Intel 253668-032US User Manual
Vol. 3 5-31
PROTECTION
•
Stack segment — Computed by adding 24 to the value in IA32_SYSENTER_CS.
•
Stack pointer — Reads this from ECX.
The SYSENTER and SYSEXIT instructions preform “fast” calls and returns because
they force the processor into a predefined privilege level 0 state when SYSENTER is
executed and into a predefined privilege level 3 state when SYSEXIT is executed. By
forcing predefined and consistent processor states, the number of privilege checks
ordinarily required to perform a far call to another privilege levels are greatly
reduced. Also, by predefining the target context state in MSRs and general-purpose
registers eliminates all memory accesses except when fetching the target code.
Any additional state that needs to be saved to allow a return to the calling procedure
must be saved explicitly by the calling procedure or be predefined through program-
ming conventions.
they force the processor into a predefined privilege level 0 state when SYSENTER is
executed and into a predefined privilege level 3 state when SYSEXIT is executed. By
forcing predefined and consistent processor states, the number of privilege checks
ordinarily required to perform a far call to another privilege levels are greatly
reduced. Also, by predefining the target context state in MSRs and general-purpose
registers eliminates all memory accesses except when fetching the target code.
Any additional state that needs to be saved to allow a return to the calling procedure
must be saved explicitly by the calling procedure or be predefined through program-
ming conventions.
5.8.7.1
SYSENTER and SYSEXIT Instructions in IA-32e Mode
For Intel 64 processors, the SYSENTER and SYSEXIT instructions are enhanced to
allow fast system calls from user code running at privilege level 3 (in compatibility
mode or 64-bit mode) to 64-bit executive procedures running at privilege level 0.
IA32_SYSENTER_EIP MSR and IA32_SYSENTER_ESP MSR are expanded to hold
64-bit addresses. If IA-32e mode is inactive, only the lower 32-bit addresses stored
in these MSRs are used. If 64-bit mode is active, addresses stored in
IA32_SYSENTER_EIP and IA32_SYSENTER_ESP must be canonical. Note that, in
64-bit mode, IA32_SYSENTER_CS must not contain a NULL selector.
When SYSENTER transfers control, the following fields are generated and bits set:
allow fast system calls from user code running at privilege level 3 (in compatibility
mode or 64-bit mode) to 64-bit executive procedures running at privilege level 0.
IA32_SYSENTER_EIP MSR and IA32_SYSENTER_ESP MSR are expanded to hold
64-bit addresses. If IA-32e mode is inactive, only the lower 32-bit addresses stored
in these MSRs are used. If 64-bit mode is active, addresses stored in
IA32_SYSENTER_EIP and IA32_SYSENTER_ESP must be canonical. Note that, in
64-bit mode, IA32_SYSENTER_CS must not contain a NULL selector.
When SYSENTER transfers control, the following fields are generated and bits set:
•
Target code segment — Reads non-NULL selector from IA32_SYSENTER_CS.
•
New CS attributes — CS base = 0, CS limit = FFFFFFFFH.
•
Target instruction — Reads 64-bit canonical address from
IA32_SYSENTER_EIP.
IA32_SYSENTER_EIP.
•
Stack segment — Computed by adding 8 to the value from
IA32_SYSENTER_CS.
IA32_SYSENTER_CS.
•
Stack pointer — Reads 64-bit canonical address from IA32_SYSENTER_ESP.
•
New SS attributes — SS base = 0, SS limit = FFFFFFFFH.
When the SYSEXIT instruction transfers control to 64-bit mode user code using
REX.W, the following fields are generated and bits set:
REX.W, the following fields are generated and bits set:
•
Target code segment — Computed by adding 32 to the value in
IA32_SYSENTER_CS.
IA32_SYSENTER_CS.
•
New CS attributes — L-bit = 1 (go to 64-bit mode).
•
Target instruction — Reads 64-bit canonical address in RDX.
•
Stack segment — Computed by adding 40 to the value of IA32_SYSENTER_CS.
•
Stack pointer — Update RSP using 64-bit canonical address in RCX.