lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150826101612.GI27333@pali>
Date:	Wed, 26 Aug 2015 12:16:12 +0200
From:	Pali Rohár <pali.rohar@...il.com>
To:	Tomi Valkeinen <tomi.valkeinen@...com>
Cc:	Jean-Christophe Plagniol-Villard <plagnioj@...osoft.com>,
	Jyri Sarha <jsarha@...com>, linux-omap@...r.kernel.org,
	linux-fbdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	Pavel Machek <pavel@....cz>,
	Sebastian Reichel <sre@...nel.org>,
	Aaro Koskinen <aaro.koskinen@....fi>,
	Tony Lindgren <tony@...mide.com>, Nishanth Menon <nm@...com>
Subject: Re: omapdss: Division by zero in kernel

On Friday 21 August 2015 12:17:41 Tomi Valkeinen wrote:
> 
> 
> On 21/08/15 11:48, Pali Rohár wrote:
> > On Friday 21 August 2015 11:42:14 Tomi Valkeinen wrote:
> >>
> >>
> >> On 24/07/15 19:03, Pali Rohár wrote:
> >>> Hello,
> >>>
> >>> when on N900 (real HW or qemu) I run this command
> >>>
> >>> / # echo 0 > /sys/devices/platform/omapdss/overlay0/enabled && echo 0 > /sys/class/graphics/fb0/size
> >>>
> >>> then kernel crash with this error message
> >>>
> >>> / # [   29.904113] Division by zero in kernel.
> >>
> > 
> > Hi! Thanks for explaining.
> > 
> >> The problem is that fb console uses the kernel mmapped framebuffer, but
> >> omapfb is not aware of the fb console. So the above commands free the
> >> framebuffer, as omapfb thinks no one is using it, and then fb console
> >> tries to touch the fb.
> >>
> > 
> > What about refusing those calls from fb console? So fb console will not
> > know about this problem and omapfb will just ignore drawn functions?
> 
> Hmm, I'm not sure I understand what you mean... omapfb is not drawing
> anything, fbcon is doing the drawing independently to the fb. And the fb
> suddenly disappears without fbcon realizing that.
> 
> >> omapfb tracks mmaps from userspace, and refuses to free a fb it it's
> >> mmapped.
> >>
> >> I don't know how to fix it straight away. Maybe there's a way for omapfb
> >> to check if the fbcon uses the fb in question, and if so, refuses to
> >> release/resize the memory.
> >>
> >>  Tomi
> >>
> > 
> > Maemo userspace (on Nokia N900) uses above commands to initialize
> > graphic and Xserver. So it would be nice if disabling framebuffer would
> > work even if fbcon.ko is loaded (or compiled directly into zImage).
> 
> Ok. And N900 has fbcon enabled? I wonder how it survives...
> 

Depends on compiled kernel. Original stock Nokia kernel 2.6.28 has it
disabled, but when I recompiled it with fbcon (either static linked into
zImage or external fbcon.ko) it works and I do not see any problem.

So I think it survives...

> fbcon can be unbound from userspace with something like:
> 
> echo 0 > /sys/class/vtconsole/vtcon1/bind
> 
> After that I think the memory can be freed.
> 
> But obviously the kernel should not crash here, no question about that.
> 
>  Tomi
> 

Maybe just adding that test for zero to prevent division by zero?

-- 
Pali Rohár
pali.rohar@...il.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ