KB123094 - LAN Manager Remoteboot Clients Intermittently Lock/GPF/Hang

CAUSE

This problem is caused by internal corruption of redirector data structures, including the NetBIOS Control Blocks (NCBs) used for posting receive datagrams. When these pending receive datagrams complete, the buffer address and post address are invalid and the corruption that results can cause the variety of symptoms mentioned above.

The following call path occurs on a datagram receipt:

   NETVIEW: DG_POST
       NETVIEW: Handle_Datagram_Buffer
           NETMSLOT: Mailslot_DatagramWrite
               NETMSLOT: Local_Mailslot_Write
                   NETINIT: LLCritNet

When LLCritNet is called, it checks if WFP_START and REN_WFP need to be updated. Depending on what was occurring in the foreground when the receive datagram completes, there may have been a FIT translation that occurred that has not been reflected in DOS yet.

Unfortunately, LLCritNet (and LCritNet) assumes SS is currently the DOS data segment--which would be true for most foreground operations, but is not true for the above call path because DG_POST switches to the redirector's POST_STACK. The following snippets from LLCritNet will consequently corrupt memory in the redirector:

   push    ss
   pop     es
   mov     di, es:[REN_WFP]
   rep     movsb
   ...
   push    ss
   pop     es
   mov     di, es:[WFP_START]
   rep     movsb

The corruption was fixed by replacing the above code with:

   mov     es, Dos_Seg
   mov     di, es:[REN_WFP]
   rep     movsb
   ...
   mov     es, Dos_Seg
   mov     di, es:[WFP_START]
   rep     movsb

LAN Manager Remoteboot Clients Intermittently Lock/GPF/Hang

SYMPTOMS

CAUSE

STATUS