Volume 2B Instruction Set Reference N-Z (794102), страница 51
Текст из файла (страница 51)
Registeraddresses are listed in Table 4-6. The addresses are defined to remain fixed for futureIntel 64 and IA-32 processors.Table 4-6. MSRs Used By the SYSENTER and SYSEXIT InstructionsMSRAddressIA32_SYSENTER_CS174HIA32_SYSENTER_ESP175HIA32_SYSENTER_EIP176HWhen SYSENTER is executed, the processor:1. Loads the segment selector from the IA32_SYSENTER_CS into the CS register.2. Loads the instruction pointer from the IA32_SYSENTER_EIP into the EIP register.3.
Adds 8 to the value in IA32_SYSENTER_CS and loads it into the SS register.4. Loads the stack pointer from the IA32_SYSENTER_ESP into the ESP register.5. Switches to privilege level 0.6. Clears the VM flag in the EFLAGS register, if the flag is set.SYSENTER—Fast System CallVol. 2B 4-369INSTRUCTION SET REFERENCE, N-Z7.
Begins executing the selected system procedure.The processor does not save a return IP or other state information for the callingprocedure.The SYSENTER instruction always transfers program control to a protected-modecode segment with a DPL of 0. The instruction requires that the following conditionsare met by the operating system:•The segment descriptor for the selected system code segment selects a flat,32-bit code segment of up to 4 GBytes, with execute, read, accessed, and nonconforming permissions.•The segment descriptor for selected system stack segment selects a flat 32-bitstack segment of up to 4 GBytes, with read, write, accessed, and expand-uppermissions.The SYSENTER can be invoked from all operating modes except real-address mode.The SYSENTER and SYSEXIT instructions are companion instructions, but they do notconstitute a call/return pair. When executing a SYSENTER instruction, the processordoes not save state information for the user code, and neither the SYSENTER nor theSYSEXIT instruction supports passing parameters on the stack.To use the SYSENTER and SYSEXIT instructions as companion instructions for transitions between privilege level 3 code and privilege level 0 operating system procedures, the following conventions must be followed:•The segment descriptors for the privilege level 0 code and stack segments andfor the privilege level 3 code and stack segments must be contiguous in theglobal descriptor table.
This convention allows the processor to compute thesegment selectors from the value entered in the SYSENTER_CS_MSR MSR.•The fast system call “stub” routines executed by user code (typically in sharedlibraries or DLLs) must save the required return IP and processor stateinformation if a return to the calling procedure is required. Likewise, theoperating system or executive procedures called with SYSENTER instructionsmust have access to and use this saved return and state information whenreturning to the user code.The SYSENTER and SYSEXIT instructions were introduced into the IA-32 architecturein the Pentium II processor. The availability of these instructions on a processor isindicated with the SYSENTER/SYSEXIT present (SEP) feature flag returned to theEDX register by the CPUID instruction.
An operating system that qualifies the SEPflag must also qualify the processor family and model to ensure that theSYSENTER/SYSEXIT instructions are actually present. For example:IF CPUID SEP bit is setTHEN IF (Family = 6) and (Model < 3) and (Stepping < 3)THENSYSENTER/SYSEXIT_Not_Supported; FI;ELSESYSENTER/SYSEXIT_Supported; FI;4-370 Vol. 2BSYSENTER—Fast System CallINSTRUCTION SET REFERENCE, N-ZFI;When the CPUID instruction is executed on the Pentium Pro processor (model 1), theprocessor returns a the SEP flag as set, but does not support the SYSENTER/SYSEXITinstructions.OperationIF CR0.PE = 0 THEN #GP(0); FI;IF SYSENTER_CS_MSR[15:2] = 0 THEN #GP(0); FI;EFLAGS.VM ← 0;(* Insures protected mode execution *)EFLAGS.IF ← 0;(* Mask interrupts *)EFLAGS.RF ← 0;CS.SEL ← SYSENTER_CS_MSR(* Set rest of CS to a fixed value *)CS.BASE ← 0;CS.LIMIT ← FFFFFH;CS.ARbyte.G ← 1;CS.ARbyte.S ← 1;CS.ARbyte.TYPE ← 1011B;CS.ARbyte.D ← 1;CS.ARbyte.DPL ← 0;CS.SEL.RPL ← 0;CS.ARbyte.P ← 1;CPL ← 0;SS.SEL ← CS.SEL + 8;(* Set rest of SS to a fixed value *)SS.BASE ← 0;SS.LIMIT ← FFFFFH;SS.ARbyte.G ← 1;SS.ARbyte.S ←;SS.ARbyte.TYPE ← 0011B;SS.ARbyte.D ← 1;SS.ARbyte.DPL ← 0;SS.SEL.RPL ← 0;SS.ARbyte.P ← 1;(* Operating system provides CS *)(* Flat segment *)(* 4-GByte limit *)(* 4-KByte granularity *)(* Execute + Read, Accessed *)(* 32-bit code segment*)(* Flat segment *)(* 4-GByte limit *)(* 4-KByte granularity *)(* Read/Write, Accessed *)(* 32-bit stack segment*)ESP ← SYSENTER_ESP_MSR;EIP ← SYSENTER_EIP_MSR;IA-32e Mode OperationIn IA-32e mode, SYSENTER executes a fast system calls from user code running atprivilege level 3 (in compatibility mode or 64-bit mode) to 64-bit executive proce-SYSENTER—Fast System CallVol.
2B 4-371INSTRUCTION SET REFERENCE, N-Zdures running at privilege level 0. This instruction is a companion instruction to theSYSEXIT instruction.In IA-32e mode, the IA32_SYSENTER_EIP and IA32_SYSENTER_ESP MSRs hold64-bit addresses and must be in canonical form; IA32_SYSENTER_CS must notcontain a NULL selector.When SYSENTER transfers control, the following fields are generated and bits set:••Target code segment — Reads non-NULL selector from IA32_SYSENTER_CS.•Target instruction — Reads 64-bit canonical address fromIA32_SYSENTER_EIP.•Stack segment — Computed by adding 8 to the value fromIA32_SYSENTER_CS.••Stack pointer — Reads 64-bit canonical address from IA32_SYSENTER_ESP.New CS attributes — L-bit = 1 (go to 64-bit mode); CS base = 0, CS limit =FFFFFFFFH.New SS attributes — SS base = 0, SS limit = FFFFFFFFH.Flags AffectedVM, IF, RF (see Operation above)Protected Mode Exceptions#GP(0)If IA32_SYSENTER_CS[15:2] = 0.#UDIf the LOCK prefix is used.Real-Address Mode Exceptions#GP(0)If protected mode is not enabled.#UDIf the LOCK prefix is used.Virtual-8086 Mode ExceptionsSame exceptions as in protected mode.Compatibility Mode ExceptionsSame exceptions as in protected mode.64-Bit Mode ExceptionsSame exceptions as in protected mode.4-372 Vol.
2BSYSENTER—Fast System CallINSTRUCTION SET REFERENCE, N-ZSYSEXIT—Fast Return from Fast System CallOpcodeInstruction64-BitModeCompat/Leg ModeDescription0F 35SYSEXITValidValidFast return to privilege level 3 user code.REX.W + 0F SYSEXIT35ValidValidFast return to 64-bit mode privilege level 3user code.DescriptionExecutes a fast return to privilege level 3 user code. SYSEXIT is a companion instruction to the SYSENTER instruction. The instruction is optimized to provide themaximum performance for returns from system procedures executing at protectionslevels 0 to user procedures executing at protection level 3. It must be executed fromcode executing at privilege level 0.Prior to executing SYSEXIT, software must specify the privilege level 3 code segmentand code entry point, and the privilege level 3 stack segment and stack pointer bywriting values into the following MSR and general-purpose registers:•IA32_SYSENTER_CS — Contains a 32-bit value, of which the lower 16 bits arethe segment selector for the privilege level 0 code segment in which theprocessor is currently executing.
This value is used to compute the segmentselectors for the privilege level 3 code and stack segments.•EDX — Contains the 32-bit offset into the privilege level 3 code segment to thefirst instruction to be executed in the user code.•ECX — Contains the 32-bit stack pointer for the privilege level 3 stack.The IA32_SYSENTER_CS MSR can be read from and written to usingRDMSR/WRMSR. The register address is listed in Table 4-6. This address is defined toremain fixed for future Intel 64 and IA-32 processors.When SYSEXIT is executed, the processor:1.
Adds 16 to the value in IA32_SYSENTER_CS and loads the sum into the CSselector register.2. Loads the instruction pointer from the EDX register into the EIP register.3. Adds 24 to the value in IA32_SYSENTER_CS and loads the sum into the SSselector register.4. Loads the stack pointer from the ECX register into the ESP register.5. Switches to privilege level 3.6. Begins executing the user code at the EIP address.See “SWAPGS—Swap GS Base Register” in this chapter for information about usingthe SYSENTER and SYSEXIT instructions as companion call and return instructions.SYSEXIT—Fast Return from Fast System CallVol. 2B 4-373INSTRUCTION SET REFERENCE, N-ZThe SYSEXIT instruction always transfers program control to a protected-mode codesegment with a DPL of 3.
The instruction requires that the following conditions aremet by the operating system:•The segment descriptor for the selected user code segment selects a flat, 32-bitcode segment of up to 4 GBytes, with execute, read, accessed, and nonconforming permissions.•The segment descriptor for selected user stack segment selects a flat, 32-bitstack segment of up to 4 GBytes, with expand-up, read, write, and accessedpermissions.The SYSENTER can be invoked from all operating modes except real-address modeand virtual 8086 mode.The SYSENTER and SYSEXIT instructions were introduced into the IA-32 architecturein the Pentium II processor. The availability of these instructions on a processor isindicated with the SYSENTER/SYSEXIT present (SEP) feature flag returned to theEDX register by the CPUID instruction.
An operating system that qualifies the SEPflag must also qualify the processor family and model to ensure that theSYSENTER/SYSEXIT instructions are actually present. For example:IF CPUID SEP bit is setTHEN IF (Family = 6) and (Model < 3) and (Stepping < 3)THENSYSENTER/SYSEXIT_Not_Supported; FI;ELSESYSENTER/SYSEXIT_Supported; FI;FI;When the CPUID instruction is executed on the Pentium Pro processor (model 1), theprocessor returns a the SEP flag as set, but does not support the SYSENTER/SYSEXITinstructions.OperationIF SYSENTER_CS_MSR[15:2] = 0 THEN #GP(0); FI;IF CR0.PE = 0 THEN #GP(0); FI;IF CPL ≠ 0 THEN #GP(0); FI;CS.SEL ← (SYSENTER_CS_MSR + 16);(* Set rest of CS to a fixed value *)CS.BASE ← 0;CS.LIMIT ← FFFFFH;CS.ARbyte.G ← 1;CS.ARbyte.S ← 1;CS.ARbyte.TYPE ← 1011B;CS.ARbyte.D ← 1;CS.ARbyte.DPL ← 3;4-374 Vol.
2B(* Segment selector for return CS *)(* Flat segment *)(* 4-GByte limit *)(* 4-KByte granularity *)(* Execute, Read, Non-Conforming Code *)(* 32-bit code segment*)SYSEXIT—Fast Return from Fast System CallINSTRUCTION SET REFERENCE, N-ZCS.SEL.RPL ← 3;CS.ARbyte.P ← 1;CPL ← 3;SS.SEL ← (SYSENTER_CS_MSR + 24);(* Set rest of SS to a fixed value *);SS.BASE ← 0;SS.LIMIT ← FFFFFH;SS.ARbyte.G ←1;SS.ARbyte.S ← ;SS.ARbyte.TYPE ← 0011B;SS.ARbyte.D ← 1;SS.ARbyte.DPL ← 3;SS.SEL.RPL ← 3;SS.ARbyte.P ← 1;(* Segment selector for return SS *)(* Flat segment *)(* 4-GByte limit *)(* 4-KByte granularity *)(* Expand Up, Read/Write, Data *)(* 32-bit stack segment*)ESP ← ECX;EIP ← EDX;IA-32e Mode OperationIn IA-32e mode, SYSEXIT executes a fast system calls from a 64-bit executive procedures running at privilege level 0 to user code running at privilege level 3 (in compatibility mode or 64-bit mode).
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
