116 lines
4.3 KiB
HTML
116 lines
4.3 KiB
HTML
|
<!DOCTYPE html>
|
|||
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:svg="http://www.w3.org/2000/svg" xmlns:x86="http://www.felixcloutier.com/x86"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="style.css"></link><title>SETSSBSY
|
|||
|
|
— Mark Shadow Stack Busy</title></head><body><header><nav><ul><li><a href='index.html'>Index</a></li><li>December 2023</li></ul></nav></header><h1>SETSSBSY
|
|||
|
|
— Mark Shadow Stack Busy</h1>
|
|||
|
|
|
|||
|
|
<table>
|
|||
|
|
<tr>
|
|||
|
|
<th>Opcode/Instruction</th>
|
|||
|
|
<th>Op/En</th>
|
|||
|
|
<th>64/32 bit Mode Support</th>
|
|||
|
|
<th>CPUID Feature Flag</th>
|
|||
|
|
<th>Description</th></tr>
|
|||
|
|
<tr>
|
|||
|
|
<td>F3 0F 01 E8 SETSSBSY</td>
|
|||
|
|
<td>ZO</td>
|
|||
|
|
<td>V/V</td>
|
|||
|
|
<td>CET_SS</td>
|
|||
|
|
<td>Set busy flag in supervisor shadow stack token reference by IA32_PL0_SSP.</td></tr></table>
|
|||
|
|
<h2 id="instruction-operand-encoding">Instruction Operand Encoding<a class="anchor" href="#instruction-operand-encoding">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<table>
|
|||
|
|
<tr>
|
|||
|
|
<th>Op/En</th>
|
|||
|
|
<th>Operand 1</th>
|
|||
|
|
<th>Operand 2</th>
|
|||
|
|
<th>Operand 3</th>
|
|||
|
|
<th>Operand 4</th></tr>
|
|||
|
|
<tr>
|
|||
|
|
<td>ZO</td>
|
|||
|
|
<td>N/A</td>
|
|||
|
|
<td>N/A</td>
|
|||
|
|
<td>N/A</td>
|
|||
|
|
<td>N/A</td></tr></table>
|
|||
|
|
<h2 id="description">Description<a class="anchor" href="#description">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<p>The SETSSBSY instruction verifies the presence of a non-busy supervisor shadow stack token at the address in the IA32_PL0_SSP MSR and marks it busy. Following successful execution of the instruction, the SSP is set to the value of the IA32_PL0_SSP MSR.</p>
|
|||
|
|
<h2 id="operation">Operation<a class="anchor" href="#operation">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<pre>IF (CR4.CET = 0)
|
|||
|
|
THEN #UD; FI;
|
|||
|
|
IF (IA32_S_CET.SH_STK_EN = 0)
|
|||
|
|
THEN #UD; FI;
|
|||
|
|
IF CPL > 0
|
|||
|
|
THEN GP(0); FI;
|
|||
|
|
SSP_LA = IA32_PL0_SSP
|
|||
|
|
If SSP_LA not aligned to 8 bytes
|
|||
|
|
THEN #GP(0); FI;
|
|||
|
|
expected_token_value = SSP_LA
|
|||
|
|
new_token_value = SSP_LA | BUSY_BIT
|
|||
|
|
IF shadow_stack_lock_cmpxchg8B(SSP_LA, new_token_value, expected_token_value) != expected_token_value
|
|||
|
|
THEN #CP(SETSSBSY); FI;
|
|||
|
|
SSP = SSP_LA
|
|||
|
|
</pre>
|
|||
|
|
<h2 id="flags-affected">Flags Affected<a class="anchor" href="#flags-affected">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<p>None.</p>
|
|||
|
|
<h2 id="c-c++-compiler-intrinsic-equivalent">C/C++ Compiler Intrinsic Equivalent<a class="anchor" href="#c-c++-compiler-intrinsic-equivalent">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<pre>SETSSBSYvoid _setssbsy(void);
|
|||
|
|
</pre>
|
|||
|
|
<h2 class="exceptions" id="protected-mode-exceptions">Protected Mode Exceptions<a class="anchor" href="#protected-mode-exceptions">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<table>
|
|||
|
|
<tr>
|
|||
|
|
<td rowspan="3">#UD</td>
|
|||
|
|
<td>If the LOCK prefix is used.</td></tr>
|
|||
|
|
<tr>
|
|||
|
|
<td>If CR4.CET = 0.</td></tr>
|
|||
|
|
<tr>
|
|||
|
|
<td>IF IA32_S_CET.SH_STK_EN = 0.</td></tr>
|
|||
|
|
<tr>
|
|||
|
|
<td rowspan="2">#GP(0)</td>
|
|||
|
|
<td>If IA32_PL0_SSP not aligned to 8 bytes.</td></tr>
|
|||
|
|
<tr>
|
|||
|
|
<td>If CPL is not 0.</td></tr>
|
|||
|
|
<tr>
|
|||
|
|
<td rowspan="2">#CP(setssbsy)</td>
|
|||
|
|
<td>If busy bit in token is set.</td></tr>
|
|||
|
|
<tr>
|
|||
|
|
<td>If in 32-bit or compatibility mode, and the address in token is not below 4G.</td></tr>
|
|||
|
|
<tr>
|
|||
|
|
<td>#PF(fault-code)</td>
|
|||
|
|
<td>If a page fault occurs.</td></tr></table>
|
|||
|
|
<h2 class="exceptions" id="real-address-mode-exceptions">Real-Address Mode Exceptions<a class="anchor" href="#real-address-mode-exceptions">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<table>
|
|||
|
|
<tr>
|
|||
|
|
<td>#UD</td>
|
|||
|
|
<td>The SETSSBSY instruction is not recognized in real-address mode.</td></tr></table>
|
|||
|
|
<h2 class="exceptions" id="virtual-8086-mode-exceptions">Virtual-8086 Mode Exceptions<a class="anchor" href="#virtual-8086-mode-exceptions">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<table>
|
|||
|
|
<tr>
|
|||
|
|
<td>#UD</td>
|
|||
|
|
<td>The SETSSBSY instruction is not recognized in virtual-8086 mode.</td></tr></table>
|
|||
|
|
<h2 class="exceptions" id="compatibility-mode-exceptions">Compatibility Mode Exceptions<a class="anchor" href="#compatibility-mode-exceptions">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<p>Same as protected mode exceptions.</p>
|
|||
|
|
<h2 class="exceptions" id="64-bit-mode-exceptions">64-Bit Mode Exceptions<a class="anchor" href="#64-bit-mode-exceptions">
|
|||
|
|
¶
|
|||
|
|
</a></h2>
|
|||
|
|
<p>Same as protected mode exceptions.</p><footer><p>
|
|||
|
|
This UNOFFICIAL, mechanically-separated, non-verified reference is provided for convenience, but it may be
|
|||
|
|
inc<span style="opacity: 0.2">omp</span>lete or b<sub>r</sub>oke<sub>n</sub> in various obvious or non-obvious
|
|||
|
|
ways. Refer to <a href="https://software.intel.com/en-us/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4">Intel® 64 and IA-32 Architectures Software Developer’s Manual</a> for anything serious.
|
|||
|
|
</p></footer></body></html>
|