Clear Busy Flag in a Supervisor Shadow Stack Token

Encoding

EncodingOperand
mModRM.r/m[rw]

Description

The CLRSSBSY instruction clears the "busy" flag in a supervisor shadow stack token located at the operand' effective address. Afterwards, the SSP (shadow stack pointer) is set to 0.

Operation

public void CLRSSBSY(IntPtr addr)
{
    if (!CR4.CET || !IA32_S_CET.SH_STK_EN)
        #UD;

    if (CPL > 0 || !IsAligned(addr, 8))
        #GP(0);

    U64 newToken = addr.ToInt64();
    U64 expectedToken = newToken | 1; // busy bit is bit 0
    CF = ShadowStackLockCmpxchg8b(addr, newToken, expectedToken) != expectedToken;
    SSP = 0;
}

Flags Affected

CF (carry flag)
Set if an invalid token was detected. Cleared otherwise.
PF (parity flag)
Cleared.
AF (auxiliary flag)
Cleared.
ZF (zero flag)
Cleared.
SF (sign flag)
Cleared.
OF (overflow flag)
Cleared.

Exceptions

Real-Address Mode

#UD
  • If in Real Mode.

Virtual-8086 Mode

#UD
  • If in Virtual-8086 Mode.

Protected Mode

#UD
  • If the LOCK prefix is used.
  • If CR4.CET is 0.
  • If IA32_S_CET.SH_STK_EN is 0.
#GP(0)
  • If CPL is greater than 0.
  • If a memory operand is not aligned to a 8 byte boundary.
  • If the destination is located in a non-writable segment.
  • If a memory operand uses a segment containing a NULL selector.
  • If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.
#SS(0)
  • If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.
#PF(fc)
  • If a page fault occurs.

Compatibility Mode

#UD
  • If the LOCK prefix is used.
  • If CR4.CET is 0.
  • If IA32_S_CET.SH_STK_EN is 0.
#GP(0)
  • If CPL is greater than 0.
  • If a memory operand is not aligned to a 8 byte boundary.
  • If the destination is located in a non-writable segment.
  • If a memory operand uses a segment containing a NULL selector.
  • If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.
#SS(0)
  • If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.
#PF(fc)
  • If a page fault occurs.

Long Mode

#UD
  • If the LOCK prefix is used.
  • If CR4.CET is 0.
  • If IA32_S_CET.SH_STK_EN is 0.
#GP(0)
  • If CPL is greater than 0.
  • If a memory operand is not aligned to a 8 byte boundary.
  • If a memory operand (using a segment other than SS) is in non-canonical form.
  • If the destination is located in a non-writable segment.
  • If a memory operand uses a segment containing a NULL selector.
  • If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.
#SS(0)
  • If a memory operand using the SS segment is in non-canonical form.
  • If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.
#PF(fc)
  • If a page fault occurs.