Wine causes process hang in kernel when running applications from FAT partition

Binary package hint: wine

Distro: Kubuntu Dapper 6.06
Wine: 0.9.9-0ubuntu2 (tested also with 0.9.39 from winehq.org)
Kernel: 2.6.15-29-386 (2.6.15-29.58)

When .exe is run from FAT partition, wine process gets stuck in kernel in "D" state and cannot be killed.
I have straced the process and it appears it is stuck in:
ioctl(9, TUNIOCGETINFO or VFAT_IOCTL_READDIR_BOTH

This way user can prevent unmounting FAT partition by running wine on FAT partition.

To reproduce:
1. Mount any FAT volume (for example USB pendrive)
2. Copy some file.exe file to it.
3. Run: wine /media/mydisk/file.exe
4. Wine hangs and cannot be killed.

Possible workaround is to recompile wine with "#define VFAT_IOCTL_READDIR_BOTH" in dlls/ntdll/directory.c commented out.
I have checked that it works.

It's a problem for me, too.

I must start Windows instead using wine,
I guess many users got that problem
but didn't complain yet.

This is not a wine bug, wine will not solve it because actual Kernels don't have this bug.

Last 6.06-LTS Kernel version without this bug: 2.6.15-27 (works well with wine),
2.6.15-28 produces hangup in wine.

I'll change the package for this bug, because this is a kernel bug in dapper as it seems.

Regards,
\sh

Dear Colleagues,

this is a regression against latest linux kernel images.
last working kernel in dapper: 2.6.15-27

Regards,

\sh

When the package maintainers backported CVE-2007-2878, [1] they made a typo while adapting the code to kernel 2.6.15.

With [2] applied to the 2.6.15 source code, fat_ioctl_readdir() is as follows:

...
down(&inode->i_sem);
ret = -ENOENT;
if (!IS_DEADDIR(inode)) {
    ret = __fat_readdir(inode, filp, &buf, filldir, short_only, both);
}
down(&inode->i_sem);
...

The second down() should be an up().

This only affect the dapper kernels 2.6.15-28-51, but not later kernels used in Ubuntu 6.10+, which kept the mutex_lock() / mutex_unlock() from the original commit in kernel 2.6.21.2.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2878
[2] http://archive.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-51.66.diff.gz

We can work around this in Wine when we backport 1.0 to dapper, if need be. it's a fairly simple patch:

I'd like to see the fix go into the kernel. (Who do we have to nudge for that to happen, BTW?) Though according to Google code search, Wine is pretty much the only project that calls that ioctl. So I guess we can just work around it if needed.

Beginning with the Hardy Heron 8.04 development cycle, all open Ubuntu kernel bugs need to be reported against the "linux" kernel package. We are automatically migrating this linux-source-2.6.15 kernel bug to the new "linux" package. We appreciate your patience and understanding as we make this transition. Also, if you would be interested in testing the upcoming Intrepid Ibex 8.10 release, it is available at http://www.ubuntu.com/testing . Please let us know your results. Thanks!

Moving this back to be against the linux-source-2.6.15 package. Will ping the kernel team to take a look. Thanks.

Hi, I have build a set of kernels with this fix. Can you download the appropriate deb from:

http://people.ubuntu.com/~cking/sru-137978/

and try it out to see if this fixes the bug. Once it has been verified, it can be put into the kernel as fix for the next release.

Thanks, Colin

OK, I've tested this myself doing:

1. Install 6.0.6 LTS i386 Desktop inside VirtualBox
2. Download all the latest updates
3. Install Wine
4. Download a Windows application (VisualGPS from http://www.visualgps.net/VisualGPS/VisualGPSInstall.exe)
5. Create a fat32 filesystem and loop-back mount it
6. Copy the Windows application to the fat32 filesystem
7. Start wine on the application and indeed it hangs.
8. Install the fixed kernel
9. Reboot
10. Remount the fat32 filesystem
11. Start wine on the application and it runs OK.

Colin's test kernel works for me with Picasa 2.7 in Wine.

SRU Justification:

Impact: Running wine applications from a FAT filesystem causes the wine
process to get stuck in a kernel "D" state and cannot be killed. This
prevents a user from unmounting the FAT filesystem.

Fix: Replace a typo in fat_ioctl_readdir() introduced during
CVE-2007-2878, where the second semaphore down() should in fact be an
up().

Testcase: Without the patch one can trip the bug by:

1. Mount any FAT filesystem
2. Copy some file.exe file to it.
3. Run: wine /media/fattest/file.exe
4. Wine hangs and cannot be killed.

With the patch, this works. This has been tested by Lei Zhang (message 12 above) and by
myself (message 11).

Accepted into -proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I have reproduced the problem with the linux kernel image version 2.6.15-52.71 in dapper-security and can confirm that the version in dapper-proposed, 2.6.15-52.72, addresses the issue; with the dapper-proposed kernel, I am now able to run windows applications off of FAT filesystems with wine.

Unfortunately, because the kernel was accidentally left in NEW and hadn't made it out to dapper-proposed, we should probably reset the 7 day waiting period.

Thanks!

I also have run the ltp tests from the dapper ltp packages (such as they are, they're a bit buggy) and didn't find any regressions with the kernel from dapper-proposed.

I assume this doesn't affect intrepid.

Copied to dapper-updates.

Correct, it only affects Dapper.