Intel Errata Series

BY ROBERT R. COLLINS

Pentium Pro Errata #156324

Pentium Pro Family Developer's Manual --Volume 3: Operating System Writer's Manual

Problem: Table 9-1 SMRAM State Save Map incorrectly ascribes the GDT Base and IDT Base fields to SMRAM offset fields..

Implication: Low-level system management mode handlers written to this specification may fail, possibly leading to catastrophic results. The GDT Base field is ascribed to SMRAM offset 7F88; the IDT Base field is ascribed to SMRAM offset 7F94. These SMRAM offsets are incorrect.

In some cases, if the GDT Base field is a necessary component used to determine the cause of the SMI# interrupt. When an SMI# interrupt occurs from a program running in protected mode, the CS selector must be used as a lookup index into the Global Descriptor Table (GDT). The GDT Base field is necessary to perform this lookup. From the GDT the programmer can obtain the linear address of the base code segment. Adding the EIP offset to the base code segment gives the linear address of the next instruction to execute. If paging is enabled (as indicated in the CR0 contents of the SMRAM offset 7FFC), this linear address must be translated into a physical address before looking up the most recently executed instruction. Translating the linear address to a physical address is performed by using the page directory base register (CR3), located at SMRAM offset 7FF8 as a pointer to the various page directory structures. Once the linear address is translated to a physical address, the SMM handler can copy a small block of data just prior to its current execution address in order to determine what (if anything) caused the SMI# interrupt. In the Pentium Pro family of processors, relying on location of the GDT Base address will cause this procedure to fail, and render this entire process ineffective, possibly resulting in catastrophic results.

The SMM handler might also desire to enable and service its own interrupts. Upon entrance to SMM, the IDT base field does not change. The SMM handler might want to enable a specific interrupt by temporarily modifying the existing interrupt descriptor table during the needed period of time. Before returning to the user program, the SMM handler must restore any modified interrupt table entries. In the Pentium Pro family of processors, relying on the location of the IDT Base address will cause this procedure to fail and render this entire process ineffective, possibly resulting in catastrophic results.

The correct GDT Base SMRAM offset is 7F74. The correct IDT Base SMRAM offset is 7F58.

Workaround: When programming in system management mode on any Pentium Pro family processors, do not rely on printed Intel documentation. Use SMRAM offset 7F74 for GDT Base, and SMRAM offset 7F58 for IDT Base.

Editorial Comment

This documentation erratum is another one of those great examples where the poor quality of Intel's manuals could cost thousands of engineers, many tens of thousands of man-hours of time. Intel takes great pride in making excuses for themselves. They claim that college interns write their manuals, and obviously nobody of technical significance bothers to proofread the final result.

This erratum should have never occurred. Had anybody on the Pentium Pro SMM microcode development team proofread this section of the manual, this error would have never occurred. It's impossible to say how many SMM handlers exist in the real world which are broken as a result of trusting Intel's Pentium Pro documentation. Even if the number is small, numbering one or zero, there is no excuse for this lack of attention to detail.