patch
static int is_ashmem_file(struct file *file)
{
- char fname[256], *name;
- name = dentry_path(file->f_dentry, fname, 256);
- return strcmp(name, "/ashmem") ? 0 : 1;
+ return (file->f_op == &ashmem_fops);
}dentry_path: 获取文件全路径,相对挂载点
shell@hammerhead:/ $ mount
rootfs / rootfs ro,seclabel,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,mode=750,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,noatime,nomblk_io_submit,noauto_da_alloc,errors=panic,data=ordered 0 0
so:
data, system, proc, /mnt/obb
/data/ashmem : /ashmem
/data/local/tmp/ashmem: /local/tmp/ashmem
/mnt/obb/ashmem: /ashmem
poc
fd_kgsl = open("/dev/kgsl-3d0", O_RDWR);
ioctl(fd_kgsl, IOCTL_KGSL_MAP_USER_MEM, ¶m);crash log
dev="proc" ino=10477 scontext=u:r:untrusted_app:s0 tcontext=u:r:radio:s0 tclass=dir
[ 269.002841] Unable to handle kernel NULL pointer dereference at virtual address 00000114
[ 269.003276] pgd = e9f24000
[ 269.003497] [00000114] *pgd=33293831, *pte=00000000, *ppte=00000000
[ 269.020211] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
[ 269.020398] CPU: 0 Not tainted (3.4.0-gd59db4e #1)
[ 269.020506] PC is at get_ashmem_file+0x78/0x154
[ 269.020676] LR is at is_ashmem_file+0x3c/0x68
[ 269.020772] pc : [<c078e704>] lr : [<c078df24>] psr: 20000013
[ 269.020776] sp : eb73ddb8 ip : eb73dc98 fp : eb73de1c
[ 269.021027] r10: 00000004 r9 : c10e9008 r8 : eb73de5c
[ 269.021196] r7 : eb73de58 r6 : eb73de54 r5 : c103a488 r4 : ebbc9240
[ 269.021291] r3 : 19761abc r2 : 00000000 r1 : c0deb698 r0 : 00000000
[ 269.021464] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 269.021560] Control: 10c5787d Table: 3232406a DAC: 00000015
[ 269.021729]
[ 269.021731] PC: 0xc078e684:
[ 269.021906] e684 c011b554 c12a52b4 e1a0c00d e92ddff0 e24cb004 e24dd03c e52de004 e8bd4000
[ 269.022856] e6a4 e59f511c e1a08003 e1a06001 e1a07002 e1a0a000 e5953000 e50b3030 ebeb5d64
[ 269.023810] e6c4 e3a0c000 e586c000 e587c000 e2504000 0a000036 e59f90ec e1d931b2 e3130004
[ 269.024684] e6e4 1a000018 e1a00004 ebfffdfd e3500000 0a00000d e594207c e3a00000 e5864000
[ 269.025645] e704 e5923114 e5873000 e5923118 e5883000 e51b2030 e5953000 e1520003 1a000001
[ 269.026609] e724 e24bd028 e89daff0 ebe81142 e1a0100a e59f0094 eb0a27bf e1a00004 ebeb5e68
[ 269.027563] e744 e3e00000 eafffff1 e1a0200d e3c23d7f e3c3303f e24b0041 e593300c e593c224
[ 269.028451] e764 e1a01003 e50bc048 ebeb6f73 e594300c e1a02006 e51bc048 e594e01c e5933020
[ 269.029408]
[ 269.029411] LR: 0xc078dea4:
[ 269.029585] dea4 e594311c e5941118 e5902008 e0810003 e1500002 8afffff1 e1a00003 e3a02000
[ 269.030541] dec4 e12fff36 e595300c e59301ec e2800038 ebe8ad33 e3a00000 e89da878 e3e00015
[ 269.031501] dee4 e89da878 e1a0c00d e92dd810 e24cb004 e24ddf43 e52de004 e8bd4000 e59f4040
[ 269.032466] df04 e3a02c01 e24b1f46 e590000c e5943000 e50b3018 ebebb5a7 e59f1028 ebf19143
[ 269.033348] df24 e51b2018 e5943000 e2700001 33a00000 e1520003 1a000001 e24bd010 e89da810
[ 269.034303] df44 ebe8133c c103a488 c0deb690 e1a0c00d e92ddff0 e24cb004 e24dd00c e52de004
[ 269.035262] df64 e8bd4000 e5913004 e1a09001 e3530000 0a00003b e5913000 e3130080 0a00003c
[ 269.036153] df84 e59f60f4 e286003c eb0a64db e3500000 0a000037 e5b64058 e1540006 e5945000
[ 269.037106]
[ 269.037108] SP: 0xeb73dd38:
[ 269.037357] dd38 ebbc9300 ea7f67c0 eb73dd5c c078e704 20000013 ffffffff eb73dda4 eb73de5c
[ 269.038229] dd58 c10e9008 00000004 eb73de1c eb73dd70 c0106e98 c010022c 00000000 c0deb698
[ 269.039179] dd78 00000000 19761abc ebbc9240 c103a488 eb73de54 eb73de58 eb73de5c c10e9008
[ 269.040129] dd98 00000004 eb73de1c eb73dc98 eb73ddb8 c078df24 c078e704 20000013 ffffffff
[ 269.041004] ddb8 000080d0 c04aad10 0000005c c0a29194 eb73c000 c0a2925c eb73de0c c03f06e0
[ 269.041953] ddd8 ec044ff8 c03f0780 eb73de0c eb73ddf0 c03f0780 19761abc ea461e00 eb73c000
[ 269.042829] ddf8 00500000 ed2b0580 eb73de94 ebbc90c0 00002000 ea2318f0 eb73de8c eb73de20
[ 269.043775] de18 c04ab018 c078e698 c027147c c026f070 eded7280 c026eeb0 eb73de6c 14104a1b
[ 269.044652]
[ 269.044654] IP: 0xeb73dc18:
[ 269.044901] dc18 ec495100 c0278008 eb73dc64 eb73dc30 c0278bb4 c0277fd0 00000000 00000000
[ 269.045780] dc38 00000028 00010000 c027c0ec c1034300 ec523480 eb73dc9c eb73de58 c027b63c
[ 269.046749] dc58 eb73dc94 eb73dc68 c027b63c c0a29650 eb73dc84 00000100 c039bab0 00000000
[ 269.047633] dc78 eb73dc94 c103a488 c103a488 eb73de54 eb73ddb4 00000017 eb73dd70 c104541c
[ 269.048594] dc98 00000114 eb73de5c c10e9008 00000004 eb73dd6c eb73dcb8 c0100284 c0114744
[ 269.049476] dcb8 00000000 ec523100 ec523680 00000000 ebbc90c0 ec6498c0 eb73dcec eb73dce0
[ 269.050434] dcd8 c0a26edc c0a26d50 eb73dd1c eb73dcf0 c0384648 c0a26ed0 ec523124 00000000
[ 269.051397] dcf8 eb73dd1c ebbc90c0 c12866f0 c103a488 ebbc9300 ea7f67c0 ebbc90d4 ebbc90d0
[ 269.052351]
[ 269.052353] FP: 0xeb73dd9c:
[ 269.052527] dd9c eb73de1c eb73dc98 eb73ddb8 c078df24 c078e704 20000013 ffffffff 000080d0
[ 269.053480] ddbc c04aad10 0000005c c0a29194 eb73c000 c0a2925c eb73de0c c03f06e0 ec044ff8
[ 269.054363] dddc c03f0780 eb73de0c eb73ddf0 c03f0780 19761abc ea461e00 eb73c000 00500000
[ 269.055324] ddfc ed2b0580 eb73de94 ebbc90c0 00002000 ea2318f0 eb73de8c eb73de20 c04ab018
[ 269.056282] de1c c078e698 c027147c c026f070 eded7280 c026eeb0 eb73de6c 14104a1b 00000008
[ 269.057240] de3c ed34ac20 00000020 eb73df60 00000004 eac28c00 eb73de90 ebbc9240 00000000
[ 269.058119] de5c 00002000 eb73decc c01c0915 0000001c ea7f67c0 c103a488 c04aaccc eb73de94
[ 269.059070] de7c bed22a68 eb73df04 eb73de90 c04aa810 c04aacd8 ed59b6d0 00000004 00501000
[ 269.060026]
[ 269.060029] R1: 0xc0deb618:
[ 269.060202] b618 613e363c 656d6873 69203a6d 6974696e 7a696c61 000a6465 2f766564 6d687361
[ 269.061160] b638 002f6d65 2f766564 6d687361 00006d65 613e333c 656d6873 66203a6d 656c6961
[ 269.062118] b658 6f742064 726e7520 73696765 20726574 6373696d 76656420 21656369 0000000a
[ 269.063000] b678 613e363c 656d6873 75203a6d 616f6c6e 0a646564 00000000 6873612f 006d656d
[ 269.063958] b698 613e333c 656d6873 25203a6d 72203a73 65757165 64657473 74616420 72662061
[ 269.064909] b6b8 66206d6f 20656c69 63736564 74706972 7420726f 20746168 73656f64 2074276e
[ 269.065797] b6d8 73697865 000a2e74 706c6966 20702520 76656472 20642520 20646970 25287525
[ 269.066754] b6f8 66202973 20656c69 25287025 2029646c 20766564 203a6469 000a6425 663e333c
[ 269.067710]
[ 269.067713] R4: 0xebbc91c0:
[ 269.067888] 91c0 00000000 00000000 ed3c8a00 00000000 00000000 00000000 00000000 00000000
[ 269.068842] 91e0 00000000 00000000 ffffffff ffffffff 00000000 00000000 eb761dc0 eb761b00
[ 269.069803] 9200 ebbc9200 ebbc9200 ebbc9208 ebbc9208 ed34d5f0 00000000 00000000 00000000
[ 269.070680] 9220 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 269.071635] 9240 ebbc9cc0 fefe1274 ed2f3e50 ec523480 c0b19540 00000000 00000000 00000002
[ 269.072584] 9260 00020002 0000001f 00000000 00000000 00000000 00000000 00000000 00000000
[ 269.073465] 9280 00000000 00000000 eaff1d00 00000000 00000000 00000000 00000000 00000020
[ 269.074334] 92a0 00000000 00000000 ffffffff ffffffff 00000000 00000000 ea7f6800 00000000
[ 269.075298]
[ 269.075301] R5: 0xc103a408:
[ 269.075477] a408 0fbd0b82 c561aad9 046a0e5f ceb6af04 90d34de8 5a0fecb3 a5d9c4e1 6f0565ba
[ 269.076437] a428 31608756 fbbc260d 3ab7828b f06b23d0 ae0ec13c 64d26067 215c8068 4a3d3003
[ 269.077396] a448 a02ec7d8 e2850203 a3c40529 c9478a99 5269f8b0 155b7d2b a6c55264 4fb78cab
[ 269.078270] a468 db234dfd f3d3f258 c0dad457 449e4cdb 3c1e80d2 59791ef8 00000001 00000000
[ 269.079152] a488 19761abc c010d028 ffffffff 00000009 0007b0d7 c0118560 c0118514 c01182c0
[ 269.080109] a4a8 c011836c c0118384 c0118384 c0118388 c0118388 c0118404 c01184ec c01184fc
[ 269.081061] a4c8 c011843c c0118484 c01184b8 00000022 ffffffff 00000000 fa002000 fa003000
[ 269.082008] a4e8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 269.082886]
[ 269.082888] R6: 0xeb73ddd4:
[ 269.083137] ddd4 c03f06e0 ec044ff8 c03f0780 eb73de0c eb73ddf0 c03f0780 19761abc ea461e00
[ 269.084019] ddf4 eb73c000 00500000 ed2b0580 eb73de94 ebbc90c0 00002000 ea2318f0 eb73de8c
[ 269.084972] de14 eb73de20 c04ab018 c078e698 c027147c c026f070 eded7280 c026eeb0 eb73de6c
[ 269.085926] de34 14104a1b 00000008 ed34ac20 00000020 eb73df60 00000004 eac28c00 eb73de90
[ 269.086876] de54 ebbc9240 00000000 00002000 eb73decc c01c0915 0000001c ea7f67c0 c103a488
[ 269.087752] de74 c04aaccc eb73de94 bed22a68 eb73df04 eb73de90 c04aa810 c04aacd8 ed59b6d0
[ 269.088711] de94 00000004 00501000 00000000 00000000 00500000 00000001 00000000 00000009
[ 269.089669] deb4 00000001 eb73c000 eb73df14 00000000 00000001 ed34ac20 eaff1d00 eb73defc
[ 269.090551]
[ 269.090554] R7: 0xeb73ddd8:
[ 269.090803] ddd8 ec044ff8 c03f0780 eb73de0c eb73ddf0 c03f0780 19761abc ea461e00 eb73c000
[ 269.091762] ddf8 00500000 ed2b0580 eb73de94 ebbc90c0 00002000 ea2318f0 eb73de8c eb73de20
[ 269.092645] de18 c04ab018 c078e698 c027147c c026f070 eded7280 c026eeb0 eb73de6c 14104a1b
[ 269.093604] de38 00000008 ed34ac20 00000020 eb73df60 00000004 eac28c00 eb73de90 ebbc9240
[ 269.094559] de58 00000000 00002000 eb73decc c01c0915 0000001c ea7f67c0 c103a488 c04aaccc
[ 269.095443] de78 eb73de94 bed22a68 eb73df04 eb73de90 c04aa810 c04aacd8 ed59b6d0 00000004
[ 269.096406] de98 00501000 00000000 00000000 00500000 00000001 00000000 00000009 00000001
[ 269.097364] deb8 eb73c000 eb73df14 00000000 00000001 ed34ac20 eaff1d00 eb73defc 19761abc
[ 269.098314]
[ 269.098316] R8: 0xeb73dddc:
[ 269.098492] dddc c03f0780 eb73de0c eb73ddf0 c03f0780 19761abc ea461e00 eb73c000 00500000
[ 269.099442] ddfc ed2b0580 eb73de94 ebbc90c0 00002000 ea2318f0 eb73de8c eb73de20 c04ab018
[ 269.100320] de1c c078e698 c027147c c026f070 eded7280 c026eeb0 eb73de6c 14104a1b 00000008
[ 269.101272] de3c ed34ac20 00000020 eb73df60 00000004 eac28c00 eb73de90 ebbc9240 00000000
[ 269.102229] de5c 00002000 eb73decc c01c0915 0000001c ea7f67c0 c103a488 c04aaccc eb73de94
[ 269.103183] de7c bed22a68 eb73df04 eb73de90 c04aa810 c04aacd8 ed59b6d0 00000004 00501000
[ 269.104066] de9c 00000000 00000000 00500000 00000001 00000000 00000009 00000001 eb73c000
[ 269.105015] debc eb73df14 00000000 00000001 ed34ac20 eaff1d00 eb73defc 19761abc c0398d0c
[ 269.105967]
[ 269.105969] R9: 0xc10e8f88:
[ 269.106145] 8f88 0000002c 00000000 c0d4c634 c0babed4 c0de8d3c c0de8db4 00000033 00000000
[ 269.107094] 8fa8 c0d4c634 c0babed4 c0de8d3c c0de8de0 0000003a 00000000 c0d4c634 c0babed4
[ 269.108046] 8fc8 c0de8d3c c0de8e00 0000004b 00000000 c0de8ed0 c0babeec c0de8ed8 c0de8e1c
[ 269.108925] 8fe8 0000001e 00000000 c0de8ed0 c0babeec c0de8ed8 c0de8e3c 00000026 00000000
[ 269.109881] 9008 c0deb640 c0bac2e8 c0deb748 c0deb6e0 0000032c 00000000 c0deb640 c0bac2f8
[ 269.110837] 9028 c0deb748 c0deb6e8 00000343 00000000 c0d06940 c0bac57c c0ded100 c0d6a0d0
[ 269.111798] 9048 000000eb 00000000 c0d06940 c0bac5a8 c0ded100 c0debe08 0000043f 00000000
[ 269.112684] 9068 c0d06940 c0bac5a8 c0ded100 c0debe28 00000441 00000000 c0d06940 c0bac5a8
[ 269.113573] Process poc (pid: 3498, stack limit = 0xeb73c2f0)
[ 269.113744] Stack: (0xeb73ddb8 to 0xeb73e000)
[ 269.113841] dda0: 000080d0 c04aad10
[ 269.114015] ddc0: 0000005c c0a29194 eb73c000 c0a2925c eb73de0c c03f06e0 ec044ff8 c03f0780
[ 269.114113] dde0: eb73de0c eb73ddf0 c03f0780 19761abc ea461e00 eb73c000 00500000 ed2b0580
[ 269.114287] de00: eb73de94 ebbc90c0 00002000 ea2318f0 eb73de8c eb73de20 c04ab018 c078e698
[ 269.114459] de20: c027147c c026f070 eded7280 c026eeb0 eb73de6c 14104a1b 00000008 ed34ac20
[ 269.114633] de40: 00000020 eb73df60 00000004 eac28c00 eb73de90 ebbc9240 00000000 00002000
[ 269.114733] de60: eb73decc c01c0915 0000001c ea7f67c0 c103a488 c04aaccc eb73de94 bed22a68
[ 269.114907] de80: eb73df04 eb73de90 c04aa810 c04aacd8 ed59b6d0 00000004 00501000 00000000
[ 269.115078] dea0: 00000000 00500000 00000001 00000000 00000009 00000001 eb73c000 eb73df14
[ 269.115176] dec0: 00000000 00000001 ed34ac20 eaff1d00 eb73defc 19761abc c0398d0c 00000000
[ 269.115349] dee0: ebbc9300 00000005 ebbc9300 bed22a68 ed34ac20 00000000 eb73df74 eb73df08
[ 269.115522] df00: c02753ac c04aa5dc c0279324 00000000 00000000 00000001 00000000 ed59b6d0
[ 269.115695] df20: ededee00 eb73df0c 00000005 00000000 bed22a68 c01c0915 ebbc9300 00000005
[ 269.115792] df40: eb73c000 00000000 eb73df64 00000000 bed22a68 c01c0915 ebbc9300 00000005
[ 269.115964] df60: eb73c000 00000000 eb73dfa4 eb73df78 c0275950 c0275324 ffffffff 00000000
[ 269.116141] df80: c0107544 00000000 bed22a68 ffffffff 00000036 c0107544 00000000 eb73dfa8
[ 269.116317] dfa0: c0107300 c02758e0 00000000 bed22a68 00000005 c01c0915 bed22a68 bed22a38
[ 269.116414] dfc0: 00000000 bed22a68 ffffffff 00000036 000080f4 00000000 00000000 bed22aec
[ 269.116589] dfe0: 00500000 bed22a28 0000e377 0001120c 80000010 00000005 00000000 00000000
[ 269.116793] [<c078e704>] (get_ashmem_file+0x78/0x154) from [<c04ab018>] (kgsl_ioctl_map_user_mem+0x34c/0xa00)
[ 269.116981] [<c04ab018>] (kgsl_ioctl_map_user_mem+0x34c/0xa00) from [<c04aa810>] (kgsl_ioctl+0x240/0x31c)
[ 269.117088] [<c04aa810>] (kgsl_ioctl+0x240/0x31c) from [<c02753ac>] (do_vfs_ioctl+0x94/0x5bc)
[ 269.117267] [<c02753ac>] (do_vfs_ioctl+0x94/0x5bc) from [<c0275950>] (sys_ioctl+0x7c/0x8c)
[ 269.117453] [<c0275950>] (sys_ioctl+0x7c/0x8c) from [<c0107300>] (ret_fast_syscall+0x0/0x30)
[ 269.117632] Code: 0a00000d e594207c e3a00000 e5864000 (e5923114)
[ 269.121735] ---[ end trace 032dae055767b39f ]---
[ 269.121877] Kernel panic - not syncing: Fatal exception
[ 270.122308] Rebooting in 5 seconds..
[ 275.123947] Going down for restart now
[ 275.124870] Calling SCM to disable SPMI PMIC arbiter
没有评论:
发表评论