exceptions |
# |
ID |
description |
type #1 |
error code |
source(s) |
rIP |
B/C |
|
00h |
#DE |
divide error |
fault |
C #2 |
no |
AAM/DIV/IDIV divide by zero, DIV/IDIV result too large |
01h |
#DB |
debug |
fault |
B |
DR6 |
DR0...3 code BP, DR7.GD=1 |
trap |
TSS.T=1, FLAGS.TF=1, INT1, DR0...3 data BP, DR0...3 I/O BP |
02h |
NMI |
non-maskable interrupt |
n/a |
(B) |
no |
non-maskable interrupt |
03h |
#BP |
breakpoint |
trap |
B |
no |
INT3 |
04h |
#OF |
overflow |
trap |
B |
no |
INTO if FLAGS.OF=1 |
05h |
#BR |
boundary range exceeded |
fault |
B |
no |
BOUND if range exceeded (BNDSTATUS=0 if MPX enabled)
BNDCL/BNDCU/BNDCN (BNDSTATUS.EC=01b)
BNDLDX/BNDSTX (BNDSTATUS.EC=10b)
|
06h |
#UD |
undefined opcode |
fault |
B |
no |
undefined opcode #6, illegal LOCK, RSM outside SMM,
MOV from/to DR4...5 if CR4.DE=1,
LLDT/SLDT/LTR/STR/LSL/LAR/VERR/VERW/ARPL outside PM
MMX/SSE(x) if CR0.EM=1 (excludes SSE(x)-MEM)
SSE(x) if CR4.OSFXSR=0 (excludes SSE(x)-MEM/MMX-SSE(x))
#XF if CR4.OSXMEX=0
CR4.OSXSAVE=0 and XSAVE/XSAVEOPT/XRSTOR
CR4.OSXSAVE=0 and XGETBV/XSETBV
VEX-encoded instructions in RM or VM
VEX-encoded instructions with REPE, REPNE, 66h, or REX
VEX-encoded instructions with unused vvvv not set to 1111b
AVX(x)/F16C if CR4.OSXSAVE=0 or XCR0.YMM/XMM!=11b
VSIB without SIB: A16, mod=11b, or r/m!=100b
VSIB with dst=mask, dst=index, or index=mask
REX with SSE5A instructions in the 0Fh,24h or 0Fh,25h range
|
07h |
#NM |
device not available |
fault |
B |
no |
WAIT if CR0.TS=1 and CR0.MP=1
FPU/FXSR if CR0.TS=1 or CR0.EM=1 #6
MMX/SSE(x)/AVX(n)/F16C if CR0.TS=1 (excludes SSE(x)-MEM)
|
08h |
#DF |
double fault |
abort |
#3 |
0h |
exceptions during exception handler invocation |
09h |
n/a |
reserved |
abort |
n/a |
no |
was 80387 coprocessor segment overrun |
0Ah |
#TS |
invalid TSS |
fault |
C |
yes |
implicit TSS accesses |
0Bh |
#NP |
not present |
fault |
C |
yes |
segment register loads, explicit/implicit segment register accesses |
0Ch |
#SS |
stack segment |
fault |
C |
yes |
SS loads, explicit/implicit SS accesses |
explicit/implicit non-canonical address SS accesses |
0Dh |
#GP |
general protection |
fault |
C |
yes |
various
MEMORY_CTRL.UC_LK_DIS_GP_EN=1, UC lock (aka old-style)
|
explicit/implicit non-canonical address accesses |
0Eh |
#PF |
page fault |
fault |
#4 |
CR2 |
not present page (PDPTE/PDE/PTE.P=0)
supervisor page (CPL=3 read/write, PDE/PTE.US=0)
read-only page (CPL=3 write, PDE/PTE.RW=0)
write-protected page (CPL<3 write, CR0.WP=1, PDE/PTE.RW=0)
reserved bit (CR4.PSE=1 or CR4.PAE=1, PDE/PTE.RSVD=1)
NX page (CPL=0...3 fetch, EFER.NXE=1, PDE/PTE.NX=1)
SMEP page (CPL<3 fetch, CR4.SMEP=1, PDE/PTE.US=1)
SMAP page (CPL<3 r/w, CR4.SMAP=1, PDE/PTE.US=1, EFLAGS.AC=0)
PKU page (CR4.PKE=1, CPL=3 read/write, PKRU.AD[PxE.PK]=1)
PKU page (CR4.PKE=1, CPL=3 write, PKRU.WD[PxE.PK]=1)
PKU page (CR4.PKE=1, CPL<3 write, CR0.WP=1, PKRU.WD[PxE.PK]=1)
|
0Fh |
n/a |
reserved |
n/a |
n/a |
n/a |
All spurious IRQs generate IRQ7, and can not be blocked by the PIC1's mask.
The default base vector for PIC1 is set to 08h by the BIOS, so that spurious
IRQs will invoke vector 0Fh. Hence it is not used for processor exceptions.
|
10h |
#MF |
math fault |
fault |
B |
no |
#IS for invalid stack or #IA for invalid arithmetic operation
#D for denormalized operand
#Z for divide by zero
#O for numeric overflow
#U for numeric underflow
#P for inexact result (precision)
|
11h |
#AC |
alignment checking |
fault |
B #5 |
0h |
CR0.AM=1, EFLAGS.AC=1, CPL=3, misaligned accesses
P4: MISC_EN.SLD=1, lock accross cache line or page boundary
MEMORY_CTRL.SPL_LK_DIS_AC_EN=1, split cache line lock
MEMORY_CTRL.UC_LK_DIS_AC_EN=1, UC lock (err code 4)
|
12h |
#MC |
machine check |
abort |
B |
MSRs |
internal error, bus error, or bus error detected by external agent |
13h |
#XF |
extended math fault |
fault |
B |
no |
#I for invalid arithmetic operation
#D for denormalized operand
#Z for divide by zero
#O for numeric overflow
#U for numeric underflow
#P for inexact result (precision)
SIMD preference:
1) #I due to SNaN or NaN(min,max,cmp,cvt), 2) QNaN, 3) #I/#Z, 4) #D, 5) #O/#U possibly with #P, 6) #P
|
14h |
#VE |
virtualization exception |
fault |
#4 |
no |
EPT violations |
15h |
#CP |
control protection exception |
fault |
B |
yes |
1 = near RET
2 = far RET or IRET
3 = missing ENDBRANCH at target of indirect CALL/JMP
4 = RSTORSSP token check failure
5 = SETSSBSY token check failure
bit 15 = enclave execution (similar to #PF error code)
|
16h |
n/a |
reserved |
n/a |
n/a |
n/a |
reserved |
17h |
n/a |
reserved |
n/a |
n/a |
n/a |
reserved |
18h |
n/a |
reserved |
n/a |
n/a |
n/a |
reserved |
19h |
n/a |
reserved |
n/a |
n/a |
n/a |
reserved |
1Ah |
n/a |
reserved |
n/a |
n/a |
n/a |
reserved |
1Bh |
n/a |
reserved |
n/a |
n/a |
n/a |
reserved |
1Ch |
#HV |
HV injection exception |
n/a |
B |
no |
AMD SVM: restricted injection or alternate injection |
1Dh |
#VC |
VMM comm. exception |
fault |
C |
yes |
n = AMD SVM NAE event (due to SEV-ES) |
1Eh |
#SX |
security exception |
fault |
C |
yes |
1 = AMD SVM INIT redirection (due to VM_CR.R_INIT=1) |
1Fh |
n/a |
reserved |
n/a |
n/a |
n/a |
reserved |
|
notes |
descriptions |
|
#1 |
fault: before instruction, trap: after instruction, abort: imprecise, B=benign: can't cause #DF, C=contributory: can cause #DF |
#2 |
The correct behavior for #DE is to be a benign exception, because #DE can not be caused by any handler invocation. |
#3 |
Any further contributory exceptions during the #DF handler invocation cause the processor to enter the shutdown state. |
#4 |
Any #PF/#VE during the invocation of the #PF/#VE handler causes the processor to generate a #DF. |
#5 |
The correct behavior for #AC is to be a contributory exception, to avoid the possibility of endless #AC loops in CPL=3. |
#6 |
The correct behavior for undefined opcodes in the FPU range (D8h,00h...DFh,FFh) while CR0.EM=1 or CR0.TS=1 is to
cause #UD (like the Intel P4-core does) instead of causing #NM (like older processors do).
|