Framebuffer memory corruption bug
Simon Arlott
simon at fire.lp0.eu
Fri Jun 8 02:36:41 EDT 2012
On 08/06/12 00:00, Simon Arlott wrote:
> On 07/06/12 23:07, Simon Arlott wrote:
>> I'm not sure what's going on here, but the address ranges here are
>> suspicious:
>>
>> frame buffer 0x49385000 to 0x497ea000
>> problem memory 0xc9479ee8 to 0xc9479fff
>> 0xc9479a30 to 0xc9479a33
>> 0xc9473ee8 to 0xc9473fff
>> 0xc946bee8 to 0xc946bfff
>> 0xc9459ee8 to 0xc9459fff
>> 0xc947df80 to 0xc947dfff
>>
>> Ignoring the top 2 bits, these address ranges overlap.
>>
>> I see the logo and some junk on the display. It looks like there's some
>> issue with the memory aliasing causing the framebuffer to overwrite
>> kernel memory and then memleak to overwrite the video buffer...
I thought start.elf was the 192MB version but it's actually 128MB...
so it was using kernel memory for the frame buffer. Ideally the driver
should detect this and panic().
--
Simon Arlott
More information about the linux-rpi-kernel
mailing list