• Locked Locked
  • Replies 0 replies
  • Subscribers 97 subscribers
  • Views 1346 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Bugs in the pvrsrvinit binary of SGX drivers

Vaclav Blaha
Prodigy 10 points


Hi,

I discovered two bugs in the pvrsrvinit binary which is distributed with the SGX graphics drivers for Android. I'm not actually sure what DDK version I'm using (it was already unpacked in our repo when I first met it), however I believe its 1.8@945322 as the README of the SGX drivers (sgx/README) starts with

  SGX Binaries

  sgx.tgz now contains two sets of binaries. One built for SGX540 and one built for SGX544.
  The SGXCORE and SGC_CORE_REV is appended to the end of each file. pvrsrvinit is now a
  wrapper which detects the current processor and loads the corresponding core specific
  pvrsrvinit.

  [DDK Version]
  1.8@945322
  DDK commit ID: 840103005ba675b613bcd0e87881396a3d53b995
  Branch: remotes/origin/ti_ics_1.8
  Kernel modules built against:
  Kernel Version: 3.0.31 with CONFIG_MODVERSIONS=y

  This DDK require kernel patch for bltsville update header to 2.2
  http://review.omapzoom.org/#/c/26886/

SHA1 checksum of affected pvrsrvinit binary is 643862ddc9892ed92b223df3e9a612c38c5f1fd1

Our device is custom omap4-based board.

Discovered bugs are:

1) The binary creates a symlink /system/vendor/lib/libPVRScopeServices.so pointing to HW-dependent library (libPVRScopeServices_SGX540_120.so in our case). To be able to create the symlink, the binary remounts /system read write before symlink creation. This behavior is unconditional, it cannot be turned off by commandline argument and the mounts & link creation happen even if correct symlink already exists.

I think this whole behavior is a bug, as some devices may want /system read-only all the time (e.g. to perform signature verification of that partition). Such devices need to include proper symlink /system/vendor/lib/libPVRScopeServices.so at build time and have a chance to instruct pvrsrvinit not to remount /system in any case, which is not possible with current pvrsrvinit.

Solution is to add a command line argument to safely disable /system remounting & symlink creation.

2) There's a nasty bug in commands used to remount the partition - the commands used to remount the partition seems to be

  mount -o remount rw /system
  mount -o remount ro /system

The missing comma after remount actually turns the ro/rw flag to source device specification. And because source device is ignored with -o remount, both commands actually remounts /system read-write. So even if invoked with /system mounted ro, pvrsrvinit leaves with /system mounted rw!

Solution is to add missing comma after remount in both commands.