18
Specification Update
AAU3.
Code Segment Limit/Canonical Faults on RSM May Be Serviced before
Higher Priority Interrupts/Exceptions and May Push the Wrong
Address onto the Stack
Problem:
Normally, when the processor encounters a Segment Limit or Canonical Fault due to
code execution, a #GP (General Protection Exception) fault is generated after all higher
priority Interrupts and exceptions are serviced. Due to this erratum, if RSM (Resume
from System Management Mode) returns to execution flow that results in a Code
Segment Limit or Canonical Fault, the #GP fault may be serviced before a higher
priority Interrupt or Exception (e.g., NMI (Non-Maskable Interrupt), Debug
break(#DB), Machine Check (#MC), etc.). If the RSM attempts to return to a non-
canonical address, the address pushed onto the stack for this #GP fault may not match
the non-canonical address that caused the fault.
Implication:
Operating systems may observe a #GP fault being serviced before higher priority
Interrupts and Exceptions. Intel has not observed this erratum on any commercially-
available software.
Workaround:
None identified.
Status:
For the steppings affected, see the Summary Tables of Changes.
AAU4.
Performance Monitor SSE Retired Instructions May Return Incorrect
Values
Problem:
Performance Monitoring counter SIMD_INST_RETIRED (Event: C7H) is used to track
retired SSE instructions. Due to this erratum, the processor may also count other types
of instructions resulting in higher than expected values.
Implication:
Performance Monitoring counter SIMD_INST_RETIRED may report count higher than
expected.
Workaround:
None identified.
Status:
For the steppings affected, see the Summary Tables of Changes.
AAU5.
Premature Execution of a Load Operation Prior to Exception Handler
Invocation
Problem:
If any of the below circumstances occur, it is possible that the load portion of the
instruction will have executed before the exception handler is entered.
• If an instruction that performs a memory load causes a code segment limit
violation.
• If a waiting X87 floating-point (FP) instruction or MMX™ technology (MMX)
instruction that performs a memory load has a floating-point exception pending.
• If an MMX or SSE/SSE2/SSE3/SSSE3 extensions (SSE) instruction that performs a
memory load and has either CR0.EM=1 (Emulation bit set), or a floating-point Top-
of-Stack (FP TOS) not equal to 0, or a DNA exception pending.
Implication:
In normal code execution where the target of the load operation is to write back
memory there is no impact from the load being prematurely executed, or from the
restart and subsequent re-execution of that instruction by the exception handler. If the
target of the load is to uncached memory that has a system side-effect, restarting the
instruction may cause unexpected system behavior due to the repetition of the side-
effect. Particularly, while CR0.TS [bit 3] is set, a MOVD/MOVQ with MMX/XMM register
operands may issue a memory load before getting the DNA exception.
Workaround:
Code which performs loads from memory that has side-effects can effectively
workaround this behavior by using simple integer-based load instructions when