From owner-freebsd-emulation@FreeBSD.ORG  Tue Sep 18 20:34:44 2007
Return-Path: <owner-freebsd-emulation@FreeBSD.ORG>
Delivered-To: freebsd-emulation@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DC75716A421;
	Tue, 18 Sep 2007 20:34:44 +0000 (UTC) (envelope-from bsam@ipt.ru)
Received: from mail.ipt.ru (mail.ipt.ru [194.62.233.102])
	by mx1.freebsd.org (Postfix) with ESMTP id 711DC13C4A7;
	Tue, 18 Sep 2007 20:34:44 +0000 (UTC) (envelope-from bsam@ipt.ru)
Received: from srv.sem.ipt.ru ([192.168.12.1] helo=ipt.ru)
	by mail.ipt.ru with esmtp (Exim 4.62 (FreeBSD))
	(envelope-from <bsam@ipt.ru>)
	id 1IXjmN-000MEp-6D; Wed, 19 Sep 2007 00:34:43 +0400
Received: from bsam by ipt.ru with local (Exim 4.63 (FreeBSD))
	(envelope-from <bsam@ipt.ru>)
	id 1IXjnp-000CAm-VH; Wed, 19 Sep 2007 00:36:13 +0400
To: Roman Divacky <rdivacky@freebsd.org>
References: <20070916171044.GA89893@freebsd.org> <66582704@bs1.sp34.ru>
	<20070916205434.GA70997@freebsd.org>
	<20070917152625.GA507@freebsd.org> <64815375@srv.sem.ipt.ru>
	<46EF62C5.5090704@gmail.com> <00483937@srv.sem.ipt.ru>
	<46EF7E05.5040405@gmail.com> <20070918074332.GA30053@freebsd.org>
	<88000019@srv.sem.ipt.ru> <20070918082119.GA30932@freebsd.org>
	<89768331@srv.sem.ipt.ru>
From: Boris Samorodov <bsam@ipt.ru>
Date: Wed, 19 Sep 2007 00:36:13 +0400
In-Reply-To: <89768331@srv.sem.ipt.ru> (Boris Samorodov's message of "Tue\,
	18 Sep 2007 12\:38\:28 +0400")
Message-ID: <41596338@srv.sem.ipt.ru>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.99 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-emulation@freebsd.org, sam <samflanker@gmail.com>
Subject: Re: linuxolator problem on i386
X-BeenThere: freebsd-emulation@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Development of Emulators of other operating systems
	<freebsd-emulation.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-emulation>, 
	<mailto:freebsd-emulation-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-emulation>
List-Post: <mailto:freebsd-emulation@freebsd.org>
List-Help: <mailto:freebsd-emulation-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-emulation>, 
	<mailto:freebsd-emulation-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Sep 2007 20:34:44 -0000

Hi!


I like magic numbers. Ex. 4096. ;-)
And I like to play with them.


On Tue, 18 Sep 2007 12:38:28 +0400 Boris Samorodov wrote:

> > 2) when the directory is moved it works ok
> Yes. And I suppose if some files are deletted the program should
> work.

It so happened that here we get a deal with magic (number). Let me
show you the broken behaviour one more time:
-----
 14594 hlds_i686 NAMI  "/usr/home/bsam/hlds_l/./cstrike/sound/weapons"
 14594 hlds_i686 RET   linux_open 6
 14594 hlds_i686 CALL  linux_fstat64(0x6,0xbfbecd34,0x2820cff4)
 14594 hlds_i686 RET   linux_fstat64 0
 14594 hlds_i686 CALL  linux_fcntl64(0x6,0x2,0x1)
 14594 hlds_i686 RET   linux_fcntl64 0
 14594 hlds_i686 CALL  linux_getdents(0x6,0x8da5b44,0x1000)
 14594 hlds_i686 RET   linux_getdents 4096/0x1000
 14594 hlds_i686 CALL  linux_getdents(0x6,0x8da5b44,0x1000)
 14594 hlds_i686 RET   linux_getdents 444/0x1bc
 14594 hlds_i686 CALL  linux_getdents(0x6,0x8da5b44,0x1000)
 14594 hlds_i686 RET   linux_getdents 0
 14594 hlds_i686 CALL  linux_open(0x281e0fc7,0x902,0)
 14594 hlds_i686 NAMI  "/compat/linux/dev/tty"
 14594 hlds_i686 NAMI  "/dev/tty"
 14594 hlds_i686 RET   linux_open 7
 14595 hlds_i686 CALL  linux_sys_futex(0x2820e120,0,0x2,0,0x8da5720,0x2f45b0f8)
 14594 hlds_i686 CALL  writev(0x7,0xbfbec6b0,0x7)
 14594 hlds_i686 GIO   fd 7 wrote 86 bytes
       "*** glibc detected *** ./hlds_i686: double free or corruption (!prev):\
         0x08da5b28 ***
       "
-----

Look at the first linux_getdents() line. The third parameter (buffer
length?) equals to 0x1000 which is 4096. The second line with
linux_getdents shows that it has read precisely 4096 (bytes?). What if
we face here a (so called at our high school) border-case
(border-problem)?

OK, the program reads the directory contents. Lets touch a new file
at this directory. What does happen? Follow me:
-----
 14579 hlds_i686 NAMI  "/usr/home/bsam/hlds_l/./cstrike/sound/weapons"
 14579 hlds_i686 RET   linux_open 6
 14579 hlds_i686 CALL  linux_fstat64(0x6,0xbfbecd34,0x2820cff4)
 14579 hlds_i686 RET   linux_fstat64 0
 14579 hlds_i686 CALL  linux_fcntl64(0x6,0x2,0x1)
 14579 hlds_i686 RET   linux_fcntl64 0
 14579 hlds_i686 CALL  linux_getdents(0x6,0x8da574c,0x1000)
 14579 hlds_i686 RET   linux_getdents 4084/0xff4
 14579 hlds_i686 CALL  linux_getdents(0x6,0x8da574c,0x1000)
 14579 hlds_i686 RET   linux_getdents 472/0x1d8
 14579 hlds_i686 CALL  linux_getdents(0x6,0x8da574c,0x1000)
 14579 hlds_i686 RET   linux_getdents 0
 14579 hlds_i686 CALL  close(0x6)
 14579 hlds_i686 RET   close 0
 14579 hlds_i686 CALL  linux_stat64(0xbfbecec4,0xbfbecdc4,0x2820cff4)
 14579 hlds_i686 NAMI  "/compat/linux/usr/home/bsam/hlds_l/./valve/sound/weapons/reload1.wav"
-----

That's it! <loud long applauses>

Roman, I hope now you may create the needed patch.
As for me I'm too tied (and too proud :-) ) today and 'm going to have
a little sleep.


WBR and good night to all ya!
-- 
Boris Samorodov (bsam)
Research Engineer, http://www.ipt.ru Telephone & Internet SP
FreeBSD committer, http://www.FreeBSD.org The Power To Serve