Android mtk cts failed android.security.cts.StagefrightTest#testStagefright_bug_38115076

此次是mt8163 android P 平台,开启TEE 后,cts这一项时 会黑屏重启使用的tee是 trustkernel
last_kmsg:
[ 202.795565] (0)[5147:MtkOmxVdecThrea][ERROR]DecHWLock TimeOut, CurrentTID = 5147
[ 202.796280] -(0)[5147:MtkOmxVdecThrea]m4u L2 interrupt sta=0x0
[ 202.796303] -(0)[5147:MtkOmxVdecThrea]m4u main interrupt happened: sta=0x105
[ 202.796369] -(0)[5147:MtkOmxVdecThrea]iommu0_0 F_INT_TRANS_F(m4u_slave_id)(0x1) int happens!!
[ 202.796379] -(0)[5147:MtkOmxVdecThrea]fault: port=VDEC_MC, mva=0x0, pa=0x0, layer=0, wr=0, 0x80
[ 202.796408] -(0)[5147:MtkOmxVdecThrea]Unable to handle kernel NULL pointer dereference at virtual address 00000208
[ 202.796417] -(0)[5147:MtkOmxVdecThrea]pgd = eacc0000
[ 202.796426] [00000208] *pgd=00000000
[ 202.796451] -(0)[5147:MtkOmxVdecThrea]Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 202.796475] disable aee kernel api[ 202.796483] -(0)[5147:MtkOmxVdecThrea]Kernel Offset: disabled
[ 202.796495] Modules linked in: wlan_drv_gen2 bf193000 (null) 1212416 0 (O) wmt_chrdev_wifi bf18b000 (null) 20480 0 (O) gps_drv bf17b000 (null) 49152 0 (O) fmradio_drv bf145000 (null) 180224 0 (O) bt_drv bf13b000 (null) 24576 0 (O) wmt_drv bf000000 (null) 1142784 0 (O)
[ 202.796563] -(0)[5147:MtkOmxVdecThrea]CPU: 0 PID: 5147 Comm: MtkOmxVdecThrea Tainted: G W O 4.9.117 #2
[ 202.796571] -(0)[5147:MtkOmxVdecThrea]Hardware name: Generic DT based system
[ 202.796584] -(0)[5147:MtkOmxVdecThrea]task: e6579bc0 task.stack: e6d5a000
[ 202.796599] -(0)[5147:MtkOmxVdecThrea]PC is at m4u_print_port_status+0x60/0x1c0
[ 202.796611] -(0)[5147:MtkOmxVdecThrea]LR is at m4u_print_port_status+0x134/0x1c0
[ 202.796624] -(0)[5147:MtkOmxVdecThrea]pc : [] lr :
[] psr: 80010193
[ 202.796624] sp : e6d5be28 ip : f093b000 fp : c11731e8
[ 202.796635] -(0)[5147:MtkOmxVdecThrea]r10: 00001000 r9 : 00000000 r8 : c11731ec
[ 202.796644] -(0)[5147:MtkOmxVdecThrea]r7 : 00000001 r6 : 00000000 r5 : c11731e8 r4 : 0000002b
[ 202.796658] -(0)[5147:MtkOmxVdecThrea]r3 : 00000001 r2 : 00000000 r1 : 00000000 r0 : f0cfe000
[ 202.796669] -(0)[5147:MtkOmxVdecThrea]Flags: Nzcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none
[ 202.796679] -(0)[5147:MtkOmxVdecThrea]Control: 10c5383d Table: 6acc006a DAC: 00000051
[ 202.796689] -(0)[5147:MtkOmxVdecThrea]
[ 202.796689] PC: 0xc0659f80:
[ 202.796703] 9f80 e5830150 e3500000 1a000000 ebfff3d0 e59f0004 e8bd4008 ea156e48 c1173970
[ 202.796757] 9fa0 e92d47f0 e2506000 e1a07001 0a000062 e30a1874 e30351e8 e59f2198 e34c10ec
[ 202.796817] 9fc0 e34c5117 ebf26952 e5952000 e3520000 da000051 e59f8180 e3a04000 ea000023
[ 202.796869] 9fe0 e3540036 ca00001d e5d31005 e3032568 e3a03001 e34c21a2 e1a03113 e5922040
[ 202.796918] a000 e5922208 f57ff04f e0033002 e2961000 e16f2f13 13a01001 e3570000 e1a022a2
[ 202.796968] a020 03a02000 e1510002 9a00000c e3590000 1a00003e e5952000 e1540002 ca00003b
[ 202.797016] a040 e0642184 e7982102 e2933000 e30a1884 e34c10ec e1a00006 13a03001 ebf2692c
[ 202.797066] a060 e5952000 e2844001 e1520004 da000028 e1a09fa4 e1540002 b1a03009 a3893001
[ 202.797115] -(0)[5147:MtkOmxVdecThrea]
[ 202.797115] LR: 0xc065a054:
[ 202.797124] a054 e1a00006 13a03001 ebf2692c e5952000 e2844001 e1520004 da000028 e1a09fa4
[ 202.797177] a074 e1540002 b1a03009 a3893001 e3530000 1a000018 e0643184 e0853103 e2833004
[ 202.797226] a094 e5d32004 e3120003 1affffcf e5953000 e30321e8 e34c2117 e1540003 aa000014
[ 202.797275] a0b4 e0643184 e3a01001 e0822103 e5d20008 e5d2a009 e1a00220 e1a0aa11 eb000c2e
[ 202.797324] a0d4 e5903f00 f57ff04f e003300a e5902f04 f57ff04f eaffffc7 e3090078 e1a01004
[ 202.797374] a0f4 e34c00ec e3a030a6 ebf0203b e3590000 0affffe5 e3a0a001 e3a00000 eaffffee
[ 202.797423] a114 e3560000 0a00000d e3011bc8 e1a00006 e34c10e4 e8bd47f0 eaf268f8 e3082048
[ 202.797472] a134 e34c20ec eaffffc2 e30351e8 e34c5117 e5952000 e3520000 caffffa0 e8bd87f0
[ 202.797521] -(0)[5147:MtkOmxVdecThrea]
[ 202.797521] SP: 0xe6d5bda8:
[ 202.797533] bda8 00000001 00040975 379b2da7 c065a000 80010193 ffffffff e6d5be0c c11731ec
[ 202.797582] bdc8 e6d5a000 00001000 c11731e8 c010e53c f0cfe000 00000000 00000000 00000001
[ 202.797631] bde8 0000002b c11731e8 00000000 00000001 c11731ec 00000000 00001000 c11731e8
[ 202.797681] be08 f093b000 e6d5be28 c065a0d4 c065a000 80010193 ffffffff 00000051 bf000000
[ 202.797730] be28 c1114808 00000011 00000000 00000105 c1a23568 00000000 00000000 c065a844
[ 202.797778] be48 00000000 00000000 00000080 00000000 00000000 ee06b860 00000000 00000000
[ 202.797827] be68 00000001 00000000 f0803000 a8edf1e0 a8ec4800 c01b7768 e6579bc0 ecf30f00
[ 202.797876] be88 00000017 a83b0c40 c1992370 00000054 ecf30f70 00040975 e6d5bfb0 00000000
[ 202.797925] -(0)[5147:MtkOmxVdecThrea]
[ 202.797925] IP: 0xf093af80:
[ 202.797933] af80 ******** ******** ******** ******** ******** ******** ******** ********
[ 202.797988] afa0 ******** ******** ******** ******** ******** ******** ******** ********
[ 202.798037] afc0 ******** ******** ******** ******** ******** ******** ******** ********
[ 202.798087] afe0 ******** ******** ******** ******** ******** ******** ******** ********
[ 202.798136] b000 00000000 6d9b3009 6d9b3409 6d9b3809 6d9b8009 6d9b8409 6d9b8809 6d9b9009
[ 202.798185] b020 6d9b9409 6d9b9809 6b874009 6b877c09 6b875c09 6b877409 6b876409 6b876809
[ 202.798236] b040 6b054009 6b054409 6b9c3409 6b9c3c09 6b86f809 6ae40009 55b07009 55b06c09
[ 202.798286] b060 55b07c09 55b07809 55b72409 6737e009 68b51809 507b7009 55b04009 55b04c09
[ 202.798336] -(0)[5147:MtkOmxVdecThrea]

通过上面的log可以看到
由于NULL POINT 导致 KE
mtk 代码目录:
kernel-4.9/drivers/mis/mediatek/m4u/mt8163/m4u_hw.c

void m4u_print_port_status(struct seq_file *seq, int only_print_active)
{
#ifndef M4U_TEE_SERVICE_ENABLE
	int port, mmu_en, sec;
	int m4u_index, larb, larb_port;
	unsigned long larb_base;

	M4U_PRINT_LOG_OR_SEQ(seq, "%s ========>\n", __func__);

	smi_common_clock_on();
	larb_clock_all_on();

	for (port = 0; port < gM4u_port_num; port++) {
		m4u_index = m4u_port_2_m4u_id(port);
		if (m4u_index == 0) {
			larb = m4u_port_2_larb_id(port);
			larb_port = m4u_port_2_larb_port(port);
			larb_base = mtk_smi_larb_get_base(larb);

			mmu_en =
			    m4uHw_get_field_by_mask(larb_base, SMI_LARB_MMU_EN,
						    F_SMI_MMU_EN(larb_port, 1));
			sec =
			    m4uHw_get_field_by_mask(larb_base, SMI_LARB_SEC_EN,
						    F_SMI_SEC_EN(larb_port, 1));

		} else {
			if (port > M4U_PORT_HSIC_DMA_0P)
				continue;

			larb_port = m4u_port_2_larb_port(port);

			mmu_en = m4uHw_get_field_by_mask(gPericfgBaseAddr,
						REG_PERIAXI_BUS_CTL3,
						F_PERI_MMU_EN(larb_port, 1));
		}

		if (only_print_active && !mmu_en)
			continue;
		M4U_PRINT_LOG_OR_SEQ(seq, "%s(%d),",
				m4u_get_port_name(port), !!mmu_en);
	}

	larb_clock_all_off();
	smi_common_clock_off();

	M4U_PRINT_LOG_OR_SEQ(seq, "\n");
#endif
}


只要把invoke 这个函数的地方注释掉即可cts 过

你可能感兴趣的:(Android,tool,mtk,tool)