Pentium? Processor Invalid Instruction Erratum Q&A

11/10/97
This document describes a new Pentium? and Pentium? processor with MMX technology.
Please contact your Intel representative if you have any concerns, questions or suggestions on more effectively dealing with this issue. See the attachment list for contact phone numbers you can give to consumers who have further questions about this erratum. Also, please visit Intel's web site if you need further clarification on any issues surrounding this erratum.
Background
On Friday afternoon (11/7/97) we discovered a number of postings in newsgroups talking about a potential processor "bug." The issue -- which we are describing as the "Pentium? Processor Invalid Instruction Erratum", and some newsgroup postings refer to as "FO" or "FOOF" -- occurs only when an illegal instruction sequence is issued. Such a sequence is not purposefully generated in the normal course of programming nor is such a sequence generated by commercial software.
The execution of that reported instruction sequence causes systems with Pentium? processors and Pentium? processor with MMX technology to hang instead of terminating the application. This hang condition is observed on multiple operating systems-DOS, Win9x, WinNT, and Linux-when used with this instruction sequence. Intel has reproduced this behavior.
It is important to note that this erratum will only occur when someone has intentionally created this invalid instruction because they want to lock-up the system.
We have confirmed the existence of an erratum and are in the process of evaluating workarounds.
Key Messages from Intel
  • An anonymous internet posting Friday made us aware of a potential erratum.
  • Working all weekend Intel has confirmed a new erratum on Pentium? and Pentium? with MMX technology processors and has been aggressively pursing this issue in a very accelerated manner.
  • This erratum does not affect the Pentium? Pro or the Pentium? II processors.
  • The erratum only occurs when the processor receives a specific invalid instruction. This invalid instruction is not in commercial software and would have to be intentionally created.
  • The result of executing the invalid instruction is that the system could freeze. If this occurs, the user can reboot the system and get back in normal operation.
  • All processors have errata. Consistent with our errata process, we have begun to work closely with hardware and software companies to define and deliver the best workaround for this issue on an accelerated timeline. We expect to have an update on the status of the workarounds within the next week.
Questions and Answers: General
Q: What is the issue/erratum?
A: If a user with access rights to the operating environment and execution rights on the processor itself intentionally issues a specific illegal instruction in native machine language to the processor, the invalid instruction is not flagged and the system stops immediately. It is important to note that this erratum will only occur when someone has intentionally created this invalid instruction because they want to lock up the system.
The expected behavior is that the processor should return an "exception flag" to the operating system telling it that an illegal instruction was issued. This does not occur and the user system hangs; all the user needs to do is reboot to return to normal operation.
Q: Can any end user re-create this at home using standard Windows software?
A: Not in the normal course of operation of his/her machine. Commercial software does not contain invalid instructions to be passed to the processor.
Q: Will this damage a user's system, will this corrupt data? Could a user lose data because of this?
A: No. This issue does not cause incorrect answers or physically damage a user's system. As with any system freeze a user may lose any unsaved data currently being working on.
Q: How can a user invoke this problem?
A: In order to cause this errata, the user would need to knowingly submit this specific sequence of illegal instructions directly to the processor in its own machine language. This would cause the system to hang. The user would need to reboot to return to normal operation.
Q: Does this affect all Pentium? processors?
A: Our investigation to date indicates that this errata is limited to the Pentium? processor and the Pentium Processor with MMX technology. We have confirmed that the Intel486, Pentium? Pro & Pentium? II processors do not contain this erratum.
Q: How would this invalid instruction get into a system?
A: In order for this errata to appear,
  1. a user must have intent to crash a system AND
  2. have access rights to the system's operating system AND
  3. have execute privilege (the privilege to send instructions in machine code directly to the processor)
Q: Can this bring down the Internet?
A: No. If a user intended to crash a specific server, they would need to have access rights to the server/system's operating system and the rights to directly execute machine code to the server's processor. In that case, the impact would be that the server would shut down, denying service to the invoking user and others on that server and the server would have to be rebooted to return to normal operation. Exposure to this issue would be determined by the exact hardware, software and security being used in that specific internet server.
Q: Could a hacker code this invalid sequence into a program and spread it over the Internet?
A: This invalid instruction sequence could be propagated like any set of instructions.
Q: How would a user know that they had a program or downloaded a file with this invalid instruction?
A: This invalid instruction is not contained in commercial software. If a user downloaded a file that intentionally includes this invalid operation sequence then the user's system will hang when that software is executed. To resume operation he/she would need to reboot. We are working with the industry to define viable workarounds and will communicate them when they are available.
Q: What is Intel doing to fix this?
A: We have been aggressive in investigating and characterizing this issue since Friday 11/7. We are following our normal (albeit accelerated) process and have begun the process of working with key industry software and hardware providers to determine the best workaround for this issue. We expect to have an update on the status of the workarounds within the next week.
Q: Does this mean that Intel is going to have to replace all Pentium? processors?
A: There are a number of ways of dealing with errata. These include advising software authors of applicable programming techniques, implementing operating systems patches, and hardware modifications. We have begun to work with software and hardware companies to identify and prescribe the appropriate workarounds.
Q: Can this be fixed via a microcode update?
A: There are a number of ways of dealing with errata. These include advising software authors of applicable programming techniques, implementing operating systems patches, and hardware modifications. There is no microcode update facility on the Pentium Processor and Pentium Processor with MMX technology.
Q: Is this a security issue?
A: No, this is a microprocessor erratum. The impact of the erratum could be a system hang for the user initiating the code sequence as well as others on the system (in multi-user mode).
Q: Is this worse than FDIV?
A: We do not pass judgment on the severity of the errata. Factually, this erratum does not cause incorrect answers or physically damage a users system.
Q: Can this erratum damage the CPU or a user's system?
A: This errata results in the system freezing and our investigation to date has shown no physical damage to the system. It freezes and a user needs to reboot to return to normal operation.
Q: Was Intel already aware of this issue or erratum?
A: On Friday 11/7/97 via Internet newsgroups we were notified of this issue.
Q: Is there a fix or workaround?
A: We have begun the process of working with hardware and software companies to determine appropriate workarounds. Until we have a more specific direction, it would be premature to speculate.
We expect to have an update on the status of the workarounds within the next week.
Q: What is the exact invalid sequence?
A: The sequence consists of the CMPXCHG8B instruction when used with a lock prefix and an invalid operand.
Q: What does "commercial software" mean?
A: A typical example of "commercial SW" is software that is available off the shelf.
Q: Is there anything different about this erratum?
A: Errata are very common in the industry and each one is unique. We take each individually and work with the industry to investigate appropriate resolutions.
Q: What number can people call for information?
A: See the attached list for contact numbers for consumers.
Q: Why isn't this erratum in the P6 generation processors?
A: The Pentium? II and Pentium? Pro processors have a different architecture and design.
Q: Was this erratum found by an end user?
A: An anonymous Internet posting Friday made us aware of a potential erratum.
Q: Could somebody write a program that keeps sending this string of code to a server, effectively keeping it down?
A: In theory yes. However, one would expect a system administrator to be able to detect the identity and source of the invalid code and make the necessary changes to logon privileges or security with the first occurrence.
Q: Do AMD/Cyrix/other competitor's products have this erratum?
A: Our evaluation is focusing on Intel products and solutions for Intel customers. All processors have errata-ask other suppliers about their own.
Worldwide Intel Contact Numbers for End Users
Asia/Pacific Region:
Hong Kong 852-2-844-4456
PRC 852-2-844-4456
Korea 822-7672-595
Singapore 65-831-1311
Australia 1-800-649-931
New Zealand 0-800-44-4365
Philippines 1-800-651-0117
Taiwan 2-718-9915
Indonesia 800-65-7249
Malaysia 800-1390
Thailand 1-800-631-0003
India 63-2-638-0860
Pakistan 63-2-638-0860
Vietnam 63-2-638-0860
Japan 0120-298-171
U.S./North America 1-800-628-8686; prompt 3, prompt 3
Europe
UK 0800 163405
France 0800 508604
Germany 0130 7145
Spain 900 122 701
Italy 02 696 33273
Netherlands 020 487 4542
Switzerland 0800 820 410
Belgium 0800 97231
Sweden 08 587 71108
For more information, please visit Intel's web site at: http://support.intel.com/support/processors/pentium/ppiie/index.htm.
Go to Top of Page| Back to TMC Home Page
Copyright 1996 Taiwan Mycomp Co, Ltd. All Rights Reserved. Pentium and Pentium Pro are registered trademarks of Intel Corp. All other product and brand names are trademarks and/or registered trademarks of their respective companies.