Vol. 3A 4-45

PAGING

•

If a paging-structure entry is modified to change the R/W flag from 0 to 1, write accesses to linear addresses 
whose translation is controlled by this entry may or may not cause a page-fault exception.

•

If a paging-structure entry is modified to change the U/S flag from 0 to 1, user-mode accesses to linear 
addresses whose translation is controlled by this entry may or may not cause a page-fault exception.

•

If a paging-structure entry is modified to change the XD flag from 1 to 0, instruction fetches from linear 
addresses whose translation is controlled by this entry may or may not cause a page-fault exception.

As noted in Section 8.1.1, an x87 instruction or an SSE instruction that accesses data larger than a quadword may 
be implemented using multiple memory accesses. If such an instruction stores to memory and invalidation has 
been delayed, some of the accesses may complete (writing to memory) while another causes a page-fault excep-
tion.

1

 In this case, the effects of the completed accesses may be visible to software even though the overall 

instruction caused a fault.
In some cases, the consequences of delayed invalidation may not affect software adversely. For example, when 
freeing a portion of the linear-address space (by marking paging-structure entries “not present”), invalidation 
using INVLPG may be delayed if software does not re-allocate that portion of the linear-address space or the 
memory that had been associated with it. However, because of speculative execution (or errant software), there 
may be accesses to the freed portion of the linear-address space before the invalidations occur. In this case, the 
following can happen:

•

Reads can occur to the freed portion of the linear-address space. Therefore, invalidation should not be delayed 
for an address range that has read side effects.

•

The processor may retain entries in the TLBs and paging-structure caches for an extended period of time. 
Software should not assume that the processor will not use entries associated with a linear address simply 
because time has passed.

•

As noted in Section 4.10.3.1, the processor may create an entry in a paging-structure cache even if there are 
no translations for any linear address that might use that entry. Thus, if software has marked “not present” all 
entries in a page table, the processor may subsequently create a PDE-cache entry for the PDE that references 
that page table (assuming that the PDE itself is marked “present”).

•

If software attempts to write to the freed portion of the linear-address space, the processor might not generate 
a page fault. (Such an attempt would likely be the result of a software error.) For that reason, the page frames 
previously associated with the freed portion of the linear-address space should not be reallocated for another 
purpose until the appropriate invalidations have been performed.

4.10.5 

Propagation of Paging-Structure Changes to Multiple Processors

As noted in Section 4.10.4, software that modifies a paging-structure entry may need to invalidate entries in the 
TLBs and paging-structure caches that were derived from the modified entry before it was modified. In a system 
containing more than one logical processor, software must account for the fact that there may be entries in the 
TLBs and paging-structure caches of logical processors other than the one used to modify the paging-structure 
entry. The process of propagating the changes to a paging-structure entry is commonly referred to as “TLB shoot-
down.”
TLB shootdown can be done using memory-based semaphores and/or interprocessor interrupts (IPI). The 
following items describe a simple but inefficient example of a TLB shootdown algorithm for processors supporting 
the Intel-64 and IA-32 architectures:
1. Begin barrier: Stop all but one logical processor; that is, cause all but one to execute the HLT instruction or to 

enter a spin loop.

2. Allow the active logical processor to change the necessary paging-structure entries.
3. Allow all logical processors to perform invalidations appropriate to the modifications to the paging-structure 

entries.

4. Allow all logical processors to resume normal operation.
Alternative, performance-optimized, TLB shootdown algorithms may be developed; however, software developers 
must take care to ensure that the following conditions are met:

1. If the accesses are to different pages, this may occur even if invalidation has not been delayed.