連匯頂PC端燒寫工具手機崩潰分析

1:通地err.txt定位錯誤指令位置，運行到函數vfs_read+偏移位0xd4行代碼報錯,查詢System.map文件
重定位運行時地址是c0112fac,+偏移位0xd4 等於c0113980,這個地址剛好吻和下面log
[   45.521911] c2 PC is at vfs_read+0xd4/0x148
[   45.521942] c2 LR is at proc_reg_read+0x88/0x90
[   45.521942] c2 pc : [<c0113080>]    lr : [<c015f800>]    psr: 20070013
2:查找vfs_read所對應的源c代碼文件，然後找到對應的目標二進制文件，生成反編譯文件。如下所示指令
  arm-eabi-objdump -Slz out/target/product/sd5031/obj/KERNEL/fs/read_write.o > err.S
3：查詢編譯文件err.S得知vfs_read不重定位運行地址是0x00000888，+偏移位0xd4定位到代碼出錯位置是0x95c，對應下面err.S文件內容
00000888 <vfs_read>:
vfs_read():


  static inline void fsnotify_access(struct file *file)
{
struct path *path = &file->f_path;
struct inode *inode = path->dentry->d_inode;
     95c: e5917028 ldr r7, [r1, #40] ; 0x28
/home/jamesguo/SP7731_NEW/kernel/include/linux/fsnotify.h:198
__u32 mask = FS_ACCESS;
4：查err.txt r1=3e38322f, ldr r7, [r1, #40] ; 0x28,把r1+0x28,剛好等於3E383257，它的地址賦給r7,而r7=00000000，爲空，所以
報下錯誤，與下面log吻和。
 [   44.698272] c0 android_work: sent uevent USB_STATE=CONFIGURED
[   45.482604] c2 Unable to handle kernel paging request at virtual address 3e383257
[   45.490142] c2 pgd = d3694000
[   45.493072] [3e383257] *pgd=00000000
[   45.496673] c2 Internal error: Oops: 5 [#1] PREEMPT SMP ARM
5：綜上所述：c0113080地址處訪問了空指針。對應代碼出錯位置，下面*path是空地址。
   struct path *path = &file->f_path;
struct inode *inode = path->dentry->d_inode;
6：進一步跟跟蹤。vfs_read<---proc_reg_read<----goodix_tool_read,說明是tp驅動對應的proc文件讀函數出錯了。如下diff，無struct file *flie這個參數，
 goodix_tool_read原型有出錯。修改後不崩潰。vfs_read裏面剛好有調用到fsnotify_access。
  -static s32 goodix_tool_read( char *page, char **start, off_t off, int count, int *eof, void *data );
+//static s32 goodix_tool_read( char *page, char **start, off_t off, int count, int *eof, void *data );
+static s32 goodix_tool_read( struct file *flie, char __user *page, unsigned long size, long long *ppos );


還有一方法。
1：用指令直接生成彙編c代碼
   arm-linux-androideabi-obj -Slz out/target/product/sd5031/obj/KERNEL/vmlinux > hui_c.S   
   下面log可以定位到編譯地址e5917028出錯，出錯函數是運行是地址就是vfs_read+0xd4的位置
    通過查找hui_c.S文件定位到出錯代碼位置，在定位出錯原因。
 
[   45.523284] c2 [<c0113080>] (vfs_read+0xd4/0x148) from [<c0113670>] (SyS_read+0x4c/0x7c)
[   45.523284] c2 [<c0113670>] (SyS_read+0x4c/0x7c) from [<c000f880>] (ret_fast_syscall+0x0/0x48)
[   45.523284] c2 Code: e1a05000 da00001b e594100c e5948028 (e5917028)