The i386 TLB shootdown code seems to assume that the CPUs
reevaluate/reload cached PTEs before setting the page dirty bit.

However the IA32 Intel Software Architecture Software Developer's Manual Vol.3
7.1.2.1 only states:
	
	When updating page-directory and page-table entries, the processor
	uses locked cycles to set the accessed and dirty flag in the
	page-directory and page-table entries.

The chapters 3.11 and 10.9 also do not provide any specific information
about updating the flags / TLB interaction .

What prevents a CPU having a cached PTE entry from setting the dirty bit
in the in-memory PTE even if it is no longer valid ?
This could cause a race condition in the current TLB shootdown code
where dirty pages would be marked as clean pages.

Is there any additional literature available on the interaction of 
the TLB and PTE dirty/used bits updates ?

What am I missing ?

Thanks
	Stephan

PS:	If TLB PTE loads and setting the referenced bit in the memory PTE 	        
would always be atomic operations TLB shootdown could altogether
	be avoided on page mappings that have not been used by any processor.
	( Big win for kernel mappings only used by DMA based I/O to disks or
	 intelligent network cards)