Intel ITANIUM ARCHITECTURE - SOFTWARE DEVELOPERS MANUAL VOLUME 1 REV 2.3 Manual page 1546

JMP—Jump (Continued)
When executing a far jump, the processor jumps to the code segment and address
specified with the target operand. Here the target operand specifies an absolute far
address either directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a
memory location (m16:16 or m16:32). With the pointer method, the segment and
address of the called procedure is encoded in the instruction using a 4-byte (16-bit
operand size) or 6-byte (32-bit operand size) far address immediate. With the indirect
method, the target operand specifies a memory location that contains a 4-byte (16-bit
operand size) or 6-byte (32-bit operand size) far address. The operand-size attribute
determines the size of the offset (16 or 32 bits) in the far address. The far address is
loaded directly into the CS and EIP registers. If the operand-size attribute is 16, the
upper two bytes of the EIP register are cleared to 0s.
When the processor is operating in protected mode, a far jump can also be used to
access a code segment through a call gate or to switch tasks. Here, the processor uses
the segment selector part of the far address to access the segment descriptor for the
segment being jumped to. Depending on the value of the type and access rights
information in the segment selector, the JMP instruction can perform:
• A far jump to a conforming or non-conforming code segment (same mechanism as
the far jump described in the previous paragraph, except that the processor checks
the access rights of the code segment being jumped to).
• An far jump through a call gate.
• A task switch. Results in an IA-32_Intercept(Gate) in Itanium System
Environment.
The JMP instruction cannot be used to perform inter-privilege level jumps.
When executing an far jump through a call gate, the segment selector specified by the
target operand identifies the call gate. (The offset part of the target operand is
ignored.) The processor then jumps to the code segment specified in the call gate
descriptor and begins executing the instruction at the offset specified in the gate. No
stack switch occurs. Here again, the target operand can specify the far address of the
call gate and instruction either directly with a pointer (ptr16:16 or ptr16:32) or
indirectly with a memory location (m16:16 or m16:32).
Executing a task switch with the JMP instruction, is similar to executing a jump through
a call gate. Here the target operand specifies the segment selector of the task gate for
the task being switched to. (The offset part of the target operand is ignored). The task
gate in turn points to the TSS for the task, which contains the segment selectors for the
task's code, data, and stack segments and the instruction pointer to the target
instruction. One form of the JMP instruction allows the jump to be made directly to a
TSS, without going through a task gate. See Chapter 13 in Intel Architecture Software
Developer's Manual, Volume 3 the for detailed information on the mechanics of a task
switch.
All branches are converted to code fetches of one or two cache lines, regardless of jump
address or cacheability.
4:244 Volume 4: Base IA-32 Instruction Reference