Opcode / Instruction | Op/En | 64/32 bit Mode Support | CPUID Feature Flag | Description |
---|---|---|---|---|
NP 0F C7 /5 XSAVES mem | M | V/V | XSS | Save state components specified by EDX:EAX to mem with compaction, optimizing if possible. |
NP REX.W + 0F C7 /5 XSAVES64 mem | M | V/N.E. | XSS | Save state components specified by EDX:EAX to mem with compaction, optimizing if possible. |
Op/En | Operand 1 | Operand 2 | Operand 3 | Operand 4 |
M | ModRM:r/m (w) | NA | NA | NA |
Performs a full or partial save of processor state components to the XSAVE area located at the memory address specified by the destination operand. The implicit EDX:EAX register pair specifies a 64-bit instruction mask. The specific state components saved correspond to the bits set in the requested-feature bitmap (RFBM), the logicalAND of EDX:EAX and the logical-OR of XCR0 with the IA32_XSS MSR. XSAVES may be executed only if CPL = 0.
The format of the XSAVE area is detailed in Section 13.4, “XSAVE Area,” of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1.
Section 13.11, “Operation of XSAVES,” of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1 provides a detailed description of the operation of the XSAVES instruction. The following items provide a highlevel outline:
Use of a destination operand not aligned to 64-byte boundary (in either 64-bit or 32-bit modes) results in a general-protection (#GP) exception. In 64-bit mode, the upper 32 bits of RDX and RAX are ignored.
See Section 13.6, “Processor Tracking of XSAVE-Managed State,” of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1 for discussion of the bitmap XMODIFIED and of the quantity XRSTOR_INFO.
1. There is an exception for state component 1 (SSE). MXCSR is part of SSE state, but XINUSE[1] may be 0 even if MXCSR does not have its initial value of 1F80H. In this case, the init optimization does not apply and XSAVEC will save SSE state as long as RFBM[1] = 1 and the modified optimization is not being applied.
2. There is an exception for state component 1 (SSE). MXCSR is part of SSE state, but XINUSE[1] may be 0 even if MXCSR does not have its initial value of 1F80H. In this case, XSAVES sets XSTATE_BV[1] to 1 as long as RFBM[1] = 1.
RFBM ← (XCR0 OR IA32_XSS) AND EDX:EAX; /* bitwise logical OR and AND */ IF in VMX non-root operation THEN VMXNR ← 1; ELSE VMXNR ← 0; FI; LAXA ← linear address of XSAVE area; COMPMASK ← RFBM OR 80000000_00000000H; TO_BE_SAVED ← RFBM AND XINUSE; IF XRSTOR_INFO = CPL,VMXNR,LAXA,COMPMASK THEN TO_BE_SAVED ← TO_BE_SAVED AND XMODIFIED; FI; If MXCSR ≠ 1F80H AND RFBM[1] TO_BE_SAVED[1] = 1; FI; IF TO_BE_SAVED[0] = 1 THEN store x87 state into legacy region of XSAVE area; FI; IF TO_BE_SAVED[1] = 1 THEN store SSE state into legacy region of XSAVE area; // this step saves the XMM registers, MXCSR, and MXCSR_MASK FI; NEXT_FEATURE_OFFSET = 576; // Legacy area and XSAVE header consume 576 bytes FOR i ← 2 TO 62 IF RFBM[i] = 1 THEN IF TO_BE_SAVED[i] THEN save XSAVE state component i at offset NEXT_FEATURE_OFFSET from base of XSAVE area; IF i = 8 // state component 8 is for PT state THEN IA32_RTIT_CTL.TraceEn[bit 0] ← 0; FI; FI; NEXT_FEATURE_OFFSET = NEXT_FEATURE_OFFSET + n (n enumerated by CPUID(EAX=0DH,ECX=i):EAX); FI; ENDFOR; XSTATE_BV field in XSAVE header ← TO_BE_SAVED; XCOMP_BV field in XSAVE header ← COMPMASK;
None.
XSAVES: void _xsaves( void * , unsigned __int64);
XSAVES64: void _xsaves64( void * , unsigned __int64);
#GP(0) | If CPL > 0. |
If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. | |
If a memory operand is not aligned on a 64-byte boundary, regardless of segment. | |
#SS(0) | If a memory operand effective address is outside the SS segment limit. |
#PF(fault-code) | If a page fault occurs. |
#NM | If CR0.TS[bit 3] = 1. |
#UD | If CPUID.01H:ECX.XSAVE[bit 26] = 0 or CPUID.(EAX=0DH,ECX=1):EAX.XSS[bit 3] = 0. |
If CR4.OSXSAVE[bit 18] = 0. | |
If the LOCK prefix is used. | |
#AC | If this exception is disabled a general protection exception (#GP) is signaled if the memory operand is not aligned on a 64-byte boundary, as described above. If the alignment check exception (#AC) is enabled (and the CPL is 3), signaling of #AC is not guaranteed and may vary with implementation, as follows. In all implementations where #AC is not signaled, a general protection exception is signaled in its place. In addition, the width of the alignment check may also vary with implementation. For instance, for a given implementation, an alignment check exception might be signaled for a 2-byte misalignment, whereas a general protection exception might be signaled for all other misalignments (4-, 8-, or 16-byte misalignments). |
#GP | If a memory operand is not aligned on a 64-byte boundary, regardless of segment. |
If any part of the operand lies outside the effective address space from 0 to FFFFH. | |
#NM | If CR0.TS[bit 3] = 1. |
#UD | If CPUID.01H:ECX.XSAVE[bit 26] = 0 or CPUID.(EAX=0DH,ECX=1):EAX.XSS[bit 3] = 0. |
If CR4.OSXSAVE[bit 18] = 0. | |
If the LOCK prefix is used. |
Same exceptions as in protected mode.
Same exceptions as in protected mode.
#GP(0) | If CPL > 0. |
If the memory address is in a non-canonical form. | |
If a memory operand is not aligned on a 64-byte boundary, regardless of segment. | |
#SS(0) | If a memory address referencing the SS segment is in a non-canonical form. |
#PF(fault-code) | If a page fault occurs. |
#NM | If CR0.TS[bit 3] = 1. |
#UD | If CPUID.01H:ECX.XSAVE[bit 26] = 0 or CPUID.(EAX=0DH,ECX=1):EAX.XSS[bit 3] = 0. |
If CR4.OSXSAVE[bit 18] = 0. | |
If the LOCK prefix is used. | |
#AC | If this exception is disabled a general protection exception (#GP) is signaled if the memory operand is not aligned on a 64-byte boundary, as described above. If the alignment check exception (#AC) is enabled (and the CPL is 3), signaling of #AC is not guaranteed and may vary with implementation, as follows. In all implementations where #AC is not signaled, a general protection exception is signaled in its place. In addition, the width of the alignment check may also vary with implementation. For instance, for a given implementation, an alignment check exception might be signaled for a 2-byte misalignment, whereas a general protection exception might be signaled for all other misalignments (4-, 8-, or 16-byte misalignments). |