beautypg.com

3 iret in ia-32e mode, 4 stack switching in ia-32e mode – Intel IA-32 User Manual

Page 200

background image

5-24 Vol. 3A

INTERRUPT AND EXCEPTION HANDLING

5.14.3

IRET in IA-32e Mode

In IA-32e mode, IRET executes with an 8-byte operand size. There is nothing that forces this
requirement. The stack is formatted in such a way that for actions where IRET is required, the
8-byte IRET operand size works correctly.

Because interrupt stack-frame pushes are always eight bytes in IA-32e mode, an IRET must pop
eight byte items off the stack. This is accomplished by preceding the IRET with a 64-bit
operand-size prefix. The size of the pop is determined by the address size of the instruction. The
SS/ESP/RSP size adjustment is determined by the stack size.

IRET pops SS:RSP unconditionally off the interrupt stack frame only when it is executed in
64-bit mode. In compatibility mode, IRET pops SS:RSP off the stack only if there is a CPL
change. This allows legacy applications to execute properly in compatibility mode when using
the IRET instruction. 64-bit interrupt service routines that exit with an IRET unconditionally
pop SS:RSP off of the interrupt stack frame, even if the target code segment is running in 64-bit
mode or at CPL = 0. This is because the original interrupt always pushes SS:RSP.

In IA-32e mode, IRET is allowed to load a NULL SS under certain conditions. If the target mode
is 64-bit mode and the target CPL <> 3, IRET allows SS to be loaded with a NULL selector. As
part of the stack switch mechanism, an interrupt or exception sets the new SS to NULL, instead
of fetching a new SS selector from the TSS and loading the corresponding descriptor from the
GDT or LDT. The new SS selector is set to NULL in order to properly handle returns from
subsequent nested far transfers. If the called procedure itself is interrupted, the NULL SS is
pushed on the stack frame. On the subsequent IRET, the NULL SS on the stack acts as a flag to
tell the processor not to load a new SS descriptor.

5.14.4

Stack Switching in IA-32e Mode

The legacy IA-32 architecture provides a mechanism to automatically switch stack frames in
response to an interrupt. The 64-bit extensions implement a modified version of the legacy
stack-switching mechanism and an alternative stack-switching mechanism called the interrupt
stack table (IST).

In legacy modes, the legacy IA-32 stack-switch mechanism is unchanged. In IA-32e mode, the
legacy stack-switch mechanism is modified. When stacks are switched as part of a 64-bit mode
privilege-level change (resulting from an interrupt), a new SS descriptor is not loaded. IA-32e
mode loads only an inner-level RSP from the TSS. The new SS selector is forced to NULL and
the SS selector’s RPL field is set to the new CPL. The new SS is set to NULL in order to handle
nested far transfers (CALLF, INT, interrupts and exceptions). The old SS and RSP are saved on
the new stack (Figure 5-8). On the subsequent IRET, the old SS is popped from the stack and
loaded into the SS register.