foundry27 : Post

Forum Topic - How to remap system page RW: (10 Items)

View: as

Robert D'Attilio(deleted)

06/11/2009 10:27 AM

post31491

Hi:

I'd like to be able to overwrite the system page entries in qtime (specifically modifying the nsec_inc entry). Someone 
in a previous post mentioned using mmap_device_memory() to remap the area as RW. I'm not clear though on how to get the 
physical address of the system page. Anyone have an example? 

thanks
robert

Colin Burgess(deleted)

06/11/2009 1:20 PM

post31524

Re: How to remap system page RW

mem_offset64 will give you the physically address of a virtual pointer.

Robert D'Attilio wrote:
> Hi:
> 
> I'd like to be able to overwrite the system page entries in qtime (specifically modifying the nsec_inc entry). Someone
 in a previous post mentioned using mmap_device_memory() to remap the area as RW. I'm not clear though on how to get the
 physical address of the system page. Anyone have an example? 
> 
> thanks
> robert 
> 
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31491
> 

-- 
cburgess@qnx.com

Robert D'Attilio(deleted)

06/11/2009 4:31 PM

post31557

RE: How to remap system page RW

Thanks Colin...moving forward now I get a "Permission denied" error from
mem_offset64(). Here is the code:

    struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
    off64_t offset = 0;
    
    errno = EOK;
    if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset, 0)
== -1) 
    {
        fprintf(stderr, "Failed to get phyaddr %s\n", strerror(errno));
        return;
    }

    printf("Qtime physical addr 0x%x\n", offset);

    errno = EOK;
    struct qtime_entry* myQtime = (struct
qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
PROT_WRITE | PROT_NOCACHE, 0, offset);
    if (myQtime == MAP_FAILED)
    {
        fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
        return;
    }
    printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);

-----Original Message-----
From: Colin Burgess [mailto:community-noreply@qnx.com] 
Sent: Thursday, June 11, 2009 1:20 PM
To: ostech-core_os
Subject: Re: How to remap system page RW

mem_offset64 will give you the physically address of a virtual pointer.

Robert D'Attilio wrote:
> Hi:
> 
> I'd like to be able to overwrite the system page entries in qtime
(specifically modifying the nsec_inc entry). Someone in a previous post
mentioned using mmap_device_memory() to remap the area as RW. I'm not
clear though on how to get the physical address of the system page.
Anyone have an example? 
> 
> thanks
> robert 
> 
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31491
> 

-- 
cburgess@qnx.com

_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31524

Neil Schellenberger(deleted)

RE: How to remap system page RW

Neil Schellenberger(deleted)

06/11/2009 4:38 PM

post31560

RE: How to remap system page RW

I think you might need I/O privity for mem_offset64() on the syspage.
Try adding ThreadCtl(_NTO_TCTL_IO, 0).  (Note: I'm not positive about
that.)

On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
> Thanks Colin...moving forward now I get a "Permission denied" error from
> mem_offset64(). Here is the code:
> 
>     struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
>     off64_t offset = 0;
>     
>     errno = EOK;
>     if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset, 0)
> == -1) 
>     {
>         fprintf(stderr, "Failed to get phyaddr %s\n", strerror(errno));
>         return;
>     }
> 
>     printf("Qtime physical addr 0x%x\n", offset);
> 
>     errno = EOK;
>     struct qtime_entry* myQtime = (struct
> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
> PROT_WRITE | PROT_NOCACHE, 0, offset);
>     if (myQtime == MAP_FAILED)
>     {
>         fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
>         return;
>     }
>     printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
> 
> -----Original Message-----
> From: Colin Burgess [mailto:community-noreply@qnx.com] 
> Sent: Thursday, June 11, 2009 1:20 PM
> To: ostech-core_os
> Subject: Re: How to remap system page RW
> 
> mem_offset64 will give you the physically address of a virtual pointer.
> 
> Robert D'Attilio wrote:
> > Hi:
> > 
> > I'd like to be able to overwrite the system page entries in qtime
> (specifically modifying the nsec_inc entry). Someone in a previous post
> mentioned using mmap_device_memory() to remap the area as RW. I'm not
> clear though on how to get the physical address of the system page.
> Anyone have an example? 
> > 
> > thanks
> > robert 
> > 
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post31491
> > 
>

Robert D'Attilio(deleted)

06/11/2009 5:07 PM

post31570

RE: How to remap system page RW

Tried that and it didn't work :( 
Thanks anyways!

-----Original Message-----
From: Neil Schellenberger [mailto:community-noreply@qnx.com] 
Sent: Thursday, June 11, 2009 4:38 PM
To: ostech-core_os
Subject: RE: How to remap system page RW

I think you might need I/O privity for mem_offset64() on the syspage.
Try adding ThreadCtl(_NTO_TCTL_IO, 0).  (Note: I'm not positive about
that.)

On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
> Thanks Colin...moving forward now I get a "Permission denied" error
from
> mem_offset64(). Here is the code:
> 
>     struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
>     off64_t offset = 0;
>     
>     errno = EOK;
>     if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset,
0)
> == -1) 
>     {
>         fprintf(stderr, "Failed to get phyaddr %s\n",
strerror(errno));
>         return;
>     }
> 
>     printf("Qtime physical addr 0x%x\n", offset);
> 
>     errno = EOK;
>     struct qtime_entry* myQtime = (struct
> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
> PROT_WRITE | PROT_NOCACHE, 0, offset);
>     if (myQtime == MAP_FAILED)
>     {
>         fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
>         return;
>     }
>     printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
> 
> -----Original Message-----
> From: Colin Burgess [mailto:community-noreply@qnx.com] 
> Sent: Thursday, June 11, 2009 1:20 PM
> To: ostech-core_os
> Subject: Re: How to remap system page RW
> 
> mem_offset64 will give you the physically address of a virtual
pointer.
> 
> Robert D'Attilio wrote:
> > Hi:
> > 
> > I'd like to be able to overwrite the system page entries in qtime
> (specifically modifying the nsec_inc entry). Someone in a previous
post
> mentioned using mmap_device_memory() to remap the area as RW. I'm not
> clear though on how to get the physical address of the system page.
> Anyone have an example? 
> > 
> > thanks
> > robert 
> > 
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post31491
> > 
> 

_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31560

Colin Burgess(deleted)

RE: How to remap system page RW

Colin Burgess(deleted)

06/11/2009 6:03 PM

post31575

RE: How to remap system page RW

ok, well on the ppc a shortcut is to use the SYSPAGE_ENTRY(private)->kern_syspageptr value as a paddr, since the kernel 
is mapped 1-1

________________________________

From: Robert D'Attilio [mailto:community-noreply@qnx.com]
Sent: Thu 6/11/2009 5:07 PM
To: ostech-core_os
Subject: RE: How to remap system page RW



Tried that and it didn't work :(
Thanks anyways!

-----Original Message-----
From: Neil Schellenberger [mailto:community-noreply@qnx.com]
Sent: Thursday, June 11, 2009 4:38 PM
To: ostech-core_os
Subject: RE: How to remap system page RW

I think you might need I/O privity for mem_offset64() on the syspage.
Try adding ThreadCtl(_NTO_TCTL_IO, 0).  (Note: I'm not positive about
that.)

On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
> Thanks Colin...moving forward now I get a "Permission denied" error
from
> mem_offset64(). Here is the code:
>
>     struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
>     off64_t offset = 0;
>    
>     errno = EOK;
>     if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset,
0)
> == -1)
>     {
>         fprintf(stderr, "Failed to get phyaddr %s\n",
strerror(errno));
>         return;
>     }
>
>     printf("Qtime physical addr 0x%x\n", offset);
>
>     errno = EOK;
>     struct qtime_entry* myQtime = (struct
> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
> PROT_WRITE | PROT_NOCACHE, 0, offset);
>     if (myQtime == MAP_FAILED)
>     {
>         fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
>         return;
>     }
>     printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
>
> -----Original Message-----
> From: Colin Burgess [mailto:community-noreply@qnx.com]
> Sent: Thursday, June 11, 2009 1:20 PM
> To: ostech-core_os
> Subject: Re: How to remap system page RW
>
> mem_offset64 will give you the physically address of a virtual
pointer.
>
> Robert D'Attilio wrote:
> > Hi:
> >
> > I'd like to be able to overwrite the system page entries in qtime
> (specifically modifying the nsec_inc entry). Someone in a previous
post
> mentioned using mmap_device_memory() to remap the area as RW. I'm not
> clear though on how to get the physical address of the system page.
> Anyone have an example?
> >
> > thanks
> > robert
> >
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post31491
> >
>

_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31560


_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31570

Colin Burgess(deleted)

Re: How to remap system page RW

Colin Burgess(deleted)

06/15/2009 1:53 PM

post31773

Re: How to remap system page RW

Robert, what version of the kernel are you using again?

Robert D'Attilio wrote:
> Tried that and it didn't work :( 
> Thanks anyways!
> 
> -----Original Message-----
> From: Neil Schellenberger [mailto:community-noreply@qnx.com] 
> Sent: Thursday, June 11, 2009 4:38 PM
> To: ostech-core_os
> Subject: RE: How to remap system page RW
> 
> I think you might need I/O privity for mem_offset64() on the syspage.
> Try adding ThreadCtl(_NTO_TCTL_IO, 0).  (Note: I'm not positive about
> that.)
> 
> On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
>> Thanks Colin...moving forward now I get a "Permission denied" error
> from
>> mem_offset64(). Here is the code:
>>
>>     struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
>>     off64_t offset = 0;
>>     
>>     errno = EOK;
>>     if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset,
> 0)
>> == -1) 
>>     {
>>         fprintf(stderr, "Failed to get phyaddr %s\n",
> strerror(errno));
>>         return;
>>     }
>>
>>     printf("Qtime physical addr 0x%x\n", offset);
>>
>>     errno = EOK;
>>     struct qtime_entry* myQtime = (struct
>> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
>> PROT_WRITE | PROT_NOCACHE, 0, offset);
>>     if (myQtime == MAP_FAILED)
>>     {
>>         fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
>>         return;
>>     }
>>     printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
>>
>> -----Original Message-----
>> From: Colin Burgess [mailto:community-noreply@qnx.com] 
>> Sent: Thursday, June 11, 2009 1:20 PM
>> To: ostech-core_os
>> Subject: Re: How to remap system page RW
>>
>> mem_offset64 will give you the physically address of a virtual
> pointer.
>> Robert D'Attilio wrote:
>>> Hi:
>>>
>>> I'd like to be able to overwrite the system page entries in qtime
>> (specifically modifying the nsec_inc entry). Someone in a previous
> post
>> mentioned using mmap_device_memory() to remap the area as RW. I'm not
>> clear though on how to get the physical address of the system page.
>> Anyone have an example? 
>>> thanks
>>> robert 
>>>
>>> _______________________________________________
>>> OSTech
>>> http://community.qnx.com/sf/go/post31491
>>>
> 
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31560
> 
> 
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31570
> 

-- 
cburgess@qnx.com

Robert D'Attilio(deleted)

06/15/2009 2:07 PM

post31776

RE: How to remap system page RW

6.3.2

-----Original Message-----
From: Colin Burgess [mailto:community-noreply@qnx.com] 
Sent: Monday, June 15, 2009 1:54 PM
To: ostech-core_os
Subject: Re: How to remap system page RW

Robert, what version of the kernel are you using again?

Robert D'Attilio wrote:
> Tried that and it didn't work :( 
> Thanks anyways!
> 
> -----Original Message-----
> From: Neil Schellenberger [mailto:community-noreply@qnx.com] 
> Sent: Thursday, June 11, 2009 4:38 PM
> To: ostech-core_os
> Subject: RE: How to remap system page RW
> 
> I think you might need I/O privity for mem_offset64() on the syspage.
> Try adding ThreadCtl(_NTO_TCTL_IO, 0).  (Note: I'm not positive about
> that.)
> 
> On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
>> Thanks Colin...moving forward now I get a "Permission denied" error
> from
>> mem_offset64(). Here is the code:
>>
>>     struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
>>     off64_t offset = 0;
>>     
>>     errno = EOK;
>>     if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset,
> 0)
>> == -1) 
>>     {
>>         fprintf(stderr, "Failed to get phyaddr %s\n",
> strerror(errno));
>>         return;
>>     }
>>
>>     printf("Qtime physical addr 0x%x\n", offset);
>>
>>     errno = EOK;
>>     struct qtime_entry* myQtime = (struct
>> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
>> PROT_WRITE | PROT_NOCACHE, 0, offset);
>>     if (myQtime == MAP_FAILED)
>>     {
>>         fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
>>         return;
>>     }
>>     printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
>>
>> -----Original Message-----
>> From: Colin Burgess [mailto:community-noreply@qnx.com] 
>> Sent: Thursday, June 11, 2009 1:20 PM
>> To: ostech-core_os
>> Subject: Re: How to remap system page RW
>>
>> mem_offset64 will give you the physically address of a virtual
> pointer.
>> Robert D'Attilio wrote:
>>> Hi:
>>>
>>> I'd like to be able to overwrite the system page entries in qtime
>> (specifically modifying the nsec_inc entry). Someone in a previous
> post
>> mentioned using mmap_device_memory() to remap the area as RW. I'm not
>> clear though on how to get the physical address of the system page.
>> Anyone have an example? 
>>> thanks
>>> robert 
>>>
>>> _______________________________________________
>>> OSTech
>>> http://community.qnx.com/sf/go/post31491
>>>
> 
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31560
> 
> 
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31570
> 

-- 
cburgess@qnx.com

_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31773

Will Miles

Re: RE: How to remap system page RW

Will Miles

06/12/2009 11:31 AM

post31627

Re: RE: How to remap system page RW

Here's the code that we use, more or less (I've converted it from our C++ object model to C).  The difference is that we
 map the beginning of the system page, instead of trying to pick the qtime entry out of the middle, although in theory 
that shouldn't matter.  This is tested on x86.

Note you have to be root for it to work - if you're not root you will get a permission denied error on attempting to map
 the system page.


#include <sys/neutrino.h>
#include <sys/mman.h>
#include <sys/syspage.h>
#include <errno.h>
#include <stdio.h>


#define PAGE_SIZE 4096
#define SYSPAGE_SIZE (2*PAGE_SIZE)    

int main(int argc, char argv[])
{
    
    struct syspage_entry* rw_syspage = NULL;
    struct qtime_entry* qte = NULL;                           // Qtime entry in system page
    int i; off64_t p_addr;
    
    if ((i = mem_offset64((void*)_syspage_ptr, NOFD, 1, &p_addr, NULL)) != EOK)
    {
         fprintf(stderr, "Failed to get phyaddr %s\n", strerror(errno));
         return -1;
    }

    rw_syspage = (struct syspage_entry*) mmap_device_memory(NULL,SYSPAGE_SIZE,PROT_READ | PROT_WRITE,0,p_addr);
    
    if (rw_syspage == MAP_FAILED) {
        fprintf(stderr, "Failed to map system page %s\n", strerror(errno));
        return -2;
    };
        
    // Load in critical structures.            
    qte = (struct qtime_entry*)(((char*)rw_syspage) + rw_syspage->qtime.entry_off);
    printf("Success - new syspage vaddr: %X   new qte vaddr: %X\n",(unsigned long)rw_syspage,(unsigned long)qte);
    return 0;
};

Robert D'Attilio(deleted)

06/12/2009 12:49 PM

post31640

RE: RE: How to remap system page RW

Thanks a bunch Will.

Unfortunately, mem_offset64() doesn't work on the PPC with the syspage -
I get a permission denied error (even running as root). Not sure if
that's a bug or a feature :)

The workaround (from Colin's post) is to use
    syspage_entry* pSysPage =
SYSPAGE_ENTRY(system_private)->kern_syspageptr;
since mapping is 1:1 on the PPC. Then I can pass that value to the call
to mmap_device_memory() and it works.

Cheers
robert

-----Original Message-----
From: Will Miles [mailto:community-noreply@qnx.com] 
Sent: Friday, June 12, 2009 11:31 AM
To: ostech-core_os
Subject: Re: RE: How to remap system page RW

Here's the code that we use, more or less (I've converted it from our
C++ object model to C).  The difference is that we map the beginning of
the system page, instead of trying to pick the qtime entry out of the
middle, although in theory that shouldn't matter.  This is tested on
x86.

Note you have to be root for it to work - if you're not root you will
get a permission denied error on attempting to map the system page.


#include <sys/neutrino.h>
#include <sys/mman.h>
#include <sys/syspage.h>
#include <errno.h>
#include <stdio.h>


#define PAGE_SIZE 4096
#define SYSPAGE_SIZE (2*PAGE_SIZE)    

int main(int argc, char argv[])
{
    
    struct syspage_entry* rw_syspage = NULL;
    struct qtime_entry* qte = NULL;                           // Qtime
entry in system page
    int i; off64_t p_addr;
    
    if ((i = mem_offset64((void*)_syspage_ptr, NOFD, 1, &p_addr, NULL))
!= EOK)
    {
         fprintf(stderr, "Failed to get phyaddr %s\n", strerror(errno));
         return -1;
    }

    rw_syspage = (struct syspage_entry*)
mmap_device_memory(NULL,SYSPAGE_SIZE,PROT_READ | PROT_WRITE,0,p_addr);
    
    if (rw_syspage == MAP_FAILED) {
        fprintf(stderr, "Failed to map system page %s\n",
strerror(errno));
        return -2;
    };
        
    // Load in critical structures.            
    qte = (struct qtime_entry*)(((char*)rw_syspage) +
rw_syspage->qtime.entry_off);
    printf("Success - new syspage vaddr: %X   new qte vaddr:
%X\n",(unsigned long)rw_syspage,(unsigned long)qte);
    return 0;
};


_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31627

Return

The text you entered is not a valid object ID
More Information
Object IDs begin with an object prefix and end with a number. For example, if you enter
artf2345
the application will jump directly to an artifact with the ID artf2345. Some valid object prefixes are:
artf	for an artifact
doc	for a document
page	for a project page
topc	for a discussion topic
wiki	for a wiki page