diff --git a/README.md b/README.md index 9b4b393a..c88c224b 100644 --- a/README.md +++ b/README.md @@ -39,9 +39,8 @@ Wine. All those differences are also documented on the Included bug fixes and improvements ----------------------------------- -**Bug fixes and features included in the next upcoming release [3]:** +**Bug fixes and features included in the next upcoming release [2]:** -* Fix possible use-after-free in wineserver device IPR code ([Wine Bug #38764](https://bugs.winehq.org/show_bug.cgi?id=38764)) * Globally invalidate key state on changes in other threads ([Wine Bug #29871](https://bugs.winehq.org/show_bug.cgi?id=29871)) * SecuROM 5.x media validation fails ([Wine Bug #21448](https://bugs.winehq.org/show_bug.cgi?id=21448)) @@ -119,7 +118,7 @@ for more details.* * D3DCompileShader should filter specific warning messages ([Wine Bug #33770](https://bugs.winehq.org/show_bug.cgi?id=33770)) * Do not fail when a used context is passed to wglShareLists ([Wine Bug #11436](https://bugs.winehq.org/show_bug.cgi?id=11436)) * Do not use unixfs for devices without mountpoint -* Emulate access to KI_USER_SHARED_DATA kernel page on x86_64 ([Wine Bug #33849](https://bugs.winehq.org/show_bug.cgi?id=33849)) +* ~~Emulate access to KI_USER_SHARED_DATA kernel page on x86_64~~ ([Wine Bug #33849](https://bugs.winehq.org/show_bug.cgi?id=33849)) * Enforce that surfaces are flushed after ReleaseDC * Ensure NtProtectVirtualMemory and NtCreateSection are on separate pages ([Wine Bug #33162](https://bugs.winehq.org/show_bug.cgi?id=33162)) * Ensure X11 input events are handled even without explicit message loop ([Wine Bug #8854](https://bugs.winehq.org/show_bug.cgi?id=8854)) diff --git a/debian/changelog b/debian/changelog index ad6904ec..405604e3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -20,6 +20,10 @@ wine-staging (1.7.46) UNRELEASED; urgency=low (accepted upstream). * Removed patch to fix link notification conditions for riched20 (accepted upstream). + * Removed patch to emulate access to USER_SHARE_DATA on x86_64 (accepted + upstream). + * Removed patch to fix possible use-after-free in wineserver device IPR code + (accepted upstream). * Removed patch to fix linking against libunwind on Linux (fixed upstream). -- Sebastian Lackner Sun, 14 Jun 2015 09:15:50 +0200 diff --git a/patches/ntdll-User_Shared_Data/0001-ntdll-Move-code-to-update-user-shared-data-into-a-se.patch b/patches/ntdll-User_Shared_Data/0001-ntdll-Move-code-to-update-user-shared-data-into-a-se.patch index 4bace355..80a2baff 100644 --- a/patches/ntdll-User_Shared_Data/0001-ntdll-Move-code-to-update-user-shared-data-into-a-se.patch +++ b/patches/ntdll-User_Shared_Data/0001-ntdll-Move-code-to-update-user-shared-data-into-a-se.patch @@ -1,4 +1,4 @@ -From 367e9fd451bf7fb6f521c2410ce193857d8ab12c Mon Sep 17 00:00:00 2001 +From f620c720c8a3920dc189f1ef2147126ce1d469d7 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Wed, 26 Nov 2014 10:46:09 +0100 Subject: ntdll: Move code to update user shared data into a separate function. @@ -9,10 +9,10 @@ Subject: ntdll: Move code to update user shared data into a separate function. 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec -index 7e95969..729a8f6 100644 +index 270d7ff..173bb22 100644 --- a/dlls/ntdll/ntdll.spec +++ b/dlls/ntdll/ntdll.spec -@@ -1434,3 +1434,6 @@ +@@ -1439,3 +1439,6 @@ @ cdecl wine_nt_to_unix_file_name(ptr ptr long long) @ cdecl wine_unix_to_nt_file_name(ptr ptr) @ cdecl __wine_init_windows_dir(wstr wstr) @@ -20,10 +20,10 @@ index 7e95969..729a8f6 100644 +# User shared data +@ cdecl __wine_user_shared_data() diff --git a/dlls/ntdll/thread.c b/dlls/ntdll/thread.c -index c8461b0..7d317ad 100644 +index 3696c8e..7411e48 100644 --- a/dlls/ntdll/thread.c +++ b/dlls/ntdll/thread.c -@@ -202,6 +202,26 @@ static ULONG get_dyld_image_info_addr(void) +@@ -202,6 +202,26 @@ static ULONG64 get_dyld_image_info_addr(void) } #endif /* __APPLE__ */ @@ -33,7 +33,7 @@ index c8461b0..7d317ad 100644 + * + * Update user shared data and return the address of the structure. + */ -+void* CDECL __wine_user_shared_data(void) ++BYTE* CDECL __wine_user_shared_data(void) +{ + LARGE_INTEGER now; + NtQuerySystemTime( &now ); @@ -43,7 +43,7 @@ index c8461b0..7d317ad 100644 + user_shared_data->u.TickCount.High2Time = user_shared_data->u.TickCount.High1Time; + user_shared_data->TickCountLowDeprecated = user_shared_data->u.TickCount.LowPart; + user_shared_data->TickCountMultiplier = 1 << 24; -+ return user_shared_data; ++ return (BYTE *)user_shared_data; +} + + @@ -58,7 +58,7 @@ index c8461b0..7d317ad 100644 NTSTATUS status; struct ntdll_thread_data *thread_data; static struct debug_info debug_info; /* debug info for initial thread */ -@@ -317,15 +336,8 @@ HANDLE thread_init(void) +@@ -331,15 +350,8 @@ HANDLE thread_init(void) wine_server_fd_to_handle( 2, GENERIC_WRITE|SYNCHRONIZE, OBJ_INHERIT, ¶ms.hStdError ); } @@ -77,5 +77,5 @@ index c8461b0..7d317ad 100644 NtCreateKeyedEvent( &keyed_event, GENERIC_READ | GENERIC_WRITE, NULL, 0 ); -- -2.1.3 +2.4.3 diff --git a/patches/ntdll-User_Shared_Data/0002-ntoskrnl-Update-USER_SHARED_DATA-before-accessing-me.patch b/patches/ntdll-User_Shared_Data/0002-ntoskrnl-Update-USER_SHARED_DATA-before-accessing-me.patch new file mode 100644 index 00000000..ca1e4e02 --- /dev/null +++ b/patches/ntdll-User_Shared_Data/0002-ntoskrnl-Update-USER_SHARED_DATA-before-accessing-me.patch @@ -0,0 +1,55 @@ +From af766674c13b728cd090803c41b0a304d7138bc3 Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Fri, 19 Jun 2015 15:57:14 +0200 +Subject: ntoskrnl: Update USER_SHARED_DATA before accessing memory. + +--- + dlls/ntoskrnl.exe/instr.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/dlls/ntoskrnl.exe/instr.c b/dlls/ntoskrnl.exe/instr.c +index 1306d5f..a941428 100644 +--- a/dlls/ntoskrnl.exe/instr.c ++++ b/dlls/ntoskrnl.exe/instr.c +@@ -495,8 +495,7 @@ WINE_DEFAULT_DEBUG_CHANNEL(int); + #define SIB_INDEX( sib, rex ) (((sib) >> 3) & 7) | (((rex) & REX_R) ? 8 : 0) + #define SIB_BASE( sib, rex ) (((sib) & 7) | (((rex) & REX_B) ? 8 : 0)) + +-/* keep in sync with dlls/ntdll/thread.c:thread_init */ +-static const BYTE *wine_user_shared_data = (BYTE *)0x7ffe0000; ++extern BYTE* CDECL __wine_user_shared_data(void); + static const BYTE *user_shared_data = (BYTE *)0xfffff78000000000; + + static inline DWORD64 *get_int_reg( CONTEXT *context, int index ) +@@ -689,7 +688,7 @@ static DWORD emulate_instruction( EXCEPTION_RECORD *rec, CONTEXT *context ) + if (offset <= sizeof(KSHARED_USER_DATA) - data_size) + { + ULONGLONG temp = 0; +- memcpy( &temp, wine_user_shared_data + offset, data_size ); ++ memcpy( &temp, __wine_user_shared_data() + offset, data_size ); + store_reg_word( context, instr[2], (BYTE *)&temp, long_op, rex ); + context->Rip += prefixlen + len + 2; + return ExceptionContinueExecution; +@@ -711,8 +710,8 @@ static DWORD emulate_instruction( EXCEPTION_RECORD *rec, CONTEXT *context ) + { + switch (*instr) + { +- case 0x8a: store_reg_byte( context, instr[1], wine_user_shared_data + offset, rex ); break; +- case 0x8b: store_reg_word( context, instr[1], wine_user_shared_data + offset, long_op, rex ); break; ++ case 0x8a: store_reg_byte( context, instr[1], __wine_user_shared_data() + offset, rex ); break; ++ case 0x8b: store_reg_word( context, instr[1], __wine_user_shared_data() + offset, long_op, rex ); break; + } + context->Rip += prefixlen + len + 1; + return ExceptionContinueExecution; +@@ -730,7 +729,7 @@ static DWORD emulate_instruction( EXCEPTION_RECORD *rec, CONTEXT *context ) + + if (offset <= sizeof(KSHARED_USER_DATA) - data_size) + { +- memcpy( &context->Rax, wine_user_shared_data + offset, data_size ); ++ memcpy( &context->Rax, __wine_user_shared_data() + offset, data_size ); + context->Rip += prefixlen + len + 1; + return ExceptionContinueExecution; + } +-- +2.4.3 + diff --git a/patches/ntoskrnl-Emulator/0001-ntoskrnl-Emulate-memory-access-to-KI_USER_SHARED_DAT.patch b/patches/ntoskrnl-Emulator/0001-ntoskrnl-Emulate-memory-access-to-KI_USER_SHARED_DAT.patch deleted file mode 100644 index c2ef7e37..00000000 --- a/patches/ntoskrnl-Emulator/0001-ntoskrnl-Emulate-memory-access-to-KI_USER_SHARED_DAT.patch +++ /dev/null @@ -1,343 +0,0 @@ -From 8c0608f6993ddffaff2c0a5aad9e6702ec631479 Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Mon, 10 Nov 2014 21:27:39 +0100 -Subject: ntoskrnl: Emulate memory access to KI_USER_SHARED_DATA on x86_64. - (v3) - -Changes in v3: -* Add instruction emulation for MOVZX ---- - dlls/ntoskrnl.exe/instr.c | 298 ++++++++++++++++++++++++++++++++++++++++++- - dlls/ntoskrnl.exe/ntoskrnl.c | 2 +- - 2 files changed, 298 insertions(+), 2 deletions(-) - -diff --git a/dlls/ntoskrnl.exe/instr.c b/dlls/ntoskrnl.exe/instr.c -index 45021c6..9e5f109 100644 ---- a/dlls/ntoskrnl.exe/instr.c -+++ b/dlls/ntoskrnl.exe/instr.c -@@ -4,6 +4,7 @@ - * Copyright 1995 Alexandre Julliard - * Copyright 2005 Ivan Leo Puoti - * Copyright 2005 Laurent Pinchart -+ * Copyright 2014 Sebastian Lackner - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -475,4 +476,299 @@ LONG CALLBACK vectored_handler( EXCEPTION_POINTERS *ptrs ) - return EXCEPTION_CONTINUE_SEARCH; - } - --#endif /* __i386__ */ -+#elif defined(__x86_64__) /* __i386__ */ -+ -+#include -+ -+#include "windef.h" -+#include "winbase.h" -+#include "winternl.h" -+#define WIN32_NO_STATUS -+#include "ddk/wdm.h" -+#include "excpt.h" -+#include "wine/debug.h" -+#include "wine/exception.h" -+ -+WINE_DEFAULT_DEBUG_CHANNEL(int); -+ -+#define REX_B 1 -+#define REX_X 2 -+#define REX_R 4 -+#define REX_W 8 -+ -+#define REGMODRM_MOD( regmodrm, rex ) ((regmodrm) >> 6) -+#define REGMODRM_REG( regmodrm, rex ) (((regmodrm) >> 3) & 7) | (((rex) & REX_R) ? 8 : 0) -+#define REGMODRM_RM( regmodrm, rex ) (((regmodrm) & 7) | (((rex) & REX_B) ? 8 : 0)) -+ -+#define SIB_SS( sib, rex ) ((sib) >> 6) -+#define SIB_INDEX( sib, rex ) (((sib) >> 3) & 7) | (((rex) & REX_R) ? 8 : 0) -+#define SIB_BASE( sib, rex ) (((sib) & 7) | (((rex) & REX_B) ? 8 : 0)) -+ -+#define KI_USER_SHARED_DATA 0xfffff78000000000 -+extern void* CDECL __wine_user_shared_data(void); -+ -+static inline DWORD64 *get_int_reg( CONTEXT *context, int index ) -+{ -+ return &context->Rax + index; /* index should be in range 0 .. 15 */ -+} -+ -+static inline int get_op_size( int long_op, int rex ) -+{ -+ if (rex & REX_W) -+ return sizeof(DWORD64); -+ else if (long_op) -+ return sizeof(DWORD); -+ else -+ return sizeof(WORD); -+} -+ -+/* store an operand into a register */ -+static void store_reg_word( CONTEXT *context, BYTE regmodrm, const BYTE *addr, int long_op, int rex ) -+{ -+ int index = REGMODRM_REG( regmodrm, rex ); -+ BYTE *reg = (BYTE *)get_int_reg( context, index ); -+ memcpy( reg, addr, get_op_size( long_op, rex ) ); -+} -+ -+/* store an operand into a byte register */ -+static void store_reg_byte( CONTEXT *context, BYTE regmodrm, const BYTE *addr, int rex ) -+{ -+ int index = REGMODRM_REG( regmodrm, rex ); -+ BYTE *reg = (BYTE *)get_int_reg( context, index ); -+ if (!rex && index >= 4 && index < 8) reg -= (4 * sizeof(DWORD64) - 1); /* special case: ah, ch, dh, bh */ -+ *reg = *addr; -+} -+ -+/*********************************************************************** -+ * INSTR_GetOperandAddr -+ * -+ * Return the address of an instruction operand (from the mod/rm byte). -+ */ -+static BYTE *INSTR_GetOperandAddr( CONTEXT *context, BYTE *instr, -+ int long_addr, int rex, int segprefix, int *len ) -+{ -+ int mod, rm, ss = 0, off, have_sib = 0; -+ DWORD64 base = 0, index = 0; -+ -+#define GET_VAL( val, type ) \ -+ { *val = *(type *)instr; instr += sizeof(type); *len += sizeof(type); } -+ -+ *len = 0; -+ GET_VAL( &mod, BYTE ); -+ rm = REGMODRM_RM( mod, rex ); -+ mod = REGMODRM_MOD( mod, rex ); -+ -+ if (mod == 3) -+ return (BYTE *)get_int_reg( context, rm ); -+ -+ if ((rm & 7) == 4) -+ { -+ BYTE sib; -+ int id; -+ -+ GET_VAL( &sib, BYTE ); -+ rm = SIB_BASE( sib, rex ); -+ id = SIB_INDEX( sib, rex ); -+ ss = SIB_SS( sib, rex ); -+ -+ index = (id != 4) ? *get_int_reg( context, id ) : 0; -+ if (!long_addr) index &= 0xffffffff; -+ have_sib = 1; -+ } -+ -+ base = *get_int_reg( context, rm ); -+ if (!long_addr) base &= 0xffffffff; -+ -+ switch (mod) -+ { -+ case 0: -+ if (rm == 5) /* special case */ -+ { -+ base = have_sib ? 0 : context->Rip; -+ if (!long_addr) base &= 0xffffffff; -+ GET_VAL( &off, DWORD ); -+ base += (signed long)off; -+ } -+ break; -+ -+ case 1: /* 8-bit disp */ -+ GET_VAL( &off, BYTE ); -+ base += (signed char)off; -+ break; -+ -+ case 2: /* 32-bit disp */ -+ GET_VAL( &off, DWORD ); -+ base += (signed long)off; -+ break; -+ } -+ -+ /* FIXME: we assume that all segments have a base of 0 */ -+ return (BYTE *)(base + (index << ss)); -+#undef GET_VAL -+} -+ -+ -+/*********************************************************************** -+ * emulate_instruction -+ * -+ * Emulate a privileged instruction. -+ * Returns exception continuation status. -+ */ -+static DWORD emulate_instruction( EXCEPTION_RECORD *rec, CONTEXT *context ) -+{ -+ int prefix, segprefix, prefixlen, len, long_op, long_addr, rex; -+ BYTE *instr; -+ -+ long_op = long_addr = 1; -+ instr = (BYTE *)context->Rip; -+ if (!instr) return ExceptionContinueSearch; -+ -+ /* First handle any possible prefix */ -+ -+ segprefix = -1; /* no seg prefix */ -+ rex = 0; /* no rex prefix */ -+ prefix = 1; -+ prefixlen = 0; -+ while(prefix) -+ { -+ switch(*instr) -+ { -+ case 0x2e: -+ segprefix = context->SegCs; -+ break; -+ case 0x36: -+ segprefix = context->SegSs; -+ break; -+ case 0x3e: -+ segprefix = context->SegDs; -+ break; -+ case 0x26: -+ segprefix = context->SegEs; -+ break; -+ case 0x64: -+ segprefix = context->SegFs; -+ break; -+ case 0x65: -+ segprefix = context->SegGs; -+ break; -+ case 0x66: -+ long_op = !long_op; /* opcode size prefix */ -+ break; -+ case 0x67: -+ long_addr = !long_addr; /* addr size prefix */ -+ break; -+ case 0xf0: /* lock */ -+ break; -+ case 0xf2: /* repne */ -+ break; -+ case 0xf3: /* repe */ -+ break; -+ default: -+ prefix = 0; /* no more prefixes */ -+ break; -+ } -+ if (*instr >= 0x40 && *instr < 0x50) /* rex */ -+ { -+ rex = *instr; -+ prefix = TRUE; -+ } -+ if (prefix) -+ { -+ instr++; -+ prefixlen++; -+ } -+ } -+ -+ /* Now look at the actual instruction */ -+ -+ switch(*instr) -+ { -+ case 0x0f: /* extended instruction */ -+ switch(instr[1]) -+ { -+ case 0xb6: /* movzx Eb, Gv */ -+ case 0xb7: /* movzx Ew, Gv */ -+ { -+ BYTE *data = INSTR_GetOperandAddr( context, instr + 2, long_addr, -+ rex, segprefix, &len ); -+ unsigned int data_size = (instr[1] == 0xb7) ? 2 : 1; -+ unsigned int offset = data - (BYTE *)KI_USER_SHARED_DATA; -+ -+ if (offset <= sizeof(struct _KUSER_SHARED_DATA) - data_size) -+ { -+ BYTE *user_shared_data = __wine_user_shared_data(); -+ ULONGLONG temp = 0; -+ memcpy( &temp, user_shared_data + offset, data_size ); -+ store_reg_word( context, instr[2], (BYTE *)&temp, long_op, rex ); -+ context->Rip += prefixlen + len + 2; -+ return ExceptionContinueExecution; -+ } -+ break; /* Unable to emulate it */ -+ } -+ } -+ break; /* Unable to emulate it */ -+ -+ case 0x8a: /* mov Eb, Gb */ -+ case 0x8b: /* mov Ev, Gv */ -+ { -+ BYTE *data = INSTR_GetOperandAddr( context, instr + 1, long_addr, -+ rex, segprefix, &len ); -+ unsigned int data_size = (*instr == 0x8b) ? get_op_size( long_op, rex ) : 1; -+ unsigned int offset = data - (BYTE *)KI_USER_SHARED_DATA; -+ -+ if (offset <= sizeof(KSHARED_USER_DATA) - data_size) -+ { -+ BYTE *user_shared_data = __wine_user_shared_data(); -+ switch (*instr) -+ { -+ case 0x8a: store_reg_byte( context, instr[1], user_shared_data + offset, rex ); break; -+ case 0x8b: store_reg_word( context, instr[1], user_shared_data + offset, long_op, rex ); break; -+ } -+ context->Rip += prefixlen + len + 1; -+ return ExceptionContinueExecution; -+ } -+ break; /* Unable to emulate it */ -+ } -+ -+ case 0xa0: /* mov Ob, AL */ -+ case 0xa1: /* mov Ovqp, rAX */ -+ { -+ BYTE *data = (BYTE *)(long_addr ? *(DWORD64 *)(instr + 1) : *(DWORD *)(instr + 1)); -+ unsigned int data_size = (*instr == 0xa1) ? get_op_size( long_op, rex ) : 1; -+ unsigned int offset = data - (BYTE *)KI_USER_SHARED_DATA; -+ len = long_addr ? sizeof(DWORD64) : sizeof(DWORD); -+ -+ if (offset <= sizeof(KSHARED_USER_DATA) - data_size) -+ { -+ BYTE *user_shared_data = __wine_user_shared_data(); -+ memcpy( &context->Rax, user_shared_data + offset, data_size ); -+ context->Rip += prefixlen + len + 1; -+ return ExceptionContinueExecution; -+ } -+ break; /* Unable to emulate it */ -+ } -+ } -+ return ExceptionContinueSearch; /* Unable to emulate it */ -+} -+ -+ -+/*********************************************************************** -+ * vectored_handler -+ * -+ * Vectored exception handler used to emulate protected instructions -+ * from 64-bit code. -+ */ -+LONG CALLBACK vectored_handler( EXCEPTION_POINTERS *ptrs ) -+{ -+ EXCEPTION_RECORD *record = ptrs->ExceptionRecord; -+ CONTEXT *context = ptrs->ContextRecord; -+ -+ if (record->ExceptionCode == EXCEPTION_ACCESS_VIOLATION) -+ { -+ if (emulate_instruction( record, context ) == ExceptionContinueExecution) -+ return EXCEPTION_CONTINUE_EXECUTION; -+ } -+ return EXCEPTION_CONTINUE_SEARCH; -+} -+ -+#endif /* __x86_64__ */ -\ No newline at end of file -diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c -index 2051939..35454a5 100644 ---- a/dlls/ntoskrnl.exe/ntoskrnl.c -+++ b/dlls/ntoskrnl.exe/ntoskrnl.c -@@ -2069,7 +2069,7 @@ BOOL WINAPI DllMain( HINSTANCE inst, DWORD reason, LPVOID reserved ) - { - case DLL_PROCESS_ATTACH: - DisableThreadLibraryCalls( inst ); --#ifdef __i386__ -+#if defined(__i386__) || defined(__x86_64__) - handler = RtlAddVectoredExceptionHandler( TRUE, vectored_handler ); - #endif - KeQueryTickCount( &count ); /* initialize the global KeTickCount */ --- -2.4.3 - diff --git a/patches/ntoskrnl-Emulator/0002-ntoskrnl-Add-TRACEs-for-instruction-emulator-on-x86_.patch b/patches/ntoskrnl-Emulator/0002-ntoskrnl-Add-TRACEs-for-instruction-emulator-on-x86_.patch deleted file mode 100644 index ffc4fc77..00000000 --- a/patches/ntoskrnl-Emulator/0002-ntoskrnl-Add-TRACEs-for-instruction-emulator-on-x86_.patch +++ /dev/null @@ -1,46 +0,0 @@ -From c5d80d20b8e3ba1eb46d18cef337a1d6d1b0ed10 Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Mon, 10 Nov 2014 21:42:53 +0100 -Subject: ntoskrnl: Add TRACEs for instruction emulator on x86_64 to simplify - debugging. - ---- - dlls/ntoskrnl.exe/instr.c | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/dlls/ntoskrnl.exe/instr.c b/dlls/ntoskrnl.exe/instr.c -index 51b7bec..16d7afd 100644 ---- a/dlls/ntoskrnl.exe/instr.c -+++ b/dlls/ntoskrnl.exe/instr.c -@@ -739,8 +739,28 @@ LONG CALLBACK vectored_handler( EXCEPTION_POINTERS *ptrs ) - - if (record->ExceptionCode == EXCEPTION_ACCESS_VIOLATION) - { -+ DWORD64 rip = context->Rip; - if (emulate_instruction( record, context ) == ExceptionContinueExecution) -+ { -+ -+ if (context->Rip - rip <= 32) -+ { -+ TRACE("emulated opcodes:"); -+ for (; rip < context->Rip; rip++) TRACE(" %02x", *(BYTE *)rip); -+ TRACE("\n"); -+ } -+ TRACE( "next instruction rip=%lx\n", context->Rip ); -+ TRACE( " rax=%016lx rbx=%016lx rcx=%016lx rdx=%016lx\n", -+ context->Rax, context->Rbx, context->Rcx, context->Rdx ); -+ TRACE( " rsi=%016lx rdi=%016lx rbp=%016lx rsp=%016lx\n", -+ context->Rsi, context->Rdi, context->Rbp, context->Rsp ); -+ TRACE( " r8=%016lx r9=%016lx r10=%016lx r11=%016lx\n", -+ context->R8, context->R9, context->R10, context->R11 ); -+ TRACE( " r12=%016lx r13=%016lx r14=%016lx r15=%016lx\n", -+ context->R12, context->R13, context->R14, context->R15 ); -+ - return EXCEPTION_CONTINUE_EXECUTION; -+ } - } - return EXCEPTION_CONTINUE_SEARCH; - } --- -2.1.3 - diff --git a/patches/ntoskrnl-Emulator/definition b/patches/ntoskrnl-Emulator/definition deleted file mode 100644 index 685a3ac6..00000000 --- a/patches/ntoskrnl-Emulator/definition +++ /dev/null @@ -1,3 +0,0 @@ -Fixes: [33849] Emulate access to KI_USER_SHARED_DATA kernel page on x86_64 -Depends: ntdll-User_Shared_Data -Category: stable diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 8c7776c3..d323fb6c 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -55,7 +55,7 @@ version() echo "Copyright (C) 2014-2015 the Wine Staging project authors." echo "" echo "Patchset to be applied on upstream Wine:" - echo " commit 6fe55462107b4dcc31f919296a6e5870dcc881a3" + echo " commit af55ae137965512a1635e69b8f41849114f60012" echo "" } @@ -185,7 +185,6 @@ patch_enable_all () enable_ntdll_WinSqm="$1" enable_ntdll_WriteWatches="$1" enable_ntoskrnl_DriverTest="$1" - enable_ntoskrnl_Emulator="$1" enable_ntoskrnl_Stubs="$1" enable_nvapi_Stub_DLL="$1" enable_nvcuda_CUDA_Support="$1" @@ -211,7 +210,6 @@ patch_enable_all () enable_server_OpenProcess="$1" enable_server_PeekMessage="$1" enable_server_Realtime_Priority="$1" - enable_server_Release_File="$1" enable_server_RootDirectory_File="$1" enable_server_Shared_Memory="$1" enable_server_Stored_ACLs="$1" @@ -634,9 +632,6 @@ patch_enable () ntoskrnl-DriverTest) enable_ntoskrnl_DriverTest="$2" ;; - ntoskrnl-Emulator) - enable_ntoskrnl_Emulator="$2" - ;; ntoskrnl-Stubs) enable_ntoskrnl_Stubs="$2" ;; @@ -712,9 +707,6 @@ patch_enable () server-Realtime_Priority) enable_server_Realtime_Priority="$2" ;; - server-Release_File) - enable_server_Release_File="$2" - ;; server-RootDirectory_File) enable_server_RootDirectory_File="$2" ;; @@ -1444,9 +1436,6 @@ if test "$enable_category_stable" -eq 1; then if test "$enable_ntdll_WriteWatches" -gt 1; then abort "Patchset ntdll-WriteWatches disabled, but category-stable depends on that." fi - if test "$enable_ntoskrnl_Emulator" -gt 1; then - abort "Patchset ntoskrnl-Emulator disabled, but category-stable depends on that." - fi if test "$enable_opengl32_Revert_Disable_Ext" -gt 1; then abort "Patchset opengl32-Revert_Disable_Ext disabled, but category-stable depends on that." fi @@ -1595,7 +1584,6 @@ if test "$enable_category_stable" -eq 1; then enable_ntdll_Threading=1 enable_ntdll_User_Shared_Data=1 enable_ntdll_WriteWatches=1 - enable_ntoskrnl_Emulator=1 enable_opengl32_Revert_Disable_Ext=1 enable_server_Address_List_Change=1 enable_server_ClipCursor=1 @@ -1758,13 +1746,6 @@ if test "$enable_nvapi_Stub_DLL" -eq 1; then enable_nvcuda_CUDA_Support=1 fi -if test "$enable_ntoskrnl_Emulator" -eq 1; then - if test "$enable_ntdll_User_Shared_Data" -gt 1; then - abort "Patchset ntdll-User_Shared_Data disabled, but ntoskrnl-Emulator depends on that." - fi - enable_ntdll_User_Shared_Data=1 -fi - if test "$enable_ntdll_WriteWatches" -eq 1; then if test "$enable_kernel32_Named_Pipe" -gt 1; then abort "Patchset kernel32-Named_Pipe disabled, but ntdll-WriteWatches depends on that." @@ -2052,23 +2033,6 @@ if test "$enable_advapi32_GetWindowsAccountDomainSid" -eq 1; then ) >> "$patchlist" fi -# Patchset server-Misc_ACL -# | -# | This patchset fixes the following Wine bugs: -# | * [#15980] GetSecurityInfo returns NULL DACL for process object -# | -# | Modified files: -# | * dlls/advapi32/tests/security.c, server/process.c, server/security.h, server/token.c -# | -if test "$enable_server_Misc_ACL" -eq 1; then - patch_apply server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch - patch_apply server-Misc_ACL/0002-server-Add-default-security-descriptor-DACL-for-proc.patch - ( - echo '+ { "Erich E. Hoover", "server: Add default security descriptor ownership for processes.", 1 },'; - echo '+ { "Erich E. Hoover", "server: Add default security descriptor DACL for processes.", 1 },'; - ) >> "$patchlist" -fi - # Patchset server-CreateProcess_ACLs # | # | This patchset fixes the following Wine bugs: @@ -2088,6 +2052,23 @@ if test "$enable_server_CreateProcess_ACLs" -eq 1; then ) >> "$patchlist" fi +# Patchset server-Misc_ACL +# | +# | This patchset fixes the following Wine bugs: +# | * [#15980] GetSecurityInfo returns NULL DACL for process object +# | +# | Modified files: +# | * dlls/advapi32/tests/security.c, server/process.c, server/security.h, server/token.c +# | +if test "$enable_server_Misc_ACL" -eq 1; then + patch_apply server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch + patch_apply server-Misc_ACL/0002-server-Add-default-security-descriptor-DACL-for-proc.patch + ( + echo '+ { "Erich E. Hoover", "server: Add default security descriptor ownership for processes.", 1 },'; + echo '+ { "Erich E. Hoover", "server: Add default security descriptor DACL for processes.", 1 },'; + ) >> "$patchlist" +fi + # Patchset advapi32-LsaLookupSids # | # | Modified files: @@ -3804,12 +3785,14 @@ fi # Patchset ntdll-User_Shared_Data # | # | Modified files: -# | * dlls/ntdll/ntdll.spec, dlls/ntdll/thread.c +# | * dlls/ntdll/ntdll.spec, dlls/ntdll/thread.c, dlls/ntoskrnl.exe/instr.c # | if test "$enable_ntdll_User_Shared_Data" -eq 1; then patch_apply ntdll-User_Shared_Data/0001-ntdll-Move-code-to-update-user-shared-data-into-a-se.patch + patch_apply ntdll-User_Shared_Data/0002-ntoskrnl-Update-USER_SHARED_DATA-before-accessing-me.patch ( echo '+ { "Sebastian Lackner", "ntdll: Move code to update user shared data into a separate function.", 1 },'; + echo '+ { "Sebastian Lackner", "ntoskrnl: Update USER_SHARED_DATA before accessing memory.", 1 },'; ) >> "$patchlist" fi @@ -3915,23 +3898,6 @@ if test "$enable_ntoskrnl_DriverTest" -eq 1; then ) >> "$patchlist" fi -# Patchset ntoskrnl-Emulator -# | -# | This patchset fixes the following Wine bugs: -# | * [#33849] Emulate access to KI_USER_SHARED_DATA kernel page on x86_64 -# | -# | Modified files: -# | * dlls/ntoskrnl.exe/instr.c, dlls/ntoskrnl.exe/ntoskrnl.c -# | -if test "$enable_ntoskrnl_Emulator" -eq 1; then - patch_apply ntoskrnl-Emulator/0001-ntoskrnl-Emulate-memory-access-to-KI_USER_SHARED_DAT.patch - patch_apply ntoskrnl-Emulator/0002-ntoskrnl-Add-TRACEs-for-instruction-emulator-on-x86_.patch - ( - echo '+ { "Sebastian Lackner", "ntoskrnl: Emulate memory access to KI_USER_SHARED_DATA on x86_64.", 3 },'; - echo '+ { "Sebastian Lackner", "ntoskrnl: Add TRACEs for instruction emulator on x86_64 to simplify debugging.", 1 },'; - ) >> "$patchlist" -fi - # Patchset ntoskrnl-Stubs # | # | This patchset fixes the following Wine bugs: @@ -4389,21 +4355,6 @@ if test "$enable_server_Realtime_Priority" -eq 1; then ) >> "$patchlist" fi -# Patchset server-Release_File -# | -# | This patchset fixes the following Wine bugs: -# | * [#38764] Fix possible use-after-free in wineserver device IPR code -# | -# | Modified files: -# | * server/device.c -# | -if test "$enable_server_Release_File" -eq 1; then - patch_apply server-Release_File/0001-server-Delay-destruction-of-file-object-in-set_irp_r.patch - ( - echo '+ { "Sebastian Lackner", "server: Delay destruction of file object in set_irp_result.", 1 },'; - ) >> "$patchlist" -fi - # Patchset server-Shared_Memory # | # | Modified files: @@ -5066,18 +5017,6 @@ if test "$enable_wined3d_CSMT_Helper" -eq 1; then ) >> "$patchlist" fi -# Patchset wined3d-UnhandledBlendFactor -# | -# | Modified files: -# | * dlls/wined3d/state.c -# | -if test "$enable_wined3d_UnhandledBlendFactor" -eq 1; then - patch_apply wined3d-UnhandledBlendFactor/0001-wined3d-Silence-repeated-Unhandled-blend-factor-0-me.patch - ( - echo '+ { "Sebastian Lackner", "wined3d: Silence repeated '\''Unhandled blend factor 0'\'' messages.", 1 },'; - ) >> "$patchlist" -fi - # Patchset wined3d-wined3d_swapchain_present # | # | Modified files: @@ -5090,18 +5029,6 @@ if test "$enable_wined3d_wined3d_swapchain_present" -eq 1; then ) >> "$patchlist" fi -# Patchset wined3d-resource_check_usage -# | -# | Modified files: -# | * dlls/wined3d/resource.c -# | -if test "$enable_wined3d_resource_check_usage" -eq 1; then - patch_apply wined3d-resource_check_usage/0001-wined3d-Silence-repeated-resource_check_usage-FIXME.patch - ( - echo '+ { "Erich E. Hoover", "wined3d: Silence repeated resource_check_usage FIXME.", 2 },'; - ) >> "$patchlist" -fi - # Patchset wined3d-Multisampling # | # | This patchset fixes the following Wine bugs: @@ -5151,6 +5078,30 @@ if test "$enable_wined3d_Revert_PixelFormat" -eq 1; then ) >> "$patchlist" fi +# Patchset wined3d-UnhandledBlendFactor +# | +# | Modified files: +# | * dlls/wined3d/state.c +# | +if test "$enable_wined3d_UnhandledBlendFactor" -eq 1; then + patch_apply wined3d-UnhandledBlendFactor/0001-wined3d-Silence-repeated-Unhandled-blend-factor-0-me.patch + ( + echo '+ { "Sebastian Lackner", "wined3d: Silence repeated '\''Unhandled blend factor 0'\'' messages.", 1 },'; + ) >> "$patchlist" +fi + +# Patchset wined3d-resource_check_usage +# | +# | Modified files: +# | * dlls/wined3d/resource.c +# | +if test "$enable_wined3d_resource_check_usage" -eq 1; then + patch_apply wined3d-resource_check_usage/0001-wined3d-Silence-repeated-resource_check_usage-FIXME.patch + ( + echo '+ { "Erich E. Hoover", "wined3d: Silence repeated resource_check_usage FIXME.", 2 },'; + ) >> "$patchlist" +fi + # Patchset wined3d-CSMT_Main # | # | This patchset fixes the following Wine bugs: diff --git a/patches/server-Release_File/0001-server-Delay-destruction-of-file-object-in-set_irp_r.patch b/patches/server-Release_File/0001-server-Delay-destruction-of-file-object-in-set_irp_r.patch deleted file mode 100644 index 5369eb84..00000000 --- a/patches/server-Release_File/0001-server-Delay-destruction-of-file-object-in-set_irp_r.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 12bf8396bd22a181e9d49c70b84b98b85eacefea Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Tue, 16 Jun 2015 03:16:10 +0200 -Subject: server: Delay destruction of file object in set_irp_result. - ---- - server/device.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/server/device.c b/server/device.c -index dc0325e..da99c32 100644 ---- a/server/device.c -+++ b/server/device.c -@@ -288,7 +288,6 @@ static void set_irp_result( struct irp_call *irp, unsigned int status, - irp->out_size = min( irp->out_size, out_size ); - if (irp->out_size && !(irp->out_data = memdup( out_data, irp->out_size ))) - irp->out_size = 0; -- release_object( file ); - irp->file = NULL; - if (irp->async) - { -@@ -306,6 +305,7 @@ static void set_irp_result( struct irp_call *irp, unsigned int status, - list_remove( &irp->dev_entry ); - release_object( irp ); /* no longer on the device queue */ - } -+ release_object( file ); - } - - --- -2.4.3 - diff --git a/patches/server-Release_File/definition b/patches/server-Release_File/definition deleted file mode 100644 index b5deec1c..00000000 --- a/patches/server-Release_File/definition +++ /dev/null @@ -1 +0,0 @@ -Fixes: [38764] Fix possible use-after-free in wineserver device IPR code