From owner-freebsd-bugs  Sun Apr  5 21:20:05 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA15417
          for freebsd-bugs-outgoing; Sun, 5 Apr 1998 21:20:05 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA15406;
          Sun, 5 Apr 1998 21:20:02 -0700 (PDT)
          (envelope-from gnats)
Date: Sun, 5 Apr 1998 21:20:02 -0700 (PDT)
Message-Id: <199804060420.VAA15406@hub.freebsd.org>
To: freebsd-bugs
Cc: 
From: Luoqi Chen <luoqi@chen.ml.org>
Subject: Re: i386/6219: wine causes system crash
Reply-To: Luoqi Chen <luoqi@chen.ml.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR i386/6219; it has been noted by GNATS.

From: Luoqi Chen <luoqi@chen.ml.org>
To: freebsd-gnats-submit@freebsd.org
Cc:  Subject: Re: i386/6219: wine causes system crash
Date: Mon, 06 Apr 1998 00:14:37 -0400

 I figured out the cause of the problem myself. There was a mistake
 made by the orignal submitter of the code. When disposing user ldt
 before an exec, the default ldt should be loaded, instead, the very
 user ldt that's being disposed of is loaded. The same mistake was made
 in cpu_exit(), except in this case the consequence is not as dire.
 Here's patch to fix the problem.
 
 
 Index: machdep.c
 ===================================================================
 RCS file: /fun/cvs/src/sys/i386/i386/machdep.c,v
 retrieving revision 1.292
 diff -u -r1.292 machdep.c
 --- machdep.c   1998/03/07 20:16:47     1.292
 +++ machdep.c   1998/04/06 02:59:59
 @@ -776,8 +776,10 @@
 
         /* was i386_user_cleanup() in NetBSD */
         if (pcb->pcb_ldt) {
 -               if (pcb == curpcb)
 -                       lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
 +               if (pcb == curpcb) {
 +                       lldt(_default_ldt);
 +                       currentldt = _default_ldt;
 +               }
                 kmem_free(kernel_map, (vm_offset_t)pcb->pcb_ldt,
                         pcb->pcb_ldt_len * sizeof(union descriptor));
                 pcb->pcb_ldt_len = (int)pcb->pcb_ldt = 0;
 @@ -792,6 +794,10 @@
         regs->tf_ds = _udatasel;
         regs->tf_es = _udatasel;
         regs->tf_cs = _ucodesel;
 +
 +       /* reset %fs and %gs as well */
 +       __asm("mov %0,%%fs" : : "r" (_udatasel));
 +       __asm("mov %0,%%gs" : : "r" (_udatasel));
 
         /*
          * Initialize the math emulator (if any) for the current
 process.
 Index: vm_machdep.c
 ===================================================================
 RCS file: /fun/cvs/src/sys/i386/i386/vm_machdep.c,v
 retrieving revision 1.101
 diff -u -r1.101 vm_machdep.c
 --- vm_machdep.c        1998/02/25 03:56:09     1.101
 +++ vm_machdep.c        1998/04/06 02:56:47
 @@ -692,8 +692,10 @@
  #endif
  #ifdef USER_LDT
         if (pcb->pcb_ldt != 0) {
 -               if (pcb == curpcb)
 -                       lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
 +               if (pcb == curpcb) {
 +                       lldt(_default_ldt);
 +                       currentldt = _default_ldt;
 +               }
                 kmem_free(kernel_map, (vm_offset_t)pcb->pcb_ldt,
                         pcb->pcb_ldt_len * sizeof(union descriptor));
                 pcb->pcb_ldt_len = (int)pcb->pcb_ldt = 0;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message