Project

General

Profile

Download (1.47 KB)

Bug #63906 » poc.c

Tao Lyu, 01/05/2024 09:15 AM

 
#define _GNU_SOURCE
#include <sys/mman.h>
#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/stat.h>
#include <fcntl.h>

void main(int argc, char **argv){

int clt = atoi(argv[1]);

//loop for star
int mfd = open("/sys/bus/pci/devices/0000:00:10.0/resource2", O_RDWR);
if (mfd <= 0) printf("open IVSHM error\n");
volatile char *msg = (char *)mmap(0, 1 * 1024 * 1024, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0);
if(msg == NULL) printf("mmap failed\n");

if (clt == 1) {
//clt4 starts
while(!msg[1]) {}
__sync_synchronize();
//create file0
syscall(__NR_open, "./file0", 0x40, 0xa);
__sync_synchronize();
//ping clt4
msg[0] = 1;
__sync_synchronize();
//wait clt4 finish
while(!msg[2]) {}
__sync_synchronize();
syscall(__NR_chmod, "./file0", 0x0);
msg[3] = 1;

struct stat stat_buf;
stat("./file0", &stat_buf);
printf("stat: %d, %d\n", stat_buf.st_mode, S_ISREG(stat_buf.st_mode));
} else if (clt == 2) {
msg[1] = 1;
__sync_synchronize();
while(!msg[0]) {}
__sync_synchronize();
int r0 = syscall(__NR_open, "./file0", 0x80e82, 0x0);
msg[2] = 1;
__sync_synchronize();
while(!msg[3]) {}
__sync_synchronize();
struct stat stat_buf;
stat("./file0", &stat_buf);
printf("stat: %d, %d\n", stat_buf.st_mode, S_ISREG(stat_buf.st_mode));
}
}
(1-1/3)