void sys_call( MSG *uptr, int n, int* up){
unsigned int count = INIT_VALUE();
unsigned int msglen = INIT_VALUE();
get_user(msglen, &(uptr->len)); // first read from user, t1
get_user(count, up); // disturbance fetch, value from other address
//..
char* buf = malloc(msglen); //
if( buf != NULL){
//..
get_user(count, up); // disturbance fetch, value from other address
copy_from_user(buf, uptr, count); // disturbance use
get_user(msglen, &(uptr->len)); // second read from user, t2
copy_from_user(buf, uptr, msglen); // real DF use
}
//...
}
void sys_call( MSG *uptr, int n){
char* buf = malloc(BUF_SIZE);
unsigned int msglen = INIT_VALUE();
unsigned int err = get_user(msglen, &(uptr->len)); // first read from user, t1
if(err)
return;
if(msglen + 4 < BUF_SIZE){
//..
//..
get_user(msglen, &(uptr->len)); // second read from user, t2
//..
copy_from_user(buf, uptr->text, msglen);
}
//...
}
void sys_call( MSG *uptr, int n){
unsigned int msglen = INIT_VALUE();
get_user(msglen, &(uptr->len)); // first read from user, t1
unsigned int copy_len = msglen - 4; // calculat args, pass t1 to copy_len
//..
//..
get_user(msglen, &(uptr->len)); // second read from user, t2
char* buf = malloc(msglen); //
if( buf != NULL){
//..
//..
copy_from_user(buf, uptr, copy_len); // if msglen - 4 < copy_len, then a buffer overflow occurs
}
//...
}
void PreferencesModel::initPreferences(PreferencesModel *preferences)
{
INIT_VALUE(AutoRunNextJob, true );
INIT_VALUE(MaxRunningJobCount, 1 );
INIT_VALUE(ShutdownComputer, false);
INIT_VALUE(Prefer64BitSource, false);
INIT_VALUE(SaveLogFiles, false);
INIT_VALUE(SaveToSourcePath, false);
INIT_VALUE(ProcessPriority, -1 );
INIT_VALUE(EnableSounds, false);
INIT_VALUE(DisableWarnings, false);
INIT_VALUE(NoUpdateReminder, false);
INIT_VALUE(AbortOnTimeout, true );
INIT_VALUE(SkipVersionTest, false);
INIT_VALUE(NoSystrayWarning, false);
}
//-----------------------------------------------------------------------------
// Test binary data transmission.
// Format in:
// <byte size>:<mode>
// Format out:
// <4 bytes binary checksum><#size bytes data>
// If echo mode, also:
// Format in:
// <#size bytes data>
// Format out:
// OK/ER - according to CRC match on incomin data
// Format in:
// DONE
//
// To Do:
// o Add mode/flag specifying 5-8 bit transfer.
// Test that 0xff gets masked off accordingly when transfered.
// (This should be an INFO result if failing)
// o Clean up the DUPLEX_ECHO implementation. Currently it's an ugly hack
// that doesn't match the arguments / behavior of the two other modes.
void
CeCosTestSerialFilter::CMD_TestBinary(CeCosSerial &pSer, char* args)
{
int size;
cyg_mode_t mode;
unsigned char *data_out, *data_in;
int i;
int crc;
int loop_count = 0;
INIT_VALUE(args);
SET_VALUE(int, size);
SET_VALUE(cyg_mode_t, mode);
// Change behavior for DUPLEX mode.
if (MODE_DUPLEX_ECHO == mode) {
loop_count = size;
size = 1024; // must be at least 4*block_size
}
// Generate data.
data_out = (unsigned char*) malloc(size);
if (!data_out) {
fprintf(stderr, "Could not allocate %d byte buffer for data!\n", size);
throw "data_out malloc failed";
}
data_in = (unsigned char*) malloc(size);
if (!data_in) {
fprintf(stderr, "Could not allocate %d byte buffer for data!\n", size);
throw "data_in malloc failed";
}
int count = 0;
for (i = 0; i < size; i++) {
// Output 255 chars, not 256 so that we aren't a multiple/factor of the
// likely buffer sizes in the system, this can mask problems as I've
// found to my cost!
unsigned char c = (unsigned char) (count++ % 255);
// don't allow $s and @s in the data, nor 0x03 (GDB C-c), nor flow
// control chars
if ('$' == c || '@' == c || 0x03 == c || 0x11 == c || 0x13 == c)
c = (unsigned char) '*';
data_out[i] = c;
}
// Do checksum.
crc = DoCRC(data_out, size);
// Send checksum to target.
SendChecksum(pSer, crc);
// Give the target 1/10th of a sec to digest it
CeCosThreadUtils::Sleep(100);
switch (mode) {
case MODE_NO_ECHO:
{
// Simple transmit. Don't expect target to echo data back.
TargetWrite(pSer, data_out, size);
ReceiveDone(pSer, NULL, 0);
}
break;
case MODE_EOP_ECHO:
{
int in_crc;
TargetWrite(pSer, data_out, size);
Trace("Finished write, waiting for target echo.\n");
// Expect target to echo the data
TargetRead(pSer, data_in, size);
// Check echoed data, and reply OK/ER accordingly.
in_crc = DoCRC(data_in, size);
SendStatus(pSer, (in_crc == crc));
// Dump seen/expected on console.
if (in_crc != crc) {
Trace("Data seen:\n");
PrintHex(data_in, size);
Trace("<end>\n");
Trace("Data expected:\n");
PrintHex(data_out, size);
Trace("<end>\n");
}
ReceiveDone(pSer, data_in, size);
}
break;
case MODE_DUPLEX_ECHO:
{
int block_size = 64;
int fail, j;
// This is a simple implementation (maybe too simple).
// Host sends 4 packets with the same size (64 bytes atm).
// Target echoes in this way:
// packet1 -> packet1
// packet2 -> packet2, packet2
// packet3 -> packet3
// packet4 -> /dev/null
//
// The reads/writes are interleaved in a way that should ensure
// the target out buffer to be full before the target starts to read
// packet3. That is, the target should be both receiving (packet3)
// and sending (packet2) at the same time.
// This code needs restructuring. It's not very obvious what's
// happening: The same block of data is output several times,
// the target echoes the data back (one of the blocks is
// echoed twice). Then the echoed data is compared agains the
// outgoing data block.
fail = 0;
while (loop_count--) {
int i;
for (i = 0; i < block_size*4; i++)
data_in[i] = 0;
// out1: block_size -> block_size
TargetWrite(pSer, data_out, block_size);
// out2: block_size -> 2 x block_size
TargetWrite(pSer, data_out, block_size);
// in1:
TargetRead(pSer, data_in, block_size);
// out3: block_size -> block_size
TargetWrite(pSer, data_out, block_size);
// in2:
TargetRead(pSer, &data_in[block_size], 2*block_size);
// out4: block_size -> 0
TargetWrite(pSer, data_out, block_size);
// in3:
TargetRead(pSer, &data_in[block_size*3], block_size);
if (0 == loop_count % 10)
Trace("%d loops to go\n", loop_count);
// Verify data.
if (!fail) {
for (j = 0; j < 4 && !fail; j++) {
for (i = 0; i < block_size && !fail; i++) {
if (data_out[i] != data_in[j*block_size + i]) {
fail = 1;
Trace("Failed at byte %d\n", j*block_size + i);
Trace("Data seen:\n");
PrintHex(&data_in[j*block_size],
block_size);
Trace("<end>\n");
Trace("Data expected:\n");
PrintHex(data_out, block_size);
Trace("<end>\n");
}
}
}
}
}
// Check echoed data, and reply OK/ER accordingly.
SendStatus(pSer, (!fail));
ReceiveDone(pSer, data_in, block_size*4);
}
break;
default:
Trace("Unknown mode. Ignoring.\n");
}
// Free buffer.
free(data_in);
free(data_out);
}
// Parse config string from target and set new_cfg accordingly.
// String from target is:
// <baud rate>:<data bits>:<stop bits>:<parity>:....
void
CeCosTestSerialFilter::ParseConfig(char* args, ser_cfg_t* new_cfg)
{
int ecos_parity, ecos_stop_bits, ecos_baud_rate, ecos_flags;
CeCosSerial::StopBitsType t2h_stop_bits[3] = {
CeCosSerial::ONE_STOP_BIT,
CeCosSerial::ONE_POINT_FIVE_STOP_BITS,
CeCosSerial::TWO_STOP_BITS};
INIT_VALUE(args);
SET_VALUE(int, ecos_baud_rate);
SET_VALUE(int, new_cfg->data_bits);
SET_VALUE(int, ecos_stop_bits);
SET_VALUE(int, ecos_parity);
SET_VALUE(int, ecos_flags);
new_cfg->parity = (ecos_parity != 0) ? true : false;
new_cfg->stop_bits = t2h_stop_bits[ecos_stop_bits - 1];
// flags is an optional field
if ( -1 == ecos_flags )
new_cfg->flags = FLOW_NONE;
else
new_cfg->flags = ecos_flags;
// eCos->human translation of serial baud rate. This table must
// match the one in io/serial/current/include/serialio.h
static const int tt_baud_rate[] = {
-1, // 0 invalid
50, // 1 50
75, // 2 75
110, // 3
135, // 4 134_5
150, // 5
200, // 6 200
300, // 7
600, // 8
1200, // 9
1800, // 10 1800
2400, // 11
3600, // 12 3600
4800, // 13
7200, // 14 7200
9600, // 15
14400, // 16 14400
19200, // 17
38400, // 18
57600, // 19
115200, // 20
234000 // 21 234000
};
if (ecos_baud_rate > 0 && ecos_baud_rate < (int) sizeof(tt_baud_rate))
ecos_baud_rate = tt_baud_rate[ecos_baud_rate];
else
ecos_baud_rate = -2;
new_cfg->baud_rate = ecos_baud_rate;
Trace("Parsed Config baud=%d, bParity=%d, stopbits=%d, databits=%d\n",
new_cfg->baud_rate, (int) new_cfg->parity, new_cfg->stop_bits,
new_cfg->data_bits);
Trace("Parsed Config xonxoff_rx=%d,tx=%d, rtscts_rx=%d,tx=%d, "
"dsrdtr_rx=%d,tx=%d\n",
(new_cfg->flags & FLOW_XONXOFF_RX) != 0,
(new_cfg->flags & FLOW_XONXOFF_TX) != 0,
(new_cfg->flags & FLOW_RTSCTS_RX) != 0,
(new_cfg->flags & FLOW_RTSCTS_TX) != 0,
(new_cfg->flags & FLOW_DSRDTR_RX) != 0,
(new_cfg->flags & FLOW_DSRDTR_TX) != 0);
}
bool
CeCosTestDownloadFilter::FilterFunctionProper(void*& pBuf,
unsigned int& nRead,
CeCosSerial& serial,
CeCosSocket& socket)
{
char* buffer = (char*) pBuf;
// Assume the worst - don't allow session to continue until a successful
// download.
m_bContinueSession = false;
// Output the serial data if option enabled
if (m_bOptSerDebug)
PrintHex((unsigned char*) buffer, nRead);
// Stop here if in NULL-filter mode
if (m_bNullFilter)
return true;
// Command handling.
// Be strict here; very first byte we see must be the start marker,
// else go into NULL-filter mode
unsigned int i = 0;
if (!m_bCmdFlag) {
if ('@' != buffer[i]) {
m_bNullFilter = true;
return true;
}
m_bCmdFlag = true;
}
// If reading a command, look for the end marker.
if (m_bCmdFlag) {
char c = 0;
while (i < nRead && m_nCmdIndex < MAX_CMD_LEN) {
c = buffer[i++];
m_aCmd[m_nCmdIndex++] = c;
if ('!' == c) {
if (i != nRead) {
throw _T("Extra bytes after command packet!?!");
}
}
}
if (MAX_CMD_LEN == m_nCmdIndex) {
Trace("Received too long command. Ignoring it!\n");
m_nCmdIndex = 0;
m_bCmdFlag = false;
} else if ('!' == c) {
// Was the command completed?
m_aCmd[m_nCmdIndex - 1] = 0;// terminate cmd
m_nCmdIndex = 0;
m_bCmdFlag = false;
// command now in m_aCmd[]
Trace("Got command %s\n", m_aCmd);
// After this, never interfere.
m_bNullFilter = true;
// Get arguments: @<length>:<dl_address>:<start_address>!
int length, packet_size;
unsigned long dl_addr, start_addr;
INIT_VALUE(&m_aCmd[1]);
SET_VALUE(int, length);
SET_VALUE(unsigned long, dl_addr);
SET_VALUE(unsigned long, start_addr);
SET_VALUE(int, packet_size);
Trace("len %d, dl %08x, start %08x, packet_size %d\n",
length, dl_addr, start_addr, packet_size);
// Reply so host will send file.
socket.send("@", 1);
// Read file from host
Buffer buf(length);
if (socket.recv(buf.Data(), length)) {
// Remember old blocking state, and set serial to
// blocking reads.
bool __blocking = serial.GetBlockingReads();
serial.SetBlockingReads(true);
serial.Flush();
// Send + to target, acking whatever packet was pending
unsigned int __written = 0;
serial.Write((void*)"+", 1, __written);
// Convert to packets and transfer to target.
if (put_binary((unsigned char*) buf.Data(),
length, dl_addr, packet_size, serial)) {
// Send detach signal to target
unsigned char ch;
unsigned int __read;
serial.Write((void*)"$D#44", 5, __written);
serial.Read(&ch, 1, __read);
// Reply to host marking end of download
socket.send("+", 1);
// Let server know it's OK to accept another connection
// in this session.
m_bContinueSession = true;
} else {
// Reply to host marking failed download
socket.send("-", 1);
}
// Reset previous blocking mode
serial.SetBlockingReads(__blocking);
} else {
// Reply to host marking failed file transfer
socket.send("?", 1);
}
}
nRead = 0; // Never leave anything for caller
// This is a violation of the intended
// filter function behavior.
}
return true;
}