x86 Assembly Language Reference Manual

Protection Model Instructions

Store Local Descriptor Table Register (sldt)

sldt	r/m16

Operation

LDTR -> r/m[16]

Description

The Local Descriptor Table Register (LDTR) is stored by sldt as indicated by the effective address operand. LDTR is stored into the two-byte register or the memory location.

sldt is not used in application programs. It is used only in operating systems.

Example

Store the LDTR in the effective address (addressed by the EBX register plus and offset of 5):

sldt 5(%ebx)

Store Task Register (str)

str	r/m16

Operation

STR -> r/m(16

Description

The contents of the task register is stored by sldt as indicated by the effective address operand. STR is stored into the two-byte register or the memory location.

Example

Store str in the effective address (addressed by the EBX register plus an offset of 5):

str 5(%ebx)

Load Local Descriptor Table Register (lldt)

lldt    	r/m16

Operation

SELECTOR -> LDTR

Description

LDTR is loaded by LLDT. The operand (word) contains a selector to a local GDT (Global Descriptor Table). The descriptor registers are not affected.The task state segment LDT field does not change.

The LDTR is marked invalid if the selector operand is 0. A #GP fault is caused by all descriptor references (except LSL VERR, VERW, or LAR instructions).

LLDT is not used in application programs. It is used in operating systems.

Example

Load the LLDT register from the effective address (addressed by the EBX register plus and offset of 5):

lldt 5(%ebx)

Load Task Register (ltr)

ltr	r/m16

Operation

r/m16 -> Task Register

Description

The task register is loaded by LTR from the source register or memory location specified by the operand. The loaded task state segment is tagged busy. A task switch does not occur.

Example

Load the TASK register from the effective address (addressed by the EBX register plus and offset of 5):

ltr 5(%ebx)

Verify a Segment for Reading or Writing (verr, verw)

verr    	r/m16
verw    	r/m16

Operation

1 -> ZF (if segment can be read or written)

Description

VERR and VERW contains the value of a selector in the two-byte register or memory operand. VERR and VERW determine if the indicated segment can be reached in the current privilege level and whether it is readable (VERR) or writable (VERW). If the segment can be accessed, the zero flag (ZF) is set to 1, otherwise the zero flag is set to 0. For the zero flag to be set these conditions must be met:

The selector denotes a descriptor; the selector is "defined".
The selector is a code or data segment; not a task statement, LDT or a gate.
For VERR, the segment must be readable, for VERW, writable.
The descriptor privilege level (DPL) can be any value for VERR. otherwise the DPL must have the same or less privilege as the current level and the DPL of the selector.

Validation is performed as if the segment were loaded into DS, ES, FS, or GS and the indicated write or read performed. The validation results are indicated by the zero flag. The value of the selector cannot result in an exception.

Example

Determine if the segment indicated by the effective address (addressed by the EBX register plus an offset of 5) can be reached in the current privilege level and whether it is readable (VERR):

verr 5(%ebx)

Store Global/Interrupt Descriptor Table Register (sgdt, sidt)

sgdt    	mem48
sidt    	mem48

Operation

DTR -> mem48

Description

The contents of the descriptor table register is copied by sgdt/sidt to the six bytes of memory specified by the operand. The first word at the effective address is assigned the LIMIT field of the register. If the operand-size attribute is 32-bits:

The base field of the register is assigned to the next three bytes.
The fourth byte is written as zero.
The last byte is undefined.

If the operand-size attribute is 16-bits, the 32-bit BASEfield of the register is assigned to the next four bytes.

sgdt/sldt are not used in application programs, they are used in operating systems.

Example

Copy the contents of the Global Descriptor Table Register to the specified memory location:

sgdt 0x55555555

Copy the contents of the Interrupt Descriptor Table Register to the effective address (addressed by the EBX register plus an offset of 5):

sidt 5 (%ebx)

Load Global/Interrupt Descriptor Table (lgdt, lidt)

lgdt    	mem48
lidt    	mem48

Operation

MEM48 -> GDTR MEM48 -> IDTR

Description

The GDTR and IDTR are loaded with a linear base address and limit value from a six-byte operand in memory by the lgdt/lidt instructions. For a 16-bit operand:

Load the register with a 16-bit limit and a 24-bit base.
The six-byte data operand high-order eight bits are not used.

For a 32-bit operand:

Load the register with a 16-bit limit and a 32-bit base.
The six-byte data operand high-order eight bits are used as the high-order base address bits.

All 48-bits of the six-byte data operand are always stored into by the sgdt/sidt instructions. For a 16-bit and a 32-bit operand, the upper eight-bits are written with the high-order eight address bits. lgdt or lidt, when used with a 16-bit operand to load the register stored by sgdt or sidt, stores the upper eight-bits as zeros.

lgdt and lidt are not used in application programs; they are used in operation system. lgdt and lidt are the only instructions that load a linear address directly in 80386 Protected Mode.

Example

Load the Global/Interrupt Descriptor Table Register from memory address 0x55555555:

lgdt 0x55555555
lidt 0x55555555

Store Machine Status Word (smsw)

smsw    	r/m16

Operation

MSW -> r/m16

Description

The machine status word is stored by smsw in the two-byte register of memory location pointed to by the effective address operand.

80386 machines should use MOV ..., CR0.

Example

Store the machine status word in the effective address (addressed by the EBX register plus an offset of 5):

smsw 5(%ebx)

Load Machine Status Word (lmsw)

lmsw    	r/m16

Operation

r/m16 -> MSW

Description

The machine status word (part of CR0) is loaded by lmsw from the source operand. lmsw can be used to switch to Protected Mode if followed by an intersegment jump to clear the instruction queue. lmsw cannot switch back to Real Address Mode.

lmsw is not used in application programs. It is used in operating systems.

Example

Load the machine status word from the contents of the effective address (addressed by the EBX register plus an offset of 5):

lmsw 5(%ebx)

Load Access Rights (lar)

lar	r/m32, reg32

Operation

r/m16 (masked by FF00) -> r16

r/m32 (masked by 00FxFF00) -> r32

Description

If the selector is visible at the CPL (modified by the RPL) and is a valid descriptor type, lar stores a form of the second doubleword of the descriptor for the source selector. The designated register is loaded with the double-word (high-order) of the descriptor masked by 00FxFF00, and the zero flag is set to 1. The x in 00Fx ... indicates that these four bits loaded by lar are undefined. The zero flag is cleared if the selector is invisible or of the wrong type.

The 32-bit value is stored in the 32-bit destination register if the 32-bit operand size is specified. If the 16-bit operand size is specified, the lower 16-bits of this value are stored in the 16-bit destination register.

For lar, all data segment descriptors and code are valid.

Example

Load access rights from the contents of the effective address (addressed by the EBX register plus an offset of 5) into the EDX register:

lar 5(%ebx),  %edx

Load Segment Limit (lsl)

lsl	r/m32, reg32

Operation

Selector rm16 (byte) -> r16

Selector rm32 (byte) -> r32

Selector rm16 (page) -> r16

Selector rm32 (page) -> r32

Description

lsl loads a register with a segment limit (unscrambled). The descriptor type must be accepted by lsl, and the source selector must be visible at the CPL weakened by RPL. ZF is then set to 1. Otherwise, ZF is set to 0 and the destination register is unchanged.

The segment limit is loaded as a byte value. A page value limit in the descriptor is translated by lsl to a byte limit before lsl loads it in the destination register (the 20-bit limit from the descriptor is shifted left 12 and OR'd with 00000FFFH).

lsl stores the 32-bit granular limit in the 16-bit destination register.

For lsl, code and data segment descriptors are valid.

Example

Load a segment limit from the contents of the effective address (addressed by the EBX register plus an offset of 5) into the EDX register.

lsl 5(%ebx), %edx

Clear Task-Switched (clts)

clts

Operation

0 -> TS Flag in CR0

Description

The task-switched flag in register CR0 is cleared by clta. The TS Flag is set by the 80386 for each task switch. The TS Flag is used as follows:

If the TS Flag is set, each execution of the ESC instruction is trapped.
If the TS Flag and the MP Flag are both set, execution of a Wait instruction is trapped.

If a task switch is made after an ESC instruction is started, save the processor extension context before a new ESC instruction can be run. The fault handler resets the TS Flag and saves the context.

clts is not used in application program, it is used in operating systems.

clts can only be executed at privilege level 0.

Example

Clear the TS flag:

clts

Adjust RPL Field of Selector (arpl)

arpl	r16, r/m16

Operation

If RPL 1 < RPL 2, 1 -> ZF

Description

arpl has two operands. The first operand is a 16-bit word register or memory variable that contains the value of a selector. The second operand is a word register. If the RPL field of the second operand is greater than the RPL field of the first operand, ZF is set to 1 and the RPL field of the first operand is increased to match the RPL field of the second operand. Otherwise, no change is made to the first operand and the ZF is set to 0.

arpl is not used in application programs, it is used in operating systems.

arpl guarantees that a selector to a subroutine does not request a privilege greater than allowed. Normally, the second operand of arpl is a register that contains the CS selector value of the caller.

Example

arpl %sp, 5(%ebx)