>
> Hello,
>
> I'm already running 2.0.32 which fixes the f00f bug. However, I'm very
> curious as to exactly how the invalid opcode was trapped. I have the
> source code, but can we just have some description on how the fix works?
> I'd really like to know.
>
> Thanks, and regards,
>
The first temporary fix put the first 6 entries of the IDT (interrupt
descriptor table) on a page that was marked "page-not-present". This
caused a page-fault if the illegal-opcode trap was executed. The
page-fault routine killed the task. There were problems handling the
other traps such as single-step (debug), which resulted in rewrites
and a lot of "stringy" code.
Linus discovered that the F00F bug actually attempted to write to
the IDT. This made the trap easier. The IDT was simply marked present,
but read-only. The resulting code became trivial because nobody but
the kernel ever writes to the IDT (it doesn't exist in user space).
Since the code that detects an attempt to write to stuff you don't own
already exists in the kernel (seg-faults, etc.) The overhead on
the bug-fix, becomes close to zero.
Cheers,
Dick Johnson
Richard B. Johnson
Project Engineer
Analogic Corporation
Penguin : Linux version 2.1.70 on an i586 machine (66.15 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.