> System information
>
> The CPU type is Pentium II 300MHz. The total hardware
> memory size is 64M bytes. The dosemu.conf lines are
> normal(unchanged), except the following variables:
>
> $_rawkeyboard = (1)
> $_cpu = "80586"
> $_xms = (32768)
> $_ems = (0)
> $_console = (1)
> $_graphics = (1)
> $_vmemsize = (4096)
> $_chipset = "trident"
> $_hdimage = "/dev/hda1 /dev/hdc1"
>
> The /dev/hda1 is a DOS partition and contains Windows 98.
> Linux kernel version is 2.2.7. DOSEmu version is 0.99.11.
>
>
> Bug Description
>
> Now, run DOSEmu, press F8 key to access Win98 startup menu.
>
> Then choose "Safe mode command prompt only".
>
> At the dos prompt, type DEBUG and press Enter. Then type the
>
> letter "A" and press Enter to Assemble something. And then
>
> enter the following lines:
>
> cli
> cli
> cli
> nop
> nop
> nop
>
> Press an additional Enter to leave the "A" command.
>
> Now type the letter "T" ( single step Trace command ) and
>
> press Enter. O! O! O! Oh! FOUR instructions passed ( other
>
> than ONE instruction )---- the IP register (the program
>
> counter) points to the 5th instruction "NOP".
>
> Similarly, you can try to trace the following:
>
> pushf
> pushf
> pushf
> popf
> pushf
> cli
> sti
> popf
> pushf
> nop
>
> Set IP to point to the first "pushf", then enter "T" command.
>
> You will find that all instructions are executed, and the SP
>
> (stack pointer) and the stack contain the right values. That is
>
> dangerous, especially when the last instruction is not "nop" !
>
[SNIPPED patch]
I don't understand 'dangerous' the execution on my system is exactly
as expected:
First you must assemble at 100 if you want to do things without trashing
memory you don't own. When you assemble in DOS DEBUG, you make a memory
image called a 'COM' file.
Here I have assembled 4 CLIs and 3 NOPS. This is done in the DOS-in-the
box window. I cut and paste to Linux `cat >filename`.
-a100
09C0:0100
-u 100
09C0:0100 FA CLI
09C0:0101 FA CLI
09C0:0102 FA CLI
09C0:0103 FA CLI
09C0:0104 90 NOP
09C0:0105 90 NOP
09C0:0106 90 NOP
09C0:0107 47 INC DI
09C0:0108 61 DB 61
09C0:0109 031F ADD BX,[BX]
09C0:010B 8BC3 MOV AX,BX
09C0:010D 48 DEC AX
09C0:010E 12B1048B ADC DH,[BX+DI+8B04]
09C0:0112 C6F70A MOV BH,0A
09C0:0115 0AD0 OR DL,AL
09C0:0117 D348DA ROR WORD PTR [BX+SI-26],CL
09C0:011A 2BD0 SUB DX,AX
09C0:011C 3400 XOR AL,00
09C0:011E AF SCASW
09
-
I will now set the IP to 100H where I assembled it. Then I will trace it.
Note that DEBUG stops AFTER the first NOP because it puts 'int3'
instructions there. Also, note that the IP and the code is exactly
as written.
-rip
IP 0105
:100
-t
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFEE BP=0000 SI=0000 DI=0000
DS=09C0 ES=09C0 SS=09C0 CS=09C0 IP=0105 NV UP DI PL NZ NA PO NC
09C0:0105 90 NOP
-t
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFEE BP=0000 SI=0000 DI=0000
DS=09C0 ES=09C0 SS=09C0 CS=09C0 IP=0106 NV UP DI PL NZ NA PO NC
09C0:0106 90 NOP
-t
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFEE BP=0000 SI=0000 DI=0000
DS=09C0 ES=09C0 SS=09C0 CS=09C0 IP=0107 NV UP DI PL NZ NA PO NC
09C0:0107 47 INC DI
-q
Note that the 'cli' instructions were not executed. Each of the 4 were
trapped by the kernel, then ignored, the IP was advanced. This is
certainly the expected response.
What would you expect?
Here we have all the instructions executed except 'cli' and everything
contains the correct values. How can this be dangerous? Note if you
do something real bad, you just return to Linux. The normal way to
get out of virtual-mode DOS is to execute the DOS cold boot vector, i.e.,
branch to FFFF:0000
I certainly would not want VM-86 to run any different!
Cheers,
Dick Johnson
***** FILE SYSTEM WAS MODIFIED *****
Penguin : Linux version 2.2.6 on an i686 machine (400.59 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/