47 lines
3.4 KiB
Markdown
Executable File
47 lines
3.4 KiB
Markdown
Executable File
# SYSEXIT — Return from Fast System Call
|
|
|
|
## Description
|
|
|
|
Executes a fast return to privilege level 3 user code. SYSEXIT is a companion instruction to the SYSENTER instruction. The instruction is
|
|
optimized to provide the maximum performance for returns from system procedures executing at protections levels 0 to user procedures executing
|
|
at protection level 3. It must be executed from code executing at privilege level 0.
|
|
|
|
## Instruction
|
|
|
|
| Opcode | Assembly | Op/En | Modern Mode | Legacy Mode | Description |
|
|
|---------------|----------|-------|-------------|-------------|-------------------------------------------------------------------------------|
|
|
| 0F 35 | SYSEXIT | NP | Valid | Valid | Fast return to privilege level 3 user code. |
|
|
| REX.W + 0F 35 | SYSEXIT | NP | Valid | Valid | Fast return to 64-bit mode privilege level 3 user code. |
|
|
|
|
## Information
|
|
|
|
With a 64-bit operand size, SYSEXIT remains in 64-bit mode; otherwise, it either enters compatibility mode (if the logical processor is in
|
|
IA-32e mode) or remains in protected mode (if it is not).
|
|
|
|
Prior to executing SYSEXIT, software must specify the privilege level 3 code segment and code entry point, and the privilege level 3 stack
|
|
segment and stack pointer by writing values into the following MSR and general-purpose registers:
|
|
|
|
- IA32_SYSENTER_CS (MSR address 174H) — Contains a 32-bit value that is used to determine the segment selectors for the privilege level 3 code
|
|
and stack segments.
|
|
|
|
- RDX — The canonical address in this register is loaded into RIP (thus, this value references the first instruction to be executed in the user
|
|
code). If the return is not to 64-bit mode, only bits 31:0 are loaded.
|
|
|
|
- ECX — The canonical address in this register is loaded into RSP (thus, this value contains the stack pointer for the privilege level 3
|
|
stack). If the return is not to 64-bit mode, only bits 31:0 are loaded. The IA32_SYSENTER_CS MSR can be read from and written to using RDMSR
|
|
and WRMSR.
|
|
|
|
While SYSEXIT loads the CS and SS selectors with values derived from the IA32_SYSENTER_CS MSR, the CS and SS descriptor caches are not loaded
|
|
from the descriptors (in GDT or LDT) referenced by those selectors. Instead, the descriptor caches are loaded with fixed values. See the
|
|
Operation section for details. It is the responsibility of OS software to ensure that the descriptors (in GDT or LDT) referenced by those
|
|
selector values correspond to the fixed values loaded into the descriptor caches; the SYSEXIT instruction does not ensure this correspondence.
|
|
The SYSEXIT instruction can be invoked from all operating modes except real-address mode and virtual-8086 mode.
|
|
|
|
The SYSENTER and SYSEXIT instructions were introduced into the IA-32 architecture in the Pentium II processor. The availability of these
|
|
instructions on a processor is indicated with the SYSENTER/SYSEXIT present (SEP) feature flag returned to the EDX register by the CPUID
|
|
instruction. An operating system that qualifies the SEP flag must also qualify the processor family and model to ensure that the
|
|
SYSENTER/SYSEXIT instructions are actually present.
|
|
|
|
When the CPUID instruction is executed on the Pentium Pro processor (model 1), the processor returns a the SEP flag as set, but does not
|
|
support the SYSENTER/SYSEXIT instructions.
|