[Bug 37669] Resetting a write watch can cause memory access violation in kernel

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=37669

--- Comment #19 from Sebastian Lackner <sebastian at fds-team.de> ---
(In reply to Dmitry Timoshkov from comment #16)
> after quite a bit of testing I prefer your approach. Unfortunately there is
> one thing that doesn't work with your patch. It's the asynchronous recv().
> Actually that's not your fault, that's a general limitation of async
> callbacks
> implementation in Wine.

Sorry, I was just too busy to answer during the last couple of days. Finally
had time to take a closer look, and I have to admit that I didn't think about
that while writing the patch. Pretty stupid design if you ask me, because
exceptions can happen basically all the time while running async callbacks
(programs messing around with page protections, ...).

Best solution would be to introduce something like "wine kernel-mode" (not
really executed in the kernel). Use a different stack, different SEH chain,
disable all vectored exception handlers and so on. That would also allow to get
rid of various other bugs, for example the issue that step-by-step execution
shouldn't modify the stack below ESP.

Nevertheless, such a big redesign is probably a bit too complicated. For Wine
Staging it would be fine, but impossible to get upstream. I decided to fix it
in my patchset by using a different method: Export new functions from ntdll for
save memory access/permission check. My current series introduces the following
changes:

[1/3] Change virtual_uninterrupted_write_memory so that write-watches do not
abort copying memory. Those are handled by the kernel on Windows, so they can
be triggered without forwarding an exception to usermode.

[2/3] Allow setting a NULL source/destination buffer for
virtual_uninterrupted_[read|write]_memory, then the function will only check
permissions (but still trigger write watches). Rename the functions and export
them.

[3/3] Similar to my previous patch, but use the newly exported functions.

Please give it a try. Works well with your attached tests for me.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.