Ubuntu
linux-grouper package

opening /sys/devices/platform/tegra-i2c.4/i2c-4/4-006a/reg_status (as user) causes immediate reboot

Bug #1190225 reported by Martin Pitt
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-grouper (Ubuntu)
Fix Released
Undecided
Tim Gardner
Saucy
Fix Released
Undecided
Tim Gardner

Bug Description

umockdev's test suite causes an immediate reboot on my Nexus 7. I tracked this down to opening /sys/devices/platform/tegra-i2c.4/i2c-4/4-006a/reg_status, e. g. with cat.

It should be possible to read all files in sysfs without (such dramatic) side effects. If it's really not safe to access a file, then it should at least be made root:root 0400 or similar, to avoid that every user and process can crash the machine.

Tags: patch saucy
Revision history for this message
Martin Pitt (pitti) wrote :

This also seems to affect other devices, e. g. "cat /sys/devices/tegradc.0/nvdps".

Revision history for this message
Seth Forshee (sforshee) wrote :

From /proc/last_kmsg after triggering the bug:

[ 455.974225] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: c03cfaa0
[ 455.974247]
[ 455.975220] [<c0014f14>] (unwind_backtrace+0x0/0x138) from [<c06d778c>] (panic+0x78/0x1ac)
[ 455.975778] [<c06d778c>] (panic+0x78/0x1ac) from [<c00638a4>] (init_oops_id+0x0/0x50)
[ 455.976095] [<c00638a4>] (init_oops_id+0x0/0x50) from [<00000000>] ( (null))
[ 455.976661] Rebooting in 10 seconds..

Tim Gardner (timg-tpi)
Changed in linux-grouper (Ubuntu Saucy):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Joseph Salisbury (jsalisbury)
tags: added: saucy
Revision history for this message
Tim Gardner (timg-tpi) wrote :
Revision history for this message
Tim Gardner (timg-tpi) wrote :
Revision history for this message
Tim Gardner (timg-tpi) wrote :
Revision history for this message
Tim Gardner (timg-tpi) wrote :

/sys/devices/tegradc.0/nvdps appears to be utterly wrong. If it isn't really being used, then perhaps we ought to just remove it. In the meantime I've added a patch to return -EFAULT if any of the pointers in the chain that reference 'nvdps' are NULL.

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-grouper - 3.1.10-6.17

---------------
linux-grouper (3.1.10-6.17) saucy; urgency=low

  [ Tim Gardner ]

  * smb347: Fix stack corruption
    - LP: #1190225
  * smb347: Do a better job of status register read error detection
    - LP: #1190225
  * tegra fb: fix NULL deref in sysfs
    - LP: #1190225
 -- Tim Gardner <email address hidden> Tue, 09 Jul 2013 08:43:40 -0600

Changed in linux-grouper (Ubuntu Saucy):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.