http://bugs.winehq.org/show_bug.cgi?id=31892
Bug #: 31892 Summary: Handle failure to reserve NT shared user data at 0x7ffe0000 (Windows on ARM) Product: Wine Version: 1.5.14 Platform: arm OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net Classification: Unclassified
Hello,
I recently resumed some investigations with Windows on ARM apps/installers and ran into a problem due to a kernel 3.2 -> 3.0 downgrade. The kernel downgrade was necessary because Freescale left Linaro some months ago, stalling/halting all Linaro projects targeting i.mx platforms (the last kernels were still buggy as hell anyway).
Back to a Linux 3.0.x kernel now which is being actively developed/maintained within Freescale. Unfortunately all wine builtins simply segfault on startup.
The code that fails:
http://source.winehq.org/git/wine.git/blob/6ec731b65cb6525d04b86737ff85a3e77...
--- snip --- 196 HANDLE thread_init(void) 197 { 198 TEB *teb; 199 void *addr; 200 SIZE_T size, info_size; 201 HANDLE exe_file = 0; 202 LARGE_INTEGER now; 203 struct ntdll_thread_data *thread_data; 204 static struct debug_info debug_info; /* debug info for initial thread */ 205 206 virtual_init(); 207 208 /* reserve space for shared user data */ 209 210 addr = (void *)0x7ffe0000; 211 size = 0x10000; 212 NtAllocateVirtualMemory( NtCurrentProcess(), &addr, 0, &size, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE ); 213 user_shared_data = addr; ... 293 /* initialize time values in user_shared_data */ 294 NtQuerySystemTime( &now ); 295 user_shared_data->SystemTime.LowPart = now.u.LowPart; --- snip ---
NtAllocateVirtualMemory() fails to reserve that range but no return value evaluation takes place hence the initial start address value is still taken. Dereferencing of "user_shared_data" (USER_SHARED_DATA) causes the segfault.
Before the syscall:
--- snip --- ... (gdb) bt #0 0x2acc4a80 in mmap64 () from /lib/arm-linux-gnueabi/libc.so.6 #1 0x2aad45cc in wine_anon_mmap (start=0x7ffe0000, size=65536, prot=3, flags=34) at /home/linaro/projects/wine/wine-git/libs/wine/mmap.c:221 #2 0x2add2cf8 in map_view (view_ret=0x7effebe4, base=0x7ffe0000, size=65536, mask=65535, top_down=0, vprot=1091) at /home/linaro/projects/wine/wine-git/dlls/ntdll/virtual.c:794 #3 0x2add7594 in NtAllocateVirtualMemory (process=0xffffffff, ret=0x7effecb0, zero_bits=0, size_ptr=0x7effecb4, type=12288, protect=4) at /home/linaro/projects/wine/wine-git/dlls/ntdll/virtual.c:1937 #4 0x2adc6554 in thread_init () at /home/linaro/projects/wine/wine-git/dlls/ntdll/thread.c:212 #5 0x2ad8d5f4 in __wine_process_init () at /home/linaro/projects/wine/wine-git/dlls/ntdll/loader.c:2892 #6 0x2aad2fdc in wine_init (argc=2, argv=0x7efff2a4, error=0x7effed4c "", error_size=1024) at /home/linaro/projects/wine/wine-git/libs/wine/loader.c:831 #7 0x00008bbc in main (argc=2, argv=0x7efff2a4) at /home/linaro/projects/wine/wine-git/loader/main.c:237 .. --- snip ---
After syscall:
--- snip --- (gdb) n map_view (view_ret=0x7effebe4, base=0x7ffe0000, size=65536, mask=65535, top_down=0, vprot=1091) at /home/linaro/projects/wine/wine-git/dlls/ntdll/virtual.c:799 799 if (ptr != base) (gdb) info locals ptr = 0x2ac05000 status = 2147352576 ... --- snip ---
-> STATUS_CONFLICTING_ADDRESSES
mmap() failed to reserve 0x7ffe0000 and instead gave a different address range in TASK_UNMAPPED_BASE area (0x2ac05000).
mmap VM area for userspace tasks: "arch/arm/include/asm/memory.h"
--- snip --- ... #ifdef CONFIG_MMU
/* * PAGE_OFFSET - the virtual address of the start of the kernel image * TASK_SIZE - the maximum size of a user space task. * TASK_UNMAPPED_BASE - the lower boundary of the mmap VM area */ #define PAGE_OFFSET UL(CONFIG_PAGE_OFFSET) #define TASK_SIZE (UL(CONFIG_PAGE_OFFSET) - UL(0x01000000)) #define TASK_UNMAPPED_BASE (UL(CONFIG_PAGE_OFFSET) / 3)
/* * The maximum size of a 26-bit user space task. */ #define TASK_SIZE_26 UL(0x04000000)
/* * The module space lives between the addresses given by TASK_SIZE * and PAGE_OFFSET - it must be within 32MB of the kernel text. */ #ifndef CONFIG_THUMB2_KERNEL #define MODULES_VADDR (PAGE_OFFSET - 16*1024*1024) #else /* smaller range for Thumb-2 symbols relocation (2^24)*/ #define MODULES_VADDR (PAGE_OFFSET - 8*1024*1024) #endif
#if TASK_SIZE > MODULES_VADDR #error Top of user space clashes with start of module space #endif ... --- snip ---
Relevant kernel config settings:
--- snip --- ... # CONFIG_VMSPLIT_3G is not set CONFIG_VMSPLIT_2G=y # CONFIG_VMSPLIT_1G is not set CONFIG_PAGE_OFFSET=0x80000000 ... --- snip ---
(TASK_SIZE = 0x7F000000) -> arch_get_unmapped_area() will not accept address 0x7ffe0000.
I worked around by moving to a 3GiB/1GiB user/kernel virtual memory split -> CONFIG_PAGE_OFFSET=0xC0000000.
Anyway the reservation failure should be handled gracefully by either refusing to run (at least on x86 platforms) or accept a new address range.
I don't know if USER_SHARED_DATA at 0x7ffe0000 exists/makes sense for Windows on ARM platforms. One has yet to see a real WoA system...
Regards