Wine causes process hang in kernel when running applications from FAT partition

Bug #137978 reported by Krzysztof Lichota
14
Affects Status Importance Assigned to Milestone
Wine
Invalid
High
linux-source-2.6.15 (Ubuntu)
High
Colin Ian King
Dapper
High
Unassigned

Bug Description

Binary package hint: wine

Distro: Kubuntu Dapper 6.06
Wine: 0.9.9-0ubuntu2 (tested also with 0.9.39 from winehq.org)
Kernel: 2.6.15-29-386 (2.6.15-29.58)

When .exe is run from FAT partition, wine process gets stuck in kernel in "D" state and cannot be killed.
I have straced the process and it appears it is stuck in:
ioctl(9, TUNIOCGETINFO or VFAT_IOCTL_READDIR_BOTH

This way user can prevent unmounting FAT partition by running wine on FAT partition.

TESTCASE:
1. Mount any FAT volume (for example USB pendrive)
2. Copy some file.exe file to it.
3. Run: wine /media/mydisk/file.exe
4. Wine hangs and cannot be killed.

Possible workaround is to recompile wine with "#define VFAT_IOCTL_READDIR_BOTH" in dlls/ntdll/directory.c commented out.
I have checked that it works.

Revision history for this message
In , James Hawkins (truiken) wrote :

> This is kernel bug, but affects only wine, so workaround in wine is easier.

Invalid right from the gate.

> When .exe is run from FAT partition

Wine does not support running apps from a FAT partition.

Revision history for this message
In , James Hawkins (truiken) wrote :

Closing.

Revision history for this message
In , Vitaliy-bugzilla (vitaliy-bugzilla) wrote :

James it a perfectly valid bug report. Please do not close something that does not fit the google's perspective on the world.

Revision history for this message
In , Vitaliy-bugzilla (vitaliy-bugzilla) wrote :

Reporter, upgrade to the latest Wine version (which is wine-0.9.44) and retest.
However you should really upgrade your kernel version.

Revision history for this message
In , Dmitry-codeweavers (dmitry-codeweavers) wrote :

> Wine does not support running apps from a FAT partition.

According to http://wiki.winehq.org/FAQ,"Does it matter what filesystem I use?"
<quote>
Wine is written to be file system independent, so MS Windows applications will
install and run under virtually any file system supported by your brand of UNIX.
</quote>

Wine already has workarounds for various kernel bugs in VFAT driver, so adding
one more shouldn't hurt IMO.

Re-opening.

Revision history for this message
In , The3dfxdude (the3dfxdude) wrote :

Have we talked to the kernel dev for vfat about these problems?

Revision history for this message
In , Krzysiek-bugs-winehq-org (krzysiek-bugs-winehq-org) wrote :

(In reply to comment #1)
> Wine does not support running apps from a FAT partition.

Wine contains hooks which are valid only on FAT partition, like the mentioned VFAT_IOCTL_READDIR_BOTH ioctl.

I will re-test on wine 0.44, but from reading the source I am pretty sure it is the same.

Revision history for this message
In , Krzysiek-bugs-winehq-org (krzysiek-bugs-winehq-org) wrote :

Tested with 0.9.44 (0.9.44~winehq0~ubuntu~6.06-1).
It is the same:
3525 pts/2 D+ 0:00 ./putty.exe

Revision history for this message
In , James Hawkins (truiken) wrote :

Please don't change the original reported version.

Revision history for this message
Krzysztof Lichota (krzysiek-launchpad-ubuntu-com) wrote :

Binary package hint: wine

Distro: Kubuntu Dapper 6.06
Wine: 0.9.9-0ubuntu2 (tested also with 0.9.39 from winehq.org)
Kernel: 2.6.15-29-386 (2.6.15-29.58)

When .exe is run from FAT partition, wine process gets stuck in kernel in "D" state and cannot be killed.
I have straced the process and it appears it is stuck in:
ioctl(9, TUNIOCGETINFO or VFAT_IOCTL_READDIR_BOTH

This way user can prevent unmounting FAT partition by running wine on FAT partition.

To reproduce:
1. Mount any FAT volume (for example USB pendrive)
2. Copy some file.exe file to it.
3. Run: wine /media/mydisk/file.exe
4. Wine hangs and cannot be killed.

Possible workaround is to recompile wine with "#define VFAT_IOCTL_READDIR_BOTH" in dlls/ntdll/directory.c commented out.
I have checked that it works.

Revision history for this message
In , Dan Kegel (dank) wrote :

How urgent is this to fix?

Does it e.g. hurt people using "portable apps" on pen drives?
I haven't heard of any complaints from those folks for some reason...

Revision history for this message
In , Krzysiek-bugs-winehq-org (krzysiek-bugs-winehq-org) wrote :

I guess this does not happen in newer kernel version.
Kernel 2.6.15 is though used in Ubuntu 6.06, which is long-term supported version, so it should be spotted by some people.

I have come across the bug when some other user reported he cannot run application from his Windows partition (which used FAT), but FAT Windows partitions are rare this time.

Revision history for this message
In , The3dfxdude (the3dfxdude) wrote :

If this particular bug is fixed newer kernels, can we just resolve this invalid then? It's not a wine bug.

If you want this fixed in ubuntu LTS, you should file a bug report there. That seems reasonable enough.

Revision history for this message
In , Krzysiek-bugs-winehq-org (krzysiek-bugs-winehq-org) wrote :

(In reply to comment #12)
> If this particular bug is fixed newer kernels, can we just resolve this invalid
> then? It's not a wine bug.
>
> If you want this fixed in ubuntu LTS, you should file a bug report there. That
> seems reasonable enough.

I don't know if it is fixed in newer kernel versions. If it is, I guess you should close the bug.

Changed in wine:
status: Unknown → New
Revision history for this message
In , Mikołaj Zalewski (mikolaj-zalewski) wrote :

I have sucessfuly started several programs from a pen-drive on my 2.6.20-16 kernel from Ubuntu 7.04 and then unmounted the drive. Do you have this problem with every executable you try to run or only certain directories or executables triggers the bug? Can you create a small FAT image (let's say no more than 360kB) that triggers it and attach it (compressed) to this bug?

Revision history for this message
In , James Hawkins (truiken) wrote :

Abandoned.

Revision history for this message
In , James Hawkins (truiken) wrote :

Closing.

Changed in wine:
status: New → Invalid
Revision history for this message
b.rich (richardbuehler) wrote :

It's a problem for me, too.

I must start Windows instead using wine,
I guess many users got that problem
but didn't complain yet.

This is not a wine bug, wine will not solve it because actual Kernels don't have this bug.

Last 6.06-LTS Kernel version without this bug: 2.6.15-27 (works well with wine),
2.6.15-28 produces hangup in wine.

Revision history for this message
Stephan Rügamer (sruegamer) wrote :

I'll change the package for this bug, because this is a kernel bug in dapper as it seems.

Regards,
\sh

Revision history for this message
Stephan Rügamer (sruegamer) wrote :

Dear Colleagues,

this is a regression against latest linux kernel images.
last working kernel in dapper: 2.6.15-27

Regards,

\sh

Revision history for this message
In , Lei Zhang (thestig-google) wrote :

I ran into this bug with wine 1.0-rc1 and Picasa on a machine running Ubuntu Dapper. Picasa scanned a USB drive and hung on the ioctl call.

I'll test on more machines when I get a chance. Reopening.

Changed in wine:
status: Invalid → New
Revision history for this message
In , Lei Zhang (thestig-google) wrote :

This is a kernel bug only found in Ubuntu Dapper 2.6.15-28 and up, due to a copy and paste error in the Ubuntu specific patches. Fortunately it's an one-liner so hopefully Ubuntu will push out a new update soon.

Revision history for this message
Lei Zhang (thestig-google) wrote :

When the package maintainers backported CVE-2007-2878, [1] they made a typo while adapting the code to kernel 2.6.15.

With [2] applied to the 2.6.15 source code, fat_ioctl_readdir() is as follows:

...
down(&inode->i_sem);
ret = -ENOENT;
if (!IS_DEADDIR(inode)) {
    ret = __fat_readdir(inode, filp, &buf, filldir, short_only, both);
}
down(&inode->i_sem);
...

The second down() should be an up().

This only affect the dapper kernels 2.6.15-28-51, but not later kernels used in Ubuntu 6.10+, which kept the mutex_lock() / mutex_unlock() from the original commit in kernel 2.6.21.2.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2878
[2] http://archive.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-51.66.diff.gz

Changed in wine:
status: New → Invalid
Revision history for this message
Scott Ritchie (scottritchie) wrote :

We can work around this in Wine when we backport 1.0 to dapper, if need be. it's a fairly simple patch:

Revision history for this message
Lei Zhang (thestig-google) wrote :

I'd like to see the fix go into the kernel. (Who do we have to nudge for that to happen, BTW?) Though according to Google code search, Wine is pretty much the only project that calls that ioctl. So I guess we can just work around it if needed.

Revision history for this message
Launchpad Janitor (janitor) wrote : This bug is now reported against the 'linux' package

Beginning with the Hardy Heron 8.04 development cycle, all open Ubuntu kernel bugs need to be reported against the "linux" kernel package. We are automatically migrating this linux-source-2.6.15 kernel bug to the new "linux" package. We appreciate your patience and understanding as we make this transition. Also, if you would be interested in testing the upcoming Intrepid Ibex 8.10 release, it is available at http://www.ubuntu.com/testing . Please let us know your results. Thanks!

Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Moving this back to be against the linux-source-2.6.15 package. Will ping the kernel team to take a look. Thanks.

Changed in linux:
assignee: nobody → ubuntu-kernel-team
importance: Undecided → High
status: New → Triaged
Changed in linux-source-2.6.15:
assignee: ubuntu-kernel-team → colin-king
milestone: none → dapper-updates
status: Triaged → In Progress
Revision history for this message
Colin Ian King (colin-king) wrote :

Hi, I have build a set of kernels with this fix. Can you download the appropriate deb from:

http://people.ubuntu.com/~cking/sru-137978/

and try it out to see if this fixes the bug. Once it has been verified, it can be put into the kernel as fix for the next release.

Thanks, Colin

Revision history for this message
Colin Ian King (colin-king) wrote :

OK, I've tested this myself doing:

1. Install 6.0.6 LTS i386 Desktop inside VirtualBox
2. Download all the latest updates
3. Install Wine
4. Download a Windows application (VisualGPS from http://www.visualgps.net/VisualGPS/VisualGPSInstall.exe)
5. Create a fat32 filesystem and loop-back mount it
6. Copy the Windows application to the fat32 filesystem
7. Start wine on the application and indeed it hangs.
8. Install the fixed kernel
9. Reboot
10. Remount the fat32 filesystem
11. Start wine on the application and it runs OK.

Revision history for this message
Lei Zhang (thestig-google) wrote :

Colin's test kernel works for me with Picasa 2.7 in Wine.

Revision history for this message
Colin Ian King (colin-king) wrote :

SRU Justification:

Impact: Running wine applications from a FAT filesystem causes the wine
process to get stuck in a kernel "D" state and cannot be killed. This
prevents a user from unmounting the FAT filesystem.

Fix: Replace a typo in fat_ioctl_readdir() introduced during
CVE-2007-2878, where the second semaphore down() should in fact be an
up().

Testcase: Without the patch one can trip the bug by:

1. Mount any FAT filesystem
2. Copy some file.exe file to it.
3. Run: wine /media/fattest/file.exe
4. Wine hangs and cannot be killed.

With the patch, this works. This has been tested by Lei Zhang (message 12 above) and by
myself (message 11).

Changed in linux-source-2.6.15:
status: In Progress → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
In , Austin English (austinenglish) wrote :

Closing invalid.

Steve Beattie (sbeattie)
Changed in linux-source-2.6.15:
importance: Undecided → High
status: New → Fix Committed
milestone: none → dapper-updates
description: updated
Revision history for this message
In , Lei Zhang (thestig-google) wrote :

FYI, the one liner patch has been committed into Ubuntu. A linux kernel with version > 2.6.15-52.71 should be available for Dapper in the near future.

Revision history for this message
Steve Beattie (sbeattie) wrote :

I have reproduced the problem with the linux kernel image version 2.6.15-52.71 in dapper-security and can confirm that the version in dapper-proposed, 2.6.15-52.72, addresses the issue; with the dapper-proposed kernel, I am now able to run windows applications off of FAT filesystems with wine.

Unfortunately, because the kernel was accidentally left in NEW and hadn't made it out to dapper-proposed, we should probably reset the 7 day waiting period.

Thanks!

Revision history for this message
Steve Beattie (sbeattie) wrote :

I also have run the ltp tests from the dapper ltp packages (such as they are, they're a bit buggy) and didn't find any regressions with the kernel from dapper-proposed.

Revision history for this message
Martin Pitt (pitti) wrote :

I assume this doesn't affect intrepid.

Changed in linux-source-2.6.15:
milestone: dapper-updates → none
status: Fix Committed → Invalid
Revision history for this message
Martin Pitt (pitti) wrote :

Copied to dapper-updates.

Changed in linux-source-2.6.15:
status: Fix Committed → Fix Released
Revision history for this message
Lei Zhang (thestig-google) wrote :

Correct, it only affects Dapper.

Changed in wine:
importance: Unknown → High
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.