Volume 3 General-Purpose and System Instructions (794097), страница 52
Текст из файла (страница 52)
3.13—July 2007AMD64 TechnologySWAPGSSwap GS Register with KernelGSbaseMSRProvides a fast method for system software to load a pointer to system data structures. SWAPGS canbe used upon entering system-software routines as a result of a SYSCALL instruction, an interrupt oran exception. Prior to returning to application software, SWAPGS can be used to restore theapplication data pointer that was replaced by the system data-structure pointer.This instruction can only be executed in 64-bit mode. Executing SWAPGS in any other modegenerates an undefined opcode exception.The SWAPGS instruction only exchanges the base-address value located in the KernelGSbase modelspecific register (MSR address C000_0102h) with the base-address value located in the hidden-portionof the GS selector register (GS.base). This allows the system-kernel software to access kernel datastructures by using the GS segment-override prefix during memory references.The address stored in the KernelGSbase MSR must be in canonical form.
The WRMSR instructionused to load the KernelGSbase MSR causes a general-protection exception if the address loaded is notin canonical form. The SWAPGS instruction itself does not perform a canonical check.This instruction is only valid in 64-bit mode at CPL 0. A general protection exception (#GP) isgenerated if this instruction is executed at any other privilege level.For additional information about this instruction, refer to “System-Management Instructions” inVolume 2.ExamplesAt a kernel entry point, the OS uses SwapGS to obtain a pointer to kernel data structures andsimultaneously save the user's GS base. Upon exit, it uses SwapGS to restore the user's GS base:SystemCallEntryPoint:SwapGSmov gs:[SavedUserRSP], rspmov rsp, gs:[KernelStackPtr]push rax..SwapGSMnemonicSWAPGS;;;;; get kernel pointer, save user GSbasesave user's stack pointerset up kernel stacknow save user GPRs on kernel stackperform system service; restore user GS, save kernel pointerOpcode0F 01 F8DescriptionExchange GS base with KernelGSBase MSR.(Invalid in legacy and compatibility modes.)Related InstructionsNoneInstruction ReferenceSWAPGS309AMD64 Technology24594—Rev.
3.13—July 2007rFLAGS AffectedNoneExceptionsExceptionInvalid opcode, #UDGeneral protection, #GP310RealVirtual8086ProtectedXXXThis instruction was executed in legacy orcompatibility mode.XCPL was not 0.Cause of ExceptionSWAPGSInstruction Reference24594—Rev. 3.13—July 2007AMD64 TechnologySYSCALLFast System CallTransfers control to a fixed entry point in an operating system.
It is designed for use by system andapplication software implementing a flat-segment memory model.The SYSCALL and SYSRET instructions are low-latency system call and return control-transferinstructions, which assume that the operating system implements a flat-segment memory model. Byeliminating unneeded checks, and by loading pre-determined values into the CS and SS segmentregisters (both visible and hidden portions), calls to and returns from the operating system are greatlysimplified. These instructions can be used in protected mode and are particularly well-suited for use in64-bit mode, which requires implementation of a paged, flat-segment memory model.This instruction has been optimized by reducing the number of checks and memory references that arenormally made so that a call or return takes considerably fewer clock cycles than the CALL FAR /RETFAR instruction method.It is assumed that the base, limit, and attributes of the Code Segment will remain flat for all processesand for the operating system, and that only the current privilege level for the selector of the callingprocess should be changed from a current privilege level of 3 to a new privilege level of 0.
It is alsoassumed (but not checked) that the RPL of the SYSCALL and SYSRET target selectors are set to 0and 3, respectively.SYSCALL sets the CPL to 0, regardless of the values of bits 33–32 of the STAR register. There are nopermission checks based on the CPL, real mode, or virtual-8086 mode.
SYSCALL and SYSRET mustbe enabled by setting EFER.SCE to 1.It is the responsibility of the operating system to keep the descriptors in memory that correspond to theCS and SS selectors loaded by the SYSCALL and SYSRET instructions consistent with the segmentbase, limit, and attribute values forced by these instructions.Legacy x86 Mode. In legacy x86 mode, when SYSCALL is executed, the EIP of the instructionfollowing the SYSCALL is copied into the ECX register.
Bits 31–0 of the SYSCALL/SYSRET targetaddress register (STAR) are copied into the EIP register. (The STAR register is model-specific registerC000_0081h.)New selectors are loaded, without permission checking (see above), as follows:•Bits 47–32 of the STAR register specify the selector that is copied into the CS register.•••••Bits 47–32 of the STAR register + 8 specify the selector that is copied into the SS register.The CS_base and the SS_base are both forced to zero.The CS_limit and the SS_limit are both forced to 4 Gbyte.The CS segment attributes are set to execute/read 32-bit code with a CPL of zero.The SS segment attributes are set to read/write and expand-up with a 32-bit stack referenced byESP.Instruction ReferenceSYSCALL311AMD64 Technology24594—Rev.
3.13—July 2007Long Mode. When long mode is activated, the behavior of the SYSCALL instruction depends onwhether the calling software is in 64-bit mode or compatibility mode. In 64-bit mode, SYSCALLsaves the RIP of the instruction following the SYSCALL into RCX and loads the new RIP fromLSTAR bits 63–0. (The LSTAR register is model-specific register C000_0082h.) In compatibilitymode, SYSCALL saves the RIP of the instruction following the SYSCALL into RCX and loads thenew RIP from CSTAR bits 63–0.
(The CSTAR register is model-specific register C000_0083h.)New selectors are loaded, without permission checking (see above), as follows:••••••Bits 47–32 of the STAR register specify the selector that is copied into the CS register.Bits 47–32 of the STAR register + 8 specify the selector that is copied into the SS register.The CS_base and the SS_base are both forced to zero.The CS_limit and the SS_limit are both forced to 4 Gbyte.The CS segment attributes are set to execute/read 64-bit code with a CPL of zero.The SS segment attributes are set to read/write and expand-up with a 64-bit stack referenced byRSP.The WRMSR instruction loads the target RIP into the LSTAR and CSTAR registers.
If an RIP writtenby WRMSR is not in canonical form, a general-protection exception (#GP) occurs.How SYSCALL and SYSRET handle rFLAGS, depends on the processor’s operating mode.In legacy mode, SYSCALL treats EFLAGS as follows:•••EFLAGS.IF is cleared to 0.EFLAGS.RF is cleared to 0.EFLAGS.VM is cleared to 0.In long mode, SYSCALL treats RFLAGS as follows:•••The current value of RFLAGS is saved in R11.RFLAGS is masked using the value stored in SYSCALL_FLAG_MASK.RFLAGS.RF is cleared to 0.For further details on the SYSCALL and SYSRET instructions and their associated MSR registers(STAR, LSTAR, CSTAR, and SYSCALL_FLAG_MASK), see “Fast System Call and Return” inVolume 2.MnemonicOpcodeSYSCALL0F 05DescriptionCall operating system.Action// See “Pseudocode Definitions” on page 41.SYSCALL_START:312SYSCALLInstruction Reference24594—Rev. 3.13—July 2007IF (MSR_EFER.SCE = 0)EXCEPTION [#UD]AMD64 Technology// Check if syscall/sysret are enabled.IF (LONG_MODE)SYSCALL_LONG_MODEELSE // (LEGACY_MODE)SYSCALL_LEGACY_MODESYSCALL_LONG_MODE:RCX.q = next_RIPR11.q = RFLAGS// with rf clearedIF (64BIT_MODE)temp_RIP.q = MSR_LSTARELSE // (COMPATIBILITY_MODE)temp_RIP.q = MSR_CSTARCS.selCS.attrCS.baseCS.limit====MSR_STAR.SYSCALL_CS AND 0xFFFC64-bit code,dpl0 // Always switch to 64-bit mode in long mode.0x000000000xFFFFFFFFSS.selSS.attrSS.baseSS.limit====MSR_STAR.SYSCALL_CS + 864-bit stack,dpl00x000000000xFFFFFFFFRFLAGS = RFLAGS AND ~MSR_SFMASKRFLAGS.RF = 0CPL = 0RIP = temp_RIPEXITSYSCALL_LEGACY_MODE:RCX.d = next_RIPtemp_RIP.d = MSR_STAR.EIPCS.selCS.attrCS.baseCS.limit====MSR_STAR.SYSCALL_CS AND 0xFFFC32-bit code,dpl0 // Always switch to 32-bit mode in legacy mode.0x000000000xFFFFFFFFSS.sel= MSR_STAR.SYSCALL_CS + 8Instruction ReferenceSYSCALL313AMD64 Technology24594—Rev.
3.13—July 2007SS.attr = 32-bit stack,dpl0SS.base = 0x00000000SS.limit = 0xFFFFFFFFRFLAGS.VM,IF,RF=0CPL = 0RIP = temp_RIPEXITRelated InstructionsSYSRET, SYSENTER, SYSEXITrFLAGS AffectedIDVIPVIFACVMRFNTIOPLOFDFIFTFSFZFAFPFCFMMMM00MMMMMMMMMMM2120191817161413–1211109876420Note: Bits 31–22, 15, 5, 3, and 1 are reserved. A flag set to one or cleared to zero is M (modified). Unaffected flagsare blank. Undefined flags are U.ExceptionsExceptionRealVirtual8086ProtectedXXXThe SYSCALL and SYSRET instructions are notsupported, as indicated by EDX bit 11 returned byCPUID function 8000_0001h.XXXThe system call extension bit (SCE) of the extendedfeature enable register (EFER) is set to 0. (TheEFER register is MSR C000_0080h.)Invalid opcode, #UD314Cause of ExceptionSYSCALLInstruction Reference24594—Rev. 3.13—July 2007AMD64 TechnologySYSENTERSystem CallTransfers control to a fixed entry point in an operating system.
It is designed for use by system andapplication software implementing a flat-segment memory model. This instruction is valid only inlegacy mode.Three model-specific registers (MSRs) are used to specify the target address and stack pointers for theSYSENTER instruction, as well as the CS and SS selectors of the called and returned procedures:•••MSR_SYSENTER_CS: Contains the CS selector of the called procedure. The SS selector is set toMSR_SYSENTER_CS + 8.MSR_SYSENTER_ESP: Contains the called procedure’s stack pointer.MSR_SYSENTER_EIP: Contains the offset into the CS of the called procedure.The hidden portions of the CS and SS segment registers are not loaded from the descriptor table as theywould be using a legacy x86 CALL instruction. Instead, the hidden portions are forced by theprocessor to the following values:••••The CS and SS base values are forced to 0.The CS and SS limit values are forced to 4 Gbytes.The CS segment attributes are set to execute/read 32-bit code with a CPL of zero.The SS segment attributes are set to read/write and expand-up with a 32-bit stack referenced byESP.System software must create corresponding descriptor-table entries referenced by the new CS and SSselectors that match the values described above.The return EIP and application stack are not saved by this instruction.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
