1 sysenter and sysexit instructions in ia-32e mode – Intel IA-32 User Manual
Page 159
Vol. 3A 4-29
PROTECTION
MSRs and general-purpose registers eliminates all memory accesses except when fetching the
target code.
Any additional state that needs to be saved to allow a return to the calling procedure must be
saved explicitly by the calling procedure or be predefined through programming conventions.
4.8.7.1
SYSENTER and SYSEXIT Instructions in IA-32e Mode
For processors supporting Intel EM64T, the SYSENTER and SYSEXIT instructions are
enhanced to allow fast system calls from user code running at privilege level 3 (in compatibility
mode or 64-bit mode) to 64-bit executive procedures running at privilege level 0.
IA32_SYSENTER_EIP MSR and IA32_SYSENTER_ESP MSR are expanded to hold 64-bit
addresses. If IA-32e mode is inactive, only the lower 32-bit addresses stored in these MSRs are
used. If 64-bit mode is active, addresses stored in IA32_SYSENTER_EIP and
IA32_SYSENTER_ESP must be canonical. Note that, in 64-bit mode, IA32_SYSENTER_CS
must not contain a NULL selector.
When SYSENTER transfers control, the following fields are generated and bits set:
•
Target code segment — Reads non-NULL selector from IA32_SYSENTER_CS.
•
New CS attributes — CS base = 0, CS limit = FFFFFFFFH.
•
Target instruction — Reads 64-bit canonical address from IA32_SYSENTER_EIP.
•
Stack segment — Computed by adding 8 to the value from IA32_SYSENTER_CS.
•
Stack pointer — Reads 64-bit canonical address from IA32_SYSENTER_ESP.
•
New SS attributes — SS base = 0, SS limit = FFFFFFFFH.
When the SYSEXIT instruction transfers control to 64-bit mode user code using REX.W, the
following fields are generated and bits set:
•
Target code segment — Computed by adding 32 to the value in IA32_SYSENTER_CS.
•
New CS attributes — L-bit = 1 (go to 64-bit mode).
•
Target instruction — Reads 64-bit canonical address in RDX.
•
Stack segment — Computed by adding 40 to the value of IA32_SYSENTER_CS.
•
Stack pointer — Update RSP using 64-bit canonical address in RCX.