background image

13-12 Vol. 1

MANAGING STATE USING THE XSAVE FEATURE SET

13.5.6 PT 

State

The register state used by Intel Processor Trace (PT state) comprises the following 9 MSRs: IA32_RTIT_CTL, 
IA32_RTIT_OUTPUT_BASE, IA32_RTIT_OUTPUT_MASK_PTRS, IA32_RTIT_STATUS, IA32_RTIT_CR3_MATCH, 
IA32_RTIT_ADDR0_A, IA32_RTIT_ADDR0_B, IA32_RTIT_ADDR1_A, and IA32_RTIT_ADDR1_B.

1

As noted in Section 13.1, the XSAVE feature set manages PT state as supervisor state component 8. Thus, PT state 
is located in the extended region of the XSAVE area (see Section 13.4.3). As noted in Section 13.2, 
CPUID.(EAX=0DH,ECX=8):EAX enumerates the size (in bytes) required for PT state. The MSRs are each allocated 
8 bytes in the state component in the order given above. Thus, IA32_RTIT_CTL is at byte offset 0, 
IA32_RTIT_OUTPUT_BASE at byte offset 8, etc. Any locations in the state component at or beyond byte offset 72 
are reserved.
PT state is XSAVE-managed but Intel Processor Trace is not XSAVE-enabled. The XSAVE feature set can operate on 
PT state only if the feature set is enabled (CR4.OSXSAVE = 1) and has been configured to manage PT state 
(IA32_XSS[8] = 1). Software can otherwise use Intel Processor Trace and access its MSRs (using RDMSR and 
WRMSR) even if the XSAVE feature set is not enabled or has not been configured to manage PT state.
The following items describe special treatment of PT state by the XSAVES and XRSTORS instructions:

If XSAVES saves PT state, the instruction clears IA32_RTIT_CTL.TraceEn (bit 0) after saving the value of the 
IA32_RTIT_CTL MSR and before saving any other PT state. If XSAVES causes a fault or a VM exit, it restores 
IA32_RTIT_CTL.TraceEn to its original value.

If XSAVES saves PT state, the instruction saves zeroes in the reserved portions of the state component.

If XRSTORS would restore (or initialize) PT state and IA32_RTIT_CTL.TraceEn = 1, the instruction causes a 
general-protection exception (#GP) before modifying PT state.

If XRSTORS causes an exception or a VM exit, it does so before any modification to IA32_RTIT_CTL.TraceEn 
(even if it has loaded other PT state).

13.5.7 PKRU 

State

The register state used by the protection-key feature (PKRU state) is the 32-bit PKRU register. As noted in Section 
13.1, the XSAVE feature set manages PKRU state as user state component 9. Thus, PKRU state is located in the 
extended region of the XSAVE area (see Section 13.4.3).
As noted in Section 13.2, CPUID.(EAX=0DH,ECX=9):EBX enumerates the offset (in bytes, from the base of the 
XSAVE area) of the section of the extended region of the XSAVE area used for PKRU state (when the standard 
format of the extended region is used). CPUID.(EAX=0DH,ECX=9):EAX enumerates the size (in bytes) required for 
PKRU state. The XSAVE feature set uses bytes 3:0 of the PK-state section for the PKRU register.
PKRU state is XSAVE-managed but the protection-key feature is not XSAVE-enabled. The XSAVE feature set can 
operate on PKRU state only if the feature set is enabled (CR4.OSXSAVE = 1) and has been configured to manage 
PKRU state (XCR0[9] = 1). Software can otherwise use protection keys and access PKRU state even if the XSAVE 
feature set is not enabled or has not been configured to manage PKRU state.
The value of the PKRU register determines the access rights for user-mode linear addresses. (See Section 4.6, 
“Access Rights,” of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A.) The access rights 
that pertain to an execution of the XRSTOR and XRSTORS instructions are determined by the value of the register 
before the execution and not by any value that the execution might load into the PKRU register.

13.6 

PROCESSOR TRACKING OF XSAVE-MANAGED STATE

The XSAVEOPT, XSAVEC, and XSAVES instructions use two optimization to reduce the amount of data that they 
write to memory. They avoid writing data for any state component known to be in its initial configuration (the init 
optimization). In addition, if either XSAVEOPT or XSAVES is using the same XSAVE area as that used by the most 

1. These MSRs might not be supported by every processor that supports Intel Processor Trace. Software can use the CPUID instruction 

to discover which are supported; see Section 36.3.1, “Detection of Intel Processor Trace and Capability Enumeration,” of Intel® 64 

and IA-32 Architectures Software Developer’s Manual, Volume 3C.