Invalid Instruction Erratum
Intel Identifies Workaround for the "Invalid Operand with Locked Compare Exchange 8Byte (CMPXCHG8B) Instruction" Erratum
On Friday, November 7th, a number of reports were posted to the Internet implying the possibility of a new erratum on the Pentium® processors and Pentium® processors with MMX™ technology. An erratum is a design defect or error which may cause a product to deviate from published specifications. Based on the Internet reports our engineering team quickly jumped on this issue. Once we were able to reproduce the behavior we confirmed that an erratum does exist which is now named the "Invalid Operand with Locked CMPXCHG8B instruction" erratum. We were also able to identify the following:
- The "Invalid Operand with Locked CMPXCHG8B Instruction" erratum affects the Pentium® processor, Pentium® processor with MMX™ technology, Pentium OverDrive® Processor and Pentium OverDrive processors with MMX technology.
- It does not affect the Pentium® Pro processor, Pentium® II processor and Intel486™ and earlier processors.
- This invalid instruction is not in commercial software.
- The erratum only occurs when the processor receives a specific invalid instruction. The result of this erratum is the system may "freeze" and would have to be turned off and rebooted to return to normal operation.
- It is important to note that this erratum will only occur when someone has intentionally created this invalid instruction because they want to freeze the system.
- We have identified a workaround that prevents the system from being "frozen" by this invalid instruction and allows it to continue normal operation. The workaround modifies the execution flow to avoid the system hang after the invalid instruction is received. The workaround can be implemented through the operating system software.
The CMPXCHG8B instruction compares a 64-bit value from internal registers of the processor with a 64-bit value from memory (the destination). It is illegal to use a register as the destination. The result of the CMPXCHG8B instruction is a 64-bit value that will not fit into a 32-bit register. If a register is used as the destination, the processor normally stops execution of the CMPXCH8B instruction, signals this error condition and executes an error handler in software.
This erratum occurs if the CMPXCHG8B instruction is also locked (a special instruction to the processor to allow the completion of the CMPXCHG8B instruction without being interrupted), and an invalid register destination is used. In this case the processor signals the error condition but may not allow the error handler to begin due to the lock on the CMPXCH8B instruction. As a result, the system hangs and the system must be re-booted to return to normal operation.
This issue does not cause data corruption or physical damage to a user's system. Any data saved to disk in the course of work remains on the disk and will be available for use when the system is re-booted.
The "Invalid Operand with Locked CMPXCHG8B Instruction" is erratum #81 on the Pentium processor errata list.
We have identified a workaround that can be implemented through the operating system. Basically, the workaround avoids the bus lock condition and allows the processor to execute the error handler. For the full technical description see: Workaround, in the Erratum Technical Description. Software vendors may also want to see the Software Backgrounder for more specific detail.
Intel has been working with industry operating system vendors to assist them in implementing this workaround for their operating systems. We will continue to work with them to implement the workaround in their operating systems. Users should contact their operating system vendor for specific availability of the workaround for that OS. A number of software vendors have already contributed statements with regard to this erratum.
This applies to: