We do often include affiliate links to earn us some pennies. See more here.

A developer for Collabora, the open source consultancy firm that works with the likes of Valve has sent in a Linux Kernel patch aimed at helping Windows games run on Linux through Wine.

From what's noted in the patch titled "[PATCH RFC] seccomp: Implement syscall isolation based on memory areas", which was sent in for gathering comments (RFC = Request for comments), it seems more and more modern Windows applications / games are sidestepping the actual Windows API. The result? It breaks Wine compatibility as "it doesn't have a chance to intercept and emulate these syscalls before they are submitted to Linux".

What they're going for is an addition to the Linux Kernel, to enable them to filter and find out if the calls being done are from Wine itself or from the Windows application being run. They're proposing using the seccomp function, used usually for security purposes but this is in no way a security feature it's just how they're building the functionality for Wine while re-using what's available.

Their new way will avoid some harsh performance penalties too. An existing method would have added a 10% overhead but they say this averages around 1.5% which is a pretty dramatic difference, for something as performance critical as this. Reading over comments and how it's done, it's possible this can help anti-cheat systems too but as always, don't go getting hopes up over early work that's not complete or merged in yet.

You can see the patch here on the mailing list.

Article taken from GamingOnLinux.com.
Tags: Misc, Wine
29 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. Find me on Mastodon.
See more from me
The comments on this article are closed.
30 comments
Page: 1/3»
  Go to:

TheSHEEEP Jun 1, 2020
View PC info
  • Supporter Plus
I read "the open source conspiracy firm"... :D
Xpander Jun 1, 2020
The title is a bit weird. like "gets". Nothing is there yet, its just a patch that isn't accepted yet. Interesting stuff though.
Liam Dawe Jun 1, 2020
Quoting: XpanderThe title is a bit weird. like "gets". Nothing is there yet, its just a patch that isn't accepted yet. Interesting stuff though.
To get something is to receive something, seems perfectly appropriate. It mentions clearly it's a patch (doesn't say merged or anything) and notes its 'RFC' directly in the title. A title is just a title, the key is as always the text that accompanies it.
Xpander Jun 1, 2020
Quoting: PatolaDoes anyone know of any current use cases for this patch? Which Windows applications/games skip WinAPI calls to do syscalls directly?
i think its more to do with all those anticheat and drm protection systems, rather than games itself



Quoting: Liam DaweTo get something is to receive something, seems perfectly appropriate. It mentions clearly it's a patch (doesn't say merged or anything) and notes its 'RFC' directly in the title. A title is just a title, the key is as always the text that accompanies it.

I'm not native english speaker, true. but wouldnt it be better to use "might get" ? :)

i know its request for comments but its not inside the kernel yet lol...


Last edited by Xpander on 1 June 2020 at 7:17 am UTC
elmapul Jun 1, 2020
"sidestepping the actual Windows API. "
how is that even possible?
Liam Dawe Jun 1, 2020
Quoting: Xpander
Quoting: Liam DaweTo get something is to receive something, seems perfectly appropriate. It mentions clearly it's a patch (doesn't say merged or anything) and notes its 'RFC' directly in the title. A title is just a title, the key is as always the text that accompanies it.

I'm not native english speaker, true. but wouldnt it be better to use "might get" ? :)

i know its request for comments but its not inside the kernel yet lol...
It got the patch, it received it, it hasn't yet done anything with it. The title is factually correct. Splitting hairs at this point. As always, if you have issues it's better to use the correction report system. Edit: However, I have edited to ensure it's as clear as possible.


Last edited by Liam Dawe on 1 June 2020 at 7:47 am UTC
Beamboom Jun 1, 2020
Isn't this to punch holes in the os layer and open up for instabilities, hardware conflicts and massive security issues?
CatKiller Jun 1, 2020
View PC info
  • Supporter Plus
Quoting: PatolaDoes anyone know of any current use cases for this patch? Which Windows applications/games skip WinAPI calls to do syscalls directly?

The two I read about a little while ago here were Detroit: Become Human and Red Dead Redemption 2. I saw reference to some other culprits elsewhere, too, but I can't remember which they were right now.
a0kami Jun 1, 2020
Would this bring some overhead to anything non winds/windows related ? :S:
CatKiller Jun 1, 2020
View PC info
  • Supporter Plus
Quoting: BeamboomIsn't this to punch holes in the os layer and open up for instabilities, hardware conflicts and massive security issues?

The opposite. It's so that when a Windows application blindly uses Windows system calls on Linux they can be bounced back to Wine to be interpreted properly rather than naïvely followed or dropped. The seccomp framework already exists for trapping system calls, this is just to handle things more sensibly for this use case so that only Windows system calls need processing and Wine system calls can function unmolested. As I understand it.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.