Please find the attached patch that:

1. Moves user stack flag memory access before srlz.i;

2. Moves mov b6=r22 as late as possible. 

3. Changes (pSys) to (pLvSys) in skip_rbs_switch: section. IA32 syscall
set pSys=1 but pLvSys=0. It's not necessary to clear bank1 r16-r19 registers
for IA32 syscall.

The number for leave_syscall is 268 cycles with this patch. The number
is 295 cycles w/o this patch. It was 245 cycles with the original kee patched
kernel. The 23 cycles come from restoring b6 operation which didn't exist in
the orignal kee patch.