Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crash when terminating self-parented shell #97

Closed
stsp opened this issue Aug 4, 2019 · 61 comments
Closed

crash when terminating self-parented shell #97

stsp opened this issue Aug 4, 2019 · 61 comments

Comments

@stsp
Copy link
Member

stsp commented Aug 4, 2019

If the shell with self-parented PSP terminates,
fdpp crashes. I checked that FreeDOS crashes too
but PC-DOS not.
The crash is because user's registers are popped
from the stack pointed by PSP:2e, and if PSP didn't
switch to parent's, then the parent will get the
control but with all registers from child. Since this
is a shell, the parent is DOS itself, and in the case
of fdpp/FreeDOS it can't recover after losing all
registers.

@ecm-pushbx could you please explain is it legal
to terminate with self-parented PSP? RBIL only says:

          if the PSP is its own parent, the process's memory is not freed; if
          INT 22 additionally points into the terminating program, the
          process is effectively NOT terminated

Which implies that it is perfectly legal.
But if so, how should the registers be restored on
such termination? Does anyone know?
@stsp stsp closed this as completed in 74499fe Aug 5, 2019
@stsp
Copy link
Member Author

stsp commented Aug 5, 2019

I've found the ingenious way of recovering the
registers when the parent points to self.
But this patch assumes that FreeDOS did nonsense.
Either that, or this patch is nonsense.
Well, there are already many patches that assume
that FreeDOS does nonsense (most of them gave
a regression though).

@ecm-pushbx
Copy link

@ecm-pushbx could you please explain is it legal
to terminate with self-parented PSP? RBIL only says:

      if the PSP is its own parent, the process's memory is not freed; if
      INT 22 additionally points into the terminating program, the
      process is effectively NOT terminated

Which implies that it is perfectly legal.
But if so, how should the registers be restored on
such termination? Does anyone know?

Your reading of RBIL is correct. However, it doesn't mention in your quote that opened file handles also are not closed.

With the following code executed in "2.0pre8-20190715-1151-gde1667e74" running "FreeDOS kernel - SVN (build 2042 OEM:0xfd) [compiled Sep 22 2017]" it seems to work fine:

$ dosemu -K "$PWD" -E "ldebug.com lddebugu.com" -dumb
dosemu2 2.0pre8-20190715-1151-gde1667e74
Configured: 2019-07-15 21:03:58 +0200
Please test against a recent version before reporting bugs and problems.
Get the latest code at http://stsp.github.io/dosemu2
Submit Bugs via https://github.com/stsp/dosemu2/issues
Ask for help in mail list: linux-msdos@vger.kernel.org

FreeDOS kernel - SVN (build 2042 OEM:0xfd) [compiled Sep 22 2017]
Kernel compatibility 7.10 - BORLANDC - FAT32 support

(C) Copyright 1995-2012 Pasquale J. Villani and The FreeDOS Project.
All Rights Reserved. This is free software and comes with ABSOLUTELY NO
WARRANTY; you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation;
either version 2, or (at your option) any later version.
C: HD1, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
D: HD2, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
E: HD3, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
F: HD4, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
EMUFS host file and print access available                                     
dosemu XMS 3.0 & UMB support enabled
dosemu EMS driver rev 0.8 installed.
dosemu CDROM driver installed (V0.2)
Kernel: allocated 30 Diskbuffers = 15960 Bytes in HMA
BLASTER=A220 I5 D1 H5 P330 T6
MIDI=SYNTH:2 MAP:E MODE:0
Welcome to dosemu2!
    Build 2.0pre8-20190715-1151-gde1667e74
About to Execute : ldebug.com lddebugu.com
About to Execute : ldebug.com lddebugu.com
-g
~-rv
V0=00000000 V1=00000000 V2=00000000 V3=00000000   DCO=00000000 DCS=00000000
V4=00000000 V5=00000000 V6=00000000 V7=00000000   DAO=00000007 DAS=00000007
V8=00000000 V9=00000000 VA=00000000 VB=00000000   DIF=0100B00B DPI=04A3:5864
VC=00000000 VD=00000000 VE=00000000 VF=00000000   DPR=1908     DPP=04A3
~-d dpr:0
1908:0000  CD 20 87 30 00 9A F0 FE-1D F0 20 55 08 19 C6 07 . .0...... U....
1908:0010  E6 03 47 02 F6 03 08 19-01 01 01 00 02 FF FF FF ..G.............
1908:0020  FF FF FF FF FF FF FF FF-FF FF FF FF F4 18 7C 84 ..............|.
1908:0030  08 19 14 00 18 00 08 19-00 00 A3 04 00 00 00 00 ................
1908:0040  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1908:0050  CD 21 CB 00 00 00 00 00-00 00 00 00 00 20 20 20 .!...........   
1908:0060  20 20 20 20 20 20 20 20-00 00 00 00 00 20 20 20         .....   
1908:0070  20 20 20 20 20 20 20 20-00 00 00 00 00 00 00 00         ........
~-h dword [dpr:A]
19085520
~-bu
Breaking to next instance.
Unexpected breakpoint interrupt
AX=000D BX=0002 CX=0002 DX=4A42 SP=849C BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=2152 IP=798D NV UP EI PL ZR NA PE NC
2152:798D C3                retn
-g=psp:0 1908:5520
AX=000D BX=0002 CX=0002 DX=4A42 SP=849C BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5520 NV UP EI PL NZ NA PO NC
1908:5520 FA                cli
-t
AX=000D BX=0002 CX=0002 DX=4A42 SP=849C BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5521 NV UP DI PL NZ NA PO NC
1908:5521 FC                cld
-
AX=000D BX=0002 CX=0002 DX=4A42 SP=849C BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5522 NV UP DI PL NZ NA PO NC
1908:5522 8CC8              mov     ax, cs
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=849C BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5524 NV UP DI PL NZ NA PO NC
1908:5524 8ED8              mov     ds, ax
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=849C BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5526 NV UP DI PL NZ NA PO NC
1908:5526 8ED0              mov     ss, ax
1908:5528 8B266603          mov     sp, [0366]                     DS:0366=849E
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=849E BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=552C NV UP DI PL NZ NA PO NC
1908:552C 90                nop
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=849E BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=552D NV UP DI PL NZ NA PO NC
1908:552D E8C7FF            call    54F7
-t
AX=1908 BX=0002 CX=0002 DX=4A42 SP=849C BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=54F7 NV UP DI PL NZ NA PO NC
1908:54F7 50                push    ax
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=849A BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=54F8 NV UP DI PL NZ NA PO NC
1908:54F8 2EA13403          mov     ax, [cs:0334]                  CS:0334=2152
-
AX=2152 BX=0002 CX=0002 DX=4A42 SP=849A BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=54FC NV UP DI PL NZ NA PO NC
1908:54FC 55                push    bp
-
AX=2152 BX=0002 CX=0002 DX=4A42 SP=8498 BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=54FD NV UP DI PL NZ NA PO NC
1908:54FD 89E5              mov     bp, sp
-
AX=2152 BX=0002 CX=0002 DX=4A42 SP=8498 BP=8498 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=54FF NV UP DI PL NZ NA PO NC
1908:54FF 56                push    si
-
AX=2152 BX=0002 CX=0002 DX=4A42 SP=8496 BP=8498 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5500 NV UP DI PL NZ NA PO NC
1908:5500 9C                pushf
-
AX=2152 BX=0002 CX=0002 DX=4A42 SP=8494 BP=8498 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5501 NV UP DI PL NZ NA PO NC
1908:5501 FC                cld
-
AX=2152 BX=0002 CX=0002 DX=4A42 SP=8494 BP=8498 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5502 NV UP DI PL NZ NA PO NC
1908:5502 874604            xchg    ax, [bp+04]                    SS:849C=5530
-
AX=5530 BX=0002 CX=0002 DX=4A42 SP=8494 BP=8498 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5505 NV UP DI PL NZ NA PO NC
1908:5505 89C6              mov     si, ax
-
AX=5530 BX=0002 CX=0002 DX=4A42 SP=8494 BP=8498 SI=5530 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5507 NV UP DI PL NZ NA PO NC
1908:5507 2EAD              cs lodsw
-
AX=0000 BX=0002 CX=0002 DX=4A42 SP=8494 BP=8498 SI=5532 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5509 NV UP DI PL NZ NA PO NC
1908:5509 3CCC              cmp     al, CC
-
AX=0000 BX=0002 CX=0002 DX=4A42 SP=8494 BP=8498 SI=5532 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=550B NV UP DI PL NZ AC PO CY
1908:550B 750C              jnz     5519                                jumping
-
AX=0000 BX=0002 CX=0002 DX=4A42 SP=8494 BP=8498 SI=5532 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=5519 NV UP DI PL NZ AC PO CY
1908:5519 874602            xchg    ax, [bp+02]                    SS:849A=1908
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=8494 BP=8498 SI=5532 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=551C NV UP DI PL NZ AC PO CY
1908:551C 9D                popf
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=8496 BP=8498 SI=5532 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=551D NV UP DI PL NZ NA PO NC
1908:551D 5E                pop     si
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=8498 BP=8498 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=551E NV UP DI PL NZ NA PO NC
1908:551E 5D                pop     bp
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=849A BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=1908 IP=551F NV UP DI PL NZ NA PO NC
1908:551F CB                retf
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=849E BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=2152 IP=0000 NV UP DI PL NZ NA PO NC
2152:0000 8B266603          mov     sp, [0366]                     DS:0366=849E
-
AX=1908 BX=0002 CX=0002 DX=4A42 SP=849E BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=2152 IP=0004 NV UP DI PL NZ NA PO NC
2152:0004 31C0              xor     ax, ax
-
AX=0000 BX=0002 CX=0002 DX=4A42 SP=849E BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=2152 IP=0006 NV UP DI PL ZR NA PE NC
2152:0006 50                push    ax
-
AX=0000 BX=0002 CX=0002 DX=4A42 SP=849C BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=2152 IP=0007 NV UP DI PL ZR NA PE NC
2152:0007 9D                popf
-
AX=0000 BX=0002 CX=0002 DX=4A42 SP=849E BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=2152 IP=0008 NV UP DI PL NZ NA PO NC
2152:0008 FC                cld
-
AX=0000 BX=0002 CX=0002 DX=4A42 SP=849E BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=2152 IP=0009 NV UP DI PL NZ NA PO NC
2152:0009 FB                sti
2152:000A C70668030000      mov     word [0368], 0000              DS:0368=0000
-
AX=0000 BX=0002 CX=0002 DX=4A42 SP=849E BP=0008 SI=7BD5 DI=7D79
DS=1908 ES=1908 SS=1908 CS=2152 IP=000A NV UP EI PL NZ NA PO NC
2152:000A C70668030000      mov     word [0368], 0000              DS:0368=0000
-g
~-q

Program terminated normally (0000)
-q
$

Here are the revisions of the debugger used:

About to Execute : ldebug.com lddebugu.com
-?build
lDebug (2019-08-09)
Source Control Revision ID: hg adab3da5025f
Uses lmacros:  Revision ID hg e642efd289da
Uses symsnip:  Revision ID hg d3459a29fd61
Uses inicomp:  Revision ID hg d75a08cbdc51
Uses ldosboot: Revision ID hg ce0e3ff29526
-g
~-?build
Debugged lDebug (2019-08-09)
Source Control Revision ID: hg adab3da5025f
Uses lmacros:  Revision ID hg e642efd289da
Uses symsnip:  Revision ID hg d3459a29fd61
Uses ldosboot: Revision ID hg ce0e3ff29526
~-

@ecm-pushbx
Copy link

If the shell with self-parented PSP terminates, fdpp crashes.

Please give a specific test case so I can check.

I checked that FreeDOS crashes too but PC-DOS not. The crash is because user's registers are popped from the stack pointed by PSP:2e, and if PSP didn't switch to parent's,

But when a PSP is terminated that is self-owned, then both the current PSP (during start of the call) and the parent PSP are the same..?

then the parent will get the control but with all registers from child. Since this is a shell, the parent is DOS itself, and in the case of fdpp/FreeDOS it can't recover after losing all registers.

@ecm-pushbx
Copy link

"command.com /P" then "exit" does, as it is supposed to, nothing. Again 2.0pre8-20190715-1151-gde1667e74 running FreeDOS kernel 2042, and "FreeCom version 0.84-pre2 XMS_Swap [Aug 28 2006 00:29:00]".

@ecm-pushbx
Copy link

Hmm, "exit" in that case doesn't seem to go through process termination. Manually entering the termination of "command.com /P" through lDebug "TSR" mode then "g=psp:0" results in the message:


Cannot terminate permanent FreeCOM instance
System halted ... reboot or power off now

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Please give a specific test case so I can check.

Test-case is comcom32 without this patch:
dosemu2/comcom64@ae2fc11
or just comment out restore_psp_owner()
that it adds.
But you won't get the crash now on fdpp as
I fixed it already. You can still get a crash on
freedos.
comcom32.exe.gz
Here's the pre-compiled binary for you.
comcom32 allows exit unless /P is used.

But when a PSP is terminated that is self-owned, then
both the current PSP (during start of the call) and the parent PSP are the same..?

If you mean real parent rather than self-parent,
then they are not the same because PSP:2e
reflects the current user stack on every int21 call.

@ecm-pushbx
Copy link

Stepping into the Int20 or Int21.00 or Int21.4C or PPI (Parent Process Interrupt 22 entrypoint, dword at offset 000Ah in current PSP) of FreeCOM (no /P) also doesn't lead to a crash, it just terminates the FreeCOM instance.

$ dosemu -K "$PWD" -dumb
dosemu2 2.0pre8-20190715-1151-gde1667e74
Configured: 2019-07-15 21:03:58 +0200
Please test against a recent version before reporting bugs and problems.
Get the latest code at http://stsp.github.io/dosemu2
Submit Bugs via https://github.com/stsp/dosemu2/issues
Ask for help in mail list: linux-msdos@vger.kernel.org

FreeDOS kernel - SVN (build 2042 OEM:0xfd) [compiled Sep 22 2017]
Kernel compatibility 7.10 - BORLANDC - FAT32 support

(C) Copyright 1995-2012 Pasquale J. Villani and The FreeDOS Project.
All Rights Reserved. This is free software and comes with ABSOLUTELY NO
WARRANTY; you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation;
either version 2, or (at your option) any later version.
C: HD1, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
D: HD2, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
E: HD3, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
F: HD4, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
EMUFS host file and print access available                                     
dosemu XMS 3.0 & UMB support enabled
dosemu EMS driver rev 0.8 installed.
dosemu CDROM driver installed (V0.2)
Kernel: allocated 30 Diskbuffers = 15960 Bytes in HMA
BLASTER=A220 I5 D1 H5 P330 T6
MIDI=SYNTH:2 MAP:E MODE:0
Welcome to dosemu2!
    Build 2.0pre8-20190715-1151-gde1667e74
G:\>ldebugu
-tsr
Patched PSP at 17ED, now resident.
-di 21
int 21 F000:F684
-r v0 f000 
-r v2 f684
-
-g v0:v2
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0890 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F684 NV UP DI PL ZR NA PE NC
F000:F684 EB11              jmp     F697
-t
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0890 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F697 NV UP DI PL ZR NA PE NC
F000:F697 6650              push    eax
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=088C BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F699 NV UP DI PL ZR NA PE NC
F000:F699 6653              push    ebx
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F69B NV UP DI PL ZR NA PE NC
F000:F69B 66C1E010          shl     eax, 10
-
AX=0000 BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F69F NV UP DI PL NZ AC PE NC
F000:F69F 66C1E310          shl     ebx, 10
-
AX=0000 BX=0000 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6A3 NV UP DI PL NZ AC PE NC
F000:F6A3 B042              mov     al, 42
-
AX=0042 BX=0000 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6A5 NV UP DI PL NZ AC PE NC
F000:F6A5 B301              mov     bl, 01
-
AX=0042 BX=0001 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6A7 NV UP DI PL NZ AC PE NC
F000:F6A7 B421              mov     ah, 21
-
AX=2142 BX=0001 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6A9 NV UP DI PL NZ AC PE NC
F000:F6A9 B70E              mov     bh, 0E
-
AX=2142 BX=0E01 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6AB NV UP DI PL NZ AC PE NC
F000:F6AB CDE6              int     E6
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6AD NV UP DI PL ZR AC PE NC
F000:F6AD 67891C24          mov     [esp], bx
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6B1 NV UP DI PL ZR AC PE NC
F000:F6B1 665B              pop     ebx
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=088C BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6B3 NV UP DI PL ZR AC PE NC
F000:F6B3 67890424          mov     [esp], ax
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=088C BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6B7 NV UP DI PL ZR AC PE NC
F000:F6B7 6658              pop     eax
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0890 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6B9 NV UP DI PL ZR AC PE NC
F000:F6B9 755A              jnz     F715                            not jumping
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0890 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6BB NV UP DI PL ZR AC PE NC
F000:F6BB 7205              jb      F6C2                            not jumping
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0890 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=F000 IP=F6BD NV UP DI PL ZR AC PE NC
F000:F6BD 2EFF2E86F6        jmp     far [cs:F686]
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0890 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=00E9 IP=14B2 NV UP DI PL ZR AC PE NC
00E9:14B2 E87300            call    1528
-t
AX=4800 BX=12C1 CX=02DC DX=0716 SP=088E BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=00E9 IP=1528 NV UP DI PL ZR AC PE NC
00E9:1528 1E                push    ds
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=088C BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=00E9 IP=1529 NV UP DI PL ZR AC PE NC
00E9:1529 06                push    es
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=088A BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=00E9 IP=152A NV UP DI PL ZR AC PE NC
00E9:152A 50                push    ax
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=00E9 IP=152B NV UP DI PL ZR AC PE NC
00E9:152B 2E8E1E2415        mov     ds, word [cs:1524]             CS:1524=0000
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=0000 ES=02DC SS=02DC CS=00E9 IP=1530 NV UP DI PL ZR AC PE NC
00E9:1530 2E8E062615        mov     es, word [cs:1526]             CS:1526=FFFF
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=0000 ES=FFFF SS=02DC CS=00E9 IP=1535 NV UP DI PL ZR AC PE NC
00E9:1535 3EA10000          mov     ax, [ds:0000]                  DS:0000=587E
-
AX=587E BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=0000 ES=FFFF SS=02DC CS=00E9 IP=1539 NV UP DI PL ZR AC PE NC
00E9:1539 263B061000        cmp     ax, [es:0010]                  ES:0010=20CF
-
AX=587E BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=0000 ES=FFFF SS=02DC CS=00E9 IP=153E NV UP DI PL NZ AC PE NC
00E9:153E 7528              jnz     1568                                jumping
-
AX=587E BX=12C1 CX=02DC DX=0716 SP=0888 BP=3766 SI=08B4 DI=0000
DS=0000 ES=FFFF SS=02DC CS=00E9 IP=1568 NV UP DI PL NZ AC PE NC
00E9:1568 58                pop     ax
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=088A BP=3766 SI=08B4 DI=0000
DS=0000 ES=FFFF SS=02DC CS=00E9 IP=1569 NV UP DI PL NZ AC PE NC
00E9:1569 07                pop     es
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=088C BP=3766 SI=08B4 DI=0000
DS=0000 ES=02DC SS=02DC CS=00E9 IP=156A NV UP DI PL NZ AC PE NC
00E9:156A 1F                pop     ds
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=088E BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=00E9 IP=156B NV UP DI PL NZ AC PE NC
00E9:156B C3                retn
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0890 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=00E9 IP=14B5 NV UP DI PL NZ AC PE NC
00E9:14B5 EAA601FFFF        jmp     FFFF:01A6
-
AX=4800 BX=12C1 CX=02DC DX=0716 SP=0890 BP=3766 SI=08B4 DI=0000
DS=02DC ES=02DC SS=02DC CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-r v3 ffff
-r v4 1a6
-g v3:v4
AX=5802 BX=1521 CX=0900 DX=0000 SP=36DE BP=36EC SI=0090 DI=0042
DS=2720 ES=02DC SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
- 
AX=5803 BX=0001 CX=0900 DX=0000 SP=36DE BP=36EC SI=0090 DI=0042
DS=2720 ES=02DC SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=5800 BX=0001 CX=0900 DX=0000 SP=36DE BP=36EC SI=0090 DI=0042
DS=2720 ES=02DC SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=5801 BX=0042 CX=0900 DX=0000 SP=36DE BP=36EC SI=0090 DI=0042
DS=2720 ES=02DC SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=4801 BX=0090 CX=0900 DX=0000 SP=36DE BP=36EC SI=0090 DI=0042
DS=2720 ES=02DC SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=5801 BX=0000 CX=0900 DX=0008 SP=36DE BP=36EC SI=FB70 DI=0042
DS=2720 ES=FB6F SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=5803 BX=0000 CX=0900 DX=0008 SP=36DE BP=36EC SI=FB70 DI=0042
DS=2720 ES=FB6F SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=2523 BX=14D0 CX=14D4 DX=023B SP=375E BP=3766 SI=1330 DI=0000
DS=02DC ES=FB70 SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=4D00 BX=3D4A CX=F001 DX=00A8 SP=3720 BP=F001 SI=376A DI=4046
DS=F001 ES=0000 SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=4400 BX=0000 CX=13A8 DX=13A8 SP=3766 BP=37AE SI=0003 DI=37AE
DS=9F83 ES=38CE SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=1950 BX=B8AA CX=0006 DX=0050 SP=3618 BP=3682 SI=14AF DI=14AE
DS=2720 ES=2720 SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=40C0 BX=0001 CX=0003 DX=34C0 SP=34AC BP=34B2 SI=34C3 DI=0003
DS=2720 ES=2720 SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-r psp
PSP 02CC  :
-r ppi
PPI 02DC0A0C  :

This shows that the FreeCOM PSP is 02CCh, and the stored Int22 in the FreeCOM PSP points to 02DCh:0A0Ch, ie into FreeCOM's resident portion.

-u seg ppi:ppi & ffff
02DC:0A0C 8CC8              mov     ax, cs
02DC:0A0E 8ED0              mov     ss, ax
02DC:0A10 BC9608            mov     sp, 0896
02DC:0A13 8ED8              mov     ds, ax
02DC:0A15 FE0ECE08          dec     byte [08CE]
02DC:0A19 7530              jnz     0A4B
02DC:0A1B A1C808            mov     ax, [08C8]
02DC:0A1E 8EC0              mov     es, ax
02DC:0A20 89C3              mov     bx, ax
02DC:0A22 B450              mov     ah, 50
02DC:0A24 CD21              int     21
02DC:0A26 A1C408            mov     ax, [08C4]
02DC:0A29 26A30A00          mov     [es:000A], ax
-r v6 ppi
-g v3:v4 seg v6:v6 & ffff
G:\AX=7147 BX=EF7A CX=14D4 DX=0000 SP=35E4 BP=1360 SI=3638 DI=3AB2
DS=2720 ES=000F SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-u psp:0
02CC:0000 CD20              int     20
02CC:0002 59                pop     cx
02CC:0003 16                push    ss
02CC:0004 009AC000          add     [bp+si+00C0], bl
02CC:0008 0000              add     [bx+si], al
02CC:000A 0C0A              or      al, 0A
02CC:000C DC02              fadd    double [bp+si]
02CC:000E 9D                popf
02CC:000F 14E9              adc     al, E9
02CC:0011 008415E9          add     [si+E915], al
02CC:0015 00CC              add     ah, cl
02CC:0017 0201              add     al, [bx+di]

This shows (albeit I didn't use the proper command for it) that FreeCOM's PSP is self-owned, word [02CCh:0016h] is equal to the PSP address (02CCh).

02CC:0019 0101              add     [bx+di], ax
02CC:001B 0002              add     [bp+si], al
02CC:001D FF                db      FF
02CC:001E FF                db      FF
02CC:001F FF                db      FF
-g=psp:0 again
AX=0047 BX=EF7A CX=14D4 DX=0000 SP=35DE BP=1360 SI=3638 DI=3AB2
DS=2720 ES=000F SS=2720 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=0047 BX=EF7A CX=14D4 DX=0000 SP=35E4 BP=1360 SI=3638 DI=3AB2
DS=2720 ES=000F SS=2720 CS=02DC IP=0A0C NV UP EI PL NZ NA PO NC
02DC:0A0C 8CC8              mov     ax, cs
-u
02DC:0A0E 8ED0              mov     ss, ax
02DC:0A10 BC9608            mov     sp, 0896
02DC:0A13 8ED8              mov     ds, ax
02DC:0A15 FE0ECE08          dec     byte [08CE]
02DC:0A19 7530              jnz     0A4B
02DC:0A1B A1C808            mov     ax, [08C8]
02DC:0A1E 8EC0              mov     es, ax
02DC:0A20 89C3              mov     bx, ax
02DC:0A22 B450              mov     ah, 50
02DC:0A24 CD21              int     21
02DC:0A26 A1C408            mov     ax, [08C4]
02DC:0A29 26A30A00          mov     [es:000A], ax
02DC:0A2D A1C608            mov     ax, [08C6]
-g
Bad or missing Command Interpreter: command.com /e:1024 /k d:\autoexec.bat
 Enter the full shell command line: command.com
Bad or missing Command Interpreter: command.com
 Enter the full shell command line: command.com
Bad or missing Command Interpreter: command.com
 Enter the full shell command line: C:command.com

FreeCom version 0.84-pre2 XMS_Swap [Aug 28 2006 00:29:00]
G:\>exitemu
$

@ecm-pushbx
Copy link

Please give a specific test case so I can check.

Test-case is comcom32 without this patch:
dosemu2/comcom64@ae2fc11
or just comment out restore_psp_owner()
that it adds.
But you won't get the crash now on fdpp as
I fixed it already. You can still get a crash on
freedos.
comcom32.exe.gz
Here's the pre-compiled binary for you.
comcom32 allows exit unless /P is used.

But when a PSP is terminated that is self-owned, then
both the current PSP (during start of the call) and the parent PSP are the same..?

If you mean real parent rather than self-parent,
then they are not the same because PSP:2e
reflects the current user stack on every int21 call.

I do mean self-parent. I debugged your test case with the attached file, turns out it doesn't self-parent itself properly:

$ dosemu -K "$PWD" -dumb
dosemu2 2.0pre8-20190715-1151-gde1667e74
Configured: 2019-07-15 21:03:58 +0200
Please test against a recent version before reporting bugs and problems.
Get the latest code at http://stsp.github.io/dosemu2
Submit Bugs via https://github.com/stsp/dosemu2/issues
Ask for help in mail list: linux-msdos@vger.kernel.org

FreeDOS kernel - SVN (build 2042 OEM:0xfd) [compiled Sep 22 2017]
Kernel compatibility 7.10 - BORLANDC - FAT32 support

(C) Copyright 1995-2012 Pasquale J. Villani and The FreeDOS Project.
All Rights Reserved. This is free software and comes with ABSOLUTELY NO
WARRANTY; you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation;
either version 2, or (at your option) any later version.
C: HD1, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
D: HD2, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
E: HD3, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
F: HD4, Pri[ 1], CHS=    0-1-1, start=     0 MB, size=  2000 MB
EMUFS host file and print access available                                     
dosemu XMS 3.0 & UMB support enabled
dosemu EMS driver rev 0.8 installed.
dosemu CDROM driver installed (V0.2)
Kernel: allocated 30 Diskbuffers = 15960 Bytes in HMA
BLASTER=A220 I5 D1 H5 P330 T6
MIDI=SYNTH:2 MAP:E MODE:0
Welcome to dosemu2!
    Build 2.0pre8-20190715-1151-gde1667e74
G:\>comcom32
G:\>ver /r
comcom32 v0.1
 Source Control Revision ID: git ae2fc11f1cb8+

Reported DOS version (Int21.3000): 7.10 OEM: FDh
Reported true DOS version (Int21.3306): 7.10
Version string (Int21.33FF): FreeDOS kernel - SVN (build 2042 OEM:0xfd) [compiled Sep 22 2017]
G:\>ldebug
-tsr
Patched PSP at 1C11, now resident.
-di 21
int 21 F000:F684
-u f000:f684
F000:F684 EB11              jmp     F697
F000:F686 B214              mov     dl, 14
F000:F688 E9004B            jmp     418B
F000:F68B 42                inc     dx
F000:F68C 00EB              add     bl, ch
F000:F68E 07                pop     es
F000:F68F 0000              add     [bx+si], al
F000:F691 0000              add     [bx+si], al
F000:F693 0000              add     [bx+si], al
F000:F695 00CB              add     bl, cl
F000:F697 6650              push    eax
F000:F699 6653              push    ebx
F000:F69B 66C1E010          shl     eax, 10
F000:F69F 66C1E310          shl     ebx, 10
F000:F6A3 B042              mov     al, 42
-u f000:f697
F000:F697 6650              push    eax
F000:F699 6653              push    ebx
F000:F69B 66C1E010          shl     eax, 10
F000:F69F 66C1E310          shl     ebx, 10
F000:F6A3 B042              mov     al, 42
F000:F6A5 B301              mov     bl, 01
F000:F6A7 B421              mov     ah, 21
F000:F6A9 B70E              mov     bh, 0E
F000:F6AB CDE6              int     E6
F000:F6AD 67891C24          mov     [esp], bx
F000:F6B1 665B              pop     ebx
F000:F6B3 67890424          mov     [esp], ax
-
F000:F6B7 6658              pop     eax
F000:F6B9 755A              jnz     F715
F000:F6BB 7205              jb      F6C2
F000:F6BD 2EFF2E86F6        jmp     far [cs:F686]
F000:F6C2 50                push    ax
F000:F6C3 9C                pushf
F000:F6C4 2EFF1E86F6        call    far [cs:F686]
F000:F6C9 735A              jae     F725
F000:F6CB 6650              push    eax
F000:F6CD 6653              push    ebx
F000:F6CF 6651              push    ecx
F000:F6D1 6652              push    edx
F000:F6D3 66C1E010          shl     eax, 10
-u word [f000:f686 + 2]:word [f000:f686] 
00E9:14B2 E87300            call    1528
00E9:14B5 EAA601FFFF        jmp     FFFF:01A6
00E9:14BA E86B00            call    1528
00E9:14BD EA5D02FFFF        jmp     FFFF:025D
00E9:14C2 E86300            call    1528
00E9:14C5 EA5502FFFF        jmp     FFFF:0255
00E9:14CA E85B00            call    1528
00E9:14CD EA4402FFFF        jmp     FFFF:0244
-r v2 ffff
-r v3 01a6
-u v2:v3
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
FFFF:01A8 1E                push    ds
FFFF:01A9 55                push    bp
FFFF:01AA 57                push    di
FFFF:01AB 56                push    si
FFFF:01AC 52                push    dx
FFFF:01AD 51                push    cx
FFFF:01AE 53                push    bx
FFFF:01AF 50                push    ax
FFFF:01B0 89E5              mov     bp, sp
FFFF:01B2 2E8B163100        mov     dx, [cs:0031]
FFFF:01B7 8EDA              mov     ds, dx
FFFF:01B9 80FC25            cmp     ah, 25
FFFF:01BC 7419              jz      01D7
FFFF:01BE 80FC33            cmp     ah, 33
FFFF:01C1 7414              jz      01D7
FFFF:01C3 80FC35            cmp     ah, 35
-g v2:v3
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFA BP=0000 SI=0000 DI=0000
DS=1C11 ES=1C11 SS=1C11 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=4D00 BX=0001 CX=19FD DX=0000 SP=01FA BP=00FF SI=000F DI=000F
DS=03AC ES=03AD SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=4000 BX=0001 CX=0001 DX=0000 SP=01FA BP=0000 SI=0000 DI=0000
DS=03AC ES=0000 SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=4000 BX=0001 CX=0001 DX=0000 SP=01FA BP=0000 SI=0000 DI=0000
DS=03AC ES=0000 SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=4000 BX=0001 CX=0001 DX=0000 SP=01FA BP=0000 SI=0000 DI=0000
DS=03AC ES=0000 SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-

AX=4700 BX=0000 CX=0000 DX=0000 SP=01FA BP=0021 SI=0000 DI=3AC0
DS=03AC ES=0000 SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=1900 BX=0000 CX=0000 DX=0000 SP=01FA BP=0021 SI=0000 DI=3AC0
DS=03AC ES=0000 SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=4000 BX=0001 CX=0003 DX=0000 SP=01FA BP=0000 SI=0000 DI=0000
DS=03AC ES=0000 SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
G:\AX=4000 BX=0001 CX=0001 DX=0000 SP=01FA BP=0000 SI=03AC DI=0002
DS=03AC ES=0000 SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
>AX=4400 BX=0000 CX=B26B DX=0001 SP=01FA BP=B26B SI=0001 DI=A2D8
DS=F180 ES=0000 SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=0700 BX=3000 CX=F180 DX=0000 SP=01FA BP=0607 SI=0000 DI=0067
DS=0002 ES=0002 SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-
AX=4000 BX=0001 CX=0001 DX=0000 SP=01FA BP=E7A0 SI=003E DI=285D
DS=03AC ES=005C SS=F042 CS=FFFF IP=01A6 NV UP DI PL NZ AC PE NC
FFFF:01A6 FB                sti
FFFF:01A7 06                push    es
-rv
V0=00000000 V1=00000000 V2=0000FFFF V3=000001A6   DCO=00000000 DCS=00000000
V4=00000000 V5=00000000 V6=00000000 V7=00000000   DAO=00000007 DAS=00000007
V8=00000000 V9=00000000 VA=00000000 VB=00000000   DIF=0140B00B DPI=0000:0000
VC=00000000 VD=00000000 VE=00000000 VF=00000000   DPR=07C0     DPP=0000
-r psp .
PSP 039C
-r ppi .
PPI 02DC095D
-dm
PSP: 039C
02B4 4D 0008 0016    352 B SD
02CB 4D 02CC 00BC    2 KiB COMMAND
0388 4D 039C 0012    288 B COMCOM32
039B 4D 039C 0410   16 KiB COMCOM32
07AC 4D 07C0 0012    288 B LDEBUG
07BF 4D 07C0 1450   81 KiB LDEBUG
1C10 5A 0000 83EE  527 KiB
9FFF 4D 0008 3100  196 KiB SC
D100 4D 0008 1EFF  123 KiB SC
F000 4D 02CC 0040   1024 B COMMAND
F041 4D 039C 00E6    3 KiB COMCOM32
F128 5A 0000 0AD7   43 KiB
-q

G:\>exitemu
$

PPI (the running current PSP's dword at 000Ah) should point into a COMCOM32 handler, not the actual parent FreeCOM's.

@ecm-pushbx
Copy link

Just to check that we are actually self-owned:

-r ppr .
PPR 039C
-r psp .
PSP 039C
-r ppi .
PPI 02DC095D
-

PPR is the Process Parent Process.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

So why 0a should be changed?
It simply points to where it was, I didn't
touch it. Also there is no crash on PC-DOS.

@ecm-pushbx
Copy link

It simply points to where it was, I didn't touch it.

You should touch it, that's how to self-parent a process. DEBUG does the same, it sets up one int 22h handler for when its child debuggee process terminates (at https://bitbucket.org/ecm/ldebug/src/adab3da5025ff00b63381aec2d50bcee150989a8/source/run.asm#lines-4396 ) and another for when DEBUG itself is terminated through Ctrl+C or critical error or whatever (at https://bitbucket.org/ecm/ldebug/src/adab3da5025ff00b63381aec2d50bcee150989a8/source/debug.asm#lines-1305 ).

I don't know why PC-DOS doesn't crash, but it is not supposed to work that way.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

The links do not open.
What should that terminate handler do?

@ecm-pushbx
Copy link

ecm-pushbx commented Aug 9, 2019
edited
Loading

Not sure what is wrong about the links. Here's FreeCOM's interrupt 22h handler (that it installs into its own PSP's PPI): https://github.com/FDOS/freecom/blob/81535436f80343d7d111df381f2f9020bd1e3362/shell/cswap.asm#L216

@ecm-pushbx
Copy link

This is where it is installed. Oddly enough, it only seems to do this correctly if XMS swapping is enabled. https://github.com/FDOS/freecom/blob/b0e598470a116d5c588e3836c443730cdbe98221/shell/init.c#L191

@ecm-pushbx ecm-pushbx mentioned this issue Aug 9, 2019
Closed
@stsp
Copy link
Member Author

stsp commented Aug 9, 2019
edited
Loading

So basically it seems to restore the parent and
return address and does 4c once again?
OK, in comcom32 I do restore the parent just
before exit now and do not touch the return
address, so I hope this is technically the same.

This is where it is installed. Oddly enough, it only seems to
do this correctly if XMS swapping is enabled.

Yes, and the fact that no crash happens on
PC-DOS, suggests that more investigations
should be done on whether its really illegal
to terminate w/o restoring the parent. If on
MS-DOS that works fine, everything else should
be classified as a bug.

@ecm-pushbx
Copy link

So basically it seems to restore the parent and
return address and does 4c once again?

Yes, if to terminate. In case of /P it jumps to the halting message. In case of DEBUG, it just re-initialises the debugger shell and executes the default input loop.

Yes, and the fact that no crash happens on
PC-DOS, suggests that more investigations
should be done on whether its really illegal
to terminate w/o restoring the parent. If on
MS-DOS that works fine, everything else should
be classified as a bug.

I guess so, but the fact that you report crashes on FreeDOS likely means that FreeCOM without XMS swapping would fail too, so FreeCOM is probably just not well maintained.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

I guess so, but the fact that you report crashes on FreeDOS

I never did so. The crash was only on comcom32
and only under freedos.

so FreeCOM is probably just not well maintained.

That is one possible conclusion.
Mine was different: if MS-DOS permits such termination,
neither comcom32 nor freecom need any fix (but yet
I did the fix to comcom32 to just restore the parent
before exit - as you may guess, on a djgpp-written app
it would be too difficult to fiddle with the return handler).

@ecm-pushbx
Copy link

I never did so. The crash was only on comcom32
and only under freedos.

I was referring to these crashes, yes. Conjecture is that FreeCOM without XMS swapping enabled would fail similarly on FreeDOS, if comcom32 crashes when PPR is hooked but PPI isn't.

(but yet
I did the fix to comcom32 to just restore the parent
before exit - as you may guess, on a djgpp-written app
it would be too difficult to fiddle with the return handler).

You should set up a return handler, at least one that terminates the shell (ie, restores PPI and PPR and then terminates again). You can use DPMI services or DJGPP functions to allocate V86 Mode memory then write a blob into it, and link in the blob's target as the PPI.

@ecm-pushbx
Copy link

Here's a suggestion for the blob, just have to assemble that, store the parent in PSP:0070h, parent return address in PSP:0074h, and link this blob into the parent return address field.

	cpu 8086
	org 0
int22:
	mov ah, 51h
	int 21h			; bx = current process
	mov ds, bx
	push word [70h]
	pop word [16h]		; restore parent (PPR)
	push word [74h]
	pop word [0Ah]
	push word [74h + 2]
	pop word [0Ah + 2]	; restore parent return address (PPI)
	mov ah, 4Dh
	int 21h
	mov ah, 4Ch
	int 21h

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Why would I want to do that?

  1. I already restore the parent before exiting
  2. This does not address my concerns that it really
    seems valid on PC/MS-DOS. We only need to
    justify the validity of the patch I did for fdpp to
    support that.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

So would it be possible to investigate if
this is valid on ms-dos and maybe on some
other DOSes?
Andrew, maybe you can test that too?

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Or if it is documented somewhere, would be
good to know too. So far I think "this is not the
right way of doing things" only comes from the
freedos implementation, which itself may be wrong.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

I need to know that because in this case I
would revert the fdpp patch I did to support
this kind of exit.

@andrewbird
Copy link
Member

Is there an easy test I can automate, i.e. run x.com see crash or print success?

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

You need to take the comcom32 above and
type exit in it. This can be automated, but I
don't see any reason to make this a part of an
automated test-suit.

@andrewbird
Copy link
Member

Nope, two reasons, it's easier for me to do it that way rather than run by hand n times, and I also don't know what I'm doing with ldebug etc.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

You don't need any kind of ldebug or whatever.
But anyway, here's the comcom32 that doesn't
even require exit:
comcom32.exe.gz

@andrewbird
Copy link
Member

Here are the tests, first with std command.com (on FDPP that means FreeCOM) and second with the first version of comcom32 you posted. These comcom32 all fail because I was expecting to be able to echo success after exit (I thought exit did nothing in the parent shell)
There seems to be some error with the environment that maybe failing many of the tests.

Anyway have a look, if you can think of a better way of detecting success I'll rerun
comcomexit.zip
stdexit.zip

@andrewbird
Copy link
Member

FreeDOS 1.20 does crash on exit.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019
edited
Loading

So I suggest to start another command.com
(freecom) after exits, and run some command
under it (like echo) that will print something to
indicate success. But on fdpp there is a different
handling, i.e. fdpp exits together with command.com,
so you'll need to sniff for "press any key to exit".

FreeDOS 1.20 does crash on exit.

Good. Any other dos to behave similar way?

@andrewbird
Copy link
Member

Only a few DOS seem to support the set path=. in config.sys

Here's DR-DOS 7.03

 
 
Starting DOS...
 
EMUFS host file and print access available
Load error: no environment segment
Bad or missing command interpreter.
Please enter a valid filename.
c:\command.com
Load error: no environment segment
Bad or missing command interpreter.
Please enter a valid filename.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Load error: no environment segment

Wow! You already applied my djgpp patch?
Good work. :)

Does DR-DOS error on set in config.sys?
This is strange...

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Maybe there is another work-around though.
Please try running comcom32 under the /C
switch of the shell that is native to that DOS.
That should work as it will set COMSPEC
first.

@andrewbird
Copy link
Member

Nope, I just ran your comcom32.exe. That DR-DOS didn't have the problem with set in config.sys, I believe v6+ supports it.
Will try the /c

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Nope, I just ran your comcom32.exe.

Ah, so I built it with the patch...

That DR-DOS didn't have the problem with set in config.sys

So do you mean it actually sets the env and you
can later see it with some other command.com,
but comcom32 does not start nevertheless?
DR-DOS is quite bad on that then.

@andrewbird
Copy link
Member

Here's comcom32 run /c on DR-DOS 7.01

config.sys
ajb@polly:/clients/common/dosemu2.git$ cat test-imagedir/dXXXXs/c/config.sys 
lastdrive=Z
device=dosemu\emufs.sys
shell=c:\command.com /e:1024 /k /c c:\comcom32.exe

 Starting DOS...
 
EMUFS host file and print access available
C:\>set
COMSPEC=C:\COMCOM32.EXE
C:\>exit
< just hangs here >

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

I think you can just start it by hands from
the native command.com, then exit and see
if the prompt returns.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Maybe even -E comcom32 -T will do.

@andrewbird
Copy link
Member 

 
Starting DOS...
 
EMUFS host file and print access available
C>set
COMSPEC=C:\COMMAND.COM
 
C>comcom32
C:\>set
COMSPEC=C:\COMCOM32.EXE
C:\>exit
 
C>set
COMSPEC=C:\COMMAND.COM

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Success.
On freedos the same combination leads to crash.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

And the first hang was likely because DR-DOS
is simply not prepared for the shell's exit.

@andrewbird
Copy link
Member

any other DOS you want me to try in the same fashion?

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

A few MS-DOS versions, and that should be it.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Or it may be better to try with freecom as a
parent shell, rather than the native shell, so
that the configs are more identical to each other.

@andrewbird
Copy link
Member 

Microsoft(R) MS-DOS(R)  Version 3.30
             (C)Copyright Microsoft Corp 1981-1987
 
 
C>set
PATH=
COMSPEC=C:\COMMAND.COM
 
C>comcom32
C:\>set
PATH=
COMSPEC=C:\COMCOM32.EXE
C:\>exit
 
C>set
PATH=
COMSPEC=C:\COMMAND.COM

Microsoft(R) MS-DOS(R) Version 4.01
             (C)Copyright Microsoft Corp 1981-1988
 
C>set
PATH=
COMSPEC=C:\COMMAND.COM
 
C>comcom32
C:\>set
PATH=
COMSPEC=C:\COMCOM32.EXE
C:\>exit
 
C>set
PATH=
COMSPEC=C:\COMMAND.COM

Microsoft(R) MS-DOS(R) Version 5.00
             (C)Copyright Microsoft Corp 1981-1991.
 
C>set
PATH=
COMSPEC=C:\COMMAND.COM
 
C>comcom32
C:\>set
PATH=
COMSPEC=C:\COMCOM32.EXE
C:\>exit
 
C>set
PATH=
COMSPEC=C:\COMMAND.COM

C:\>ver
 
MS-DOS Version 6.22
 
 
C:\>set
PATH=
PROMPT=$P$G
COMSPEC=C:\COMMAND.COM
 
C:\>comcom32
C:\>set
PATH=
PROMPT=$P$G
COMSPEC=C:\COMCOM32.EXE
C:\>exit
 
C:\>set
PATH=
PROMPT=$P$G
COMSPEC=C:\COMMAND.COM

700 and 710 are crashing without even running comcom32, just native shell. I suspect that's unrelated

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Wow, regression.
7x used to work.
Please fill in the bugs.

So basically only freedos crashes on exit?
Can you also try RxDOS if you have its setup handy?

@andrewbird
Copy link
Member

Yes I used to run the tests regularly and all DOSes were pretty much okay, but I stopped doing that. I just checked my Jenkins server and apparently they were okay 1 year & 7 months ago.

I didn't try rxdos for a long while now as I never added it to the test suite. I think that was because it was just a test image @ecm-pushbx rolled for me, rather than a specific release.

@andrewbird
Copy link
Member

So basically only freedos crashes on exit?

Yes on the DOSes I've tested.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

OK, anyway, all DOSes but freeDOS seem to
allow the termination of a self-parented PSP.
I would challenge the @ecm-pushbx claim that
the exit handler should restore it back. RBIL does
not say so, and the only evidence seems to be a
freeDOS bug.

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

Thanks!

@stsp
Copy link
Member Author

stsp commented Aug 9, 2019

So unless there are more evidences or a
regression report, I am going to keep the patch
that was added to fdpp to prevent the crash.

@stsp stsp mentioned this issue Jan 29, 2020
Closed
@stsp
Copy link
Member Author

stsp commented Feb 7, 2020

Had to revert that patch due to #123
What MS-DOS does with the self-parented
PSP to avoid crash, is unclear.

@stsp stsp reopened this Feb 7, 2020
@stsp
Copy link
Member Author

stsp commented Feb 23, 2020

2 interesting things.

  • There is a back-up parent at PSP:3a, which
    can be used to fix that problem.
  • I do no longer reproduce it with fdpp, only
    with freedos. So could it be fixed by something
    else???

@stsp
Copy link
Member Author

stsp commented Feb 23, 2020

Does anyone know if PSP:38h can ever be non-zero?

@stsp
Copy link
Member Author

stsp commented Feb 24, 2020

It appears that this problem is actually
fixed on a command.com level. Namely,
command.com should restore all
registers, including the stack pointer,
because of this:
DOS 2.x destroys all registers, including SS:SP.
So on fdpp this can only be reproduced
with the main shell's return.

So the fix on fdpp level is not needed.

@stsp stsp closed this as completed Feb 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andrewbird @stsp @ecm-pushbx