int main(int argc, char *argv[])
{
unsigned long srv_name = nam2num("SRV");
RT_TASK *srv;
pid_t pid, my_pid ;
int err, i, count, msglen, *zpt ;
RTIME period, delay;
char *opt;
QBLK *q;
hrt = 1;
crashkern = 0;
for( i=1 ; i < argc ; i++ ) {
opt = argv[i];
switch((*opt<<8) + *(opt+1)) {
case OPT_MINUS('k'):
crashkern++;
break;
case OPT_MINUS('f'):
crashfunc++;
break;
case OPT_MINUS('q'):
query++;
break;
case OPT_MINUS('s'):
hrt--;
break;
}
}
if(query) {
printf("STOMP OVER KERNEL MEMORY FROM KERNEL (!=0) OR USER SPACE CODE (==0):");
scanf("%d", &crashkern);
printf("STOMP OVER KERNEL MEMORY FROM QBLK FUNCTION (!=0) OR NORMAL USER SPACE (==0):");
scanf("%d", &crashfunc);
printf("STOMP OVER KERNEL MEMORY FROM HARD REALTIME (!=0) OR SOFT REALTIME (==0):");
scanf("%d", &hrt);
}
init_linux_scheduler(SCHED_FIFO, 98);
err = lock_all(0,0);
if(err) {
printf("lock_all() failed\n");
exit(2);
}
printf("SRV in %s mode to write over kernel memory %sfrom %s space\n", hrt ? "HRT" : "POSIX", crashfunc ? "in qBlk ":"", crashkern ? "kernel" : "user");
if (!(srv = rt_task_init(srv_name, 0, 0, 0))) {
printf("CANNOT INIT SRV TASK\n");
exit(3);
}
rt_set_oneshot_mode();
period = nano2count(10000000);
start_rt_timer(period);
// printf("SRV starts\n");
if (hrt) rt_make_hard_real_time();
rt_task_make_periodic(srv, rt_get_time() + period, period);
my_pid = rt_Alias_attach("");
if(!my_pid) {
rtai_print_to_screen("Cannot attach name\n");
goto Exit;
}
rt_InitTickQueue();
rt_qDynAlloc(32);
rt_sleep(nano2count(1000000000));
i = count = 0 ;
zpt = (int *)0xc43d0128; // kernel's address space
while(++count) {
memset( msg, 0, sizeof(msg));
pid = rt_Creceive( 0, msg, sizeof(msg), &msglen, period);
if(pid) {
rtai_print_to_screen("SRV received msg [%s] %d bytes from pid %04X\n", msg, msglen, pid);
memcpy( rep, msg, sizeof(rep));
if(rt_Reply(pid, rep, sizeof(rep)))
rtai_print_to_screen("SRV rt_Reply() failed\n");
}
rtai_print_to_screen("SRV Loop %d\n", count);
if(count == 10 && !crashfunc) {
if (crashkern) {
rt_stomp();
} else {
// __asm__("cli; hlt"); // Privilige check!
*zpt = -1; // Bad pointer
}
} else if(count == 10) {
q = rt_qDynInit( 0, YetAnotherOne, 0, 0);
delay = nano2count(100000000);
rt_qBlkWait(q, delay);
rt_qLoop();
}
if(count == 20) break;
}
if(rt_Name_detach(my_pid))
rtai_print_to_screen("SRV cannot detach name\n");
rt_sleep(nano2count(1000000000));
Exit:
if (hrt) rt_make_soft_real_time();
if(rt_task_delete(srv))
rtai_print_to_screen("SRV cannot delete task\n");
stop_rt_timer();
exit(0);
}
int main(int argc, char* argv[])
{
unsigned long srv_name = nam2num("SRV");
RT_TASK *srv;
pid_t pid, my_pid, proxy;
int count;
size_t msglen;
RTIME period;
char *pt;
if (!(srv = rt_task_init_schmod(srv_name, 0, 0, 0, SCHED_FIFO, 0x1))) {
PRINTF("CANNOT INIT SRV TASK\n");
exit(-1);
}
mlockall(MCL_CURRENT | MCL_FUTURE);
my_pid = rt_Alias_attach("");
if (my_pid <= 0) {
PRINTF("Cannot attach name SRV\n");
exit(-1);
}
// rt_set_oneshot_mode();
period = nano2count(1000000);
start_rt_timer(period);
rt_make_hard_real_time();
PRINTF("SRV starts (task = %p, pid = %d)\n", srv, my_pid);
rt_task_make_periodic(srv, rt_get_time(), period);
proxy = rt_Proxy_attach(0, "More beer please", 17, -1);
if (proxy <= 0 ) {
PRINTF("Failed to attach proxy\n");
exit(-1);
}
msglen = 0;
pid = rt_Receive(0, 0, 0, &msglen);
if (pid) {
// handshake to give the proxy to CLT
PRINTF("rt_Reply the proxy %04X msglen = %d\n", proxy, msglen);
rt_Reply(pid, &proxy, sizeof(proxy));
}
rt_sleep(nano2count(1000000000));
count = 20;
while(count--) {
memset( msg, 0, sizeof(msg));
pid = rt_Receive(0, msg, sizeof(msg), &msglen);
if(pid == proxy) {
PRINTF("SRV receives the PROXY event [%s]\n", msg);
continue;
} else if (pid <= 0) {
PRINTF("SRV rt_Receive() failed\n");
continue;
}
PRINTF("SRV received msg [%s] %d bytes from pid %04X\n", msg, msglen, pid);
memcpy (rep, msg, sizeof(rep));
pt = (char *) rep;
while (*pt) {
*pt = toupper(*pt);
pt++;
}
if (rt_Reply(pid, rep, sizeof(rep))) {
PRINTF("SRV rt_Reply() failed\n");
}
}
if (rt_Proxy_detach(proxy)) {
PRINTF("SRV cannot detach proxy\n");
}
if (rt_Name_detach(my_pid)) {
PRINTF("SRV cannot detach name\n");
}
rt_make_soft_real_time();
rt_sleep(nano2count(1000000000));
if (rt_task_delete(srv)) {
PRINTF("SRV cannot delete task\n");
}
return 0;
}
int main(int argc, char* argv[])
{
unsigned long srv_name = nam2num("SRV");
RT_TASK *srv;
pid_t pid, my_pid, proxy ;
int err,/* i,*/ count, msglen ;
RTIME period;
char *pt;
init_linux_scheduler(SCHED_FIFO, 98);
err = lock_all(0,0);
if(err) {
printf("lock_all() fails\n");
exit(-1);
}
if (!(srv = rt_task_init(srv_name, 0, 0, 0))) {
printf("CANNOT INIT SRV TASK\n");
exit(-1);
}
my_pid = rt_Alias_attach("");
if(!my_pid) {
rtai_print_to_screen("Cannot attach name SRV\n");
exit(-1);
}
period = nano2count(1000000);
rt_set_oneshot_mode();
start_rt_timer(period);
printf("SRV starts (%p)\n", srv);
rt_make_hard_real_time();
rt_task_make_periodic(srv, rt_get_time(), period);
proxy = rt_Proxy_attach( 0, "More beer please", 17, -1);
if(proxy <= 0 ) {
rtai_print_to_screen("Failed to attach proxy\n");
exit(-1);
}
pid = rt_Receive( 0, 0, 0, &msglen);
if(pid) {
// handshake to give the proxy to CLT
rtai_print_to_screen("rt_Reply the proxy %04X msglen = %d\n", proxy, msglen);
rt_Reply( pid, &proxy, sizeof(proxy));
}
rt_sleep(nano2count(1000000000));
count = 8 ;
while(count--) {
memset( msg, 0, sizeof(msg));
pid = rt_Receive( 0, msg, sizeof(msg), &msglen);
if(pid == proxy) {
rtai_print_to_screen("SRV receives the PROXY event [%s]\n", msg);
continue;
} else if( pid <= 0) {
rtai_print_to_screen("SRV rt_Receive() failed\n");
// goto Exit;
continue;
}
rtai_print_to_screen("SRV received msg [%s] %d bytes from pid %04X\n", msg, msglen, pid);
memcpy( rep, msg, sizeof(rep));
pt = (char *) rep;
while(*pt) *pt++ = toupper(*pt);
if(rt_Reply(pid, rep, sizeof(rep)))
rtai_print_to_screen("SRV rt_Reply() failed\n");
}
if(rt_Proxy_detach(proxy))
rtai_print_to_screen("SRV cannot detach proxy\n");
if(rt_Name_detach(my_pid))
rtai_print_to_screen("SRV cannot detach name\n");
//Exit:
rt_make_soft_real_time();
rt_sleep(nano2count(1000000000));
if(rt_task_delete(srv))
rtai_print_to_screen("SRV cannot delete task\n");
return 0;
}