From luoqi@chen.ml.org  Sun Apr  5 14:20:28 1998
Received: from chen.ml.org (luoqi.watermarkgroup.com [207.202.73.170])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA13843;
          Sun, 5 Apr 1998 14:20:23 -0700 (PDT)
          (envelope-from luoqi@chen.ml.org)
Received: (from luoqi@localhost)
	by chen.ml.org (8.8.8/8.8.8) id RAA01394;
	Sun, 5 Apr 1998 17:20:15 -0400 (EDT)
	(envelope-from luoqi)
Message-Id: <199804052120.RAA01394@chen.ml.org>
Date: Sun, 5 Apr 1998 17:20:15 -0400 (EDT)
From: Luoqi Chen <luoqi@chen.ml.org>
Reply-To: luoqi@chen.ml.org
To: FreeBSD-gnats-submit@freebsd.org
Cc: current@freebsd.org, emulation@freebsd.org
Subject: Don't drink and drive -- wine crashed -current
X-Send-Pr-Version: 3.2

>Number:         6219
>Category:       i386
>Synopsis:       wine causes system crash
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr  5 14:30:08 PDT 1998
>Closed-Date:    Tue Aug 18 00:48:27 PDT 1998
>Last-Modified:  Tue Aug 18 00:49:19 PDT 1998
>Originator:     Luoqi Chen
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
>Environment:

	FreeBSD sabrina.chen.ml.org 3.0-CURRENT FreeBSD 3.0-CURRENT #24: Tue Mar 24 02:48:22 EST 1998    luoqi@sabrina.chen.ml.org:/usr/src/sys/compile/SABRINA  i386
	With kernel option USER_LDT defined to support wine.


>Description:

	After an insuccessful execution of a win32 binary (missing dll),
	wine crashed the system. DDB showed trap 12 code 0 at
		doreti_pop_es:
			popl	%es
	The value to be popped was 0x27. No stack trace available and
	unable to generate a dump -- system hang at "Syncing disks"
	message.

>How-To-Repeat:

	Pick a win32 binary that would fail because of a missing dll,
	run it with wine, but make sure you specify the FULL pathname
	of the binary (e.g. wine /tmp/Ssreader.exe). You will see
	messages like these:
Warning: could not load Windows DLL 'COMCTL32.dll', using built-in module.
Module oledlg.dll not found
LoadModule: can't load 'Ssreader.exe', error=0
wine: can't exec 'Ssreader.exe': error=0
	Then the system traps to DDB.

>Fix:
	

>Release-Note:
>Audit-Trail:

From: Luoqi Chen <luoqi@chen.ml.org>
To: freebsd-gnats-submit@freebsd.org
Cc:  Subject: Re: i386/6219: wine causes system crash
Date: Mon, 06 Apr 1998 00:14:37 -0400

 I figured out the cause of the problem myself. There was a mistake
 made by the orignal submitter of the code. When disposing user ldt
 before an exec, the default ldt should be loaded, instead, the very
 user ldt that's being disposed of is loaded. The same mistake was made
 in cpu_exit(), except in this case the consequence is not as dire.
 Here's patch to fix the problem.
 
 
 Index: machdep.c
 ===================================================================
 RCS file: /fun/cvs/src/sys/i386/i386/machdep.c,v
 retrieving revision 1.292
 diff -u -r1.292 machdep.c
 --- machdep.c   1998/03/07 20:16:47     1.292
 +++ machdep.c   1998/04/06 02:59:59
 @@ -776,8 +776,10 @@
 
         /* was i386_user_cleanup() in NetBSD */
         if (pcb->pcb_ldt) {
 -               if (pcb == curpcb)
 -                       lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
 +               if (pcb == curpcb) {
 +                       lldt(_default_ldt);
 +                       currentldt = _default_ldt;
 +               }
                 kmem_free(kernel_map, (vm_offset_t)pcb->pcb_ldt,
                         pcb->pcb_ldt_len * sizeof(union descriptor));
                 pcb->pcb_ldt_len = (int)pcb->pcb_ldt = 0;
 @@ -792,6 +794,10 @@
         regs->tf_ds = _udatasel;
         regs->tf_es = _udatasel;
         regs->tf_cs = _ucodesel;
 +
 +       /* reset %fs and %gs as well */
 +       __asm("mov %0,%%fs" : : "r" (_udatasel));
 +       __asm("mov %0,%%gs" : : "r" (_udatasel));
 
         /*
          * Initialize the math emulator (if any) for the current
 process.
 Index: vm_machdep.c
 ===================================================================
 RCS file: /fun/cvs/src/sys/i386/i386/vm_machdep.c,v
 retrieving revision 1.101
 diff -u -r1.101 vm_machdep.c
 --- vm_machdep.c        1998/02/25 03:56:09     1.101
 +++ vm_machdep.c        1998/04/06 02:56:47
 @@ -692,8 +692,10 @@
  #endif
  #ifdef USER_LDT
         if (pcb->pcb_ldt != 0) {
 -               if (pcb == curpcb)
 -                       lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
 +               if (pcb == curpcb) {
 +                       lldt(_default_ldt);
 +                       currentldt = _default_ldt;
 +               }
                 kmem_free(kernel_map, (vm_offset_t)pcb->pcb_ldt,
                         pcb->pcb_ldt_len * sizeof(union descriptor));
                 pcb->pcb_ldt_len = (int)pcb->pcb_ldt = 0;

From: Luoqi Chen <luoqi@chen.ml.org>
To: freebsd-gnats-submit@freebsd.org
Cc:  Subject: Re: i386/6219: wine causes system crash
Date: Mon, 4 May 1998 06:52:49 -0400 (EDT)

 I made some mistake in the patch I submitted. Please use the following patch
 instead. -lq
 
 Index: machdep.c
 ===================================================================
 RCS file: /fun/cvs/src/sys/i386/i386/machdep.c,v
 retrieving revision 1.294
 diff -u -r1.294 machdep.c
 --- machdep.c	1998/04/06 15:46:17	1.294
 +++ machdep.c	1998/05/04 10:40:30
 @@ -768,14 +768,15 @@
  	u_long stack;
  {
  	struct trapframe *regs = p->p_md.md_regs;
 -
 -#ifdef USER_LDT
  	struct pcb *pcb = &p->p_addr->u_pcb;
  
 +#ifdef USER_LDT
  	/* was i386_user_cleanup() in NetBSD */
  	if (pcb->pcb_ldt) {
 -		if (pcb == curpcb)
 -			lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
 +		if (pcb == curpcb) {
 +			lldt(_default_ldt);
 +			currentldt = _default_ldt;
 +		}
  		kmem_free(kernel_map, (vm_offset_t)pcb->pcb_ldt,
  			pcb->pcb_ldt_len * sizeof(union descriptor));
  		pcb->pcb_ldt_len = (int)pcb->pcb_ldt = 0;
 @@ -790,6 +791,14 @@
  	regs->tf_ds = _udatasel;
  	regs->tf_es = _udatasel;
  	regs->tf_cs = _ucodesel;
 +
 +	/* reset %fs and %gs as well */
 +	pcb->pcb_fs = _udatasel;
 +	pcb->pcb_gs = _udatasel;
 +	if (pcb == curpcb) {
 +		__asm("mov %0,%%fs" : : "r" (_udatasel));
 +		__asm("mov %0,%%gs" : : "r" (_udatasel));
 +	}
  
  	/*
  	 * Initialize the math emulator (if any) for the current process.
 Index: vm_machdep.c
 ===================================================================
 RCS file: /fun/cvs/src/sys/i386/i386/vm_machdep.c,v
 retrieving revision 1.105
 diff -u -r1.105 vm_machdep.c
 --- vm_machdep.c	1998/03/23 19:52:42	1.105
 +++ vm_machdep.c	1998/04/14 01:30:21
 @@ -703,8 +703,10 @@
  #endif
  #ifdef USER_LDT
  	if (pcb->pcb_ldt != 0) {
 -		if (pcb == curpcb)
 -			lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
 +		if (pcb == curpcb) {
 +			lldt(_default_ldt);
 +			currentldt = _default_ldt;
 +		}
  		kmem_free(kernel_map, (vm_offset_t)pcb->pcb_ldt,
  			pcb->pcb_ldt_len * sizeof(union descriptor));
  		pcb->pcb_ldt_len = (int)pcb->pcb_ldt = 0;
State-Changed-From-To: open->closed 
State-Changed-By: msmith 
State-Changed-When: Tue Aug 18 00:48:27 PDT 1998 
State-Changed-Why:  
Patches committed (incorporated in the fixes in i386/7591). 
>Unformatted:
