> Even with the fix, the PTE for the first page of the IDT has to be in
> the TLB, otherwise we're right back in the same boat, right? (i.e. the
> CPU would have to read the PTE from memory...)
Wrong, the PTE corresponding to the first 7 entries of the IDT is marked
invalid. And therefore it is never loaded in the TLB, which only caches
valid entries by definition.
Ingo wrote:
> probably (i'm wildly speculating here), the bug is that the pentium
> puts a LOCK onto the memory bus while it reads the IDT[trap] descriptor
> ... and it forgets to give that LOCK line back. Now, you have to issue a
> LOCK line for reading a descriptor (it's 8 bytes), but you dont have to
> do it when reading a PTE. A PTE is only 4 bytes, which 32 bits is an
> atomic memory bus transaction anyway. And PTE reading happens _before_
> reading the descriptor ... this small window enables us to do the page
> fault based workaround.
Note that according to Intel doc, descriptor table accesses are not
locked. Locked descriptor and page table accesses are only performed when
the processor realizes that it must update bits (such as accessed) in a
table entry.
Gabriel.