Specifications

ManualsBrandsIntel Manualscomputer componentsGalileo Gen 2 Board

101

102

103

104

105

106

107

108

109

110

Intel

Quark SoC X1000 Core

October 2013 Developer’s Manual

Order Number: 329679-001US 101

Protected Mode Architecture—Intel

Quark Core

If CR4.SMEP = 1, instructions may be fetched from any linear address with a

valid translation for which the U/S flag (bit 2) is 0 in at least one of the paging-

structure entries controlling the translation.

— For PAE paging or IA-32e paging with IA32_EFER.NXE = 1, access rights

depend on the value of CR4.SMEP:

If CR4.SMEP = 0, instructions may be fetched from any linear address with a

valid translation for which the XD flag (bit 63) is 0 in every paging-structure

entry controlling the translation.

If CR4.SMEP = 1, instructions may be fetched from any linear address with a

valid translation for which (1) the U/S flag is 0 in at least one of the paging-

structure entries controlling the translation; and (2) the XD flag is 0 in every

paging-structure entry controlling the translation.

For user-mode accesses:

• Data reads.

Data may be read from any linear address with a valid translation for which the U/S

flag (bit 2) is 1 in every paging-structure entry controlling the translation.

• Data writes.

Data may be written to any linear address with a valid translation for which both

the R/W flag and the U/S flag are 1 in every paging-structure entry controlling the

translation.

• Instruction fetches.

— For 32-bit paging or if IA32_EFER.NXE = 0, instructions may be fetched from

any linear address with a valid translation for which the U/S flag is 1 in every

paging-structure entry controlling the translation.

— For PAE paging or IA-32e paging with IA32_EFER.NXE = 1, instructions may be

fetched from any linear address with a valid translation for which the U/S flag is

1 and the XD flag is 0 in every paging-structure entry controlling the

translation.

A processor may cache information from the paging-structure entries in TLBs and

paging-structure caches (see Section 6.4.8). These structures may include information

about access rights. The processor may enforce access rights based on the TLBs and

paging-structure caches instead of on the paging structures in memory.

This fact implies that, if software modifies a paging-structure entry to change access

rights, the processor might not use that change for a subsequent access to an affected

linear address.

6.4.5.1 SMEP Details for Intel

Quark SoC X1000 Core

• Functionality/implementation is same as Silvermont.

• Enabled by setting CR4.SMEP (CR4[20])= 1.

• In supervisor mode (CPL < 3), a #PF is caused by code fetch from a page whose

mapping has the U/S bit set (CPL=3) at every level of the translation for the linear

address. If U/S is 0 at any level, CR4.SMEP does not cause a #PF.

— (CPL==OS) & PAGE==USER & (CR0.PG==1)

• #PF: if (CR4.SMEP=1), and CPL<3 and instruction is fetched from user mode page.

Error code = 10001b

— Page is present, Access was not a write (data read or code fetch), Access was

in supervisor mode (CPL < 3), No reserved-bit violation, Access was an

instruction fetch.