Data Corruption on Windows NT 4.0

• Microsoft Windows NT Workstation version 4.0
• Microsoft Windows NT Server version 4.0

SYMPTOMS

Your data are being corrupted.

CAUSE

This problem is caused by a miscompare between a 32-bit value and a PTE's page frame number, which on an Intel x86 is 20-bits. Every time Windows NT flushes the entire translation buffer (TLB) it increments a 32-bit counter. Every time Windows NT frees a set of system pages (for example, unmapping an MDL) the current value of the counter is stored into the PTE's page frame number field. When the PTE is reused, Windows NT compares the Page Frame Number field to the current value in the counter, if they are equal, then the TLB has not been flushed since this PTE was last used. If they are unequal, then the PTE's virtual address can be reused without flushing it out of the TLB.

The algorithium is designed to allow the counter to overflow which is why there is a compare for equality rather than for greater than. However, once the counter exceeds 20-bits (1,048,575), the compare always fails and TLB flushes are not done when necessary. The fix is to make the 32-bit counter also 20 bits.

The reason this is sporadic is the fact that system PTEs are reused in a first in last out order. Hence when there are ample system address ranges to map MDLs through, and the fact that various other operations cause TLB flushes, means that by the time the PTEs get reused, a flush was already done. A Pentium Pro processor is more likely to encounter the problem because on a Pentium Pro, a context switch does not invalid the TLB as it does on other x86 processors.

WORKAROUND

Obtain the fix mentioned below or wait for the next Service Pack.

STATUS

Microsoft has confirmed this to be a problem Windows NT version 4.0. This problem was corrected in the latest Windows NT 4.0 U.S. Service Pack. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

   S E R V P A C K