5-4 Vol. 3A
PROTECTION
•
IA-32e mode uses a previously unused bit in the CS descriptor. Bit 53 is defined as the 64-bit (L) flag and is
used to select between 64-bit mode and compatibility mode when IA-32e mode is active (IA32_EFER.LMA = 1).
See Figure 5-2.
— If CS.L = 0 and IA-32e mode is active, the processor is running in compatibility mode. In this case, CS.D
selects the default size for data and addresses. If CS.D = 0, the default data and address size is 16 bits. If
CS.D = 1, the default data and address size is 32 bits.
— If CS.L = 1 and IA-32e mode is active, the only valid setting is CS.D = 0. This setting indicates a default
operand size of 32 bits and a default address size of 64 bits. The CS.L = 1 and CS.D = 1 bit combination is
reserved for future use and a #GP fault will be generated on an attempt to use a code segment with these
bits set in IA-32e mode.
•
In IA-32e mode, the CS descriptor’s DPL is used for execution privilege checks (as in legacy 32-bit mode).
5.3 LIMIT
CHECKING
The limit field of a segment descriptor prevents programs or procedures from addressing memory locations outside
the segment. The effective value of the limit depends on the setting of the G (granularity) flag (see Figure 5-1). For
data segments, the limit also depends on the E (expansion direction) flag and the B (default stack pointer size
and/or upper bound) flag. The E flag is one of the bits in the type field when the segment descriptor is for a data-
segment type.
When the G flag is clear (byte granularity), the effective limit is the value of the 20-bit limit field in the segment
descriptor. Here, the limit ranges from 0 to FFFFFH (1 MByte). When the G flag is set (4-KByte page granularity),
the processor scales the value in the limit field by a factor of 2
12
(4 KBytes). In this case, the effective limit ranges
from FFFH (4 KBytes) to FFFFFFFFH (4 GBytes). Note that when scaling is used (G flag is set), the lower 12 bits of
a segment offset (address) are not checked against the limit; for example, note that if the segment limit is 0,
offsets 0 through FFFH are still valid.
For all types of segments except expand-down data segments, the effective limit is the last address that is allowed
to be accessed in the segment, which is one less than the size, in bytes, of the segment. The processor causes a
general-protection exception (or, if the segment is SS, a stack-fault exception) any time an attempt is made to
access the following addresses in a segment:
•
A byte at an offset greater than the effective limit
•
A word at an offset greater than the (effective-limit – 1)
•
A doubleword at an offset greater than the (effective-limit – 3)
•
A quadword at an offset greater than the (effective-limit – 7)
Figure 5-2. Descriptor Fields with Flags used in IA-32e Mode
31
24 23 22 21 20 19
16 15
13
14
12 11
8 7
0
P
G
D
P
L
Type
1
L
4
0
0
A
V
L
D
A
R
C
1
Code-Segment Descriptor
31
A
C
D
DPL
Accessed
Conforming
Default
Descriptor Privilege Level
G
R
Granularity
Readable
AVL Available to Sys. Programmer’s
L
64-Bit Flag
P Present