While trying to solve bug 48665 by fixing the ntdll-WRITE_COPY staging patches, I think I am now faced with a fundamental problem with Wine that has been noted in the past but I'm hoping for some resolution.

In ntdll, most functions that indirectly modify a buffer will call virtual_check_buffer_for_write or use one of the virtual_locked_* functions. This is required to support write watches, and, with the staging patchset above, WRITECOPY. There is a race condition with virtual_check_buffer_for_write but it generally works.

However, not all Wine functions do this; e.g. NtReadFileScatter does not. And if a buffer gets passed to a third party library, then that third party library definitely won't call these functions even if it is appropriate, so, theoretically, the Wine interface should be calling IsBadReadPtr / IsBadWritePtr for any buffers that may be touched by a third party library.

The current situation is one where some APIs in ntdll do the correct thing but most Wine functions do not. My question is then: do we continue the practice of adding calls to IsBadReadPtr / IsBadWritePtr / virtual_check_buffer_for_write when things break, or should these be added more proactively? It feels a little inconsistent at the moment.

(As a side note, I investigated using userfaultfd-wp to solve this problem more generally, but it is Linux-specific and not quite ready for prime time.)

-Andrew