| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Dec 2008 09:23:59 +0100
From: Alex Raimondi <mailinglist@...omico.ch>
To: kernel@...32linux.org, linux-kernel@...r.kernel.org
Subject: Segfault in fbcmap.c => Compiler bug?
Hi
I am using latest atmel avr32 kernel (2.6.27) form git://git.kernel.org/pub/scm/linux/kernel/git/hskinnemoen/avr32-2.6.git.
I am on it's master branch. I added a few patches specific to our own board (hammerhead).
When compiling with support for atmel_lcdfb the kernel segfaults at module probe.
This is the segfault output:
**********************************
alg: No test for stdrng (krng)
io scheduler noop registered
io scheduler cfq registered (default)
atmel_lcdfb atmel_lcdfb.0: 225KiB frame buffer at 13940000 (mapped at b3940000)
Unable to handle kernel NULL pointer dereference at virtual address 00000000
ptbr = 901de000 pgd = 00000000
Oops: Kernel access of bad area, sig: 11 [#1]
FRAME_POINTER chip: 0x01f:0x1e82 rev 2
Modules linked in:
PC is at fb_set_cmap+0x4e/0xb4
LR is at fb_set_var+0x15a/0x1c4
pc : [<900cf9de>] lr : [<900cec7e>] Not tainted
sp : 93819c40 r12: 00000000 r11: 93840c00
r10: 00000000 r9 : 00000000 r8 : 00000100
r7 : 93819c50 r6 : 93840c14 r5 : 93840dec r4 : 00000000
r3 : 93840c00 r2 : 00000000 r1 : 9397f200 r0 : 9397f000
Flags: qvNzC
Mode bits: hjmde....g
CPU Mode: Supervisor
Process: swapper [1] (task: 93816000 thread: 93818000)
Stack: (0x93819c40 to 0x9381a000)
9c40: 00000000 00000000 93829e00 0000ffff 900cec7e 93819d28 93840c14 93819c78
9c60: 00000000 93840c00 00000000 93840c14 00000080 00003040 00000000 00021220
9c80: 00000000 900150d0 93819c98 00000000 10040011 00000000 90015214 93819cac
9ca0: 00000001 93840c14 00000000 90015426 93819cc0 00000001 93840c14 00000000
9cc0: 90014626 93819cd4 00400004 93840c14 00000000 900d99d8 93819d28 901e1bd4
9ce0: 93840c14 00000000 07735940 93840e3c 900cfad4 93819d14 00000000 93840dec
9d00: 00000000 00000100 00000000 93840c00 93840e3c 900098a4 93819da4 901e1bd4
9d20: 000000e1 00000000 900098fa 93819da4 901e1bd4 000000e1 00000000 901e1b40
9d40: 93840c00 93840c00 93840e3c 93840c14 93819d80 901e1b48 00000000 00000000
9d60: 13940000 b3940000 00000001 00000000 9383ba50 00000000 00000000 00000001
9d80: 9007b5d0 93819da4 00000000 901e1bb0 00000000 901e1b48 901f4020 901f7d88
9da0: 00000000 900f04e0 93819dc8 901e1b48 901e1bf4 00000000 901f4020 901f4020
9dc0: 901f7d88 00000000 900efcac 93819ddc 901e1b48 901e1bf4 00000000 900efd52
9de0: 93819e00 901e1b48 901e1bf4 00000000 901f4020 901f4020 901f7d88 00000000
9e00: 900ef672 93819e2c 00000000 93819e24 00000000 900efd18 901f4020 901f7d88
9e20: 00000000 93803ab8 901e1b90 900efb92 93819e50 00000000 901f4020 00000000
9e40: 901f7b9c 9383ea20 901f7d88 00000000 900ef948 93819e64 00000000 901f4020
9e60: 00000000 900efe8c 93819e88 901fea80 901f4020 00000000 900094c4 00000000
9e80: 90000348 00000000 900f05ee 93819eac 901fea80 901f4000 00000000 900094c4
9ea0: 00000000 90000348 00000000 900f05fe 93819ec0 901fea80 901f4000 00000000
9ec0: 900094d2 93819ed4 901fea80 90012734 00000000 90013fba 93819fc8 901fea80
9ee0: 90012734 00000000 900c22da 93819f2c 00000000 9382bc00 900c23c4 93819f2c
9f00: 93803380 00000000 00000000 93819f64 93814094 00000000 900c217a 93819f3c
9f20: 90206844 000000d0 00000000 900c23de 93819f50 90206844 9382bc00 00000000
9f40: 9382c6c0 90205438 90000348 00000000 90075c6c 93819f68 90206844 9382bc00
9f60: 00000000 00000068 90075e20 93819f90 9382bc00 901e6090 00000000 00000020
9f80: 90205438 90000348 00000000 9382c6c0 900361b8 93819fb4 93819fa8 901e6090
9fa0: 00000000 00000020 33320000 00000000 00005ea8 900361fa 93819fd8 0000011f
9fc0: 901e9c90 00000000 90000390 93819fec 900128f8 90012734 00000000 00000000
9fe0: 9001f74c 90000348 00000000 9001f74c 00000000 00000000 00000000 00000000
Call trace:
[<900cec7e>] fb_set_var+0x15a/0x1c4
[<900098fa>] atmel_lcdfb_probe+0x422/0x578
[<900f04e0>] platform_drv_probe+0x10/0x12
[<900efcac>] driver_probe_device+0x84/0xf0
[<900efd52>] __driver_attach+0x3a/0x50
[<900ef672>] bus_for_each_dev+0x2e/0x4c
[<900efb92>] driver_attach+0x12/0x14
[<900ef948>] bus_add_driver+0x6c/0x178
[<900efe8c>] driver_register+0x58/0xb0
[<900f05ee>] platform_driver_register+0x56/0x5c
[<900f05fe>] platform_driver_probe+0xa/0x38
[<900094d2>] atmel_lcdfb_init+0xe/0x14
[<90013fba>] do_one_initcall+0x36/0x10c
[<90000390>] kernel_init+0x48/0x94
[<9001f74c>] do_exit+0x0/0x4c0
Kernel panic - not syncing: Attempted to kill init!
**************************************************************
I pinned down the problem to the file drivers/video/fbcmap.c function fb_set_cmap( ... ).
There is a for loop:
for (i = 0; i < cmap->len; i++) {
hred = *red++;
hgreen = *green++;
hblue = *blue++;
if (transp)
htransp = *transp++;
The segfault happens at the if (transp) statment.
Now to the strange thing, which makes me guess this may be a problem related to a compiler bug:
When I change the if statment to:
if (transp) {
printk("e\n");
htransp = *transp++;
}
everything works fine. No segfault! The if case is never executed (no "e" is printed). This is reproduceable: Commenting out
the printk => segfault, compiling with printk => no segfault.
For completeness this is the log with the printk compiled in:
***************************
alg: No test for stdrng (krng)
io scheduler noop registered
io scheduler cfq registered (default)
atmel_lcdfb atmel_lcdfb.0: 225KiB frame buffer at 13940000 (mapped at b3940000)
Console: switching to colour frame buffer device 40x30
atmel_lcdfb atmel_lcdfb.0: fb0: Atmel LCDC at 0xff000000 (mapped at ff000000), irq 1
atmel_usart.0: ttyS0 at MMIO 0xffe01000 (irq = 7) is a ATMEL_SERIAL
***********************************
Any ideas? How can I debug this?
Alex
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists