Intel 253668-032US User Manual

Intel® 64 and IA-32 Architectures

Software Developer’s Manual

Volume 3A:

System Programming Guide, Part 1

NOTE: The Intel® 64 and IA-32 Architectures Software Developer's Manual

consists of five volumes: Basic Architecture, Order Number 253665;

Instruction Set Reference A-M, Order Number 253666; Instruction Set
Reference N-Z, Order Number 253667; System Programming Guide,
Part 1, Order Number 253668; System Programming Guide, Part 2, Order

Number 253669. Refer to all five volumes when evaluating your design
needs.

Order Number: 253668-032US

September 2009

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE,
EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS
GRANTED BY THIS DOCUMENT. EXCEPT AS PROVID ED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR
SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR
IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR
WARRANTIES RELA TING TO FITNESS FOR A PAR TICULAR PURPOSE, MERCHANT ABILITY , OR INFRINGEMENT
OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.

UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESI GNED NOR IN­TENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITU­ATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR.

Intel may make changes to specifications and product descriptions at any time, without notice. Designers
must not rely on the absence or characteristics of any features or instructions marked "reserved" or "un
defined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts
or incompatibilities arising from future changes to them. The information here is subject to change without
notice. Do not finalize a design with this information.

The Intel® 64 architecture processors ma y conta in de sign defects o r err ors kn own as err a ta. Curr ent c har­acterized errata are available on request.

Intel® Hyper-Threading T echnology requires a computer system with an Intel® processor supporting Hyper ­Threading Technology and an Intel
Performance will vary depending on the specific hardware and software you use. F or more information, see

http://www.intel.com/technology/hyperthread/index.htm; including details on which processors support Intel HT

Technology.
Intel® Virtualization T echnol ogy requires a computer syste m with an enabled Intel® processor , BIOS, virtual

machine monitor (VMM) and for some uses, certain platform software enabled for it. Functionality, perfor
mance or other benefits will vary depending on hardware and software configurations. Intel® Virtualization
Technology-enabled BIOS an d V MM app lications are currently in development.

64-bit computing on Intel architecture requires a computer system with a processor, chipset, BIOS, oper­ating system, device drivers and appli cations enabled for Intel® 64 architecture. Processors will not operate
(including 32-bit operation) without an Intel
ing on your hardware and software configurations. Consult with your system vendor for more information.

Enabling Execute Disable Bit functionality requires a PC with a processor with Execute Disable Bit capability
and a supporting operating system. Ch eck with y our PC man ufactur er on wheth er your system del iver s Ex

®

HT Technology enabled chipset, BIOS and operating system.

®

64 architecture-enabled BIOS. Performance will v ary depend-

ecute Disable Bit functionality.
Intel, Pentium, Intel Xeon, Intel NetBurst, Intel Core, Intel Core Solo, Intel Core Duo, Intel Core 2 Duo,

Intel Core 2 Extreme, Intel Pentium D, Itanium, Intel SpeedStep, MMX, Intel Atom, and VTune are trade
marks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other coun­tries.

*Other names and brands may be claimed as the property of others.
Contact your local Intel sales office or your distributor to obtain the latest specifications and befo re plac ing

your product order.
Copies of documents which have an ordering number and are referenced in this document, or other Intel

literature, may be obtained by calling 1-800-548-4725, or by visiting Intel’s website at http://www.intel.com

-

-

-

-

Copyright © 1997-2009 Intel Corporation

ii Vol. 3A

CONTENTS

PAGE

CHAPTER 1
ABOUT THIS MANUAL

1.1 PROCESSORS COVERED IN THIS MANUAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

1.2 OVERVIEW OF THE SYSTEM PROGRAMMING GUIDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

1.3 NOTATIONAL CONVENTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6

1.3.1 Bit and Byte Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6

1.3.2 Reserved Bits and Software Compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

1.3.3 Instruction Operands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

1.3.4 Hexadecimal and Binary Numbers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

1.3.5 Segmented Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

1.3.6 Syntax for CPUID, CR, and MSR Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9

1.3.7 Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

1.4 RELATED LITERATURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11

CHAPTER 2
SYSTEM ARCHITECTURE OVERVIEW

2.1 OVERVIEW OF THE SYSTEM-LEVEL ARCHITECTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

2.1.1 Global and Local Descriptor Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

2.1.1.1 Global and Local Descriptor Tables in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

2.1.2 System Segments, Segment Descriptors, and Gates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

2.1.2.1 Gates in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

2.1.3 Task-State Segments and Task Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

2.1.3.1 Task-State Segments in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

2.1.4 Interrupt and Exception Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

2.1.4.1 Interrupt and Exception Handling IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

2.1.5 Memory Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

2.1.5.1 Memory Management in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

2.1.6 System Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

2.1.6.1 System Registers in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

2.1.7 Other System Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

2.2 MODES OF OPERATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

2.3 SYSTEM FLAGS AND FIELDS IN THE EFLAGS REGISTER. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

2.3.1 System Flags and Fields in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15

2.4 MEMORY-MANAGEMENT REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15

2.4.1 Global Descriptor Table Register (GDTR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16

2.4.2 Local Descriptor Table Register (LDTR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16

2.4.3 IDTR Interrupt Descriptor Table Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17

2.4.4 Task Register (TR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17

2.5 CONTROL REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17

2.5.1 CPUID Qualification of Control Register Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-26

2.6 EXTENDED CONTROL REGISTERS (INCLUDING THE XFEATURE_ENABLED_MASK REGISTER)

2.7 SYSTEM INSTRUCTION SUMMARY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27

2.7.1 Loading and Storing System Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29

2.7.2 Verifying of Access Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30

2.7.3 Loading and Storing Debug Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-31

2.7.4 Invalidating Caches and TLBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-31

2-26

Vol. 3A iii

CONTENTS

PAGE

2.7.5 Controlling the Processor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-31

2.7.6 Reading Performance-Monitoring and Time-Stamp Counters . . . . . . . . . . . . . . . . . . . . . 2-32

2.7.6.1 Reading Counters in 64-Bit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-33

2.7.7 Reading and Writing Model-Specific Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-33

2.7.7.1 Reading and Writing Model-Specific Registers in 64-Bit Mode. . . . . . . . . . . . . . . . . . 2-34

2.7.8 Enabling Processor Extended States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-34

CHAPTER 3
PROTECTED-MODE MEMORY MANAGEMENT

3.1 MEMORY MANAGEMENT OVERVIEW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

3.2 USING SEGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

3.2.1 Basic Flat Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

3.2.2 Protected Flat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

3.2.3 Multi-Segment Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

3.2.4 Segmentation in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

3.2.5 Paging and Segmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

3.3 PHYSICAL ADDRESS SPACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

3.3.1 Intel® 64 Processors and Physical Address Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

3.4 LOGICAL AND LINEAR ADDRESSES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

3.4.1 Logical Address Translation in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

3.4.2 Segment Selectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

3.4.3 Segment Registers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

3.4.4 Segment Loading Instructions in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

3.4.5 Segment Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

3.4.5.1 Code- and Data-Segment Descriptor Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

3.5 SYSTEM DESCRIPTOR TYPES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

3.5.1 Segment Descriptor Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

3.5.2 Segment Descriptor Tables in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

CHAPTER 4
PAGING

4.1 PAGING MODES AND CONTROL BITS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

4.1.1 Three Paging Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

4.1.2 Paging-Mode Enabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

4.1.3 Paging-Mode Modifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

4.1.4 Enumeration of Paging Features by CPUID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

4.2 HIERARCHICAL PAGING STRUCTURES: AN OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

4.3 32-BIT PAGING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

4.4 PAE PAGING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15

4.4.1 PDPTE Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16

4.4.2 Linear-Address Translation with PAE Paging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

4.5 IA-32E PAGING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23

4.6 ACCESS RIGHTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

4.7 PAGE-FAULT EXCEPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34

4.8 ACCESSED AND DIRTY FLAGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36

4.9 PAGING AND MEMORY TYPING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37

4.9.1 Paging and Memory Typing When the PAT is Not Supported (Pentium Pro and Pentium II

Processors) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37

4.9.2 Paging and Memory Typing When the PAT is Supported (Pentium III and More Recent

Processor Families) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37

iv Vol. 3A

CONTENTS

PAGE

4.9.3 Caching Paging-Related Information about Memory Typing . . . . . . . . . . . . . . . . . . . . . . .4-38

4.10 CACHING TRANSLATION INFORMATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

4.10.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Translation Lookaside Buffers (TLBs)4-39

4.10.1.1 Page Numbers, Page Frames, and Page Offsets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-39

4.10.1.2 Caching Translations in TLBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-40

4.10.1.3 Details of TLB Use. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-40

4.10.1.4 Global Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-41

4.10.2 Paging-Structure Caches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-41

4.10.2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Caches for Paging Structures4-41

4.10.2.2 Using the Paging-Structure Caches to Translate Linear Addresses . . . . . . . . . . . . .4-44

4.10.2.3 . . . . . . . . . . . . . . . . . . . .Multiple Cached Entries for a Single Paging-Structure Entry4-45

4.10.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Invalidation of TLBs and Paging-Structure Caches4-46

4.10.3.1 Operations that Invalidate TLBs and Paging-Structure Caches . . . . . . . . . . . . . . . . .4-46

4.10.3.2 Recommended Invalidation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-47

4.10.3.3 Optional Invalidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-48

4.10.4 . . . . . . . . . . . . . . . . . Propagation of Paging-Structure Changes to Multiple Processors4-49

4.11 INTERACTIONS WITH VIRTUAL-MACHINE EXTENSIONS (VMX). . . . . . . . . . . . . . . . . . . . . . . 4-51

4.11.1 VMX Transitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-51

4.11.2 VMX Support for Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-51

4.12 USING PAGING FOR VIRTUAL MEMORY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52

4.13 MAPPING SEGMENTS TO PAGES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52

CHAPTER 5
PROTECTION

5.1 ENABLING AND DISABLING SEGMENT AND PAGE PROTECTION . . . . . . . . . . . . . . . . . . . . . . . 5-1

5.2 FIELDS AND FLAGS USED FOR SEGMENT-LEVEL AND

5.2.1 Code Segment Descriptor in 64-bit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

5.3 LIMIT CHECKING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

5.3.1 Limit Checking in 64-bit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

5.4 TYPE CHECKING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

5.4.1 Null Segment Selector Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9

5.4.1.1 NULL Segment Checking in 64-bit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9

5.5 PRIVILEGE LEVELS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9

5.6 PRIVILEGE LEVEL CHECKING WHEN ACCESSING DATA SEGMENTS . . . . . . . . . . . . . . . . . . . 5-11

5.6.1 Accessing Data in Code Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-14

5.7 PRIVILEGE LEVEL CHECKING WHEN LOADING THE SS REGISTER . . . . . . . . . . . . . . . . . . . . . 5-14

5.8 PRIVILEGE LEVEL CHECKING WHEN TRANSFERRING PROGRAM CONTROL BETWEEN CODE

5.8.1 Direct Calls or Jumps to Code Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-15

5.8.1.1 Accessing Nonconforming Code Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-16

5.8.1.2 Accessing Conforming Code Segments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-17

5.8.2 Gate Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-18

5.8.3 Call Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-19

5.8.3.1 IA-32e Mode Call Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-20

5.8.4 Accessing a Code Segment Through a Call Gate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-22

5.8.5 Stack Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-25

5.8.5.1 Stack Switching in 64-bit Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-28

5.8.6 Returning from a Called Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-28

5.8.7 Performing Fast Calls to System Procedures with the

PAGE-LEVEL PROTECTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

SEGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14

SYSENTER and SYSEXIT Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-30

Vol. 3A v

CONTENTS

PAGE

5.8.7.1 SYSENTER and SYSEXIT Instructions in IA-32e Mode. . . . . . . . . . . . . . . . . . . . . . . . . . 5-31

5.8.8 Fast System Calls in 64-bit Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32

5.9 PRIVILEGED INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-33

5.10 POINTER VALIDATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34

5.10.1 Checking Access Rights (LAR Instruction). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35

5.10.2 Checking Read/Write Rights (VERR and VERW Instructions) . . . . . . . . . . . . . . . . . . . . . . 5-36

5.10.3 Checking That the Pointer Offset Is Within Limits (LSL Instruction). . . . . . . . . . . . . . . . 5-36

5.10.4 Checking Caller Access Privileges (ARPL Instruction) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37

5.10.5 Checking Alignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-39

5.11 PAGE-LEVEL PROTECTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-39

5.11.1 Page-Protection Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40

5.11.2 Restricting Addressable Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40

5.11.3 Page Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40

5.11.4 Combining Protection of Both Levels of Page Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-41

5.11.5 Overrides to Page Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-41

5.12 COMBINING PAGE AND SEGMENT PROTECTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-41

5.13 PAGE-LEVEL PROTECTION AND EXECUTE-DISABLE BIT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43

5.13.1 Detecting and Enabling the Execute-Disable Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43

5.13.2 Execute-Disable Page Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-44

5.13.3 Reserved Bit Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45

5.13.4 Exception Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-47

CHAPTER 6
INTERRUPT AND EXCEPTION HANDLING

6.1 INTERRUPT AND EXCEPTION OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

6.2 EXCEPTION AND INTERRUPT VECTORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

6.3 SOURCES OF INTERRUPTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

6.3.1 External Interrupts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

6.3.2 Maskable Hardware Interrupts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4

6.3.3 Software-Generated Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

6.4 SOURCES OF EXCEPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

6.4.1 Program-Error Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

6.4.2 Software-Generated Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6

6.4.3 Machine-Check Exceptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6

6.5 EXCEPTION CLASSIFICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6

6.6 PROGRAM OR TASK RESTART . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7

6.7 NONMASKABLE INTERRUPT (NMI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8

6.7.1 Handling Multiple NMIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

6.8 ENABLING AND DISABLING INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

6.8.1 Masking Maskable Hardware Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

6.8.2 Masking Instruction Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10

6.8.3 Masking Exceptions and Interrupts When Switching Stacks. . . . . . . . . . . . . . . . . . . . . . . 6-11

6.9 PRIORITY AMONG SIMULTANEOUS EXCEPTIONS AND INTERRUPTS . . . . . . . . . . . . . . . . . . 6-11

6.10 INTERRUPT DESCRIPTOR TABLE (IDT). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12

6.11 IDT DESCRIPTORS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14

6.12 EXCEPTION AND INTERRUPT HANDLING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15

6.12.1 Exception- or Interrupt-Handler Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16

6.12.1.1 Protection of Exception- and Interrupt-Handler Procedures . . . . . . . . . . . . . . . . . . . 6-18

6.12.1.2 Flag Usage By Exception- or Interrupt-Handler Procedure . . . . . . . . . . . . . . . . . . . . . 6-19

6.12.2 Interrupt Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20

6.13 ERROR CODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21

vi Vol. 3A

CONTENTS

PAGE

6.14 EXCEPTION AND INTERRUPT HANDLING IN 64-BIT MODE . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22

6.14.1 64-Bit Mode IDT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-23

6.14.2 64-Bit Mode Stack Frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-24

6.14.3 IRET in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-25

6.14.4 Stack Switching in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-25

6.14.5 Interrupt Stack Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-26

6.15 EXCEPTION AND INTERRUPT REFERENCE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27

Interrupt 0—Divide Error Exception (#DE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-28

Interrupt 1—Debug Exception (#DB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-29

Interrupt 2—NMI Interrupt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-30

Interrupt 3—Breakpoint Exception (#BP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-31

Interrupt 4—Overflow Exception (#OF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-32

Interrupt 5—BOUND Range Exceeded Exception (#BR) . . . . . . . . . . . . . . . . . . . . . . . . . . .6-33

Interrupt 6—Invalid Opcode Exception (#UD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-34

Interrupt 7—Device Not Available Exception (#NM). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-36

Interrupt 8—Double Fault Exception (#DF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-38

Interrupt 9—Coprocessor Segment Overrun. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-41

Interrupt 10—Invalid TSS Exception (#TS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-42

Interrupt 11—Segment Not Present (#NP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-46

Interrupt 12—Stack Fault Exception (#SS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-48

Interrupt 13—General Protection Exception (#GP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-50

Interrupt 14—Page-Fault Exception (#PF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-54

Interrupt 16—x87 FPU Floating-Point Error (#MF). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-58

Interrupt 17—Alignment Check Exception (#AC). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-60

Interrupt 18—Machine-Check Exception (#MC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-62

Interrupt 19—SIMD Floating-Point Exception (#XM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-64

Interrupts 32 to 255—User Defined Interrupts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-67

CHAPTER 7
TASK MANAGEMENT

7.1 TASK MANAGEMENT OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1

7.1.1 Task Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1

7.1.2 Task State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

7.1.3 Executing a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

7.2 TASK MANAGEMENT DATA STRUCTURES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

7.2.1 Task-State Segment (TSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

7.2.2 TSS Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7

7.2.3 TSS Descriptor in 64-bit mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8

7.2.4 Task Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9

7.2.5 Task-Gate Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-11

7.3 TASK SWITCHING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12

7.4 TASK LINKING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16

7.4.1 Use of Busy Flag To Prevent Recursive Task Switching. . . . . . . . . . . . . . . . . . . . . . . . . . .7-18

7.4.2 Modifying Task Linkages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-18

7.5 TASK ADDRESS SPACE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19

7.5.1 Mapping Tasks to the Linear and Physical Address Spaces . . . . . . . . . . . . . . . . . . . . . . . .7-19

7.5.2 Task Logical Address Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-20

7.6 16-BIT TASK-STATE SEGMENT (TSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21

7.7 TASK MANAGEMENT IN 64-BIT MODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22

Vol. 3A vii

CONTENTS

PAGE

CHAPTER 8
MULTIPLE-PROCESSOR MANAGEMENT

8.1 LOCKED ATOMIC OPERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

8.1.1 Guaranteed Atomic Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

8.1.2 Bus Locking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

8.1.2.1 Automatic Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4

8.1.2.2 Software Controlled Bus Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5

8.1.3 Handling Self- and Cross-Modifying Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6

8.1.4 Effects of a LOCK Operation on Internal Processor Caches . . . . . . . . . . . . . . . . . . . . . . . . 8-7

8.2 MEMORY ORDERING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8

8.2.1 Memory Ordering in the Intel® Pentium® and Intel486™ Processors . . . . . . . . . . . . . 8-8

8.2.2 Memory Ordering in P6 and More Recent Processor Families . . . . . . . . . . . . . . . . . . . . . . 8-9

8.2.3 Examples Illustrating the Memory-Ordering Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11

8.2.3.1 Assumptions, Terminology, and Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11

8.2.3.2 . . . . . . . . . . . . . . . . Neither Loads Nor Stores Are Reordered with Like Operations8-12

8.2.3.3 Stores Are Not Reordered With Earlier Loads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13

8.2.3.4 Loads May Be Reordered with Earlier Stores to Different Locations . . . . . . . . . . . 8-13

8.2.3.5 Intra-Processor Forwarding Is Allowed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14

8.2.3.6 Stores Are Transitively Visible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15

8.2.3.7 Stores Are Seen in a Consistent Order by Other Processors . . . . . . . . . . . . . . . . . . . 8-15

8.2.3.8 Locked Instructions Have a Total Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16

8.2.3.9 . . . . . . . . . . . . . . . . Loads and Stores Are Not Reordered with Locked Instructions8-16

8.2.4 Out-of-Order Stores For String Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18

8.2.4.1 Memory-Ordering Model for String Operations on Write-back (WB) Memory . . . . 8-18

8.2.4.2 Examples Illustrating Memory-Ordering Principles for String Operations. . . . . . . . 8-19

8.2.5 Strengthening or Weakening the Memory-Ordering Model. . . . . . . . . . . . . . . . . . . . . . . . 8-22

8.3 SERIALIZING INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24

8.4 MULTIPLE-PROCESSOR (MP) INITIALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26

8.4.1 BSP and AP Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27

8.4.2 MP Initialization Protocol Requirements and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . 8-27

8.4.3 MP Initialization Protocol Algorithm for Intel Xeon Processors . . . . . . . . . . . . . . . . . . . . 8-28

8.4.4 MP Initialization Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-29

8.4.4.1 Typical BSP Initialization Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-30

8.4.4.2 Typical AP Initialization Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32

8.4.5 Identifying Logical Processors in an MP System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33

8.5 INTEL® HYPER-THREADING TECHNOLOGY AND INTEL® MULTI-CORE TECHNOLOGY. 8-35

8.6 DETECTING HARDWARE MULTI-THREADING SUPPORT AND TOPOLOGY . . . . . . . . . . . . . . 8-35

8.6.1 Initializing Processors Supporting Hyper-Threading Technology . . . . . . . . . . . . . . . . . . 8-36

8.6.2 Initializing Multi-Core Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37

8.6.3 Executing Multiple Threads on an Intel® 64 or IA-32 Processor Supporting Hardware

8.6.4 Handling Interrupts on an IA-32 Processor Supporting Hardware Multi-Threading . 8-37

8.7 INTEL® HYPER-THREADING TECHNOLOGY ARCHITECTURE . . . . . . . . . . . . . . . . . . . . . . . . . 8-38

8.7.1 State of the Logical Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39

8.7.2 APIC Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40

8.7.3 Memory Type Range Registers (MTRR). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40

8.7.4 Page Attribute Table (PAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-41

8.7.5 Machine Check Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-41

8.7.6 Debug Registers and Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-41

8.7.7 Performance Monitoring Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-42

8.7.8 IA32_MISC_ENABLE MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-42

Multi-Threading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37

viii Vol. 3A

CONTENTS

PAGE

8.7.9 Memory Ordering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-42

8.7.10 Serializing Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-42

8.7.11 MICROCODE UPDATE Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-43

8.7.12 Self Modifying Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-43

8.7.13 Implementation-Specific Intel HT Technology Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . .8-43

8.7.13.1 Processor Caches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-43

8.7.13.2 Processor Translation Lookaside Buffers (TLBs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-44

8.7.13.3 Thermal Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-44

8.7.13.4 External Signal Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-45

8.8 MULTI-CORE ARCHITECTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-46

8.8.1 Logical Processor Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-46

8.8.2 Memory Type Range Registers (MTRR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-46

8.8.3 Performance Monitoring Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-47

8.8.4 IA32_MISC_ENABLE MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-47

8.8.5 MICROCODE UPDATE Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-47

8.9 PROGRAMMING CONSIDERATIONS FOR HARDWARE MULTI-THREADING CAPABLE

8.9.1 Hierarchical Mapping of Shared Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-48

8.9.2 Hierarchical Mapping of CPUID Extended Topology Leaf . . . . . . . . . . . . . . . . . . . . . . . . . .8-50

8.9.3 Hierarchical ID of Logical Processors in an MP System . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-51

8.9.3.1 Hierarchical ID of Logical Processors with x2APIC ID. . . . . . . . . . . . . . . . . . . . . . . . . . .8-53

8.9.4 Algorithm for Three-Level Mappings of APIC_ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-54

8.9.5 Identifying Topological Relationships in a MP System . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-60

8.10 MANAGEMENT OF IDLE AND BLOCKED CONDITIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-64

8.10.1 HLT Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-64

8.10.2 PAUSE Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-65

8.10.3 Detecting Support MONITOR/MWAIT Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-65

8.10.4 MONITOR/MWAIT Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-66

8.10.5 Monitor/Mwait Address Range Determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-67

8.10.6 Required Operating System Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-68

8.10.6.1 Use the PAUSE Instruction in Spin-Wait Loops. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-68

8.10.6.2 Potential Usage of MONITOR/MWAIT in C0 Idle Loops . . . . . . . . . . . . . . . . . . . . . . . . .8-69

8.10.6.3 Halt Idle Logical Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-71

8.10.6.4 Potential Usage of MONITOR/MWAIT in C1 Idle Loops . . . . . . . . . . . . . . . . . . . . . . . . .8-71

8.10.6.5 Guidelines for Scheduling Threads on Logical Processors Sharing Execution

8.10.6.6 Eliminate Execution-Based Timing Loops. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-72

8.10.6.7 Place Locks and Semaphores in Aligned, 128-Byte Blocks of Memory. . . . . . . . . . .8-73

PROCESSORS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-47

Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-72

CHAPTER 9
PROCESSOR MANAGEMENT AND INITIALIZATION

9.1 INITIALIZATION OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

9.1.1 Processor State After Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

9.1.2 Processor Built-In Self-Test (BIST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

9.1.3 Model and Stepping Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5

9.1.4 First Instruction Executed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6

9.2 X87 FPU INITIALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6

9.2.1 Configuring the x87 FPU Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6

9.2.2 Setting the Processor for x87 FPU Software Emulation . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7

9.3 CACHE ENABLING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8

9.4 MODEL-SPECIFIC REGISTERS (MSRS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9

Vol. 3A ix

CONTENTS

PAGE

9.5 MEMORY TYPE RANGE REGISTERS (MTRRS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9

9.6 INITIALIZING SSE/SSE2/SSE3/SSSE3 EXTENSIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10

9.7 SOFTWARE INITIALIZATION FOR REAL-ADDRESS MODE OPERATION. . . . . . . . . . . . . . . . . 9-10

9.7.1 Real-Address Mode IDT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11

9.7.2 NMI Interrupt Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11

9.8 SOFTWARE INITIALIZATION FOR PROTECTED-MODE OPERATION . . . . . . . . . . . . . . . . . . . . 9-11

9.8.1 Protected-Mode System Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12

9.8.2 Initializing Protected-Mode Exceptions and Interrupts. . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13

9.8.3 Initializing Paging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13

9.8.4 Initializing Multitasking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14

9.8.5 Initializing IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14

9.8.5.1 IA-32e Mode System Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15

9.8.5.2 IA-32e Mode Interrupts and Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15

9.8.5.3 64-bit Mode and Compatibility Mode Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-16

9.8.5.4 Switching Out of IA-32e Mode Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-16

9.9 MODE SWITCHING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-17

9.9.1 Switching to Protected Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-17

9.9.2 Switching Back to Real-Address Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-18

9.10 INITIALIZATION AND MODE SWITCHING EXAMPLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19

9.10.1 Assembler Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-22

9.10.2 STARTUP.ASM Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-23

9.10.3 MAIN.ASM Source Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-33

9.10.4 Supporting Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-34

9.11 MICROCODE UPDATE FACILITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-36

9.11.1 Microcode Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-37

9.11.2 Optional Extended Signature Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-41

9.11.3 Processor Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-41

9.11.4 Platform Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-42

9.11.5 Microcode Update Checksum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-44

9.11.6 Microcode Update Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-45

9.11.6.1 Hard Resets in Update Loading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-46

9.11.6.2 Update in a Multiprocessor System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-46

9.11.6.3 Update in a System Supporting Intel Hyper-Threading Technology . . . . . . . . . . . . 9-46

9.11.6.4 Update in a System Supporting Dual-Core Technology . . . . . . . . . . . . . . . . . . . . . . . . 9-46

9.11.6.5 Update Loader Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-47

9.11.7 Update Signature and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-47

9.11.7.1 Determining the Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-48

9.11.7.2 Authenticating the Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-48

9.11.8 Pentium 4, Intel Xeon, and P6 Family Processor

Microcode Update Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-49

9.11.8.1 Responsibilities of the BIOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-49

9.11.8.2 Responsibilities of the Calling Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-52

9.11.8.3 Microcode Update Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-55

9.11.8.4 INT 15H-based Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-55

9.11.8.5 Function 00H—Presence Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-56

9.11.8.6 Function 01H—Write Microcode Update Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-57

9.11.8.7 Function 02H—Microcode Update Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-62

9.11.8.8 Function 03H—Read Microcode Update Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-63

9.11.8.9 Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-64

x Vol. 3A

CONTENTS

PAGE

CHAPTER 10
ADVANCED PROGRAMMABLE
INTERRUPT CONTROLLER (APIC)

10.1 LOCAL AND I/O APIC OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

10.2 SYSTEM BUS VS. APIC BUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

10.3 THE INTEL® 82489DX EXTERNAL APIC, THE APIC, THE XAPIC, AND THE X2APIC. . . . 10-5

10.4 LOCAL APIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6

10.4.1 The Local APIC Block Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-6

10.4.2 Presence of the Local APIC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10

10.4.3 Enabling or Disabling the Local APIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10

10.4.4 Local APIC Status and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11

10.4.5 Relocating the Local APIC Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12

10.4.6 Local APIC ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12

10.4.7 Local APIC State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-13

10.4.7.1 Local APIC State After Power-Up or Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-14

10.4.7.2 Local APIC State After It Has Been Software Disabled. . . . . . . . . . . . . . . . . . . . . . . 10-14

10.4.7.3 Local APIC State After an INIT Reset (“Wait-for-SIPI” State). . . . . . . . . . . . . . . . . . 10-15

10.4.7.4 Local APIC State After It Receives an INIT-Deassert IPI . . . . . . . . . . . . . . . . . . . . . . 10-15

10.4.8 Local APIC Version Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15

10.5 EXTENDED XAPIC (X2APIC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16

10.5.1 DETECTING AND ENABLING x2APIC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16

10.5.1.1 Instructions to Access APIC Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17

10.5.1.2 APIC Register Address Space. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-18

10.5.1.3 Reserved Bit Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-21

10.5.2 x2APIC Register Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22

10.5.3 MSR Access in x2APIC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22

10.5.4 VM-exit Controls for MSRs and x2APIC Registers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22

10.5.5 Directed EOI with x2APIC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-23

10.5.6 x2APIC State Transitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-24

10.5.6.1 x2APIC States. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-24

x2APIC After RESET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-26

x2APIC Transitions From x2APIC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27

x2APIC Transitions From Disabled Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27

State Changes From xAPIC Mode to x2APIC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27

10.5.7 System Software Transitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27

10.5.8 CPUID Extensions And Topology Enumeration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-28

10.5.8.1 Consistency of APIC IDs and CPUID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-29

10.6 HANDLING LOCAL INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-30

10.6.1 Local Vector Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-30

10.6.2 Valid Interrupt Vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-33

10.6.3 Error Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-34

10.6.3.1 x2APIC Differences in Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-35

10.6.4 APIC Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-36

10.6.5 Local Interrupt Acceptance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-38

10.7 ISSUING INTERPROCESSOR INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-38

10.7.1 Interrupt Command Register (ICR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-38

10.7.1.1 ICR Operation in x2APIC Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-44

10.7.2 Determining IPI Destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-46

10.7.2.1 Physical Destination Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-46

10.7.2.2 Logical Destination Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-47

10.7.2.3 Logical Destination Mode in x2APIC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-49

Vol. 3A xi

CONTENTS

PAGE

10.7.2.4 Deriving Logical x2APIC ID from the Local x2APIC ID . . . . . . . . . . . . . . . . . . . . . . . . .10-50

10.7.2.5 Broadcast/Self Delivery Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-51

10.7.2.6 Lowest Priority Delivery Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-51

10.7.3 IPI Delivery and Acceptance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-52

10.7.4 SELF IPI Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-52

10.8 SYSTEM AND APIC BUS ARBITRATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-53

10.9 HANDLING INTERRUPTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-54

10.9.1 Interrupt Handling with the Pentium 4 and Intel Xeon Processors . . . . . . . . . . . . . . .10-54

10.9.2 Interrupt Handling with the P6 Family and Pentium Processors. . . . . . . . . . . . . . . . . .10-55

10.9.3 Interrupt, Task, and Processor Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-57

10.9.3.1 Task and Processor Priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-58

10.9.4 Interrupt Acceptance for Fixed Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-59

10.9.5 Signaling Interrupt Servicing Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-61

10.9.5.1 Signaling Interrupt Servicing Completion in x2APIC Mode. . . . . . . . . . . . . . . . . . . . .10-61

10.9.6 Task Priority in IA-32e Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-61

10.9.6.1 Interaction of Task Priorities between CR8 and APIC. . . . . . . . . . . . . . . . . . . . . . . . . 10-62

10.10 SPURIOUS INTERRUPT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-63

10.11 APIC BUS MESSAGE PASSING MECHANISM AND

PROTOCOL (P6 FAMILY, PENTIUM PROCESSORS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-64

10.11.1 Bus Message Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-65

10.12 MESSAGE SIGNALLED INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-65

10.12.1 Message Address Register Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-66

10.12.2 Message Data Register Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-67

CHAPTER 11
MEMORY CACHE CONTROL

11.1 INTERNAL CACHES, TLBS, AND BUFFERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

11.2 CACHING TERMINOLOGY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7

11.3 METHODS OF CACHING AVAILABLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8

11.3.1 Buffering of Write Combining Memory Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11

11.3.2 Choosing a Memory Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12

11.3.3 Code Fetches in Uncacheable Memory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-13

11.4 CACHE CONTROL PROTOCOL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13

11.5 CACHE CONTROL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14

11.5.1 Cache Control Registers and Bits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15

11.5.2 Precedence of Cache Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-20

11.5.2.1 Selecting Memory Types for Pentium Pro and Pentium II Processors. . . . . . . . . . 11-20

11.5.2.2 Selecting Memory Types for Pentium III and More Recent Processor Families. .11-22

11.5.2.3 Writing Values Across Pages with Different Memory Types . . . . . . . . . . . . . . . . . .11-23

11.5.3 Preventing Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-24

11.5.4 Disabling and Enabling the L3 Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-25

11.5.5 Cache Management Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-25

11.5.6 L1 Data Cache Context Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-26

11.5.6.1 Adaptive Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26

11.5.6.2 Shared Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26

11.6 SELF-MODIFYING CODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27

11.7 IMPLICIT CACHING (PENTIUM 4, INTEL XEON,

11.8 EXPLICIT CACHING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-28

11.9 INVALIDATING THE TRANSLATION LOOKASIDE BUFFERS (TLBS). . . . . . . . . . . . . . . . . . . 11-29

11.10 STORE BUFFER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29

AND P6 FAMILY PROCESSORS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27

xii Vol. 3A

CONTENTS

PAGE

11.11 MEMORY TYPE RANGE REGISTERS (MTRRS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30

11.11.1 MTRR Feature Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-32

11.11.2 Setting Memory Ranges with MTRRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-33

11.11.2.1 IA32_MTRR_DEF_TYPE MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-33

11.11.2.2 Fixed Range MTRRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34

11.11.2.3 Variable Range MTRRs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34

11.11.2.4 System-Management Range Register Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-37

11.11.3 Example Base and Mask Calculations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-38

11.11.3.1 Base and Mask Calculations for Greater-Than 36-bit Physical Address Support11-40

11.11.4 Range Size and Alignment Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-41

11.11.4.1 MTRR Precedences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-41

11.11.5 MTRR Initialization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-41

11.11.6 Remapping Memory Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-42

11.11.7 MTRR Maintenance Programming Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-42

11.11.7.1 MemTypeGet() Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-42

11.11.7.2 MemTypeSet() Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-44

11.11.8 MTRR Considerations in MP Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-46

11.11.9 Large Page Size Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-47

11.12 PAGE ATTRIBUTE TABLE (PAT). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-48

11.12.1 Detecting Support for the PAT Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-48

11.12.2 IA32_PAT MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-49

11.12.3 Selecting a Memory Type from the PAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-50

11.12.4 Programming the PAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-50

11.12.5 PAT Compatibility with Earlier IA-32 Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-52

CHAPTER 12
INTEL® MMX™ TECHNOLOGY SYSTEM PROGRAMMING

12.1 EMULATION OF THE MMX INSTRUCTION SET. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

12.2 THE MMX STATE AND MMX REGISTER ALIASING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

12.2.1 Effect of MMX, x87 FPU, FXSAVE, and FXRSTOR

12.3 SAVING AND RESTORING THE MMX STATE AND REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . 12-4

12.4 SAVING MMX STATE ON TASK OR CONTEXT SWITCHES . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5

12.5 EXCEPTIONS THAT CAN OCCUR WHEN EXECUTING MMX INSTRUCTIONS . . . . . . . . . . . . 12-5

12.5.1 Effect of MMX Instructions on Pending x87 Floating-Point Exceptions. . . . . . . . . . . . .12-6

12.6 DEBUGGING MMX CODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6

Instructions on the x87 FPU Tag Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-3

CHAPTER 13
SYSTEM PROGRAMMING FOR INSTRUCTION SET EXTENSIONS AND
PROCESSOR EXTENDED STATES

13.1 PROVIDING OPERATING SYSTEM SUPPORT FOR

SSE/SSE2/SSE3/SSSE3/SSE4 EXTENSIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1

13.1.1 Adding Support to an Operating System for SSE/SSE2/SSE3/SSSE3/SSE4 Extensions . .

13.1.2 Checking for SSE/SSE2/SSE3/SSSE3/SSE4 Extension Support. . . . . . . . . . . . . . . . . . . . .13-2

13.1.3 Checking for Support for the FXSAVE and FXRSTOR Instructions . . . . . . . . . . . . . . . . .13-3

13.1.4 Initialization of the SSE/SSE2/SSE3/SSSE3/SSE4 Extensions. . . . . . . . . . . . . . . . . . . . . .13-3

13.1.5 Providing Non-Numeric Exception Handlers for Exceptions Generated by the

13.1.6 Providing an Handler for the SIMD Floating-Point Exception (#XM) . . . . . . . . . . . . . . . .13-7

13-2

SSE/SSE2/SSE3/SSSE3/SSE4 Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-5

Vol. 3A xiii

CONTENTS

PAGE

13.1.6.1 Numeric Error flag and IGNNE# . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8

13.2 EMULATION OF SSE/SSE2/SSE3/SSSE3/SSE4 EXTENSIONS. . . . . . . . . . . . . . . . . . . . . . . . . . 13-8

13.3 SAVING AND RESTORING THE SSE/SSE2/SSE3/SSSE3/SSE4 STATE. . . . . . . . . . . . . . . . . . 13-8

13.4 SAVING THE SSE/SSE2/SSE3/SSSE3/SSE4 STATE ON TASK OR CONTEXT SWITCHES . 13-9

13.5 DESIGNING OS FACILITIES FOR AUTOMATICALLY SAVING X87 FPU, MMX, AND

13.5.1 Using the TS Flag to Control the Saving of the

13.6 XSAVE/XRSTOR AND PROCESSOR EXTENDED STATE MANAGEMENT . . . . . . . . . . . . . . 13-12

13.6.1 XSAVE Header. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-13

13.7 INTEROPERABILITY OF XSAVE/XRSTOR AND FXSAVE/FXRSTOR . . . . . . . . . . . . . . . . . . 13-15

13.8 DETECTION, ENUMERATION, ENABLING PROCESSOR EXTENDED STATE SUPPORT. . 13-17

13.8.1 Application Programming Model and Processor Extended States. . . . . . . . . . . . . . . . .13-18

CHAPTER 14
POWER AND THERMAL MANAGEMENT

14.1 ENHANCED INTEL SPEEDSTEP® TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1

14.1.1 Software Interface For Initiating Performance State Transitions . . . . . . . . . . . . . . . . . 14-1

14.2 P-STATE HARDWARE COORDINATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2

14.3 SYSTEM SOFTWARE CONSIDERATIONS AND OPPORTUNISTIC PROCESSOR PERFORMANCE

14.3.1 Intel Dynamic Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4

14.3.2 System Software Interfaces for Opportunistic Processor Performance Operation . 14-4

14.3.2.1 Discover Hardware Support and Enabling of Opportunistic Processor Operation 14-5

14.3.2.2 OS Control of Opportunistic Processor Performance Operation . . . . . . . . . . . . . . . . 14-5

14.3.2.3 Required Changes to OS Power Management P-state Policy. . . . . . . . . . . . . . . . . . . 14-6

14.3.2.4 Application Awareness of Opportunistic Processor Operation (Optional). . . . . . . . 14-7

14.3.3 Intel Turbo Boost Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8

14.3.4 Performance and Energy Bias Hint support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8

14.4 MWAIT EXTENSIONS FOR ADVANCED POWER MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . 14-9

14.5 THERMAL MONITORING AND PROTECTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-10

14.5.1 Catastrophic Shutdown Detector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12

14.5.2 Thermal Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-12

14.5.2.1 Thermal Monitor 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-12

14.5.2.2 Thermal Monitor 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-12

14.5.2.3 Two Methods for Enabling TM2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-13

14.5.2.4 Performance State Transitions and Thermal Monitoring . . . . . . . . . . . . . . . . . . . . . . 14-14

14.5.2.5 Thermal Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-14

14.5.2.6 Adaptive Thermal Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16

14.5.3 Software Controlled Clock Modulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16

14.5.4 Detection of Thermal Monitor and Software Controlled

14.5.5 On Die Digital Thermal Sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-18

14.5.5.1 Digital Thermal Sensor Enumeration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-18

14.5.5.2 Reading the Digital Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19

SSE/SSE2/SSE3/SSSE3/SSE4 STATE ON TASK OR CONTEXT SWITCHES. . . . . . . . . . . . . . 13-9

x87 FPU, MMX, SSE, SSE2, SSE3 SSSE3 and SSE4 State . . . . . . . . . . . . . . . . . . . . . . . . . 13-10

OPERATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4

Clock Modulation Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-18

CHAPTER 15
MACHINE-CHECK ARCHITECTURE

15.1 MACHINE-CHECK ARCHITECTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1

15.2 COMPATIBILITY WITH PENTIUM PROCESSOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2

xiv Vol. 3A

CONTENTS

PAGE

15.3 MACHINE-CHECK MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2

15.3.1 Machine-Check Global Control MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-3

15.3.1.1 IA32_MCG_CAP MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-3

15.3.1.2 IA32_MCG_STATUS MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-5

15.3.1.3 IA32_MCG_CTL MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-6

15.3.2 Error-Reporting Register Banks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-6

15.3.2.1 IA32_MCi_CTL MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-6

15.3.2.2 IA32_MCi_STATUS MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-7

15.3.2.3 IA32_MCi_ADDR MSRs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11

15.3.2.4 IA32_MCi_MISC MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12

15.3.2.5 IA32_MCi_CTL2 MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13

15.3.2.6 IA32_MCG Extended Machine Check State MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15

15.3.3 Mapping of the Pentium Processor Machine-Check Errors

15.4 ENHANCED CACHE ERROR REPORTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-18

15.5 CORRECTED MACHINE CHECK ERROR INTERRUPT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-18

15.5.1 CMCI Local APIC Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19

15.5.2 System Software Recommendation for Managing CMCI and Machine Check Resources .

15.5.2.1 CMCI Initialization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-21

15.5.2.2 CMCI Threshold Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-22

15.5.2.3 CMCI Interrupt Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-23

15.6 RECOVERY OF UNCORRECTED RECOVERABLE (UCR) ERRORS . . . . . . . . . . . . . . . . . . . . . . 15-23

15.6.1 Detection of Software Error Recovery Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-24

15.6.2 UCR Error Reporting and Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-24

15.6.3 UCR Error Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-25

15.6.4 UCR Error Overwrite Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-27

15.7 MACHINE-CHECK AVAILABILITY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-28

15.8 MACHINE-CHECK INITIALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-28

15.9 INTERPRETING THE MCA ERROR CODES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-29

15.9.1 Simple Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-30

15.9.2 Compound Error Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-31

15.9.2.1 Correction Report Filtering (F) Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-31

15.9.2.2 Transaction Type (TT) Sub-Field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-32

15.9.2.3 Level (LL) Sub-Field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-32

15.9.2.4 Request (RRRR) Sub-Field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-32

15.9.2.5 Bus and Interconnect Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-33

15.9.2.6 Memory Controller Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-34

15.9.3 Architecturally Defined UCR Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-34

15.9.3.1 Architecturally Defined SRAO Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-34

15.9.3.2 Architecturally Defined SRAR Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-36

15.9.4 Multiple MCA Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-38

15.9.5 Machine-Check Error Codes Interpretation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-39

15.10 GUIDELINES FOR WRITING MACHINE-CHECK SOFTWARE . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-39

15.10.1 Machine-Check Exception Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-40

15.10.2 Pentium Processor Machine-Check Exception Handling . . . . . . . . . . . . . . . . . . . . . . . . . 15-41

15.10.3 Logging Correctable Machine-Check Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-42

15.10.4 Machine-Check Software Handler Guidelines for Error Recovery . . . . . . . . . . . . . . . . 15-44

15.10.4.1 Machine-Check Exception Handler for Error Recovery . . . . . . . . . . . . . . . . . . . . . . . 15-44

15.10.4.2 Corrected Machine-Check Handler for Error Recovery . . . . . . . . . . . . . . . . . . . . . . . 15-50

to the Machine-Check Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-17

15-21

Vol. 3A xv

CONTENTS

PAGE

CHAPTER 16
DEBUGGING, PROFILING BRANCHES AND TIME-STAMP COUNTER

16.1 OVERVIEW OF DEBUG SUPPORT FACILITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1

16.2 DEBUG REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2

16.2.1 Debug Address Registers (DR0-DR3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4

16.2.2 Debug Registers DR4 and DR5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4

16.2.3 Debug Status Register (DR6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4

16.2.4 Debug Control Register (DR7). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5

16.2.5 Breakpoint Field Recognition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-6

16.2.6 Debug Registers and Intel® 64 Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-8

16.3 DEBUG EXCEPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9

16.3.1 Debug Exception (#DB)—Interrupt Vector 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9

16.3.1.1 Instruction-Breakpoint Exception Condition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-10

16.3.1.2 Data Memory and I/O Breakpoint Exception Conditions. . . . . . . . . . . . . . . . . . . . . . .16-12

16.3.1.3 General-Detect Exception Condition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-12

16.3.1.4 Single-Step Exception Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-12

16.3.1.5 Task-Switch Exception Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-13

16.3.2 Breakpoint Exception (#BP)—Interrupt Vector 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-13

16.4 LAST BRANCH, INTERRUPT, AND EXCEPTION RECORDING OVERVIEW. . . . . . . . . . . . . . 16-14

16.4.1 IA32_DEBUGCTL MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-14

16.4.2 Monitoring Branches, Exceptions, and Interrupts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-16

16.4.3 Single-Stepping on Branches, Exceptions, and Interrupts . . . . . . . . . . . . . . . . . . . . . . . .16-16

16.4.4 Branch Trace Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-17

16.4.5 Branch Trace Store (BTS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-17

16.4.6 CPL-Qualified Branch Trace Mechanism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-18

16.4.7 Freezing LBR and Performance Counters on PMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-18

16.4.8 LBR Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-19

16.4.8.1 LBR Stack and Intel® 64 Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-20

16.4.8.2 LBR Stack and IA-32 Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-20

16.4.8.3 Last Exception Records and Intel 64 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . .16-21

16.4.9 BTS and DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-21

16.4.9.1 DS Save Area and IA-32e Mode Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-25

16.4.9.2 Setting Up the DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-28

16.4.9.3 Setting Up the BTS Buffer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-29

16.4.9.4 Setting Up CPL-Qualified BTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-30

16.4.9.5 Writing the DS Interrupt Service Routine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-31

16.5 LAST BRANCH, INTERRUPT, AND EXCEPTION RECORDING (INTEL® CORE™2 DUO AND

16.5.1 LBR Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-33

16.6 LAST BRANCH, INTERRUPT, AND EXCEPTION RECORDING (INTEL® CORE™I7 PROCESSOR

16.6.1 LBR Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-34

16.6.2 Filtering of Last Branch Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-35

16.7 LAST BRANCH, INTERRUPT, AND EXCEPTION RECORDING (PROCESSORS BASED ON INTEL

16.7.1 MSR_DEBUGCTLA MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-37

16.7.2 LBR Stack for Processors Based on Intel NetBurst Microarchitecture . . . . . . . . . . . .16-38

16.7.3 Last Exception Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-40

16.8 LAST BRANCH, INTERRUPT, AND EXCEPTION RECORDING (INTEL® CORE™ SOLO AND

®

INTEL

FAMILY) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-33

NETBURST

INTEL

ATOM™ PROCESSOR FAMILY) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-32

®

MICROARCHITECTURE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-36

®

CORE

™

DUO PROCESSORS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-41

xvi Vol. 3A

CONTENTS

PAGE

16.9 LAST BRANCH, INTERRUPT, AND EXCEPTION

16.10 LAST BRANCH, INTERRUPT, AND EXCEPTION

16.10.1 DEBUGCTLMSR Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-45

16.10.2 Last Branch and Last Exception MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-46

16.10.3 Monitoring Branches, Exceptions, and Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-47

16.11 TIME-STAMP COUNTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-48

16.11.1 Invariant TSC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-49

16.11.2 IA32_TSC_AUX Register and RDTSCP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-50

CHAPTER 17
8086 EMULATION

17.1 REAL-ADDRESS MODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1

17.1.1 Address Translation in Real-Address Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-3

17.1.2 Registers Supported in Real-Address Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-4

17.1.3 Instructions Supported in Real-Address Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-4

17.1.4 Interrupt and Exception Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-6

17.2 VIRTUAL-8086 MODE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8

17.2.1 Enabling Virtual-8086 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-9

17.2.2 Structure of a Virtual-8086 Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-9

17.2.3 Paging of Virtual-8086 Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-10

17.2.4 Protection within a Virtual-8086 Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-11

17.2.5 Entering Virtual-8086 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-11

17.2.6 Leaving Virtual-8086 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-14

17.2.7 Sensitive Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15

17.2.8 Virtual-8086 Mode I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15

17.2.8.1 I/O-Port-Mapped I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15

17.2.8.2 Memory-Mapped I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16

17.2.8.3 Special I/O Buffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16

17.3 INTERRUPT AND EXCEPTION HANDLING

17.3.1 Class 1—Hardware Interrupt and Exception Handling in Virtual-8086 Mode. . . . . . 17-18

17.3.1.1 Handling an Interrupt or Exception Through a Protected-Mode Trap or Interrupt Gate

17.3.1.2 Handling an Interrupt or Exception With an 8086 Program Interrupt or Exception

17.3.1.3 Handling an Interrupt or Exception Through a Task Gate . . . . . . . . . . . . . . . . . . . . 17-21

17.3.2 Class 2—Maskable Hardware Interrupt Handling in Virtual-8086 Mode Using the Virtual

17.3.3 Class 3—Software Interrupt Handling in Virtual-8086 Mode . . . . . . . . . . . . . . . . . . . . 17-24

17.3.3.1 Method 1: Software Interrupt Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-27

17.3.3.2 Methods 2 and 3: Software Interrupt Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-28

17.3.3.3 Method 4: Software Interrupt Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-28

17.3.3.4 Method 5: Software Interrupt Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-28

17.3.3.5 Method 6: Software Interrupt Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-29

17.4 PROTECTED-MODE VIRTUAL INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-30

RECORDING (PENTIUM M PROCESSORS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-43

RECORDING (P6 FAMILY PROCESSORS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-45

IN VIRTUAL-8086 MODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16

17-18

Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-20

Interrupt Mechanism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-22

Vol. 3A xvii

CONTENTS

PAGE

CHAPTER 18
MIXING 16-BIT AND 32-BIT CODE

18.1 DEFINING 16-BIT AND 32-BIT PROGRAM MODULES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2

18.2 MIXING 16-BIT AND 32-BIT OPERATIONS WITHIN A CODE SEGMENT . . . . . . . . . . . . . . . . . 18-2

18.3 SHARING DATA AMONG MIXED-SIZE CODE SEGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4

18.4 TRANSFERRING CONTROL AMONG MIXED-SIZE CODE SEGMENTS . . . . . . . . . . . . . . . . . . . . 18-4

18.4.1 Code-Segment Pointer Size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-5

18.4.2 Stack Management for Control Transfer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-5

18.4.2.1 Controlling the Operand-Size Attribute For a Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-7

18.4.2.2 Passing Parameters With a Gate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-8

18.4.3 Interrupt Control Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-8

18.4.4 Parameter Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-8

18.4.5 Writing Interface Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-9

CHAPTER 19
ARCHITECTURE COMPATIBILITY

19.1 PROCESSOR FAMILIES AND CATEGORIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1

19.2 RESERVED BITS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2

19.3 ENABLING NEW FUNCTIONS AND MODES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2

19.4 DETECTING THE PRESENCE OF NEW FEATURES THROUGH SOFTWARE . . . . . . . . . . . . . . 19-3

19.5 INTEL MMX TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-3

19.6 STREAMING SIMD EXTENSIONS (SSE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-3

19.7 STREAMING SIMD EXTENSIONS 2 (SSE2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-4

19.8 STREAMING SIMD EXTENSIONS 3 (SSE3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-4

19.9 ADDITIONAL STREAMING SIMD EXTENSIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-4

19.10 INTEL HYPER-THREADING TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-5

19.11 MULTI-CORE TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-5

19.12 SPECIFIC FEATURES OF DUAL-CORE PROCESSOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-5

19.13 NEW INSTRUCTIONS IN THE PENTIUM AND LATER IA-32 PROCESSORS . . . . . . . . . . . . . . 19-5

19.13.1 Instructions Added Prior to the Pentium Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-6

19.14 OBSOLETE INSTRUCTIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-7

19.15 UNDEFINED OPCODES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-7

19.16 NEW FLAGS IN THE EFLAGS REGISTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-7

19.16.1 Using EFLAGS Flags to Distinguish Between 32-Bit IA-32 Processors . . . . . . . . . . . . . 19-8

19.17 STACK OPERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-8

19.17.1 PUSH SP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-8

19.17.2 EFLAGS Pushed on the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-9

19.18 X87 FPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-9

19.18.1 Control Register CR0 Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-9

19.18.2 x87 FPU Status Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-10

19.18.2.1 Condition Code Flags (C0 through C3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-10

19.18.2.2 Stack Fault Flag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-11

19.18.3 x87 FPU Control Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-11

19.18.4 x87 FPU Tag Word. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-11

19.18.5 Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-12

19.18.5.1 NaNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-12

19.18.5.2 Pseudo-zero, Pseudo-NaN, Pseudo-infinity, and Unnormal Formats . . . . . . . . . . .19-12

19.18.6 Floating-Point Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13

19.18.6.1 Denormal Operand Exception (#D) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13

19.18.6.2 Numeric Overflow Exception (#O). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13

xviii Vol. 3A

CONTENTS

PAGE

19.18.6.3 Numeric Underflow Exception (#U) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-14

19.18.6.4 Exception Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-14

19.18.6.5 CS and EIP For FPU Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-14

19.18.6.6 FPU Error Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-14

19.18.6.7 Assertion of the FERR# Pin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-15

19.18.6.8 Invalid Operation Exception On Denormals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-15

19.18.6.9 Alignment Check Exceptions (#AC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-16

19.18.6.10 Segment Not Present Exception During FLDENV . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-16

19.18.6.11 Device Not Available Exception (#NM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-16

19.18.6.12 Coprocessor Segment Overrun Exception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-16

19.18.6.13 General Protection Exception (#GP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-16

19.18.6.14 Floating-Point Error Exception (#MF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-16

19.18.7 Changes to Floating-Point Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-17

19.18.7.1 FDIV, FPREM, and FSQRT Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-17

19.18.7.2 FSCALE Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-17

19.18.7.3 FPREM1 Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-17

19.18.7.4 FPREM Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-17

19.18.7.5 FUCOM, FUCOMP, and FUCOMPP Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-17

19.18.7.6 FPTAN Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18

19.18.7.7 Stack Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18

19.18.7.8 FSIN, FCOS, and FSINCOS Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18

19.18.7.9 FPATAN Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18

19.18.7.10 F2XM1 Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18

19.18.7.11 FLD Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18

19.18.7.12 FXTRACT Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-19

19.18.7.13 Load Constant Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-19

19.18.7.14 FSETPM Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-19

19.18.7.15 FXAM Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-20

19.18.7.16 FSAVE and FSTENV Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-20

19.18.8 Transcendental Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-20

19.18.9 Obsolete Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-20

19.18.10 WAIT/FWAIT Prefix Differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-21

19.18.11 Operands Split Across Segments and/or Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-21

19.18.12 FPU Instruction Synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-21

19.19 SERIALIZING INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-21

19.20 FPU AND MATH COPROCESSOR INITIALIZATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-22

19.20.1 Intel® 387 and Intel® 287 Math Coprocessor Initialization. . . . . . . . . . . . . . . . . . . . . 19-22

19.20.2 Intel486 SX Processor and Intel 487 SX Math Coprocessor Initialization . . . . . . . . . 19-22

19.21 CONTROL REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-24

19.22 MEMORY MANAGEMENT FACILITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-25

19.22.1 New Memory Management Control Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-25

19.22.1.1 Physical Memory Addressing Extension. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-25

19.22.1.2 Global Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-26

19.22.1.3 Larger Page Sizes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-26

19.22.2 CD and NW Cache Control Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-26

19.22.3 Descriptor Types and Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-26

19.22.4 Changes in Segment Descriptor Loads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-27

19.23 DEBUG FACILITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-27

19.23.1 Differences in Debug Register DR6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-27

19.23.2 Differences in Debug Register DR7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-27

19.23.3 Debug Registers DR4 and DR5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-27

19.24 RECOGNITION OF BREAKPOINTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-28

Vol. 3A xix

CONTENTS

PAGE

19.25 EXCEPTIONS AND/OR EXCEPTION CONDITIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-28

19.25.1 Machine-Check Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-30

19.25.2 Priority OF Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-30

19.26 INTERRUPTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-30

19.26.1 Interrupt Propagation Delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-30

19.26.2 NMI Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-30

19.26.3 IDT Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-31

19.27 ADVANCED PROGRAMMABLE INTERRUPT CONTROLLER (APIC) . . . . . . . . . . . . . . . . . . . . 19-31

19.27.1 Software Visible Differences Between the Local APIC and the 82489DX. . . . . . . . .19-31

19.27.2 New Features Incorporated in the Local APIC for the P6 Family and Pentium Processors

19.27.3 New Features Incorporated in the Local APIC of the Pentium 4 and Intel Xeon Processors

19.28 TASK SWITCHING AND TSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-32

19.28.1 P6 Family and Pentium Processor TSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-33

19.28.2 TSS Selector Writes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-33

19.28.3 Order of Reads/Writes to the TSS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-33

19.28.4 Using A 16-Bit TSS with 32-Bit Constructs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-33

19.28.5 Differences in I/O Map Base Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-33

19.29 CACHE MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-34

19.29.1 Self-Modifying Code with Cache Enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-35

19.29.2 Disabling the L3 Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-36

19.30 PAGING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-36

19.30.1 Large Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-36

19.30.2 PCD and PWT Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-36

19.30.3 Enabling and Disabling Paging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-37

19.31 STACK OPERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-37

19.31.1 Selector Pushes and Pops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-37

19.31.2 Error Code Pushes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-38

19.31.3 Fault Handling Effects on the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-38

19.31.4 Interlevel RET/IRET From a 16-Bit Interrupt or Call Gate . . . . . . . . . . . . . . . . . . . . . . . . 19-38

19.32 MIXING 16- AND 32-BIT SEGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-39

19.33 SEGMENT AND ADDRESS WRAPAROUND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-39

19.33.1 Segment Wraparound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-40

19.34 STORE BUFFERS AND MEMORY ORDERING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-40

19.35 BUS LOCKING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-42

19.36 BUS HOLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-42

19.37 MODEL-SPECIFIC EXTENSIONS TO THE IA-32. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-42

19.37.1 Model-Specific Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-43

19.37.2 RDMSR and WRMSR Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-43

19.37.3 Memory Type Range Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-43

19.37.4 Machine-Check Exception and Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-44

19.37.5 Performance-Monitoring Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-44

19.38 TWO WAYS TO RUN INTEL 286 PROCESSOR TASKS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-45

19-32

19-32

CHAPTER 20
INTRODUCTION TO VIRTUAL-MACHINE EXTENSIONS

20.1 OVERVIEW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1

20.2 VIRTUAL MACHINE ARCHITECTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1

20.3 INTRODUCTION TO VMX OPERATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1

20.4 LIFE CYCLE OF VMM SOFTWARE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-2

xx Vol. 3A

CONTENTS

PAGE

20.5 VIRTUAL-MACHINE CONTROL STRUCTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-3

20.6 DISCOVERING SUPPORT FOR VMX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-3

20.7 ENABLING AND ENTERING VMX OPERATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-4

20.8 RESTRICTIONS ON VMX OPERATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-5

CHAPTER 21
VIRTUAL-MACHINE CONTROL STRUCTURES

21.1 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-1

21.2 FORMAT OF THE VMCS REGION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-2

21.3 ORGANIZATION OF VMCS DATA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-3

21.4 GUEST-STATE AREA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-3

21.4.1 Guest Register State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-3

21.4.2 Guest Non-Register State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-6

21.5 HOST-STATE AREA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-9

21.6 VM-EXECUTION CONTROL FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-10

21.6.1 Pin-Based VM-Execution Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-10

21.6.2 Processor-Based VM-Execution Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-11

21.6.3 Exception Bitmap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-15

21.6.4 I/O-Bitmap Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-15

21.6.5 Time-Stamp Counter Offset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-16

21.6.6 Guest/Host Masks and Read Shadows for CR0 and CR4. . . . . . . . . . . . . . . . . . . . . . . . . 21-16

21.6.7 CR3-Target Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-16

21.6.8 Controls for APIC Accesses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-17

21.6.9 MSR-Bitmap Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-18

21.6.10 Executive-VMCS Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-19

21.6.11 Extended-Page-Table Pointer (EPTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-19

21.6.12 Virtual-Processor Identifier (VPID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-19

21.6.13 Controls for PAUSE-Loop Exiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-20

21.7 VM-EXIT CONTROL FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-20

21.7.1 VM-Exit Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-20

21.7.2 VM-Exit Controls for MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-22

21.8 VM-ENTRY CONTROL FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-23

21.8.1 VM-Entry Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-23

21.8.2 VM-Entry Controls for MSRs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-24

21.8.3 VM-Entry Controls for Event Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-24

21.9 VM-EXIT INFORMATION FIELDS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-26

21.9.1 Basic VM-Exit Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-26

21.9.2 Information for VM Exits Due to Vectored Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-27

21.9.3 Information for VM Exits That Occur During Event Delivery . . . . . . . . . . . . . . . . . . . . . 21-28

21.9.4 Information for VM Exits Due to Instruction Execution. . . . . . . . . . . . . . . . . . . . . . . . . . 21-29

21.9.5 VM-Instruction Error Field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-29

21.10 SOFTWARE ACCESS TO THE VMCS AND RELATED STRUCTURES . . . . . . . . . . . . . . . . . . 21-30

21.10.1 Software Access to the Virtual-Machine Control Structure . . . . . . . . . . . . . . . . . . . . . . 21-30

21.10.2 VMREAD, VMWRITE, and Encodings of VMCS Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-31

21.10.3 Software Access to Related Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-33

21.10.4 VMXON Region . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-33

21.11 USING VMCLEAR TO INITIALIZE A VMCS REGION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-34

Vol. 3A xxi

CONTENTS

PAGE

CHAPTER 22
VMX NON-ROOT OPERATION

22.1 INSTRUCTIONS THAT CAUSE VM EXITS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-1

22.1.1 Relative Priority of Faults and VM Exits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-1

22.1.2 Instructions That Cause VM Exits Unconditionally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-2

22.1.3 Instructions That Cause VM Exits Conditionally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-3

22.2 APIC-ACCESS VM EXITS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-7

22.2.1 Linear Accesses to the APIC-Access Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-7

22.2.1.1 Linear Accesses That Cause APIC-Access VM Exits. . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-7

22.2.1.2 Priority of APIC-Access VM Exits Caused by Linear Accesses . . . . . . . . . . . . . . . . . . 22-9

22.2.1.3 Instructions That May Cause Page Faults or EPT Violations Without Accessing

22.2.2 Guest-Physical Accesses to the APIC-Access Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-10

22.2.2.1 Guest-Physical Accesses That Might Not Cause APIC-Access VM Exits . . . . . . . .22-11

22.2.2.2 Priority of APIC-Access VM Exits Caused by Guest-Physical Accesses . . . . . . . . .22-12

22.2.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Accesses to the APIC-Access Page22-12

22.2.4 VTPR Accesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-13

22.3 OTHER CAUSES OF VM EXITS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-14

22.4 CHANGES TO INSTRUCTION BEHAVIOR IN VMX NON-ROOT OPERATION . . . . . . . . . . . 22-16

22.5 APIC ACCESSES THAT DO NOT CAUSE VM EXITS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-21

22.5.1 Linear Accesses to the APIC-Access Page Using Large-Page Translations . . . . . . . . 22-22

22.5.2 Physical Accesses to the APIC-Access Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-22

22.5.3 VTPR Accesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-22

22.5.3.1 Treatment of Individual VTPR Accesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-23

22.5.3.2 Operations with Multiple Accesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-23

22.5.3.3 TPR-Shadow Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-25

22.6 OTHER CHANGES IN VMX NON-ROOT OPERATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-25

22.6.1 Event Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-25

22.6.2 Treatment of Task Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-26

22.7 FEATURES SPECIFIC TO VMX NON-ROOT OPERATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-27

22.7.1 VMX-Preemption Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-27

22.7.2 Monitor Trap Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-28

22.7.3 Translation of Guest-Physical Addresses Using EPT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-29

22.8 UNRESTRICTED GUESTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-29

Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-10

CHAPTER 23
VM ENTRIES

23.1 BASIC VM-ENTRY CHECKS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-2

23.2 CHECKS ON VMX CONTROLS AND HOST-STATE AREA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-3

23.2.1 Checks on VMX Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-3

23.2.1.1 VM-Execution Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-3

23.2.1.2 VM-Exit Control Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-6

23.2.1.3 VM-Entry Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-7

23.2.2 Checks on Host Control Registers and MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-8

23.2.3 Checks on Host Segment and Descriptor-Table Registers. . . . . . . . . . . . . . . . . . . . . . . . . 23-9

23.2.4 Checks Related to Address-Space Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9

23.3 CHECKING AND LOADING GUEST STATE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-10

23.3.1 Checks on the Guest State Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-10

23.3.1.1 Checks on Guest Control Registers, Debug Registers, and MSRs . . . . . . . . . . . . . .23-10

23.3.1.2 Checks on Guest Segment Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-12

xxii Vol. 3A

CONTENTS

PAGE

23.3.1.3 Checks on Guest Descriptor-Table Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-15

23.3.1.4 Checks on Guest RIP and RFLAGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-15

23.3.1.5 Checks on Guest Non-Register State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-16

23.3.1.6 Checks on Guest Page-Directory-Pointer-Table Entries . . . . . . . . . . . . . . . . . . . . . . 23-18

23.3.2 Loading Guest State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-19

23.3.2.1 Loading Guest Control Registers, Debug Registers, and MSRs . . . . . . . . . . . . . . . . 23-19

23.3.2.2 Loading Guest Segment Registers and Descriptor-Table Registers . . . . . . . . . . . 23-21

23.3.2.3 Loading Guest RIP, RSP, and RFLAGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-22

23.3.2.4 Loading Page-Directory-Pointer-Table Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-22

23.3.2.5 Updating Non-Register State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-23

23.3.3 Clearing Address-Range Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-23

23.4 LOADING MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-23

23.5 EVENT INJECTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-24

23.5.1 Vectored-Event Injection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-24

23.5.1.1 Details of Vectored-Event Injection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-25

23.5.1.2 VM Exits During Event Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-27

23.5.1.3 Event Injection for VM Entries to Real-Address Mode. . . . . . . . . . . . . . . . . . . . . . . . 23-28

23.5.2 Injection of Pending MTF VM Exits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-28

23.6 SPECIAL FEATURES OF VM ENTRY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-28

23.6.1 Interruptibility State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-29

23.6.2 Activity State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-30

23.6.3 Delivery of Pending Debug Exceptions after VM Entry. . . . . . . . . . . . . . . . . . . . . . . . . . 23-31

23.6.4 VMX-Preemption Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-32

23.6.5 Interrupt-Window Exiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-32

23.6.6 NMI-Window Exiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-32

23.6.7 VM Exits Induced by the TPR Shadow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-33

23.6.8 Pending MTF VM Exits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-34

23.6.9 VM Entries and Advanced Debugging Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-34

23.7 VM-ENTRY FAILURES DURING OR AFTER LOADING GUEST STATE. . . . . . . . . . . . . . . . . . 23-34

23.8 MACHINE CHECKS DURING VM ENTRY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-35

CHAPTER 24
VM EXITS

24.1 ARCHITECTURAL STATE BEFORE A VM EXIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-1

24.2 RECORDING VM-EXIT INFORMATION AND UPDATING VM-ENTRY CONTROL FIELDS. . . 24-5

24.2.1 Basic VM-Exit Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-5

24.2.2 Information for VM Exits Due to Vectored Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-14

24.2.3 Information for VM Exits During Event Delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-15

24.2.4 Information for VM Exits Due to Instruction Execution. . . . . . . . . . . . . . . . . . . . . . . . . . 24-17

24.3 SAVING GUEST STATE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-26

24.3.1 Saving Control Registers, Debug Registers, and MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . 24-27

24.3.2 Saving Segment Registers and Descriptor-Table Registers. . . . . . . . . . . . . . . . . . . . . . 24-27

24.3.3 Saving RIP, RSP, and RFLAGS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-28

24.3.4 Saving Non-Register State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-30

24.4 SAVING MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-32

24.5 LOADING HOST STATE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-33

24.5.1 Loading Host Control Registers, Debug Registers, MSRs . . . . . . . . . . . . . . . . . . . . . . . . 24-33

24.5.2 Loading Host Segment and Descriptor-Table Registers . . . . . . . . . . . . . . . . . . . . . . . . . 24-34

24.5.3 Loading Host RIP, RSP, and RFLAGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-36

24.5.4 Checking and Loading Host Page-Directory-Pointer-Table Entries . . . . . . . . . . . . . . . 24-36

24.5.5 Updating Non-Register State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-37

Vol. 3A xxiii

CONTENTS

PAGE

24.5.6 Clearing Address-Range Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-37

24.6 LOADING MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-38

24.7 VMX ABORTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-38

24.8 MACHINE CHECK DURING VM EXIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-40

CHAPTER 25
VMX SUPPORT FOR ADDRESS TRANSLATION

25.1 VIRTUAL PROCESSOR IDENTIFIERS (VPIDS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-1

25.2 THE EXTENDED PAGE TABLE MECHANISM (EPT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-2

25.2.1 EPT Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-2

25.2.2 EPT Translation Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-4

25.2.3 EPT-Induced VM Exits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-9

25.2.3.1 EPT Misconfigurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-10

25.2.3.2 EPT Violations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-11

25.2.3.3 Prioritization of EPT-Induced VM Exits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-12

25.2.4 EPT and Memory Typing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-13

25.2.4.1 Memory Type Used for Accessing EPT Paging Structures . . . . . . . . . . . . . . . . . . . .25-14

25.2.4.2 Memory Type Used for Translated Guest-Physical Addresses . . . . . . . . . . . . . . . .25-14

25.3 CACHING TRANSLATION INFORMATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-15

25.3.1 Information That May Be Cached . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-15

25.3.2 Creating and Using Cached Translation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-16

25.3.3 Invalidating Cached Translation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-18

25.3.3.1 Operations that Invalidate Cached Mappings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-18

25.3.3.2 Operations that Need Not Invalidate Cached Mappings . . . . . . . . . . . . . . . . . . . . . . . 25-19

25.3.3.3 Guidelines for Use of the INVVPID Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-20

25.3.3.4 Guidelines for Use of the INVEPT Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-21

CHAPTER 26
SYSTEM MANAGEMENT MODE

26.1 SYSTEM MANAGEMENT MODE OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-1

26.1.1 System Management Mode and VMX Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-2

26.2 SYSTEM MANAGEMENT INTERRUPT (SMI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-3

26.3 SWITCHING BETWEEN SMM AND THE OTHER

26.3.1 Entering SMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-3

26.3.2 Exiting From SMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-4

26.4 SMRAM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-5

26.4.1 SMRAM State Save Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-6

26.4.1.1 SMRAM State Save Map and Intel 64 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-8

26.4.2 SMRAM Caching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-11

26.4.2.1 System Management Range Registers (SMRR). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-12

26.5 SMI HANDLER EXECUTION ENVIRONMENT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-12

26.6 EXCEPTIONS AND INTERRUPTS WITHIN SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-14

26.7 MANAGING SYNCHRONOUS AND ASYNCHRONOUS

26.7.1 I/O State Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-16

26.8 NMI HANDLING WHILE IN SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-17

26.9 SMM REVISION IDENTIFIER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-18

26.10 AUTO HALT RESTART . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-18

26.10.1 Executing the HLT Instruction in SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-19

xxiv Vol. 3A

PROCESSOR OPERATING MODES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-3

SYSTEM MANAGEMENT INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-15

CONTENTS

PAGE

26.11 SMBASE RELOCATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-19

26.11.1 Relocating SMRAM to an Address Above 1 MByte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-20

26.12 I/O INSTRUCTION RESTART . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-20

26.12.1 Back-to-Back SMI Interrupts When I/O Instruction Restart Is Being Used . . . . . . . . . 26-22

26.13 SMM MULTIPLE-PROCESSOR CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-22

26.14 DEFAULT TREATMENT OF SMIS AND SMM WITH VMX OPERATION AND SMX OPERATION .
26-23

26.14.1 Default Treatment of SMI Delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-23

26.14.2 Default Treatment of RSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-24

26.14.3 Protection of CR4.VMXE in SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-26

26.15 DUAL-MONITOR TREATMENT OF SMIs AND SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-26

26.15.1 Dual-Monitor Treatment Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-26

26.15.2 SMM VM Exits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-27

26.15.2.1 Architectural State Before a VM Exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-27

26.15.2.2 Updating the Current-VMCS and Executive-VMCS Pointers. . . . . . . . . . . . . . . . . . . 26-27

26.15.2.3 Recording VM-Exit Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-28

26.15.2.4 Saving Guest State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-29

26.15.2.5 Updating Non-Register State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-29

26.15.3 Operation of an SMM Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-30

26.15.4 VM Entries that Return from SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-30

26.15.4.1 Checks on the Executive-VMCS Pointer Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-30

26.15.4.2 Checks on VM-Execution Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-31

26.15.4.3 Checks on VM-Entry Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-31

26.15.4.4 Checks on the Guest State Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-32

26.15.4.5 Loading Guest State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-32

26.15.4.6 VMX-Preemption Timer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-32

26.15.4.7 Updating the Current-VMCS and SMM-Transfer VMCS Pointers. . . . . . . . . . . . . . . 26-33

26.15.4.8 VM Exits Induced by VM Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-33

26.15.4.9 SMI Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-33

26.15.4.10 Failures of VM Entries That Return from SMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-34

26.15.5 Enabling the Dual-Monitor Treatment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-34

26.15.6 Activating the Dual-Monitor Treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-36

26.15.6.1 Initial Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-36

26.15.6.2 MSEG Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-38

26.15.6.3 Updating the Current-VMCS and Executive-VMCS Pointers. . . . . . . . . . . . . . . . . . . 26-38

26.15.6.4 Loading Host State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-38

26.15.6.5 Loading MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-40

26.15.7 Deactivating the Dual-Monitor Treatment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-40

26.16 SMI AND PROCESSOR EXTENDED STATE MANAGEMENT. . . . . . . . . . . . . . . . . . . . . . . . . . . 26-41

CHAPTER 27
VIRTUAL-MACHINE MONITOR PROGRAMMING CONSIDERATIONS

27.1 VMX SYSTEM PROGRAMMING OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-1

27.2 SUPPORTING PROCESSOR OPERATING MODES IN GUEST ENVIRONMENTS. . . . . . . . . . . 27-1

27.2.1 Emulating Guest Execution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-2

27.3 MANAGING VMCS REGIONS AND POINTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-2

27.4 USING VMX INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-5

27.5 VMM SETUP & TEAR DOWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-5

27.5.1 Algorithms for Determining VMX Capabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-6

27.6 PREPARATION AND LAUNCHING A VIRTUAL MACHINE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-9

27.7 HANDLING OF VM EXITS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-11

Vol. 3A xxv

CONTENTS

PAGE

27.7.1 Handling VM Exits Due to Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-11

27.7.1.1 Reflecting Exceptions to Guest Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-11

27.7.1.2 Resuming Guest Software after Handling an Exception . . . . . . . . . . . . . . . . . . . . . . 27-13

27.8 MULTI-PROCESSOR CONSIDERATIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-15

27.8.1 Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-15

27.8.2 Moving a VMCS Between Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-16

27.8.3 Paired Index-Data Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-16

27.8.4 External Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-17

27.8.5 CPUID Emulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-17

27.9 32-BIT AND 64-BIT GUEST ENVIRONMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-17

27.9.1 Operating Modes of Guest Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-17

27.9.2 Handling Widths of VMCS Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-18

27.9.2.1 Natural-Width VMCS Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-18

27.9.2.2 64-Bit VMCS Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-18

27.9.3 IA-32e Mode Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-19

27.9.4 IA-32e Mode Guests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-20

27.9.5 32-Bit Guests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-21

27.10 HANDLING MODEL SPECIFIC REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-21

27.10.1 Using VM-Execution Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-21

27.10.2 Using VM-Exit Controls for MSRs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-22

27.10.3 Using VM-Entry Controls for MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-22

27.10.4 Handling Special-Case MSRs and Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-23

27.10.4.1 Handling IA32_EFER MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-23

27.10.4.2 Handling the SYSENTER and SYSEXIT Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . .27-23

27.10.4.3 Handling the SYSCALL and SYSRET Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-23

27.10.4.4 Handling the SWAPGS Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-24

27.10.4.5 Implementation Specific Behavior on Writing to Certain MSRs . . . . . . . . . . . . . . . .27-24

27.10.5 Handling Accesses to Reserved MSR Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-24

27.11 HANDLING ACCESSES TO CONTROL REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-25

27.12 PERFORMANCE CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-25

CHAPTER 28
VIRTUALIZATION OF SYSTEM RESOURCES

28.1 OVERVIEW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-1

28.2 VIRTUALIZATION SUPPORT FOR DEBUGGING FACILITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-1

28.2.1 Debug Exceptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-2

28.3 MEMORY VIRTUALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-3

28.3.1 Processor Operating Modes & Memory Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-3

28.3.2 Guest & Host Physical Address Spaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-3

28.3.3 Virtualizing Virtual Memory by Brute Force . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-4

28.3.4 Alternate Approach to Memory Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-4

28.3.5 Details of Virtual TLB Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-6

28.3.5.1 Initialization of Virtual TLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-7

28.3.5.2 Response to Page Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-8

28.3.5.3 Response to Uses of INVLPG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-11

28.3.5.4 Response to CR3 Writes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-11

28.4 MICROCODE UPDATE FACILITY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-11

28.4.1 Early Load of Microcode Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-12

28.4.2 Late Load of Microcode Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-12

xxvi Vol. 3A

CONTENTS

PAGE

CHAPTER 29
HANDLING BOUNDARY CONDITIONS IN A VIRTUAL MACHINE MONITOR

29.1 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-1

29.2 INTERRUPT HANDLING IN VMX OPERATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-1

29.3 EXTERNAL INTERRUPT VIRTUALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-3

29.3.1 Virtualization of Interrupt Vector Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-4

29.3.2 Control of Platform Interrupts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-5

29.3.2.1 PIC Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-6

29.3.2.2 xAPIC Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-6

29.3.2.3 Local APIC Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-6

29.3.2.4 I/O APIC Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-7

29.3.2.5 Virtualization of Message Signaled Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-8

29.3.3 Examples of Handling of External Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-8

29.3.3.1 Guest Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-8

29.3.3.2 Processor Treatment of External Interrupt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-9

29.3.3.3 Processing of External Interrupts by VMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-9

29.3.3.4 Generation of Virtual Interrupt Events by VMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-10

29.4 ERROR HANDLING BY VMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-11

29.4.1 VM-Exit Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-11

29.4.2 Machine Check Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-12

29.4.3 MCA Error Handling Guidelines for VMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-13

29.4.3.1 VMM Error Handling Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-13

29.4.3.2 Basic VMM MCA error recovery handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-14

29.4.3.3 Implementation Considerations for the Basic Model . . . . . . . . . . . . . . . . . . . . . . . . . 29-14

29.4.3.4 MCA Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-15

29.4.3.5 Implementation Considerations for the MCA Virtualization Model. . . . . . . . . . . . . 29-15

29.5 HANDLING ACTIVITY STATES BY VMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-15

CHAPTER 30
PERFORMANCE MONITORING

30.1 PERFORMANCE MONITORING OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-1

30.2 ARCHITECTURAL PERFORMANCE MONITORING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-2

30.2.1 Architectural Performance Monitoring Version 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-3

30.2.1.1 Architectural Performance Monitoring Version 1 Facilities . . . . . . . . . . . . . . . . . . . . .30-4

30.2.2 Additional Architectural Performance Monitoring Extensions. . . . . . . . . . . . . . . . . . . . . .30-6

30.2.2.1 Architectural Performance Monitoring Version 2 Facilities . . . . . . . . . . . . . . . . . . . . .30-6

30.2.2.2 Architectural Performance Monitoring Version 3 Facilities . . . . . . . . . . . . . . . . . . . 30-10

30.2.3 Pre-defined Architectural Performance Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-12

30.3 PERFORMANCE MONITORING (INTEL® CORE™ SOLO AND INTEL® CORE™ DUO

30.4 PERFORMANCE MONITORING (PROCESSORS BASED ON INTEL® CORE™

30.4.1 Fixed-function Performance Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-18

30.4.2 Global Counter Control Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-19

30.4.3 At-Retirement Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-21

30.4.4 Precise Event Based Sampling (PEBS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-22

30.4.4.1 Setting up the PEBS Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-23

30.4.4.2 PEBS Record Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-23

30.4.4.3 Writing a PEBS Interrupt Service Routine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-23

PROCESSORS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-14

MICROARCHITECTURE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-16

Vol. 3A xxvii

CONTENTS

PAGE

30.5 PERFORMANCE MONITORING (PROCESSORS BASED ON INTEL® ATOM™

30.6 PERFORMANCE MONITORING FOR PROCESSORS BASED ON INTEL® MICROARCHITECTURE

30.6.1 Enhancements of Performance Monitoring in the Processor Core . . . . . . . . . . . . . . . . 30-27

30.6.1.1 Precise Event Based Sampling (PEBS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-27

30.6.1.2 Load Latency Performance Monitoring Facility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-32

30.6.1.3 Off-core Response Performance Monitoring in the Processor Core. . . . . . . . . . . . 30-34

30.6.2 Performance Monitoring Facility in the Uncore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-37

30.6.2.1 Uncore Performance Monitoring Management Facility. . . . . . . . . . . . . . . . . . . . . . . . 30-37

30.6.2.2 Uncore Performance Event Configuration Facility. . . . . . . . . . . . . . . . . . . . . . . . . . . .30-40

30.6.2.3 Uncore Address/Opcode Match MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-42

30.7 PERFORMANCE MONITORING FOR PROCESSORS BASED ON NEXT GENERATION INTEL

30.8 PERFORMANCE MONITORING (PROCESSORS

30.8.1 ESCR MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-48

30.8.2 Performance Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-50

30.8.3 CCCR MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-51

30.8.4 Debug Store (DS) Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-53

30.8.5 Programming the Performance Counters

30.8.5.1 Selecting Events to Count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-54

30.8.5.2 Filtering Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-56

30.8.5.3 Starting Event Counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-58

30.8.5.4 Reading a Performance Counter’s Count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-58

30.8.5.5 Halting Event Counting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-59

30.8.5.6 Cascading Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-59

30.8.5.7 EXTENDED CASCADING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-60

30.8.5.8 Generating an Interrupt on Overflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-62

30.8.5.9 Counter Usage Guideline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-62

30.8.6 At-Retirement Counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-63

30.8.6.1 Using At-Retirement Counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-64

30.8.6.2 Tagging Mechanism for Front_end_event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-65

30.8.6.3 Tagging Mechanism For Execution_event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-65

30.8.6.4 Tagging Mechanism for Replay_event. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-66

30.8.7 Precise Event-Based Sampling (PEBS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-66

30.8.7.1 Detection of the Availability of the PEBS Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-67

30.8.7.2 Setting Up the DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-67

30.8.7.3 Setting Up the PEBS Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-67

30.8.7.4 Writing a PEBS Interrupt Service Routine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-67

30.8.7.5 Other DS Mechanism Implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-68

30.8.8 Operating System Implications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-68

30.9 PERFORMANCE MONITORING AND INTEL HYPER-THREADING TECHNOLOGY IN

30.9.1 ESCR MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-69

30.9.2 CCCR MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-70

30.9.3 IA32_PEBS_ENABLE MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-72

30.9.4 Performance Monitoring Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-72

30.10 COUNTING CLOCKS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-74

30.10.1 Non-Halted Clockticks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-75

30.10.2 Non-Sleep Clockticks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-76

MICROARCHITECTURE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-25

(NEHALEM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-26

®

PROCESSOR (CODENAMED WESTMERE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-43

BASED ON INTEL NETBURST MICROARCHITECTURE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-44

for Non-Retirement Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-54

PROCESSORS BASED ON INTEL NETBURST MICROARCHITECTURE . . . . . . . . . . . . . . . . . 30-68

xxviii Vol. 3A

CONTENTS

PAGE

30.10.3 Incrementing the Time-Stamp Counter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-77

30.10.4 Non-Halted Reference Clockticks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-77

30.10.5 Cycle Counting and Opportunistic Processor Operation . . . . . . . . . . . . . . . . . . . . . . . . . 30-77

30.11 PERFORMANCE MONITORING, BRANCH PROFILING AND SYSTEM EVENTS . . . . . . . . . . 30-78

30.12 PERFORMANCE MONITORING AND DUAL-CORE TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . 30-79

30.13 PERFORMANCE MONITORING ON 64-BIT INTEL XEON PROCESSOR MP WITH UP TO 8-

MBYTE L3 CACHE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-79

30.14 PERFORMANCE MONITORING ON L3 AND CACHING BUS CONTROLLER SUB-SYSTEMS . 30-

30.14.1 Overview of Performance Monitoring with L3/Caching Bus Controller . . . . . . . . . . . 30-86

30.14.2 GBSQ Event Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-87

30.14.3 GSNPQ Event Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-89

30.14.4 FSB Event Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-91

30.14.4.1 FSB Sub-Event Mask Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-92

30.14.5 Common Event Control Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-93

30.15 PERFORMANCE MONITORING (P6 FAMILY PROCESSOR). . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-93

30.15.1 PerfEvtSel0 and PerfEvtSel1 MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-94

30.15.2 PerfCtr0 and PerfCtr1 MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-96

30.15.3 Starting and Stopping the Performance-Monitoring Counters . . . . . . . . . . . . . . . . . . . 30-96

30.15.4 Event and Time-Stamp Monitoring Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-97

30.15.5 Monitoring Counter Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-97

30.16 PERFORMANCE MONITORING (PENTIUM PROCESSORS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-98

30.16.1 Control and Event Select Register (CESR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-98

30.16.2 Use of the Performance-Monitoring Pins. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-100

30.16.3 Events Counted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-100

84

APPENDIX A
PERFORMANCE-MONITORING EVENTS

A.1 ARCHITECTURAL PERFORMANCE-MONITORING EVENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

A.2 PERFORMANCE MONITORING EVENTS FOR INTEL® CORE™I7 PROCESSOR FAMILY. . A-2
A.3 PERFORMANCE MONITORING EVENTS FOR NEXT GENERATION INTEL® PROCESSOR

(CODENAMED WESTMERE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-57

A.4 PERFORMANCE MONITORING EVENTS FOR INTEL® XEON® PROCESSOR 5200, 5400

SERIES AND INTEL

A.5 PERFORMANCE MONITORING EVENTS FOR INTEL® XEON® PROCESSOR 3000, 3200,

5100, 5300 SERIES AND INTEL

A.6 PERFORMANCE MONITORING EVENTS FOR INTEL® ATOM™ PROCESSORS . . . . . . . . . A-133

A.7 PERFORMANCE MONITORING EVENTS FOR INTEL® CORE™ SOLO AND INTEL® CORE

DUO PROCESSORS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-156

A.8 PENTIUM 4 AND INTEL XEON PROCESSOR PERFORMANCE-MONITORING EVENTS . . . A-165
A.9 PERFORMANCE MONITORING EVENTS FOR

INTEL® PENTIUM® M PROCESSORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-214

A.10 P6 FAMILY PROCESSOR PERFORMANCE-MONITORING EVENTS . . . . . . . . . . . . . . . . . . . . A-217

A.11 PENTIUM PROCESSOR PERFORMANCE-

MONITORING EVENTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-235

®

CORE™2 EXTREME PROCESSORS QX 9000 SERIES . . . . . . . . . . . . A-87

®

CORE™2 DUO PROCESSORS. . . . . . . . . . . . . . . . . . . . . . A-88

™

APPENDIX B
MODEL-SPECIFIC REGISTERS (MSRS)

B.1 ARCHITECTURAL MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2

B.2 MSRS IN THE INTEL® CORE™ 2 PROCESSOR FAMILY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-37

Vol. 3A xxix

CONTENTS

PAGE

B.3 MSRS IN THE INTEL® ATOM™ PROCESSOR FAMILY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-58

B.4 MSRS IN THE INTEL® MICROARCHITECTURE (NEHALEM). . . . . . . . . . . . . . . . . . . . . . . . . . . . B-73

B.5 MSRS IN THE PENTIUM® 4 AND INTEL® XEON® PROCESSORS . . . . . . . . . . . . . . . . . . . . B-96

B.5.1 MSRs Unique to Intel Xeon Processor MP with L3 Cache . . . . . . . . . . . . . . . . . . . . . . . .B-136

B.6 MSRS IN INTEL® CORE™ SOLO AND INTEL® CORE

B.7 MSRS IN THE PENTIUM M PROCESSOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-152

B.8 MSRS IN THE P6 FAMILY PROCESSORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-162

B.9 MSRS IN PENTIUM PROCESSORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-174

APPENDIX C
MP INITIALIZATION FOR P6 FAMILY PROCESSORS

C.1 OVERVIEW OF THE MP INITIALIZATION PROCESS FOR P6 FAMILY PROCESSORS . . . . . . . C-1

C.2 MP INITIALIZATION PROTOCOL ALGORITHM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2

C.2.1 Error Detection and Handling During the MP Initialization Protocol . . . . . . . . . . . . . . . . . .C-4

APPENDIX D
PROGRAMMING THE LINT0 AND LINT1 INPUTS

D.1 CONSTANTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1

D.2 LINT[0:1] PINS PROGRAMMING PROCEDURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1

APPENDIX E
INTERPRETING MACHINE-CHECK
ERROR CODES

E.1 INCREMENTAL DECODING INFORMATION: PROCESSOR FAMILY 06H MACHINE ERROR

CODES FOR MACHINE CHECK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-1

E.2 INCREMENTAL DECODING INFORMATION: INTEL CORE 2 PROCESSOR FAMILY MACHINE

ERROR CODES FOR MACHINE CHECK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-5

E.2.1 Model-Specific Machine Check Error Codes for Intel Xeon Processor 7400 Series . . . .E-9

E.2.1.1 Processor Machine Check Status Register

Incremental MCA Error Code Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .E-9

E.2.2 Intel Xeon Processor 7400 Model Specific Error Code Field . . . . . . . . . . . . . . . . . . . . . . . E-10

E.2.2.1 Processor Model Specific Error Code Field

Type B: Bus and Interconnect Error. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10

E.2.2.2 Processor Model Specific Error Code Field

Type C: Cache Bus Controller Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10

E.3 INCREMENTAL DECODING INFORMATION: PROCESSOR FAMILY WITH CPUID

DISPLAYFAMILY_DISPLAYMODEL SIGNATURE 06_1AH, MACHINE ERROR CODES FOR

MACHINE CHECK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-11

E.3.1 QPI Machine Check Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-12

E.3.2 Internal Machine Check Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-13

E.3.3 Memory Controller Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-14

E.4 INCREMENTAL DECODING INFORMATION: PROCESSOR FAMILY 0FH MACHINE ERROR CODES

FOR MACHINE CHECK. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-15

E.4.1 Model-Specific Machine Check Error Codes for Intel Xeon Processor MP 7100 Series. .E-

16

E.4.1.1 Processor Machine Check Status Register

MCA Error Code Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-18

E.4.2 Other_Info Field (all MCA Error Types). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-19

™

DUO PROCESSORS . . . . . . . . . . B-139

xxx Vol. 3A

CONTENTS

PAGE

E.4.3 Processor Model Specific Error Code Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .E-21

E.4.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MCA Error Type A: L3 ErrorE-21

E.4.3.2 Processor Model Specific Error Code Field

Type B: Bus and Interconnect Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .E-21

E.4.3.3 Processor Model Specific Error Code Field

APPENDIX F
APIC BUS MESSAGE FORMATS

F.1 BUS MESSAGE FORMATS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-1

F.2 EOI MESSAGE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-1

F.2.1 Short Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-2

F.2.2 Non-focused Lowest Priority Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-3

F.2.3 APIC Bus Status Cycles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-5

APPENDIX G
VMX CAPABILITY REPORTING FACILITY

G.1 BASIC VMX INFORMATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1

G.2 RESERVED CONTROLS AND DEFAULT SETTINGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-2

G.3 VM-EXECUTION CONTROLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3

G.3.1 Pin-Based VM-Execution Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3

G.3.2 Primary Processor-Based VM-Execution Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-4

G.3.3 Secondary Processor-Based VM-Execution Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-5

G.4 VM-EXIT CONTROLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-6

G.5 VM-ENTRY CONTROLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-7

G.6 MISCELLANEOUS DATA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-7

G.7 VMX-FIXED BITS IN CR0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-8

G.8 VMX-FIXED BITS IN CR4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-9

G.9 VMCS ENUMERATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-9

G.10 VPID AND EPT CAPABILITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-9

Type C: Cache Bus Controller Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-23

APPENDIX H
FIELD ENCODING IN VMCS

H.1 16-BIT FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1

H.1.1 16-Bit Control Field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1

H.1.2 16-Bit Guest-State Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1

H.1.3 16-Bit Host-State Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .H-2

H.2 64-BIT FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-2

H.2.1 64-Bit Control Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-3

H.2.2 64-Bit Read-Only Data Field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4

H.2.3 64-Bit Guest-State Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4

H.2.4 64-Bit Host-State Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .H-5

H.3 32-BIT FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-6

H.3.1 32-Bit Control Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-6

H.3.2 32-Bit Read-Only Data Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7

H.3.3 32-Bit Guest-State Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7

H.3.4 32-Bit Host-State Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-9

H.4 NATURAL-WIDTH FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-9

H.4.1 Natural-Width Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .H-9

Vol. 3A xxxi

CONTENTS

PAGE

H.4.2 Natural-Width Read-Only Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-10

H.4.3 Natural-Width Guest-State Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-10

H.4.4 Natural-Width Host-State Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-11

APPENDIX I
VMX BASIC EXIT REASONS

xxxii Vol. 3A

CONTENTS

PAGE

FIGURES

Figure 1-1. Bit and Byte Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

Figure 1-2. Syntax for CPUID, CR, and MSR Data Presentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-10

Figure 2-1. IA-32 System-Level Registers and Data Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Figure 2-2. System-Level Registers and Data Structures in IA-32e Mode . . . . . . . . . . . . . . . . . . . 2-4

Figure 2-3. Transitions Among the Processor’s Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . .2-11

Figure 2-4. System Flags in the EFLAGS Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-13

Figure 2-5. Memory Management Registers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-16

Figure 2-6. Control Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-19

Figure 2-7. XFEATURE_ENABLED_MASK Register (XCR0). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-26

Figure 3-1. Segmentation and Paging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Figure 3-2. Flat Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Figure 3-3. Protected Flat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Figure 3-4. Multi-Segment Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Figure 3-5. Logical Address to Linear Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

Figure 3-6. Segment Selector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10

Figure 3-7. Segment Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11

Figure 3-8. Segment Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13

Figure 3-9. Segment Descriptor When Segment-Present Flag Is Clear. . . . . . . . . . . . . . . . . . . . . .3-15

Figure 3-10. Global and Local Descriptor Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-20

Figure 3-11. Pseudo-Descriptor Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-22

Figure 4-1. Enabling and Changing Paging Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-4

Figure 4-2. Linear-Address Translation to a 4-KByte Page using 32-Bit Paging . . . . . . . . . . . . .4-10

Figure 4-3. Linear-Address Translation to a 4-MByte Page using 32-Bit Paging . . . . . . . . . . . .4-11

Figure 4-4. Formats of CR3 and Paging-Structure Entries with 32-Bit Paging . . . . . . . . . . . . . .4-15

Figure 4-5. Linear-Address Translation to a 4-KByte Page using PAE Paging . . . . . . . . . . . . . . .4-18

Figure 4-6. Linear-Address Translation to a 2-MByte Page using PAE Paging. . . . . . . . . . . . . . .4-18

Figure 4-7. Formats of CR3 and Paging-Structure Entries with PAE Paging . . . . . . . . . . . . . . . .4-23

Figure 4-8. Linear-Address Translation to a 4-KByte Page using IA-32e Paging . . . . . . . . . . . .4-25

Figure 4-9. Linear-Address Translation to a 2-MByte Page using IA-32e Paging . . . . . . . . . . . .4-26

Figure 4-10. Formats of CR3 and Paging-Structure Entries with IA-32e Paging . . . . . . . . . . . . . .4-33

Figure 4-11. Page-Fault Error Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-35

Figure 4-12. Memory Management Convention That Assigns a Page Table

Figure 5-1. Descriptor Fields Used for Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Figure 5-2. Descriptor Fields with Flags used in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Figure 5-3. Protection Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10

Figure 5-4. Privilege Check for Data Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-12

Figure 5-5. Examples of Accessing Data Segments From Various Privilege Levels . . . . . . . . . .5-13

Figure 5-6. Privilege Check for Control Transfer Without Using a Gate . . . . . . . . . . . . . . . . . . . . .5-15

Figure 5-7. Examples of Accessing Conforming and Nonconforming Code Segments From Various

Figure 5-8. Call-Gate Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-19

Figure 5-9. Call-Gate Descriptor in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-21

Figure 5-10. Call-Gate Mechanism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-22

Figure 5-11. Privilege Check for Control Transfer with Call Gate . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-23

Figure 5-12. Example of Accessing Call Gates At Various Privilege Levels . . . . . . . . . . . . . . . . . . .5-25

Figure 5-13. Stack Switching During an Interprivilege-Level Call . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-27

Figure 5-14. MSRs Used by SYSCALL and SYSRET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-33

Figure 5-15. Use of RPL to Weaken Privilege Level of Called Procedure . . . . . . . . . . . . . . . . . . . . .5-38

Figure 6-1. Relationship of the IDTR and IDT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-14

to Each Segment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-53

Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-17

Vol. 3A xxxiii

CONTENTS

PAGE

Figure 6-2. IDT Gate Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15

Figure 6-3. Interrupt Procedure Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16

Figure 6-4. Stack Usage on Transfers to Interrupt and Exception-Handling Routines. . . . . . . 6-18

Figure 6-5. Interrupt Task Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21

Figure 6-6. Error Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22

Figure 6-7. 64-Bit IDT Gate Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23

Figure 6-8. IA-32e Mode Stack Usage After Privilege Level Change . . . . . . . . . . . . . . . . . . . . . . . 6-26

Figure 6-9. Page-Fault Error Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-55

Figure 7-1. Structure of a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

Figure 7-2. 32-Bit Task-State Segment (TSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Figure 7-3. TSS Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7

Figure 7-4. Format of TSS and LDT Descriptors in 64-bit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9

Figure 7-5. Task Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10

Figure 7-6. Task-Gate Descriptor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11

Figure 7-7. Task Gates Referencing the Same Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12

Figure 7-8. Nested Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17

Figure 7-9. Overlapping Linear-to-Physical Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20

Figure 7-10. 16-Bit TSS Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22

Figure 7-11. 64-Bit TSS Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-24

Figure 8-1. Example of Write Ordering in Multiple-Processor Systems . . . . . . . . . . . . . . . . . . . . . 8-10

Figure 8-2. Interpretation of APIC ID in Early MP Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34

Figure 8-3. Local APICs and I/O APIC in MP System Supporting Intel HT Technology. . . . . . . . 8-38

Figure 8-4. IA-32 Processor with Two Logical Processors Supporting Intel HT Technology . 8-39

Figure 8-5. Generalized Four level Interpretation of the APIC ID . . . . . . . . . . . . . . . . . . . . . . . . . . 8-49

Figure 8-6. Conceptual Five-level Topology and 32-bit APIC ID Composition . . . . . . . . . . . . . . . 8-49

Figure 8-7. Topological Relationships between Hierarchical IDs in a Hypothetical MP Platform. 8-

Figure 9-1. Contents of CR0 Register after Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5

Figure 9-2. Version Information in the EDX Register after Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5

Figure 9-3. Processor State After Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-21

Figure 9-4. Constructing Temporary GDT and Switching to Protected Mode (Lines 162-172 of

Figure 9-5. Moving the GDT, IDT, and TSS from ROM to RAM (Lines 196-261 of List File). . . 9-32

Figure 9-6. Task Switching (Lines 282-296 of List File). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-33

Figure 9-7. Applying Microcode Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-37

Figure 9-8. Microcode Update Write Operation Flow [1] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-60

Figure 9-9. Microcode Update Write Operation Flow [2] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-61

Figure 10-1. Relationship of Local APIC and I/O APIC In Single-Processor Systems. . . . . . . . . . . 10-3

Figure 10-2. Local APICs and I/O APIC When Intel Xeon Processors Are Used in Multiple-

Figure 10-3. Local APICs and I/O APIC When P6 Family Processors Are Used in Multiple-Processor

Figure 10-4. Local APIC Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

Figure 10-5. IA32_APIC_BASE MSR (APIC_BASE_MSR in P6 Family) . . . . . . . . . . . . . . . . . . . . . . .10-12

Figure 10-6. Local APIC ID Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-13

Figure 10-7. Local APIC Version Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16

Figure 10-8. IA32_APIC_BASE MSR Supporting x2APIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17

Figure 10-9. Spurious Interrupt Vector Register (SVR) of x2APIC . . . . . . . . . . . . . . . . . . . . . . . . . 10-24

Figure 10-10. Local APIC Version Register of x2APIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-24

Figure 10-11. Local x2APIC State Transitions with IA32_APIC_BASE, INIT, and RESET . . . . . . .10-26

Figure 10-12. Local Vector Table (LVT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-31

Figure 10-13. Error Status Register (ESR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-34

52

List File) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-31

Processor

Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4

Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4

xxxiv Vol. 3A

CONTENTS

PAGE

Figure 10-14. Error Status Register (ESR) in x2APIC Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-36

Figure 10-15. Divide Configuration Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-37

Figure 10-16. Initial Count and Current Count Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-37

Figure 10-17. Interrupt Command Register (ICR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39

Figure 10-18. Interrupt Command Register (ICR) in x2APIC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . 10-45

Figure 10-19. Logical Destination Register (LDR). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-47

Figure 10-20. Destination Format Register (DFR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-48

Figure 10-21. Logical Destination Register in x2APIC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-49

Figure 10-22. Arbitration Priority Register (APR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-51

Figure 10-23. SELF IPI register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-53

Figure 10-24. Interrupt Acceptance Flow Chart for the Local APIC (Pentium 4 and Intel Xeon

Figure 10-25. Interrupt Acceptance Flow Chart for the Local APIC (P6 Family and Pentium

Figure 10-26. Task Priority Register (TPR). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-58

Figure 10-27. Processor Priority Register (PPR). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-59

Figure 10-28. IRR, ISR and TMR Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-60

Figure 10-29. EOI Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-61

Figure 10-30. CR8 Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-62

Figure 10-31. Spurious-Interrupt Vector Register (SVR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-64

Figure 10-32. Layout of the MSI Message Address Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-66

Figure 10-33. Layout of the MSI Message Data Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-67

Figure 11-1. Cache Structure of the Pentium 4 and Intel Xeon Processors . . . . . . . . . . . . . . . . . .11-1

Figure 11-2. Cache Structure of the Intel Core i7 Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-2

Figure 11-3. Cache-Control Registers and Bits Available in Intel 64 and IA-32 Processors . . 11-16

Figure 11-4. Mapping Physical Memory With MTRRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-31

Figure 11-5. IA32_MTRRCAP Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-32

Figure 11-6. IA32_MTRR_DEF_TYPE MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-33

Figure 11-7. IA32_MTRR_PHYSBASEn and IA32_MTRR_PHYSMASKn Variable-Range Register

Figure 11-8. IA32_SMRR_PHYSBASE and IA32_SMRR_PHYSMASK SMRR Pair. . . . . . . . . . . . . 11-38

Figure 11-9. IA32_PAT MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-49

Figure 12-1. Mapping of MMX Registers to Floating-Point Registers . . . . . . . . . . . . . . . . . . . . . . . .12-2

Figure 12-2. Mapping of MMX Registers to x87 FPU Data Register Stack . . . . . . . . . . . . . . . . . . .12-7

Figure 13-1. Example of Saving the x87 FPU, MMX, SSE, SSE2, SSE3, and SSSE3 State During an

Figure 13-2. Future Layout of XSAVE/XRSTOR Area and XSTATE_BV with Five Sets of Processor

Figure 13-3. OS Enabling of Processor Extended State Support . . . . . . . . . . . . . . . . . . . . . . . . . . 13-17

Figure 13-4. Application Detection of New Instruction Extensions and Processor Extended State

Figure 14-1. IA32_MPERF MSR and IA32_APERF MSR for P-state Coordination . . . . . . . . . . . . .14-2

Figure 14-2. IA32_PERF_CTL Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-6

Figure 14-3. Periodic Query of Activity Ratio of Opportunistic Processor Operation . . . . . . . . .14-7

Figure 14-4. IA32_ENERGY_PERF_BIAS Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-9

Figure 14-5. Processor Modulation Through Stop-Clock Mechanism . . . . . . . . . . . . . . . . . . . . . . . 14-11

Figure 14-6. MSR_THERM2_CTL Register On Processors with CPUID Family/Model/Stepping

Figure 14-7. MSR_THERM2_CTL Register for Supporting TM2. . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14

Figure 14-8. IA32_THERM_STATUS MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15

Figure 14-9. IA32_THERM_INTERRUPT MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15

Figure 14-10. IA32_CLOCK_MODULATION MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17

Processors) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-54

Processors) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-56

Pair. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36

Operating-System Controlled Task Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11

State Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14

13-19

Signature Encoded as 0x69n or 0x6Dn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13

Vol. 3A xxxv

CONTENTS

PAGE

Figure 14-11. IA32_THERM_STATUS Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19

Figure 14-12. IA32_THERM_INTERRUPT Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-21

Figure 15-1. Machine-Check MSRs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3

Figure 15-2. IA32_MCG_CAP Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4

Figure 15-3. IA32_MCG_STATUS Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5

Figure 15-4. IA32_MCi_CTL Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-6

Figure 15-5. IA32_MCi_STATUS Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-8

Figure 15-6. IA32_MCi_ADDR MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-12

Figure 15-7. UCR Support in IA32_MCi_MISC Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13

Figure 15-8. IA32_MCi_CTL2 Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-14

Figure 15-9. CMCI Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19

Figure 15-10. Local APIC CMCI LVT Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-20

Figure 16-1. Debug Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3

Figure 16-2. DR6/DR7 Layout on Processors Supporting Intel 64 Technology . . . . . . . . . . . . . . 16-9

Figure 16-3. IA32_DEBUGCTL MSR for Processors based

on Intel Core microarchitecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-15

Figure 16-4. 64-bit Address Layout of LBR MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-20

Figure 16-5. DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-23

Figure 16-6. 32-bit Branch Trace Record Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-24

Figure 16-7. PEBS Record Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-25

Figure 16-8. IA-32e Mode DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-26

Figure 16-9. 64-bit Branch Trace Record Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-27

Figure 16-10. 64-bit PEBS Record Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-27

Figure 16-11. IA32_DEBUGCTL MSR for Processors based

on Intel microarchitecture (Nehalem). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-34

Figure 16-12. MSR_DEBUGCTLA MSR for Pentium 4 and Intel Xeon Processors . . . . . . . . . . . . . 16-38

Figure 16-13. LBR MSR Branch Record Layout for the Pentium 4

and Intel Xeon Processor Family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-40

Figure 16-14. IA32_DEBUGCTL MSR for Intel Core Solo

Figure 16-15. LBR Branch Record Layout for the Intel Core Solo

Figure 16-16. MSR_DEBUGCTLB MSR for Pentium M Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-44

Figure 16-17. LBR Branch Record Layout for the Pentium M Processor . . . . . . . . . . . . . . . . . . . . . 16-45

Figure 16-18. DEBUGCTLMSR Register (P6 Family Processors) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-46

Figure 17-1. Real-Address Mode Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-4

Figure 17-2. Interrupt Vector Table in Real-Address Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-7

Figure 17-3. Entering and Leaving Virtual-8086 Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-13

Figure 17-4. Privilege Level 0 Stack After Interrupt or

Figure 17-5. Software Interrupt Redirection Bit Map in TSS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-27

Figure 18-1. Stack after Far 16- and 32-Bit Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-6

Figure 19-1. I/O Map Base Address Differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-34

Figure 20-1. Interaction of a Virtual-Machine Monitor and Guests . . . . . . . . . . . . . . . . . . . . . . . . . . 20-3

Figure 25-1. Formats of EPTP and EPT Paging-Structure Entries . . . . . . . . . . . . . . . . . . . . . . . . . . 25-10

Figure 26-1. SMRAM Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-6

Figure 26-2. SMM Revision Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-18

Figure 26-3. Auto HALT Restart Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-19

Figure 26-4. SMBASE Relocation Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-20

Figure 26-5. I/O Instruction Restart Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-21

Figure 27-1. VMX Transitions and States of VMCS in a Logical Processor . . . . . . . . . . . . . . . . . . . 27-4

Figure 28-1. Virtual TLB Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-7

and Intel Core Duo Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-42

and Intel Core Duo Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-43

Exception in Virtual-8086 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-19

xxxvi Vol. 3A

CONTENTS

PAGE

Figure 29-1. Host External Interrupts and Guest Virtual Interrupts . . . . . . . . . . . . . . . . . . . . . . . . .29-5

Figure 30-1. Layout of IA32_PERFEVTSELx MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-4

Figure 30-2. Layout of IA32_FIXED_CTR_CTRL MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-7

Figure 30-3. Layout of IA32_PERF_GLOBAL_CTRL MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-8

Figure 30-4. Layout of IA32_PERF_GLOBAL_STATUS MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-9

Figure 30-5. Layout of IA32_PERF_GLOBAL_OVF_CTRL MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-9

Figure 30-6. Layout of IA32_PERFEVTSELx MSRs Supporting Architectural Performance

Figure 30-7. Layout of IA32_FIXED_CTR_CTRL MSR Supporting Architectural Performance

Figure 30-8. Layout of Global Performance Monitoring Control MSR . . . . . . . . . . . . . . . . . . . . . . 30-12

Figure 30-9. Layout of MSR_PERF_FIXED_CTR_CTRL MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-19

Figure 30-10. Layout of MSR_PERF_GLOBAL_CTRL MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-20

Figure 30-11. Layout of MSR_PERF_GLOBAL_STATUS MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-20

Figure 30-12. Layout of MSR_PERF_GLOBAL_OVF_CTRL MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-21

Figure 30-13. Layout of IA32_PEBS_ENABLE MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-28

Figure 30-14. PEBS Programming Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-30

Figure 30-15. Layout of MSR_PEBS_LD_LAT MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-34

Figure 30-16. Layout of MSR_OFFCORE_RSP_0 and MSR_OFFCORE_RSP_1 to Configure Off-core

Figure 30-17. Layout of MSR_UNCORE_PERF_GLOBAL_CTRL MSR . . . . . . . . . . . . . . . . . . . . . . . . . 30-38

Figure 30-18. Layout of MSR_UNCORE_PERF_GLOBAL_STATUS MSR . . . . . . . . . . . . . . . . . . . . . . 30-39

Figure 30-19. Layout of MSR_UNCORE_PERF_GLOBAL_OVF_CTRL MSR . . . . . . . . . . . . . . . . . . . 30-39

Figure 30-20. Layout of MSR_UNCORE_PERFEVTSELx MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-40

Figure 30-21. Layout of MSR_UNCORE_FIXED_CTR_CTRL MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-41

Figure 30-22. Layout of MSR_UNCORE_ADDR_OPCODE_MATCH MSR . . . . . . . . . . . . . . . . . . . . . . 30-42

Figure 30-23. Event Selection Control Register (ESCR) for Pentium 4

Figure 30-24. Performance Counter (Pentium 4 and Intel Xeon Processors) . . . . . . . . . . . . . . . . 30-51

Figure 30-25. Counter Configuration Control Register (CCCR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-52

Figure 30-26. Effects of Edge Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-58

Figure 30-27. Event Selection Control Register (ESCR) for the Pentium 4 Processor, Intel Xeon

Figure 30-28. Counter Configuration Control Register (CCCR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-71

Figure 30-29. Layout of IA32_PERF_CAPABILITIES MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-79

Figure 30-30. Block Diagram of 64-bit Intel Xeon Processor MP with 8-MByte L3 . . . . . . . . . . . 30-80

Figure 30-31. MSR_IFSB_IBUSQx, Addresses: 107CCH and 107CDH. . . . . . . . . . . . . . . . . . . . . . . . 30-81

Figure 30-32. MSR_IFSB_ISNPQx, Addresses: 107CEH and 107CFH . . . . . . . . . . . . . . . . . . . . . . . . 30-82

Figure 30-33. MSR_EFSB_DRDYx, Addresses: 107D0H and 107D1H . . . . . . . . . . . . . . . . . . . . . . . 30-83

Figure 30-34. MSR_IFSB_CTL6, Address: 107D2H;

Figure 30-35. Block Diagram of Intel Xeon Processor 7400 Series . . . . . . . . . . . . . . . . . . . . . . . . . 30-85

Figure 30-36. Block Diagram of Intel Xeon Processor 7100 Series . . . . . . . . . . . . . . . . . . . . . . . . . 30-86

Figure 30-37. MSR_EMON_L3_CTR_CTL0/1, Addresses: 107CCH/107CDH . . . . . . . . . . . . . . . . . 30-88

Figure 30-38. MSR_EMON_L3_CTR_CTL2/3, Addresses: 107CEH/107CFH. . . . . . . . . . . . . . . . . . 30-91

Figure 30-39. MSR_EMON_L3_CTR_CTL4/5/6/7, Addresses: 107D0H-107D3H. . . . . . . . . . . . . 30-92

Figure 30-40. PerfEvtSel0 and PerfEvtSel1 MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-95

Figure 30-41. CESR MSR (Pentium Processor Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-99

Figure C-1. MP System With Multiple Pentium III Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3

Monitoring Version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-10

Monitoring Version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-11

Response Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-35

and Intel Xeon Processors without Intel HT Technology Support . . . . . . . . . . . . . 30-49

Processor and Intel Xeon Processor MP Supporting Hyper-Threading Technology30­69

MSR_IFSB_CNTR7, Address: 107D3H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-84

Vol. 3A xxxvii

CONTENTS

PAGE

TABLES

Table 2-1. Action Taken By x87 FPU Instructions for Different

Combinations of EM, MP, and TS2-21

Table 2-2. Summary of System Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27

Table 3-1. Code- and Data-Segment Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

Table 3-2. System-Segment and Gate-Descriptor Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

Table 4-1. Properties of Different Paging Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Table 4-3. Use of CR3 with 32-Bit Paging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9

Table 4-2. Paging Structures in the Different Paging Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9

Table 4-4. Format of a 32-Bit Page-Directory Entry that Maps a 4-MByte Page . . . . . . . . . . . 4-12

Table 4-5. Format of a 32-Bit Page-Directory Entry that References a Page Table. . . . . . . . 4-13

Table 4-6. Format of a 32-Bit Page-Table Entry that Maps a 4-KByte Page . . . . . . . . . . . . . . . 4-14

Table 4-7. Use of CR3 with PAE Paging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16

Table 4-8. Format of an PAE Page-Directory-Pointer-Table Entry (PDPTE). . . . . . . . . . . . . . . . 4-17

Table 4-9. Format of a PAE Page-Directory Entry that Maps a 2-MByte Page . . . . . . . . . . . . . 4-20

Table 4-10. Format of a PAE Page-Directory Entry that References a Page Table . . . . . . . . . . 4-21

Table 4-11. Format of a PAE Page-Table Entry that Maps a 4-KByte Page . . . . . . . . . . . . . . . . . 4-22

Table 4-12. Use of CR3 with IA-32e Paging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

Table 4-13. Format of an IA-32e PML4 Entry (PML4E) that References a Page-Directory-Pointer

Table 4-15. Format of an IA-32e Page-Directory Entry that Maps a 2-MByte Page . . . . . . . . . 4-28

Table 4-14. Format of an IA-32e Page-Directory-Pointer-Table Entry (PDPTE) that References a

Table 4-16. Format of an IA-32e Page-Directory Entry that References a Page Table . . . . . . 4-30

Table 4-17. Format of an IA-32e Page-Table Entry that Maps a 4-KByte Page . . . . . . . . . . . . . 4-31

Table 5-1. Privilege Check Rules for Call Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23

Table 5-2. 64-Bit-Mode Stack Layout After CALLF with CPL Change. . . . . . . . . . . . . . . . . . . . . . 5-28

Table 5-3. Combined Page-Directory and Page-Table Protection . . . . . . . . . . . . . . . . . . . . . . . . . 5-42

Table 5-4. Extended Feature Enable MSR (IA32_EFER) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43

Table 5-5. IA-32e Mode Page Level Protection Matrix

Table 5-6. Legacy PAE-Enabled 4-KByte Page Level Protection Matrix

Table 5-7. Legacy PAE-Enabled 2-MByte Page Level Protection

Table 5-8. IA-32e Mode Page Level Protection Matrix with Execute-Disable Bit Capability

Table 5-9. Reserved Bit Checking WIth Execute-Disable Bit Capability Not Enabled . . . . . . . . 5-47

Table 6-1. Protected-Mode Exceptions and Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

Table 6-2. Priority Among Simultaneous Exceptions and Interrupts . . . . . . . . . . . . . . . . . . . . . . 6-11

Table 6-3. Debug Exception Conditions and Corresponding Exception Classes. . . . . . . . . . . . . 6-29

Table 6-4. Interrupt and Exception Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-38

Table 6-5. Conditions for Generating a Double Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-39

Table 6-6. Invalid TSS Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-42

Table 6-7. Alignment Requirements by Data Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-60

Table 6-8. SIMD Floating-Point Exceptions Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-65

Table 7-1. Exception Conditions Checked During a Task Switch . . . . . . . . . . . . . . . . . . . . . . . . . . 7-15

Table 7-2. Effect of a Task Switch on Busy Flag, NT Flag,

Table 8-1. Initial APIC IDs for the Logical Processors in a System that has Four Intel Xeon MP

Table4-27

Page Directory4-28

with Execute-Disable Bit Capability5-44

with Execute-Disable Bit Capability5-45

with Execute-Disable Bit Capability5-45

Enabled5-46

Previous Task Link Field, and TS Flag7-17

Processors Supporting Intel Hyper-Threading Technology

18-52

xxxviii Vol. 3A

CONTENTS

PAGE

Table 8-2. Initial APIC IDs for the Logical Processors in a System that has Two Physical

Table 8-3. Example of Possible x2APIC ID Assignment in a System that has Two Physical

Table 9-1. IA-32 Processor States Following Power-up, Reset, or INIT . . . . . . . . . . . . . . . . . . . . . 9-2

Table 9-2. Recommended Settings of EM and MP Flags on IA-32 Processors . . . . . . . . . . . . . . . 9-7

Table 9-3. Software Emulation Settings of EM, MP, and NE Flags . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8

Table 9-4. Main Initialization Steps in STARTUP.ASM Source Listing . . . . . . . . . . . . . . . . . . . . . .9-21

Table 9-5. Relationship Between BLD Item and ASM Source File. . . . . . . . . . . . . . . . . . . . . . . . . .9-35

Table 9-6. Microcode Update Field Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-38

Table 9-7. Microcode Update Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-40

Table 9-8. Extended Processor Signature Table Header Structure . . . . . . . . . . . . . . . . . . . . . . . .9-41

Table 9-9. Processor Signature Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-41

Table 9-10. Processor Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-43

Table 9-11. Microcode Update Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-48

Table 9-12. Microcode Update Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-55

Table 9-13. Parameters for the Presence Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-56

Table 9-14. Parameters for the Write Update Data Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-57

Table 9-15. Parameters for the Control Update Sub-function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-62

Table 9-17. Parameters for the Read Microcode Update Data Function . . . . . . . . . . . . . . . . . . . .9-63

Table 9-16. Mnemonic Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-63

Table 9-18. Return Code Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-65

Table 10-1 Local APIC Register Address Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-8

Table 10-2. x2APIC Operating Mode Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17

Table 10-3. Local APIC Register Address Map Supported by x2APIC. . . . . . . . . . . . . . . . . . . . . . 10-18

Table 10-4. MSR/MMIO Interface of a Local x2APIC in Different Modes of Operation . . . . . . 10-22

Table 10-5. ESR Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-35

Table 10-6 Valid Combinations for the Pentium 4 and Intel Xeon Processors’

Table 10-7 Valid Combinations for the P6 Family Processors’

Table 11-1. Characteristics of the Caches, TLBs, Store Buffer, and

Table 11-2. Memory Types and Their Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-9

Table 11-3. Methods of Caching Available in Intel Core 2 Duo, Intel Atom, Intel Core Duo, Pentium

Table 11-4. MESI Cache Line States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14

Table 11-5. Cache Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-17

Table 11-6. Effective Page-Level Memory Type for Pentium Pro and

Table 11-7. Effective Page-Level Memory Types for Pentium III and More Recent Processor

Table 11-8. Memory Types That Can Be Encoded in MTRRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30

Table 11-9. Address Mapping for Fixed-Range MTRRs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-35

Table 11-10. Memory Types That Can Be Encoded With PAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-49

Table 11-11. Selection of PAT Entries with PAT, PCD, and PWT Flags . . . . . . . . . . . . . . . . . . . . . 11-50

Table 11-12. Memory Type Setting of PAT Entries Following a Power-up or Reset. . . . . . . . . 11-50

Table 12-1. Action Taken By MMX Instructions

Table 12-2. Effects of MMX Instructions on x87 FPU State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-3

Table 12-3. Effect of the MMX, x87 FPU, and FXSAVE/FXRSTOR Instructions on the

Processors Supporting Dual-Core and Intel Hyper-Threading Technology8-53

Processors Supporting x2APIC and Intel Hyper-Threading Technology8-53

Local xAPIC Interrupt Command Register10-42

Local APIC Interrupt Command Register10-43

Write Combining Buffer in Intel 64 and IA-32 Processors11-2

M, Pentium 4, Intel Xeon, P6 Family, and Pentium Processors11-10

Pentium II Processors11-21

Families11-22

for Different Combinations of EM, MP and TS12-1

x87 FPU Tag Word12-4

Vol. 3A xxxix

CONTENTS

PAGE

Table 13-1. Action Taken for Combinations of OSFXSR, OSXMMEXCPT, SSE, SSE2, SSE3, EM, MP,

Table 13-2. Action Taken for Combinations of OSFXSR, SSSE3, SSE4, EM, and TS . . . . . . . . . . 13-5

Table 13-3. XSAVE Header Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14

Table 13-4. XRSTOR Action on MXCSR, x87 FPU, XMM Register. . . . . . . . . . . . . . . . . . . . . . . . . . 13-16

Table 13-5. XSAVE Action on MXCSR, x87 FPU, XMM Register . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-16

Table 14-1. On-Demand Clock Modulation Duty Cycle Field Encoding. . . . . . . . . . . . . . . . . . . . . . 14-17

Table 15-1. Bits 54:53 in IA32_MCi_STATUS MSRs

Table 15-2. Overwrite Rules for Enabled Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-11

Table 15-3. Address Mode in IA32_MCi_MISC[8:6] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13

Table 15-4. Extended Machine Check State MSRs

Table 15-5. Extended Machine Check State MSRs

Table 15-6. MC Error Classifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-26

Table 15-7. Overwrite Rules for UC, CE, and UCR Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-27

Table 15-8. IA32_MCi_Status [15:0] Simple Error Code Encoding . . . . . . . . . . . . . . . . . . . . . . . . . 15-30

Table 15-9. IA32_MCi_Status [15:0] Compound Error Code Encoding . . . . . . . . . . . . . . . . . . . . . 15-31

Table 15-10. Encoding for TT (Transaction Type) Sub-Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-32

Table 15-11. Level Encoding for LL (Memory Hierarchy Level) Sub-Field . . . . . . . . . . . . . . . . . . .15-32

Table 15-12. Encoding of Request (RRRR) Sub-Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-33

Table 15-13. Encodings of PP, T, and II Sub-Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-33

Table 15-14. Encodings of MMM and CCCC Sub-Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-34

Table 15-15. MCA Compound Error Code Encoding for SRAO Errors . . . . . . . . . . . . . . . . . . . . . . . . 15-35

Table 15-16. IA32_MCi_STATUS Values for SRAO Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-35

Table 15-17. IA32_MCG_STATUS Flag Indication for SRAO Errors . . . . . . . . . . . . . . . . . . . . . . . . . 15-36

Table 15-18. MCA Compound Error Code Encoding for SRAR Errors . . . . . . . . . . . . . . . . . . . . . . . . 15-36

Table 15-19. IA32_MCi_STATUS Values for SRAR Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-37

Table 15-20. IA32_MCG_STATUS Flag Indication for SRAR Errors. . . . . . . . . . . . . . . . . . . . . . . . . . 15-37

Table 16-1. Breakpoint Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-7

Table 16-2. Debug Exception Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-10

Table 16-3. LBR Stack Size and TOS Pointer Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-19

Table 16-4. IA32_DEBUGCTL Flag Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-29

Table 16-5. CPL-Qualified Branch Trace Store Encodings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-30

Table 16-6. IA32_LASTBRACH_x_FROM_IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-35

Table 16-7. IA32_LASTBRACH_x_TO_IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-35

Table 16-8. LBR Stack Size and TOS Pointer Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-35

Table 16-9. MSR_LBR_SELECT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-35

Table 16-10. LBR MSR Stack Size and TOS Pointer Range for the Pentium® 4 and the

Table 17-1. Real-Address Mode Exceptions and Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8

Table 17-2. Software Interrupt Handling Methods While in Virtual-8086 Mode. . . . . . . . . . . .17-26

Table 18-1. Characteristics of 16-Bit and 32-Bit Program Modules . . . . . . . . . . . . . . . . . . . . . . . . 18-1

Table 19-1. New Instruction in the Pentium Processor and

Table 19-2. Recommended Values of the EM, MP, and NE Flags for Intel486 SX

Table 19-3. EM and MP Flag Interpretation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-23

Table 21-1. Format of the VMCS Region . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-2

Table 21-2. Format of Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-5

Table 21-3. Format of Interruptibility State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-7

and TS113-4

when IA32_MCG_CAP[11] = 1 and UC = 015-9

in Processors Without Support for Intel 64 Architecture15-15

In Processors With Support For Intel 64 Architecture15-16

Intel® Xeon® Processor Family16-39

Later IA-32 Processors19-6

Microprocessor/Intel 487 SX Math Coprocessor System19-22

xl Vol. 3A

CONTENTS

PAGE

Table 21-4. Format of Pending-Debug-Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-8

Table 21-5. Definitions of Pin-Based VM-Execution Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-11

Table 21-6. Definitions of Primary Processor-Based VM-Execution Controls . . . . . . . . . . . . . . 21-12

Table 21-7. Definitions of Secondary Processor-Based VM-Execution Controls . . . . . . . . . . . 21-14

Table 21-8. Format of Extended-Page-Table Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-19

Table 21-9. Definitions of VM-Exit Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-20

Table 21-10. Format of an MSR Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-22

Table 21-11. Definitions of VM-Entry Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-23

Table 21-12. Format of the VM-Entry Interruption-Information Field . . . . . . . . . . . . . . . . . . . . . . 21-24

Table 21-13. Format of Exit Reason . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-26

Table 21-14. Format of the VM-Exit Interruption-Information Field. . . . . . . . . . . . . . . . . . . . . . . . 21-27

Table 21-15. Format of the IDT-Vectoring Information Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-28

Table 21-16. Structure of VMCS Component Encoding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-31

Table 24-1. Exit Qualification for Debug Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-6

Table 24-2. Exit Qualification for Task Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-6

Table 24-3. Exit Qualification for Control-Register Accesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-8

Table 24-4. Exit Qualification for MOV DR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-9

Table 24-5. Exit Qualification for I/O Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-9

Table 24-6. Exit Qualification for APIC-Access VM Exits from Linear Accesses and Guest-Physical

Table 24-7. Exit Qualification for EPT Violations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-11

Table 24-8. Format of the VM-Exit Instruction-Information Field as Used for INS and OUTS . . 24-

Table 24-9. Format of the VM-Exit Instruction-Information Field as Used for LIDT, LGDT, SIDT, or

Table 24-10. Format of the VM-Exit Instruction-Information Field as Used for LLDT, LTR, SLDT, and

Table 24-11. Format of the VM-Exit Instruction-Information Field as Used for VMCLEAR, VMPTRLD,

Table 24-12. Format of the VM-Exit Instruction-Information Field as Used for VMREAD and

Table 24-13. Format of the VM-Exit Instruction-Information Field as Used for INVEPT and INVVPID

Table 25-1. Format of an EPT PML4 Entry (PML4E) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-5

Table 25-2. Format of an EPT Page-Directory-Pointer-Table Entry (PDPTE) that References an

Table 25-3. Format of an EPT Page-Directory Entry (PDE) that Maps a 2-MByte Page. . . . . . .25-7

Table 25-4. Format of an EPT Page-Directory Entry (PDE) that References an EPT Page Table. .

Table 25-5. Format of an EPT Page-Table Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-9

Table 26-1. SMRAM State Save Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-6

Table 26-2. Processor Signatures and 64-bit SMRAM State Save Map Format. . . . . . . . . . . . . .26-9

Table 26-3. SMRAM State Save Map for Intel 64 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-9

Table 26-4. Processor Register Initialization in SMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-13

Table 26-5. I/O Instruction Information in the SMM State Save Map . . . . . . . . . . . . . . . . . . . . . . 26-16

Table 26-6. I/O Instruction Type Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-17

Table 26-7. Auto HALT Restart Flag Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-19

Table 26-8. I/O Instruction Restart Field Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-21

Table 26-9. Exit Qualification for SMIs That Arrive Immediately

Table 26-10. Format of MSEG Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-35

Table 27-1. Operating Modes for Host and Guest Environments . . . . . . . . . . . . . . . . . . . . . . . . . 27-18

Accesses24-10

18

SGDT24-19

STR24-21

VMPTRST, and VMXON24-22

VMWRITE24-23

24-25

EPT Page Directory25-6

25-8

After the Retirement of an I/O Instruction26-28

Vol. 3A xli

CONTENTS

PAGE

Table 30-1. UMask and Event Select Encodings for Pre-Defined

Table 30-2. Core Specificity Encoding within a Non-Architectural Umask. . . . . . . . . . . . . . . . . . 30-15

Table 30-3. Agent Specificity Encoding within a Non-Architectural Umask . . . . . . . . . . . . . . . . 30-15

Table 30-4. HW Prefetch Qualification Encoding within a Non-Architectural Umask. . . . . . . .30-16

Table 30-5. MESI Qualification Definitions within a Non-Architectural Umask. . . . . . . . . . . . . .30-16

Table 30-6. Bus Snoop Qualification Definitions within a Non-Architectural Umask . . . . . . . .30-17

Table 30-7. Snoop Type Qualification Definitions within a Non-Architectural Umask. . . . . . . 30-17

Table 30-8. Association of Fixed-Function Performance Counters with

Table 30-10. PEBS Performance Events for Intel Core Microarchitecture. . . . . . . . . . . . . . . . . . . 30-22

Table 30-9. At-Retirement Performance Events for Intel Core Microarchitecture. . . . . . . . . . 30-22

Table 30-11. Requirements to Program PEBS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-24

Table 30-12. PEBS Record Format for Intel Core i7 Processor Family . . . . . . . . . . . . . . . . . . . . . . 30-28

Table 30-13. Data Source Encoding for Load Latency Record. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-33

Table 30-14. Off-Core Response Event Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-35

Table 30-15. MSR_OFFCORE_RSP_Z Bit Field Definition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-35

Table 30-16. Opcode Field Encoding for MSR_UNCORE_ADDR_OPCODE_MATCH. . . . . . . . . . . . 30-42

Table 30-17. Performance Counter MSRs and Associated CCCR and

Table 30-18. Event Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-54

Table 30-19. CCR Names and Bit Positions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-60

Table 30-20. Effect of Logical Processor and CPL Qualification

Table 30-21. Effect of Logical Processor and CPL Qualification

Table A-1. Architectural Performance Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

Table A-2. Non-Architectural Performance Events In the Processor Core for Intel Core i7

Table A-3. Non-Architectural Performance Events In the Processor Uncore for Intel Core i7

Table A-4. Non-Architectural Performance Events In Next Generation Processor Core

Table A-5. Non-Architectural Performance Events for Processors based on Enhanced Intel Core

Table A-6. Fixed-Function Performance Counter

Table A-7. Non-Architectural Performance Events

Table A-8. Non-Architectural Performance Events for Intel Atom Processors . . . . . . . . . . . .A-133

Table A-9. Non-Architectural Performance Events

Table A-10. Performance Monitoring Events Supported by Intel NetBurst Microarchitecture for

Table A-11. Performance Monitoring Events For Intel NetBurst

Table A-12. Intel NetBurst Microarchitecture Model-Specific Performance Monitoring Events (For

Table A-14. List of Metrics Available for Execution Tagging

Table A-13. List of Metrics Available for Front_end Tagging

Architectural Performance Events30-13

Architectural Performance Events30-18

ESCR MSRs (Pentium 4 and Intel Xeon Processors)30-45

for Logical-Processor-Specific (TS) Events30-73

for Non-logical-Processor-specific (TI) Events30-74

Processor and Intel Xeon Processor 5500 SeriesA-2

Processor and Intel Xeon Processor 5500 SeriesA-35

(Codenamed Westmere)A-58

MicroarchitectureA-88

and Pre-defined Performance EventsA-89

in Processors Based on Intel Core MicroarchitectureA-90

in Intel Core Solo and Intel Core Duo ProcessorsA-156

Non-Retirement CountingA-165

Microarchitecture for At-Retirement CountingA-197

Model Encoding 3, 4 or 6)A-204

(For Execution Event Only)A-205

(For Front_end Event Only)A-205

xlii Vol. 3A

CONTENTS

PAGE

Table A-15. List of Metrics Available for Replay Tagging

Table A-16. Event Mask Qualification for Logical Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-208

Table A-17. Performance Monitoring Events on Intel

Table A-18. Performance Monitoring Events Modified on Intel® Pentium® M Processors . . A-216
Table A-19. Events That Can Be Counted with the P6 Family Performance-

Table A-20. Events That Can Be Counted with Pentium Processor

Table B-1. CPUID Signature Values of DisplayFamily_DisplayModel . . . . . . . . . . . . . . . . . . . . . . . . B-1

Table B-2. IA-32 Architectural MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3

Table B-3. MSRs in Processors Based on Intel Core Microarchitecture . . . . . . . . . . . . . . . . . . . . .B-38

Table B-4. MSRs in Intel Atom Processor Family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-58

Table B-5. MSRs in Processors Based on Intel Microarchitecture (Nehalem) . . . . . . . . . . . . . . .B-73

Table B-6. MSRs in the Pentium 4 and Intel Xeon Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-96

Table B-7. MSRs Unique to 64-bit Intel Xeon Processor MP with

Table B-8. MSRs Unique to Intel Xeon Processor 7100 Series . . . . . . . . . . . . . . . . . . . . . . . . . . B-138

Table B-9. MSRs in Intel Core Solo, Intel Core Duo Processors, and Dual-Core Intel Xeon

Table B-10. MSRs in Pentium M Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-153

Table B-11. MSRs in the P6 Family Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-162

Table B-12. MSRs in the Pentium Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-174

Table C-1. Boot Phase IPI Message Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2

Table E-1. CPUID DisplayFamily_DisplayModel Signatures for Family 6 . . . . . . . . . . . . . . . . . . . . E-1

Table E-2. Incremental Decoding Information: Processor Family 06H

Table E-3. CPUID DisplayFamily_DisplayModel Signatures for Processors Based on Intel Core

Table E-4. Incremental Bus Error Codes of Machine Check for Processors Based on Intel Core

Table E-5. Incremental MCA Error Code Types for Intel Xeon Processor 7400 . . . . . . . . . . . . . . E-9

Table E-6. Type B Bus and Interconnect Error Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10

Table E-7. Type C Cache Bus Controller Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10

Table E-8. QPI Machine Check Error codes for IA32_MC0_STATUS and IA32_MC1_STATUSE-12

Table E-9. QPI Machine Check Error codes for IA32_MC0_MISC and IA32_MC1_MISC. . . . . . .E-13

Table E-10. Machine Check Error codes for IA32_MC7_STATUS. . . . . . . . . . . . . . . . . . . . . . . . . . . . E-13

Table E-11. Incremental Memory Controller Error Codes of Machine Check for IA32_MC8_STATUS

Table E-12. Incremental Memory Controller Error Codes of Machine Check for IA32_MC8_MISC E-

Table E-13. Incremental Decoding Information: Processor Family 0FH

Table E-14. MCi_STATUS Register Bit Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .E-17

Table E-15. Incremental MCA Error Code for Intel Xeon Processor MP 7100 . . . . . . . . . . . . . . . .E-18

Table E-16. Other Information Field Bit Definition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-20

Table E-17. Type A: L3 Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-21

Table E-18. Type B Bus and Interconnect Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-22

Table E-19. Type C Cache Bus Controller Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-23

Table E-20. Decoding Family 0FH Machine Check Codes for Cache Hierarchy Errors. . . . . . . . .E-24

Table F-1. EOI Message (14 Cycles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-1

(For Replay Event Only)A-206

®

Pentium® M

ProcessorsA-214

Monitoring CountersA-218

Performance-Monitoring CountersA-235

Up to an 8 MB L3 CacheB-136

Processor LVB-139

Machine Error Codes For Machine CheckE-2

MicroarchitectureE-5

MicroarchitectureE-6

E-14

15

Machine Error Codes For Machine CheckE-15

Vol. 3A xliii

CONTENTS

PAGE

Table F-2. Short Message (21 Cycles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .F-2

Table F-3. Non-Focused Lowest Priority Message (34 Cycles). . . . . . . . . . . . . . . . . . . . . . . . . . . . . .F-3

Table F-4. APIC Bus Status Cycles Interpretation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .F-5

Table G-1. Memory Types Used For VMCS Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-2

Table H-1. Encoding for 32-Bit Control Fields (0000_00xx_xxxx_xxx0B) . . . . . . . . . . . . . . . . . H-1

Table H-2. Encodings for 16-Bit Guest-State Fields (0000_10xx_xxxx_xxx0B) . . . . . . . . . . . . H-1

Table H-3. Encodings for 16-Bit Host-State Fields (0000_11xx_xxxx_xxx0B). . . . . . . . . . . . . H-2

Table H-4. Encodings for 64-Bit Control Fields (0010_00xx_xxxx_xxxAb). . . . . . . . . . . . . . . . . H-3

Table H-5. Encodings for 64-Bit Read-Only Data Field (0010_01xx_xxxx_xxxAb) . . . . . . . . . H-4

Table H-6. Encodings for 64-Bit Guest-State Fields (0010_10xx_xxxx_xxxAb) . . . . . . . . . . . . H-4

Table H-7. Encodings for 64-Bit Host-State Fields (0010_11xx_xxxx_xxxAb). . . . . . . . . . . . . H-5

Table H-8. Encodings for 32-Bit Control Fields (0100_00xx_xxxx_xxx0B) . . . . . . . . . . . . . . . . H-6

Table H-9. Encodings for 32-Bit Read-Only Data Fields (0100_01xx_xxxx_xxx0B) . . . . . . . . H-7

Table H-10. Encodings for 32-Bit Guest-State Fields

Table H-11. Encoding for 32-Bit Host-State Field (0100_11xx_xxxx_xxx0B) . . . . . . . . . . . . . . . H-9

Table H-12. Encodings for Natural-Width Control Fields (0110_00xx_xxxx_xxx0B) . . . . . . . . . H-9

Table H-13. Encodings for Natural-Width Read-Only Data Fields (0110_01xx_xxxx_xxx0B)H-10
Table H-14. Encodings for Natural-Width Guest-State Fields (0110_10xx_xxxx_xxx0B) . . . H-10

Table H-15. Encodings for Natural-Width Host-State Fields (0110_11xx_xxxx_xxx0B) . . . . H-11

Table I-1. Basic Exit Reasons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1

(0100_10xx_xxxx_xxx0B)H-7

xliv Vol. 3A

CHAPTER 1

ABOUT THIS MANUAL

The Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A:
System Programming Guide, Part 1 (order number 253668) and the Intel® 64 and
IA-32 Architectures Software Developer’s Manual, Volume 3B: System Programming
Guide, Part 2 (order number 253669) are part of a set that describes the architecture

and programming environment of Intel 64 and IA-32 Architecture processors. The
other volumes in this set are:

• Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1: Basic

Architecture (order number 253665).

• Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volumes

2A & 2B: Instruction Set Reference (order numbers 253666 and 253667).

The Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1,
describes the basic architecture and programming environment of Intel 64 and IA-32
processors. The
Volumes 2A & 2B, describe the instruction set of the processor and the opcode struc­ture. These volumes apply to application programmers and to programmers who
write operating system s or executiv es. The
ware Developer’s Manual, Volumes 3A & 3B, describe the operating-system support
environment of Intel 64 and IA-32 processors. These volumes target operating­system and BIOS designers. In addition,
Developer’s Manual, Volume 3B, addresses the programming environment for
classes of software that host operating systems.

Intel® 64 and IA-32 Architectures Software Developer’s Manual,

Intel® 64 and IA-32 Architectures Soft-

Intel® 64 and IA-32 Architectures Software

1.1 PROCESSORS COVERED IN THIS MANUAL

This manual set includes information pertaining primarily to the most recent Intel®
64 and IA-32 processors, which include:

• Pentium

®

processors

• P6 family processors

• Pentium

• Pentium

• Intel

• Pentium

• Pentium

• 64-bit Intel

• Intel

• Intel

®

4 processors

®

M processors

®

Xeon® processors

®

D processors

®

processor Extreme Editions

®

Xeon® processors

®

Core™ Duo processor

®

Core™ Solo processor

Vol. 3 1-1

ABOUT THIS MANUAL

• Dual-Core Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

P6 family processors are IA-32 processors based on the P6 family microarchitecture.
This includes the Pentium® Pro, Pentium® II, Pentium® III, and P entium® III Xeon®
processors.

The Pentium® 4, Pentium® D, and Pentium® processor Extreme Editions are based
on the Intel NetBurst® microarchitecture. Most early Intel® Xeon® processors are
based on the Intel NetBurst
series are based on the Intel NetBurst

The Intel® Core™ Duo, Intel® Core™ Solo and dual-core Intel® Xeon® processor LV
are based on an improved Pentium

The Intel® Xeon® processor 3000, 3200, 5100, 5300, 7200, and 7300 series, Intel®
Pentium® dual-core, Intel® Core™2 Duo, Intel® Core™2 Quad and Intel® Core™2
Extreme processors are based on Intel

The Intel® Xeon® processor 5200, 5400, 7400 series, Intel® CoreTM2 Quad processor
Q9000 series, and Intel
Core
ture.

The Intel® AtomTM processor family is based on the Intel® AtomTM microarchitecture
and supports Intel 64 architecture.

®

Core™2 Duo processor

®

Core™2 Quad processor Q6000 series

®

Xeon® processor 3000, 3200 series

®

Xeon® processor 5000 series

®

Xeon® processor 5100, 5300 series

®

Core™2 Extreme processor X7000 and X6800 series

®

Core™2 Extreme QX6000 series

®

Xeon® processor 7100 series

®

Pentium® Dual-Core processor

®

Xeon® processor 7200, 7300 series

®

Core™2 Extreme QX9000 series

®

Xeon® processor 5200, 5400, 7400 series

®

CoreTM2 Extreme processor QX9000 and X9000 series

®

CoreTM2 Quad processor Q9000 series

®

CoreTM2 Duo processor E8000, T9000 series

®

AtomTM processor family

®

CoreTM i7 processor

®

Core

TM

2 processor E8000 series are based on Enhanced Intel® CoreTM microarchitec-

®

Xeon® processor LV

TM

i5 processor

®

®

CoreTM2 Extreme processors QX9000, X9000 series, Intel®

microarchitecture. Intel Xeon processor 5000, 7100

®

microarchitecture.

®

M processor microarchitecture.

®

Core™ microarchitecture.

1-2 Vol. 3

ABOUT THIS MANUAL

The Intel® Core

TM

i7 processor and the Intel® Core

TM

i5 processor are based on the

Intel® microarchitecture (Nehalem) and support Intel 64 architecture.
Processors based on the Next Generation Intel Processor, codenamed Westmere,

support Intel 64 architecture.
P6 family , Pentium® M, Intel® Core™ Solo, Intel® Core™ Duo processors, dual-core

Intel® Xeon® processor LV, and early generations of Pentium 4 and Intel Xeon
processors support IA-32 architecture. The Intel® AtomTM processor Z5xx series
support IA-32 architecture.

The Intel® Xeon® processor 3000, 3200, 5000, 5100, 5200, 5300, 5400, 7100,
7200, 7300, 7400 series, Intel

®

Core™2 Duo, Intel® Core™2 Extreme processors,
Intel Core 2 Quad processors, Pentium® D processors, Pentium® Dual-Core
processor, newer generations of Pentium 4 and Intel Xeon processor family support

®

64 architecture.

Intel
IA-32 architecture is the instruction set architecture and programming environment

for Intel's 32-bit microprocessors. Intel® 64 architecture is the instruction set archi­tecture and programming environment which is a superset of and compatible with
IA-32 architecture.

1.2 OVERVIEW OF THE SYSTEM PROGRAMMING GUIDE

A description of this manual’s content follows:
Chapter 1 — About This Manual. Gives an overview of all five volumes of the

Intel® 64 and IA-32 Architectures Software Developer’s Manual. It also describes
the notational conventions in these manuals and lists related Intel manuals and
documentation of interest to programmers and hardware designers.

Chapter 2 — System Architecture Overview. Describes the modes of operation
used by Intel 64 and IA-32 processors and the mechanisms provided by the architec­tures to support operating systems and executives, including the system-oriented
registers and data structures and the system-oriented instructions. The steps neces
sary for switching between real-address and protected modes are also identified.

Chapter 3 — Protected-Mode Memory Management. Describes the data struc­tures, registers, and instructions that support segmentation and paging. The chapter
explains how they can be used to implement a “flat” (unsegmented) memory model
or a segmented memory model.

Chapter 4 — Paging. Describes the paging modes supported by Intel 64 and IA -32
processors.

Chapter 5 — Protection. Describes the support for page and segment protection
provided in the Intel 64 and IA-32 architectures. This chapter also explains the
implementation of privilege rules, stack switching, pointer validation, user and
supervisor modes.

-

Vol. 3 1-3

ABOUT THIS MANUAL

Chapter 6 — Interrupt and Exception Handling. Describes the basic interrupt
mechanisms defined in the Intel 64 and IA-32 architectures, shows how interrupts
and exceptions relate to protection, and de scribes how the architecture handles each
exception type. Reference information for each exception is given at the end of this
chapter.

Chapter 7 — Task Management. Describes mechanisms the Intel 64 and IA-32
architectures provide to support multitasking and inter-task protection.

Chapter 8 — Multiple-Processor Management. Describes the instructions and
flags that support multiple processors with shared memory , memory ordering, and
Intel® Hyper- Threading Technology.

Chapter 9 — Processor Management and Initialization. Defines the state of an
Intel 64 or IA-32 processor after reset initialization. This chapter also explains how to
set up an Intel 64 or IA-32 processor for real-address mode operation and protected­mode operation, and how to switch between modes.

Chapter 10 — Advanced Progr ammable Inte rrupt Contro ller (APIC) .
Describes the programming interface to the local APIC and gives an overview of the
interface between the local APIC and the I/O APIC.

Chapter 11 — Memory Ca che Control. Describes the general concept of caching
and the caching mechanisms supported by the Intel 64 or IA-32 architectures. This
chapter also describes the memory type range registers (MTRRs) and how they can
be used to map memory types of physical memory . Information on using the new
cache control and memory streaming instructions introduced with the Pentium III,
Pentium 4, and Intel Xeon processors is also giv en.

Chapter 12 — I ntel® MMX™ Technology System Programming. Describes
those aspects of the Intel® MMX™ technology that must be handled and considered
at the system programming level, including: task switching, exception handling, and
compatibility with existing system environments.

Chapter 13 — System Programming For Instruction Set Extensions And
Processor Extended States. Describes the operating system requirements to

support SSE/SSE2/SSE3/S SSE3/SSE4 ex tensions, including task switching, excep
tion handling, and compatibility with existing system environments. The latter part of
this chapter describes the extensible framework of operating system requirements to
support processor extended states. Processor extended state may be required by
instruction set extensions beyond those of SSE/SSE2/SSE3/SSSE3/SSE4 extensions.

Chapter 14 — Power and Thermal Management . Describes facilities of Intel 64
and IA-32 architecture used for power management and thermal monitoring.

Chapter 15 — Machine-Check Architecture. Describes the machine-check

-

architecture and machine-check except ion mechanism found in the Pentium
4, Intel Xeon, and P6 family processors

. Additional ly , a signaling mechanism

for software to respond to hardware corrected machine check error is
covered.

1-4 Vol. 3

ABOUT THIS MANUAL

Chapter 16 — Debugging, Branch Profiles and Time-Stamp Counter.
Describes the debugging registers and other debug mechanism provided in Intel 64
or IA-32 processors. This chapter also describes the time-stamp counter.

Chapter 17 — 8086 Emulation. Describes the real-address and virtual-8086
modes of the IA-32 architecture.

Chapter 18 — Mixing 16-Bit and 32-Bit Code. Describes how to mix 16-bit and
32-bit code modules within the same program or task.

Chapter 19 — IA-32 Architecture Compatibility. Describes architectural
compatibility among IA-32 processors.

Chapter 20 — Introduction to Virtual-Machine Extensions. Describes the basic
elements of virtual machine architecture and the virtual-machine extensions for

64 and IA-32 Architectures.

Intel
Chapter 21 — Virtual-Machine Control Structures. Describes components that

manage VMX operation. These include the working-VMCS pointer and the control­ling-VMCS pointer.

Chapter 22— VMX Non-Root Operation. Describes the operation of a VMX non­root operation. Processor operation in VMX non-root mode can be restricted
programmatically such that certain operations, events or conditions can cause the
processor to transfer control from the guest (running in VMX non-root mode) to the
monitor software (running in VMX root mode).

Chapter 23 — VM Entries. Describes VM entries. VM entry transitions the processor
from the VMM running in VMX root-mode to a VM running in VMX non-root m ode.
VM-Entry is performed by the execution of VMLAUNCH or VMRESUME instructions.

Chapter 24 — VM Exits. Describes VM exits. Certain events, operations or situa­tions while the processor is in VMX non-root operation may cause VM-exit transitions.
In addition, VM exits can also occur on failed VM entries.

Chapter 25 — VMX Support for Address Translation. Describes virtual-machine
extensions that support address translation and the virtualization of physical
memory.

Chapter 26 — System Management Mode. Describes Intel 64 and IA -32 architec­tures’ system management mode (SMM) facilities.

Chapter 27 — Virtual-Machine Monitoring Programming Considerations.

Describes programming considerations for VMMs. VMMs manage virtual machines
(VMs).

Chapter 28 — Virtualization of System Resources. Describes the virtualization
of the system resources. These include: debugging facilities, address translation,
physical memory, and microcode update facilities.

Chapter 29 — Handling Boundary Conditions in a Virtual Machine Monitor.
Describes what a VMM must consider when handling exceptions, interrupts, error
conditions, and transitions between activity states.

Vol. 3 1-5

ABOUT THIS MANUAL

Chapter 30 — Performance Monitoring. Describes the Intel 64 and IA-32 archi­tectures’ facilities for monitoring performance.

Appendix A — Performance-Monitoring Events. Lists architectural performance
events. Non-architectural performance events (i.e. model-specific events) are listed
for each generation of microarchitecture.

Appendix B — Model-Specific Registers (MSRs). Lists the MSRs available in the
Pentium processors, the P6 family processors, the Pentium 4, Intel Xeon, Intel Core
Solo, Intel Core Duo processors, and Intel Core 2 processor family and describes
their functions.

Appendix C — MP Initialization For P6 Family Processors. Gives an example of
how to use of the MP protocol to boot P6 family processors in n MP system.

Appendix D — Programming the LINT0 and LINT1 Inputs. Gives an example of
how to program the LINT0 and LINT1 pins for specific interrupt vectors.

Appendix E — Interpreting Machine -Check Erro r Codes. Giv es an example of
how to interpret the error codes for a machine-check error that occurred on a P6
family processor.

Appendix F — APIC Bus Message Formats. Describes the message formats for
messages transmitted on the APIC bus for P6 family and Pentium processors.

Appendix G — VMX Capability Reporting Facility. Describes the VMX capability
MSRs. Support for specific VMX features is determined by reading capability MSRs.

Appendix H — Field Encoding in VMCS. Enumerates all fields in the VMCS and
their encodings. Fields are grouped by width (16-bit, 32-bit, etc.) and type (guest­state, host-state, etc.).

Appendix I — VM Basic Exit Reasons. Describes the 32-bit fields that encode
reasons for a VM exit. Examples of exit reasons include, but are not limited to: soft­ware interrupts, processor exceptions, software traps, NMIs, external interrupts, and
triple faults.

1.3 NOTATIONAL CONVENTIONS

This manual uses specific notation for data-structure formats, for symbolic represen­tation of instructions, and for hexadecimal and binary numbers. A review of this
notation makes the manual easier to read.

1.3.1 Bit and Byte Order

In illustrations of data structures in memory , smaller addresses appear toward the
bottom of the figure; addresses increase toward the top. Bit positions are numbered
from right to left. The numerical value of a set bit is equal to two raised to the power
of the bit position. Intel 64 and IA-32 processors are “little endian” machines; this

1-6 Vol. 3

ABOUT THIS MANUAL

means the bytes of a word are numbered starting from the least significant byte.
Figure 1-1 illustrates these conventions.

1.3.2 Reserved Bits and Software Compatibility

In many register and memory layout descriptions, certain bits are marked as
reserved. When bits are marked as reserved, it is essential for compatibility with
future processors that software treat these bits as having a future, though unkno wn,
effect. The behavior of reserved bits should be regarded as not only undefined, but
unpredictable. Software should follow these guidelines in dealing with reserved bits:

• Do not depend on the states of any reserved bits when testing the values of

registers which contain such bits. Mask out the reserved bits before testing.

• Do not depend on the states of any reserved bits when storing to memory or to a

register.

• Do not depend on the ability to retain information written into any reserved bits.

• When loading a register, always load the reserved bits with the values indicated

in the documentation, if any , or reload them with values previously read from the
same register.

NOTE

Avoid any softw are dependence upon the st ate of reserved bits in
Intel 64 and IA-32 registers. Depending upon the values of reserved
register bits will make software dependent upon the unspecified
manner in which the processor handles these bits. Programs that
depend upon reserved values risk incompatibility with future
processors.

Highest

Address

Data Structure

23

31

Byte 3

24

Byte 2

16

15

Byte 1

Figure 1-1. Bit and Byte Order

8

7

Byte 0

Byte Offset

Bit offset

0

28
24

20
16
12

8
4

Lowest

0

Address

Vol. 3 1-7

ABOUT THIS MANUAL

1.3.3 Instruction Operands

When instructions are represented symbolically , a subset of assembly language is
used. In this subset, an instruction has the following format:

label: mnemonic argument1, argument2, argument3

where:

• A label is an identifier which is followed by a colon.

• A mnemonic is a reserved name for a class of instruction opcodes which have

the same function.

• The operands argument1, argument2, and argument3 are optional. There

may be from zero to three operands, depending on the opcode. When present,
they take the form of either literals or identifiers for data items. Operand
identifiers are either reserved names of registers or are assumed to be assigned
to data items declared in another part of the program (which may not be shown
in the example).

When two operands are present in an arithmetic or logical instruction, the right
operand is the source and the left operand is the destination.

For example:

LOADREG: MOV EAX, SUBTOTAL

In this example LOADREG is a label, MOV is the mnemonic identifier of an opcode,
EAX is the destination operand, and SUBT OTAL is the source operand. Some
assembly languages put the source and destination in reverse order.

1.3.4 Hexadecimal and Binary Numbers

Base 16 (hexadecimal) numbers are represented by a string of hexadecimal digits
followed by the character H (for example, F82EH). A hexadecimal digit is a character
from the following set: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.

Base 2 (binary) numbers are represented by a string of 1s and 0s, sometimes
followed by the character B (for example, 1010B). The “B” designation is only used in
situations where confusion as to the type of number might arise.

1.3.5 Segmented Addressing

The processor uses byte addressing. This means memory is organized and accessed
as a sequence of bytes. Whether one or more bytes are being accessed, a byte
address is used to locate the byte or bytes memory . The range of memory that can
be addressed is called an address space.

The processor also supports segmented addressing. This is a form of addressing
where a program may have many independent address spaces, called segments.

1-8 Vol. 3

ABOUT THIS MANUAL

For example, a program can keep its code (instructions) and stack in separate
segments. Code addresses would always refer to the code space, and stack
addresses would always refer to the stack space. The following notation is used to
specify a byte address within a segment:

Segment-register:Byte-address
For example, the following segment address identifies the byte at address FF79H in

the segment pointed by the DS register:

DS:FF79H

The following segment address identifies an instruction address in the code segment.
The CS register points to the code segment and the EIP register contains the address
of the instruction.

CS:EIP

1.3.6 Syntax for CPUID, CR, and MSR Values

Obtain feature flags, status, and system information by using the CPUID instruction,
by checking control register bits, and by reading model-specific registers. We are
moving toward a single syntax to represent this type of information. See Figure 1-2.

Vol. 3 1-9

ABOUT THIS MANUAL

6\QWD[5HSUHVHQWDWLRQIRU&38,',QSXWDQG2XWSXW

,QSXWYDOXHIRU($;GHILQHVRXWSXW
127(6RPHOHDYHVUHTXLUHLQSXWYDOXHVIRU
($;DQG(&;,IRQO\RQHYDOXHLVSUHVHQW
($;LVLPSOLHG

)RU&RQWURO5HJLVWHU9DOXHV

&38,'+(&;66(>ELW@ 

2XWSXWUHJLVWHUDQGIHDWXUHIODJRU

ILHOGQDPHZLWKELWSRVLWLRQV

9DOXHRUUDQJHRIRXWSXW

&526);65>ELW@ 

([DPSOH&5QDPH

)HDWXUHIODJRUILHOGQDPH

ZLWKELWSRVLWLRQV

9DOXHRUUDQJHRIRXWSXW

)RU0RGHO6SHFLILF5HJLVWHU9DOXHV

,$B0,6&B(1$%/(6(1$%/()23&2'(>ELW@ 

([DPSOH065QDPH

)HDWXUHIODJRUILHOGQDPHZLWKELWSRVLWLRQV

9DOXHRUUDQJHRIRXWSXW

20

Figure 1-2. Syntax for CPUID, CR, and MSR Data Presentation

1.3.7 Exceptions

An exception is an event that typically occurs when an instruction causes an error.
For example, an attempt to divide by zero gener ates an exception. However, some
exceptions, such as breakpoints, occur under other conditions. Some types of excep
tions may provide error codes. An error code reports additional information about th e
error . An example of the notation used to show an exception and error code is shown
below:

#PF(fault code)

-

1-10 Vol. 3

ABOUT THIS MANUAL

This example refers to a page-fault exception under conditions where an error code
naming a type of fault is reported. Under some conditions, exceptions which produce
error codes may not be able to report an accurate code. In this case, the error code
is zero, as shown below for a general-protection exception:

#GP(0)

1.4 RELATED LITERATURE

Literature related to Intel 64 and IA-32 processors is listed on-line at:

http://developer.intel.com/products/processor/index.htm

Some of the documents listed at this web site can be viewed on-line; others can be
ordered. The literature available is listed by Intel processor and then by the following
literature types: applications notes, data sheets, manuals, papers, and specification
updates.

See also:

• The data sheet for a particular Intel 64 or IA-32 processor

• The specification update for a particular Intel 64 or IA-32 processor

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

• Intel

®

C++ Compiler documentation and online help

http://www.intel.com/cd/software/products/asmo-na/eng/index.htm

®

Fortran Compiler documentation and online help

http://www.intel.com/cd/software/products/asmo-na/eng/index.htm

®

VT une™ P erformance Analyzer documentation and online help

http://www.intel.com/cd/software/products/asmo-na/eng/index.htm

®

64 and IA-32 Architectures Software Developer’s Manual (in five volumes)

http://developer.intel.com/products/processor/manuals/index.htm

®

64 and IA-32 Architectures Optimization Reference Manual

http://developer.intel.com/products/processor/manuals/index.htm

®

Processor Identification with the CPUID Instruction, AP-485

http://www.intel.com/design/processor/applnots/241618.htm

®

64 Architecture Memory Ordering White Paper,

http://developer.intel.com/products/processor/manuals/index.htm

®

64 Architecture x2APIC Specification:

http://developer.intel.com/products/processor/manuals/index.htm

®

Virtualization Technology for Directed I/O, Rev 1.2 specification

http://download.intel.com/technology/computing/vptech/Intel(r)_VT_for_Direct_I
O.pdf

Vol. 3 1-11

ABOUT THIS MANUAL

• Intel

• Intel

®

64 Architecture Processor T opology Enumeration:

http://softwarecommunity.intel.com/articles/eng/3887.htm

®

T rusted E xecution Technology Measured Launched Environment

Programming Guide, http://www.intel.com/technology/security/index.htm

• Developing Multi-threaded Applications: A Platform Consistent Approach

http://cache­www.intel.com/cd/00/00/05/15/51534_developing_multithreaded_applications.pdf

• Using Spin-Loops on Intel Pentium 4 Processor and Intel Xeon Processor MP

http://www3.intel.com/cd/ids/developer/asmo­na/eng/dc/threading/knowledgebase/19083.htm

More relevant links are:

• Software network link:

http://softwarecommunity.intel.com/isn/home/

• Developer centers:

http://www.intel.com/cd/ids/developer/asmo-na/eng/dc/index.htm

• Processor support general link:

http://www.intel.com/support/processors/

• Software products and packages:

http://www.intel.com/cd/software/products/asmo-na/eng/index.htm

• Intel

• Intel

• Intel

®

64 and IA-32 processor manuals (printed or PDF downloads):

http://developer.intel.com/products/processor/manuals/index.htm

®

multi-core technology:

http://developer.intel.com/multi-core/index.htm

®

Hyper- Threading Technology (Intel® HT T echnology):

http://developer.intel.com/technology/hyperthread/

1-12 Vol. 3

CHAPTER 2

SYSTEM ARCHITECTURE OVERVIEW

IA-32 architecture (beginning with the Intel386 processor family) provides extensive
support for operating-system and system-development software. This support offers
multiple modes of operation, which include:

• Real mode, protected mode, virtual 8086 mode, and system management mode.

These are sometimes referred to as legacy modes.

Intel 64 architecture supports almost all the system programming facilities available
in IA-32 architecture and extends them to a new operating mode (IA-32e mode) that
supports a 64-bit programming environment. IA-32e mode allows software to
operate in one of two sub-modes:

• 64-bit mode supports 64-bit OS and 64-bit applications

• Compatibility mode allows most legacy software to run; it co-exists with 64-bit

applications under a 64-bit OS.

The IA-32 system-level architecture and includes features to assist in the following
operations:

• Memory management

• Protection of software modules

• Multitasking

• Exception and interrupt handling

• Multiprocessing

• Cache management

• Hardware resource and power management

• Debugging and performance monitoring

This chapter provides a description of each part of this architecture. It also describes
the system registers that are used to set up and control the processor at the system
level and gives a brief overview of the processor’s system-level (operating system)
instructions.

Many features of the system-level architectural are used only by system program­mers. However, application programmers may need to read this chapter and the
following chapters in order to create a reliable and secure environment for applica­tion programs.

This overview and most subsequent chapters of this book focus on protected-mode
operation of the IA-32 architecture. IA-32e mode operation of the Intel 64 architec
ture, as it differs from protected mode operation, is also described.

All Intel 64 and IA-32 processors enter real-address mode following a power-up or
reset (see

Chapter 9, “Processor Management and Initialization”). Software then

-

Vol. 3 2-1

SYSTEM ARCHITECTURE OVERVIEW

initiates the switch from real-address mode to protected mode. If IA-32e mode oper­ation is desired, software also initiates a switch from protected mode to IA-32e
mode.

2.1 OVERVIEW OF THE SYSTEM-LEVEL ARCHITECTURE

System-level architecture consists of a set of registers, data structures, and instruc­tions designed to support basic system-level operations such as memory manage­ment, interrupt and exception handling, task management, and control of multiple
processors.

Figure 2-1 provides a summary of system registers and data structures that applies
to 32-bit modes. System registers and data structures that apply to IA-32e mode are
shown in

Figure 2-2.

2-2 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

EFLAGS Register

Control Registers

Task Register

Interrupt

Vector

Interrupt Descriptor

Table (IDT)

Interrupt Gate

Task Gate
Trap Gate

IDTR

XCR0 (XFEM)

CR4
CR3
CR2
CR1
CR0

Segment Sel.

TSS Seg. Sel.

Call-Gate

Segment Selector

LDTR

Physical Address
Linear Address

Segment Selector

Register

Global Descriptor

Table (GDT)

Seg. Desc.

TSS Desc.

Seg. Desc.

TSS Desc.

LDT Desc.

GDTR

Local Descriptor

Table (LDT)

Seg. Desc.

Call Gate

Code, Data or
Stack Segment

Task-State

Segment (TSS)

Current
TSS

Task-State
Segment (TSS)

Current
TSS

Current
TSS

Task

Code

Data

Stack

Interrupt Handler

Code

Stack

Task

Code

Data

Stack

Exception Handler

Code

Stack

Protected Procedure

Code

Stack

Linear Address Space

Linear Addr.

0

Figure 2-1. IA-32 System-Level Registers and Data Structures

Page Directory

Pg. Dir. Entry

CR3*

*Physical Address

This page mapping example is for 4-KByte pages
and the normal 32-bit physical address size.

Dir

Linear Address

Table Offset

Page Table

Pg. Tbl. Entry

Page

Physical Addr.

Vol. 3 2-3

SYSTEM ARCHITECTURE OVERVIEW

RFLAGS

Control Register

CR8
CR4
CR3
CR2
CR1
CR0

Task Register

Physical Address
Linear Address

Segment Selector

Register

Global Descriptor

Table (GDT)

Code, Data or Stack
Segment (Base =0)

Task-State
Segment (TSS)

Segment Sel.

Interrupt

Vector

Interrupt Descriptor

Table (IDT)

Interrupt Gate

Interrupt Gate

IDTR

XCR0 (XFEM)

Linear Address Space

Linear Addr.

TR

Trap Gate

Segment Selector

Call-Gate

LDTR

PML4

PML4.

Entry

Seg. Desc.

TSS Desc.
Seg. Desc.
Seg. Desc.

LDT Desc.

GDTR

Local Descriptor

Table (LDT)

Seg. Desc.

Call Gate

Dir. Pointer

PML4

Pg. Dir. Ptr.

Current TSS

IST

Linear Address

Page Dir.

Pg. Dir.

Entry

Interrupt Handler

NULL

Exception Handler

NULL

Protected Procedure

NULL

TableDirectory

Page Table

Offset

Entry

Code

Stack

Interr. Handler

Code

Stack

Code

Stack

Code

Stack

Page

Physical

Addr.Page Tbl

0

CR3*

*Physical Address

This page mapping example is for 4-KByte pages
and 40-bit physical address size.

Figure 2-2. System-Level Registers and Data Structures in IA-32e Mode

2-4 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

2.1.1 Global and Local Descriptor Tables

When operating in protected mode, all memory accesses pass through either the
global descriptor table (GDT) or an optional local descriptor table (LDT) as shown in
Figure 2-1. These tables contain entries called segment descriptors. Segment
descriptors provide the base address of segments well as access rights, type, and
usage information.

Each segment descriptor has an associated segment selector. A segment selector
provides the software that uses it with an index into the GDT or LDT (the offset of its
associated segment descriptor), a global/local flag (determines whether the selector
points to the GDT or the LDT), and access rights information.

T o access a byte in a segment, a segment selector and an offset must be supplied.
The segment selector provides access to the segment descriptor for the segment (in
the GDT or LDT). From the segment descriptor, the processor obtains the base
address of the segment in the linear address space. The offset then provides the
location of the byte relative to the base address. This mechanism can be used to
access any valid code, data, or stack segment, provided the segment is accessible
from the current privilege level (CPL) at which the processor is operating. The CPL is
defined as the protection level of the currently ex ecuting code segme nt.

See Figure 2-1. The solid arrows in the figure indicate a linear address, dashed lines
indicate a segment selector, and the dotted arrows indicate a physical address. For
simplicity , many of the segment selectors are shown as direct pointers to a segment.
However , the actual path from a segment selector to its associated segment is always
through a GDT or LDT .

The linear address of the base of the GDT is contained in the GDT register (GD TR);
the linear address of the LDT is contained in the LDT register (LDTR).

2.1.1.1 Global and Local Descriptor Tables in IA-32e Mode

GDTR and LDTR registers are expanded to 64-bits wide in both IA -32e sub-modes
(64-bit mode and compatibility mode). For more information: see
“Segment Descriptor T ables in IA -32e Mode.”

Global and local descriptor tables are expanded in 64-bit mode to support 64-bit base
addresses, (16-byte LDT descriptors hold a 64-bit base address and various
attributes). In compatibility mode, descriptors are not expanded.

Section 3.5.2,

2.1.2 System Segments, Segment Descriptors, and Gates

Besides code, data, and stack segments that make up the execution environment of
a program or procedure, the architecture defines two system segments: the task­state segment (TSS) and the LDT. The GDT is not considered a segment because it is
not accessed by means of a segment selector and segment descriptor . TSSs and LD Ts
have segment descriptors defined for them.

Vol. 3 2-5

SYSTEM ARCHITECTURE OVERVIEW

The architecture also defines a set of special descriptors called gates (call gates,
interrupt gates, trap gates, and task gates). These pro vide protected gateways to
system procedures and handlers that may operate at a different privilege level than
application programs and most procedures. For example, a CALL to a call gate can
provide access to a procedure in a code segment that is at the same or a numerically
lower privilege level (more privileged) than the current code segment. To access a
procedure through a call gate, the calling procedure1 supplies the selector for the call
gate. The processor then performs an access rights check on the call gate, comparing
the CPL with the privilege level of the call gate and the destination code segment
pointed to by the call gate.

If access to the destination code segment is allowed, the processor gets the segment
selector for the destination code segment and an offset into that code segment from
the call gate. If the call requires a change in privilege level, the processor also
switches to the stack for the targeted privilege level. The segment selector for the
new stack is obtained from the TSS for the currently running task. Gates also facili
tate transitions between 16-bit and 32-bit code segments, and vice versa.

-

2.1.2.1 Gates in IA-32e Mode

In IA-32e mode, the following descriptors are 16-byte descriptors (expanded to allow
a 64-bit base): LDT descriptors, 64-bit TSSs, call gates, interrupt gates, and trap
gates.

Call gates facilitate transitions between 64-bit mode and compatibility mode. Task
gates are not supported in IA-32e mode. On privilege level changes, stack segment
selectors are not read from the TSS. Instead, they are set to NULL.

2.1.3 Task-State Segments and Task Gates

The TSS (see Figure 2-1) defines the state of the execution environment for a task.
It includes the state of general-purpose registers, segment registers, the EFLAGS
register, the EIP register, and segment selectors with stack pointers for three stack
segments (one stack for each privilege level). The TSS also includes the segment
selector for the LDT
structure hierarchy.

All program execution in protected mode happens within the context of a task (called
the current task). The segment selector for the TSS for the current task is stored in
the task register. The simplest method for switching to a task is to make a call or
jump to the new task. Here, the segment selector for the TSS of the new task is given
in the CALL or JMP instruction. In switching tasks, the processor performs the
following actions:

1. Stores the state of the current task in the current TSS.

1. The word “procedure” is commonly used in this document as a general term for a logical unit or
block of code (such as a program, procedure, function, or routine).

2-6 Vol. 3

associated with the task and the base address of the paging-

SYSTEM ARCHITECTURE OVERVIEW

2. Loads the task register with the segment selector for the new task.

3. Accesses the new TSS through a segment descriptor in the GD T.

4. Loads the state of the new task from the new TS S into the general-purpose
registers, the segment registers, the LDTR, control register CR3 (base address of
the paging-structure hierarchy), the EFLAGS register, and the EIP register .

5. Begins execution of the new task.

A task can also be accessed through a task gate. A task gate is similar to a call gate,
except that it provides access (through a segment selector) to a TSS r ather than a
code segment.

2.1.3.1 Task-State Segments in IA-32e Mode

Hardware task switches are not supported in IA-32e mode. However, TSSs continue
to exist. The base address of a TSS is specified by its descriptor.

A 64-bit TSS holds the following information that is important to 64-bit operation:

• Stack pointer addresses for each privilege level

• Pointer addresses for the interrupt stack table

• Offset address of the IO-permission bitmap (from the TSS base)

The task register is expanded to hold 64-bit base addresses in IA-32e mode. See
also: Section 7.7, “Task Management in 64-bit Mode. ”

2.1.4 Interrupt and Exception Handling

External interrupts, software interrupts and exceptions are handled through the
interrupt descriptor table (IDT). The ID T stores a collection of gate descriptors that
provide access to interrupt and exception handlers. Like the GDT, the IDT is not a
segment. The linear address for the base of the IDT is contained in the IDT register
(IDTR).

Gate descriptors in the IDT can be interrupt, trap, or task gate descriptors. To access
an interrupt or exception handler, the processor first receives an interrupt vector
(interrupt number) from internal hardware, an external interrupt controller, or from
software by means of an INT, INTO, INT 3, or BOUND instruction. The interrupt
vector provides an index into the IDT. If the selected gate descriptor is an interrupt
gate or a trap gate, the associated handler procedure is accessed in a manner similar
to calling a procedure through a call gate. If the descriptor is a task gate, the handler
is accessed through a task switch.

2.1.4.1 Interrupt and Exception Handling IA-32e Mode

In IA-32e mode, interrupt descriptors are expanded to 16 bytes to support 64-bit
base addresses. This is true for 64-bit mode and compatibility mode.

Vol. 3 2-7

SYSTEM ARCHITECTURE OVERVIEW

The IDTR register is expanded to hold a 64-bit base address. Task gates are not
supported.

2.1.5 Memory Management

System architecture supports either direct physical addressing of memory or virtual
memory (through paging). When physical addressing is used, a linear address is
treated as a physical address. When paging is used: all code, data, stack, and system
segments (including the GDT
accessed pages being held in physical memory.

The location of pages (sometimes called page frames) in physical memory is
contained in the paging structures. These structures reside in physical memory (see
Figure 2-1 for the case of 32-bit paging).

The base physical address of the paging-structure hierarchy is contained in control
register CR3. The entries in the paging structures determine the physical address of
the base of a page frame, access rights and memory management information.

T o use this paging mechanism, a linear address is broken into parts. The parts
provide separate offsets into the paging structures and the page frame. A system can
have a single hierarchy of paging structures or several. For example, each task can
have its own hierarchy.

and IDT) can be paged with only the most recently

2.1.5.1 Memory Management in IA-32e Mode

In IA-32e mode, physical memory pages are managed by a set of system data struc­tures. In compatibility mode and 64-bit mode, four levels of system data structures
are used. These include:

• The page map level 4 (PML4) — An entry in a PML4 table contains the physical

address of the base of a page directory pointer table, access rights, and memory
management information. The base physical address of the PML4 is stored in
CR3.

• A set of page directory pointer tables — An entry in a page directory pointer

table contains the physical address of the base of a page directory table, access
rights, and memory management information.

• Sets of page directories — An entry in a page directory table contains the

physical address of the base of a page table, access rights, and memory
management information.

• Sets of page tables — An entry in a page table contains the physical address of

a page frame, access rights, and memory management information.

2-8 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

2.1.6 System Registers

T o assist in initializing the processor and controlling system operations, the system
architecture provides system flags in the EFLAGS register and several system
registers:

• The system flags and IOPL field in the EFLAGS register control task and mode

switching, interrupt handling, instruction tracing, and access rights. See also:
Section 2.3, “System Flags and Fields in the EFLAGS Register.”

• The control registers (CR0, CR2, CR3, and CR4) contain a variety of flags and

data fields for controlling system-level operations. Other flags in these registers
are used to indicate support for specific processor capabilities within the
operating system or ex ecutive . See also:

Section 2.5, “Control Registers. ”

• The debug registers (not shown in Figure 2-1) allow the setting of breakpoints for

use in debugging programs and systems software. See also: Chapter 16,
“Debugging, Profiling Branches and Time-Stamp Counter.”

• The GDTR, LDTR, and IDTR registers contain the linear addresses and sizes

(limits) of their respective tables. See also: Section 2.4, “Memory-Management
Registers. ”

• The task register contains the linear address and size of the TSS for the current

task. See also:

Section 2.4, “Memory-Management Registers.”

• Model-specific registers (not shown in Figure 2-1).

The model-specific registers (MSRs) are a group of registers available primarily to
operating-system or executive procedures (that is, code running at privilege leve l 0).
These registers control items such as the debug extensions, the performance-moni
toring counters, the machine- check architecture, and the memory type ranges
(MTRRs).

The number and function of these registers varies among diff erent members of the
Intel 64 and IA-32 processor families. See also:
ters (MSRs), ” and Appendix B , “Model-Specific Registers (MSRs).”

Most systems restrict access to system registers (other than the EFLAGS register) by
application programs. Systems can be designed, however, where all programs and
procedures run at the most privileged level (privilege level 0). In such a case, appli­cation programs would be allowed to modify the system registers.

Section 9.4, “Model-Specific Regis-

-

2.1.6.1 System Registers in IA-32e Mode

In IA-32e mode, the four system-descriptor-table registers (GDTR, IDTR, LDTR, and
TR) are expanded in hardware to hold 64-bit base addresses. EFLAGS becomes the
64-bit RFLAGS register. CR0-CR4 are expanded to 64 bits. CR8 becomes available.
CR8 provides read-write access to the task priority register (TPR) so that the oper
ating system can control the priority classes of external interrupts.

In 64-bit mode, debug registers DR0–DR7 are 64 bits. In compatibility mode,
address-matching in DR0-DR3 is also done at 64-bit granularity .

-

Vol. 3 2-9

SYSTEM ARCHITECTURE OVERVIEW

On systems that support IA-32e mode, the extended feature enable register
(IA32_EFER) is available. This model-specific register controls activation of IA-32e
mode and other IA-32e mode operations. In addition, there are several model­specific registers that govern IA-32e mode instructions:

• IA32_KernelGSbase — Used by SWAPGS instruction.

• IA32_LSTAR — Used by SYSCALL instruction.

• IA32_SYSCALL_FLAG_MASK — Used by SYSCALL instruction.

• IA32_STAR_CS — Used by SYSCALL and SYSR ET instruction.

2.1.7 Other System Resources

Besides the system registers and data structures described in the previous sections,
system architecture provides the following additional resources:

• Operating system instructions (see also: Section 2.7, “System Instruction

Summary”).

• Performance-monitoring counters (not shown in Figure 2-1).

• Internal caches and buffers (not shown in Figure 2-1).

Performance-monitoring counters are event counters that can be programmed to
count processor events such as the number of instructions decoded, the number of
interrupts received, or the number of cache loads. See also:
tion to Virtual-Machine Extensions. ”

The processor provides several internal caches and buffers. The caches are used to
store both data and instructions. The buffers are used to store things like decoded
addresses to system and application segments and write operations waiting to be
performed. See also:

Chapter 11, “Memory Cache Control.”

Section 20, “Introduc-

2.2 MODES OF OPERATION

The IA-32 supports three operating modes and one quasi-operating mode:

• Protected mode — This is the native operating mode of the processor . It

provides a rich set of architectural features, flexibility , high performance and
backward compatibility to existing software base.

• Real-address mode — This operating mode provides the programming

environment of the Intel 8086 processor, with a few extensions (such as the
ability to switch to protected or system management mode).

• System management mode (SMM) — SMM is a standard architectural feature

in all IA-32 processors, beginning with the Intel386 SL processor . This mode
provides an operating system or executive with a tr ansparent mechanism for
implementing power management and OEM differentiation features. SMM is
entered through activation of an external system interrupt pin (SMI#), which
generates a system management interrupt (SMI). In SMM, the processor
switches to a separate address space while saving the context of the currently

2-10 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

running program or task. SMM-specific code may then be ex ecuted transparently .
Upon returning from SMM, the processor is placed back into its state prior to the
SMI.

• Virtual-8086 mode — In protected mode, the processor supports a quasi-

operating mode known as virtual-8086 mode. This mode allows the processor
execute 8086 software in a protected, multitasking environment.

Intel 64 architecture supports all operating modes of IA-32 architecture and IA-32e
modes:

• IA-32e mode — In IA-32e mode, the processor supports two sub-modes:

compatibility mode and 64-bit mode. 64-bit mode provides 64-bit linear
addressing and support for physical address space larger than 64 GBytes.
Compatibility mode allows most legacy protected-mode applications to run
unchanged.

Figure 2-3 shows how the processor moves between operating modes.

SMI#

System

Reset

Real-Address

Reset or

PE=0

Protected Mode

Mode

PE=1

Reset

or

RSM

SMI#

RSM

Management

VM=1VM=0

Virtual-8086

Mode

LME=1, CR0.PG=1*

See**

SMI#

RSM

IA-32e

Mode

SMI#

RSM

Mode

* See Section 9.8.5

** See Section 9.8.5.4

Figure 2-3. Transitions Among the Processor’s Operating Modes

The processor is placed in real-address mode following power-up or a reset. The PE
flag in control register CR0 then controls whether the processor is operating in real­address or protected mode. See also:

4.1.2, “Paging-Mode Enabling. ”

Section 9.9, “Mode Switching.” and Section

Vol. 3 2-11

SYSTEM ARCHITECTURE OVERVIEW

The VM flag in the EFLAGS register determines whether the processor is operating in
protected mode or virtual-8086 mode. Tr ansitions between protected mode and
virtual-8086 mode are generally carried out as part of a task switch or a return from
an interrupt or exception handler. See also:
Mode.”

The LMA bit (IA32_EFER.LMA .LMA[bit 10 ]) determin es whether the processor is
operating in IA-32e mode. When running in IA-32e mode, 64-bit or compatibility
sub-mode operation is determined by CS.L bit of the code segment. The processor
enters into IA-32e mode from protected mode by enabling paging and setting the
LME bit (IA32_EFER.LME[bit 8]). See also:
Initialization.”

The processor switches to SMM whenever it receives an SMI while the processor is in
real-address, protected, virtual-8086, or IA-32e modes. Upon execution of the RSM
instruction, the processor always returns to the mode it was in when the SMI
occurred.

Section 17.2.5, “Entering Virtual-8086

Chapter 9, “Processor Management and

2.3 SYSTEM FLAGS AND FIELDS IN THE EFLAGS REGISTER

The system flags and IOPL field of the EFLAGS register control I/O, maskable hard­ware interrupts, debugging, task switching, and the virtual-8086 mode (see
Figure 2-4). Only privileged code (typically operating system or executive code)
should be allowed to modify these bits.

The system flags and IOPL are:
TF Trap (bit 8) — Set to enable single-step mode for debugging; clear to

disable single-step mode. In single-step mode, the processor generates a
debug exception after each instruction. This allows the execution state of a
program to be inspected after each instruction. If an application program
sets the TF flag using a POPF, POPFD, or IRET instruction, a debug exception
is generated after the instruction that follows the POPF, POPFD, or IRET .

2-12 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

31

Reserved (set to 0)

21 20 191817 16

22

V

V

I

I

I

D

P

F

A
C

V

M

151314 12

N

R

0

T

F

I

O

P
L

11 10

9876543

O

DFIFTFSFZ

F

1

0

2

P

A

F

F

C

1

00

F

F

ID — Identification Flag

VIP — Virtual Interrupt Pending

VIF — Virtual Interrupt Flag

AC — Alignment Check

VM — Virtual-8086 Mode
RF — Resume Flag
NT — Nested Task Flag
IOPL— I/O Privilege Level
IF — Interrupt Enable Flag
TF — Trap Flag

Reserved

Figure 2-4. System Flags in the EFLAGS Register

IF Interrupt enable (bit 9) — Controls the response of the processor to

maskable hardware interrupt requests (see also: Section 6.3.2, “Maskable
Hardware Interrupts”). The flag is set to respond to maskable hardware
interrupts; cleared to inhibit maskable hardware interrupts. The IF flag does
not affect the generation of exceptions or nonmaskable interrupts (NMI
interrupts). The CPL, IOPL, and the state of the VME flag in control register
CR4 determine whether the IF flag can be modified by the CLI, STI, POPF,
POPFD, and IRET.

IOPL I/O privilege level field (bits 12 and 13) — Indicates the I/O privilege

level (IOPL) of the currently running program or task. The CPL of the
currently running program or task must be less than or equal to the IOPL to
access the I/O address space. This field can only be mod ified by the POPF
and IRET instructions when operating at a CPL of 0.

The IOPL is also one of the mechanisms that controls the modification of the
IF flag and the handling of interrupts in virtual-8086 mode when virtual
mode extensions are in effect (when CR4.VME = 1). See also:
“Input/Output,” in the Intel® 64 and IA-32 Architectures Software Devel-
oper’s Manual, Volume 1.

NT Nested task (bit 14) — Controls the chaining of interrupted and called

tasks. The processor sets this flag on calls to a task initiated with a CALL
instruction, an interrupt, or an exception. It examines and modifies this flag
on returns from a task initiated with the IRET instruction. The flag can be
explicitly set or cleared with the POPF/POPFD instructions; however,

Chapter 13,

Vol. 3 2-13

SYSTEM ARCHITECTURE OVERVIEW

changing to the state of this flag can generate unexpected exceptions in
application programs.

See also: Section 7.4, “T ask Linking.”

RF Resume (bit 16) — Controls the processor’s response to instruction-break-

point conditions. When set, this flag temporarily disables debug exceptions
(#DB ) f r o m b e i n g generated for instruction breakpoints (although other
exception conditions can cause an exception to be generated). Wh en cl ear,
instruction breakpoints will generate debug exceptions.

The primary function of the RF flag is to allow the restarting of an instruction
following a debug exception that was caused by an instruction breakpoint
condition. Here, debug software must set this flag in the EFLAGS image on
the stack just prior to returning to the interrupted program with IRETD (to
prevent the instruction breakpoint from causing another debug exception).
The processor then automatically clears this flag after the instruction
returned to has been successfully executed, enabling instruction breakpoint
faults again.

See also: Section 16.3.1.1, “Instruction-Breakpoint Exception Condition.”

VM Virtual-8086 mode (bit 17) — Set to enable virtual-8086 mode; clear to

return to protected mode.
See also: Section 17.2.1, “Enabling Virtual-8086 Mode. ”

AC Alignment check (bit 18) — Set this flag and the AM flag in control register

CR0 to enable alignment checking of memory references; clear the AC flag
and/or the AM flag to disable alignment checking. An alignment-check
exception is generated when reference is made to an unaligned operand,
such as a word at an odd byte address or a doubleword at an address which
is not an integral multiple of four . Alignment-check exceptions are gener ated
only in user mode (privilege level 3). Memory references that default to priv
ilege level 0, such as segment descriptor loads, do not generate this excep­tion even when caused by instructions executed in user-mode.

The alignment-check exception can be used to check alignment of data. This
is useful when exchanging data with processors which require all data to be
aligned. The alignment-check exception can also be used by interpreters to
flag some pointers as special by misaligning the pointer. This eliminates
overhead of checking each pointer and only handles the special pointer when
used.

VIF Virtual Interrupt (bit 19 ) — Contains a virtual image of the IF flag. This

flag is used in conjunction with the VIP flag. The processor only recognizes
the VIF flag when either the VME flag or the PVI flag in control register CR4 is
set and the IOPL is less than 3. (The VME flag enables the virtual-8086 mode
extensions; the PVI flag enables the protected-mode virtual interrupts.)

See also: Section 17.3.3.5, “Method 6: Software Interrupt Handling, ” and
Section 17.4, “Protected-Mode Virtual Interrupts.”

-

2-14 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

VIP Virtual interrupt pending (bit 20) — Set by software to indicate that an

interrupt is pending; cleared to indicate that no interrupt is pending. This flag
is used in conjunction with the VIF flag. The processor reads this flag but
never modifies it. The processor only re cognizes the VIP flag when either the
VME flag or the PVI flag in control register CR4 is set and the IOPL is less than

3. The VME flag enables the virtual-8086 mode extensions; the PVI flag
enables the protected-mode virtual interrupts.

See Section 17.3.3.5, “Method 6: Software Interrupt Handling, ” and Section

17.4, “Protected-Mode Virtual Interrupts.”

ID Identification (bit 21). — The ability of a program or procedure to set or

clear this flag indicates support for the CPUID instruction.

2.3.1 System Flags and Fields in IA-32e Mode

In 64-bit mode, the RFLAGS register expands to 64 bits with the upper 32 bits
reserved. System flags in RFLAGS (64-bit mode) or EFLAGS (compatibility mode)
are shown in

In IA-32e mode, the processor does not allow the VM bit to be set because virtual­8086 mode is not supported (attempts to set the bit are ignored). Also, the processor
will not set the NT bit. The processor does, however, allow software to set the NT bit
(note that an IRET causes a general protection fault in IA-32e mode if the NT bit is
set).

In IA-32e mode, the SYSCALL/SYSRET instructions have a programmable method of
specifying which bits are cleared in RFLAGS/EFLAGS. These instructions save/restore
EFLAGS/RFLAGS.

Figure 2-4.

2.4 MEMORY-MANAGEMENT REGISTERS

The processor provides four memory-management registers (GDTR, LDTR, ID TR,
and TR) that specify the locations of the data structures which control segmented
memory management (see Figure 2-5). Special instructions are provided for loading
and storing these registers.

Vol. 3 2-15

SYSTEM ARCHITECTURE OVERVIEW

GDTR

IDTR

Task

Register

LDTR

47(79)

32(64)-bit Linear Base Address
32(64)-bit Linear Base Address

System Segment

Registers

15

Seg. Sel.
Seg. Sel.

System Table Registers

Segment Descriptor Registers (Automatically Loaded)

0

1516

16-Bit Table Limit

16-Bit Table Limit

32(64)-bit Linear Base Address
32(64)-bit Linear Base Address

0

Attributes

Segment Limit

Segment Limit

Figure 2-5. Memory Management Registers

2.4.1 Global Descriptor Table Register (GDTR)

The GDTR register holds the base address (32 bits in protected mode; 64 bits in
IA-32e mode) and the 16-bit table limit for the GDT . The base address specifies the
linear address of byte 0 of the GDT ; the table limit specifies the number of bytes in
the table.

The LGDT and SGDT instructions load and store the GDTR register, respectively . On
power up or reset of the processor, the base address is set to the default value of 0
and the limit is set to 0FFFFH. A new base address must be loaded into the GDTR as
part of the processor initialization process for protected-mode operation.

See also: Section 3.5.1, “Segment Descriptor Tables.”

2.4.2 Local Descriptor Table Register (LDTR)

The LDTR register holds the 16-bit segment selector, base address (32 bits in
protected mode; 64 bits in IA-32e mode), segment limit, and descriptor attributes
for the LDT. The base address specifies the linear address of byte 0 of the LDT
segment; the segment limit specifies the number of bytes in the segment. See also:
Section 3.5.1, “Segment Descriptor T ables.”

The LLDT and SLDT instructions load and store the segment selector part of the LDTR
register, respectively. The segment that contains the LDT must have a segment
descriptor in the GDT. When the LLDT instruction loads a segment selector in the
LDTR: the base address, limit, and descriptor attributes from the LDT descriptor are
automatically loaded in the LDTR.

When a task switch occurs, the LDTR is automatically loaded with the segment
selector and descriptor for the LDT for the new task. The contents of the LDTR are not
automatically saved prior to writing the new LDT information into the register.

On power up or reset of the processor , the segment selector and base address are set
to the default value of 0 and the limit is set to 0FFFFH.

2-16 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

2.4.3 IDTR Interrupt Descriptor Table Register

The IDTR register holds the base address (32 bits in protected mode; 64 bits in
IA-32e mode) and 16-bit table limit for the IDT . The base address specifies the linear
address of byte 0 of the IDT ; the table limit specifies the number of bytes in the table.
The LIDT and SIDT instructions load and store the IDTR register, respectively . On
power up or reset of the processor, the base address is set to the default value of 0
and the limit is set to 0FFFFH. The base address and limit in the register can then be
changed as part of the processor initialization process.

See also: Section 6.10, “Interrupt Descriptor Table (ID T).”

2.4.4 Task Register (TR)

The task register holds the 16-bit segment selector, base address (32 bits in
protected mode; 64 bits in IA-32e mode), segment limit, and descriptor attributes
for the TSS of the current task. The selector references the TSS descriptor in the GDT .
The base address specifies the linear address of byte 0 of the TSS; the segment limit
specifies the number of bytes in the TSS. See also:

The L TR and STR instructions load and store the segment selector part of the task
register, respectively . When the LTR instruction loads a segment selector in the task
register, the base address, limit, and descriptor attributes from the TSS descriptor
are automatically loaded into the task register . On power up or reset of the processor,
the base address is set to the default value of 0 and the limit is set to 0FFFFH.

When a task switch occurs, the task register is automatically loaded with the
segment selector and descriptor for the TSS for the new task. The contents of the
task register are not automatically saved prior to writing the new TSS information
into the register.

Section 7.2.4, “Task Register.”

2.5 CONTROL REGISTERS

Control registers (CR0, CR1, CR2, CR3, and CR4; see Figure 2-6) determine oper­ating mode of the processor and the characteristics of the currently executing task.
These registers are 32 bits in all 32-bit modes and compatibility mode.

In 64-bit mode, control registers are expanded to 64 bits. The MOV CRn instructions
are used to manipulate the register bits. Operand-size prefixes fo r these instructions
are ignored. The following is also true:

• Bits 63:32 of CR0 and CR4 are reserved and must be written with zeros. Writing

a nonzero value to any of the upper 32 bits results in a general-protection
exception, #GP(0).

• All 64 bits of CR2 are writable by software.

• Bits 51:40 of CR3 are reserved and must be 0.

Vol. 3 2-17

SYSTEM ARCHITECTURE OVERVIEW

• The MOV CRn instructions do not check that addresses written to CR2 and CR3

are within the linear-address or physical-address limitations of the implemen­tation.

• Register CR8 is available in 64-bit mode only .

The control registers are summarized below, and each architecturally defined control
field in these control registers are described individually . In Figure 2-6, the width of
the register in 64-bit mode is indicated in parenthesis (except for CR0).

• CR0 — Contains system control flags that control operating mode and states of

the processor.

• CR1 — Reserved.

• CR2 — Contains the page-fault linear address (the linear address that caused a

page fault).

• CR3 — Contains the physical address of the base of the paging-structure

hierarchy and two flags (PCD and PWT). Only the most-significant bits (less the
lower 12 bits) of the base address are specified; the lower 12 bits of the address
are assumed to be 0. The first paging structure must thus be aligned to a page
(4-KByte) boundary . The PCD and PWT flags control caching of that paging
structure in the processor’s internal data caches (they do not control TLB caching
of page-directory information).

When using the physical address extension, the CR3 register contains the base
address of the page-directory-pointer table In IA-32e mode, the CR3 register
contains the base address of the PML4 table.

See also: Chapter 4, “Paging. ”

• CR4 — Contains a group of flags that enable several architectur al extensions,

and indicate operating system or executive support for specific processor capabil­ities. The control registers can be read and loaded (or modified) using the move­to-or-from-control-registers forms of the MOV instruction. In protected mode,
the MOV instructions allow the control registers to be read or loaded (at privilege
level 0 only). This restriction means that application programs or operating­system procedures (running at privilege levels 1, 2, or 3) are prevented from
reading or loading the control registers.

• CR8 — Provides read and write access to the Task Priority Register (TPR). It

specifies the priority threshold value that operating systems use to control the
priority class of external interrupts allowed to interrupt the processor. This
register is available only in 64-bit mode. However, interrupt filtering continues to
apply in compatibility mode.

2-18 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

31(63)

Reserved (set to 0)

31(63)

31(63)

31(63)

312930 28

P

N

C

G

W

D

Reserved

18

OSXSAVE

OSXMMEXCPT

Page-Directory Base

Page-Fault Linear Address

19

18

A
M

Figure 2-6. Control Registers

OSFXSR

17

16

W

P

13 12 11 10

14

S

V

M

M
X

X
E

E

15

P

P

M

C

G

E

E

543210

T

P

P

D

S

A

S

C

E

D

E

E

E

543

2

P

P

C

W

T

D

P
V

I

V

M

E

0

CR4

CR3
(PDBR)

9876

00

12

11

CR2

0

CR1

543

6

N
E

1

0

2

E

P

M

T

E

S

T

CR0

M

E

P

When loading a control register, reserved bits should always be set to the values
previously read. The flags in control registers are:

PG Paging (bit 31 of CR0) — Enables paging when set; disables paging when

clear. When paging is disabled, all linear addresses are treated as physical
addresses. The PG flag has no effect if the PE flag (bit 0 of register CR0) is
not also set; setting the PG flag when the PE flag is clear causes a general­protection exception (#GP). See also:

Chapter 4, “Paging.”

On Intel 64 processors, enabling and disabling IA-32e mode operation also
requires modifying CR0.PG.

CD Cache Disable (bit 30 of CR0) — When the CD and NW flags are clear,

caching of memory locations for the whole of physical memory in the
processor’s internal (and external) caches is enabled. When the CD flag is
set, caching is restricted as described in

T able 11-5. T o prevent the processor
from accessing and updating its caches, the CD flag must be set and the
caches must be invalidated so that no cache hits can occur.

Vol. 3 2-19

SYSTEM ARCHITECTURE OVERVIEW

See also: Section 11.5.3, “Preventing Caching,” and Section 11.5, “Cache
Control.”

NW Not Write-through (bit 29 of CR0) — When the NW and CD flags are

clear, write-back (for Pentium 4, Intel Xeon, P6 family, and Pentium proces­sors) or write-through (for Intel486 processors) is enabled for writes that hit
the cache and invalidation cycles are enabled. See

Table 11-5 for detailed
information about the affect of the NW flag on caching for other settings of
the CD and NW flags.

AM Alignment Mask (bit 18 of CR0) — Enables automatic alignment checking

when set; disables alignment checking when clear. Alignment checking is
performed only when the AM flag is set, the AC flag in the EFLAGS register is
set, CPL is 3, and the processor is operating in either protected or virtual­8086 mode.

WP Write Protect (bit 16 of CR0) — When set, inhibits supervisor-level proce-

dures from writing into read-only pages; when clear, allows supervisor-level
procedures to write into read-only pages (regardless of the U/S bit setting;
see Section 4.1.3 and Section 4.6). This flag facilitates implementation of the
copy-on-write method of creating a new process (forking) used by oper ating
systems such as UNIX.

NE Numeric Error (bit 5 of CR0) — Enables the native (internal) mechanism

for reporting x87 FPU errors when set; enables the PC-style x87 FPU error
reporting mechanism when clear. When the NE flag is clear and the IGNNE#
input is asserted, x87 FPU errors are ignored. When the NE flag is clear and
the IGNNE# input is deasserted, an unmasked x87 FPU error causes the
processor to assert the FERR# pin to generate an external interrupt and to
stop instruction execution immediately before executing the next waiting
floating-point instruction or WAIT/FWAIT instruction.

The FERR# pin is intended to drive an input to an external interrupt
controller (the FERR# pin emulates the ERROR# pin of the Intel 287 and

387 DX math coprocessors). The NE flag, IGNNE# pin, and FERR# pin

Intel
are used with external logic to implement PC-style error reporting. Using
FERR# and IGNNE# to handle floating-point exceptions is deprecated by
modern operating systems; this non-native approach also limits newer
processors to operate with one logical processor active.

See also: “Software Exception Handling” in Chapter 8, “Programming with
the x87 FPU,” and Appendix A, “EFLAGS Cross-Reference,” in the Intel® 64
and IA-32 Architectures Software Developer’s Manual, Volume 1.

ET Extension Type (bit 4 of CR0) — Reserv ed in the Pentium 4, Intel Xeon, P6

family , and P entium processors. In the Pentium 4, Intel X eon, and P6 family
processors, this flag is hardcoded to 1. In the Intel386 and Intel486 proces
sors, this flag indicates support of Intel 387 DX math coprocessor instruc­tions when set.

TS Task Switched (bit 3 of CR0) — Allows the saving of the x87

FPU/MMX/SSE/SSE2/SSE3/SSSE3/S SE4 context on a task switch to be

-

2-20 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

delayed until an x87 FPU/MMX/SSE/SSE2/SSE3/SSSE3/S SE4 instruction is
actually executed by the new task. The processor sets this flag on every task
switch and tests it when executing x87
FPU/MMX/SSE/SSE2/SSE3/SSSE3/SSE4 instructions.

• If the TS flag is set and the EM flag (bit 2 of CR0) is clear, a device-not-

available exception (#NM) is raised prior to the execution of any x87
FPU/MMX/SSE/ SSE2/SSE3/SSSE3/SSE4 instruction; with the exception
of PAUSE, PREFETCHh, SFENCE, LFENCE, MFENCE, MOVNTI, CLFLUSH,
CRC32, and POPCNT . See the paragr aph below for the special case of the
WAIT/FWAIT instructions.

• If the TS flag is set and the MP flag (bit 1 of CR0) and EM flag are clear , an

#NM exception is not raised prior to the execution of an x87 FPU
WAIT/FWAIT instruction.

• If the EM flag is set, the setting of the TS flag has no affect on the

execution of x87 FPU/MMX/SSE/SSE2/SSE3/SSSE3/SSE4 instructions.

Table 2-1 shows the actions taken when the processor encounters an x87
FPU instruction based on the settings of the TS, EM, and MP flags. T able 12-1
and 13-1 show the actions taken when the processor encounters an
MMX/SSE/SSE2/SSE3/SSSE3/SSE4 instruction.

The processor does not automatically save the context of the x87 FPU, XMM,
and MXCSR registers on a task switch. Instead, it sets the TS flag, which
causes the processor to raise an #NM exception whenever it encounters an
x87 FPU/MMX/SSE /SSE2/SSE3/SSSE3/SSE4 instruction in the instruction
stream for the new task (with the exception of the instructions listed above).

The fault handler for the #NM exception can then be used to clear the TS flag (with
the CL TS instruction) and save the context of the x87 FPU, XMM, and MXCSR regis­ters. If the task never encounters an x87 FPU/MMX/SSE/SSE2/SSE3//SSSE3/SSE4
instruction; the x87 FPU/MMX/SSE/SSE2/ SSE3/SSSE3/SSE4 context is never saved.

Table 2-1. Action Taken By x87 FPU Instructions for Different

Combinations of EM, MP, and TS

CR0 Flags x87 FPU Instruction Type

EM MP TS Floating-Point WAIT/FWAIT

0 0 0 Execute Execute.

0 0 1 #NM Exception Execute.

0 1 0 Execute Execute.

0 1 1 #NM Exception #NM exception.

1 0 0 #NM Exception Execute.

1 0 1 #NM Exception Execute.

1 1 0 #NM Exception Execute.

Vol. 3 2-21

SYSTEM ARCHITECTURE OVERVIEW

Table 2-1. Action Taken By x87 FPU Instructions for Different

Combinations of EM, MP, and TS

CR0 Flags x87 FPU Instruction Type

1 1 1 #NM Exception #NM exception.

EM Emulation (b it 2 of CR0) — Indicates that the processor does not have an

internal or external x87 FPU when set; indicates an x87 FPU is present wh en
clear. This flag also affects the execution of
MMX/SSE/SSE2/SSE3/SSSE3/SSE4 instructions.

When the EM flag is set, execution of an x87 FPU inst ruction generate s a
device-not-available exception (#NM). This flag must be set when the
processor does not have an internal x87 FPU or is not connected to an
external math coprocessor. Setting this flag forces all floating-po int instruc
tions to be handled by software emulation. Table 9-2 shows the recom­mended setting of this flag, depending on the IA-32 processor and x87 FPU
or math coprocessor present in the system.
of the EM, MP, and TS flags.

Also, when the EM flag is set, execution of an MMX instruction causes an
invalid-opcode exception (#UD) to be generated (see Table 12-1). Thus, if an
IA-32 or Intel 64 processor incorporates MMX technology , the EM flag must
be set to 0 to enable execution of MMX instructions.

Similarly for SSE/SSE2/SSE3/SSSE3/SSE4 extensions, when the EM flag is
set, execution of most SSE/SSE2/SSE3/SSSE3/S SE4 instructions causes an
invalid opcode exception (#UD) to be generated (see
or Intel 64 processor incorporates the SSE/SSE2/SSE3/SSSE3/SSE4 exten­sions, the EM flag must be set to 0 to enable execution of these extensions.
SSE/SSE2/SSE3/SSSE3/SSE4 instructions not affected by the EM flag
include: PAUSE, PREFETCHh, S FENCE, LFENCE, MFENCE, MOVNTI, CLFLUSH,
CRC32, and POPCNT.

MP Monitor Coprocessor (bit 1 of CR0). — Controls the interaction of the

WAIT (or FWAIT) instruction with the TS flag (bit 3 of CR0). If the MP flag is
set, a WAIT instruction generates a device-not-available exception (#NM) if
the TS flag is also set. If th e MP flag is clear, the WAIT instruction ignores the
setting of the TS flag.
depending on the IA-32 processor and x87 FPU or math coproce ssor present
in the system.

PE Protection Enable (bit 0 of CR0) — Enables protected mode when set;

enables real-address mode when clear. This flag does not enable paging
directly . It only enables segment-level protection. T o enable paging, both the
PE and PG flags must be set.

See also: Section 9.9, “Mode Switching. ”

PCD Page-level Cache Disable (bit 4 of CR3) — Controls caching of the first

paging structure of the current paging-structure hierarchy . When the PCD

Table 2-1 shows the interaction of the MP , EM, and T S flags.

Table 9-2 shows the recommended setting of this flag,

Table 2-1 shows the interaction

Table 13-1). If an IA-32

-

2-22 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

flag is set, caching of the page-directory is prevented; when the flag is clear,
the page-directory can be cached. This flag affects only the processor’s
internal caches (both L1 and L2, when present). The processor ignores this
flag if paging is not used (the PG flag in register CR0 is clear) or the CD
(cache disable) flag in CR0 is set.

See also: Chapter 11, “Memory Cache Control” (for more about the use of
the PCD flag) and Section 4.9, “Paging and Memory T yping” (for a discussion
of a companion PCD flag in page-directory and page-table entries).

PWT Page-level Write-Through (bit 3 of CR3) — Controls the write-through or

write-back caching policy of the first paging structure of the current paging­structure hierarchy. When the PWT flag is set, write-through caching is
enabled; when the flag is clear, write-back caching is enabled. This flag
affects only internal caches (both L1 and L2, when present). The processor
ignores this flag if paging is not used (the PG flag in register CR0 is clear) or
the CD (cache disable) flag in CR0 is set.

See also: Section 11.5, “Cache Control” (for more information about the use
of this flag), and Section 4.9, “Paging and Memory T yping” (for a discussion
of a companion PCD flag in the page-directory and page-table entries).

VME Virtual-8086 Mode Extensions (bit 0 of CR4) — Enables interrupt- and

exception-handling extensions in virtual-8086 mode when set; disables the
extensions when clear. Use of the virtual mode extensions can improve the
performance of virtual-8086 applications by eliminating the overhead of
calling the virtual-8086 monitor to handle interrupts and exceptions that
occur while executing an 8086 program and, instead, redirecting the inter

­rupts and exceptions back to the 8086 program’s handlers. It also provides
hardware support for a virtual interrupt flag (VIF) to improve reliability of
running 8086 programs in multitasking and multiple-pro cessor environ

-

ments.
See also: Section 17.3, “Interrupt and Exception Handling in Virtual-8086

Mode.”

PVI Protected-Mode Virtual Interrupts (bit 1 of CR4 ) — Enables hardware

support for a virtual interrupt flag (VIF) in protected mode when set; disables
the VIF flag in protected mode when clear .

See also: Section 17.4, “Protected-Mode Virtual Interrupts.”

TSD Time Stamp Disable (bit 2 of CR4) — Restricts the execution of the

RDTSC instruction (including RDTSCP instruction if
CPUID.80000001H:EDX[27] = 1) to procedures running at privilege level 0
when set; allows RDTSC instruction (including RDTSCP instruction if
CPUID.80000001H:EDX[27] = 1) to be executed at any privilege level when
clear.

DE Debugging Extensions (bit 3 of CR4) — References to debug registers

DR4 and DR5 cause an undefined opcode (#UD) exception to be generated

Vol. 3 2-23

SYSTEM ARCHITECTURE OVERVIEW

when set; when clear , processor aliases references to registers DR4 and DR5
for compatibility with software written to run on earlier IA-32 processors.

See also: Section 16.2.2, “Debug Registers DR4 and DR5.”

PSE Page Size Extensions (bit 4 of CR4) — Enables 4-MByte pages with 32-bit

paging when set; restricts 32-bit paging to pages to 4 KBytes when clear .

See also: Section 4.3, “32-Bit Paging. ”

PAE Physical Address Extension (bit 5 of CR4) — When set, enables paging

to produce physical addresses with more than 32 bits. When clear, restricts
physical addresses to 32 bits. PAE must be set before entering IA-32e mode.

See also: Chapter 4, “Paging.”

MCE Machine-Check Enable (bit 6 of CR4) — Enables the machine-check

exception when set; disables the machine-check exception when clear.

See also: Chapter 15, “Machine-Check Architecture.”

PGE Page Global Enable (bit 7 of CR4) — (Introduced in the P6 family proces-

sors.) Enables the global page feature when set; disables the global page
feature when clear . The global page feature allows frequently used or shared
pages to be marked as global to all users (done with the global flag, bit 8, in
a page-directory or page-table entry). Global pages are not flushed from the
translation-lookaside buffer (TLB) on a task switch or a write to register CR3.

When enabling the global page feature, paging must be enabled (by setting
the PG flag in control register CR0) before the PGE flag is set. Reversing this
sequence may affect program correctness, and processor performance will
be impacted.

See also: Section 4.10, “Caching Translation Information.”

PCE Performance-Monitoring Counter Enable (bit 8 of CR4) — Enables

execution of the RDPMC instruction for programs or procedures running at
any protection level when set; RDPMC instruction can be executed only at
protection level 0 when clear.

OSFXSR

Operating System Support for FXSAVE an d FXRSTOR instru ctions
(bit 9 of CR4) — When set, this flag: (1) indicates to software that the oper -

ating system supports the use of the FXSAVE and FXRSTOR instructions, (2)
enables the FXSAVE and FXRST OR instructions to sav e and restore the
contents of the XMM and MXCSR registers along with the contents of the x87
FPU and MMX registers, and (3) enables the processor to execute
SSE/SSE2/SSE3/SSSE3/SSE4 instructions, with the exception of the PAUSE,
PREFETCHh, SFENCE, LFENCE, MFENCE, MOVNTI, CLFLUSH, CRC32, and
POPCNT.

If this flag is clear, the FXSAVE and FXRSTOR instructions will save and
restore the contents of the x87 FPU and MMX instructions, but they may not
save and restore the contents of the XMM and MXCSR registers. Also, the

2-24 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

processor will generate an invalid opcode exception (#UD) if it attempts to
execute any SSE/SSE2/SSE3and instruction, with the exception of PAUSE,
PREFETCHh, SFENCE, LFENCE, MFENCE, MOVNTI, CLFLUSH, CRC32, and
POPCNT. The operating system or executive must explicitly set this flag.

NOTE

CPUID feature flags FXSR indicates availability of the
FXSAVE/FXRSTOR instructions. The OSFXSR bit provides operating
system software with a means of enabling FXSAVE/FXRST OR to
save/restore the contents of the X87 FPU, XMM and MXCSR registers.
Consequently OSFXSR bit indicates that the operating system
provides context switch support for SSE/SSE2/SSE3/SSSE3/SSE4.

OSXMMEXCPT

Operating System Support for Unmasked SIMD Floating-Point Excep­tions (bit 10 of CR4) — When set, indicates that the opera ting system

supports the handling of unmasked SIMD floating-point exceptions through
an exception handler that is invok ed when a SIMD floating-point exceptio n
(#XF) is generated. SIMD floating-point exceptions are only generated by
SSE/SSE2/SSE3/SSE4.1 SIMD floating-point instructions.

The operating system or executive must explicitly set this flag. If this flag is
not set, the processor will generate an invalid opcode exception (#UD)
whenever it detects an unmasked SIMD floating-point exception.

VMXE

VMX-Enable Bit (bit 13 of CR4) — Enables VMX operation when set. See
Chapter 20, “Introduction to Virtual-Machine Extensions.”

SMXE

SMX-Enable Bit (bit 14 of CR4) — Enables SMX operation when set. See
Chapter 6, “Safer Mode Extensions Reference” of Intel® 64 and IA-32 Archi-
tectures Software Developer’s Manual, Volume 2B.

OSXSAVE

XSAVE and Processor Extended States-Enable Bit (bit 18 of CR4) —
When set, this flag: (1) indicates (via CPUID.01H:ECX.OSXSA VE[bit 27])
that the operating system supports the use of the XGETBV, XSAVE and
XRSTOR instructions by general software; (2) enables the XSAVE and
XRSTOR instructions to save and restore the x87 FPU state (including MMX
registers), the SSE state (XMM registers and MXCSR), along with other
processor extended states enabled in the XFEATURE_ENABLED_MASK
register (XCR0); (3) enables the processor to execute XGETBV and XSETBV
instructions in order to read and write XCR0. See
13, “System Programming for Instruction Set Extensions and Processor
Extended States”.

TPL Task Priority Level (bit 3:0 of CR8) — This sets the threshold value corre-

sponding to the highest-priority interrupt to be blocked. A value of 0 means

Section 2.6 and Chapter

Vol. 3 2-25

SYSTEM ARCHITECTURE OVERVIEW

all interrupts are enabled. This field is available in 64-bit mode. A value of 15
means all interrupts will be disabled.

2.5.1 CPUID Qualification of Control Register Flags

The VME, PVI, TSD, DE , PSE, PAE, MCE, PGE, PCE, OSFXSR, and OSXMMEXCPT flags
in control register CR4 are model specific. All of these flags (except the PCE flag) can
be qualified with the CPUID instruction to determine if they are implemented on the
processor before they are used.

The CR8 register is available on processors that support Intel 64 architecture.

2.6 EXTENDED CONTROL REGISTERS (INCLUDING THE XFEATURE_ENABLED_MASK REGISTER)

If CPUID.01H:ECX.XSAVE[bit 26] is 1, the processor suppo rts one or more
extended control registers (XCRs). Currently, the only such register defined is
XCR0, the XFEATURE_ENABLED_MASK register. This register specifies the set of
processor states that the operating system enables on that processor, e.g. x87 FPU
States, SSE states, and other processor extended states that Intel 64 architecture
may introduce in the future. The OS programs XCR0 to reflect the features it
supports.

63

Reserved for XCR0 bit vector expansion
Reserved / Future processor extended states
SSE state
x87 FPU/MMX state (must be 1)

Reserved (must be 0)

1

0

2

1

Figure 2-7. XFEATURE_ENABLED_MASK Register (XCR0)

Software can access XCR0 only if CR4.OSXSAVE[bit 18] = 1. (This bit is also readable
as CPUID.01H:ECX.OSXSAVE[bit 27].) The la yout of XCR0 is architected to allow
software to use CPUID leaf function 0DH to enumer ate the set of bits that the
processor supports in XCR0 (see CPUID instruction in
tures Software Developer’s Manual, Volume 2A). Each processor state (X87 FPU

2-26 Vol. 3

Intel® 64 and IA-32 Architec-

SYSTEM ARCHITECTURE OVERVIEW

state, SSE state, or a future processor extended state) is represented by a bit in
XCR0. The OS can enable future processor extended states in a forward manner by
specifying the appropriate bit mask value using the XSETBV instruction according to
the results of the CPUID leaf 0DH.

With the exception of bit 63, each bit in the XFEATURE_ENABLED_MASK register
(XCR0) corresponds to a subset of the processor states. XCR0 thus provides space
for up to 63 sets of processor state extensions. Bit 63 of XCR0 is reserved for future
expansion and will not represent a processor extended state.

Currently , the XFEA TURE_ENABLED_MASK register (XCR0) has two processor states
defined, with up to 61 bits reserved for future processor extended states:

• XCR0.X87 (bit 0): If 1, indicates x87 FPU state (including MMX register states) is

supported in the processor. Bit 0 must be 1. An attempt to write 0 causes a #GP
exception.

• XCR0.SSE (bit 1): If 1, indicates MXCSR and XMM registers (XMM0-XMM15 in 64-

bit mode, otherwise XMM0-XMM7) are supported by XSAVE/XRESTOR in the
processor.

Any attempt to set a reserved bit (as determined by the contents of EAX and EDX
after executing CPUID with EAX=0DH, ECX= 0H) in the XFEATU RE_ENABLED_MASK
register for a given processor will result in a #GP exception. An attempt to write 0 to
XFEATURE_ENABLED_MASK.x87 (bit 0) will result in a #GP exception.

If a bit in the XFEATURE_ENABLED_MASK register is 1, XSAVE instruction can selec­tively (in conjunction with a save mask) save a partial or full set of processor states
to memory (See XSAVE instruction in Intel® 64 and IA-32 Architectures Software
Developer’s Manual, Volume 2B).

After reset all bits (except bit 0) in the XFEA TURE_ENABLED_MASK register (XCR0)
are cleared to zero. XCR0[0] is set to 1.

2.7 SYSTEM INSTRUCTION SUMMARY

System instructions handle system-level functions such as loading system registers,
managing the cache, managing interrupts, or setting up the debug registers. Many of
these instructions can be executed only by operating-system or executive proce
dures (that is, procedures running at privilege level 0). Others can be executed at
any privilege level and are thus available to application programs.

Table 2-2 lists the system instructions and indicates whether they are available and
useful for application programs. These instructions are described in the Intel® 64
and IA-32 Architectures Software Developer’s Manual, Volumes 2A & 2B.

Table 2-2. Summary of System Instructions

Instruction

LLDT Load LDT Register No Yes

Description

Useful to
Application?

Protected from
Application?

-

Vol. 3 2-27

SYSTEM ARCHITECTURE OVERVIEW

Table 2-2. Summary of System Instructions (Contd.)

Instruction

SLDT Store LDT Register No No

LGDT Load GDT Register No Yes

SGDT Store GDT Register No No

LTR Load Task Register No Ye s

STR Store Task Register No No

LIDT Load IDT Register No Yes

SIDT Store IDT Register No No

MOV CRn Load and store control registers No Yes

SMSW Store MSW Yes No

LMSW Load MSW No Yes

CLTS Clear TS flag in CR0 No Yes

ARPL Adjust RPL Yes

LAR Load Access Rights Yes No

LSL Load Segment Limit Yes No

VERR Verify for Reading Yes No

VERW Verify for Writing Yes No

MOV DRn Load and store debug registers No Yes

INVD Invalidate cache, no writeback No Yes

WBINVD Invalidate cache, with writeback No Yes

INVLPG Invalidate TLB entry No Yes

HLT Halt Processor No Yes

LOCK (Prefix) Bus Lock Yes No

RSM Return from system management

3

RDMSR

3

WRMSR

Description

Useful to
Application?

1, 5

Protected from
Application?

No Yes

mode

Read Model-Specific Registers No Ye s

Write Model-Specific Registers No Yes

No

4

RDPMC

3

RDTSC

RDTSCP

2-28 Vol. 3

Read Performance-Monitoring

Yes Yes

2

Counter

Read Time-Stamp Counter Yes Yes

7

Read Serialized Time-Stamp Counter Yes Yes

2

2

SYSTEM ARCHITECTURE OVERVIEW

Table 2-2. Summary of System Instructions (Contd.)

Instruction

XGETBV Return the state of the the

XSETBV Enable one or more processor

NOTES:

1. Useful to application programs running at a CPL of 1 or 2.

2. The TSD and PCE flags in control register CR4 control access to these instructions by application
programs running at a CPL of 3.

3. These instructions were introduced into the IA-32 Architecture with the Pentium processor.

4. This instruction was introduced into the IA-32 Architecture with the Pentium Pro processor and
the Pentium processor with MMX technology.

5. This instruction is not supported in 64-bit mode.

6. Application uses XGETBV to query which set of processor extended states are enabled.

7. RDTSCP is introduced in Intel Core i7 processor.

Description

XFEATURE_ENABLED_MASK register

extended states

Useful to
Application?

Yes No

6

No

Protected from
Application?

Yes

2.7.1 Loading and Storing System Registers

The GDTR, LDTR, ID TR, and TR registers each hav e a load and store instruction for
loading data into and storing data from the register:

• LGDT (Load GDTR Register) — Loads the GDT base address and limit from

memory into the GDTR register.

• SGDT (Store GDTR Register) — Stores the GDT base address and limit from

the GDTR register into memory.

• LIDT (Load IDTR Register) — Loads the IDT base address and limit from

memory into the IDTR register.

• SIDT (Load IDTR Register — Stores the IDT base address and limit from the

IDTR register into memory.

• LLDT (Load LDT Register) — Loads the LDT segment selector and segment

descriptor from memory into the LDTR. (The segment selector operand can also
be located in a general-purpose register.)

• SLDT (Store LDT Register) — Stores the LDT segment selector from the LDTR

register into memory or a general-purpose register.

• LTR (Load Task Register) — Loads segment selector and segment descriptor

for a TSS from memory into the task register . (The segment selector operand can
also be located in a general-purpose register.)

• STR (Store Task Register) — Stores the segment selector for the current task

TSS from the task register into memory or a general-purpose register.

Vol. 3 2-29

SYSTEM ARCHITECTURE OVERVIEW

The LMSW (load machine status word) and SMSW (store machine status word)
instructions operate on bits 0 through 15 of control register CR0. These instructions
are provided for compatibility with the 16-bit Intel 286 processor. Programs written
to run on 32-bit IA-32 processors should not use these instructions. Instead, they
should access the control register CR0 using the MOV instruction.

The CLTS (clear TS flag in CR0) instruction is provided for use in handling a
device-not-available exception (#NM) that occurs when the processor attempts to
execute a floating-point instruction when the TS flag is set. This instruction allows
the TS flag to be cleared after the x87 FPU context has been saved, preventing
further #NM exceptions. See
on the TS flag.

The control registers (CR0, CR1, CR2, CR3, CR4, and CR8) are loaded using the MOV
instruction. The instruction loads a control register from a general-purpose register
or stores the content of a control register in a general-purpose register.

Section 2.5, “Control Registers, ” for more information

2.7.2 Verifying of Access Privileges

The processor provides several instruct ions for examining segment selectors
and segment descriptors to determine if access to their associated segments
is allowed. These instructions duplicate some of the automatic access rights
and type checking done by the processor, thus allowing operating-system or
executive software to prev ent excep tions from being gener ated.

The ARPL (adjust RPL) instruction adjusts the RPL (requestor privilege level)
of a segment selector to match that of the program or procedure that
supplied the segment selector. See
Privileges (ARPL Instruction), ” fo r a detailed explanation of the function and
use of this instruction. Note that ARPL is not supported in 64-bit mode.

The LAR (load access right s) instruction verifies the ac cessibility of a speci -

fied segment and loads access rights information from the segment’ s
segment descriptor into a general-purpose register. Software can then
examine the access rights to determine if the segment type is compatible
with its intended use. See

Section 5.10.1, “Checking Access Rights (LAR
Instruction),” for a detailed explanation of the function and use of this
instruction.

The LSL (load segment limit) instruction verifies the accessibility of a speci-

fied segment and loads the segment limit from the segment’ s segment
descriptor into a general-purpose register. Software can then compare the
segment limit with an offset into the segment to determine whether the
offset lies within the segment. See
Pointer Offset Is Within Limits (LSL Instruction), ” fo r a detailed explanation
of the function and use of this instruction.

The VERR (verify for reading) and VERW (verify for writing) instructions
verify if a selected segment is readable or writable, respectively, at a given
CPL. See

Section 5.10.2, “Checking Read/W rite Rights (VERR and VERW

Section 5.10.4, “Checking Caller Access

Section 5.10.3, “Checking That the

2-30 Vol. 3

SYSTEM ARCHITECTURE OVERVIEW

Instructions),” for a detailed explanation of the function and use of this
instruction.

2.7.3 Loading and Storing Debug Registers

Internal debugging facilities in the processor are controlled by a set of 8 debug regis­ters (DR0-DR7). The MOV instruction allows setup data to be loaded to and stored
from these registers.

On processors that support Intel 64 architecture, debug registers DR0-DR7 are 64
bits. In 32-bit modes and compatibility mode, writes to a debug register fill the upper
32 bits with zeros. Reads return the lower 32 bits. In 64-bit mode, the upper 32 bits
of DR6-DR7 are reserved and must be written with zeros. Writing one to any of the
upper 32 bits causes an exception, #GP(0).

In 64-bit mode, MOV DRn instructions read or write all 64 bits of a debug register
(operand-size prefixes are ignored). All 64 bits of DR0-DR3 are writable by software.
However , MOV DRn instructions do not check that addresses written to DR0-DR3 are
in the limits of the implementation. Address matching is supported only on valid
addresses generated by the processor implementation.

2.7.4 Invalidating Caches and TLBs

The processor provides several instructions for use in explicitly invalidating its caches
and TLB entries. The INVD (invalidate cache with no writeback) instruction invali­dates all data and instruction entries in the internal caches and sends a signal to the
external caches indicating that they should be also be invalidated.

The WBINVD (invalidate cache with writeback) instruction performs the same func­tion as the INVD instruction, except that it writes back modified lines in its internal
caches to memory before it invalidates the caches. After invalidating the internal
caches, WBINVD signals external caches to write back modified data and invalidate
their contents.

The INVLPG (invalidate TLB entry) instruction invalidates (flushes) the TLB entry for
a specified page.

2.7.5 Controlling the Processor

The HL T (halt processor) instruction stops the processor until an enabled interrupt
(such as NMI or SMI, which are normally enabled), a debug exception, the BINIT#
signal, the INIT# signal, or the RESET# signal is received. The processor generates a
special bus cycle to indicate that the halt mode has been entered.

Hardware may respond to this signal in a number of ways. An indicator light on the
front panel may be turned on. An NMI interrupt for recording diagnostic information
may be generated. Reset initialization may be invoked (note that the BINIT# pin was

Vol. 3 2-31

SYSTEM ARCHITECTURE OVERVIEW

introduced with the Pentium Pro processor). If any non-w ake ev ents are pending
during shutdown, they will be handled after the wake event from shutdown is
processed (for example, A20M# interrupts).

The LOCK prefix invokes a locked (atomic) read-modify-write operation when modi­fying a memory operand. This mechanism is used to allow reliable communications
between processors in multiprocessor systems, as described below:

• In the Pentium processor and earlier IA-32 processors, the LOCK prefix causes

the processor to assert the LOCK# signal during the instruction. This always
causes an explicit bus lock to occur.

• In the Pentium 4, Intel Xeon, and P6 family processors, the locking operation is

handled with either a cache lock or bus lock. If a memory access is cacheable and
affects only a single cache line, a cache lock is invoked and the system bus and
the actual memory location in system memory are not locked during the
operation. Here, other Pentium 4, Intel Xeon, or P6 family processors o n the bus
write-back any modified data and invalidate their caches as necessary to
maintain system memory coherency . If the memory access is not cacheable
and/or it crosses a cache line boundary , the processor’s LOCK# signal is asserted
and the processor does not respond to requests for bus control during the locked
operation.

The RSM (return from SMM) instruction restores the processor (from a context
dump) to the state it was in prior to an system management mode (SMM) interrupt.

2.7.6 Reading Performance-Monitoring and Time-Stamp Counters

The RDPMC (read performance-monitoring counter) and RD TSC (r ead time-stamp
counter) instructions allow application programs to read the processor’s perfor­mance-monitoring and time-stamp counters, respectively . Processors based on Intel
NetBurst microarchitecture have eighteen 40-bit performance-monitor ing counters;
P6 family processors have two 40-bit counters. Intel Atom processors and most of
the processors based on the Intel Core microarchitecture support two types of
performance monitoring counters: two programmable performance counters similar
to those available in the P6 family, and three fixed-function performance monitoring
counters.

The programmable performance counters can support counting either the occurrence
or duration of events. Events that can be m onitored on programmable coun ters
generally are model specific (except for architectural performance events enumer
ated by CPUID leaf 0AH); they may includ e the number of instructions de coded,
interrupts received, or the number of cache loads. Individual counters can be set up
to monitor different events. Use the system instruction WRMSR to set up values in
IA32_PERFEVTSEL0/1 (for Intel Atom, Intel Core 2, Intel Core Duo, and Intel
Pentium M processors), in one of the 45 ESCRs and one of the 18 CCCR MSRs (for
Pentium 4 and Intel Xeon processors); or in the P erfEvtSel0 or the PerfEvtSel1 MSR
(for the P6 family processors). The RDPMC instruction loads the current count from
the selected counter into the EDX:EAX registers.

2-32 Vol. 3

-

SYSTEM ARCHITECTURE OVERVIEW

Fixed-function performance counters record only specific events that are defined in
Chapter 20, “Introduction to Virtual-Machine Extensions”, and the width/number of
fixed-function counters are enumerated by CPUID leaf 0AH.

The time-stamp counter is a model-specific 64-bit counter that is reset to zero each
time t h e processor is reset. If not reset, the counter will increment ~9.5 x 10
times per year when the processor is operating at a clock rate of 3GHz. At this
clock frequency , it would take over 190 years for the counter to wrap around. The
RDTSC instruction loads the current count of the time-stamp counter into the
EDX:EAX registe rs.

See Section 30.1, “Performance Monitoring Overview,” and Section 16.11, “Time­Stamp Counter,” for more information about the performance monitoring and time­stamp counters.

The RDTSC instruction was introduced into the IA-32 architecture with the Pentium
processor . The RDPMC instruction was introduced into the IA -32 architecture with the
Pentium Pro processor and the Pentium processor with MMX technology. Earlier
Pentium processors have two performance-monitoring counters, but they can be
read only with the RDMSR instruction, and only at privilege level 0.

16

2.7.6.1 Reading Counters in 64-Bit Mode

In 64-bit mode, RDTSC operates the same as in protected mode. The count in the
time-stamp counter is stored in EDX:EAX (or RDX[31:0]:RAX[31:0] with
RDX[63:32]:RAX[63:32] cleared).

RDPMC requires an index to specify the offset of the performance-monitoring
counter. In 64-bit mode for Pentium 4 or Intel Xeon processor families, the index is
specified in ECX[30:0]. The current count of the performance-monitoring counter is
stored in EDX:EAX (or RDX[31:0]:RAX[31:0] with RDX[63:32]:RAX[63:32]
cleared).

2.7.7 Reading and Writing Model-Specific Registers

The RDMSR (read model-specific register) and WRMSR (write model-specific
register) instructions allow a processor’s 64-bit model-specific registers (MSRs) to be
read and written, respectively . The MSR to be read or written is specified by the v alue
in the ECX register.

RDMSR reads the value from the specified MSR to the EDX:EAX registers; WRMSR
writes the value in the EDX:EAX registers to the specified MSR. RDMSR and WRMSR
were introduced into the IA-32 architecture with the Pentium processor.

See Section 9.4, “Model-Specific Registers (MSRs), ” for more information.

Vol. 3 2-33

SYSTEM ARCHITECTURE OVERVIEW

2.7.7.1 Reading and Writing Model-Specific Registers in 64-Bit Mode

RDMSR and WRMSR require an index to specify the address of an MSR. In 64-bit
mode, the index is 32 bits; it is specified using ECX.

2.7.8 Enabling Processor Extended States

The XSETBV instruction is required to enable OS support of individual processor
extended states in the XFEATURE_ENABLED_MASK register (see Section 2.6).

2-34 Vol. 3

CHAPTER 3

PROTECTED-MODE MEMORY MANAGEMENT

This chapter describes the Intel 64 and IA-32 architecture’s protected-mode memory
management facilities, including the physical memory requirements, segmentation
mechanism, and paging mechanism.

See also: Chapter 5, “Protection” (for a description of the processor’s protection
mechanism) and Chapter 17, “8086 Emulation” (for a description of memory
addressing protection in real-address and virtual-8086 modes).

3.1 MEMORY MANAGEMENT OVERVIEW

The memory management facilities of the IA-32 architecture are divided into two
parts: segmentation and paging. Segmentation provides a mechanism of isolating
individual code, data, and stack modules so that multiple programs (or tasks) can
run on the same processor without interfering with one another. Paging provides a
mechanism for implementing a conventional demand-paged, virtual-memory system
where sections of a program’s execution environment are mapped into physical
memory as needed. Paging can also be used to provide isolation between multiple
tasks. When operating in protected mode, some form of segmentation must be used.
There is no mode bit to disable segmentation. The use of paging, however, is
optional.

These two mechanisms (segmentation and paging) can be configured to support
simple single-program (or single-task) systems, multitasking systems, or multiple­processor systems that used shared memory .

As shown in Figure 3-1, segmentation provides a mechanism for dividing the
processor’s addressable memory space (called the linear address space) into
smaller protected address spaces called segments. Segments can be used to hold
the code, data, and stack for a program or to hold system data structures (such as a
TSS or LDT). If more than one program (or task) is running on a processor, each
program can be assigned its own set of segments. The processor then enforces the
boundaries between these segments and insures that one program does not interfere
with the execution of another program by writing into the oth er program’s segments.
The segmentation mechanism also allows typing of segments so that the operations
that may be performed on a particular type of segment can be restricted.

All the segments in a system are contained in the processor’s linear address space.
T o locate a byte in a particular segment, a logical address (also called a far pointer)
must be provided. A logical address consists of a segment selector and an offset. The
segment selector is a unique identifier for a segment. Among other things it provides
an offset into a descriptor table (such as the global descriptor table, GDT) to a data
structure called a segment descriptor . Each segment has a segment descriptor , which
specifies the size of the segment, the access rights and privilege level for the

Vol. 3 3-1

PROTECTED-MODE MEMORY MANAGEMENT

segment, the segment type, and the location of the first byte of the segment in the
linear address space (called the base address of the segment). The offset part of the
logical address is added to the base address for the segment to locate a byte within
the segment. The base address plus the offset thus forms a linear address in the
processor’s linear address space.

Logical Address

(or Far Pointer)

Segment

Selector

Offset

Linear Address

Space

Global Descriptor

Table (GDT)

Segment

Descriptor

Segment

Base Address

Segment

Page Directory

Lin. Addr.

Page

Segmentation

Dir

Entry

Linear Address

Table Offset

Page Table

Entry

Paging

Physical
Address

Space

Page

Phy. Addr.

Figure 3-1. Segmentation and Paging

If paging is not used, the linear address space of the processor is mapped directly
into the physical address space of processor . The physical address space is defined as
the range of addresses that the processor can generate on its address bus.

Because multitasking computing systems commonly define a linear address space
much larger than it is economically feasible to contain all at once in physical memory ,
some method of “virtualizing” the linear address space is needed. This virtualization
of the linear address space is handled through the processor’s paging mechanism.

Paging supports a “virtual memory” environment wh ere a large linear address space
is simulated with a small amount of physical memory (RAM and ROM) and some disk

3-2 Vol. 3

PROTECTED-MODE MEMORY MANAGEMENT

storage. When using paging, each segment is divided into pages (typically 4 KBytes
each in size), which are stored either in physical memory or on the disk. The oper­ating system or executive maintains a page directory and a set of page tables to keep
track of the pages. When a program (or task) attempts to access an address location
in the linear address space, the processor uses the page directory and page tables to
translate the linear address into a physical address and then performs the requested
operation (read or write) on the memory location.

If the page being accessed is not currently in physical memory, the processor inter­rupts execution of the program (by generating a page-fault exception). The oper­ating system or executive then reads the page into physical memory from the disk
and continues executing the program.

When paging is implemented properly in the operating-system or executive, the
swapping of pages between physical memory and the disk is tr ansparent to the
correct execution of a program. Even programs written for 16-bit IA-32 processors
can be paged (transparently) when they are run in virtual-8086 mode.

3.2 USING SEGMENTS

The segmentation mechanism supported by the IA-32 architecture can be used to
implement a wide variety of system designs. These designs range from flat models
that make only minimal use of segmentation to protect programs to multi­segmented models that employ segmentation to create a robust operating environ
ment in which multiple programs and tasks can be executed reliably .

The following sections give several examples of how segmentation can be employed
in a system to improve memory management performance and reliability .

-

3.2.1 Basic Flat Model

The simplest memory model for a system is the basic “flat model, ” in which the oper­ating system and application programs have access to a continuous, unsegmented
address space. T o the greatest extent possible, this basic flat model hides the
segmentation mechanism of the architecture from both the system designer and the
application programmer.

To implement a basic flat memory model with the IA-32 architecture, at least two
segment descriptors must be created, one for referencing a code segment and one
for referencing a data segment (see
are mapped to the entire linear address space: that is, both segment descriptors
have the same base address value of 0 and the same segment limit of 4 GBytes. By
setting the segment limit to 4 GBytes, the segmentation mechanism is kept from
generating exceptions for out of limit memory references, even if no physical
memory resides at a particular address. ROM (EPROM) is generally located at the top
of the physical address space, because the processor begins execution at

Figure 3-2). Both of these segments, however,

Vol. 3 3-3

PROTECTED-MODE MEMORY MANAGEMENT

FFFF_FFF0H. RAM (DRAM) is placed at the bottom of the address space because the
initial base address for the DS data segment after reset initialization is 0.

3.2.2 Protected Flat Model

The protected flat model is similar to the basic flat model, except the segment limits
are set to include only the range of addresses for which physical memory actually
exists (see
any attempt to access nonexistent memory . This model provides a minimum lev el of
hardware protection against some kinds of program bugs.

Figure 3-3). A general-protection exception (#GP) is then gener ated on

Linear Address Space

Segment
Registers

CS
SS
DS
ES
FS
GS

Code- and Data-Segment

Descriptors

LimitAccess

Base Address

(or Physical Memory)

Code

Not Present

Data and

Stack

FFFFFFFFH

0

3-4 Vol. 3

Segment

Registers

CS
ES

SS
DS
FS
GS

Figure 3-2. Flat Model

Segment

Descriptors

LimitAccess

Base Address

LimitAccess

Base Address

Linear Address Space

(or Physical Memory)

Not Present

Memory I/O

Data and

Figure 3-3. Protected Flat Model

Code

Stack

FFFFFFFFH

0

PROTECTED-MODE MEMORY MANAGEMENT

More complexity can be added to this protected flat model to provide more protec­tion. For example, for the paging mechanism to provide isolation between user and
supervisor code and data, four segments need to be defined: code and data
segments at privilege level 3 for the user, and code and data segments at privilege
level 0 for the supervisor. Usually these segments all overlay each other and start at
address 0 in the linear address space. This flat segmentation model along with a
simple paging structure can protect the operating system from applications, and by
adding a separate paging structure for each task or process, it can also protect appli
cations from each other. Similar designs are used by several popular multitasking
operating systems.

3.2.3 Multi-Segment Model

A multi-segment model (such as the one shown in Figure 3-4) uses the full capabili­ties of the segmentation mechanism to provided hardware enforced protection of
code, data structures, and programs and tasks. Here, each program (or task) is given
its own table of segment descriptors and its own segments. The segments can be
completely private to their assigned programs or shared among progr ams. Access to
all segments and to the execution environments of individual programs running on
the system is controlled by hardware.

-

Vol. 3 3-5

PROTECTED-MODE MEMORY MANAGEMENT

Segment

Registers

CS

SS

DS

ES

FS

GS

Segment

Descriptors

LimitAccess

Base Address

LimitAccess

Base Address

LimitAccess

Base Address

LimitAccess

Base Address

LimitAccess

Base Address

LimitAccess

Base Address

LimitAccess

Base Address

LimitAccess

Base Address

LimitAccess

Base Address

LimitAccess

Base Address

Linear Address Space

(or Physical Memory)

Stack

Code

Data

Data

Data

Data

Figure 3-4. Multi-Segment Model

Access checks can be used to protect not only against referencing an address outside
the limit of a segment, but also against performing disallowed operations in certain
segments. For example, since code segments are designated as read-only segments,
hardware can be used to prevent writes into code segments. The access rights infor
mation created for segments can also be used to set up protection rings or levels.
Protection levels can be used to protect operating-system procedures from unautho­rized access by application programs.

3.2.4 Segmentation in IA-32e Mode

In IA-32e mode of Intel 64 architecture, the effects of segmentation depend on
whether the processor is running in compatibility mode or 64-bit mode. In compati
bility mode, segmentation functions just as it does using legacy 16-bit or 32-bit
protected mode semantics.

3-6 Vol. 3

-

-

PROTECTED-MODE MEMORY MANAGEMENT

In 64-bit mode, segmentation is generally (but not completely) disabled, creating a
flat 64-bit linear-address space. The processor treats the segment base of CS, DS,
ES, SS as zero, creating a linear address that is equal to the effective address. The FS
and GS segments are exceptions. These segment registers (which hold the segment
base) can be used as an additional base registers in linear address calculations. They
facilitate addressing local data and certain operating system data structures.

Note that the processor does not perform segment limit checks at runtime in 64-bit
mode.

3.2.5 Paging and Segmentation

Paging can be used with any of the segmentation models described in Figures 3-2,
3-3, and 3-4. The processor’s paging mechanism divides the linear address space
(into which segments are mapped) into pages (as shown in Figure 3-1). These linear­address-space pages are then mapped to pages in the physical address space. The
paging mechanism offers several page-level protection facilities that can be used
with or instead of the segment-protection facilities. For example, it lets read-write
protection be enforced on a page-by-page basis. The paging mechanism also
provides two-level user-supervisor protection that can also be specified on a page­by-page basis.

3.3 PHYSICAL ADDRESS SPACE

In protected mode, the IA-32 architecture provides a normal physical address space
of 4 GBytes (2
its address bus. This address space is flat (unsegmented), with addresses ranging
continuously from 0 to FFFFFFFFH. This physical address space can be mapped to
read-write memory , read-only memory, and memory mapped I/O. The memory
mapping facilities described in this chapter can be used to divide this physical
memory up into segments and/or pages.

Starting with the Pentium Pro processor, the IA-32 architecture also supports an
extension of the physical address space to 2
physical address of FFFFFFFFFH. This extension is invoked in either of two ways:

32

bytes). This is the address space that the processor can address on

36

bytes (64 GBytes); with a maximum

• Using the physical address extension (PAE) flag, located in bit 5 of control

register CR4.

• Using the 36-bit page size extension (PSE-36) feature (introduced in the Pentium

III processors).

Physical address support has since been extended beyond 36 bits. See Chapter 4,
“Paging” for more information about 36-bit physical addressing.

Vol. 3 3-7

PROTECTED-MODE MEMORY MANAGEMENT

3.3.1 Intel® 64 Processors and Physical Address Space

On processors that support Intel 64 architecture (CPUID.80000001:EDX[29] = 1),
the size of the physical address range is implementation-specific and indicated by
CPUID.80000008H:EAX[bits 7-0].

For the format of information returned in EAX, see “CPUID—CPU Identification” in
Chapter 3 of the Intel® 64 and IA-32 Architectures Software Developer’s Manual,
Volume 2A. See also: Chapter 4, “Paging.”

3.4 LOGICAL AND LINEAR ADDRESSES

At the system-architecture level in protected mode, the processor uses two stages of
address translation to arrive at a physical address: logical- address translation and
linear address space paging.

Even with the minimum use of segments, every byte in the processor’s address
space is accessed with a logical address. A logical address consists of a 16-bit
segment selector and a 32-bit offset (see Figure 3-5). The segment selector identi­fies the segment the byte is located in and the offset specifies the location of the byte
in the segment relative to the base address of the segment.

The processor translates every logical address into a linear address. A linear address
is a 32-bit address in the processor’s linear address space. Like the physical address
space, the linear address space is a flat (unsegmented), 232-byte address space,
with addresses ranging from 0 to FFFFFFFFH. The linear address space contains all
the segments and system tables defined for a system.

T o tr anslate a logical address into a linear address, the processor does the following:

1. Uses the offset in the segment selector to locate the segment descriptor for the

segment in the GDT or LDT and reads it into the processor. (This step is needed
only when a new segment selector is loaded into a segment register.)

2. Examines the segment descriptor to check the access rights and range of the

segment to insure that the segment is accessible and that the offset is within the
limits of the segment.

3. Adds the base address of the segment fr om the segment descriptor to the offset

to form a linear address.

3-8 Vol. 3

PROTECTED-MODE MEMORY MANAGEMENT

Logical

Address

Seg. Selector

Descriptor Table

Segment
Descriptor

015

31(63)

Offset (Effective Address)

Base Address

Linear Address

+

0

031(63)

Figure 3-5. Logical Address to Linear Address Translation

If paging is not used, the processor maps the linear address directly to a physical
address (that is, the linear address goes out on the processor’s address bus). If the
linear address space is paged, a second level of address translation is used to trans
late the linear address into a physical address.

See also: Chapter 4, “Paging. ”

3.4.1 Logical Address Translation in IA-32e Mode

In IA-32e mode, an Intel 64 processor uses the steps described above to translate a
logical address to a linear address. In 64-bit mode, the offset and base address of the
segment are 64-bits instead of 32 bits. The linear address format is also 64 bits wide
and is subject to the canonical form requirement.

Each code segment descriptor provides an L bit. This bit allows a code segment to
execute 64-bit code or legacy 32-bit code by code segment.

-

3.4.2 Segment Selectors

A segment selector is a 16-bit identifier for a segment (see Figure 3-6). It does not
point directly to the segment, but instead points to the segment descriptor that
defines the segment. A segment selector contains the following items:

Index (Bits 3 through 15) — Selects one of 8192 descriptors in the GD T or

LDT. The processor multiplies the index value by 8 (the number of
bytes in a segment descriptor) and adds the result to the base address
of the GDT or LDT (from the GDTR or LDTR registe r, respectively).

Vol. 3 3-9

PROTECTED-MODE MEMORY MANAGEMENT

TI (table indicator) flag

(Bit 2) — Specifies the descriptor table to use: clearing this flag
selects the GDT; setting this flag selects the current LDT.

15

Index

Table Indicator
0 = GDT
1 = LDT

Requested Privilege Level (RPL)

1

3

0

2

T

RPL

I

Figure 3-6. Segment Selector

Requested Privilege Level (RPL)

(Bits 0 and 1) — Specifies the privilege level of the selector. The priv­ilege level can range from 0 to 3, with 0 being the most privileged
level. See
tionship of the RPL to the CPL of the executing program (or task) and
the descriptor privilege level (DPL) of the descriptor the segment
selector points to.

The first entry of the GDT is not used by th e processor . A segment selector that points
to this entry of the GDT (that is, a segment selector with an index of 0 and the TI flag
set to 0) is used as a “null segment selector .” The processor does not generate an
exception when a segment register (other than the CS or SS registers) is loaded with
a null selector. It does, however, generate an exception when a segment register
holding a null selector is used to access memory . A null selector can be used to
initialize unused segment registers. Loading the CS or SS register with a null
segment selector causes a general-protection exception (#GP) to be generated.

Segment selectors are visible to application programs as part of a pointer variable,
but the values of selectors are usually assigned or modified by link editors or linking
loaders, not application programs.

Section 5.5, “Privilege Levels”, for a description of the rela-

3.4.3 Segment Registers

T o reduce address tr anslation time and coding complexity, the processor provides
registers for holding up to 6 segment selectors (see
segment registers support a specific kind of memory reference (code, stack, or
data). For virtually any kind of program execution to take place, at least the code­segment (CS), data-segment (DS), and stack-segment (SS) registers must be
loaded with valid segment selectors. The processor also provides three additional
data-segment registers (ES, FS, and GS), which can be used to make additional data
segments available to the currently executing program (or task).

3-10 Vol. 3

Figure 3-7). Each of these