background image

4-4 Vol. 3A


CR4.PAE cannot be cleared while IA-32e paging is active (CR0.PG = 1 and IA32_EFER.LME = 1). Attempts to 
do so using MOV to CR4 cause a general-protection exception (#GP(0)).

Regardless of the current paging mode, software can disable paging by clearing CR0.PG with MOV to CR0.


Software can make transitions between 32-bit paging and PAE paging by changing the value of CR4.PAE with 
MOV to CR4.

Software cannot make transitions directly between IA-32e paging and either of the other two paging modes. It 
must first disable paging (by clearing CR0.PG with MOV to CR0), then set CR4.PAE and IA32_EFER.LME to the 
desired values (with MOV to CR4 and WRMSR), and then re-enable paging (by setting CR0.PG with MOV to 
CR0). As noted earlier, an attempt to clear either CR4.PAE or IA32_EFER.LME cause a general-protection 
exception (#GP(0)).

VMX transitions allow transitions between paging modes that are not possible using MOV to CR or WRMSR. This 
is because VMX transitions can load CR0, CR4, and IA32_EFER in one operation. See Section 4.11.1.

4.1.3 Paging-Mode 


Details of how each paging mode operates are determined by the following control bits:

The WP flag in CR0 (bit 16).

The PSE, PGE, PCIDE, SMEP, SMAP, and PKE flags in CR4 (bit 4, bit 7, bit 17, bit 20, bit 21, and bit 22 respec-

The NXE flag in the IA32_EFER MSR (bit 11).

CR0.WP allows pages to be protected from supervisor-mode writes. If CR0.WP = 0, supervisor-mode write 
accesses are allowed to linear addresses with read-only access rights; if CR0.WP = 1, they are not. (User-mode 
write accesses are never allowed to linear addresses with read-only access rights, regardless of the value of 
CR0.WP.) Section 4.6 explains how access rights are determined, including the definition of supervisor-mode and 
user-mode accesses.
CR4.PSE enables 4-MByte pages for 32-bit paging. If CR4.PSE = 0, 32-bit paging can use only 4-KByte pages; if 
CR4.PSE = 1, 32-bit paging can use both 4-KByte pages and 4-MByte pages. See Section 4.3 for more information. 
(PAE paging and IA-32e paging can use multiple page sizes regardless of the value of CR4.PSE.)
CR4.PGE enables global pages. If CR4.PGE = 0, no translations are shared across address spaces; if CR4.PGE = 1, 
specified translations may be shared across address spaces. See Section for more information.
CR4.PCIDE enables process-context identifiers (PCIDs) for IA-32e paging (CR4.PCIDE can be 1 only when IA-32e 
paging is in use). PCIDs allow a logical processor to cache information for multiple linear-address spaces. See 
Section 4.10.1 for more information.
CR4.SMEP allows pages to be protected from supervisor-mode instruction fetches. If CR4.SMEP = 1, software 
operating in supervisor mode cannot fetch instructions from linear addresses that are accessible in user mode. 
Section 4.6 explains how access rights are determined, including the definition of supervisor-mode accesses and 
user-mode accessibility.
CR4.SMAP allows pages to be protected from supervisor-mode data accesses. If CR4.SMAP = 1, software operating 
in supervisor mode cannot access data at linear addresses that are accessible in user mode. Software can override 
this protection by setting EFLAGS.AC. Section 4.6 explains how access rights are determined, including the defini-
tion of supervisor-mode accesses and user-mode accessibility.
CR4.PKE allows each linear address to be associated with a protection key. The PKRU register specifies, for each 
protection key, whether linear addresses with that protection key can be read or written by software. See Section 
4.6 for more 
IA32_EFER.NXE enables execute-disable access rights for PAE paging and IA-32e paging. If IA32_EFER.NXE = 1, 
instruction fetches can be prevented from specified linear addresses (even if data reads from the addresses are 
allowed). Section 4.6 explains how access rights are determined. (IA32_EFER.NXE has no effect with 32-bit 

1. If CR4.PCIDE = 1, an attempt to clear CR0.PG causes a general-protection exception (#GP); software should clear CR4.PCIDE before 

attempting to disable paging.