天启android5.1系统无法在非1650批次号的rk3288w芯片上启动
天启android5.1系统无法在非1650批次号的rk3288w芯片上启动
挂掉log,说明在rtc初始化后挂掉
[ 1.420240] ======== PULL WL_REG_ON(-) HIGH! ========
[ 1.420246] [WLAN_RFKILL]: rockchip_wifi_power:
[ 1.420253] [WLAN_RFKILL]: rockchip_wifi_ref_voltage:
[ 1.420258] [WLAN_RFKILL]: rockchip_wifi_ref_voltage: wifi io reference voltage control is disabled.
[ 1.420759] android_usb gadget: Mass Storage Function, version: //
[ 1.420768] android_usb gadget: Number of LUNs=
[ 1.420776] lun0: LUN: removable file: (no medium)
[ 1.420782] lun1: LUN: removable file: (no medium)
[ 1.420924] android_usb gadget: android_usb ready
[ 1.420991] sensor_init: Probe name sensors
[ 1.421006] sensor-dev.c v1. add angle calculation support between two gsensors --
[ 1.421532] rtc_hym8563 -: setting system clock to -- :: UTC ()
[ 1.430593] u?
开发板正常log,说明在snd-usb-audio初始化前挂掉
[ 2.456978] sensor_init: Probe name sensors
[ 2.456995] sensor-dev.c v1. add angle calculation support between two gsensors --
[ 2.457525] rtc_hym8563 -: setting system clock to -- :: UTC ()
[ 2.463556] rockchip-spdif-card rockchip-spdif-card.: rk-hdmi-spdif-hifi <-> ff880000.rockchip-spdif mapping ok
[ 2.464517] ret
[ 2.464896] usbcore: registered new interface driver snd-usb-audio
[ 2.464903] ALSA device list:
[ 2.464908] #: RK_ES8323
[ 2.464912] #: RK-SPDIF-CARD
system.map
kernel 部分驱动启动顺序映射表
c0c11154 t __initcall_init7
c0c11158 t __initcall_sensor_init7
c0c1115c t __initcall_rtc_hctosys7
c0c11160 t __initcall_sync_debugfs_init7
c0c11164 t __initcall_clk_debug_init7
c0c11168 t __initcall_rockchip_headset_init7
c0c1116c t __initcall_rockchip_spdif_init7
c0c11170 t __initcall_tcp_congestion_default7
c0c11174 t __initcall_tcp_fastopen_init7
c0c11178 t __initcall_ip_auto_config7
c0c1117c t __initcall_drm_misc_init7s
c0c11180 t __initcall_clk_disable_unused7s
c0c11184 t __initcall_snd_usb_audio_init7s
c0c11188 t __initcall_alsa_sound_last_init7s
c0c1118c t __initcall_initialize_hashrnd7s
c0c11190 T __con_initcall_end
c0c11190 T __con_initcall_start
c0c11190 T __initcall_end
c0c11190 t __initcall_selinux_init
在rtc_hctosys与snd_usb_audio启动之间有以下驱动程序初始化
c0c11160 t __initcall_sync_debugfs_init7
c0c11164 t __initcall_clk_debug_init7
c0c11168 t __initcall_rockchip_headset_init7
c0c1116c t __initcall_rockchip_spdif_init7
c0c11170 t __initcall_tcp_congestion_default7
c0c11174 t __initcall_tcp_fastopen_init7
c0c11178 t __initcall_ip_auto_config7
c0c1117c t __initcall_drm_misc_init7s
c0c11180 t __initcall_clk_disable_unused7s
在这些驱动函数初始化中加入log调试
挂掉log:
[ 3.037934] sensor_init: Probe name sensors
[ 3.037949] sensor-dev.c v1. add angle calculation support between two gsensors --
[ 3.038475] rtc_hym8563 -: setting system clock to -- :: UTC ()
[ 3.044644] rockchip-spdif-card rockchip-spdif-card.: rk-hdmi-spdif-hifi <-> ff880000.rockchip-spdif mapping ok
[ 3.044959] carroll : tcp_fastopen_init
[ 3.044987] carroll : ip_auto_config
u�
正常启动log为:
[ 2.456978] sensor_init: Probe name sensors
[ 2.456995] sensor-dev.c v1. add angle calculation support between two gsensors --
[ 2.457525] rtc_hym8563 -: setting system clock to -- :: UTC ()
[ 2.463556] rockchip-spdif-card rockchip-spdif-card.: rk-hdmi-spdif-hifi <-> ff880000.rockchip-spdif mapping ok
[ 2.463889] carroll : tcp_fastopen_init
[ 2.463917] carroll : ip_auto_config
[ 2.464517] ret
[ 2.464588] carroll : clk_disable_unused
[ 2.464896] usbcore: registered new interface driver snd-usb-audio
[ 2.464903] ALSA device list:
[ 2.464908] #: RK_ES8323
[ 2.464912] #: RK-SPDIF-CARD
对比上述驱动初始化顺序表发现只剩下一个驱动初始化的嫌疑
c0c1117c t __initcall_drm_misc_init7s
查找drm_misc_init在整个SDK中 grep drm_misc_init -r firefly-rk3288_android5.1_git_20180126/*
firefly-rk3288_android5.1_git_20180126/android.iws: <find>drm_misc_init</find>
Binary file firefly-rk3288_android5.1_git_20180126/kernel/.tmp_vmlinux2 matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/vmlinux matches
firefly-rk3288_android5.1_git_20180126/kernel/System.map:c0be3a14 t drm_misc_init
firefly-rk3288_android5.1_git_20180126/kernel/System.map:c0c1111c t __initcall_drm_misc_init7s
Binary file firefly-rk3288_android5.1_git_20180126/kernel/pie/pie_stage1.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/pie/pie_stage2.o matches
firefly-rk3288_android5.1_git_20180126/kernel/.tmp_System.map:c0be3a14 t drm_misc_init
firefly-rk3288_android5.1_git_20180126/kernel/.tmp_System.map:c0c1111c t __initcall_drm_misc_init7s
Binary file firefly-rk3288_android5.1_git_20180126/kernel/vmlinux.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtd matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/built-in.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtdrm.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/built-in.o matches
发现并没有drm_misc_init的函数,到此嫌疑只能推给这几个文件了
Binary file firefly-rk3288_android5.1_git_20180126/kernel/.tmp_vmlinux2 matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/vmlinux matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/pie/pie_stage1.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/pie/pie_stage2.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/vmlinux.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtd matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/built-in.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtdrm.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/built-in.o matches
根据名字可能再筛选出以下三个
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtd matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtdrm.o matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/built-in.o matches
可能是这两个的原因
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtd matches
Binary file firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtdrm.o matches
调试发现firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/目录下的Makefile发现
删除此驱动模块编译注册 obj-y += virtdrm.o
产生编译错误
OBJCOPY pie/pie.bin
OBJCOPY pie/pie.bin.o
LD pie/built-in.o
GEN .version
CHK include/generated/compile.h
UPD include/generated/compile.h
CC init/version.o
LD init/built-in.o
drivers/built-in.o: In function `mmc_blk_shutdown':
binder.c:(.text+0x338e90): undefined reference to `mmc_blk_emmc_remove'
drivers/built-in.o: In function `mmc_blk_probe':
binder.c:(.text+0x33ae28): undefined reference to `mmc_blk_emmc_add'
drivers/built-in.o: In function `mmc_blk_remove':
binder.c:(.text+0x33b270): undefined reference to `mmc_blk_emmc_remove'
make: *** [vmlinux] Error
/work/rk3288/firefly-rk3288_android5.1_git_20180126
TARGET_PRODUCT=rk3288_box
TARGET_HARDWARE=rk30board
IMG_TARGET=all , ota = withoutkernel
system filesysystem is ext4
然后分别屏蔽代码调用
编译成功并且跳过之前挂掉的地方,但是在内核启动完成后挂了 log
[ 2.446169] sensor_init: Probe name sensors
[ 2.446183] sensor-dev.c v1. add angle calculation support between two gsensors --
[ 2.446709] rtc_hym8563 -: setting system clock to -- :: UTC ()
[ 2.452731] rockchip-spdif-card rockchip-spdif-card.: rk-hdmi-spdif-hifi <-> ff880000.rockchip-spdif mapping ok
[ 2.453062] carroll : tcp_fastopen_init
[ 2.453091] carroll : ip_auto_config
[ 2.453108] carroll : clk_disable_unused
[ 2.453418] usbcore: registered new interface driver snd-usb-audio
[ 2.453426] ALSA device list:
[ 2.453430] #: RK_ES8323
[ 2.453435] #: RK-SPDIF-CARD
分析原因屏蔽掉的源码为添加emmc设备,屏蔽后添加失败,文件系统初始化不成功
[ 1.650105] ..dw_mci_set_ios: no card. [mmc1]
[ 1.662562] mmc0: BKOPS_EN bit is not set
[ 1.664435] rk_sdmmc: BOOT Bus speed=0Hz,Bus width=8bits.[mmc0]
[ 1.666717] mmc_host mmc0: Bus speed (slot ) = 100000000Hz (slot req 100000000Hz, actual 100000000HZ div = )
[ 1.666742] rk_sdmmc: BOOT dw_mci_setup_bus: argue clk_mmc workaround out normal clock [mmc0]
[ 1.666764] [mmc0] tuning regsbase addr 0x218.
[ 1.667453] [mmc0] Data transmission error !!!! MINTSTS: [0x00000088]
[ 1.667464] [mmc0] host was already tuning, Don't need to retry tune again ignore 0.
[ 1.667492] dwmmc_rockchip ff0f0000.rksdmmc: Tuning error: cmd.error:, data.error:-
[ 1.667518] [mmc0] Data transmission error !!!! MINTSTS: [0x00000088]
[ 1.667527] [mmc0] host was already tuning, Don't need to retry tune again ignore 0.
[ 1.667554] dwmmc_rockchip ff0f0000.rksdmmc: Tuning error: cmd.error:-, data.error:-
[ 1.667580] [mmc0] Data transmission error !!!! MINTSTS: [0x00000088]
[ 1.667589] [mmc0] host was already tuning, Don't need to retry tune again ignore 0.
[ 1.667615] dwmmc_rockchip ff0f0000.rksdmmc: Tuning error: cmd.error:-, data.error:-
[ 1.667640] [mmc0] Data transmission error !!!! MINTSTS: [0x00000088]
[ 1.667649] [mmc0] host was already tuning, Don't need to retry tune again ignore 0.
[ 1.667676] dwmmc_rockchip ff0f0000.rksdmmc: Tuning error: cmd.error:, data.error:-
[ 1.667722] dwmmc_rockchip ff0f0000.rksdmmc: Good phase range - ( len)
[ 1.667733] dwmmc_rockchip ff0f0000.rksdmmc: Good phase range - ( len)
[ 1.667744] dwmmc_rockchip ff0f0000.rksdmmc: Best phase range - ( len)
[ 1.667754] dwmmc_rockchip ff0f0000.rksdmmc: Successfully tuned phase to
[ 1.667796] mmc0: new HS200 MMC card at address
[ 1.668069] mmcblk0: mmc0: AJNB4R 14.5 GiB
[ 1.668202] mmcblk0rpmb: mmc0: AJNB4R partition 4.00 MiB
[ 1.668519] uboot: 0x000400000 -- 0x000800000 ( MB)
[ 1.668530] misc: 0x000800000 -- 0x000c00000 ( MB)
[ 1.668539] resource: 0x000c00000 -- 0x001c00000 ( MB)
[ 1.668548] kernel: 0x001c00000 -- 0x002c00000 ( MB)
[ 1.668557] boot: 0x002c00000 -- 0x004c00000 ( MB)
[ 1.668566] recovery: 0x004c00000 -- 0x006c00000 ( MB)
[ 1.668574] backup: 0x006c00000 -- 0x00a000000 ( MB)
[ 1.668583] cache: 0x00a000000 -- 0x012000000 ( MB)
[ 1.668591] kpanic: 0x012000000 -- 0x012400000 ( MB)
[ 1.668599] system: 0x012400000 -- 0x072400000 ( MB)
[ 1.668608] metadata: 0x072400000 -- 0x073400000 ( MB)
[ 1.668616] baseparamer: 0x073400000 -- 0x073800000 ( MB)
[ 1.668625] userdata: 0x077800000 -- 0x3a3a00000 ( MB)
[ 1.668653] mmcblk0: p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 p13[ 1.669832] dwmmc_rockchip ff0c0000.rksdmmc: DW MMC controller ao
[ 1.669848] dwmmc_rockchip ff0c0000.rksdmmc: slots initialized
[ 1.670158] dw cru_regsbase addr 0x1d8.
[ 1.670168] dw cru_reset_offset val .
[ 1.670179] dwmmc_rockchip ff0d0000.rksdmmc: Version ID is 270a
[ 1.670218] dwmmc_rockchip ff0d0000.rksdmmc: failed to get hpclk_mmc
[ 1.670473] dwmmc_rockchip ff0d0000.rksdmmc: Using internal DMA controller.
[ 1.670605] dw_mci_init_slot: fmin=, fmax= [mmc2]
[ 1.670851] ..dw_mci_set_ios: no card. [mmc2]
------------------------------------------------------------------------------------------
[ 1.670945] carroll : mmc_blk_probe mmc_blk_emmc_add
------------------------------------------------------------------------------------------
[ 1.670992] ..dw_mci_set_ios: no card. [mmc1]
[ 1.689476] ..dw_mci_set_ios: no card. [mmc2]
[ 1.709161] ..dw_mci_set_ios: no card. [mmc2]
[ 1.709185] dwmmc_rockchip ff0d0000.rksdmmc: DW MMC controller at irq , bit host data width, deep fifo
[ 1.709198] dwmmc_rockchip ff0d0000.rksdmmc: slots initialized
说明这里不能删除只能做修改兼容其他批次cpu
再次把问题锁定文件,下边几个文件好像是天启android5.1特供的,就是这个东西让内核挂掉的,天启android4.4以及荣品都能正常开机,并且源码中也无下属文件
firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtdrm.o文件
firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtd
firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtdrm.mod.c
firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/.virtdrm.o.cmd
天启2017年07-21添加kernel->driver:fix queue file,才添加的这几个文件
https://bitbucket.org/T-Firefly/firenow-lollipop/commits/bd3833f7c215b3f907464866510412ae505d2e73
最终将问题锁定在编译产生的二进制文件firefly-rk3288_android5.1_git_20180126/kernel/drivers/char/virtd
下节尝试逆向分析
天启android5.1系统无法在非1650批次号的rk3288w芯片上启动的更多相关文章
- Linux系统下给非root用户添加sudo权限
Linux系统下给非root用户添加sudo权限 有时,在linux系统中非root用户运行sudo命令,会提示类似信息: xxx is not in the sudoers file. This ...
- Android5.1系统WebView内存泄漏场景
问题现象 (该文章,引自零号路的私人博客,本人在浏览框架的开发过程中,用该方式,规避了内存泄露的问题.) 在Android5.1系统中,会发现App存在 WebView 泄漏情况,还比较严重.并且只是 ...
- 迅为iTOP-4418开发板-Android5.1系统编译补充
基于iTOP-4418开发板-Android5.1系统编译补充 5.6 编译-20181225 日期之后的源码 本文档补充介绍 4418 编译网盘目录 “J:\局域网共享_阮\iTOP4418 开发板 ...
- 容器计划任务大坑:在alpine容器里,想用非root帐号执行crontab任务
我只能说抱歉,我前前后后测试了七天, 将自己预想的配置错误,一个一个去验证. 非root帐号在alpine容器里执行crontab任务,还是失败, 输出依旧是一片空白~ stackoverflow里, ...
- SQLSERVER聚集索引与非聚集索引的再次研究(上)
SQLSERVER聚集索引与非聚集索引的再次研究(上) 上篇主要说聚集索引 下篇的地址:SQLSERVER聚集索引与非聚集索引的再次研究(下) 由于本人还是SQLSERVER菜鸟一枚,加上一些实验的逻 ...
- Wireshark分析非标准端口号流量
Wireshark分析非标准端口号流量 2.2.2 分析非标准端口号流量Wireshark分析非标准端口号流量 应用程序运行使用非标准端口号总是网络分析专家最关注的.关注该应用程序是否有意涉及使用非 ...
- Java Web项目在Mac系统上启动时提示nodename nor servname provided的解决办法
今天在Mac系统上启动Java Web项目的时候,提示了Java.net.UnknownHostException: yangxiaomindeMacBook-Pro.local nodename n ...
- 【win10主机】连接virtualbox上【32位winXP系统虚拟机】上启动的mysql
问题Q: 在virtualbox上启动winXP系统虚拟机后,启动含oa项目的tomcat,数据库服务也运行起来了,虚拟机上连接无误: 在上一篇<主机访问 虚拟机启动的项目>基础上,尝试连 ...
- 初探RT-Thread系统在GD32E103x芯片上的使用,点亮LED灯
初探RT-Thread系统在GD32E103x芯片上的使用,点亮LED灯 前言 随着中美贸易战的加剧,很多公司越来越重视使用国产技术的重要性.使用国产技术,一方面可规避国外对技术的封锁造成产品核心 ...
随机推荐
- Tarjan 复习小结
总算把这几个东西策清楚了. 在\(Tarjan\)算法里面,有两个时间戳非常重要,一个是\(dfn\),意为深度优先数,即代表访问顺序:一个是\(low\),意为通过反向边能到达的最小\(dfn\), ...
- Python获取exe文件版本
import time, datetime, re, subprocess, sys, os, win32net, win32api, win32con, win32netcon, win32secu ...
- DGA域名检测
一.DGA域名原理 僵尸网络(Botnet):互联网上在蠕虫.木马.后门工具等,传统恶意代码形态的基础上发展.融合而产生的一种新型攻击方法. DNS(Domain Name System) :基于 U ...
- shell第一个脚本
mkdir 创建目录touch 创建空文件 chmod +x ./test.sh #使脚本具有执行权限
- 检查电脑链接的网络是否支持ipv6
测试方法一:在浏览器地址栏输入网址“http://test-ipv6.com/”,在页面会给出您的ipv6网络测试结果 测试方法二:在浏览器地址栏输入网址“http://ipv6.jmu.edu.cn ...
- BZOJ 3963: [WF2011]MachineWorks 斜率优化 + splay动态维护凸包
Description 你是任意性复杂机器公司(Arbitrarily Complex Machines, ACM)的经理,公司使用更加先进的机械设备生产先进的机器.原来的那一台生产机器已经坏了,所以 ...
- PKU P2411 Mondriaan's Dream
PKU P2411 Mondriaan's Dream 题目描述: Squares and rectangles fascinated the famous Dutch painter Piet Mo ...
- windows下源码安装调试postgresql
环境:windows 10 postgresql版本:postgresql-9.6.5 使用工具:vs2017社区版 辅助工具:perl.diff.flex.bison 相关工具下载地址: perl下 ...
- JS各种变量是true或者false列表
如果操作数是一个对象,返回true 如果操作数是一个空字符串,返回false如果操作数是一个非空字符串,返回true如果操作数是数值0,返回false如果操作数是任意非0数值(包括Infinity), ...
- HTML 浅层漫谈
讲到HTML最主要的就是如何给这个网页搭架子给他大致的把这个人物样子先慢慢画出来,然后我们后面去学习这个CSS还有JS的时候给这个雏形慢慢的去加一些东西,让你的网页变得越来越好看 1.标签的使用 a: ...