #GP(0); FI;
IF (RCX
≠ CANONICAL_ADDRESS)
THEN #GP(0); FI;
IF (OPERAND_SIZE
= 64)
THEN (* Return to 64-Bit Mode *)
EFLAGS ← R11;
CPL ← 0x3;
CS(SEL) ← IA32_STAR[63:48] + 16;
CS(PL) ← 0x3;
SS(SEL) ← IA32_STAR[63:48] + 8;
Opcode Instruction
64-Bit
Mode
Compat/
Leg Mode Description
0F 07 SYSRET Valid Invalid Return from fast system call