Errata
32
Specification Update
AN46.
SYSENTER/SYSEXIT Instructions Can Implicitly Load “Null Segment
Selector” to SS and CS Registers
Problem:
According to the processor specification, attempting to load a Null segment selector
into the CS and SS segment registers should generate a General Protection Fault
(#GP). Although loading a Null segment selector to the other segment registers is
allowed, the processor will generate an exception when the segment register holding a
Null selector is used to access memory. However, the SYSENTER instruction can
implicitly load a Null value to the SS segment selector. This can occur if the value in
SYSENTER_CS_MSR is between FFF8h and FFFBh when the SYSENTER instruction is
executed. This behavior is part of the SYSENTER/SYSEXIT instruction definition; the
content of the SYSTEM_CS_MSR is always incremented by 8 before it is loaded into
the SS. This operation will set the Null bit in the segment selector if a Null result is
generated, but it does not generate a #GP on the SYSENTER instruction itself. An
exception will be generated as expected when the SS register is used to access
memory, however. The SYSEXIT instruction will also exhibit this behavior for both CS
and SS when executed with the value in SYSENTER_CS_MSR between FFF0h and
FFF3h, or between FFE8h and FFEBh, inclusive.
Implication:
These instructions are intended for operating system use. If this erratum occurs (and
the OS does not ensure that the processor never has a Null segment selector in the
SS or CS segment registers), the processor’s behavior may become unpredictable,
possibly resulting in system failure.
Workaround:
Do not initialize the SYSTEM_CS_MSR with the values between FFF8h and FFFBh,
FFF0h and FFF3h, or FFE8h and FFEBh before executing SYSENTER or SYSEXIT.
Status:
For the steppings affected, see the
AN47.
Writing the Local Vector Table (LVT) When an Interrupt Is Pending
May Cause an Unexpected Interrupt
Problem:
If a local interrupt is pending when the LVT entry is written, an interrupt may be taken
on the new interrupt vector even if the mask bit is set.
Implication:
An interrupt may immediately be generated with the new vector when a LVT entry is
written, even if the new LVT entry has the mask bit set. If there is no Interrupt
Service Routine (ISR) set up for that vector the system will GP fault. If the ISR does
not do an End of Interrupt (EOI) the bit for the vector will be left set in the in-service
register and mask all interrupts at the same or lower priority.
Workaround:
Any vector programmed into an LVT entry must have an ISR associated with it, even if
that vector was programmed as masked. This ISR routine must do an EOI to clear
any unexpected interrupts that may occur. The ISR associated with the spurious
vector does not generate an EOI, therefore the spurious vector should not be used
when writing the LVT.
Status:
