Re: f00f patch

Martin von Loewis (martin@mira.isdn.cs.tu-berlin.de)
Fri, 14 Nov 1997 10:39:45 +0100


> I've seen the f00f patch, but I am not very experienced with
> kernel hacking and I can't understand exactly *how* it
> prevents the bug.
>
> Is there a description of how this was pulled off somewhere?

Check the mailing list archives. Basically, the problem was that the
processor would not fetch the IDT entry for the invalid opcode handler,
because of the lock prefix (at least, this is a common theory of what
happened).

This was solved by removing the page that has this IDT entry from
virtual memory, so the attempt to fetch it would page fault. The page
fault processing is apparently more reliable, so the page fault
handler is invoked. This processing now checks whether the fault
appeared in one of the missing IDT entries, and delegates then to the
invalid opcode handler.

Hope this helps,
Martin