5

Let's say a 32-bit value is written to a memory location which spans 2 pages. For the sake of the argument let's assume 2 bytes end up in the first page and 2 more in the second one. The first page is writable, but the second page is unmapped. Executing the instruction as whole will trigger a page fault and that's fine.

My question is: will the page fault trigger before or after the first 2 bytes of the value are written to memory? To put it another way will code running after the fault (for example, the fault handler) be able to observe the partial write?

Let's assume an X86 environment, as I suspect that the behavior may be architecture or maybe even model specific.

alexp
  • 811
  • 4
  • 10
  • 1
    IIRC, the entire write is aborted by the fault. Intel's x86 manuals should document this in detail, if you want to double-check. Less certain about this, but IIRC AVX512 masked stores *may* actually store some of the (non-faulting) elements before the fault is taken. I just checked the ISA ref manual for scatter instructions, and they don't say that: scatters check for faults in a specified order. (But for a single element of a scatter, if it faults it's not done at all.) – Peter Cordes Oct 14 '17 at 10:32
  • 1
    I'd be surprised if there are any architectures that do let the partial store to the non-faulting page go through. BTW, links to Intel's x86 manuals in [the x86 tag wiki](https://stackoverflow.com/tags/x86/info). – Peter Cordes Oct 14 '17 at 10:33
  • @PeterCordes - I didn't check the AVX-512 stores, but no doubt that's how it works. Even the AVX2 gathers operate this way: they update the mask register after each gather operation (in principle anyways) so they can be interrupted (I think) and so if an exception is thrown, some part of the load may have already completed and the mask register will reflect that (so potentially the issue can be fixed and the load restarted). No doubt AVX-512 gathers work the same, and it would be weird if scatters were different. – BeeOnRope Oct 15 '17 at 00:59

1 Answers1

-3

From Intel Architectures Manual Volume 3A:

Accesses to cacheable memory that are split across cache lines and page boundaries are not guaranteed to be atomic by the Intel Core 2 Duo, Intel® Atom™, Intel Core Duo, Pentium M, Pentium 4, Intel Xeon, P6 family, Pentium, and Intel486 processors.

IMO not atomic means your described scenario can be occur. Interrupt can be generated after first 2 bytes is written.

Zang MingJie
  • 5,164
  • 1
  • 14
  • 27
  • But permission checking on both parts of a page-split has to be completed before either part becomes globally visible, unless I'm wrong about how it works. – Peter Cordes Oct 14 '17 at 11:13
  • I can't see the different. NOT-atomic means other parts (other cores or bus) can observer partial write, why the same core can't observer partial write when interrupt occur ? I don't think partial write will be roll-back when page fault occur. It makes the problem more complex, and gains nothing.. – Zang MingJie Oct 14 '17 at 11:19
  • would depend on what the bus transfer looks like if the core breaks it into two transfers or if it is a single unaligned transfer...of course the simpler answer is just try it yes? – old_timer Oct 14 '17 at 12:03
  • @Zang: All of those microarchitectures are already out-of-order with speculative execution. They already have to be able to cancel already-executed stores before they commit from the store-buffer to L1D cache and become globally visible. That isn't allowed to happen until the store retires (i.e. all previous instructions are found to have completed without exceptions or other detection of mis-speculation, and same for all parts of *this* instruction. The most common kind of mis-speculation is branch prediction being wrong, but it also includes this and earlier loads/stores not faulting.) – Peter Cordes Oct 14 '17 at 12:06
  • @PeterCordes I got it. As Intel doesn't define the behavior, the behavior is undefined, partial write may or may not happen. Being non-atomic at least means it is not guaranteed that partial write doesn't happen. But to avoid bugs, we always expect the worst would happen. I would assume it may happen when doing my jobs. – Zang MingJie Oct 14 '17 at 12:43
  • I'm pretty sure Intel *does* define the behaviour somewhere else in the vol.1 or vol.3 manual. I remember something in the manual about masked stores or scatters being careful to point out when part of the instructions results can be architecturally visible even when it faults before completion. Maybe tomorrow I'll dig up the relevant part if nobody else does before then. – Peter Cordes Oct 14 '17 at 12:47