On Wed, 12 Nov 1997, Michael McArthur wrote:
That's the problem -- it isn't a "bug", just an exploitable instruction set that Cyrix, AMD, et al have been faithfully copying.
For that matter, the 486 instruction set is a subset of the Pentium instruction set. Does this affect the 486/386 etc..?
Short summary. The illegal instruction F0 0F C7 C8 locks up the Pentium, only reset or NMI allows the cpu to continue (this is a lock cmpxchg8 instruction with a reg as destination; in this case AX, but all other regs work, too; I'm not really sure if NMI cleans it up). It doesn't halt AMDs, Cyrixes, PPros and PII, nor does it halt any Intel CPU before Pentium; it's supposed to produce an illegal instruction trap. It does not halt the pentium, if the offending instruction is the destination of a mispredicted branch, or if the illegal instruction IDT is in the L1 cache. Affected: Multiuser systems facing "wannabe" hackers; all Pentium and Pentium MMX processors are affected. Workaround: none, if disabling the L1 cache and loading the illegal instruction IDT with TR4/TR5 isn't an option for you (massive performance hit). A boardlevel workaround seems to be possible (LOCK hold for more than a few microseconds -> raise NMI). History: Is known to Intel for at least some months (the maintainer of the Intel secret page found this bug, reported it, and did not publish it). They did not fix it (thus even the most recent Pentia are affected). Reproduce: Unix: % cat >pentbug.c unsigned main = 0xC8C70FF0; ^D % cc pentbug.c -o pentbug % ./pentbug (thanks to bernd paysan) vijay