Robert D'Attilio(deleted)
|
How to remap system page RW
|
Robert D'Attilio(deleted)
06/11/2009 10:27 AM
post31491
|
How to remap system page RW
Hi:
I'd like to be able to overwrite the system page entries in qtime (specifically modifying the nsec_inc entry). Someone
in a previous post mentioned using mmap_device_memory() to remap the area as RW. I'm not clear though on how to get the
physical address of the system page. Anyone have an example?
thanks
robert
|
|
|
Colin Burgess(deleted)
|
Re: How to remap system page RW
|
Colin Burgess(deleted)
06/11/2009 1:20 PM
post31524
|
Re: How to remap system page RW
mem_offset64 will give you the physically address of a virtual pointer.
Robert D'Attilio wrote:
> Hi:
>
> I'd like to be able to overwrite the system page entries in qtime (specifically modifying the nsec_inc entry). Someone
in a previous post mentioned using mmap_device_memory() to remap the area as RW. I'm not clear though on how to get the
physical address of the system page. Anyone have an example?
>
> thanks
> robert
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31491
>
--
cburgess@qnx.com
|
|
|
Robert D'Attilio(deleted)
|
RE: How to remap system page RW
|
Robert D'Attilio(deleted)
06/11/2009 4:31 PM
post31557
|
RE: How to remap system page RW
Thanks Colin...moving forward now I get a "Permission denied" error from
mem_offset64(). Here is the code:
struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
off64_t offset = 0;
errno = EOK;
if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset, 0)
== -1)
{
fprintf(stderr, "Failed to get phyaddr %s\n", strerror(errno));
return;
}
printf("Qtime physical addr 0x%x\n", offset);
errno = EOK;
struct qtime_entry* myQtime = (struct
qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
PROT_WRITE | PROT_NOCACHE, 0, offset);
if (myQtime == MAP_FAILED)
{
fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
return;
}
printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
-----Original Message-----
From: Colin Burgess [mailto:community-noreply@qnx.com]
Sent: Thursday, June 11, 2009 1:20 PM
To: ostech-core_os
Subject: Re: How to remap system page RW
mem_offset64 will give you the physically address of a virtual pointer.
Robert D'Attilio wrote:
> Hi:
>
> I'd like to be able to overwrite the system page entries in qtime
(specifically modifying the nsec_inc entry). Someone in a previous post
mentioned using mmap_device_memory() to remap the area as RW. I'm not
clear though on how to get the physical address of the system page.
Anyone have an example?
>
> thanks
> robert
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31491
>
--
cburgess@qnx.com
_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31524
|
|
|
Neil Schellenberger(deleted)
|
RE: How to remap system page RW
|
Neil Schellenberger(deleted)
06/11/2009 4:38 PM
post31560
|
RE: How to remap system page RW
I think you might need I/O privity for mem_offset64() on the syspage.
Try adding ThreadCtl(_NTO_TCTL_IO, 0). (Note: I'm not positive about
that.)
On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
> Thanks Colin...moving forward now I get a "Permission denied" error from
> mem_offset64(). Here is the code:
>
> struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
> off64_t offset = 0;
>
> errno = EOK;
> if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset, 0)
> == -1)
> {
> fprintf(stderr, "Failed to get phyaddr %s\n", strerror(errno));
> return;
> }
>
> printf("Qtime physical addr 0x%x\n", offset);
>
> errno = EOK;
> struct qtime_entry* myQtime = (struct
> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
> PROT_WRITE | PROT_NOCACHE, 0, offset);
> if (myQtime == MAP_FAILED)
> {
> fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
> return;
> }
> printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
>
> -----Original Message-----
> From: Colin Burgess [mailto:community-noreply@qnx.com]
> Sent: Thursday, June 11, 2009 1:20 PM
> To: ostech-core_os
> Subject: Re: How to remap system page RW
>
> mem_offset64 will give you the physically address of a virtual pointer.
>
> Robert D'Attilio wrote:
> > Hi:
> >
> > I'd like to be able to overwrite the system page entries in qtime
> (specifically modifying the nsec_inc entry). Someone in a previous post
> mentioned using mmap_device_memory() to remap the area as RW. I'm not
> clear though on how to get the physical address of the system page.
> Anyone have an example?
> >
> > thanks
> > robert
> >
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post31491
> >
>
|
|
|
Robert D'Attilio(deleted)
|
RE: How to remap system page RW
|
Robert D'Attilio(deleted)
06/11/2009 5:07 PM
post31570
|
RE: How to remap system page RW
Tried that and it didn't work :(
Thanks anyways!
-----Original Message-----
From: Neil Schellenberger [mailto:community-noreply@qnx.com]
Sent: Thursday, June 11, 2009 4:38 PM
To: ostech-core_os
Subject: RE: How to remap system page RW
I think you might need I/O privity for mem_offset64() on the syspage.
Try adding ThreadCtl(_NTO_TCTL_IO, 0). (Note: I'm not positive about
that.)
On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
> Thanks Colin...moving forward now I get a "Permission denied" error
from
> mem_offset64(). Here is the code:
>
> struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
> off64_t offset = 0;
>
> errno = EOK;
> if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset,
0)
> == -1)
> {
> fprintf(stderr, "Failed to get phyaddr %s\n",
strerror(errno));
> return;
> }
>
> printf("Qtime physical addr 0x%x\n", offset);
>
> errno = EOK;
> struct qtime_entry* myQtime = (struct
> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
> PROT_WRITE | PROT_NOCACHE, 0, offset);
> if (myQtime == MAP_FAILED)
> {
> fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
> return;
> }
> printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
>
> -----Original Message-----
> From: Colin Burgess [mailto:community-noreply@qnx.com]
> Sent: Thursday, June 11, 2009 1:20 PM
> To: ostech-core_os
> Subject: Re: How to remap system page RW
>
> mem_offset64 will give you the physically address of a virtual
pointer.
>
> Robert D'Attilio wrote:
> > Hi:
> >
> > I'd like to be able to overwrite the system page entries in qtime
> (specifically modifying the nsec_inc entry). Someone in a previous
post
> mentioned using mmap_device_memory() to remap the area as RW. I'm not
> clear though on how to get the physical address of the system page.
> Anyone have an example?
> >
> > thanks
> > robert
> >
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post31491
> >
>
_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31560
|
|
|
Colin Burgess(deleted)
|
RE: How to remap system page RW
|
Colin Burgess(deleted)
06/11/2009 6:03 PM
post31575
|
RE: How to remap system page RW
ok, well on the ppc a shortcut is to use the SYSPAGE_ENTRY(private)->kern_syspageptr value as a paddr, since the kernel
is mapped 1-1
________________________________
From: Robert D'Attilio [mailto:community-noreply@qnx.com]
Sent: Thu 6/11/2009 5:07 PM
To: ostech-core_os
Subject: RE: How to remap system page RW
Tried that and it didn't work :(
Thanks anyways!
-----Original Message-----
From: Neil Schellenberger [mailto:community-noreply@qnx.com]
Sent: Thursday, June 11, 2009 4:38 PM
To: ostech-core_os
Subject: RE: How to remap system page RW
I think you might need I/O privity for mem_offset64() on the syspage.
Try adding ThreadCtl(_NTO_TCTL_IO, 0). (Note: I'm not positive about
that.)
On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
> Thanks Colin...moving forward now I get a "Permission denied" error
from
> mem_offset64(). Here is the code:
>
> struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
> off64_t offset = 0;
>
> errno = EOK;
> if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset,
0)
> == -1)
> {
> fprintf(stderr, "Failed to get phyaddr %s\n",
strerror(errno));
> return;
> }
>
> printf("Qtime physical addr 0x%x\n", offset);
>
> errno = EOK;
> struct qtime_entry* myQtime = (struct
> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
> PROT_WRITE | PROT_NOCACHE, 0, offset);
> if (myQtime == MAP_FAILED)
> {
> fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
> return;
> }
> printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
>
> -----Original Message-----
> From: Colin Burgess [mailto:community-noreply@qnx.com]
> Sent: Thursday, June 11, 2009 1:20 PM
> To: ostech-core_os
> Subject: Re: How to remap system page RW
>
> mem_offset64 will give you the physically address of a virtual
pointer.
>
> Robert D'Attilio wrote:
> > Hi:
> >
> > I'd like to be able to overwrite the system page entries in qtime
> (specifically modifying the nsec_inc entry). Someone in a previous
post
> mentioned using mmap_device_memory() to remap the area as RW. I'm not
> clear though on how to get the physical address of the system page.
> Anyone have an example?
> >
> > thanks
> > robert
> >
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post31491
> >
>
_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31560
_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31570
|
|
|
Colin Burgess(deleted)
|
Re: How to remap system page RW
|
Colin Burgess(deleted)
06/15/2009 1:53 PM
post31773
|
Re: How to remap system page RW
Robert, what version of the kernel are you using again?
Robert D'Attilio wrote:
> Tried that and it didn't work :(
> Thanks anyways!
>
> -----Original Message-----
> From: Neil Schellenberger [mailto:community-noreply@qnx.com]
> Sent: Thursday, June 11, 2009 4:38 PM
> To: ostech-core_os
> Subject: RE: How to remap system page RW
>
> I think you might need I/O privity for mem_offset64() on the syspage.
> Try adding ThreadCtl(_NTO_TCTL_IO, 0). (Note: I'm not positive about
> that.)
>
> On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
>> Thanks Colin...moving forward now I get a "Permission denied" error
> from
>> mem_offset64(). Here is the code:
>>
>> struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
>> off64_t offset = 0;
>>
>> errno = EOK;
>> if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset,
> 0)
>> == -1)
>> {
>> fprintf(stderr, "Failed to get phyaddr %s\n",
> strerror(errno));
>> return;
>> }
>>
>> printf("Qtime physical addr 0x%x\n", offset);
>>
>> errno = EOK;
>> struct qtime_entry* myQtime = (struct
>> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
>> PROT_WRITE | PROT_NOCACHE, 0, offset);
>> if (myQtime == MAP_FAILED)
>> {
>> fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
>> return;
>> }
>> printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
>>
>> -----Original Message-----
>> From: Colin Burgess [mailto:community-noreply@qnx.com]
>> Sent: Thursday, June 11, 2009 1:20 PM
>> To: ostech-core_os
>> Subject: Re: How to remap system page RW
>>
>> mem_offset64 will give you the physically address of a virtual
> pointer.
>> Robert D'Attilio wrote:
>>> Hi:
>>>
>>> I'd like to be able to overwrite the system page entries in qtime
>> (specifically modifying the nsec_inc entry). Someone in a previous
> post
>> mentioned using mmap_device_memory() to remap the area as RW. I'm not
>> clear though on how to get the physical address of the system page.
>> Anyone have an example?
>>> thanks
>>> robert
>>>
>>> _______________________________________________
>>> OSTech
>>> http://community.qnx.com/sf/go/post31491
>>>
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31560
>
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31570
>
--
cburgess@qnx.com
|
|
|
Robert D'Attilio(deleted)
|
RE: How to remap system page RW
|
Robert D'Attilio(deleted)
06/15/2009 2:07 PM
post31776
|
RE: How to remap system page RW
6.3.2
-----Original Message-----
From: Colin Burgess [mailto:community-noreply@qnx.com]
Sent: Monday, June 15, 2009 1:54 PM
To: ostech-core_os
Subject: Re: How to remap system page RW
Robert, what version of the kernel are you using again?
Robert D'Attilio wrote:
> Tried that and it didn't work :(
> Thanks anyways!
>
> -----Original Message-----
> From: Neil Schellenberger [mailto:community-noreply@qnx.com]
> Sent: Thursday, June 11, 2009 4:38 PM
> To: ostech-core_os
> Subject: RE: How to remap system page RW
>
> I think you might need I/O privity for mem_offset64() on the syspage.
> Try adding ThreadCtl(_NTO_TCTL_IO, 0). (Note: I'm not positive about
> that.)
>
> On Thu, 2009-06-11 at 16:31 -0400, Robert D'Attilio wrote:
>> Thanks Colin...moving forward now I get a "Permission denied" error
> from
>> mem_offset64(). Here is the code:
>>
>> struct qtime_entry* kernelQtime = SYSPAGE_ENTRY ( qtime );
>> off64_t offset = 0;
>>
>> errno = EOK;
>> if(mem_offset64(kernelQtime, NOFD, sizeof(qtime_entry), &offset,
> 0)
>> == -1)
>> {
>> fprintf(stderr, "Failed to get phyaddr %s\n",
> strerror(errno));
>> return;
>> }
>>
>> printf("Qtime physical addr 0x%x\n", offset);
>>
>> errno = EOK;
>> struct qtime_entry* myQtime = (struct
>> qtime_entry*)mmap_device_memory(0, sizeof(qtime_entry), PROT_READ |
>> PROT_WRITE | PROT_NOCACHE, 0, offset);
>> if (myQtime == MAP_FAILED)
>> {
>> fprintf(stderr, "Failed to map qtime %s\n", strerror(errno));
>> return;
>> }
>> printf("MyQtime->nsec_inc: %lu\n", myQtime->nsec_inc);
>>
>> -----Original Message-----
>> From: Colin Burgess [mailto:community-noreply@qnx.com]
>> Sent: Thursday, June 11, 2009 1:20 PM
>> To: ostech-core_os
>> Subject: Re: How to remap system page RW
>>
>> mem_offset64 will give you the physically address of a virtual
> pointer.
>> Robert D'Attilio wrote:
>>> Hi:
>>>
>>> I'd like to be able to overwrite the system page entries in qtime
>> (specifically modifying the nsec_inc entry). Someone in a previous
> post
>> mentioned using mmap_device_memory() to remap the area as RW. I'm not
>> clear though on how to get the physical address of the system page.
>> Anyone have an example?
>>> thanks
>>> robert
>>>
>>> _______________________________________________
>>> OSTech
>>> http://community.qnx.com/sf/go/post31491
>>>
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31560
>
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31570
>
--
cburgess@qnx.com
_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31773
|
|
|
Will Miles
|
Re: RE: How to remap system page RW
|
Will Miles
06/12/2009 11:31 AM
post31627
|
Re: RE: How to remap system page RW
Here's the code that we use, more or less (I've converted it from our C++ object model to C). The difference is that we
map the beginning of the system page, instead of trying to pick the qtime entry out of the middle, although in theory
that shouldn't matter. This is tested on x86.
Note you have to be root for it to work - if you're not root you will get a permission denied error on attempting to map
the system page.
#include <sys/neutrino.h>
#include <sys/mman.h>
#include <sys/syspage.h>
#include <errno.h>
#include <stdio.h>
#define PAGE_SIZE 4096
#define SYSPAGE_SIZE (2*PAGE_SIZE)
int main(int argc, char argv[])
{
struct syspage_entry* rw_syspage = NULL;
struct qtime_entry* qte = NULL; // Qtime entry in system page
int i; off64_t p_addr;
if ((i = mem_offset64((void*)_syspage_ptr, NOFD, 1, &p_addr, NULL)) != EOK)
{
fprintf(stderr, "Failed to get phyaddr %s\n", strerror(errno));
return -1;
}
rw_syspage = (struct syspage_entry*) mmap_device_memory(NULL,SYSPAGE_SIZE,PROT_READ | PROT_WRITE,0,p_addr);
if (rw_syspage == MAP_FAILED) {
fprintf(stderr, "Failed to map system page %s\n", strerror(errno));
return -2;
};
// Load in critical structures.
qte = (struct qtime_entry*)(((char*)rw_syspage) + rw_syspage->qtime.entry_off);
printf("Success - new syspage vaddr: %X new qte vaddr: %X\n",(unsigned long)rw_syspage,(unsigned long)qte);
return 0;
};
|
|
|
Robert D'Attilio(deleted)
|
RE: RE: How to remap system page RW
|
Robert D'Attilio(deleted)
06/12/2009 12:49 PM
post31640
|
RE: RE: How to remap system page RW
Thanks a bunch Will.
Unfortunately, mem_offset64() doesn't work on the PPC with the syspage -
I get a permission denied error (even running as root). Not sure if
that's a bug or a feature :)
The workaround (from Colin's post) is to use
syspage_entry* pSysPage =
SYSPAGE_ENTRY(system_private)->kern_syspageptr;
since mapping is 1:1 on the PPC. Then I can pass that value to the call
to mmap_device_memory() and it works.
Cheers
robert
-----Original Message-----
From: Will Miles [mailto:community-noreply@qnx.com]
Sent: Friday, June 12, 2009 11:31 AM
To: ostech-core_os
Subject: Re: RE: How to remap system page RW
Here's the code that we use, more or less (I've converted it from our
C++ object model to C). The difference is that we map the beginning of
the system page, instead of trying to pick the qtime entry out of the
middle, although in theory that shouldn't matter. This is tested on
x86.
Note you have to be root for it to work - if you're not root you will
get a permission denied error on attempting to map the system page.
#include <sys/neutrino.h>
#include <sys/mman.h>
#include <sys/syspage.h>
#include <errno.h>
#include <stdio.h>
#define PAGE_SIZE 4096
#define SYSPAGE_SIZE (2*PAGE_SIZE)
int main(int argc, char argv[])
{
struct syspage_entry* rw_syspage = NULL;
struct qtime_entry* qte = NULL; // Qtime
entry in system page
int i; off64_t p_addr;
if ((i = mem_offset64((void*)_syspage_ptr, NOFD, 1, &p_addr, NULL))
!= EOK)
{
fprintf(stderr, "Failed to get phyaddr %s\n", strerror(errno));
return -1;
}
rw_syspage = (struct syspage_entry*)
mmap_device_memory(NULL,SYSPAGE_SIZE,PROT_READ | PROT_WRITE,0,p_addr);
if (rw_syspage == MAP_FAILED) {
fprintf(stderr, "Failed to map system page %s\n",
strerror(errno));
return -2;
};
// Load in critical structures.
qte = (struct qtime_entry*)(((char*)rw_syspage) +
rw_syspage->qtime.entry_off);
printf("Success - new syspage vaddr: %X new qte vaddr:
%X\n",(unsigned long)rw_syspage,(unsigned long)qte);
return 0;
};
_______________________________________________
OSTech
http://community.qnx.com/sf/go/post31627
|
|
|
|