Problem: The cmmpxchg8b instruction compares an 8-byte value edx and EAX with an 8-byte value memory (destination operand). Only valid target operands are used for this instruction to be memory operands. If the target operand is a register processor should generate an invalid OpCode exception, the execution instruction cmmpxchg8b should stop and the processor should execute the invalid OpCode exception handler. This error occurs when the lock prefix is used to use the cmmpxchg8b instruction with a (invalid) register destination operand. In this case, the processor may not be able to start executing an invalid OpCode exception handler because the bus is locked. This will cause the system to hang.
Tip: If (invalid) register destination operation uses the cmmpxchg8b instruction and lock prefix, the system may hang. No memory data is corrupted, and the user can perform a system reset to return to normal operation. Please note that a specific invalid code sequence is necessary for this error. This error usually cannot be generated and the course is also not programmed by such a sequence.
This error applies only to Pentium processors, Pentium processors and MMX technology, Pentium OverDrive processors and Pentium OverDrive processors with MMX technology. Pentium Pro processor, Pentium II processor and i486 and earlier processors are not affected.
Workaround: There are two workarounds for this error in protected mode operating system. Workarounds Both generate a page error when invalid OpCode exception. In the above two examples, the page error will be invalid before repair OpCode exceptions, thereby preventing the occurrence of locked state. Implementation details will vary depending on the operating system. Use one of the following methods:
The first 7 entry (0-6) of this solution set in the first part interrupts the description information table (IDT) in the non-write page. When an invalid OpCode exception (Exception 6) occurs because of locking the cmmpxchg8b instruction with invalid registration destination, then), the processor will generate a page error if there is no write access to the page containing the IDT of entry 6. The second part of the solution Modify the page error handler to recognize and correctly schedule "invalid OpCode exceptions, now cabling through the page error handler.
Part I, IDT page access
The IDT of the first seven entries (0-6) marked in the page contains read-only by setting bit 1 to zero. It can also be set to 1 (16 bits). Now, when the "Invalid OpCode exception locks cmmpxchg8b instruction occurs, the processor will trigger a page error because it does not write to access the page containing entry 6 IDT. This page error prevents the bus locked state and gives the operating system full control process "Invalid operation exception. Note that Exception 6 is invalid OpCode exception, so any program with this schema has full control over the execution of an invalid cmmpxchg8b instruction.
Optional: If the update entry 7-255 IDT occurs during normal course operation, page errors should be avoided when writing these IDT entries. These page faults can avoid aligning IDTs across a 4KB page boundary (for example, the IDTs can be on the first seven entries (0-6) on the first read-only "page and" the remaining entries on the read/write page.
Page error handler modification
Modify the pager handler to calculate which exception causes the page to be incorrectly used by the content address to cr2. If the error code indicates an exception generated on the stack from ring 0 and if the address corresponds to an invalid OpCode exception exception, then the error code pops up closes the stack and jumps to "Invalid OpCode exception handler. Otherwise, continue with the normal page error handler.
or
There are two parts to this solution. First, interrupt the description information table (IDT) alignment (for example, any invalid OpCode exception will cause a page error (because the page does not exist). Second, the page error handler date recognizes and correctly schedules "invalid OpCode exceptions and some other exceptions, and now cabling is through the page error handler.
Component I, IDT calibration:
Align the interrupt description information table (IDT) such that it spans the 4KB page boundary, putting the first item on 56 bytes from the final first 4KB" page. This places the first seven entries (0-6) on the first 4KB" page and the remaining entries on the second page.
The page contains the first 7 entries IDT that cannot have mapped in the OS page table. This will cause any exceptions 0-6 to generate a page without failure. A page fault prevents the bus locked state and gives the operating system full control of the process these exceptions. Note that Exception 6 is an invalid OpCode exception, so any program with this schema has full control to execute an invalid cmmpxchg8b instruction.
Chapter II, page error handler modification:
Identify the access pointing to the first page IDT through the test in the capacity address cr2. The page does not have a fault and can be handled normally at other addresses.
The page does not have a fault. The IDT on the first page is the operating system must identify and send an exception, causing the page to be not faulty. Before continuing, test the fault address to cr2 to determine whether it is within the address range corresponding to exceptions 0-6.
Calculate which exception causes the page to not have any fault in the calm address cr2.
Depending on the operating system, some permission level checks may require, as well as tweaking the interrupt stack.
Jump to the normal handler for the appropriate exception.
The two workarounds should only implement the Intel processor to return family=5 via the CPUID instruction.
Tip: If (invalid) register destination operation uses the cmmpxchg8b instruction and lock prefix, the system may hang. No memory data is corrupted, and the user can perform a system reset to return to normal operation. Please note that a specific invalid code sequence is necessary for this error. This error usually cannot be generated and the course is also not programmed by such a sequence.
This error applies only to Pentium processors, Pentium processors and MMX technology, Pentium OverDrive processors and Pentium OverDrive processors with MMX technology. Pentium Pro processor, Pentium II processor and i486 and earlier processors are not affected.
Workaround: There are two workarounds for this error in protected mode operating system. Workarounds Both generate a page error when invalid OpCode exception. In the above two examples, the page error will be invalid before repair OpCode exceptions, thereby preventing the occurrence of locked state. Implementation details will vary depending on the operating system. Use one of the following methods:
The first 7 entry (0-6) of this solution set in the first part interrupts the description information table (IDT) in the non-write page. When an invalid OpCode exception (Exception 6) occurs because of locking the cmmpxchg8b instruction with invalid registration destination, then), the processor will generate a page error if there is no write access to the page containing the IDT of entry 6. The second part of the solution Modify the page error handler to recognize and correctly schedule "invalid OpCode exceptions, now cabling through the page error handler.
Part I, IDT page access
The IDT of the first seven entries (0-6) marked in the page contains read-only by setting bit 1 to zero. It can also be set to 1 (16 bits). Now, when the "Invalid OpCode exception locks cmmpxchg8b instruction occurs, the processor will trigger a page error because it does not write to access the page containing entry 6 IDT. This page error prevents the bus locked state and gives the operating system full control process "Invalid operation exception. Note that Exception 6 is invalid OpCode exception, so any program with this schema has full control over the execution of an invalid cmmpxchg8b instruction.
Optional: If the update entry 7-255 IDT occurs during normal course operation, page errors should be avoided when writing these IDT entries. These page faults can avoid aligning IDTs across a 4KB page boundary (for example, the IDTs can be on the first seven entries (0-6) on the first read-only "page and" the remaining entries on the read/write page.
Page error handler modification
Modify the pager handler to calculate which exception causes the page to be incorrectly used by the content address to cr2. If the error code indicates an exception generated on the stack from ring 0 and if the address corresponds to an invalid OpCode exception exception, then the error code pops up closes the stack and jumps to "Invalid OpCode exception handler. Otherwise, continue with the normal page error handler.
or
There are two parts to this solution. First, interrupt the description information table (IDT) alignment (for example, any invalid OpCode exception will cause a page error (because the page does not exist). Second, the page error handler date recognizes and correctly schedules "invalid OpCode exceptions and some other exceptions, and now cabling is through the page error handler.
Component I, IDT calibration:
Align the interrupt description information table (IDT) such that it spans the 4KB page boundary, putting the first item on 56 bytes from the final first 4KB" page. This places the first seven entries (0-6) on the first 4KB" page and the remaining entries on the second page.
The page contains the first 7 entries IDT that cannot have mapped in the OS page table. This will cause any exceptions 0-6 to generate a page without failure. A page fault prevents the bus locked state and gives the operating system full control of the process these exceptions. Note that Exception 6 is an invalid OpCode exception, so any program with this schema has full control to execute an invalid cmmpxchg8b instruction.
Chapter II, page error handler modification:
Identify the access pointing to the first page IDT through the test in the capacity address cr2. The page does not have a fault and can be handled normally at other addresses.
The page does not have a fault. The IDT on the first page is the operating system must identify and send an exception, causing the page to be not faulty. Before continuing, test the fault address to cr2 to determine whether it is within the address range corresponding to exceptions 0-6.
Calculate which exception causes the page to not have any fault in the calm address cr2.
Depending on the operating system, some permission level checks may require, as well as tweaking the interrupt stack.
Jump to the normal handler for the appropriate exception.
The two workarounds should only implement the Intel processor to return family=5 via the CPUID instruction.