Wine: Picasa failed to start Fedora 12 after a kernel upgrade
I upgraded my kernel from 2.6.35 to 3.12, and Picasa 2.7 failed to start. Instead of starting, tons of winedbg processes were created at a rapid speed. If I didn’t kill everything related to Picasa within a minute or so (that is, all winedbg processes and any process having “picasa” in the string of “ps ax”) a reboot became imminent, as the system’s process table became full.
Since I’m not very fond of upgrades in general (Fedora 12, anyone?), and Google has ceased to support Picasa for Linux anyhow, I worked a bit on this.
It turned out, that going
$ wine "/opt/picasa/wine/drive_c/Program Files/Picasa2/Picasa2.exe"
did actually run Picasa, but with all my settings gone. No wonder. By default, Wine keeps its fake Windows environment under $HOME/.wine but $HOME/.picasa is the place used by Picasa.
So what about
$ WINEPREFIX=$HOME/.picasa wine "/opt/picasa/wine/drive_c/Program Files/Picasa2/Picasa2.exe"
YEY, it worked! But there were a few error messages, that may or may not be an issue:
wine: cannot find L"C:\\windows\\system32\\wineboot.exe" err:process:start_wineboot failed to start wineboot, err 2 fixme:actctx:parse_depend_manifests Could not find dependent assembly L"Microsoft.Windows.Common-Controls" (6.0.0.0) fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias -120, std (d/m/y): 26/10/2014, dlt (d/m/y): 28/03/2014 fixme:ole:CoResumeClassObjects stub fixme:win:FlashWindowEx 0x329e54 Bogus message code 1006 Bogus message code 1006 Bogus message code 1006 Bogus message code 1006 Not a JPEG file: starts with 0x91 0x6b Not a JPEG file: starts with 0xb5 0xea [ ... tons of these ... ] fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (10000): STUB fixme:wininet:InternetSetOptionW INTERNET_OPTION_SEND/RECEIVE_TIMEOUT 10000 fixme:wininet:set_cookie httponly not handled (L"HttpOnly") fixme:wininet:set_cookie httponly not handled (L"HttpOnly") fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (10000): STUB fixme:wininet:InternetSetOptionW INTERNET_OPTION_SEND/RECEIVE_TIMEOUT 10000 err:wininet:NETCON_secure_connect SSL_connect failed: 12045 fixme:wininet:INET_QueryOption Stub for 32 fixme:file:MoveFileWithProgressW MOVEFILE_WRITE_THROUGH unimplemented fixme:file:MoveFileWithProgressW MOVEFILE_WRITE_THROUGH unimplemented fixme:file:MoveFileWithProgressW MOVEFILE_WRITE_THROUGH unimplemented [ .. quite a few of these too ... ]
And still, I wondered why it failed before.
Picasa’s log file
When executed using Picasa’s as in the default installation (running /opt/picasa/bin/picasa), a diagnostic log is created in $HOME/.picasa/picasa.log which said
modify_ldt: Invalid argument modify_ldt: Invalid argument modify_ldt: Invalid argument modify_ldt: Invalid argument modify_ldt: Invalid argument wine: Unhandled page fault on write access to 0x00000010 at address 0x7ee95bd2 (thread 001d), starting debugger...
An error and then a debugger starting. Sounds familiar…
It turns out that there is indeed an issue with recent kernels, as one can see here, here and here (the two last links are to the same thread in LKML). Indeed, there’s a patch called “x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels” by H. Peter Anvin, which was targeted for 3.13 kernels, but also made its way to 3.12 stable, which I’m using. So much for “stable”. It’s a security patch, I suppose, and yet I would have lived well without it.
What the offending patch is about
The problem is that the IRET x86 machine instruction only changes the lower 16 bits of the stack pointer, if it returns to a 16-bit execution context. Since IRET is used to switch back from kernel mode to any user space program, any user space program running in 16 bit mode could get to know where the kernel’s stack is mapped (except for the lower 16 bits) just by calling the modify_ldt system call. This information could be a significant piece in the puzzle for a kernel injection exploit (but doesn’t pose a threat by itself).
This is a x86 processor bug, which has a workaround for 32-bit systems. But this workaround can be applied to 64-bit machines, which is why this patch was made. Later, Linus offered a patch that allows users to choose at runtime if they want to allow modift_ldt on 64-bit machines.