Jump to content

Pentium F00F bug: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Achurch (talk | contribs)
192 edits
Wording tweaks.
No edit summary
Line 17: Line 17:
<code>lock cmpxchg8b eax</code>
<code>lock cmpxchg8b eax</code>


The [[Operand#Computer science|operand]] could be a register other than ''eax''. The ''cmpxchg8b'' instruction is used to compare the value in the ''edx'' and ''eax'' [[processor register|registers]] with an 8-[[byte]] value at some memory location. In this case, however, a 4-byte register is used as the destination operand, which is not big enough to store the 8-byte result.
The [[Operand#Computer science|operand]] could be a register other than ''eax''.
This instruction encoding is invalid. The ''cmpxchg8b'' instruction compares the value in the ''edx'' and ''eax'' [[processor register|registers]] with an 8-[[byte]] value in a memory location. In this case, however, a register is used as the destination operand, which is not allowed.


Under normal circumstances, this instruction would simply result in an [[exception handling|exception]]; however, when used with the ''lock'' prefix (normally used to prevent two processors from interfering with the same memory location), the exception handler is never called, the processor stops servicing [[interrupt]]s and the CPU must be reset to recover.
Under normal circumstances, this instruction would simply result in an [[exception handling|exception]]; however, when used with the ''lock'' prefix (normally used to prevent two processors from interfering with the same memory location), the exception handler is never called, the processor stops servicing [[interrupt]]s and the CPU must be reset to recover.

Revision as of 08:40, 17 April 2014

The invalid operand with locked CMPXCHG8B instruction bug, commonly referred to as the Pentium F00F bug (as shorthand for f0 0f c7 c8, the hexadecimal encoding of one offending instruction),[1] is a design flaw in the majority of Intel Pentium, Pentium MMX, and Pentium OverDrive processors (all in the P5 microarchitecture).[2]

Description

In the x86 architecture, the byte sequence f0 0f c7 c8 represents the instruction:

lock cmpxchg8b eax

The operand could be a register other than eax.

This instruction encoding is invalid. The cmpxchg8b instruction compares the value in the edx and eax registers with an 8-byte value in a memory location. In this case, however, a register is used as the destination operand, which is not allowed.

Under normal circumstances, this instruction would simply result in an exception; however, when used with the lock prefix (normally used to prevent two processors from interfering with the same memory location), the exception handler is never called, the processor stops servicing interrupts and the CPU must be reset to recover.

The instruction does not require any special privileges and, due to the proliferation of Intel microprocessors, was considered a serious issue at the time. Operating system vendors responded by implementing workarounds that detected the condition and prevented the crash.

Although technically not an example of either, the f00f instruction is often considered an HCF instruction or a killer poke. Since the f00f bug has become common knowledge, the term is sometimes used to describe similar hardware design flaws such as the Cyrix coma bug[citation needed].

No permanent hardware damage would result from executing the f00f instruction on a vulnerable system. Depending on the file system, operating system, and other circumstances, it is possible for data loss to occur if the disk buffers have not been flushed, if drives were interrupted during a write operation, or if some other non-atomic operation was interrupted.

No Intel processors since the introduction of the Pentium Pro have been affected by the bug. The myB2 stepping fixed this issue.[2]

Information about this bug first appeared on the Internet on or around 7 November 1997.[3]

See also

References

  1. ^ Collins, Robert R. (May 1, 1998). "The Pentium F00F Bug: Workarounds for a nasty problem". Dr. Dobb's Journal.
  2. ^ a b Pentium Processor Specification Update (PDF). Intel Corporation. January 1999. pp. 51–52. order number 242480-041. Retrieved 2006-11-02.
  3. ^ "Nieuwe Intel Pentium BUG". Retrieved 2008-07-07.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Pentium_F00F_bug&oldid=604568320"