<div>I'll move this into a bug report on github, filed against the kernel I think - that is unless someone says otherwise.</div><div><br></div><div><br></div>After looking into this a bit more, I suspect that the corruption is caused when the ve application mmaps the /dev/cedar_dev device.<div>
<br></div><div>When the /dev/cerdar_dev device is mmap-ed the offset specified is briefly checked and manipulated before being passed to remap_pfn_range as the physical kernel address to start mapping onto.<div><br></div>
<div>as remap_pfn_range makes the kernel memory accessible to the user space application that called mmap this seems like a fairly likely place for a user space application to be able to inadvertently corrupt kernel memory.</div>
<div><br></div><div>I don't yet fully understand the manipulation being performed on the offset </div><div><br></div><div> temp_pfn = (__pa(vma->vm_pgoff << 12))>>12;</div><div><br></div><div>before it is passed into remap_pfn_range</div>
<div><br></div><div><div>remap_pfn_range(vma, vma->vm_start, temp_pfn, vma->vm_end - vma->vm_start, vma->vm_page_prot)</div><div><br></div></div><div><div>currently I suspect that its also a security vulnerability.</div>
<div><br></div><div>Iain.</div><div><br><br><div class="gmail_quote">On 9 June 2012 17:19, lkcl luke <span dir="ltr"><<a href="mailto:luke.leighton@gmail.com" target="_blank">luke.leighton@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Sat, Jun 9, 2012 at 4:49 PM, Iain Bullard <<a href="mailto:iain.bullard@gmail.com">iain.bullard@gmail.com</a>> wrote:<br>
> Hi All,<br>
><br>
> I've built the kernel (allwinner-v3.0-android-v2) and installed it using the<br>
> instructions for building a debian root fs<br>
> (<a href="http://rhombus-tech.net/allwinner_a10/hacking_the_mele_a1000/Building_Debian_From_Source_Code_for_Mele/" target="_blank">http://rhombus-tech.net/allwinner_a10/hacking_the_mele_a1000/Building_Debian_From_Source_Code_for_Mele/</a>).<br>
<br>
</div><div class="im">> This is more of an FYI and to see if anyone knows where to look next with<br>
> regards to resolving the kernel oops/panic.<br>
<br>
</div> thanks, ian. as this is a bugreport can i recommend recording it in<br>
a location and with a tool that is suited to recording bugreports?<br>
henrik, tom, alejandro, any suggestions?<br>
<br>
l.<br>
<br>
_______________________________________________<br>
arm-netbook mailing list <a href="mailto:arm-netbook@lists.phcomp.co.uk">arm-netbook@lists.phcomp.co.uk</a><br>
<a href="http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook" target="_blank">http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook</a><br>
Send large attachments to <a href="mailto:arm-netbook@files.phcomp.co.uk">arm-netbook@files.phcomp.co.uk</a><br>
</blockquote></div><br></div></div></div>