[5546] in bugtraq
Possible solution: [Fwd: I figured out how to make my Pentium
daemon@ATHENA.MIT.EDU (Miguel Angel Rodriguez Jodar)
Mon Nov 10 18:59:46 1997
Date: Mon, 10 Nov 1997 16:53:57 +0100
Reply-To: Miguel Angel Rodriguez Jodar <rodriguj@DRAGO.FIE.US.ES>
From: Miguel Angel Rodriguez Jodar <rodriguj@DRAGO.FIE.US.ES>
To: BUGTRAQ@NETSPACE.ORG
The following is a possible solution to F0 0F... crossposted from
comp.sys.intel. The solution involves the use of the internal cache to
make sure the descriptor is accesed from it, not from main memory.
The problem occurs when the descriptor is not on the cache. Jim's
example program forces an invalid opcode exception to load the
descriptor into the cache, and then F0 0F... is not a problem as long as
the descriptor remains in cache...
But... there's a way to lock the cache, so its contents don't get lost.
From 486, one of the control registers controls the operation mode of
the internal cache, so one could fire an invalid opcode, get the
descriptor into the cache, and INMEDIATLY lock the cache. This could be
done at boot time on Linux or similar.
Disadvantages: you MISS the internal cache, with loss of perfomance :(
Miguel Angel Rodriguez Jodar
Area de Arquitectura y Tecnologia de Computadores
Universidad de Sevilla (Spain)
-----------------------------------------------------------------------
Jim Brooks wrote:
>
> I just figured out how to make my Pentium execute F0 0F C7 C8.
> The trick is get the IDT gate descriptor for the invalid opcode
> exception into the internal caches by first executing a legitimate
> invalid opcode.
> Thereafter, as long as the gate descriptor remains in the internal
> caches,
> then Pentium can execute F0 0F C7 C8 without hanging itself.
> But if it isn't in the cache, F0* will hose your system.
>
> I put assembly source code and a DOS EXE to demonstrate this at:
>
> ftp://ftp.jimbrooks.org/f0opcode.zip
>
> Note that this program will only run in DOS while the Pentium is
> in real-mode. You must disable any memory managers which
> control protect-mode, otherwise the program will crash!
>
> | | Jim Brooks
> | _ | mailto:jim@jimbrooks.org
> ______________|_(_)_|______________ PGP public key available
> +|+ [ ( o ) ] +|+
> * O[_]---[_]O *
