CHAPTER 2

SYSTEM ARCHITECTURE OVERVIEW

I A-32 architecture (beginning with the I ntel386 processor family) provides extensive support for operating-system
and system-development software. This support offers multiple modes of operation, which include:
• Real mode, protected mode, virtual 8086 mode, and system management mode. These are sometimes
referred to as legacy modes.
I ntel 64 architecture supports almost all the system programming facilities available in I A-32 architecture and
extends them to a new operating mode (I A-32e mode) that supports a 64-bit programming environment. I A-32e
mode allows software to operate in one of two sub-modes:
• 64-bit mode supports 64-bit OS and 64-bit applications
• Compatibility mode allows most legacy software to run; it co-exists with 64-bit applications under a 64-bit OS.
The I A-32 system-level architecture and includes features to assist in the following operations:
• Memory management
• Protection of software modules
• Multitasking
• Exception and interrupt handling
• Multiprocessing
• Cache management
• Hardware resource and power management
• Debugging and performance monitoring
This chapter provides a description of each part of this architecture. I t also describes the system registers that are
used to set up and control the processor at the system level and gives a brief overview of the processor’s system-
level (operating system) instructions.
Many features of the system-level architectural are used only by system programmers. However, application
programmers may need to read this chapter and the following chapters in order to create a reliable and secure
environment for application programs.
This overview and most subsequent chapters of this book focus on protected-mode operation of the I A-32 architec-
ture. I A-32e mode operation of the I ntel 64 architecture, as it differs from protected mode operation, is also
described.
All I ntel 64 and I A-32 processors enter real-address mode following a power-up or reset (see Chapter 9, “Processor
Management and I nitialization”). Software then initiates the switch from real-address mode to protected mode. I f
I A-32e mode operation is desired, software also initiates a switch from protected mode to I A-32e mode.

2.1 OVERVIEW OF THE SYSTEM-LEVEL ARCHITECTURE

System-level architecture consists of a set of registers, data structures, and instructions designed to support basic
system-level operations such as memory management, interrupt and exception handling, task management, and
control of multiple processors.
Figure 2-1 provides a summary of system registers and data structures that applies to 32-bit modes. System regis-
ters and data structures that apply to I A-32e mode are shown in Figure 2-2.

Vol. 3A 2-1
SYSTEM ARCHITECTURE OVERVIEW

EFLAGS Register Physical Address

Code, Data or
Linear Address Stack Segment
Control Registers
Task-State
CR4 Segment Selector Segment (TSS) Task
CR3
Code
CR2 Register
CR1 Data
CR0 Stack
Global Descriptor
Task Register Table (GDT)

Segment Sel. Interrupt Handler

Seg. Desc.
Code
Current
Interrupt TSS Seg. Sel. TSS Desc. TSS Stack
Vector
Seg. Desc.
Interrupt Descriptor Task-State
Table (IDT) Segment (TSS) Task
TSS Desc.
Code
Interrupt Gate LDT Desc. Data
Stack
Task Gate
GDTR
Trap Gate
Local Descriptor Exception Handler
Table (LDT) Code
Current
TSS Stack
IDTR Call-Gate Seg. Desc.
Segment Selector
Call Gate
Protected Procedure
Code
XCR0 (XFEM) LDTR Current
TSS Stack

Linear Address Space Linear Address

Dir Table Offset

Linear Addr.
Page Directory Page Table Page

Physical Addr.
Pg. Dir. Entry Pg. Tbl. Entry

0 This page mapping example is for 4-KByte pages

CR3* and the normal 32-bit physical address size.
*Physical Address

Figure 2-1. IA-32 System-Level Registers and Data Structures

2-2 Vol. 3A
 SYSTEM ARCHITECTURE OVERVIEW

RFLAGS
Physical Address
Code, Data or Stack
Control Register Linear Address Segment (Base =0)
CR8 Task-State
CR4 Segment Selector Segment (TSS)
CR3
CR2 Register
CR1
CR0 Global Descriptor
Task Register Table (GDT)

Segment Sel. Interrupt Handler

Seg. Desc.
Code
NULL
Interrupt TR TSS Desc. Stack
Vector
Seg. Desc.
Interrupt Descriptor
Table (IDT) Seg. Desc. Interr. Handler
Code
Interrupt Gate LDT Desc. Current TSS
Stack
Interrupt Gate
GDTR
IST
Trap Gate
Local Descriptor Exception Handler
Table (LDT) Code
NULL
Stack
IDTR Call-Gate Seg. Desc.
Segment Selector
Call Gate
Protected Procedure
XCR0 (XFEM) Code
LDTR NULL
Stack

Linear Address Space Linear Address

PML4 Dir. Pointer Directory Table Offset

Linear Addr.
PML4 Pg. Dir. Ptr. Page Dir. Page Table Page

Physical
PML4. Pg. Dir. Page Tbl Addr.
Entry Entry Entry

0 This page mapping example is for 4-KByte pages

CR3* and 40-bit physical address size.
*Physical Address

Figure 2-2. System-Level Registers and Data Structures in IA-32e Mode

2.1.1 Global and Local Descriptor Tables

When operating in protected mode, all memory accesses pass through either the global descriptor table (GDT) or
an optional local descriptor table (LDT) as shown in Figure 2-1. These tables contain entries called segment
descriptors. Segment descriptors provide the base address of segments well as access rights, type, and usage
information.
Each segment descriptor has an associated segment selector. A segment selector provides the software that uses
it with an index into the GDT or LDT (the offset of its associated segment descriptor), a global/ local flag (deter-
mines whether the selector points to the GDT or the LDT), and access rights information.

Vol. 3A 2-3
SYSTEM ARCHITECTURE OVERVIEW

To access a byte in a segment, a segment selector and an offset must be supplied. The segment selector provides
access to the segment descriptor for the segment (in the GDT or LDT). From the segment descriptor, the processor
obtains the base address of the segment in the linear address space. The offset then provides the location of the
byte relative to the base address. This mechanism can be used to access any valid code, data, or stack segment,
provided the segment is accessible from the current privilege level (CPL) at which the processor is operating. The
CPL is defined as the protection level of the currently executing code segment.
See Figure 2-1. The solid arrows in the figure indicate a linear address, dashed lines indicate a segment selector,
and the dotted arrows indicate a physical address. For simplicity, many of the segment selectors are shown as
direct pointers to a segment. However, the actual path from a segment selector to its associated segment is always
through a GDT or LDT.
The linear address of the base of the GDT is contained in the GDT register (GDTR); the linear address of the LDT is
contained in the LDT register (LDTR).

2.1.1.1 Global and Local Descriptor Tables in IA-32e Mode

GDTR and LDTR registers are expanded to 64-bits wide in both I A-32e sub-modes (64-bit mode and compatibility
mode). For more information: see Section 3.5.2, “Segment Descriptor Tables in I A-32e Mode.”
Global and local descriptor tables are expanded in 64-bit mode to support 64-bit base addresses, (16-byte LDT
descriptors hold a 64-bit base address and various attributes). I n compatibility mode, descriptors are not
expanded.

2.1.2 System Segments, Segment Descriptors, and Gates

Besides code, data, and stack segments that make up the execution environment of a program or procedure, the
architecture defines two system segments: the task-state segment (TSS) and the LDT. The GDT is not considered
a segment because it is not accessed by means of a segment selector and segment descriptor. TSSs and LDTs have
segment descriptors defined for them.
The architecture also defines a set of special descriptors called gates (call gates, interrupt gates, trap gates, and
task gates). These provide protected gateways to system procedures and handlers that may operate at a different
privilege level than application programs and most procedures. For example, a CALL to a call gate can provide
access to a procedure in a code segment that is at the same or a numerically lower privilege level (more privileged)
than the current code segment. To access a procedure through a call gate, the calling procedure 1 supplies the
selector for the call gate. The processor then performs an access rights check on the call gate, comparing the CPL
with the privilege level of the call gate and the destination code segment pointed to by the call gate.
I f access to the destination code segment is allowed, the processor gets the segment selector for the destination
code segment and an offset into that code segment from the call gate. I f the call requires a change in privilege
level, the processor also switches to the stack for the targeted privilege level. The segment selector for the new
stack is obtained from the TSS for the currently running task. Gates also facilitate transitions between 16-bit and
32-bit code segments, and vice versa.

2.1.2.1 Gates in IA-32e Mode

I n I A-32e mode, the following descriptors are 16-byte descriptors (expanded to allow a 64-bit base): LDT descrip-
tors, 64-bit TSSs, call gates, interrupt gates, and trap gates.
Call gates facilitate transitions between 64-bit mode and compatibility mode. Task gates are not supported in I A-
32e mode. On privilege level changes, stack segment selectors are not read from the TSS. I nstead, they are set to
NULL.

1. The word “procedure” is commonly used in this document as a general term for a logical unit or block of code (such as a program, pro-
cedure, function, or routine).

2-4 Vol. 3A
 SYSTEM ARCHITECTURE OVERVIEW

2.1.3 Task-State Segments and Task Gates

The TSS (see Figure 2-1) defines the state of the execution environment for a task. I t includes the state of general-
purpose registers, segment registers, the EFLAGS register, the EI P register, and segment selectors with stack
pointers for three stack segments (one stack for each privilege level). The TSS also includes the segment selector
for the LDT associated with the task and the base address of the paging-structure hierarchy.
All program execution in protected mode happens within the context of a task (called the current task). The
segment selector for the TSS for the current task is stored in the task register. The simplest method for switching
to a task is to make a call or jump to the new task. Here, the segment selector for the TSS of the new task is given
in the CALL or J MP instruction. I n switching tasks, the processor performs the following actions:
1. Stores the state of the current task in the current TSS.
2. Loads the task register with the segment selector for the new task.
3. Accesses the new TSS through a segment descriptor in the GDT.
4. Loads the state of the new task from the new TSS into the general-purpose registers, the segment registers,
the LDTR, control register CR3 (base address of the paging-structure hierarchy), the EFLAGS register, and the
EI P register.
5. Begins execution of the new task.
A task can also be accessed through a task gate. A task gate is similar to a call gate, except that it provides access
(through a segment selector) to a TSS rather than a code segment.

2.1.3.1 Task-State Segments in IA-32e Mode

Hardware task switches are not supported in I A-32e mode. However, TSSs continue to exist. The base address of
a TSS is specified by its descriptor.
A 64-bit TSS holds the following information that is important to 64-bit operation:
• Stack pointer addresses for each privilege level
• Pointer addresses for the interrupt stack table
• Offset address of the I O-permission bitmap (from the TSS base)
The task register is expanded to hold 64-bit base addresses in I A-32e mode. See also: Section 7.7, “Task Manage-
ment in 64-bit Mode.”

2.1.4 Interrupt and Exception Handling

External interrupts, software interrupts and exceptions are handled through the interrupt descriptor table (I DT).
The I DT stores a collection of gate descriptors that provide access to interrupt and exception handlers. Like the
GDT, the I DT is not a segment. The linear address for the base of the I DT is contained in the I DT register (I DTR).
Gate descriptors in the I DT can be interrupt, trap, or task gate descriptors. To access an interrupt or exception
handler, the processor first receives an interrupt vector (interrupt number) from internal hardware, an external
interrupt controller, or from software by means of an I NT, I NTO, I NT 3, or BOUND instruction. The interrupt vector
provides an index into the I DT. I f the selected gate descriptor is an interrupt gate or a trap gate, the associated
handler procedure is accessed in a manner similar to calling a procedure through a call gate. I f the descriptor is a
task gate, the handler is accessed through a task switch.

2.1.4.1 Interrupt and Exception Handling IA-32e Mode

I n I A-32e mode, interrupt descriptors are expanded to 16 bytes to support 64-bit base addresses. This is true for
64-bit mode and compatibility mode.
The I DTR register is expanded to hold a 64-bit base address. Task gates are not supported.

Vol. 3A 2-5
SYSTEM ARCHITECTURE OVERVIEW

2.1.5 Memory Management

System architecture supports either direct physical addressing of memory or virtual memory (through paging).
When physical addressing is used, a linear address is treated as a physical address. When paging is used: all code,
data, stack, and system segments (including the GDT and I DT) can be paged with only the most recently accessed
pages being held in physical memory.
The location of pages (sometimes called page frames) in physical memory is contained in the paging structures.
These structures reside in physical memory (see Figure 2-1 for the case of 32-bit paging).
The base physical address of the paging-structure hierarchy is contained in control register CR3. The entries in the
paging structures determine the physical address of the base of a page frame, access rights and memory manage-
ment information.
To use this paging mechanism, a linear address is broken into parts. The parts provide separate offsets into the
paging structures and the page frame. A system can have a single hierarchy of paging structures or several. For
example, each task can have its own hierarchy.

2.1.5.1 Memory Management in IA-32e Mode

I n I A-32e mode, physical memory pages are managed by a set of system data structures. I n compatibility mode
and 64-bit mode, four levels of system data structures are used. These include:
• The page map level 4 (PML4) — An entry in a PML4 table contains the physical address of the base of a page
directory pointer table, access rights, and memory management information. The base physical address of the
PML4 is stored in CR3.
• A set of page directory pointer tables — An entry in a page directory pointer table contains the physical
address of the base of a page directory table, access rights, and memory management information.
• Sets of page directories — An entry in a page directory table contains the physical address of the base of a
page table, access rights, and memory management information.
• Sets of page tables — An entry in a page table contains the physical address of a page frame, access rights,
and memory management information.

2.1.6 System Registers

To assist in initializing the processor and controlling system operations, the system architecture provides system
flags in the EFLAGS register and several system registers:
• The system flags and I OPL field in the EFLAGS register control task and mode switching, interrupt handling,
instruction tracing, and access rights. See also: Section 2.3, “System Flags and Fields in the EFLAGS Register.”
• The control registers (CR0, CR2, CR3, and CR4) contain a variety of flags and data fields for controlling system-
level operations. Other flags in these registers are used to indicate support for specific processor capabilities
within the operating system or executive. See also: Section 2.5, “Control Registers.”
• The debug registers (not shown in Figure 2-1) allow the setting of breakpoints for use in debugging programs
and systems software. See also: Chapter 17, “Debugging, Branch Profiling, and Time-Stamp Counter.”
• The GDTR, LDTR, and I DTR registers contain the linear addresses and sizes (limits) of their respective tables.
See also: Section 2.4, “Memory-Management Registers.”
• The task register contains the linear address and size of the TSS for the current task. See also: Section 2.4,
“Memory-Management Registers.”
• Model-specific registers (not shown in Figure 2-1).
The model-specific registers (MSRs) are a group of registers available primarily to operating-system or executive
procedures (that is, code running at privilege level 0). These registers control items such as the debug extensions,
the performance-monitoring counters, the machine- check architecture, and the memory type ranges (MTRRs).
The number and function of these registers varies among different members of the I ntel 64 and I A-32 processor
families. See also: Section 9.4, “Model-Specific Registers (MSRs),” and Chapter 35, “Model-Specific Registers
(MSRs).”

2-6 Vol. 3A