Specification Update
23
BV11.
EFLAGS Discrepancy on Page Faults and on EPT-Induced VM Exits
after a Translation Change
Problem:
This erratum is regarding the case where paging structures are modified to change a
linear address from writable to non-writable without software performing an
appropriate TLB invalidation. When a subsequent access to that address by a specific
instruction (ADD, AND, BTC, BTR, BTS, CMPXCHG, DEC, INC, NEG, NOT, OR, ROL/ROR,
SAL/SAR/SHL/SHR, SHLD, SHRD, SUB, XOR, and XADD) causes a page fault or an EPT-
induced VM exit, the value saved for EFLAGS may incorrectly contain the arithmetic flag
values that the EFLAGS register would have held had the instruction completed without
fault or VM exit. For page faults, this can occur even if the fault causes a VM exit or if
its delivery causes a nested fault.
Implication:
None identified. Although the EFLAGS value saved by an affected event (a page fault or
an EPT-induced VM exit) may contain incorrect arithmetic flag values, Intel has not
identified software that is affected by this erratum. This erratum will have no further
effects once the original instruction is restarted because the instruction will produce the
same results as if it had initially completed without fault or VM exit.
Workaround:
If the handler of the affected events inspects the arithmetic portion of the saved
EFLAGS value, then system software should perform a synchronized paging structure
modification and TLB invalidation.
Status:
For the steppings affected, see the Summary Tables of Changes.
BV12.
B0-B3 Bits in DR6 For Non-Enabled Breakpoints May be Incorrectly Set
Problem:
Some of the B0-B3 bits (breakpoint conditions detect flags, bits [3:0]) in DR6 may be
incorrectly set for non-enabled breakpoints when the following sequence happens:
1. MOV or POP instruction to SS (Stack Segment) selector;
2. Next instruction is FP (Floating Point) that gets FP assist
3. Another instruction after the FP instruction completes successfully
4. A breakpoint occurs due to either a data breakpoint on the preceding instruction or
a code breakpoint on the next instruction.
Due to this erratum a non-enabled breakpoint triggered on step 1 or step 2 may be
reported in B0-B3 after the breakpoint occurs in step 4.
Implication:
Due to this erratum, B0-B3 bits in DR6 may be incorrectly set for non-enabled
breakpoints.
Workaround:
Software should not execute a floating point instruction directly after a MOV SS or POP
SS instruction.
Status:
For the steppings affected, see the Summary Tables of Changes.