[Arm-netbook] running allwinner-a10-video on mele causes kernel panic
Iain Bullard
iain.bullard at gmail.com
Sat Jun 9 21:14:13 BST 2012
I'll move this into a bug report on github, filed against the kernel I
think - that is unless someone says otherwise.
After looking into this a bit more, I suspect that the corruption is caused
when the ve application mmaps the /dev/cedar_dev device.
When the /dev/cerdar_dev device is mmap-ed the offset specified is briefly
checked and manipulated before being passed to remap_pfn_range as the
physical kernel address to start mapping onto.
as remap_pfn_range makes the kernel memory accessible to the user space
application that called mmap this seems like a fairly likely place for a
user space application to be able to inadvertently corrupt kernel memory.
I don't yet fully understand the manipulation being performed on the offset
temp_pfn = (__pa(vma->vm_pgoff << 12))>>12;
before it is passed into remap_pfn_range
remap_pfn_range(vma, vma->vm_start, temp_pfn, vma->vm_end - vma->vm_start,
vma->vm_page_prot)
currently I suspect that its also a security vulnerability.
Iain.
On 9 June 2012 17:19, lkcl luke <luke.leighton at gmail.com> wrote:
> On Sat, Jun 9, 2012 at 4:49 PM, Iain Bullard <iain.bullard at gmail.com>
> wrote:
> > Hi All,
> >
> > I've built the kernel (allwinner-v3.0-android-v2) and installed it using
> the
> > instructions for building a debian root fs
> > (
> http://rhombus-tech.net/allwinner_a10/hacking_the_mele_a1000/Building_Debian_From_Source_Code_for_Mele/
> ).
>
> > This is more of an FYI and to see if anyone knows where to look next with
> > regards to resolving the kernel oops/panic.
>
> thanks, ian. as this is a bugreport can i recommend recording it in
> a location and with a tool that is suited to recording bugreports?
> henrik, tom, alejandro, any suggestions?
>
> l.
>
> _______________________________________________
> arm-netbook mailing list arm-netbook at lists.phcomp.co.uk
> http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook
> Send large attachments to arm-netbook at files.phcomp.co.uk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.phcomp.co.uk/pipermail/arm-netbook/attachments/20120609/3be58730/attachment.html
More information about the arm-netbook
mailing list