int main(int argc, char *argv[])
{
	unsigned long srv_name = nam2num("SRV");
	RT_TASK *srv;
	pid_t pid, my_pid ;
	int err, i, count, msglen, *zpt ;
	RTIME period, delay;
	char *opt;
	QBLK *q;

	hrt = 1;
	crashkern = 0;

	for( i=1 ; i < argc ; i++ ) {
		opt = argv[i];
		switch((*opt<<8) + *(opt+1)) {

			case OPT_MINUS('k'):
				crashkern++;
				break;

			case OPT_MINUS('f'):
				crashfunc++;
				break;

			case OPT_MINUS('q'):
				query++;
				break;

			case OPT_MINUS('s'):
				hrt--;
				break;
			}
	}

	if(query) {
		printf("STOMP OVER KERNEL MEMORY FROM KERNEL (!=0) OR USER SPACE CODE (==0):");
		scanf("%d", &crashkern);
		printf("STOMP OVER KERNEL MEMORY FROM QBLK FUNCTION (!=0) OR NORMAL USER SPACE (==0):");
		scanf("%d", &crashfunc);
		printf("STOMP OVER KERNEL MEMORY FROM HARD REALTIME (!=0) OR SOFT REALTIME (==0):");
		scanf("%d", &hrt);
	}

	init_linux_scheduler(SCHED_FIFO, 98);

	err = lock_all(0,0);
	if(err) {
		printf("lock_all() failed\n");
		exit(2);
        }

	printf("SRV in %s mode to write over kernel memory %sfrom %s space\n", hrt ? "HRT" : "POSIX", crashfunc ? "in qBlk ":"", crashkern ? "kernel" : "user");

 	if (!(srv = rt_task_init(srv_name, 0, 0, 0))) {
		printf("CANNOT INIT SRV TASK\n");
		exit(3);
	}

	rt_set_oneshot_mode();

	period = nano2count(10000000);
	start_rt_timer(period);

//	printf("SRV starts\n");

	if (hrt) rt_make_hard_real_time();

	rt_task_make_periodic(srv, rt_get_time() + period, period);

	my_pid = rt_Alias_attach("");
	if(!my_pid) {
		rtai_print_to_screen("Cannot attach name\n");
		goto Exit;
        }

	rt_InitTickQueue();
	rt_qDynAlloc(32);

	rt_sleep(nano2count(1000000000));
	i = count = 0 ;
	zpt = (int *)0xc43d0128;	// kernel's address space
    while(++count) {
		memset( msg, 0, sizeof(msg));
		pid = rt_Creceive( 0, msg, sizeof(msg), &msglen, period);
		if(pid) {
			rtai_print_to_screen("SRV received msg    [%s] %d bytes from pid %04X\n", msg, msglen, pid);

			memcpy( rep, msg, sizeof(rep));

			if(rt_Reply(pid, rep, sizeof(rep)))
				rtai_print_to_screen("SRV rt_Reply() failed\n");
		}

		rtai_print_to_screen("SRV Loop %d\n", count);

		if(count == 10 && !crashfunc) {
			if (crashkern) {
				rt_stomp();
			} else {
		    	// __asm__("cli; hlt"); 	// Privilige check!
		    	*zpt = -1; 					// Bad pointer
			}
		} else if(count == 10) {
			q = rt_qDynInit( 0, YetAnotherOne, 0, 0);
            delay = nano2count(100000000);
            rt_qBlkWait(q, delay);
			rt_qLoop();		
		}
        if(count == 20) break;
	}

	if(rt_Name_detach(my_pid)) 
		rtai_print_to_screen("SRV cannot detach name\n");

	rt_sleep(nano2count(1000000000));
Exit:
	if (hrt) rt_make_soft_real_time();

	if(rt_task_delete(srv))
		rtai_print_to_screen("SRV cannot delete task\n");

	stop_rt_timer();

	exit(0);
}
示例#2
0
int main(int argc, char* argv[])
{
	unsigned long srv_name = nam2num("SRV");
	RT_TASK *srv;
	pid_t pid, my_pid, proxy;
	int count;
	size_t msglen;
	RTIME period;
	char *pt;


 	if (!(srv = rt_task_init_schmod(srv_name, 0, 0, 0, SCHED_FIFO, 0x1))) {
		PRINTF("CANNOT INIT SRV TASK\n");
		exit(-1);
	}
	mlockall(MCL_CURRENT | MCL_FUTURE);

	my_pid = rt_Alias_attach("");
	if (my_pid <= 0) {
		PRINTF("Cannot attach name SRV\n");
		exit(-1);
	}

//	rt_set_oneshot_mode();
	period = nano2count(1000000);
	start_rt_timer(period);
	rt_make_hard_real_time();
	PRINTF("SRV starts (task = %p, pid = %d)\n", srv, my_pid);

	rt_task_make_periodic(srv, rt_get_time(), period);

  	proxy = rt_Proxy_attach(0, "More beer please", 17, -1);
	if (proxy <= 0 ) {
		PRINTF("Failed to attach proxy\n");
		exit(-1);
	}


	msglen = 0;
	pid = rt_Receive(0, 0, 0, &msglen);
	if (pid) {
		// handshake to give the proxy to CLT
		PRINTF("rt_Reply the proxy %04X msglen = %d\n", proxy, msglen);
		rt_Reply(pid, &proxy, sizeof(proxy));
	}

	rt_sleep(nano2count(1000000000));
	count = 20;
	while(count--) {
		memset( msg, 0, sizeof(msg));
		pid = rt_Receive(0, msg, sizeof(msg), &msglen);
		if(pid == proxy) {
			PRINTF("SRV receives the PROXY event [%s]\n", msg);
			continue;
		} else if (pid <= 0) {
			PRINTF("SRV rt_Receive() failed\n");
			continue;
		}

		PRINTF("SRV received msg    [%s] %d bytes from pid %04X\n", msg, msglen, pid);

		memcpy (rep, msg, sizeof(rep));
		pt = (char *) rep;
		while (*pt) {
			*pt = toupper(*pt);
			pt++;
		}
		if (rt_Reply(pid, rep, sizeof(rep))) {
			PRINTF("SRV rt_Reply() failed\n");
		}
	}

	if (rt_Proxy_detach(proxy)) {
		PRINTF("SRV cannot detach proxy\n");
	}
	if (rt_Name_detach(my_pid)) {
		PRINTF("SRV cannot detach name\n");
	}
	rt_make_soft_real_time();
	rt_sleep(nano2count(1000000000));
	if (rt_task_delete(srv)) {
		PRINTF("SRV cannot delete task\n");
	}
	return 0;
}
示例#3
0
int main(int argc, char* argv[])
{
	unsigned long srv_name = nam2num("SRV");
	RT_TASK *srv;
	pid_t pid, my_pid, proxy ;
	int err,/* i,*/ count, msglen ;
	RTIME period;
	char *pt;
	
	init_linux_scheduler(SCHED_FIFO, 98);
		
	err = lock_all(0,0);
	if(err) {
		printf("lock_all() fails\n");
		exit(-1);
	}

 	if (!(srv = rt_task_init(srv_name, 0, 0, 0))) {
		printf("CANNOT INIT SRV TASK\n");
		exit(-1);
	}

	my_pid = rt_Alias_attach("");
	if(!my_pid) {
		rtai_print_to_screen("Cannot attach name SRV\n");
		exit(-1);
	}

	period = nano2count(1000000);
    rt_set_oneshot_mode();
	start_rt_timer(period);

	printf("SRV starts (%p)\n", srv);

    rt_make_hard_real_time();
	
	rt_task_make_periodic(srv, rt_get_time(), period);

  	proxy = rt_Proxy_attach( 0, "More beer please", 17, -1);
	if(proxy <= 0 ) {
		rtai_print_to_screen("Failed to attach proxy\n");
		exit(-1);
	}

    pid = rt_Receive( 0, 0, 0, &msglen);
	if(pid) {
		// handshake to give the proxy to CLT
		rtai_print_to_screen("rt_Reply the proxy %04X msglen = %d\n", proxy, msglen);
		rt_Reply( pid, &proxy, sizeof(proxy));
	}

	rt_sleep(nano2count(1000000000));
	count = 8 ;
	while(count--) {
		memset( msg, 0, sizeof(msg));
		pid = rt_Receive( 0, msg, sizeof(msg), &msglen);

		if(pid == proxy) {
			rtai_print_to_screen("SRV receives the PROXY event [%s]\n", msg);
			continue;
		} else if( pid <= 0) {
			rtai_print_to_screen("SRV rt_Receive() failed\n");
//			goto Exit;
			continue;
		}
		
		rtai_print_to_screen("SRV received msg    [%s] %d bytes from pid %04X\n", msg, msglen, pid);

		memcpy( rep, msg, sizeof(rep));
		pt = (char *) rep;
		while(*pt) *pt++ = toupper(*pt);
		if(rt_Reply(pid, rep, sizeof(rep)))
			rtai_print_to_screen("SRV rt_Reply() failed\n");
	}

	if(rt_Proxy_detach(proxy))
		rtai_print_to_screen("SRV cannot detach proxy\n");

	if(rt_Name_detach(my_pid)) 
		rtai_print_to_screen("SRV cannot detach name\n");

//Exit:
	rt_make_soft_real_time();

	rt_sleep(nano2count(1000000000));

	if(rt_task_delete(srv))
		rtai_print_to_screen("SRV cannot delete task\n");

	return 0;
}