background image

Vol. 1 13-21

MANAGING STATE USING THE XSAVE FEATURE SET

State components 0 and 1 are located in the legacy region of the XSAVE area (see Section 13.4.1). Each state 
component i, 2 ≤ i ≤ 62, is located in the extended region; XRSTORS uses the compacted format for the 

extended region (see Section 13.4.3).
The MXCSR register is part of SSE state (see Section 13.5.2) and is thus loaded from memory if RFBM[1] = 
XSTATE_BV[i] = 1. XRSTORS causes a general-protection exception (#GP) if it would load MXCSR with an 
illegal value.

If an execution of XRSTORS causes an exception or a VM exit during or after restoring a supervisor state compo-
nent, each element of that state component may have the value it held before the XRSTORS execution, the value 
loaded from the XSAVE area, or the element’s initial value (as defined in Section 13.6). See Section 13.5.6 for 
some special treatment of PT state for the case in which XRSTORS causes an exception or a VM exit.
Like XRSTOR, execution of XRSTORS causes the processor to update is tracking for the init and modified optimiza-
tions (see Section 13.6 and Section 13.8.3). The following items provide details:

The processor updates its tracking for the init optimization as follows:
— If  RFBM[i] =  0,  XINUSE[i] is not changed.
— If  RFBM[i] = 1 and XSTATE_BV[i] = 0, state component i may be tracked as init; XINUSE[i] may be set to 

0 or 1.

— If  RFBM[i] = 1 and XSTATE_BV[i] = 1, state component i is tracked as not init; XINUSE[i] is set to 1.

The processor updates its tracking for the modified optimization and records information about the XRSTORS 
execution for future interaction with the XSAVEOPT and XSAVES instructions as follows:
— If  RFBM[i] = 0, state component i is tracked as modified; XMODIFIED[i] is set to 1.
— If  RFBM[i] = 1, state component i may be tracked as unmodified; XMODIFIED[i] may be set to 0 or 1.
— XRSTOR_INFO is set to the 4-tuple 

w,x,y,z

, where w is the CPL; x is 1 if the logical processor is in VMX 

non-root operation and 0 otherwise; y is the linear address of the XSAVE area; and z is XCOMP_BV (this 
implies that z[63] = 1).

13.13  MEMORY ACCESSES BY THE XSAVE FEATURE SET

Each instruction in the XSAVE feature set operates on a set of XSAVE-managed state components. The specific set 
of components on which an instruction operates is determined by the values of XCR0, the IA32_XSS MSR, 
EDX:EAX, and (for XRSTOR and XRSTORS) the XSAVE header.
Section 13.4 provides the details necessary to determine the location of each state component for any execution of 
an instruction in the XSAVE feature set. An execution of an instruction in the XSAVE feature set may access any 
byte of any state component on which that execution operates.
Section 13.5 provides details of the different XSAVE-managed state components. Some portions of some of these 
components are accessible only in 64-bit mode. Executions of XRSTOR and XRSTORS outside 64-bit mode will not 
update those portions; executions of XSAVE, XSAVEC, XSAVEOPT, and XSAVES will not modify the corresponding 
locations in memory.
Despite this fact, any execution of these instructions outside 64-bit mode may access any byte in any state compo-
nent on which that execution operates — even those at addresses corresponding to registers that are accessible 
only in 64-bit mode. As result, such an execution may incur a fault due to an attempt to access such an address.
For example, an execution of XSAVE outside 64-bit mode may incur a page fault if paging does not map as 
read/write the section of the XSAVE area containing state component 7 (Hi16_ZMM state) — despite the fact that 
state component 7 can be accessed only in 64-bit mode.