https://bugs.winehq.org/show_bug.cgi?id=53835
Bug ID: 53835 Summary: cefclient.exe crash on CHECK_EQ(PAGE_READWRITE, old_protection); Product: Wine Version: 7.19 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: 398063392@qq.com Distribution: ---
https://chromium.googlesource.com/v8/v8.git/+/refs/heads/main/src/base/platf...
void OS::SetDataReadOnly(void* address, size_t size) { DCHECK_EQ(0, reinterpret_cast<uintptr_t>(address) % CommitPageSize()); DCHECK_EQ(0, size % CommitPageSize()); unsigned long old_protection; CHECK(VirtualProtect(address, size, PAGE_READONLY, &old_protection)); CHECK_EQ(PAGE_READWRITE, old_protection); }
the last line assume old_protection==PAGE_READWRITE, but it is PAGE_WRITECOPY in wine, CHECK_EQ failed will raise a int3 break crash.
you can download cefclient.exe from https://cef-builds.spotifycdn.com/cef_binary_106.1.1%2Bg5891c70%2Bchromium-1... , and run it by "wine64 cefclient.exe --no-sandbox --use-gl=angle --use-angle=swiftshader --in-process-gpu" to reproduce the problem.
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #1 from JK_STAR 398063392@qq.com --- https://cef-builds.spotifycdn.com/cef_binary_106.1.1%2Bg5891c70%2Bchromium-1... is the 64bit cefclient.exe's URL.
https://bugs.winehq.org/show_bug.cgi?id=53835
JK_STAR 398063392@qq.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|cefclient.exe crash on |cefclient.exe、chrome.exe、ch |CHECK_EQ(PAGE_READWRITE, |romium.exe crash on |old_protection); |CHECK_EQ(PAGE_READWRITE, | |old_protection);
https://bugs.winehq.org/show_bug.cgi?id=53835
Jactry Zeng jactry92@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://cef-builds.spotifyc | |dn.com/cef_binary_106.1.1%2 | |Bg5891c70%2Bchromium-106.0. | |5249.119_windows64_client.t | |ar.bz2 Keywords| |download
https://bugs.winehq.org/show_bug.cgi?id=53835
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4@web.de
--- Comment #2 from Fabian Maurer dark.shadow4@web.de --- Created attachment 73404 --> https://bugs.winehq.org/attachment.cgi?id=73404 Hack to work around the issue
Confirming.
https://bugs.winehq.org/show_bug.cgi?id=53835
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1
--- Comment #3 from Fabian Maurer dark.shadow4@web.de --- .
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #4 from JK_STAR 398063392@qq.com --- thanks, will this hack merge to master branch?
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #5 from JK_STAR 398063392@qq.com --- I build wine with the hack patch, but it can not work ok. the problem is still existed.
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #6 from Fabian Maurer dark.shadow4@web.de --- No, it won't be merged like that, it's a hack.
Works fine for me, are you sure you built it properly?
https://bugs.winehq.org/show_bug.cgi?id=53835
Brendan Shanks bshanks@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bshanks@codeweavers.com
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #7 from Brendan Shanks bshanks@codeweavers.com --- In a nutshell, v8 is requiring a PAGE_WRITECOPY page (from the .data section) to flip to PAGE_READWRITE after it's been written to.
Wine doesn't implement this, but there's a staging patchset 'ntdll-WRITECOPY' which does. With those patches (and enabling them with STAGING_WRITECOPY=1), I'm able to run my own compiled build of v8. CEF doesn't launch though, the patchset still seems to have some bugs. Since it works through signals, I fear it would hurt performance even if it was in a state to be upstreamed.
I'm going to try changing the check in upstream V8, we'll see if they accept it.
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #8 from Fabian Maurer dark.shadow4@web.de --- Good to hear, but I think it's still an issue worth fixing in Wine. I wonder how Windows implements this efficiently...
https://bugs.winehq.org/show_bug.cgi?id=53835
Zeb Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com
--- Comment #9 from Zeb Figura z.figura12@gmail.com --- (In reply to Fabian Maurer from comment #8)
Good to hear, but I think it's still an issue worth fixing in Wine. I wonder how Windows implements this efficiently...
Kernel support from the memory manager, basically. The expense (inasmuch as it exists; I don't know if it's ever been measured?) isn't processor faults so much as user space signals.
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #10 from Zeb Figura z.figura12@gmail.com --- FWIW, this bug 29384.
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #11 from Brendan Shanks bshanks@codeweavers.com --- I sent a patch for review in upstream V8, fingers crossed.
https://chromium-review.googlesource.com/c/v8/v8/+/4035093
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #12 from Fabian Maurer dark.shadow4@web.de --- Is there a way to find the crash location/reason from that int3 crash? Because I can't get cefclient to get be a log or anything that would indicate what went wrong.
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #13 from JK_STAR 398063392@qq.com --- use x64dbg from https://x64dbg.com/, it can use microsoft latest msdia140.dll from vs2022, the latest msdia140.dll can load libcef.pdb correctly, or you can try to use vs2022 remote debugger directly.
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #14 from JK_STAR 398063392@qq.com --- there is the tip to use vs2022 remote debugger: https://wiki.winehq.org/Wine_Developer%27s_Guide/VS_Remote_Debugging
https://bugs.winehq.org/show_bug.cgi?id=53835
mowinebugs@mail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mowinebugs@mail.com
--- Comment #15 from mowinebugs@mail.com --- (In reply to Brendan Shanks from comment #11)
I sent a patch for review in upstream V8, fingers crossed.
Looks like it was merged, nice work. :)
https://bugs.winehq.org/show_bug.cgi?id=53835
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |DUPLICATE
--- Comment #16 from Fabian Maurer dark.shadow4@web.de --- Marking as dupe of bug 29384.
*** This bug has been marked as a duplicate of bug 29384 ***
https://bugs.winehq.org/show_bug.cgi?id=53835
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #17 from Gijs Vermeulen gijsvrm@gmail.com --- Closing.
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #18 from Brendan Shanks bshanks@codeweavers.com --- The fix was merged upstream, but I think the first release it'll be in is Chromium 111/V8 11.1
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #19 from Brendan Shanks bshanks@codeweavers.com --- The fix for this issue is in Chromium 110/V8 11.0, and was also just merged into V8 10.9 (10.9.194.10 specifically), so should end up in Chromium 109.
(Chromium 109 is the last version supporting Windows 7/8/8.1, so I suspect it will have a long life for use in CEF, etc.)
https://bugs.winehq.org/show_bug.cgi?id=53835
--- Comment #20 from Brendan Shanks bshanks@codeweavers.com --- The latest stable release of Chrome on Windows (109.0.5414.119/.120, released yesterday) should now have the fix.
https://bugs.winehq.org/show_bug.cgi?id=53835
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mikrutrafal@protonmail.com
--- Comment #21 from Fabian Maurer dark.shadow4@web.de --- *** Bug 54280 has been marked as a duplicate of this bug. ***
-
WineHQ Bugzilla