Intel ARCHITECTURE IA-32, IA-32 User Manual

3.04 Mb
Loading...

IA-32 Intel® Architecture

Software Developer’s Manual

Volume 3A:

System Programming Guide, Part 1

NOTE: The IA-32 Intel Architecture Software Developer's Manual consists of five volumes: Basic Architecture, Order Number 253665; Instruction Set Reference A-M, Order Number 253666; Instruction Set Reference N-Z, Order Number 253667; System Programming Guide, Part 1, Order Number 253668; System Programming Guide, Part 2, Order Number 253669. Refer to all five volumes when evaluating your design needs.

Order Number: 253668-019

March 2006

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS.

Intel may make changes to specifications and product descriptions at any time, without notice.

Developers must not rely on the absence or characteristics of any features or instructions marked “reserved” or “undefined.” Improper use of reserved or undefined features or instructions may cause unpredictable behavior or failure in developer's software code when running on an Intel processor. Intel reserves these features or instructions for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from their unauthorized use.

The Intel® IA-32 architecture processors (e.g., Pentium® 4 and Pentium III processors) may contain design defects or errors known as errata. Current characterized errata are available on request.

Hyper-Threading Technology requires a computer system with an Intel® Pentium® 4 processor supporting Hyper-Threading Technology and an HT Technology enabled chipset, BIOS and operating system. Performance will vary depending on the specific hardware and software you use. See http://www.intel.com/techtrends/technologies/hyperthreading.htm for more information including details on which processors support HT Technology.

Intel® Virtualization Technology requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM) and for some uses, certain platform software enabled for it. Functionality, performance or other benefits will vary depending on hardware and software configurations. Intel® Virtualization Technology-enabled BIOS and VMM applications are currently in development.

Intel® Extended Memory 64 Technology (Intel® EM64T) requires a computer system with a processor, chipset, BIOS, OS, device drivers and applications enabled for Intel EM64T. Processor will not operate (including 32-bit operation) without an Intel EM64T-enabled BIOS. Performance will vary depending on your hardware and software configurations. Intel EM64T-enabled OS, BIOS, device drivers and applications may not be available. Check with your vendor for more information.

Intel, Pentium, Intel Xeon, Intel NetBurst, Intel Core Solo, Intel Core Duo, Intel Pentium D, Itanium, MMX, and VTune are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

*Other names and brands may be claimed as the property of others.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.

Copies of documents which have an ordering number and are referenced in this document, or other Intel literature, may be obtained from:

Intel Corporation

P.O. Box 5937

Denver, CO 80217-9808

or call 1-800-548-4725

or visit Intel’s website at http://www.intel.com

Copyright © 1997-2006 Intel Corporation

CONTENTS FOR VOLUME 3A AND 3B

CHAPTER 1

ABOUT THIS MANUAL

1.1 IA-32 PROCESSORS COVERED IN THIS MANUAL . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.2 OVERVIEW OF THE SYSTEM PROGRAMMING GUIDE. . . . . . . . . . . . . . . . . . . . 1-2 1.3 NOTATIONAL CONVENTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1.3.1 Bit and Byte Order. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5 1.3.2 Reserved Bits and Software Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5 1.3.3 Instruction Operands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6 1.3.4 Hexadecimal and Binary Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7 1.3.5 Segmented Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7 1.3.6 Syntax for CPUID, CR, and MSR Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7 1.3.7 Exceptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 1.4 RELATED LITERATURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9

CHAPTER 2

 

SYSTEM ARCHITECTURE OVERVIEW

 

2.1

OVERVIEW OF THE SYSTEM-LEVEL ARCHITECTURE . . . . . . . . . . . . . . . . . . .

2-2

2.1.1

Global and Local Descriptor Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.2-5

2.1.1.1

Global and Local Descriptor Tables in IA-32 Mode . . . . . . . . . . . . . . . . . . . .

.2-5

2.1.2

System Segments, Segment Descriptors, and Gates . . . . . . . . . . . . . . . . . . . . .

.2-5

2.1.2.1

Gates in IA-32e Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.2-6

2.1.3

Task-State Segments and Task Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.2-6

2.1.3.1

Task-State Segments in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.2-7

2.1.4

Interrupt and Exception Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.2-7

2.1.4.1

Interrupt and Exception Handling IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . .

.2-7

2.1.5

Memory Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.2-7

2.1.5.1

Memory Management in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.2-8

2.1.6

System Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.2-8

2.1.6.1

System Registers in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.2-9

2.1.7

Other System Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-10

2.2

MODES OF OPERATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-10

2.3

SYSTEM FLAGS AND FIELDS IN THE EFLAGS REGISTER . . . . . . . . . . . . . . .

2-12

2.3.1

System Flags and Fields in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-14

2.4

MEMORY-MANAGEMENT REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-14

2.4.1

Global Descriptor Table Register (GDTR). . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-15

2.4.2

Local Descriptor Table Register (LDTR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-15

2.4.3

IDTR Interrupt Descriptor Table Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-16

2.4.4

Task Register (TR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-16

2.5

CONTROL REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-16

2.5.1

CPUID Qualification of Control Register Flags . . . . . . . . . . . . . . . . . . . . . . . . . .

2-24

2.6

SYSTEM INSTRUCTION SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-24

2.6.1

Loading and Storing System Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-25

2.6.2

Verifying of Access Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-26

2.6.3

Loading and Storing Debug Registers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-27

2.6.4

Invalidating Caches and TLBs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-27

2.6.5

Controlling the Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-27

2.6.6

Reading Performance-Monitoring and Time-Stamp Counters . . . . . . . . . . . . . .

2-28

2.6.6.1

Reading Counters in 64-Bit Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-29

Vol. 3A iii

CONTENTS

 

 

PAGE

2.6.7

Reading and Writing Model-Specific Registers . . . . . . . . . . . . . . . . . . . . . . . . .

.2-29

2.6.7.1

Reading and Writing Model-Specific Registers in 64-Bit Mode . . . . . . . . . .

.2-29

CHAPTER 3

PROTECTED-MODE MEMORY MANAGEMENT

3.1 MEMORY MANAGEMENT OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 3.2 USING SEGMENTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 3.2.1 Basic Flat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3 3.2.2 Protected Flat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3 3.2.3 Multi-Segment Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5 3.2.4 Segmentation in IA-32e Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6 3.2.5 Paging and Segmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6 3.3 PHYSICAL ADDRESS SPACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 3.3.1 Physical Address Space for Processors with Intel® EM64T . . . . . . . . . . . . . . . . .3-7 3.4 LOGICAL AND LINEAR ADDRESSES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 3.4.1 Logical Address Translation in IA-32e Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8 3.4.2 Segment Selectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8 3.4.3 Segment Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 3.4.4 Segment Loading Instructions in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . .3-11 3.4.5 Segment Descriptors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-12 3.4.5.1 Codeand Data-Segment Descriptor Types. . . . . . . . . . . . . . . . . . . . . . . . . .3-15 3.5 SYSTEM DESCRIPTOR TYPES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 3.5.1 Segment Descriptor Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-18 3.5.2 Segment Descriptor Tables in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-20 3.6 PAGING (VIRTUAL MEMORY) OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20 3.6.1 Paging Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-21 3.6.2 Page Tables and Directories in the Absence of Intel EM64T . . . . . . . . . . . . . . .3-22 3.7 PAGE TRANSLATION USING 32-BIT PHYSICAL ADDRESSING . . . . . . . . . . . . 3-22 3.7.1 Linear Address Translation (4-KByte Pages) . . . . . . . . . . . . . . . . . . . . . . . . . . .3-23 3.7.2 Linear Address Translation (4-MByte Pages) . . . . . . . . . . . . . . . . . . . . . . . . . . .3-24 3.7.3 Mixing 4-KByte and 4-MByte Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25 3.7.4 Memory Aliasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25 3.7.5 Base Address of the Page Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25 3.7.6 Page-Directory and Page-Table Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-26 3.7.7 Not Present Page-Directory and Page-Table Entries . . . . . . . . . . . . . . . . . . . . .3-30 3.8 36-BIT PHYSICAL ADDRESSING USING THE PAE PAGING MECHANISM . . . 3-30 3.8.1 Enhanced Legacy PAE Paging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-31 3.8.2 Linear Address Translation With PAE Enabled (4-KByte Pages) . . . . . . . . . . . .3-31 3.8.3 Linear Address Translation With PAE Enabled (2-MByte Pages) . . . . . . . . . . . .3-32

3.8.4Accessing the Full Extended Physical Address Space With the

Extended Page-Table Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-33

3.8.5Page-Directory and Page-Table Entries With Extended Addressing

Enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-34

3.936-BIT PHYSICAL ADDRESSING USING THE PSE-36 PAGING

MECHANISM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37 3.10 PAE-ENABLED PAGING IN IA-32E MODE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39 3.10.1 IA-32e Mode Linear Address Translation (4-KByte Pages). . . . . . . . . . . . . . . . .3-39 3.10.2 IA-32e Mode Linear Address Translation (2-MByte Pages) . . . . . . . . . . . . . . . .3-40 3.10.3 Enhanced Paging Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-41 3.10.3.1 Reserved Bit Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-43 3.11 MAPPING SEGMENTS TO PAGES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45 3.12 TRANSLATION LOOKASIDE BUFFERS (TLBS) . . . . . . . . . . . . . . . . . . . . . . . . . 3-46

iv Vol. 3A

CONTENTS

PAGE

CHAPTER 4

PROTECTION

4.1 ENABLING AND DISABLING SEGMENT AND PAGE PROTECTION . . . . . . . . . . 4-1

4.2FIELDS AND FLAGS USED FOR SEGMENT-LEVEL AND

PAGE-LEVEL PROTECTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 4.2.1 Code Segment Descriptor in 64-bit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 4.3 LIMIT CHECKING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 4.3.1 Limit Checking in 64-bit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 4.4 TYPE CHECKING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 4.4.1 Null Segment Selector Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 4.4.1.1 NULL Segment Checking in 64-bit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 4.5 PRIVILEGE LEVELS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 4.6 PRIVILEGE LEVEL CHECKING WHEN ACCESSING DATA SEGMENTS. . . . . . 4-11 4.6.1 Accessing Data in Code Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 4.7 PRIVILEGE LEVEL CHECKING WHEN LOADING THE SS REGISTER . . . . . . . 4-13

4.8PRIVILEGE LEVEL CHECKING WHEN TRANSFERRING PROGRAM

 

CONTROL BETWEEN CODE SEGMENTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-13

4.8.1

Direct Calls or Jumps to Code Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-14

4.8.1.1

Accessing Nonconforming Code Segments . . . . . . . . . . . . . . . . . . . . . . . . .

4-15

4.8.1.2

Accessing Conforming Code Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-16

4.8.2

Gate Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-17

4.8.3

Call Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-18

4.8.3.1

IA-32e Mode Call Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-19

4.8.4

Accessing a Code Segment Through a Call Gate . . . . . . . . . . . . . . . . . . . . . . .

4-20

4.8.5

Stack Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-23

4.8.5.1

Stack Switching in 64-bit Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-26

4.8.6

Returning from a Called Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-26

4.8.7Performing Fast Calls to System Procedures with the

SYSENTER and SYSEXIT Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 4.8.7.1 SYSENTER and SYSEXIT Instructions in IA-32e Mode. . . . . . . . . . . . . . . . 4-29 4.8.8 Fast System Calls in 64-bit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30 4.9 PRIVILEGED INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 4.10 POINTER VALIDATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 4.10.1 Checking Access Rights (LAR Instruction) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 4.10.2 Checking Read/Write Rights (VERR and VERW Instructions) . . . . . . . . . . . . . 4-34 4.10.3 Checking That the Pointer Offset Is Within Limits (LSL Instruction) . . . . . . . . . 4-34 4.10.4 Checking Caller Access Privileges (ARPL Instruction) . . . . . . . . . . . . . . . . . . . 4-35 4.10.5 Checking Alignment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 4.11 PAGE-LEVEL PROTECTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 4.11.1 Page-Protection Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 4.11.2 Restricting Addressable Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 4.11.3 Page Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 4.11.4 Combining Protection of Both Levels of Page Tables . . . . . . . . . . . . . . . . . . . . 4-39 4.11.5 Overrides to Page Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39 4.12 COMBINING PAGE AND SEGMENT PROTECTION . . . . . . . . . . . . . . . . . . . . . . 4-39 4.13 PAGE-LEVEL PROTECTION AND EXECUTE-DISABLE BIT . . . . . . . . . . . . . . . . 4-40 4.13.1 Detecting and Enabling the Execute-Disable Bit Capability. . . . . . . . . . . . . . . . 4-41 4.13.2 Execute-Disable Bit Page Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 4.13.3 Reserved Bit Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43 4.13.4 Exception Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44

Vol. 3A v

CONTENTS

PAGE

CHAPTER 5

INTERRUPT AND EXCEPTION HANDLING

5.1 INTERRUPT AND EXCEPTION OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 5.2 EXCEPTION AND INTERRUPT VECTORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 5.3 SOURCES OF INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 5.3.1 External Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-2 5.3.2 Maskable Hardware Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-4 5.3.3 Software-Generated Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-4 5.4 SOURCES OF EXCEPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 5.4.1 Program-Error Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-5 5.4.2 Software-Generated Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-5 5.4.3 Machine-Check Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-5 5.5 EXCEPTION CLASSIFICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 5.6 PROGRAM OR TASK RESTART . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 5.7 NONMASKABLE INTERRUPT (NMI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 5.7.1 Handling Multiple NMIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-8 5.8 ENABLING AND DISABLING INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 5.8.1 Masking Maskable Hardware Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-9 5.8.2 Masking Instruction Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10 5.8.3 Masking Exceptions and Interrupts When Switching Stacks. . . . . . . . . . . . . . . .5-10 5.9 PRIORITY AMONG SIMULTANEOUS EXCEPTIONS AND INTERRUPTS . . . . . 5-10 5.10 INTERRUPT DESCRIPTOR TABLE (IDT). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12 5.11 IDT DESCRIPTORS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13 5.12 EXCEPTION AND INTERRUPT HANDLING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14 5.12.1 Exceptionor Interrupt-Handler Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-15 5.12.1.1 Protection of Exceptionand Interrupt-Handler Procedures . . . . . . . . . . . . . .5-17 5.12.1.2 Flag Usage By Exceptionor Interrupt-Handler Procedure . . . . . . . . . . . . . .5-18 5.12.2 Interrupt Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-19 5.13 ERROR CODE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21 5.14 EXCEPTION AND INTERRUPT HANDLING IN 64-BIT MODE. . . . . . . . . . . . . . . 5-22 5.14.1 64-Bit Mode IDT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-22 5.14.2 64-Bit Mode Stack Frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-23 5.14.3 IRET in IA-32e Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-24 5.14.4 Stack Switching in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-24 5.14.5 Interrupt Stack Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-25 5.15 EXCEPTION AND INTERRUPT REFERENCE . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26

Interrupt 0—Divide Error Exception (#DE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-27 Interrupt 1—Debug Exception (#DB). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-28 Interrupt 2—NMI Interrupt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-29 Interrupt 3—Breakpoint Exception (#BP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-30 Interrupt 4—Overflow Exception (#OF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-31 Interrupt 5—BOUND Range Exceeded Exception (#BR) . . . . . . . . . . . . . . . . . .5-32 Interrupt 6—Invalid Opcode Exception (#UD) . . . . . . . . . . . . . . . . . . . . . . . . . . .5-33 Interrupt 7—Device Not Available Exception (#NM) . . . . . . . . . . . . . . . . . . . . . .5-35 Interrupt 8—Double Fault Exception (#DF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-37 Interrupt 9—Coprocessor Segment Overrun. . . . . . . . . . . . . . . . . . . . . . . . . . . .5-39 Interrupt 10—Invalid TSS Exception (#TS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-40 Interrupt 11—Segment Not Present (#NP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-43 Interrupt 12—Stack Fault Exception (#SS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-45 Interrupt 13—General Protection Exception (#GP) . . . . . . . . . . . . . . . . . . . . . . .5-47 Interrupt 14—Page-Fault Exception (#PF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-51

vi Vol. 3A

CONTENTS

PAGE

Interrupt 16—x87 FPU Floating-Point Error (#MF) . . . . . . . . . . . . . . . . . . . . . . 5-55 Interrupt 17—Alignment Check Exception (#AC). . . . . . . . . . . . . . . . . . . . . . . . 5-57 Interrupt 18—Machine-Check Exception (#MC) . . . . . . . . . . . . . . . . . . . . . . . . 5-59 Interrupt 19—SIMD Floating-Point Exception (#XF) . . . . . . . . . . . . . . . . . . . . . 5-61 Interrupts 32 to 255—User Defined Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . 5-64

CHAPTER 6

TASK MANAGEMENT

6.1 TASK MANAGEMENT OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 6.1.1 Task Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 6.1.2 Task State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 6.1.3 Executing a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 6.2 TASK MANAGEMENT DATA STRUCTURES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4 6.2.1 Task-State Segment (TSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4 6.2.2 TSS Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7 6.2.3 TSS Descriptor in 64-bit mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8 6.2.4 Task Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9 6.2.5 Task-Gate Descriptor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11 6.3 TASK SWITCHING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12 6.4 TASK LINKING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16 6.4.1 Use of Busy Flag To Prevent Recursive Task Switching. . . . . . . . . . . . . . . . . . 6-18 6.4.2 Modifying Task Linkages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 6.5 TASK ADDRESS SPACE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19 6.5.1 Mapping Tasks to the Linear and Physical Address Spaces. . . . . . . . . . . . . . . 6-19 6.5.2 Task Logical Address Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20 6.6 16-BIT TASK-STATE SEGMENT (TSS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21 6.7 TASK MANAGEMENT IN 64-BIT MODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23

CHAPTER 7

 

MULTIPLE-PROCESSOR MANAGEMENT

 

7.1

LOCKED ATOMIC OPERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-2

7.1.1

Guaranteed Atomic Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-3

7.1.2

Bus Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-3

7.1.2.1

Automatic Locking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-4

7.1.2.2

Software Controlled Bus Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-5

7.1.3

Handling Selfand Cross-Modifying Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-6

7.1.4

Effects of a LOCK Operation on Internal Processor Caches. . . . . . . . . . . . . . . .

7-7

7.2

MEMORY ORDERING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-7

7.2.1

Memory Ordering in the Intel® Pentium® and Intel486™ Processors . . . . . . . . .

7-8

7.2.2

Memory Ordering Pentium 4, Intel® Xeon®, and P6 Family Processors . . . . . . .

7-8

7.2.3Out-of-Order Stores For String Operations in Pentium 4, Intel Xeon,

and P6 Family Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10 7.2.4 Strengthening or Weakening the Memory Ordering Model . . . . . . . . . . . . . . . . 7-11

7.3PROPAGATION OF PAGE TABLE AND PAGE DIRECTORY

 

ENTRY CHANGES TO MULTIPLE PROCESSORS . . . . . . . . . . . . . . . . . . . . . . .

7-13

7.4

SERIALIZING INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-14

7.5

MULTIPLE-PROCESSOR (MP) INITIALIZATION . . . . . . . . . . . . . . . . . . . . . . . . .

7-15

7.5.1

BSP and AP Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-16

7.5.2MP Initialization Protocol Requirements and Restrictions

for Intel Xeon Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16 7.5.3 MP Initialization Protocol Algorithm for Intel Xeon Processors . . . . . . . . . . . . . 7-17

Vol. 3A vii

CONTENTS

 

 

PAGE

7.5.4

MP Initialization Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.7-18

7.5.4.1

Typical BSP Initialization Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.7-19

7.5.4.2

Typical AP Initialization Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.7-21

7.5.5

Identifying Logical Processors in an MP System. . . . . . . . . . . . . . . . . . . . . . . .

.7-22

7.6

HYPER-THREADING AND MULTI-CORE TECHNOLOGY . . . . . . . . . . . . . . . . .

7-23

7.7DETECTING HARDWARE MULTI-THREADING SUPPORT AND

TOPOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-24

7.7.1 Initializing IA-32 Processors Supporting Hyper-Threading Technology . . . . . . .7-24

7.7.2 Initializing Dual-Core IA-32 Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-25

7.7.3Executing Multiple Threads on an IA-32 Processor

Supporting Hardware Multi-Threading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-25

7.7.4Handling Interrupts on an IA-32 Processor

Supporting Hardware Multi-Threading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-25

7.8 INTEL® HYPER-THREADING TECHNOLOGY ARCHITECTURE . . . . . . . . . . . . 7-26

7.8.1 State of the Logical Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-27

7.8.2 APIC Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-28

7.8.3 Memory Type Range Registers (MTRR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-28

7.8.4 Page Attribute Table (PAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-29

7.8.5 Machine Check Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-29

7.8.6 Debug Registers and Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-29

7.8.7 Performance Monitoring Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-29

7.8.8 IA32_MISC_ENABLE MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30

7.8.9 Memory Ordering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30

7.8.10 Serializing Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30

7.8.11 MICROCODE UPDATE Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30

7.8.12 Self Modifying Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-31

7.8.13 Implementation-Specific HT Technology Facilities . . . . . . . . . . . . . . . . . . . . . . .7-31

7.8.13.1 Processor Caches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-31

7.8.13.2 Processor Translation Lookaside Buffers (TLBs) . . . . . . . . . . . . . . . . . . . . . .7-31

7.8.13.3 Thermal Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-32

7.8.13.4 External Signal Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-32

7.9 DUAL-CORE ARCHITECTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-33

7.9.1 Logical Processor Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-33

7.9.2 Memory Type Range Registers (MTRR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-34

7.9.3 Performance Monitoring Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-34

7.9.4 IA32_MISC_ENABLE MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-34

7.9.5 MICROCODE UPDATE Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-34

7.10PROGRAMMING CONSIDERATIONS FOR HARDWARE

MULTI-THREADING CAPABLE PROCESSORS . . . . . . . . . . . . . . . . . . . . . . . . . 7-35 7.10.1 Hierarchical Mapping of Shared Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-35 7.10.2 Identifying Logical Processors in an MP System. . . . . . . . . . . . . . . . . . . . . . . . .7-36 7.10.3 Algorithm for Three-Level Mappings of APIC_ID . . . . . . . . . . . . . . . . . . . . . . . .7-38 7.10.4 Identifying Topological Relationships in a MP System . . . . . . . . . . . . . . . . . . . .7-41 7.11 MANAGEMENT OF IDLE AND BLOCKED CONDITIONS . . . . . . . . . . . . . . . . . . 7-45 7.11.1 HLT Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-45 7.11.2 PAUSE Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-46 7.11.3 Detecting Support MONITOR/MWAIT Instruction . . . . . . . . . . . . . . . . . . . . . . . .7-46 7.11.4 MONITOR/MWAIT Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-47 7.11.5 Monitor/Mwait Address Range Determination . . . . . . . . . . . . . . . . . . . . . . . . . . .7-48 7.11.6 Required Operating System Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-49 7.11.6.1 Use the PAUSE Instruction in Spin-Wait Loops . . . . . . . . . . . . . . . . . . . . . . .7-49 7.11.6.2 Potential Usage of MONITOR/MWAIT in C0 Idle Loops . . . . . . . . . . . . . . . .7-50

viii Vol. 3A

CONTENTS

PAGE

7.11.6.3 Halt Idle Logical Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-52 7.11.6.4 Potential Usage of MONITOR/MWAIT in C1 Idle Loops. . . . . . . . . . . . . . . . 7-52

7.11.6.5Guidelines for Scheduling Threads on Logical Processors

Sharing Execution Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-53 7.11.6.6 Eliminate Execution-Based Timing Loops . . . . . . . . . . . . . . . . . . . . . . . . . . 7-53

7.11.6.7Place Locks and Semaphores in Aligned, 128-Byte Blocks of

 

Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-54

CHAPTER 8

 

ADVANCED PROGRAMMABLE INTERRUPT CONTROLLER (APIC)

 

8.1

LOCAL AND I/O APIC OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 8-1

8.2

SYSTEM BUS VS. APIC BUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-5

8.3

THE INTEL® 82489DX EXTERNAL APIC, THE APIC, AND THE XAPIC . . . . . . . .

8-5

8.4

LOCAL APIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-5

8.4.1

The Local APIC Block Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-6

8.4.2

Presence of the Local APIC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-9

8.4.3

Enabling or Disabling the Local APIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-10

8.4.4

Local APIC Status and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-11

8.4.5

Relocating the Local APIC Registers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-11

8.4.6

Local APIC ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-12

8.4.7

Local APIC State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-12

8.4.7.1

Local APIC State After Power-Up or Reset . . . . . . . . . . . . . . . . . . . . . . . . .

8-13

8.4.7.2

Local APIC State After It Has Been Software Disabled . . . . . . . . . . . . . . . .

8-13

8.4.7.3

Local APIC State After an INIT Reset (“Wait-for-SIPI” State) . . . . . . . . . . . .

8-14

8.4.7.4

Local APIC State After It Receives an INIT-Deassert IPI . . . . . . . . . . . . . . .

8-14

8.4.8

Local APIC Version Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-14

8.5

HANDLING LOCAL INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-15

8.5.1

Local Vector Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-15

8.5.2

Valid Interrupt Vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-18

8.5.3

Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-19

8.5.4

APIC Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-20

8.5.5

Local Interrupt Acceptance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-22

8.6

ISSUING INTERPROCESSOR INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-22

8.6.1

Interrupt Command Register (ICR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-22

8.6.2

Determining IPI Destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-28

8.6.2.1

Physical Destination Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-28

8.6.2.2

Logical Destination Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-29

8.6.2.3

Broadcast/Self Delivery Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-31

8.6.2.4

Lowest Priority Delivery Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-31

8.6.3

IPI Delivery and Acceptance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-32

8.7

SYSTEM AND APIC BUS ARBITRATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-32

8.8

HANDLING INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-33

8.8.1

Interrupt Handling with the Pentium 4 and Intel Xeon Processors. . . . . . . . . . .

8-33

8.8.2

Interrupt Handling with the P6 Family and Pentium Processors . . . . . . . . . . . .

8-34

8.8.3

Interrupt, Task, and Processor Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-36

8.8.3.1

Task and Processor Priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-37

8.8.4

Interrupt Acceptance for Fixed Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-38

8.8.5

Signaling Interrupt Servicing Completion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-40

8.8.6

Task Priority in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-40

8.8.6.1

Interaction of Task Priorities between CR8 and APIC . . . . . . . . . . . . . . . . .

8-41

8.9

SPURIOUS INTERRUPT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8-41

Vol. 3A ix

CONTENTS

PAGE

8.10APIC BUS MESSAGE PASSING MECHANISM AND

PROTOCOL (P6 FAMILY, PENTIUM PROCESSORS). . . . . . . . . . . . . . . . . . . . . 8-42

8.10.1 Bus Message Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-43

8.11 MESSAGE SIGNALLED INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-43

8.11.1 Message Address Register Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-44

8.11.2 Message Data Register Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-45

CHAPTER 9

 

PROCESSOR MANAGEMENT AND INITIALIZATION

 

9.1

INITIALIZATION OVERVIEW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-1

9.1.1

Processor State After Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.9-2

9.1.2

Processor Built-In Self-Test (BIST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.9-2

9.1.3

Model and Stepping Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.9-5

9.1.4

First Instruction Executed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.9-6

9.2

X87 FPU INITIALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-6

9.2.1

Configuring the x87 FPU Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.9-6

9.2.2

Setting the Processor for x87 FPU Software Emulation . . . . . . . . . . . . . . . . . . .

.9-7

9.3

CACHE ENABLING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-8

9.4

MODEL-SPECIFIC REGISTERS (MSRS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-9

9.5

MEMORY TYPE RANGE REGISTERS (MTRRS) . . . . . . . . . . . . . . . . . . . . . . . . . .

9-9

9.6

INITIALIZING SSE/SSE2/SSE3 EXTENSIONS. . . . . . . . . . . . . . . . . . . . . . . . . . .

9-10

9.7

SOFTWARE INITIALIZATION FOR REAL-ADDRESS MODE OPERATION . . . .

9-10

9.7.1

Real-Address Mode IDT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-11

9.7.2

NMI Interrupt Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-11

9.8

SOFTWARE INITIALIZATION FOR PROTECTED-MODE OPERATION . . . . . . .

9-11

9.8.1

Protected-Mode System Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-12

9.8.2

Initializing Protected-Mode Exceptions and Interrupts . . . . . . . . . . . . . . . . . . . .

9-13

9.8.3

Initializing Paging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-13

9.8.4

Initializing Multitasking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-13

9.8.5

Initializing IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-14

9.8.5.1

IA-32e Mode System Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-15

9.8.5.2

IA-32e Mode Interrupts and Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-15

9.8.5.3

64-bit Mode and Compatibility Mode Operation . . . . . . . . . . . . . . . . . . . . . . .

9-15

9.8.5.4

Switching Out of IA-32e Mode Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-16

9.9

MODE SWITCHING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-17

9.9.1

Switching to Protected Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-17

9.9.2

Switching Back to Real-Address Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-18

9.10

INITIALIZATION AND MODE SWITCHING EXAMPLE . . . . . . . . . . . . . . . . . . . . .

9-20

9.10.1

Assembler Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-22

9.10.2

STARTUP.ASM Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-23

9.10.3

MAIN.ASM Source Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-33

9.10.4

Supporting Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-33

9.11

MICROCODE UPDATE FACILITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-35

9.11.1

Microcode Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-36

9.11.2

Optional Extended Signature Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-40

9.11.3

Processor Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-41

9.11.4

Platform Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-42

9.11.5

Microcode Update Checksum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-43

9.11.6

Microcode Update Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-44

9.11.6.1

Hard Resets in Update Loading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-45

9.11.6.2

Update in a Multiprocessor System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9-45

9.11.6.3

Update in a System Supporting Intel Hyper-Threading Technology. . . . . . . .

9-46

x Vol. 3A

CONTENTS

PAGE

9.11.6.4 Update in a System Supporting Dual-Core Technology . . . . . . . . . . . . . . . . 9-46 9.11.6.5 Update Loader Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-46 9.11.7 Update Signature and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-46 9.11.7.1 Determining the Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-47 9.11.7.2 Authenticating the Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-48

9.11.8Pentium 4, Intel Xeon, and P6 Family Processor

Microcode Update Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-49 9.11.8.1 Responsibilities of the BIOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-49 9.11.8.2 Responsibilities of the Calling Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-51 9.11.8.3 Microcode Update Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-54 9.11.8.4 INT 15H-based Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-55 9.11.8.5 Function 00H—Presence Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-55 9.11.8.6 Function 01H—Write Microcode Update Data . . . . . . . . . . . . . . . . . . . . . . . 9-56 9.11.8.7 Function 02H—Microcode Update Control . . . . . . . . . . . . . . . . . . . . . . . . . . 9-61 9.11.8.8 Function 03H—Read Microcode Update Data . . . . . . . . . . . . . . . . . . . . . . . 9-62 9.11.8.9 Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-63

CHAPTER 10

MEMORY CACHE CONTROL

10.1 INTERNAL CACHES, TLBS, AND BUFFERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1 10.2 CACHING TERMINOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 10.3 METHODS OF CACHING AVAILABLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5 10.3.1 Buffering of Write Combining Memory Locations. . . . . . . . . . . . . . . . . . . . . . . . 10-8 10.3.2 Choosing a Memory Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9 10.4 CACHE CONTROL PROTOCOL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10 10.5 CACHE CONTROL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10 10.5.1 Cache Control Registers and Bits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11 10.5.2 Precedence of Cache Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15

10.5.2.1Selecting Memory Types for Pentium Pro and Pentium II

Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16

10.5.2.2Selecting Memory Types for Pentium 4, Intel Xeon,

 

and Pentium III Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-17

10.5.2.3

Writing Values Across Pages with Different Memory Types. . . . . . . . . . . .

10-18

10.5.3

Preventing Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-18

10.5.4

Disabling and Enabling the L3 Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-19

10.5.5

Cache Management Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-19

10.5.6

L1 Data Cache Context Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-20

10.5.6.1

Adaptive Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-21

10.5.6.2

Shared Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-21

10.6

SELF-MODIFYING CODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-21

10.7IMPLICIT CACHING (PENTIUM 4, INTEL XEON,

AND P6 FAMILY PROCESSORS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22 10.8 EXPLICIT CACHING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22 10.9 INVALIDATING THE TRANSLATION LOOKASIDE BUFFERS (TLBS) . . . . . . . 10-23 10.10 STORE BUFFER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-24 10.11 MEMORY TYPE RANGE REGISTERS (MTRRS) . . . . . . . . . . . . . . . . . . . . . . . . 10-24 10.11.1 MTRR Feature Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-26 10.11.2 Setting Memory Ranges with MTRRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27 10.11.2.1 IA32_MTRR_DEF_TYPE MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27 10.11.2.2 Fixed Range MTRRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-28 10.11.2.3 Variable Range MTRRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-29 10.11.3 Example Base and Mask Calculations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32

Vol. 3A xi

CONTENTS

PAGE

10.11.3.1 Base and Mask Calculations with Intel EM64T. . . . . . . . . . . . . . . . . . . . . . .10-33 10.11.4 Range Size and Alignment Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-34 10.11.4.1 MTRR Precedences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-34 10.11.5 MTRR Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-35 10.11.6 Remapping Memory Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-35 10.11.7 MTRR Maintenance Programming Interface . . . . . . . . . . . . . . . . . . . . . . . . . . .10-36 10.11.7.1 MemTypeGet() Function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-36 10.11.7.2 MemTypeSet() Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-37 10.11.8 MTRR Considerations in MP Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-39 10.11.9 Large Page Size Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-40 10.12 PAGE ATTRIBUTE TABLE (PAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-41 10.12.1 Detecting Support for the PAT Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-41 10.12.2 IA32_CR_PAT MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-42 10.12.3 Selecting a Memory Type from the PAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-43 10.12.4 Programming the PAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-43 10.12.5 PAT Compatibility with Earlier IA-32 Processors. . . . . . . . . . . . . . . . . . . . . . . .10-45

CHAPTER 11

INTEL® MMX™ TECHNOLOGY SYSTEM PROGRAMMING

11.1 EMULATION OF THE MMX INSTRUCTION SET . . . . . . . . . . . . . . . . . . . . . . . . . 11-1 11.2 THE MMX STATE AND MMX REGISTER ALIASING . . . . . . . . . . . . . . . . . . . . . . 11-1

11.2.1Effect of MMX, x87 FPU, FXSAVE, and FXRSTOR

Instructions on the x87 FPU Tag Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-3 11.3 SAVING AND RESTORING THE MMX STATE AND REGISTERS . . . . . . . . . . . 11-4 11.4 SAVING MMX STATE ON TASK OR CONTEXT SWITCHES . . . . . . . . . . . . . . . 11-5

11.5.EXCEPTIONS THAT CAN OCCUR WHEN EXECUTING MMX

INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5 11.5.1 Effect of MMX Instructions on Pending x87 Floating-Point Exceptions. . . . . . . .11-6 11.6 DEBUGGING MMX CODE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6

CHAPTER 12

SSE, SSE2 AND SSE3 SYSTEM PROGRAMMING

12.1PROVIDING OPERATING SYSTEM SUPPORT FOR

SSE/SSE2/SSE3 EXTENSIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 12.1.1 Adding Support to an Operating System for SSE/SSE2/SSE3 Extensions. . . . .12-1 12.1.2 Checking for SSE/SSE2/SSE3 Extension Support . . . . . . . . . . . . . . . . . . . . . . .12-2 12.1.3 Checking for Support for the FXSAVE and FXRSTOR Instructions . . . . . . . . . .12-2 12.1.4 Initialization of the SSE/SSE2/SSE3 Extensions. . . . . . . . . . . . . . . . . . . . . . . . .12-2

12.1.5Providing Non-Numeric Exception Handlers for Exceptions Generated

by the SSE/SSE2/SSE3 Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-4 12.1.6 Providing an Handler for the SIMD Floating-Point Exception (#XF) . . . . . . . . . .12-5 12.1.6.1 Numeric Error flag and IGNNE# . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-6 12.2 EMULATION OF SSE/SSE2/SSE3 EXTENSIONS . . . . . . . . . . . . . . . . . . . . . . . . 12-6 12.3 SAVING AND RESTORING THE SSE/SSE2/SSE3 STATE . . . . . . . . . . . . . . . . . 12-6

12.4SAVING THE SSE/SSE2/SSE3 STATE ON TASK

OR CONTEXT SWITCHES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7

12.5DESIGNING OS FACILITIES FOR AUTOMATICALLY SAVING X87 FPU,

MMX, AND SSE/SSE2/SSE3 STATE ON TASK OR CONTEXT SWITCHES. . . . 12-7

12.5.1.Using the TS Flag to Control the Saving of the

x87 FPU, MMX, SSE, SSE2 and SSE3 State . . . . . . . . . . . . . . . . . . . . . . . . . . .12-8

xii Vol. 3A

CONTENTS

PAGE

CHAPTER 13

POWER AND THERMAL MANAGEMENT

13.1 ENHANCED INTEL SPEEDSTEP® TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . . 13-1 13.1.1 Software Interface For Initiating Performance State Transitions . . . . . . . . . . . . 13-1 13.2 THERMAL MONITORING AND PROTECTION. . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2 13.2.1 Catastrophic Shutdown Detector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2 13.2.2 Thermal Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 13.2.2.1 Thermal Monitor 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 13.2.2.2 Thermal Monitor 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 13.2.2.3 Performance State Transitions and Thermal Monitoring. . . . . . . . . . . . . . . . 13-4 13.2.2.4 Thermal Status Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5 13.2.3 Software Controlled Clock Modulation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-6

13.2.4Detection of Thermal Monitor and Software Controlled

Clock Modulation Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8

CHAPTER 14

MACHINE-CHECK ARCHITECTURE

14.1 MACHINE-CHECK EXCEPTIONS AND ARCHITECTURE . . . . . . . . . . . . . . . . . . 14-1 14.2 COMPATIBILITY WITH PENTIUM PROCESSOR . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 14.3 MACHINE-CHECK MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2 14.3.1 Machine-Check Global Control MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2 14.3.1.1 IA32_MCG_CAP MSR (Pentium 4 and Intel Xeon Processors) . . . . . . . . . . 14-2 14.3.1.2 MCG_CAP MSR (P6 Family Processors). . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 14.3.1.3 IA32_MCG_STATUS MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4 14.3.1.4 IA32_MCG_CTL MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 14.3.2 Error-Reporting Register Banks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 14.3.2.1 IA32_MCi_CTL MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 14.3.2.2 IA32_MCi_STATUS MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 14.3.2.3 IA32_MCi_ADDR MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7 14.3.2.4 IA32_MCi_MISC MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8 14.3.2.5 IA32_MCG Extended Machine Check State MSRs . . . . . . . . . . . . . . . . . . . 14-8

14.3.3Mapping of the Pentium Processor Machine-Check Errors

 

to the Machine-Check Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-11

14.4

MACHINE-CHECK AVAILABILITY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-11

14.5

MACHINE-CHECK INITIALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-11

14.6. INTERPRETING THE MCA ERROR CODES . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-13

14.6.1

Simple Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-13

14.6.2

Compound Error Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-14

14.6.3

Machine-Check Error Codes Interpretation . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-17

14.7

GUIDELINES FOR WRITING MACHINE-CHECK SOFTWARE . . . . . . . . . . . . .

14-17

14.7.1

Machine-Check Exception Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-18

14.7.2

Enabling BINIT# Drive and BINIT# Observation . . . . . . . . . . . . . . . . . . . . . . .

14-19

14.7.3

Pentium Processor Machine-Check Exception Handling. . . . . . . . . . . . . . . . .

14-20

14.7.4

Logging Correctable Machine-Check Errors . . . . . . . . . . . . . . . . . . . . . . . . . .

14-20

CHAPTER 15 8086 EMULATION

15.1 REAL-ADDRESS MODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 15.1.1 Address Translation in Real-Address Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3 15.1.2 Registers Supported in Real-Address Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4 15.1.3 Instructions Supported in Real-Address Mode . . . . . . . . . . . . . . . . . . . . . . . . . 15-4 15.1.4 Interrupt and Exception Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-6

Vol. 3A xiii

CONTENTS

PAGE

15.2 VIRTUAL-8086 MODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7 15.2.1 Enabling Virtual-8086 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-9 15.2.2 Structure of a Virtual-8086 Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-9 15.2.3 Paging of Virtual-8086 Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-10 15.2.4 Protection within a Virtual-8086 Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-11 15.2.5 Entering Virtual-8086 Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-11 15.2.6 Leaving Virtual-8086 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-13 15.2.7 Sensitive Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-14 15.2.8 Virtual-8086 Mode I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-14 15.2.8.1 I/O-Port-Mapped I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-14 15.2.8.2 Memory-Mapped I/O. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-15 15.2.8.3 Special I/O Buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-15

15.3INTERRUPT AND EXCEPTION HANDLING

IN VIRTUAL-8086 MODE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15

15.3.1Class 1—Hardware Interrupt and Exception Handling

in Virtual-8086 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-17

15.3.1.1Handling an Interrupt or Exception Through a

Protected-Mode Trap or Interrupt Gate . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-17

15.3.1.2Handling an Interrupt or Exception With an

8086 Program Interrupt or Exception Handler . . . . . . . . . . . . . . . . . . . . . . .15-19 15.3.1.3 Handling an Interrupt or Exception Through a Task Gate . . . . . . . . . . . . . .15-20

15.3.2Class 2—Maskable Hardware Interrupt Handling in

Virtual-8086 Mode Using the Virtual Interrupt Mechanism . . . . . . . . . . . . . . . .15-20 15.3.3 Class 3—Software Interrupt Handling in Virtual-8086 Mode . . . . . . . . . . . . . . .15-23 15.3.3.1 Method 1: Software Interrupt Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-25 15.3.3.2 Methods 2 and 3: Software Interrupt Handling . . . . . . . . . . . . . . . . . . . . . . .15-26 15.3.3.3 Method 4: Software Interrupt Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-26 15.3.3.4 Method 5: Software Interrupt Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-26 15.3.3.5 Method 6: Software Interrupt Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-27 15.4 PROTECTED-MODE VIRTUAL INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . 15-28

CHAPTER 16

MIXING 16-BIT AND 32-BIT CODE

16.1 DEFINING 16-BIT AND 32-BIT PROGRAM MODULES . . . . . . . . . . . . . . . . . . . . 16-2 16.2 MIXING 16-BIT AND 32-BIT OPERATIONS WITHIN A CODE SEGMENT . . . . . 16-2 16.3 SHARING DATA AMONG MIXED-SIZE CODE SEGMENTS . . . . . . . . . . . . . . . . 16-3 16.4 TRANSFERRING CONTROL AMONG MIXED-SIZE CODE SEGMENTS . . . . . . 16-4 16.4.1 Code-Segment Pointer Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-5 16.4.2 Stack Management for Control Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-5 16.4.2.1 Controlling the Operand-Size Attribute For a Call . . . . . . . . . . . . . . . . . . . . .16-7 16.4.2.2 Passing Parameters With a Gate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-7 16.4.3 Interrupt Control Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-8 16.4.4 Parameter Translation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-8 16.4.5 Writing Interface Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-8

CHAPTER 17

IA-32 ARCHITECTURE COMPATIBILITY

17.1. IA-32 PROCESSOR FAMILIES AND CATEGORIES . . . . . . . . . . . . . . . . . . . . . . 17-1 17.2. RESERVED BITS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 17.3. ENABLING NEW FUNCTIONS AND MODES . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2

17.4.DETECTING THE PRESENCE OF NEW FEATURES THROUGH SOFTWARE . 17-2

17.5. INTEL MMX TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3

xiv Vol. 3A

CONTENTS

PAGE

17.6. STREAMING SIMD EXTENSIONS (SSE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3 17.7. STREAMING SIMD EXTENSIONS 2 (SSE2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3 17.8. STREAMING SIMD EXTENSIONS 3 (SSE3). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3 17.9. HYPER-THREADING TECHNOLOGY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-4 17.10. DUAL-CORE TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-4 17.11. SPECIFIC FEATURES OF DUAL-CORE PROCESSOR . . . . . . . . . . . . . . . . . . . 17-4 17.12. NEW INSTRUCTIONS IN THE PENTIUM AND LATER IA-32 PROCESSORS . . 17-4 17.12.1. Instructions Added Prior to the Pentium Processor . . . . . . . . . . . . . . . . . . . . . . 17-5 17.13. OBSOLETE INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-6 17.14. UNDEFINED OPCODES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-6 17.15. NEW FLAGS IN THE EFLAGS REGISTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-6 17.15.1. Using EFLAGS Flags to Distinguish Between 32-Bit IA-32 Processors . . . . . . 17-7 17.16. STACK OPERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-7 17.16.1. PUSH SP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-7 17.16.2. EFLAGS Pushed on the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8 17.17. X87 FPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8 17.17.1. Control Register CR0 Flags. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8 17.17.2. x87 FPU Status Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-9 17.17.2.1. Condition Code Flags (C0 through C3). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-9 17.17.2.2. Stack Fault Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-10 17.17.3. x87 FPU Control Word. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-10 17.17.4. x87 FPU Tag Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-10 17.17.5. Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-11 17.17.5.1. NaNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-11 17.17.5.2. Pseudo-zero, Pseudo-NaN, Pseudo-infinity, and Unnormal Formats. . . . . 17-11 17.17.6. Floating-Point Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-11 17.17.6.1. Denormal Operand Exception (#D). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-11 17.17.6.2. Numeric Overflow Exception (#O) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-12 17.17.6.3. Numeric Underflow Exception (#U). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-12 17.17.6.4. Exception Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-13 17.17.6.5. CS and EIP For FPU Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-13 17.17.6.6. FPU Error Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-13 17.17.6.7. Assertion of the FERR# Pin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-13 17.17.6.8. Invalid Operation Exception On Denormals . . . . . . . . . . . . . . . . . . . . . . . . 17-14 17.17.6.9. Alignment Check Exceptions (#AC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-14 17.17.6.10. Segment Not Present Exception During FLDENV . . . . . . . . . . . . . . . . . . . 17-14 17.17.6.11. Device Not Available Exception (#NM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-14 17.17.6.12. Coprocessor Segment Overrun Exception . . . . . . . . . . . . . . . . . . . . . . . . . 17-14 17.17.6.13. General Protection Exception (#GP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-14 17.17.6.14. Floating-Point Error Exception (#MF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15 17.17.7. Changes to Floating-Point Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15 17.17.7.1. FDIV, FPREM, and FSQRT Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15 17.17.7.2. FSCALE Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15 17.17.7.3. FPREM1 Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15 17.17.7.4. FPREM Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15 17.17.7.5. FUCOM, FUCOMP, and FUCOMPP Instructions. . . . . . . . . . . . . . . . . . . . 17-16 17.17.7.6. FPTAN Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16 17.17.7.7. Stack Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16 17.17.7.8. FSIN, FCOS, and FSINCOS Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16 17.17.7.9. FPATAN Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16 17.17.7.10. F2XM1 Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16 17.17.7.11. FLD Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-17

Vol. 3A xv

CONTENTS

PAGE

17.17.7.12. FXTRACT Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-17 17.17.7.13. Load Constant Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-17 17.17.7.14. FSETPM Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-17 17.17.7.15. FXAM Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-18 17.17.7.16. FSAVE and FSTENV Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-18 17.17.8. Transcendental Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-18 17.17.9. Obsolete Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-18 17.17.10. WAIT/FWAIT Prefix Differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-18 17.17.11. Operands Split Across Segments and/or Pages . . . . . . . . . . . . . . . . . . . . . . . .17-19 17.17.12. FPU Instruction Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-19 17.18. SERIALIZING INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-19 17.19. FPU AND MATH COPROCESSOR INITIALIZATION . . . . . . . . . . . . . . . . . . . . . 17-19 17.19.1. Intel® 387 and Intel® 287 Math Coprocessor Initialization. . . . . . . . . . . . . . . . .17-20 17.19.2. Intel486 SX Processor and Intel 487 SX Math Coprocessor Initialization . . . . .17-20 17.20. CONTROL REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-21 17.21. MEMORY MANAGEMENT FACILITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-23 17.21.1. New Memory Management Control Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-23 17.21.1.1. Physical Memory Addressing Extension. . . . . . . . . . . . . . . . . . . . . . . . . . . .17-23 17.21.1.2. Global Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-23 17.21.1.3. Larger Page Sizes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-24 17.21.2. CD and NW Cache Control Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-24 17.21.3. Descriptor Types and Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-24 17.21.4. Changes in Segment Descriptor Loads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-24 17.22. DEBUG FACILITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-24 17.22.1. Differences in Debug Register DR6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-24 17.22.2. Differences in Debug Register DR7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-25 17.22.3. Debug Registers DR4 and DR5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-25 17.23. RECOGNITION OF BREAKPOINTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-25 17.24. EXCEPTIONS AND/OR EXCEPTION CONDITIONS . . . . . . . . . . . . . . . . . . . . . 17-26 17.24.1. Machine-Check Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-27 17.24.2. Priority OF Exceptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-27 17.25. INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-28 17.25.1. Interrupt Propagation Delay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-28 17.25.2. NMI Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-28 17.25.3. IDT Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-28 17.26. ADVANCED PROGRAMMABLE INTERRUPT CONTROLLER (APIC). . . . . . . . 17-28

17.26.1.Software Visible Differences Between the Local APIC and the

82489DX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-29

17.26.2.New Features Incorporated in the Local APIC for the P6 Family and

Pentium Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-30

17.26.3.New Features Incorporated in the Local APIC of the Pentium 4 and

Intel Xeon Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-30 17.27. TASK SWITCHING AND TSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-30 17.27.1. P6 Family and Pentium Processor TSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-30 17.27.2. TSS Selector Writes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-31 17.27.3. Order of Reads/Writes to the TSS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-31 17.27.4. Using A 16-Bit TSS with 32-Bit Constructs . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-31 17.27.5. Differences in I/O Map Base Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-31 17.28. CACHE MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-32 17.28.1. Self-Modifying Code with Cache Enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-33 17.28.2. Disabling the L3 Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-34 17.29. PAGING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-34

xvi Vol. 3A

CONTENTS

PAGE

17.29.1. Large Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-34 17.29.2. PCD and PWT Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-34 17.29.3. Enabling and Disabling Paging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-35 17.30. STACK OPERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-35 17.30.1. Selector Pushes and Pops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-35 17.30.2. Error Code Pushes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-36 17.30.3. Fault Handling Effects on the Stack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-36 17.30.4. Interlevel RET/IRET From a 16-Bit Interrupt or Call Gate . . . . . . . . . . . . . . . . 17-36 17.31. MIXING 16AND 32-BIT SEGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-36 17.32. SEGMENT AND ADDRESS WRAPAROUND. . . . . . . . . . . . . . . . . . . . . . . . . . . 17-37 17.32.1. Segment Wraparound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-38 17.33. STORE BUFFERS AND MEMORY ORDERING . . . . . . . . . . . . . . . . . . . . . . . . 17-38 17.34. BUS LOCKING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-40 17.35. BUS HOLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-40 17.36. MODEL-SPECIFIC EXTENSIONS TO THE IA-32 . . . . . . . . . . . . . . . . . . . . . . . 17-40 17.36.1. Model-Specific Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-40 17.36.2. RDMSR and WRMSR Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-41 17.36.3. Memory Type Range Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-41 17.36.4. Machine-Check Exception and Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 17-42 17.36.5. Performance-Monitoring Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-42 17.37. TWO WAYS TO RUN INTEL 286 PROCESSOR TASKS . . . . . . . . . . . . . . . . . . 17-43

CHAPTER 18

DEBUGGING AND PERFORMANCE MONITORING

18.1 OVERVIEW OF THE DEBUGGING SUPPORT FACILITIES. . . . . . . . . . . . . . . . . 18-1 18.2 DEBUG REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2 18.2.1 Debug Address Registers (DR0-DR3). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-3 18.2.2 Debug Registers DR4 and DR5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4 18.2.3 Debug Status Register (DR6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4 18.2.4 Debug Control Register (DR7). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-5 18.2.5 Breakpoint Field Recognition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-6 18.2.6 Debug Registers and Intel EM64T. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-7 18.3 DEBUG EXCEPTIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-7 18.3.1 Debug Exception (#DB)—Interrupt Vector 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-8 18.3.1.1 Instruction-Breakpoint Exception Condition . . . . . . . . . . . . . . . . . . . . . . . . . 18-9 18.3.1.2 Data Memory and I/O Breakpoint Exception Conditions. . . . . . . . . . . . . . . 18-10 18.3.1.3 General-Detect Exception Condition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-11 18.3.1.4 Single-Step Exception Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-11 18.3.1.5 Task-Switch Exception Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-11 18.3.2 Breakpoint Exception (#BP)—Interrupt Vector 3 . . . . . . . . . . . . . . . . . . . . . . . 18-12 18.4 LAST BRANCH RECORDING OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-12

18.5LAST BRANCH, INTERRUPT, AND EXCEPTION RECORDING

(PENTIUM 4 AND INTEL XEON PROCESSORS). . . . . . . . . . . . . . . . . . . . . . . . 18-12 18.5.1 CPL-Qualified Last Branch Recording Mechanism . . . . . . . . . . . . . . . . . . . . . 18-13 18.5.2 MSR_DEBUGCTLA MSR (Pentium 4 and Intel Xeon Processors) . . . . . . . . . 18-15 18.5.3 LBR Stack (Pentium 4 and Intel Xeon Processors) . . . . . . . . . . . . . . . . . . . . . 18-16 18.5.3.1 LBR Stack and Intel EM64T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-18

18.5.4Monitoring Branches, Exceptions, and Interrupts (Pentium 4 and

Intel Xeon Processors) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-18 18.5.5 Single-Stepping on Branches, Exceptions, and Interrupts . . . . . . . . . . . . . . . 18-18 18.5.6 Branch Trace Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-19 18.5.7 Last Exception Records (Pentium 4 and Intel Xeon Processors) . . . . . . . . . . 18-19

Vol. 3A xvii

CONTENTS

PAGE

18.5.7.1 Last Exception Records and Intel EM64T . . . . . . . . . . . . . . . . . . . . . . . . . .18-19 18.5.8 Branch Trace Store (BTS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-19 18.5.8.1 Detection of the BTS Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-20 18.5.8.2 Setting Up the DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-20 18.5.8.3 Setting Up the BTS Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-21 18.5.8.4 Setting Up CPL-Qualified BTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-22 18.5.8.5 Writing the DS Interrupt Service Routine . . . . . . . . . . . . . . . . . . . . . . . . . . .18-22

18.6LAST BRANCH, INTERRUPT, AND EXCEPTION

RECORDING (PENTIUM M PROCESSORS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-23

18.7LAST BRANCH, INTERRUPT, AND EXCEPTION

RECORDING (P6 FAMILY PROCESSORS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-25 18.7.1 DebugCtlMSR Register (P6 Family Processors). . . . . . . . . . . . . . . . . . . . . . . .18-25 18.7.2 Last Branch and Last Exception MSRs (P6 Family Processors). . . . . . . . . . . .18-26

18.7.3Monitoring Branches, Exceptions, and Interrupts (P6 Family

Processors) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-27 18.8 TIME-STAMP COUNTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-28 18.9 PERFORMANCE MONITORING OVERVIEW. . . . . . . . . . . . . . . . . . . . . . . . . . . 18-29

18.10PERFORMANCE MONITORING (PENTIUM 4

AND INTEL XEON PROCESSORS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-30 18.10.1 ESCR MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-33 18.10.2 Performance Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-35 18.10.3 CCCR MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-36 18.10.4 Debug Store (DS) Mechanism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-38 18.10.5 DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-39 18.10.5.1 DS Save Area and IA-32e Mode Operation . . . . . . . . . . . . . . . . . . . . . . . . .18-42 18.10.6 Programming the Performance Counters for Non-Retirement Events . . . . . . .18-43 18.10.6.1 Selecting Events to Count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-44 18.10.6.2 Filtering Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-47 18.10.6.3 Starting Event Counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-48 18.10.6.4 Reading a Performance Counter’s Count. . . . . . . . . . . . . . . . . . . . . . . . . . .18-48 18.10.6.5 Halting Event Counting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-49 18.10.6.6 Cascading Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-49 18.10.6.7 EXTENDED CASCADING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-50 18.10.6.8 EXTENDED CASCADING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-51 18.10.6.9 Generating an Interrupt on Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-51 18.10.6.10 Counter Usage Guideline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-52 18.10.7 At-Retirement Counting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-52 18.10.7.1 Using At-Retirement Counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-54 18.10.7.2 Tagging Mechanism for Front_end_event . . . . . . . . . . . . . . . . . . . . . . . . . .18-55 18.10.7.3 Tagging Mechanism For Execution_event . . . . . . . . . . . . . . . . . . . . . . . . . .18-55 18.10.7.4 Tagging Mechanism for Replay_event . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-56 18.10.8 Precise Event-Based Sampling (PEBS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-56 18.10.8.1 Detection of the Availability of the PEBS Facilities . . . . . . . . . . . . . . . . . . . .18-56 18.10.8.2 Setting Up the DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-57 18.10.8.3 Setting Up the PEBS Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-57 18.10.8.4 Writing a PEBS Interrupt Service Routine . . . . . . . . . . . . . . . . . . . . . . . . . .18-57 18.10.8.5 Other DS Mechanism Implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-57 18.10.9 Counting Clocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-57 18.10.9.1 Non-Halted Clockticks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-58 18.10.9.2 Non-Sleep Clockticks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-59 18.10.9.3 Incrementing the Time-Stamp Counter. . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-59 18.10.10 Operating System Implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-60

xviii Vol. 3A

CONTENTS

PAGE

18.11PERFORMANCE MONITORING AND HYPER-THREADING

 

TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-60

18.11.1

ESCR MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-61

18.11.2

CCCR MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-62

18.11.3

IA32_PEBS_ENABLE MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-64

18.11.4

Performance Monitoring Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-64

18.12 PERFORMANCE MONITORING AND DUAL-CORE TECHNOLOGY . . . . . . . .

18-66

18.13PERFORMANCE MONITORING ON 64-BIT INTEL XEON PROCESSOR

MP WITH UP TO 8-MBYTE L3 CACHE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-66

18.14PERFORMANCE MONITORING (P6 FAMILY

 

PROCESSOR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-70

18.14.1

PerfEvtSel0 and PerfEvtSel1 MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-71

18.14.2

PerfCtr0 and PerfCtr1 MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-72

18.14.3

Starting and Stopping the Performance-Monitoring Counters . . . . . . . . . . . . .

18-73

18.14.4

Event and Time-Stamp Monitoring Software . . . . . . . . . . . . . . . . . . . . . . . . . .

18-73

18.14.5

Monitoring Counter Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-74

18.15 PERFORMANCE MONITORING (PENTIUM PROCESSORS) . . . . . . . . . . . . . .

18-74

18.15.1

Control and Event Select Register (CESR) . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-75

18.15.2

Use of the Performance-Monitoring Pins. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-76

18.15.3

Events Counted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-77

CHAPTER 19

INTRODUCTION TO VIRTUAL-MACHINE EXTENSIONS

19.1 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 19.2 VIRTUAL MACHINE ARCHITECTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 19.3 INTRODUCTION TO VMX OPERATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 19.4 LIFE CYCLE OF VMM SOFTWARE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2 19.5 VIRTUAL-MACHINE CONTROL STRUCTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 19.6 DISCOVERING SUPPORT FOR VMX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 19.7 ENABLING AND ENTERING VMX OPERATION . . . . . . . . . . . . . . . . . . . . . . . . . 14-4 19.8 RESTRICTIONS ON VMX OPERATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5

CHAPTER 20

VIRTUAL-MACHINE CONTROL STRUCTURES

20.1 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1 20.2 FORMAT OF THE VMCS REGION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-2 20.3 ORGANIZATION OF VMCS DATA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-3 20.4 GUEST-STATE AREA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-3 20.4.1 Guest Register State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-3 20.4.2 Guest Non-Register State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-6 20.5 HOST-STATE AREA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-8 20.6 VM-EXECUTION CONTROL FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-9 20.6.1 Pin-Based VM-Execution Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-9 20.6.2 Processor-Based VM-Execution Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-9 20.6.3 Exception Bitmap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-11 20.6.4 I/O-Bitmap Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-11 20.6.5 Time-Stamp Counter Offset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-12 20.6.6 Guest/Host Masks and Read Shadows for CR0 and CR4. . . . . . . . . . . . . . . . 20-12 20.6.7 CR3-Target Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-12 20.6.8 Controls for CR8 Accesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-13 20.6.9 MSR-Bitmap Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-13 20.6.10 Executive-VMCS Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-14

Vol. 3A xix

CONTENTS

PAGE

20.7 VM-EXIT CONTROL FIELDS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-14 20.7.1 VM-Exit Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-14 20.7.2 VM-Exit Controls for MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-15 20.8 VM-ENTRY CONTROL FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-15 20.8.1 VM-Entry Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-16 20.8.2 VM-Entry Controls for MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-16 20.8.3 VM-Entry Controls for Event Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-17 20.9 VM-EXIT INFORMATION FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-18 20.9.1 Basic VM-Exit Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-18 20.9.2 Information for VM Exits Due to Vectored Events . . . . . . . . . . . . . . . . . . . . . . .20-19 20.9.3 Information for VM Exits That Occur During Event Delivery . . . . . . . . . . . . . . .20-19 20.9.4 Information for VM Exits Due to Instruction Execution . . . . . . . . . . . . . . . . . . .20-20 20.9.5 VM-Instruction Error Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-22 20.10 SOFTWARE ACCESS TO THE VMCS AND RELATED STRUCTURES . . . . . . 20-22 20.10.1 Software Access to the Virtual-Machine Control Structure . . . . . . . . . . . . . . . .20-22 20.10.2 VMREAD, VMWRITE, and Encodings of VMCS Fields . . . . . . . . . . . . . . . . . .20-23 20.10.3 Software Access to Related Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-26 20.10.4 The VMXON Region . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-26 20.11 USING VMCLEAR TO INITIALIZE A VMCS REGION. . . . . . . . . . . . . . . . . . . . . 20-26

CHAPTER 21

VMX NON-ROOT OPERATION

21.1 INSTRUCTIONS THAT CAUSE VM EXITS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1 21.1.1 Relative Priority of IA-32 Faults and VM Exits. . . . . . . . . . . . . . . . . . . . . . . . . . .19-2 21.1.2 Instructions That Cause VM Exits Unconditionally . . . . . . . . . . . . . . . . . . . . . . .19-2 21.1.3 Instructions That Cause VM Exits Conditionally . . . . . . . . . . . . . . . . . . . . . . . . .19-3 21.2 OTHER CAUSES OF VM EXITS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-5

21.3CHANGES TO INSTRUCTION BEHAVIOR IN VMX NON-ROOT OPERATION . 19-7

21.4 OTHER CHANGES IN VMX NON-ROOT OPERATION . . . . . . . . . . . . . . . . . . . 19-10 21.4.1 Event Blocking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-10 21.4.2 Treatment of Task Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-10

CHAPTER 22

VM ENTRIES

22.1 BASIC VM-ENTRY CHECKS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-2 22.2 CHECKS ON VMX CONTROLS AND HOST-STATE AREA . . . . . . . . . . . . . . . . . 21-3 22.2.1 Checks on VMX Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-3 22.2.1.1 VM-Execution Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-3 22.2.1.2 VM-Exit Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-4 22.2.1.3 VM-Entry Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-5 22.2.2 Checks on Host Control Registers and MSRs. . . . . . . . . . . . . . . . . . . . . . . . . . .21-6 22.2.3 Checks on Host Segment and Descriptor-Table Registers . . . . . . . . . . . . . . . . .21-6 22.2.4 Checks Related to Address-Space Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-7 22.3 CHECKING AND LOADING GUEST STATE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-7 22.3.1 Checks on the Guest State Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-7 22.3.1.1 Checks on Guest Control Registers, Debug Registers, and MSRs . . . . . . . .21-8 22.3.1.2 Checks on Guest Segment Registers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-8 22.3.1.3 Checks on Guest Descriptor-Table Registers . . . . . . . . . . . . . . . . . . . . . . .21-11 22.3.1.4 Checks on Guest RIP and RFLAGS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-11 22.3.1.5 Checks on Guest Non-Register State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-12 22.3.1.6 Checks on Guest Page-Directory Pointers . . . . . . . . . . . . . . . . . . . . . . . . . .21-14 22.3.2 Loading Guest State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-14

xx Vol. 3A

 

 

CONTENTS

 

 

PAGE

22.3.2.1

Loading Guest Control Registers, Debug Registers, and MSRs . . . .

. . . . 21-14

22.3.2.2Loading Guest Segment Registers and Descriptor-Table

Registers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-16 22.3.2.3 Loading Guest RIP, RSP, and RFLAGS. . . . . . . . . . . . . . . . . . . . . . . . . . . 21-17 22.3.2.4 Loading Page-Directory Pointers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-17 22.3.3 Clearing Address-Range Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-17 22.4 LOADING MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-17 22.5 EVENT INJECTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-18 22.5.1 Details of Event Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-18 22.5.2 VM Exits During Event Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-20 22.6 SPECIAL FEATURES OF VM ENTRY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-21 22.6.1 Interruptibility State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-21 22.6.2 Activity State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-22 22.6.3 Delivery of Pending Debug Exceptions after VM Entry . . . . . . . . . . . . . . . . . . 21-22 22.6.4 Interrupt-Window Exiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-23 22.6.5 VM Entries and Advanced Debugging Features . . . . . . . . . . . . . . . . . . . . . . . 21-24 22.7 VM-ENTRY FAILURES DURING OR AFTER LOADING GUEST STATE. . . . . . 21-24 22.8 MACHINE CHECKS DURING VM ENTRY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-25

CHAPTER 23 VM EXITS

23.1 ARCHITECTURAL STATE BEFORE A VM EXIT . . . . . . . . . . . . . . . . . . . . . . . . . 22-1 23.2 RECORDING VM-EXIT INFORMATION AND UPDATING CONTROLS. . . . . . . . 22-4 23.2.1 Basic VM-Exit Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5 23.2.2 Information for VM Exits Due to Vectored Events . . . . . . . . . . . . . . . . . . . . . . . 22-9 23.2.3 Information for VM Exits During Event Delivery. . . . . . . . . . . . . . . . . . . . . . . . 22-10 23.2.4 Information for VM Exits Due to Instruction Execution. . . . . . . . . . . . . . . . . . . 22-11 23.3 SAVING GUEST STATE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-12 23.3.1 Saving Control Registers, Debug Registers, and MSRs . . . . . . . . . . . . . . . . . 22-12 23.3.2 Saving Segment Registers and Descriptor-Table Registers . . . . . . . . . . . . . . 22-13 23.3.3 Saving RIP, RSP, and RFLAGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-14 23.3.4 Saving Non-Register State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-15 23.4 SAVING MSRS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-17 23.5 LOADING HOST STATE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-17 23.5.1 Loading Host Control Registers, Debug Registers, MSRs . . . . . . . . . . . . . . . 22-18 23.5.2 Loading Host Segment and Descriptor-Table Registers . . . . . . . . . . . . . . . . . 22-19 23.5.3 Loading Host RIP, RSP, and RFLAGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-20 23.5.4 Checking and Loading Host Page-Directory Pointers . . . . . . . . . . . . . . . . . . . 22-20 23.5.5 Updating Non-Register State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-21 23.5.6 Clearing Address-Range Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-21 23.6 LOADING MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-21 23.7 VMX ABORTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-22 23.8 MACHINE CHECK DURING VM EXIT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-23

CHAPTER 24

SYSTEM MANAGEMENT

24.1 SYSTEM MANAGEMENT MODE OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-1 24.1.1 System Management Mode and VMX Operation . . . . . . . . . . . . . . . . . . . . . . . 26-2 24.2 SYSTEM MANAGEMENT INTERRUPT (SMI). . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-2

24.3SWITCHING BETWEEN SMM AND THE OTHER

PROCESSOR OPERATING MODES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-3

24.3.1 Entering SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-3

Vol. 3A xxi

CONTENTS

PAGE

24.3.2 Exiting From SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-4 24.4 SMRAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-4 24.4.1 SMRAM State Save Map. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-5 24.4.1.1 SMRAM State Save Map and Intel EM64T . . . . . . . . . . . . . . . . . . . . . . . . . .26-8 24.4.2 SMRAM Caching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-10 24.5 SMI HANDLER EXECUTION ENVIRONMENT . . . . . . . . . . . . . . . . . . . . . . . . . . 26-11 24.6 EXCEPTIONS AND INTERRUPTS WITHIN SMM . . . . . . . . . . . . . . . . . . . . . . . 26-13

24.7MANAGING SYNCHRONOUS AND ASYNCHRONOUS

SYSTEM MANAGEMENT INTERRUPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-14 24.7.1 I/O State Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-14 24.8 NMI HANDLING WHILE IN SMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-16 24.9 SAVING THE X87 FPU STATE WHILE IN SMM . . . . . . . . . . . . . . . . . . . . . . . . . 26-16 24.10 SMM REVISION IDENTIFIER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-17 24.11 AUTO HALT RESTART . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-18 24.11.1 Executing the HLT Instruction in SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-18 24.12 SMBASE RELOCATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-19 24.12.1 Relocating SMRAM to an Address Above 1 MByte. . . . . . . . . . . . . . . . . . . . . .26-19 24.13 I/O INSTRUCTION RESTART . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-20

24.13.1Back-to-Back SMI Interrupts When I/O Instruction Restart Is Being

Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-21 24.14 SMM MULTIPLE-PROCESSOR CONSIDERATIONS. . . . . . . . . . . . . . . . . . . . . 26-21 24.15 DEFAULT TREATMENT OF SMIs AND SMM WITH VMX . . . . . . . . . . . . . . . . . 26-22 24.15.1 Default Treatment of SMI Delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-22 24.15.2 Default Treatment of RSM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-22 24.15.3 Protection of CR4.VMXE in SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-24 24.16 DUAL-MONITOR TREATMENT OF SMIs AND SMM . . . . . . . . . . . . . . . . . . . . . 26-24 24.16.1 Dual-Monitor Treatment Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-24 24.16.2 SMM VM Exits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-25 24.16.2.1 Architectural State Before a VM Exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-25 24.16.2.2 Updating the Current-VMCS and Executive-VMCS Pointers . . . . . . . . . . . .26-25 24.16.2.3 Recording VM-Exit Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-25 24.16.2.4 Saving Guest State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-27 24.16.2.5 Updating Non-Register State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-27 24.16.3 Operation of an SMM Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-27 24.16.4 VM Entries that Return from SMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-27 24.16.4.1 Checks on the Executive-VMCS Pointer Field . . . . . . . . . . . . . . . . . . . . . . .26-27 24.16.4.2 Checks on VM-Execution Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . .26-28 24.16.4.3 Checks on Guest Non-Register State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-28 24.16.4.4 Loading Guest State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-28 24.16.4.5 Updating the Current-VMCS and SMM-Transfer VMCS Pointers . . . . . . . .26-29 24.16.4.6 VM Exits Induced by VM Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-29 24.16.4.7 SMI Blocking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-29 24.16.4.8 Failures of VM Entries That Return from SMM. . . . . . . . . . . . . . . . . . . . . . .26-30 24.16.5 Enabling the Dual-Monitor Treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-30 24.16.6 Activating the Dual-Monitor Treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-32 24.16.6.1 Initial Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-32 24.16.6.2 MSEG Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-33 24.16.6.3 Updating the Current-VMCS and Executive-VMCS Pointers . . . . . . . . . . . .26-33 24.16.6.4 Loading Host State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-33 24.16.6.5 Loading MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-36 24.16.7 Deactivating the Dual-Monitor Treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-36

xxii Vol. 3A

CONTENTS

PAGE

CHAPTER 25

VIRTUAL-MACHINE MONITOR PROGRAMMING CONSIDERATIONS

25.1 VMX SYSTEM PROGRAMMING OVERVIEW. . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1

25.2SUPPORTING PROCESSOR OPERATING MODES IN GUEST

ENVIRONMENTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1 25.2.1 Emulating Guest Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-2 25.3 MANAGING VMCS REGIONS AND POINTERS . . . . . . . . . . . . . . . . . . . . . . . . . . 23-2 25.4 USING VMX INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-5 25.5 VMM SETUP & TEAR DOWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-5 25.6 PREPARATION AND LAUNCHING A VIRTUAL MACHINE . . . . . . . . . . . . . . . . . 23-6 25.7 HANDLING OF VM EXITS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-7 25.7.1 Handling VM Exits Due to Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-8 25.7.1.1 Reflecting Exceptions to Guest Software . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-8 25.7.1.2 Resuming Guest Software after Handling an Exception. . . . . . . . . . . . . . . 23-10 25.8 MULTI-PROCESSOR CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-11 25.8.1 Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-11 25.8.2 Moving a VMCS Between Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-12 25.8.3 Paired Index-Data Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-13 25.8.4 External Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-13 25.8.5 CPUID Emulation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-13 25.9 32-BIT AND 64-BIT GUEST ENVIRONMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . 23-13 25.9.1 Operating Modes of Guest Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-14 25.9.2 Handling Widths of VMCS Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-14 25.9.2.1 Natural-Width VMCS Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-14 25.9.2.2 64-Bit VMCS Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-15 25.9.3 IA-32e Mode Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-15 25.9.4 IA-32e Mode Guests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-16 25.9.5 32-Bit Guests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-17 25.10 HANDLING MODEL SPECIFIC REGISTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-17 25.10.1 Using VM-Execution Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-17 25.10.2 Using VM-Exit Controls for MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-18 25.10.3 Using VM-Entry Controls for MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-18 25.10.4 Handling Special-Case MSRs and Instructions . . . . . . . . . . . . . . . . . . . . . . . . 23-18 25.10.4.1 Handling IA32_EFER MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-19 25.10.4.2 Handling the SYSENTER and SYSEXIT Instructions. . . . . . . . . . . . . . . . . 23-19 25.10.4.3 Handling the SYSCALL and SYSRET Instructions. . . . . . . . . . . . . . . . . . . 23-19 25.10.4.4 Handling the SWAPGS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-20 25.10.4.5 Implementation Specific Behavior on Writing to Certain MSRs . . . . . . . . . 23-20 25.10.5 Handling Accesses to Reserved MSR Addresses. . . . . . . . . . . . . . . . . . . . . . 23-20 25.11 HANDLING ACCESSES TO CONTROL REGISTERS . . . . . . . . . . . . . . . . . . . . 23-20 25.12 PERFORMANCE CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-21

CHAPTER 26

VIRTUALIZATION OF SYSTEM RESOURCES

26.1 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-1 26.2 VIRTUALIZATION SUPPORT FOR IA-32 DEBUGGING FACILITIES. . . . . . . . . . 24-1 26.3 MEMORY VIRTUALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 26.3.1 IA-32 Processor Operating Modes & Memory Virtualization . . . . . . . . . . . . . . . 24-2 26.3.2 Guest & Host Physical Address Spaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 26.3.3 Virtualizing Virtual Memory by Brute Force . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-3 26.3.4 Alternate Approach to Memory Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . 24-4 26.3.5 Details of Virtual TLB Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-5

Vol. 3A xxiii

CONTENTS

PAGE

26.3.5.1 Initialization of Virtual TLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-6 26.3.5.2 Response to Page Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-7 26.3.5.3 Response to Uses of INVLPG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-9 26.3.5.4 Response to CR3 Writes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-10 26.4 MICROCODE UPDATE FACILITY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-10 26.4.1 Early Load of Microcode Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-10 26.4.2 Late Load of Microcode Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-11

CHAPTER 27

HANDLING BOUNDARY CONDITIONS IN A VIRTUAL MACHINE MONITOR

27.1 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-1 27.2 INTERRUPT HANDLING IN VMX OPERATION . . . . . . . . . . . . . . . . . . . . . . . . . . 25-1 27.3 VMM HANDLING OF EXCEPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-3 27.3.1 Debug Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-3 27.4 EXTERNAL INTERRUPT VIRTUALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-4 27.4.1 Virtualization of Interrupt Vector Space. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-4 27.4.2 Control of Platform Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-6 27.4.2.1 PIC Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-7 27.4.2.2 xAPIC Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-7 27.4.2.3 Local APIC Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-7 27.4.2.4 I/O APIC Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-8 27.4.2.5 Virtualization of Message Signaled Interrupts . . . . . . . . . . . . . . . . . . . . . . . .25-9 27.4.3 Examples of Handling of External Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-9 27.4.3.1 Guest Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-9 27.4.3.2 Processor Treatment of External Interrupt . . . . . . . . . . . . . . . . . . . . . . . . . . .25-9 27.4.3.3 Processing of External Interrupts by VMM . . . . . . . . . . . . . . . . . . . . . . . . . .25-10 27.4.3.4 Generation of Virtual Interrupt Events by VMM . . . . . . . . . . . . . . . . . . . . . .25-11 27.5 ERROR HANDLING BY VMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-12 27.5.1 VM-exit Failures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-12 27.5.2 Machine Check Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-12 27.6 HANDLING ACTIVITY STATES BY VMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-14

APPENDIX A PERFORMANCE-MONITORING EVENTS

A.1 PENTIUM 4 AND INTEL XEON PROCESSOR PERFORMANCE-

MONITORING EVENTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

A.2 PERFORMANCE MONITORING EVENTS FOR

INTEL® PENTIUM® M PROCESSORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-41 A.3 P6 FAMILY PROCESSOR PERFORMANCE-MONITORING EVENTS . . . . . . . . A-44 A.4 PENTIUM PROCESSOR PERFORMANCE-

MONITORING EVENTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-58

APPENDIX B

 

MODEL-SPECIFIC REGISTERS (MSRS)

 

B.1

MSRS IN THE PENTIUM 4 AND INTEL XEON PROCESSORS. . . . . . . . . . . . . .

. B-1

B.1.1

MSRs Unique to the 64-bit Intel Xeon Processor MP with Up to

 

 

8-MByte MB L3 Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-37

B.2

MSRS IN THE PENTIUM M PROCESSOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-38

B.3

MSRS IN THE P6 FAMILY PROCESSORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-47

B.4

MSRS IN PENTIUM PROCESSORS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-56

B.5

ARCHITECTURAL MSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-57

xxiv Vol. 3A

 

 

CONTENTS

 

 

PAGE

APPENDIX C

 

MP INITIALIZATION FOR P6 FAMILY PROCESSORS

 

C.1

OVERVIEW OF THE MP INITIALIZATION PROCESS FOR P6 FAMILY

 

 

PROCESSORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . C-1

C.2

MP INITIALIZATION PROTOCOL ALGORITHM . . . . . . . . . . . . . . . . . . . . .

. . . . . . C-2

C.2.1

Error Detection and Handling During the MP Initialization Protocol. . . . .

. . . . . . C-4

APPENDIX D

PROGRAMMING THE LINT0 AND LINT1 INPUTS

D.1 CONSTANTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1 D.2 LINT[0:1] PINS PROGRAMMING PROCEDURE. . . . . . . . . . . . . . . . . . . . . . . . . . . D-1

APPENDIX E

INTERPRETING MACHINE-CHECK ERROR CODES

E.1 INCREMENTAL DECODING INFORMATION: PROCESSOR FAMILY

06H MACHINE ERROR CODES FOR MACHINE CHECK . . . . . . . . . . . . . . . . . . . E-1 E.2 INCREMENTAL DECODING INFORMATION: PROCESSOR FAMILY

0FH MACHINE ERROR CODES FOR MACHINE CHECK . . . . . . . . . . . . . . . . . . . E-4

APPENDIX F

APIC BUS MESSAGE FORMATS

F.1 BUS MESSAGE FORMATS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-1 F.2 EOI MESSAGE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-1 F.2.1 Short Message. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-2 F.2.2 Non-focused Lowest Priority Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-3 F.2.3 APIC Bus Status Cycles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-5

APPENDIX G

VMX CAPABILITY REPORTING FACILITY

G.1 BASIC VMX INFORMATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1 G.2 VM-EXECUTION CONTROLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-2 G.3 VM-EXIT CONTROLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3 G.4 VM-ENTRY CONTROLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3 G.5 MISCELLANEOUS DATA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3 G.6 VMX-FIXED BITS IN CR0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-4 G.7 VMX-FIXED BITS IN CR4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-4 G.8 VMCS ENUMERATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-4

APPENDIX H

FIELD ENCODING IN VMCS

H.1 16-BIT FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1

H.1.1 16-Bit Guest-State Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1

H.1.2 16-Bit Host-State Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-2

H.2 64-BIT FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-2

H.2.1 64-Bit Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-2

H.2.2 64-Bit Guest-State Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-3

H.3 32-BIT FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4

H.3.1 32-Bit Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4

H.3.2 32-Bit Read-Only Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-5

H.3.3 32-Bit Guest-State Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-5

Vol. 3A xxv

CONTENTS

PAGE

H.3.4 32-Bit Host-State Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-6

H.4 NATURAL-WIDTH FIELDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-6

H.4.1 Natural-Width Control Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7

H.4.2 Natural-Width Read-Only Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7

H.4.3 Natural-Width Guest-State Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-8

H.4.4 Natural-Width Host-State Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-9

APPENDIX I

VMX BASIC EXIT REASONS

APPENDIX J

VM INSTRUCTION ERROR NUMBERS

FIGURES

Figure 1-1.

Bit and Byte Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.1-6

Figure 1-2.

Syntax for CPUID, CR, and MSR Data Presentation . . . . . . . . . . . . . . . . . . .

.1-8

Figure 2-1.

IA-32 System-Level Registers and Data Structures . . . . . . . . . . . . . . . . . . . .

.2-3

Figure 2-2.

System-Level Registers and Data Structures in IA-32e Mode . . . . . . . . . . . .

.2-4

Figure 2-3.

Transitions Among the Processor’s Operating Modes . . . . . . . . . . . . . . . . . .

2-11

Figure 2-4.

System Flags in the EFLAGS Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-12

Figure 2-5.

Memory Management Registers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-15

Figure 2-6.

Control Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-18

Figure 3-1.

Segmentation and Paging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.3-2

Figure 3-2.

Flat Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.3-4

Figure 3-3.

Protected Flat Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.3-4

Figure 3-4.

Multi-Segment Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.3-5

Figure 3-5.

Logical Address to Linear Address Translation . . . . . . . . . . . . . . . . . . . . . . .

.3-8

Figure 3-6.

Segment Selector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.3-9

Figure 3-7.

Segment Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-10

Figure 3-8.

Segment Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-12

Figure 3-9.

Segment Descriptor When Segment-Present Flag Is Clear . . . . . . . . . . . . . .

3-14

Figure 3-10.

Global and Local Descriptor Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-18

Figure 3-11.

Pseudo-Descriptor Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-19

Figure 3-12.

Linear Address Translation (4-KByte Pages) . . . . . . . . . . . . . . . . . . . . . . . . .

3-23

Figure 3-13.

Linear Address Translation (4-MByte Pages). . . . . . . . . . . . . . . . . . . . . . . . .

3-24

Figure 3-14.

Format of Page-Directory and Page-Table Entries for 4-KByte Pages

 

 

and 32-Bit Physical Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-26

Figure 3-15.

Format of Page-Directory Entries for 4-MByte Pages and 32-Bit

 

 

Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-27

Figure 3-16.

Format of a Page-Table or Page-Directory Entry for a

 

 

Not-Present Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-30

Figure 3-17.

Register CR3 Format When the Physical Address Extension

 

 

is Enabled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-31

Figure 3-18.

Linear Address Translation With PAE Enabled (4-KByte Pages). . . . . . . . . .

3-32

Figure 3-19.

Linear Address Translation With PAE Enabled (2-MByte Pages) . . . . . . . . .

3-33

Figure 3-20.

Format of Page-Directory-Pointer-Table, Page-Directory, and

 

 

Page-Table Entries for 4-KByte Pages with PAE Enabled. . . . . . . . . . . . . . .

3-35

Figure 3-21.

Format of Page-Directory-Pointer-Table and Page-Directory Entries

 

 

for 2-MByte Pages with PAE Enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-36

Figure 3-22.

Linear Address Translation (4-MByte Pages). . . . . . . . . . . . . . . . . . . . . . . . .

3-38

xxvi Vol. 3A

 

CONTENTS

 

 

PAGE

Figure 3-23.

Format of Page-Directory Entries for 4-MByte Pages and

 

 

36-Bit Physical Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-38

Figure 3-24. IA-32e Mode Paging Structures (4-KByte Pages) . . . . . . . . . . . . . . . . . . . .

3-40

Figure 3-25. IA-32e Mode Paging Structures (2-MByte pages) . . . . . . . . . . . . . . . . . . . .

3-41

Figure 3-26. Format of Paging Structure Entries for 4-KByte Pages in IA-32e Mode . . . .

3-42

Figure 3-27. Format of Paging Structure Entries for 2-MByte Pages in IA-32e Mode. . . .

3-43

Figure 3-28. Memory Management Convention That Assigns a Page Table

 

 

to Each Segment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-46

Figure 4-1.

Descriptor Fields Used for Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 4-3

Figure 4-2.

Descriptor Fields with Flags used in IA-32e Mode . . . . . . . . . . . . . . . . . . . .

. 4-5

Figure 4-3.

Protection Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 4-9

Figure 4-4.

Privilege Check for Data Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-11

Figure 4-5.

Examples of Accessing Data Segments From Various Privilege

 

 

Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-12

Figure 4-6.

Privilege Check for Control Transfer Without Using a Gate . . . . . . . . . . . . .

4-14

Figure 4-7.

Examples of Accessing Conforming and Nonconforming Code

 

 

Segments From Various Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-16

Figure 4-8.

Call-Gate Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-18

Figure 4-9.

Call-Gate Descriptor in IA-32e Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-19

Figure 4-10.

Call-Gate Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-21

Figure 4-11. Privilege Check for Control Transfer with Call Gate . . . . . . . . . . . . . . . . . . .

4-21

Figure 4-12. Example of Accessing Call Gates At Various Privilege Levels . . . . . . . . . . .

4-23

Figure 4-13. Stack Switching During an Interprivilege-Level Call . . . . . . . . . . . . . . . . . . .

4-25

Figure 4-14. MSRs Used by SYSCALL and SYSRET . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-31

Figure 4-15. Use of RPL to Weaken Privilege Level of Called Procedure . . . . . . . . . . . .

4-36

Figure 5-1.

Relationship of the IDTR and IDT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-13

Figure 5-2.

IDT Gate Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-14

Figure 5-3.

Interrupt Procedure Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-15

Figure 5-4.

Stack Usage on Transfers to Interrupt and Exception-Handling

 

 

Routines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-17

Figure 5-5.

Interrupt Task Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-20

Figure 5-6.

Error Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-21

Figure 5-7.

64-Bit IDT Gate Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-22

Figure 5-8.

IA-32e Mode Stack Usage After Privilege Level Change . . . . . . . . . . . . . . .

5-25

Figure 5-9.

Page-Fault Error Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-52

Figure 6-1.

Structure of a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 6-2

Figure 6-2.

32-Bit Task-State Segment (TSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 6-5

Figure 6-3.

TSS Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 6-7

Figure 6-4.

Format of TSS and LDT Descriptors in 64-bit Mode. . . . . . . . . . . . . . . . . . .

. 6-9

Figure 6-5.

Task Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6-10

Figure 6-6.

Task-Gate Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6-11

Figure 6-7.

Task Gates Referencing the Same Task . . . . . . . . . . . . . . . . . . . . . . . . . . .

6-12

Figure 6-8.

Nested Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6-17

Figure 6-9.

Overlapping Linear-to-Physical Mappings . . . . . . . . . . . . . . . . . . . . . . . . . .

6-20

Figure 6-10.

16-Bit TSS Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6-22

Figure 6-11.

64-Bit TSS Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6-24

Figure 7-1.

Example of Write Ordering in Multiple-Processor Systems . . . . . . . . . . . . .

7-10

Figure 7-2.

Interpretation of APIC ID in Early MP Systems. . . . . . . . . . . . . . . . . . . . . . .

7-23

Figure 7-3.

Local APICs and I/O APIC in MP System Supporting HT Technology . . . . .

7-26

Figure 7-4.

IA-32 Processor with Two Logical Processors Supporting HT

 

 

Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7-27

Figure 7-5.

Generalized Four level Interpretation of the initial APIC ID. . . . . . . . . . . . . .

7-36

Vol. 3A xxvii

CONTENTS

 

 

PAGE

Figure 7-6.

Topological Relationships between Hierarchical IDs in a

 

 

Hypothetical MP Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.7-36

Figure 8-1.

Relationship of Local APIC and I/O APIC In Single-Processor

 

 

Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .8-3

Figure 8-2.

Local APICs and I/O APIC When Intel Xeon Processors Are Used

 

 

in Multiple-Processor Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .8-4

Figure 8-3.

Local APICs and I/O APIC When P6 Family Processors Are Used

 

 

in Multiple-Processor Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .8-4

Figure 8-4.

Local APIC Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .8-7

Figure 8-5.

IA32_APIC_BASE MSR (APIC_BASE_MSR in P6 Family) . . . . . . . . . . . . .

.8-11

Figure 8-6.

Local APIC ID Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-12

Figure 8-7.

Local APIC Version Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-15

Figure 8-8.

Local Vector Table (LVT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-16

Figure 8-9.

Error Status Register (ESR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-20

Figure 8-10.

Divide Configuration Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-21

Figure 8-11.

Initial Count and Current Count Registers . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-21

Figure 8-12.

Interrupt Command Register (ICR). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-23

Figure 8-13.

Logical Destination Register (LDR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-29

Figure 8-14.

Destination Format Register (DFR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-29

Figure 8-15.

Arbitration Priority Register (APR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-31

Figure 8-16.

Interrupt Acceptance Flow Chart for the Local APIC (Pentium 4 and

 

 

Intel Xeon Processors) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-33

Figure 8-17.

Interrupt Acceptance Flow Chart for the Local APIC (P6 Family and

 

 

Pentium Processors) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-35

Figure 8-18.

Task Priority Register (TPR). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-37

Figure 8-19.

Processor Priority Register (PPR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-38

Figure 8-20. IRR, ISR and TMR Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-39

Figure 8-21.

EOI Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-40

Figure 8-22.

CR8 Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-41

Figure 8-23.

Spurious-Interrupt Vector Register (SVR) . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-42

Figure 8-24.

Layout of the MSI Message Address Register . . . . . . . . . . . . . . . . . . . . . . .

.8-44

Figure 8-25.

Layout of the MSI Message Data Register . . . . . . . . . . . . . . . . . . . . . . . . . .

.8-45

Figure 9-1.

Contents of CR0 Register after Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .9-5

Figure 9-2.

Version Information in the EDX Register after Reset . . . . . . . . . . . . . . . . . .

. .9-5

Figure 9-3.

Processor State After Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.9-21

Figure 9-4.

Constructing Temporary GDT and Switching to Protected Mode

 

 

(Lines 162-172 of List File) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.9-30

Figure 9-5.

Moving the GDT, IDT, and TSS from ROM to RAM (Lines 196-261

 

 

of List File) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.9-31

Figure 9-6.

Task Switching (Lines 282-296 of List File) . . . . . . . . . . . . . . . . . . . . . . . . .

.9-32

Figure 9-7.

Applying Microcode Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.9-36

Figure 9-8.

Microcode Update Write Operation Flow [1]. . . . . . . . . . . . . . . . . . . . . . . . .

.9-59

Figure 9-9.

Microcode Update Write Operation Flow [2]. . . . . . . . . . . . . . . . . . . . . . . . .

.9-60

Figure 10-1.

Cache Structure of the Pentium 4 and Intel Xeon Processors . . . . . . . . . . .

.10-1

Figure 10-2.

Cache-Control Registers and Bits Available in IA-32 Processors . . . . . . . .

10-12

Figure 10-3.

Mapping Physical Memory With MTRRs . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-26

Figure 10-4.

IA32_MTRRCAP Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-27

Figure 10-5.

IA32_MTRR_DEF_TYPE MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-28

Figure 10-6.

IA32_MTRR_PHYSBASEn and IA32_MTRR_PHYSMASKn

 

 

Variable-Range Register Pair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-31

Figure 10-7.

IA32_CR_PAT MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10-42

Figure 11-1.

Mapping of MMX Registers to Floating-Point Registers . . . . . . . . . . . . . . . .

.11-2

xxviii Vol. 3A

 

 

CONTENTS

 

 

PAGE

Figure 11-2.

Mapping of MMX Registers to x87 FPU Data Register Stack. . . . . . .

. . . . . 11-7

Figure 12-1.

Example of Saving the x87 FPU, MMX, SSE, and SSE2 State

 

 

During an Operating-System Controlled Task Switch. . . . . . . . . . . . .

. . . . . 12-9

Figure 13-1.

Processor Modulation Through Stop-Clock Mechanism. . . . . . . . . . .

. . . . . 13-2

Figure 13-2.

MSR_THERM2_CTL Register for the Pentium M Processor . . . . . . .

. . . . . 13-4

Figure 13-3.

MSR_THERM2_CTL Register for the Pentium 4 Processor

 

 

Supporting TM2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 13-4

Figure 13-4.

IA32_THERM_STATUS MSR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 13-5

Figure 13-5.

IA32_THERM_INTERRUPT MSR . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 13-6

Figure 13-6.

IA32_CLOCK_MODULATION MSR . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 13-6

Figure 14-1.

Machine-Check MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 14-2

Figure 14-2.

IA32_MCG_CAP Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 14-3

Figure 14-3.

MCG_CAP Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 14-3

Figure 14-4.

IA32_MCG_STATUS Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 14-4

Figure 14-5.

IA32_MCi_CTL Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 14-5

Figure 14-6.

IA32_MCi_STATUS Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 14-6

Figure 14-7.

IA32_MCi_ADDR MSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 14-8

Figure 15-1.

Real-Address Mode Address Translation . . . . . . . . . . . . . . . . . . . . . .

. . . . . 15-4

Figure 15-2.

Interrupt Vector Table in Real-Address Mode. . . . . . . . . . . . . . . . . . .

. . . . . 15-7

Figure 15-3.

Entering and Leaving Virtual-8086 Mode . . . . . . . . . . . . . . . . . . . . . .

. . . . 15-12

Figure 15-4.

Privilege Level 0 Stack After Interrupt or Exception in Virtual-8086

 

 

Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . 15-18

Figure 15-5.

Software Interrupt Redirection Bit Map in TSS . . . . . . . . . . . . . . . . . .

. . . . 15-25

Figure 16-1.

Stack after Far 16and 32-Bit Calls . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 16-6

Figure 17-1.

I/O Map Base Address Differences. . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . 17-32

Figure 18-1.

Debug Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 18-3

Figure 18-2.

DR6 and DR7 Layout on IA-32 Processors Supporting Intel EM64T .

. . . . . 18-7

Figure 18-3.

MSR_LASTBRANCH_TOS MSR Layout for the Pentium 4

 

 

and Intel Xeon Processor Family . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . 18-15

Figure 18-4.

MSR_DEBUGCTLA MSR for Pentium 4 and Intel Xeon Processors .

. . . . 18-16

Figure 18-5.

LBR MSR Branch Record Layout for the Pentium 4

 

 

and Intel Xeon Processor Family . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . 18-17

Figure 18-6.

MSR_DEBUGCTLB MSR for Pentium M Processors. . . . . . . . . . . . .

. . . . 18-24

Figure 18-7.

LBR Branch Record Layout for the Pentium M Processor . . . . . . . . .

. . . . 18-25

Figure 18-8.

DebugCtlMSR Register (P6 Family Processors) . . . . . . . . . . . . . . . .

. . . . 18-26

Figure 18-9.

Event Selection Control Register (ESCR) for Pentium 4 and

 

 

Intel Xeon Processors without HT Technology Support . . . . . . . . . . .

. . . . 18-34

Figure 18-10.

Performance Counter (Pentium 4 and Intel Xeon Processors). . . . . .

. . . . 18-36

Figure 18-11.

Counter Configuration Control Register (CCCR) . . . . . . . . . . . . . . . .

. . . . 18-37

Figure 18-12.

DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . 18-41

Figure 18-13.

Branch Trace Record Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . 18-42

Figure 18-14.

IA-32e Mode DS Save Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . 18-43

Figure 18-15. PEBS Record Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . 18-44

Figure 18-16. Effects of Edge Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . 18-48

Figure 18-17.

Event Selection Control Register (ESCR) for the Pentium 4

 

 

Processor, Intel Xeon Processor and Intel Xeon Processor MP

 

 

Supporting Hyper-Threading Technology . . . . . . . . . . . . . . . . . . . . . .

. . . . 18-61

Figure 18-18.

Counter Configuration Control Register (CCCR) . . . . . . . . . . . . . . . .

. . . . 18-63

Figure 18-19.

Block Diagram of 64-bit Intel Xeon Processor MP with 8-MByte L3 . .

. . . . 18-66

Figure 18-20.

MSR_IFSB_IBUSQx, Addresses: 107CCH and 107CDH. . . . . . . . . .

. . . . 18-67

Figure 18-21.

MSR_IFSB_ISNPQx, Addresses: 107CEH and 107CFH . . . . . . . . . .

. . . . 18-68

Figure 18-22.

MSR_IFSB_DRDYx, Addresses: 107D0H and 107D1H. . . . . . . . . . .

. . . . 18-69

Vol. 3A xxix

CONTENTS

 

 

PAGE

Figure 18-23.

MSR_IFSB_CTL6, Address: 107D2H;

 

 

MSR_IFSB_CNTR7, Address: 107D3H . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-70

Figure 18-24.

PerfEvtSel0 and PerfEvtSel1 MSRs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-71

Figure 18-25.

CESR MSR (Pentium Processor Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-75

Figure 19-1.

Interaction of a Virtual-Machine Monitor and Guests . . . . . . . . . . . . . . . . . .

.14-3

Figure 19-1.

CPUID Extended Feature Information ECX . . . . . . . . . . . . . . . . . . . . . . . . .

.14-4

Figure 24-1.

SMRAM Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.26-6

Figure 24-2.

SMM Revision Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26-17

Figure 24-3. Auto HALT Restart Field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26-18

Figure 24-4.

SMBASE Relocation Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26-19

Figure 24-5. I/O Instruction Restart Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26-20

Figure 25-1.

VMX Transitions and States of VMCS in a Logical Processor . . . . . . . . . . .

.23-4

Figure 26-1. Virtual TLB Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.24-6

Figure 27-1.

Host External Interrupts and Guest Virtual Interrupts . . . . . . . . . . . . . . . . . .

.25-6

Figure C-1.

MP System With Multiple Pentium III Processors. . . . . . . . . . . . . . . . . . . . .

. C-3

TABLES

Table 2-1.

Action Taken By x87 FPU Instructions for Different

 

 

Combinations of EM, MP, and TS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-20

Table 2-2.

Summary of System Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-24

Table 3-1.

Codeand Data-Segment Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-15

Table 3-2.

System-Segment and Gate-Descriptor Types . . . . . . . . . . . . . . . . . . . . . . . .

3-17

Table 3-3.

Page Sizes and Physical Address Sizes . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-23

Table 3-4.

Reserved Bit Checking When Execute Disable Bit is Disabled . . . . . . . . . . .

3-44

Table 3-5.

Reserved Bit Checking When Execute Disable Bit is Enabled. . . . . . . . . . . .

3-44

Table 4-1.

Privilege Check Rules for Call Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-22

Table 4-2.

64-Bit-Mode Stack Layout After CALLF with CPL Change. . . . . . . . . . . . . . .

4-26

Table 4-3.

Combined Page-Directory and Page-Table Protection. . . . . . . . . . . . . . . . . .

4-40

Table 4-4.

Page Sizes and Physical Address Sizes Supported by

 

 

Execute-Disable Bit Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-41

Table 4-5.

Extended Feature Enable MSR (IA32_EFER) . . . . . . . . . . . . . . . . . . . . . . . .

4-41

Table 4-6.

IA-32e Mode Page Level Protection Matrix

 

 

with Execute-Disable Bit Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-42

Table 4-7.

Legacy PAE-Enabled 4-KByte Page Level Protection Matrix

 

 

with Execute-Disable Bit Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-42

Table 4-8.

Legacy PAE-Enabled 2-MByte Page Level Protection

 

 

with Execute-Disable Bit Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-42

Table 4-9.

IA-32e Mode Page Level Protection Matrix

 

 

with Execute-Disable Bit Capability Enabled . . . . . . . . . . . . . . . . . . . . . . . . .

4-43

Table 4-10.

Reserved Bit Checking WIth Execute-Disable Bit Capability

 

 

Not Enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-44

Table 5-1.

Protected-Mode Exceptions and Interrupts . . . . . . . . . . . . . . . . . . . . . . . . .

.5-3

Table 5-2.

Priority Among Simultaneous Exceptions and Interrupts . . . . . . . . . . . . . . . .

5-11

Table 5-3.

Debug Exception Conditions and Corresponding Exception Classes . . . . . .

5-28

Table 5-4.

Interrupt and Exception Classes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-37

Table 5-5.

Conditions for Generating a Double Fault . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-38

Table 5-6.

Invalid TSS Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-40

Table 5-7.

Alignment Requirements by Data Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-57

Table 5-8.

SIMD Floating-Point Exceptions Priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-62

xxx Vol. 3A

CONTENTS

PAGE

Table 6-1. Exception Conditions Checked During a Task Switch . . . . . . . . . . . . . . . . . 6-15 Table 6-2. Effect of a Task Switch on Busy Flag, NT Flag,

Previous Task Link Field, and TS Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17 Table 7-1. Initial APIC IDs for the Logical Processors in a System that has

Four MP-Type Intel Xeon Processors Supporting Hyper-Threading

Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-37 Table 7-2. Initial APIC IDs for the Logical Processors in a System that has

Two Physical Processors Supporting Dual-Core and Hyper-Threading Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-37

Table 8-1. Local APIC Register Address Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 Table 8-2. ESR Flags. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19 Table 8-3. Valid Combinations for the Pentium 4 and Intel Xeon Processors’

Local xAPIC Interrupt Command Register . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26 Table 8-4. Valid Combinations for the P6 Family Processors’

Local APIC Interrupt Command Register . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27 Table 9-1. IA-32 Processor States Following Power-up, Reset, or INIT . . . . . . . . . . . . . 9-3 Table 9-2. Recommended Settings of EM and MP Flags on IA-32 Processors. . . . . . . . 9-7 Table 9-3. Software Emulation Settings of EM, MP, and NE Flags . . . . . . . . . . . . . . . . . 9-8 Table 9-4. Main Initialization Steps in STARTUP.ASM Source Listing . . . . . . . . . . . . . 9-21 Table 9-5. Relationship Between BLD Item and ASM Source File . . . . . . . . . . . . . . . . 9-35 Table 9-6. Microcode Update Field Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-37 Table 9-7. Microcode Update Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-39 Table 9-8. Extended Processor Signature Table Header Structure. . . . . . . . . . . . . . . . 9-40 Table 9-9. Processor Signature Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-40 Table 9-10. Processor Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-42 Table 9-11. Microcode Update Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-48 Table 9-12. Microcode Update Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-54 Table 9-13. Parameters for the Presence Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-55 Table 9-14. Parameters for the Write Update Data Function. . . . . . . . . . . . . . . . . . . . . . 9-56 Table 9-15. Parameters for the Control Update Sub-function . . . . . . . . . . . . . . . . . . . . . 9-61 Table 9-16. Mnemonic Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-61 Table 9-17. Parameters for the Read Microcode Update Data Function . . . . . . . . . . . . . 9-62 Table 9-18. Return Code Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-63 Table 10-1. Characteristics of the Caches, TLBs, Store Buffer, and

Write Combining Buffer in IA-32 Processors. . . . . . . . . . . . . . . . . . . . . . . . . 10-2 Table 10-2. Memory Types and Their Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6 Table 10-3. Methods of Caching Available in Pentium 4, Intel Xeon, P6 Family,

and Pentium Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7 Table 10-4. MESI Cache Line States. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10 Table 10-5. Cache Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-13 Table 10-6. Effective Page-Level Memory Type for Pentium Pro and

Pentium II Processors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16 Table 10-7. Effective Page-Level Memory Types for Pentium III, Pentium 4,

and Intel Xeon Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17 Table 10-8. Memory Types That Can Be Encoded in MTRRs. . . . . . . . . . . . . . . . . . . . 10-25 Table 10-9. Address Mapping for Fixed-Range MTRRs . . . . . . . . . . . . . . . . . . . . . . . . 10-29 Table 10-10. Memory Types That Can Be Encoded With PAT . . . . . . . . . . . . . . . . . . . . 10-42 Table 10-11. Selection of PAT Entries with PAT, PCD, and PWT Flags . . . . . . . . . . . . . 10-43 Table 10-12. Memory Type Setting of PAT Entries Following a Power-up or Reset . . . . 10-43 Table 11-1. Action Taken By MMX Instructions for Different Combinations

of EM, MP and TS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1 Table 11-2. Effects of MMX Instructions on x87 FPU State. . . . . . . . . . . . . . . . . . . . . . . 11-3

Vol. 3A xxxi

CONTENTS

 

 

PAGE

Table 11-3.

Effect of the MMX, x87 FPU, and FXSAVE/FXRSTOR Instructions

 

 

on the x87 FPU Tag Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.11-4

Table 12-1.

Action Taken for Combinations of OSFXSR, OSXMMEXCPT, SSE,

 

 

SSE2, SSE3, EM, MP, and TS1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.12-3

Table 13-1.

On-Demand Clock Modulation Duty Cycle Field Encoding . . . . . . . . . . . . .

.13-7

Table 14-1.

Extended Machine Check State MSRs in Processors Without Support

 

 

for EM64T. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.14-8

Table 14-2.

Extended Machine Check State MSRs

 

 

In Processors With Support For Intel EM64T . . . . . . . . . . . . . . . . . . . . . . . .

.14-9

Table 14-3.

IA32_MCi_Status [15:0] Simple Error Code Encoding . . . . . . . . . . . . . . . . .

14-14

Table 14-4.

IA32_MCi_Status [15:0] Compound Error Code Encoding. . . . . . . . . . . . . .

14-15

Table 14-5.

Encoding for TT (Transaction Type) Sub-Field. . . . . . . . . . . . . . . . . . . . . . .

14-15

Table 14-6.

Level Encoding for LL (Memory Hierarchy Level) Sub-Field . . . . . . . . . . . .

14-15

Table 14-7.

Encoding of Request (RRRR) Sub-Field . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-16

Table 14-8.

Encodings of PP, T, and II Sub-Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14-17

Table 15-1.

Real-Address Mode Exceptions and Interrupts . . . . . . . . . . . . . . . . . . . . .

.15-8

Table 15-2.

Software Interrupt Handling Methods While in Virtual-8086 Mode . . . . . . . .

15-24

Table 16-1.

Characteristics of 16-Bit and 32-Bit Program Modules. . . . . . . . . . . . . . . . .

.16-1

Table 17-1.

New Instruction in the Pentium Processor and Later IA-32

 

 

Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.17-5

Table 17-2.

Recommended Values of the EM, MP, and NE Flags for Intel486 SX

 

 

Microprocessor/Intel 487 SX Math Coprocessor System . . . . . . . . . . . . . . .

17-20

Table 17-3.

EM and MP Flag Interpretation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

17-20

Table 18-1.

Breakpointing Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.18-8

Table 18-2.

Debug Exception Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.18-9

Table 18-3.

LBR MSR Stack Structure for the Pentium 4 and Intel Xeon

 

 

Processor Family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-14

Table 18-4.

MSR_DEBUGCTLA MSR Flag Encodings . . . . . . . . . . . . . . . . . . . . . . . . . .

18-21

Table 18-5.

CPL-Qualified Branch Trace Store Encodings . . . . . . . . . . . . . . . . . . . . . . .

18-22

Table 18-6.

Performance Counter MSRs and Associated CCCR and

 

 

ESCR MSRs (Pentium 4 and Intel Xeon Processors) . . . . . . . . . . . . . . . . .

18-31

Table 18-7.

Event Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-45

Table 18-8.

CCR Names and Bit Positions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-50

Table 18-9.

Effect of Logical Processor and CPL Qualification for Logical

 

 

Processor-Specific (TS) Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18-65

Table 18-10.

Effect of Logical Processor and CPL Qualification for

 

 

Non-logical-processor-specific (TI) Events . . . . . . . . . . . . . . . . . . . . . . . . . .

18-65

Table 20-1.

Format of the VMCS Region. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.20-2

Table 20-2.

Format of Access Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.20-4

Table 20-3.

Format of Interruptibility State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.20-6

Table 20-4.

Format of Pending-Debug-Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.20-8

Table 20-5.

Definitions of Pin-Based VM-Execution Controls . . . . . . . . . . . . . . . . . . . . .

.20-9

Table 20-6.

Definitions of Processor-Based VM-Execution Controls. . . . . . . . . . . . . . . .

20-10

Table 20-7.

Definitions of VM-Exit Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20-14

Table 20-8.

Format of an MSR Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20-15

Table 20-9.

Definitions of VM-Entry Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20-16

Table 20-10.

Format of the VM-Entry Interruption-Information Field . . . . . . . . . . . . . . . . .

20-17

Table 20-11. Format of Exit Reason . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20-18

Table 20-12.

Format of the VM-Exit Interruption-Information Field . . . . . . . . . . . . . . . . . .

20-19

Table 20-13.

Format of the IDT-Vectoring Information Field . . . . . . . . . . . . . . . . . . . . . . .

20-20

Table 20-14.

Format of the VMX-Instruction Information Field . . . . . . . . . . . . . . . . . . . . .

20-21

Table 20-15.

Structure of VMCS Component Encoding . . . . . . . . . . . . . . . . . . . . . . . . . .

20-24

xxxii Vol. 3A

 

CONTENTS

 

 

PAGE

Table 23-1.

Exit Qualification for Debug Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 22-5

Table 23-2.

Exit Qualification for Task Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

22-6

Table 23-3.

Exit Qualification for Control-Register Accesses. . . . . . . . . . . . . . . . . . . . . .

22-7

Table 23-4.

Exit Qualification for MOV DR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

22-7

Table 23-5.

Exit Qualification for I/O Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

22-8

Table 24-1.

SMRAM State Save Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26-6

Table 24-2.

SMRAM State Save Map for Intel EM64T . . . . . . . . . . . . . . . . . . . . . . . . . .

26-8

Table 24-3.

Processor Register Initialization in SMM. . . . . . . . . . . . . . . . . . . . . . . . . . .

26-12

Table 24-4.

I/O Instruction Information in the SMM State Save Map. . . . . . . . . . . . . . .

26-15

Table 24-5.

I/O Instruction Type Encodings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26-15

Table 24-6.

Auto HALT Restart Flag Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26-18

Table 24-7.

I/O Instruction Restart Field Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26-20

Table 24-6.

Exit Qualification for SMIs That Arrive Immediately

 

 

After the Retirement of an I/O Instruction . . . . . . . . . . . . . . . . . . . . . . . . . .

26-26

Table 24-7.

Format of MSEG Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26-30

Table 25-1.

Operating Modes for Host and Guest Environments . . . . . . . . . . . . . . . . .

23-14

Table A-1.

Pentium 4 and Intel Xeon Processor Performance Monitoring Events

 

 

for Non-Retirement Counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. A-2

Table A-2.

Pentium 4 and Intel Xeon Processor Performance Monitoring Events

 

 

For At-Retirement Counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A-27

Table A-3.

Model-Specific Performance Monitoring Events (For Model Encoding

 

 

3 or 4) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A-33

Table A-4.

List of Metrics Available for Front_end Tagging

 

 

(For Front_end Event Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A-33

Table A-5.

List of Metrics Available for Execution Tagging

 

 

(For Execution Event Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A-34

Table A-6.

List of Metrics Available for Replay Tagging

 

 

(For Replay Event Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A-35

Table A-7.

Event Mask Qualification for Logical Processors . . . . . . . . . . . . . . . . . . . . .

A-36

Table A-8.

Performance Monitoring Events on Intel® Pentium® M Processors . . . . . . .

A-41

Table A-9.

Performance Monitoring Events Modified on Intel® Pentium® M

 

 

Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A-43

Table A-10.

Events That Can Be Counted with the P6 Family Performance-

 

 

Monitoring Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A-44

Table A-11.

Events That Can Be Counted with the Pentium Processor

 

 

Performance-Monitoring Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A-59

Table B-1.

MSRs in the Pentium 4 and Intel Xeon Processors . . . . . . . . . . . . . . . . . . .

. B-1

Table B-2.

MSRs Unique to 64-bit Intel Xeon Processor MP with

 

 

Up to an 8 MB L3 Cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-37

Table B-3.

MSRs in Pentium M Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-38

Table B-4.

MSRs in the P6 Family Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-47

Table B-5.

MSRs in the Pentium Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-56

Table B-6.

IA-32 Architectural MSRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B-57

Table C-1.

Boot Phase IPI Message Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. C-2

Table E-1.

Incremental Decoding Information: Processor Family 06H

 

 

Machine Error Codes For Machine Check . . . . . . . . . . . . . . . . . . . . . . . . . .

. E-1

Table E-2.

Incremental Decoding Information: Processor Family 0FH

 

 

Machine Error Codes For Machine Check . . . . . . . . . . . . . . . . . . . . . . . . . .

. E-4

Table E-3.

Decoding Family 0FH Machine Check Codes for Memory

 

 

Hierarchy Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. E-5

Table F-1.

EOI Message (14 Cycles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. F-1

Table F-2.

Short Message (21 Cycles). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. F-2

Vol. 3A xxxiii

CONTENTS

PAGE

Table F-3. Non-Focused Lowest Priority Message (34 Cycles). . . . . . . . . . . . . . . . . . . . .F-3 Table F-4. APIC Bus Status Cycles Interpretation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .F-5 Table G-1. Memory Types Used For VMCS Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-2 Table H-1. Encodings for 16-Bit Guest-State Fields (0000_10xx_xxxx_xxx0B). . . . . . . . H-1 Table H-2. Encodings for 16-Bit Host-State Fields (0000_11xx_xxxx_xxx0B). . . . . . . . . H-2 Table H-3. Encodings for 64-Bit Control Fields (0010_00xx_xxxx_xxxAb) . . . . . . . . . . . H-2 Table H-4. Encodings for 64-Bit Guest-State Fields (0010_10xx_xxxx_xxxAb). . . . . . . . H-3 Table H-5. Encodings for 32-Bit Control Fields (0100_00xx_xxxx_xxx0B) . . . . . . . . . . . H-4 Table H-6. Encodings for 32-Bit Read-Only Data Fields (0100_01xx_xxxx_xxx0B) . . . . H-5 Table H-7. Encodings for 32-Bit Guest-State Fields (0100_10xx_xxxx_xxx0B). . . . . . . . H-5 Table H-8. Encodings for 32-Bit Host-State Field (0100_11xx_xxxx_xxx0B). . . . . . . . . . H-6 Table H-9. Encodings for Natural-Width Control Fields (0110_00xx_xxxx_xxx0B) . . . . . H-7 Table H-10. Encodings for Natural-Width Read-Only Data Fields

(0110_01xx_xxxx_xxx0B). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7 Table H-11. Encodings for Natural-Width Guest-State Fields

(0110_10xx_xxxx_xxx0B). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-8 Table H-12. Encodings for Natural-Width Host-State Fields

(0110_11xx_xxxx_xxx0B). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-9 Table I-1. Basic Exit Reasons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1 Table J-1. VM-Instruction Error Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-1

xxxiv Vol. 3A

1

About This Manual

CHAPTER 1

ABOUT THIS MANUAL

The IA-32 Intel® Architecture Software Developer’s Manual, Volume 3A: System Programming Guide, Part 1 (order number 253668) and the IA-32 Intel® Architecture Software Developer’s Manual, Volume 3B: System Programming Guide, Part 2 (order number 253669) are part of a set that describes the architecture and programming environment of all IA-32 Intel Architecture processors. The other volumes in this set are:

IA-32 Intel® Architecture Software Developer’s Manual, Volume 1: Basic Architecture

(order number 253665).

IA-32 Intel® Architecture Software Developer’s Manual, Volumes 2A & 2B: Instruction Set Reference (order numbers 253666 and 253667).

The IA-32 Intel® Architecture Software Developer’s Manual, Volume 1, describes the basic architecture and programming environment of an IA-32 processor. The IA-32 Intel® Architecture Software Developer’s Manual, Volumes 2A & 2B, describe the instruction set of the processor and the opcode structure. These volumes apply to application programmers and to programmers who write operating systems or executives. The IA-32 Intel® Architecture Software Developer’s Manual, Volumes 3A & 3B, describe the operating-system support environment of an IA-32 processor and IA-32 processor compatibility information. These volumes target operating-system and BIOS designers. In addition, IA-32 Intel® Architecture Software Developer’s Manual, Volume 3B, addresses the programming environment for classes of software that host operating systems.

1.1IA-32 PROCESSORS COVERED IN THIS MANUAL

This manual includes information pertaining primarily to the most recent IA-32 processors, which include the Pentium® processors, the P6 family processors, the Pentium 4 processors, the Intel® Xeon® processors, the Pentium M processors, the Pentium D processors, and the Pentium processor Extreme Edition. The P6 family processors are those IA-32 processors based on the P6 family microarchitecture, which include the Pentium Pro, Pentium II, and Pentium III processors. The Pentium 4, Intel Xeon, Pentium D processors, and Pentium processor Extreme Editions are based on the Intel NetBurst® microarchitecture.

Vol. 3A 1-1

ABOUT THIS MANUAL

1.2OVERVIEW OF THE SYSTEM PROGRAMMING GUIDE

A description of this manual’s content follows:

Chapter 1 — About This Manual. Gives an overview of all three volumes of the IA-32 Intel Architecture Software Developer’s Manual. It also describes the notational conventions in these manuals and lists related Intel manuals and documentation of interest to programmers and hardware designers.

Chapter 2 — System Architecture Overview. Describes the modes of operation of an IA-32 processor and the mechanisms provided in the IA-32 architecture to support operating systems and executives, including the system-oriented registers and data structures and the systemoriented instructions. The steps necessary for switching between real-address and protected modes are also identified.

Chapter 3 — Protected-Mode Memory Management. Describes the data structures, registers, and instructions that support segmentation and paging. The chapter explains how they can be used to implement a “flat” (unsegmented) memory model or a segmented memory model.

Chapter 4 — Protection. Describes the support for page and segment protection provided in the IA-32 architecture. This chapter also explains the implementation of privilege rules, stack switching, pointer validation, user and supervisor modes.

Chapter 5 — Interrupt and Exception Handling. Describes the basic interrupt mechanisms defined in the IA-32 architecture, shows how interrupts and exceptions relate to protection, and describes how the architecture handles each exception type. Reference information for each IA-32 exception is given at the end of this chapter.

Chapter 6 — Task Management. Describes mechanisms the IA-32 architecture provides to support multitasking and inter-task protection.

Chapter 7 — Multiple-Processor Management. Describes the instructions and flags that support multiple processors with shared memory, memory ordering, and Hyper-Threading Technology.

Chapter 8 — Advanced Programmable Interrupt Controller (APIC). Describes the programming interface to the local APIC and gives an overview of the interface between the local APIC and the I/O APIC.

Chapter 9 — Processor Management and Initialization. Defines the state of an IA-32 processor after reset initialization. This chapter also explains how to set up an IA-32 processor for real-address mode operation and protectedmode operation, and how to switch between modes.

Chapter 10 — Memory Cache Control. Describes the general concept of caching and the caching mechanisms supported by the IA-32 architecture. This chapter also describes the memory type range registers (MTRRs) and how they can be used to map memory types of physical memory. Information on using the new cache control and memory streaming instructions introduced with the Pentium III, Pentium 4, and Intel Xeon processors is also given.

Chapter 11 — Intel® MMX™ Technology System Programming. Describes those aspects of the Intel® MMX™ technology that must be handled and considered at the system programming

1-2 Vol. 3A

ABOUT THIS MANUAL

level, including: task switching, exception handling, and compatibility with existing system environments.

Chapter 12 — SSE, SSE2 and SSE3 System Programming. Describes those aspects of SSE/SSE2/SSE3 extensions that must be handled and considered at the system programming level, including task switching, exception handling, and compatibility with existing system environments.

Chapter 13 — Power and Thermal Management. Describes the IA-32 architecture’s power and the thermal monitoring facilities.

Chapter 14 — Machine-Check Architecture. Describes the machine-check architecture.

Chapter 15 — 8086 Emulation. Describes the real-address and virtual-8086 modes of the IA-32 architecture.

Chapter 16 — Mixing 16-Bit and 32-Bit Code. Describes how to mix 16-bit and 32-bit code modules within the same program or task.

Chapter 17 — IA-32 Architecture Compatibility. Describes architectural compatibility among the IA-32 processors, which include the Intel 286, Intel386™, Intel486™, Pentium, P6 family, Pentium 4, and Intel Xeon processors. The differences among the 32-bit IA-32 processors are also described throughout the three volumes of the IA-32 Software Developer’s Manual, as relevant to particular features of the architecture. This chapter provides a collection of all the relevant compatibility information for all IA-32 processors and also describes the basic differences with respect to the 16-bit IA-32 processors (the Intel 8086 and Intel 286 processors).

Chapter 18 — Debugging and Performance Monitoring. Describes the debugging registers and other debug mechanism provided in the IA-32 architecture. This chapter also describes the time-stamp counter and the performance-monitoring counters.

Chapter 19 — Introduction to Virtual-Machine Extensions. Describes the basic elements of virtual machine architecture and the virtual-machine extensions of IA-32 Intel Architecture..

Chapter 20 — Virtual-Machine Control Structures. Describes components that manage VMX operation. These include the working-VMCS pointer and the controlling-VMCS pointer.

Chapter 21— VMX Non-Root Operation. Describes the operation of a VMX non-root operation. Processor operation in VMX non-root mode can be restricted programmatically such that certain operations, events or conditions can cause the processor to transfer control from the guest (running in VMX non-root mode) to the monitor software (running in VMX root mode).

Chapter 22 — VM Entries. Describes VM-entries. VM-entry transitions the processor from the VMM running in VMX root-mode to a VM running in VMX non-root mode. VM-Entry is performed by the execution of VMLAUNCH or VMRESUME instructions.

Chapter 23 — VM Exits. Describes VM-exits. Certain events, operations or situations while the processor is in VMX non-root operation may cause VM-exit transitions. In addition VMexits can also occur on failed VM-entries.

Chapter 24 — System Management. Describes the IA-32 architecture’s system management mode (SMM) facilities.

Vol. 3A 1-3

ABOUT THIS MANUAL

Chapter 25 — Virtual-Machine Monitoring Programming Considerations. Describes programming considerations for VMMs. VMMs manage virtual machines (VMs).

Chapter 26 — Virtualization of System Resources. Describes the virtualization of the system resources. These include: debugging facilities, address translation, physical memory, and microcode update facilities.

Chapter 27 — Handling Boundary Conditions in a Virtual Machine Monitor. Describes what a VMM must consider when handling exceptions, interrupts, error conditions, and transitions between activity states.

Appendix A — Performance-Monitoring Events. Lists the events that can be counted with the performance-monitoring counters and the codes used to select these events. Both Pentium processor and P6 family processor events are described.

Appendix B — Model-Specific Registers (MSRs). Lists the MSRs available in the Pentium processors, the P6 family processors, and the Pentium 4 and Intel Xeon processors and describes their functions.

Appendix C — MP Initialization For P6 Family Processors. Gives an example of how to use of the MP protocol to boot P6 family processors in n MP system.

Appendix D — Programming the LINT0 and LINT1 Inputs. Gives an example of how to program the LINT0 and LINT1 pins for specific interrupt vectors.

Appendix E — Interpreting Machine-Check Error Codes. Gives an example of how to interpret the error codes for a machine-check error that occurred on a P6 family processor.

Appendix F — APIC Bus Message Formats. Describes the message formats for messages transmitted on the APIC bus for P6 family and Pentium processors.

Appendix G — VMX Capability Reporting Facility. Describes the VMX capability MSRs. Support for specific VMX features is determined by reading capability MSRs.

Appendix H — Field Encoding in VMCS. Enumerates all fields in the VMCS and their encodings. Fields are grouped by width (16-bit, 32-bit, etc.) and type (guest-state, host-state, etc.).

Appendix I — VM Basic Exit Reasons. Describes the 32-bit fields that encode reasons for a VM-Exit. Examples of exit reasons include, but are not limited to: software interrupts, processor exceptions, software traps, NMIs, external interrupts, and triple faults.

Appendix J — VM Instruction Error Numbers. Describes the VM-instruction error codes generated by failed VM instruction executions (that have a valid working-VMCS pointer).

1.3NOTATIONAL CONVENTIONS

This manual uses specific notation for data-structure formats, for symbolic representation of instructions, and for hexadecimal and binary numbers. A review of this notation makes the manual easier to read.

1-4 Vol. 3A

ABOUT THIS MANUAL

1.3.1Bit and Byte Order

In illustrations of data structures in memory, smaller addresses appear toward the bottom of the figure; addresses increase toward the top. Bit positions are numbered from right to left. The numerical value of a set bit is equal to two raised to the power of the bit position. IA-32 processors are “little endian” machines; this means the bytes of a word are numbered starting from the least significant byte. Figure 1-1 illustrates these conventions.

1.3.2Reserved Bits and Software Compatibility

In many register and memory layout descriptions, certain bits are marked as reserved. When bits are marked as reserved, it is essential for compatibility with future processors that software treat these bits as having a future, though unknown, effect. The behavior of reserved bits should be regarded as not only undefined, but unpredictable. Software should follow these guidelines in dealing with reserved bits:

Do not depend on the states of any reserved bits when testing the values of registers which contain such bits. Mask out the reserved bits before testing.

Do not depend on the states of any reserved bits when storing to memory or to a register.

Do not depend on the ability to retain information written into any reserved bits.

When loading a register, always load the reserved bits with the values indicated in the documentation, if any, or reload them with values previously read from the same register.

NOTE

Avoid any software dependence upon the state of reserved bits in IA-32 registers. Depending upon the values of reserved register bits will make software dependent upon the unspecified manner in which the processor handles these bits. Programs that depend upon reserved values risk incompatibility with future processors.

Vol. 3A 1-5

ABOUT THIS MANUAL

Highest

 

 

 

Data Structure

 

 

 

 

 

 

 

 

31

24

23

16 15

8

7

0

 

 

 

Bit offset

 

 

Address

 

 

 

 

 

 

 

 

 

28

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

24

 

 

 

 

 

 

 

 

 

 

 

 

 

20

 

 

 

 

 

 

 

 

 

 

 

 

 

16

 

 

 

 

 

 

 

 

 

 

 

 

 

12

 

 

 

 

 

 

 

 

 

 

 

 

 

8

 

 

 

 

 

 

 

 

 

 

 

 

 

4

 

 

Lowest

 

 

 

Byte 3

Byte 2

Byte 1

 

Byte 0

 

0

 

 

 

 

 

 

 

 

 

Address

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Byte Offset

 

Figure 1-1. Bit and Byte Order

1.3.3Instruction Operands

When instructions are represented symbolically, a subset of the IA-32 assembly language is used. In this subset, an instruction has the following format:

label: mnemonic argument1, argument2, argument3

where:

A label is an identifier which is followed by a colon.

A mnemonic is a reserved name for a class of instruction opcodes which have the same function.

The operands argument1, argument2, and argument3 are optional. There may be from zero to three operands, depending on the opcode. When present, they take the form of either literals or identifiers for data items. Operand identifiers are either reserved names of registers or are assumed to be assigned to data items declared in another part of the program (which may not be shown in the example).

When two operands are present in an arithmetic or logical instruction, the right operand is the source and the left operand is the destination.

For example:

LOADREG: MOV EAX, SUBTOTAL

In this example LOADREG is a label, MOV is the mnemonic identifier of an opcode, EAX is the destination operand, and SUBTOTAL is the source operand. Some assembly languages put the source and destination in reverse order.

1-6 Vol. 3A

ABOUT THIS MANUAL

1.3.4Hexadecimal and Binary Numbers

Base 16 (hexadecimal) numbers are represented by a string of hexadecimal digits followed by the character H (for example, F82EH). A hexadecimal digit is a character from the following set: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.

Base 2 (binary) numbers are represented by a string of 1s and 0s, sometimes followed by the character B (for example, 1010B). The “B” designation is only used in situations where confusion as to the type of number might arise.

1.3.5Segmented Addressing

The processor uses byte addressing. This means memory is organized and accessed as a sequence of bytes. Whether one or more bytes are being accessed, a byte address is used to locate the byte or bytes memory. The range of memory that can be addressed is called an address space.

The processor also supports segmented addressing. This is a form of addressing where a program may have many independent address spaces, called segments. For example, a program can keep its code (instructions) and stack in separate segments. Code addresses would always refer to the code space, and stack addresses would always refer to the stack space. The following notation is used to specify a byte address within a segment:

Segment-register:Byte-address

For example, the following segment address identifies the byte at address FF79H in the segment pointed by the DS register:

DS:FF79H

The following segment address identifies an instruction address in the code segment. The CS register points to the code segment and the EIP register contains the address of the instruction.

CS:EIP

1.3.6Syntax for CPUID, CR, and MSR Values

Obtain feature flags, status, and system information by using the CPUID instruction, by checking control register bits, and by reading model-specific registers. We are moving toward a single syntax to represent this type of information. See Figure 1-2.

Vol. 3A 1-7

ABOUT THIS MANUAL

CPUID Input and Output

CPUID.01H:ECX.SSE [bit 25] = 1

Input value for EAX register

Output register and feature flag or field name with bit position(s)

Value (or range) of output

Control Register Values

CR4.OSFXSR[bit 9] = 1

Example CR name Feature flag or field name

with bit position(s) Value (or range) of output

Model-Specific Register Values

IA32_MISC_ENABLES.ENABLEFOPCODE[bit 2] = 1

Example MSR name

Feature flag or field name with bit position(s)

Value (or range) of output

OM17732

Figure 1-2. Syntax for CPUID, CR, and MSR Data Presentation

1.3.7Exceptions

An exception is an event that typically occurs when an instruction causes an error. For example, an attempt to divide by zero generates an exception. However, some exceptions, such as breakpoints, occur under other conditions. Some types of exceptions may provide error codes. An error code reports additional information about the error. An example of the notation used to show an exception and error code is shown below:

#PF(fault code)

This example refers to a page-fault exception under conditions where an error code naming a type of fault is reported. Under some conditions, exceptions which produce error codes may not

1-8 Vol. 3A

ABOUT THIS MANUAL

be able to report an accurate code. In this case, the error code is zero, as shown below for a general-protection exception.

#GP(0)

1.4RELATED LITERATURE

Literature related to IA-32 processors is listed on-line at this link: http://developer.intel.com/design/processor/

Some of the documents listed at this web site can be viewed on-line; others can be ordered. The literature available is listed by Intel processor and then by the following literature types: applications notes, data sheets, manuals, papers, and specification updates.

See also:

the data sheet for a particular Intel IA-32 processor

the specification update for a particular Intel IA-32 processor

AP-485, Intel Processor Identification and the CPUID Instruction, Order Number 241618

IA-32 Intel® Architecture Optimization Reference Manual, Order Number 248966

Vol. 3A 1-9

ABOUT THIS MANUAL

1-10 Vol. 3A

2

System Architecture

Overview

CHAPTER 2 SYSTEM ARCHITECTURE OVERVIEW

IA-32 architecture (beginning with the Intel386 processor family) provides extensive support for operating-system and system-development software. This support offers multiple modes of operation, which include:

Real mode, protected mode, virtual 8086 mode, and system management mode. These are sometimes referred to as legacy modes.

IA-32e mode (added by Intel® Extended Memory 64 Technology). IA-32e mode operates in one of two sub-modes: 64-bit mode or compatibility mode.

The IA-32 system-level architecture and includes features to assist in the following operations:

Memory management Protection of software modules Multitasking

Exception and interrupt handling Multiprocessing

Cache management

Hardware resource and power management Debugging and performance monitoring

This chapter provides a description of each part of this architecture. It also describes the system registers that are used to set up and control the processor at the system level and gives a brief overview of the processor’s system-level (operating system) instructions.

Many features of the IA-32 system-level architectural are used only by system programmers. However, application programmers may need to read this chapter and the following chapters in order to create a reliable and secure environment for application programs.

This overview and most subsequent chapters of this book focus on protected-mode operation of the IA-32 architecture. IA-32e mode operation, as it differs from protected mode operation, is also described.

All IA-32 processors enter real-address mode following a power-up or reset (see Chapter 9, “Processor Management and Initialization”). Software then initiates the switch from realaddress mode to protected mode. If IA-32e mode operation is desired, software also initiates a switch from protected mode to IA-32e mode.

Vol. 3A 2-1

SYSTEM ARCHITECTURE OVERVIEW

2.1OVERVIEW OF THE SYSTEM-LEVEL ARCHITECTURE

IA-32 system-level architecture consists of a set of registers, data structures, and instructions designed to support basic system-level operations such as memory management, interrupt and exception handling, task management, and control of multiple processors.

Figure 2-1 provides a summary of system registers and data structures that applies to 32-bit modes. System registers and data structures that apply to IA-32e mode are shown in Figure 2-2.

2-2 Vol. 3A

+ 586 hidden pages