From owner-freebsd-hackers Mon Nov 10 01:28:18 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id BAA16718 for hackers-outgoing; Mon, 10 Nov 1997 01:28:18 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from unix.tfs.net (root@unix.tfs.net [199.79.146.60]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id BAA16713 for ; Mon, 10 Nov 1997 01:28:14 -0800 (PST) (envelope-from jbryant@argus.tfs.net) Received: from argus.tfs.net (node6.tfs.net [207.2.220.6]) by unix.tfs.net (8.8.5/8.8.5) with ESMTP id DAA07706; Mon, 10 Nov 1997 03:26:51 -0600 Received: (from jbryant@localhost) by argus.tfs.net (8.8.7/8.8.5) id DAA07836; Mon, 10 Nov 1997 03:28:08 -0600 (CST) From: Jim Bryant Message-Id: <199711100928.DAA07836@argus.tfs.net> Subject: Re: Newest Pentium bug (fatal) In-Reply-To: <199711100741.XAA26352@kithrup.com> from Sean Eric Fagan at "Nov 9, 97 11:41:16 pm" To: sef@kithrup.com (Sean Eric Fagan) Date: Mon, 10 Nov 1997 03:28:07 -0600 (CST) Cc: freebsd-hackers@freebsd.org Reply-to: jbryant@tfs.net X-Windows: R00LZ!@# MS-Winbl0wz DR00LZ!@# X-Operating-System: FreeBSD 2.2.2-RELEASE #0: Wed Jul 9 01:01:24 CDT 1997 X-Mailer: ELM [version 2.4ME+ PL31H (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In reply: > In article <199711100650.AAA07487.kithrup.freebsd.hackers@argus.tfs.net> you write: > >research proves that the currently discussed bug is NOT an invalid > >opcode as he claims but in fact is an infinitely useful documented > >instruction. > > > >LOCK CMPXCHG8B EDX:EAX, ECX:EBX ; crash... pp 25-72 to > > ; 25-73 of intel's arch & prog > > ; manual for the pentium > > LOCK is not a valid prefix for CMPXCHG8. ^^^^^^^^ CMPXCHG8B is the intel designation. RTFM. p 25-73. under the heading "notes", and beginning with the sentance "This instruction can be used with a LOCK prefix." > %eax (and, in fact, any 32-bit register) is not a valid operand for CMPXCHG8. p 25-72: "Description The CMPXCHG8B instruction compares the 64-bit value in EDX:EAX with DEST. EDX contains the high-order 32 bits, and EAX contains the low-order 32 bits of the 64-bit value. If they are equal, the 64-bit value in ECX:EBX is stored into DEST. ECX contains the high-order 32 bits and EBX contains the low-order 32 bits. Otherwise, DEST is loaded into EDX:EAX." the only thing i question here is if i am interpreting the r/m64 byte correctly [0x0C8]. jim -- All opinions expressed are mine, if you | "I will not be pushed, stamped, think otherwise, then go jump into turbid | briefed, debriefed, indexed, or radioactive waters and yell WAHOO !!! | numbered!" - #1, "The Prisoner" ------------------------------------------------------------------------------ Inet: jbryant@tfs.net AX.25: kc5vdj@wv0t.#neks.ks.usa.noam grid: EM28pw voice: KC5VDJ - 6 & 2 Meters AM/FM/SSB, 70cm FM. http://www.tfs.net/~jbryant ------------------------------------------------------------------------------ HF/6M/2M: IC-706-MkII, 2M: HTX-212, 2M: HTX-202, 70cm: HTX-404, Packet: KPC-3+