I think I spotted a bug in copyoutstr() which affects the i386
(the _real_ i386) if the string crosses a page boundary.
%eax is used to hold the index into the page tables. Later,
when the string is actually copied, it is overwritten by the
"lodsb" / "stosb" loop.
If a page boundary is hit (jump to label "4") the contents
of %eax is used as page table index again.
Comments on this?
Otherwise, I'd commit the fix below.

best regards
Matthias

Index: locore.s
===================================================================
RCS file: /cvsroot/src/sys/arch/i386/i386/locore.s,v
retrieving revision 1.172.2.5
diff -c -2 -r1.172.2.5 locore.s
*** locore.s	1998/05/05 09:51:54	1.172.2.5
--- locore.s	1998/05/06 11:37:30
***************
*** 1131,1138 ****
  2:	/* Copy up to end of this page. */
  	subl	%ecx,%edx		# predecrement total count
! 	jnc	3f
  	addl	%edx,%ecx		# ecx += (edx - ecx) = edx
  	xorl	%edx,%edx
  
  3:	decl	%ecx
  	js	4f
--- 1131,1140 ----
  2:	/* Copy up to end of this page. */
  	subl	%ecx,%edx		# predecrement total count
! 	jnc	6f
  	addl	%edx,%ecx		# ecx += (edx - ecx) = edx
  	xorl	%edx,%edx
+ 6:
  
+ 	pushl	%eax		# save PT index (no traps while stack changed!)
  3:	decl	%ecx
  	js	4f
***************
*** 1143,1146 ****
--- 1145,1149 ----
  
  	/* Success -- 0 byte reached. */
+ 	addl	$4,%esp		# PT index not needed anymore
  	addl	%ecx,%edx		# add back residual for this page
  	xorl	%eax,%eax
***************
*** 1148,1151 ****
--- 1151,1155 ----
  
  4:	/* Go to next page, if any. */
+ 	popl	%eax			# get back saved PT index
  	movl	$NBPG,%ecx
  	incl	%eax