nanog mailing list archives
Re: Potentially dangerous Pentium bug disc
From: Vijay Gill <wrath () cs umbc edu>
Date: Wed, 12 Nov 1997 11:35:36 -0500 (EST)
On Wed, 12 Nov 1997, Michael McArthur wrote:
That's the problem -- it isn't a "bug", just an exploitable instruction set that Cyrix, AMD, et al have been faithfully copying. For that matter, the 486 instruction set is a subset of the Pentium instruction set. Does this affect the 486/386 etc..?
Short summary. The illegal instruction F0 0F C7 C8 locks up the Pentium, only reset or NMI allows the cpu to continue (this is a lock cmpxchg8 instruction with a reg as destination; in this case AX, but all other regs work, too; I'm not really sure if NMI cleans it up). It doesn't halt AMDs, Cyrixes, PPros and PII, nor does it halt any Intel CPU before Pentium; it's supposed to produce an illegal instruction trap. It does not halt the pentium, if the offending instruction is the destination of a mispredicted branch, or if the illegal instruction IDT is in the L1 cache. Affected: Multiuser systems facing "wannabe" hackers; all Pentium and Pentium MMX processors are affected. Workaround: none, if disabling the L1 cache and loading the illegal instruction IDT with TR4/TR5 isn't an option for you (massive performance hit). A boardlevel workaround seems to be possible (LOCK hold for more than a few microseconds -> raise NMI). History: Is known to Intel for at least some months (the maintainer of the Intel secret page found this bug, reported it, and did not publish it). They did not fix it (thus even the most recent Pentia are affected). Reproduce: Unix: % cat >pentbug.c unsigned main = 0xC8C70FF0; ^D % cc pentbug.c -o pentbug % ./pentbug (thanks to bernd paysan) vijay
Current thread:
- Re: Potentially dangerous Pentium bug disc Michael McArthur (Nov 12)
- Re: Potentially dangerous Pentium bug disc Vijay Gill (Nov 12)
- Re: Potentially dangerous Pentium bug disc Randy Bush (Nov 12)
- Re: Potentially dangerous Pentium bug disc Bruce Robertson (Nov 12)
- Re: Potentially dangerous Pentium bug disc Leigh Porter (Nov 12)
- Re: Potentially dangerous Pentium bug disc Sharif Torpis (Nov 12)
- Re: Potentially dangerous Pentium bug disc Leigh Porter (Nov 12)
- Re: Potentially dangerous Pentium bug disc Randy Bush (Nov 12)
- Re: Potentially dangerous Pentium bug disc Greg A. Woods (Nov 12)
- Re: Potentially dangerous Pentium bug disc Vijay Gill (Nov 12)
- Re: Potentially dangerous Pentium bug disc Leo Seto (Nov 12)
- Re: Potentially dangerous Pentium bug disc Randy Bush (Nov 12)
- Re: Potentially dangerous Pentium bug disc Greg A. Woods (Nov 12)
- Re: Potentially dangerous Pentium bug disc Robert E. Seastrom (Nov 12)