Vol. 3A 9-11
PROCESSOR MANAGEMENT AND INITIALIZATION
After the processor has switched to protected mode, the LTR instruction can be used to load a segment selector for
a TSS descriptor into the task register. This instruction marks the TSS descriptor as busy, but does not perform a
task switch. The processor can, however, use the TSS to locate pointers to privilege-level 0, 1, and 2 stacks. The
segment selector for the TSS must be loaded before software performs its first task switch in protected mode,
because a task switch copies the current task state into the TSS.
After the LTR instruction has been executed, further operations on the task register are performed by task
switching. As with other segments and LDTs, TSSs and TSS descriptors can be either pre-allocated or allocated as
needed.
9.8.5
Initializing IA-32e Mode
On Intel 64 processors, the IA32_EFER MSR is cleared on system reset. The operating system must be in protected
mode with paging enabled before attempting to initialize IA-32e mode. IA-32e mode operation also requires phys-
ical-address extensions with four levels of enhanced paging structures (see Section 4.5, “IA-32e Paging”).
Operating systems should follow this sequence to initialize IA-32e mode:
1. Starting from protected mode, disable paging by setting CR0.PG = 0. Use the MOV CR0 instruction to disable
paging (the instruction must be located in an identity-mapped page).
2. Enable physical-address extensions (PAE) by setting CR4.PAE = 1. Failure to enable PAE will result in a #GP
fault when an attempt is made to initialize IA-32e mode.
3. Load CR3 with the physical base address of the Level 4 page map table (PML4).
4. Enable IA-32e mode by setting IA32_EFER.LME = 1.
5. Enable paging by setting CR0.PG = 1. This causes the processor to set the IA32_EFER.LMA bit to 1. The MOV
CR0 instruction that enables paging and the following instructions must be located in an identity-mapped page
(until such time that a branch to non-identity mapped pages can be effected).
64-bit mode paging tables must be located in the first 4 GBytes of physical-address space prior to activating IA-32e
mode. This is necessary because the MOV CR3 instruction used to initialize the page-directory base must be
executed in legacy mode prior to activating IA-32e mode (setting CR0.PG = 1 to enable paging). Because MOV CR3
is executed in protected mode, only the lower 32 bits of the register are written, limiting the table location to the
low 4 GBytes of memory. Software can relocate the page tables anywhere in physical memory after IA-32e mode
is activated.
The processor performs 64-bit mode consistency checks whenever software attempts to modify any of the enable
bits directly involved in activating IA-32e mode (IA32_EFER.LME, CR0.PG, and CR4.PAE). It will generate a general
protection fault (#GP) if consistency checks fail. 64-bit mode consistency checks ensure that the processor does
not enter an undefined mode or state with unpredictable behavior.
64-bit mode consistency checks fail in the following circumstances:
•
An attempt is made to enable or disable IA-32e mode while paging is enabled.
•
IA-32e mode is enabled and an attempt is made to enable paging prior to enabling physical-address extensions
(PAE).
•
IA-32e mode is active and an attempt is made to disable physical-address extensions (PAE).
•
If the current CS has the L-bit set on an attempt to activate IA-32e mode.
•
If the TR contains a 16-bit TSS.
9.8.5.1
IA-32e Mode System Data Structures
After activating IA-32e mode, the system-descriptor-table registers (GDTR, LDTR, IDTR, TR) continue to reference
legacy protected-mode descriptor tables. Tables referenced by the descriptors all reside in the lower 4 GBytes of
linear-address space. After activating IA-32e mode, 64-bit operating-systems should use the LGDT, LLDT, LIDT,
and LTR instructions to load the system-descriptor-table registers with references to 64-bit descriptor tables.