Pentium processor invalid instruction erratum
Software backgrounder workaround for "Invalid Operand with
Locked CMPXCHG8B Instruction" erratum.
The LOCK Prefix
Some types of programs perform computations that require data accesses
to have a specific ordering. These types of programs most commonly
include operating systems, database engines, and applications for
multiple processors. To ensure the ordering of data accesses, these
programs use synchronization. Synchronization may be done by either
software or hardware methods, but most programs use hardware
synchronization for efficiency. Hardware synchronization usually
involves reading and updating a memory location, with the hardware
ensuring that the sequence is done in one operation. Such a combined
operation is called a locked access. Intel processors support locked
accesses by an instruction feature called the lock prefix. This
feature tells the processor that an instruction that updates memory is
to be processed as a locked access to memory.
The CMPXCHG8B Instruction
Beginning with the Pentium® processor, Intel processors have provided
special hardware support for synchronization using the CMPXCHG8B
(compare and exchange 8 bytes) instruction. This instruction compares
a specified memory location with processor registers, and
conditionally updates the 8-byte memory location. When used with the
lock prefix, this instruction provides very flexible hardware support
for synchronization.
The Erratum
In Pentium processors, Pentium processors with MMX™ technology,
Pentium OverDrive® processors, and Pentium OverDrive processors with
MMX technology there is an erratum that affects the lock prefix on a
CMPXCHG8B instruction with a register destination. This erratum does
not affect the Pentium Pro processor, Pentium II processor, or the
i486™ and earlier processors. The documented use of the CMPXCHG8B
instruction requires an 8-byte memory destination; attempting to use a
CMPXCHG8B to update a 4-byte processor register is a program error. A
computer’s operating system typically processes program errors
through error handling routines. The erratum may cause an unexpected
system freeze, preventing the program error from being processed by
the error handling routine.
The affected form of the instruction is not contained in any operating
system or other application known to Intel, nor is there any
reasonable purpose for a software tool to generate it. Hence user
software should not be affected. However, it is possible for a
malicious program to use this instruction to cause a system freeze.
The system freeze will not affect data that a user has already saved
to disk. When the system is restarted all saved data will still be
available.
The Workaround
Intel has developed a workaround for this erratum that can be
incorporated by operating systems vendors. The workaround takes
advantage of the memory management support provided by Intel
processors. Specifically, it relies upon a page not present fault
being processed before the program error handling routine. The page
not present fault also prevents the memory bus lock caused by the lock
prefix. When an affected instruction is processed and the processor
attempts to invoke the error handling routine, it is made to encounter
a page not present fault. While processing the page not present fault
the program error is dispatched to the error handling routine as
expected. The operating system then continues normally.
If you are an operating system vendor and would like further
information about the erratum or the workaround, see [20]Contact Info.
Please identify yourself as an operating system vendor.