Intel 253668-032US ユーザーズマニュアル
5-32 Vol. 3
PROTECTION
When SYSEXIT transfers control to compatibility mode user code when the operand
size attribute is 32 bits, the following fields are generated and bits set:
size attribute is 32 bits, the following fields are generated and bits set:
•
Target code segment — Computed by adding 16 to the value in
IA32_SYSENTER_CS.
IA32_SYSENTER_CS.
•
New CS attributes — L-bit = 0 (go to compatibility mode).
•
Target instruction — Fetch the target instruction from 32-bit address in EDX.
•
Stack segment — Computed by adding 24 to the value in IA32_SYSENTER_CS.
•
Stack pointer — Update ESP from 32-bit address in ECX.
5.8.8
Fast System Calls in 64-bit Mode
The SYSCALL and SYSRET instructions are designed for operating systems that use a
flat memory model (segmentation is not used). The instructions, along with
SYSENTER and SYSEXIT, are suited for IA-32e mode operation. SYSCALL and
SYSRET, however, are not supported in compatibility mode. Use CPUID to check if
SYSCALL and SYSRET are available (CPUID.80000001H.EDX[bit 11] = 1).
SYSCALL is intended for use by user code running at privilege level 3 to access oper-
ating system or executive procedures running at privilege level 0. SYSRET is
intended for use by privilege level 0 operating system or executive procedures for
fast returns to privilege level 3 user code.
Stack pointers for SYSCALL/SYSRET are not specified through model specific regis-
ters. The clearing of bits in RFLAGS is programmable rather than fixed.
SYSCALL/SYSRET save and restore the RFLAGS register.
For SYSCALL, the processor saves the RIP of the instruction in RCX and gets the priv-
ilege level 0 target instruction and stack pointer from:
flat memory model (segmentation is not used). The instructions, along with
SYSENTER and SYSEXIT, are suited for IA-32e mode operation. SYSCALL and
SYSRET, however, are not supported in compatibility mode. Use CPUID to check if
SYSCALL and SYSRET are available (CPUID.80000001H.EDX[bit 11] = 1).
SYSCALL is intended for use by user code running at privilege level 3 to access oper-
ating system or executive procedures running at privilege level 0. SYSRET is
intended for use by privilege level 0 operating system or executive procedures for
fast returns to privilege level 3 user code.
Stack pointers for SYSCALL/SYSRET are not specified through model specific regis-
ters. The clearing of bits in RFLAGS is programmable rather than fixed.
SYSCALL/SYSRET save and restore the RFLAGS register.
For SYSCALL, the processor saves the RIP of the instruction in RCX and gets the priv-
ilege level 0 target instruction and stack pointer from:
•
Target code segment — Reads a non-NULL selector from IA32_STAR[47:32].
•
Target instruction — Reads a 64-bit canonical address from IA32_LSTAR.
•
Stack segment — Computed by adding 8 to the value in IA32_STAR[47:32].
•
System flags — The processor uses a mask derived from IA32_FMASK to
perform a logical-AND operation with the lower 32-bits of RFLAGS. The result is
saved into R11. The mask is the complement of the value supplied by privileged
executives using the IA32_FMASK MSR.
perform a logical-AND operation with the lower 32-bits of RFLAGS. The result is
saved into R11. The mask is the complement of the value supplied by privileged
executives using the IA32_FMASK MSR.
When SYSRET transfers control to 64-bit mode user code using REX.W, the processor
gets the privilege level 3 target instruction and stack pointer from:
gets the privilege level 3 target instruction and stack pointer from:
•
Target code segment — Reads a non-NULL selector from IA32_STAR[63:48] +
16.
16.
•
Target instruction — Copies the value in RCX into RIP.
•
Stack segment — IA32_STAR[63:48] + 8.
•
EFLAGS — Loaded from R11.