Data Operand Independent Timing Instructions with MXCSR Dependent Timing
On processors listed in MXCSR Configuration Dependent Timing (MCDT), some data-independent timing vector instructions may have subtle data-dependent timing due to MXCSR configuration. Specifically, specific data values may delay instruction retirement by, at most, one cycle. This is a small enough delay that it may not be observable in common practice, but this small delay is still data-dependent timing. This data operand-dependent timing may impact software following Intel’s Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations.
On certain processors, MXCSR may also need to be configured to avoid data-dependent behavior for the instructions listed in the table below. This list is based on Intel's investigation and is current as of the date of publication. Intel will update this list if additional instructions with these characteristics are discovered.
| Table 1: Data Operand Independent Timing Instructions with MXCSR Dependent Timing | |
| Mnemonic | Opcode |
| PMADDUBSW | 0x4 |
| PMADDWD | 0xf5 |
| PMULDQ | 0x28 |
| PMULHRSW | 0xb |
| PMULHUW | 0xe4 |
| PMULHW | 0xe5 |
| PMULLD | 0x40 |
| PMULLW | 0xd5 |
| PMULUDQ | 0xf4 |
| VPLZCNTD | 0x44 |
| VPLZCNTQ | 0x44 |
| VPMADD52HUQ | 0xb5 |
| VPMADD52LUQ | 0xb4 |
| VPMADDUBSW | 0x4 |
| VPMADDWD | 0xf5 |
| VPMULDQ | 0x28 |
| VPMULHRSW | 0xb |
| VPMULHUW | 0xe4 |
| VPMULHW | 0xe5 |
| VPMULLD | 0x40 |
| VPMULLQ | 0x40 |
| VPMULLW | 0xd5 |
| VPMULUDQ | 0xf4 |