lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <201507241803.42891@pali>
Date:	Fri, 24 Jul 2015 18:03:42 +0200
From:	Pali Rohár <pali.rohar@...il.com>
To:	Tomi Valkeinen <tomi.valkeinen@...com>,
	"Jean-Christophe Plagniol-Villard" <plagnioj@...osoft.com>,
	Jyri Sarha <jsarha@...com>
Cc:	linux-omap@...r.kernel.org, linux-fbdev@...r.kernel.org,
	linux-kernel@...r.kernel.org, Pavel Machek <pavel@....cz>,
	Sebastian Reichel <sre@...nel.org>,
	Aaro Koskinen <aaro.koskinen@....fi>,
	Tony Lindgren <tony@...mide.com>, Nishanth Menon <nm@...com>
Subject: omapdss: Division by zero in kernel

Hello,

when on N900 (real HW or qemu) I run this command

/ # echo 0 > /sys/devices/platform/omapdss/overlay0/enabled && echo 0 > /sys/class/graphics/fb0/size

then kernel crash with this error message

/ # [   29.904113] Division by zero in kernel.
** 3375 printk messages dropped ** [   29.963836] [<c01e0008>] (__aeabi_uidivmod) from [<c022071c>] 
(cfb_imageblit+0xac/0x464)
** 8426 printk messages dropped ** [   30.111083] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 8380 printk messages dropped ** [   30.258209] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 7813 printk messages dropped ** [   30.400054] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 7666 printk messages dropped ** [   30.538391] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 7687 printk messages dropped ** [   30.676544] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 7960 printk messages dropped ** [   30.819915] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 8317 printk messages dropped ** [   30.966979] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 8590 printk messages dropped ** [   31.122528] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 8885 printk messages dropped ** [   31.287658] [<c0218ed0>] (fbcon_scroll) from [<c025af90>] (scrup+0x60/0x128)
** 9408 printk messages dropped ** [   31.461425] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 9787 printk messages dropped ** [   31.644287] [<c02187e8>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 10081 printk messages dropped ** [   31.833984] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 10501 printk messages dropped ** [   32.031066] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 10816 printk messages dropped ** [   32.233001] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 10900 printk messages dropped ** [   32.440490] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 10837 printk messages dropped ** [   32.645233] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 10837 printk messages dropped ** [   32.848999] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 10837 printk messages dropped ** [   33.053833] [<c02187a4>] (fbcon_redraw.isra.12) from [<c0218ed0>] 
(fbcon_scroll+0x6a0/0xcbc)
** 10838 printk messages dropped ** [   33.258361] [<c0218ed0>] (fbcon_scroll) from [<c025af90>] (scrup+0x60/0x128)

I suspect that problem is in omapdss.

I do not know if size 0 make sense, but Maemo userspace is calling above
commands and on Nokia's 2.6.28 kernel there is no crash or error message.

IMHO Division by zero in kernel should not be there even if userspace
call "incorrect" command.

-- 
Pali Rohár
pali.rohar@...il.com

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ