Arch86

Opcode	Encoding	16-bit	32-bit	64-bit	`CPUID` Feature Flag(s)	Description
`F3 0F AE mem/6` `CLRSSBSY m64`	`m`	Invalid	Valid	Valid	`cet-ss`	Clear the busy flag in a supervisor shadow stack token at m64.
Opcode: `F3 0F AE mem/6` Mnemonic: `CLRSSBSY m64` Encoding: `m` Validity (16/32/64 bit): invalid, valid, valid `CPUID` Feature Flag(s): `cet-ss` Clear the busy flag in a supervisor shadow stack token at m64.

Encoding

Encoding	Operand
`m`	`ModRM.r/m[rw]`

Description

The CLRSSBSY instruction clears the "busy" flag in a supervisor shadow stack token located at the operand' effective address. Afterwards, the SSP (shadow stack pointer) is set to 0.

Operation

public void CLRSSBSY(IntPtr addr)
{
    if (!CR4.CET || !IA32_S_CET.SH_STK_EN)
        #UD;

    if (CPL > 0 || !IsAligned(addr, 8))
        #GP(0);

    U64 newToken = addr.ToInt64();
    U64 expectedToken = newToken | 1; // busy bit is bit 0
    CF = ShadowStackLockCmpxchg8b(addr, newToken, expectedToken) != expectedToken;
    SSP = 0;
}

Flags Affected

CF (carry flag): Set if an invalid token was detected. Cleared otherwise.
PF (parity flag): Cleared.
AF (auxiliary flag): Cleared.
ZF (zero flag): Cleared.
SF (sign flag): Cleared.
OF (overflow flag): Cleared.

Exceptions

Real-Address Mode

#UD

If in Real Mode.

Virtual-8086 Mode

#UD

If in Virtual-8086 Mode.

Protected Mode

#UD

If the LOCK prefix is used.
If CR4.CET is 0.
If IA32_S_CET.SH_STK_EN is 0.

#GP(0)

If CPL is greater than 0.
If a memory operand is not aligned to a 8-byte boundary.
If the destination is located in a non-writable segment.
If a memory operand uses a segment containing a NULL selector.
If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.

#SS(0)

If a memory operand using the
SS
segment has an effective address that is outside the
SS
segment's limit.

#PF(fc)

If a page fault occurs.

Compatibility Mode

#UD

If the LOCK prefix is used.
If CR4.CET is 0.
If IA32_S_CET.SH_STK_EN is 0.

#GP(0)

If CPL is greater than 0.
If a memory operand is not aligned to a 8-byte boundary.
If the destination is located in a non-writable segment.
If a memory operand uses a segment containing a NULL selector.
If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.

#SS(0)

If a memory operand using the
SS
segment has an effective address that is outside the
SS
segment's limit.

#PF(fc)

If a page fault occurs.

Long Mode

#UD

If the LOCK prefix is used.
If CR4.CET is 0.
If IA32_S_CET.SH_STK_EN is 0.

#GP(0)

If CPL is greater than 0.
If a memory operand is not aligned to a 8-byte boundary.
If a memory operand (using a segment other than SS) is in non-canonical form.
If the destination is located in a non-writable segment.
If a memory operand uses a segment containing a NULL selector.
If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.

#SS(0)

If a memory operand using the SS segment is in non-canonical form.
If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.

#PF(fc)

If a page fault occurs.