I’m writing a device driver. To attach my IRQ handler, I’ve to call
ThreadCtl(_NTO_TCTL_IO,0). But, after this function call, the process is
able to read and write at address 0 !!! ( I’m using a PowerPc processor ).
Why ? How to avoid this ?
The source code is :
main()
{
ThreadCtl(_NTO_TCTL_IO,0);
printf(“0 %d\n”,*((int *)0));
exit(0);
}
Thank you
Mauro DI LIDDO
Mauro DI LIDDO <m.diliddo@staubli.com> wrote:
I’m writing a device driver. To attach my IRQ handler, I’ve to call
ThreadCtl(_NTO_TCTL_IO,0). But, after this function call, the process is
able to read and write at address 0 !!! ( I’m using a PowerPc processor ).
Why ? How to avoid this ?
QNX is a memory protected system. So the ThreadCtl() call gives you the
rights to access many things, but doesn’t mean you have a 1:1 mapping of
the system’s address space. If you want to access the phyiscal address 0,
you should use mmap_device_memory() to setup a mapping and use the virtual
address it returns to access the phyiscal memory.
chris
–
Chris McKillop <cdm@qnx.com> “The faster I go, the behinder I get.”
Software Engineer, QSSL – Lewis Carroll –
http://qnx.wox.org/
Chris McKillop wrote:
Mauro DI LIDDO <> m.diliddo@staubli.com> > wrote:
I’m writing a device driver. To attach my IRQ handler, I’ve to call
ThreadCtl(_NTO_TCTL_IO,0). But, after this function call, the process is
able to read and write at address 0 !!! ( I’m using a PowerPc processor ).
Why ? How to avoid this ?
QNX is a memory protected system. So the ThreadCtl() call gives you the
rights to access many things, but doesn’t mean you have a 1:1 mapping of
the system’s address space. If you want to access the phyiscal address 0,
you should use mmap_device_memory() to setup a mapping and use the virtual
address it returns to access the phyiscal memory.chris
Hello Chris,
Thank you for your answer.
If I understand, the ThreadCtl() call gives me the right to access a
process address space from 0 to 0x07ffffff ( I’ve checked it ) between
the many things becoming accessible.
Is it possible that the call to ThreadCtl() gives me the access to all
the memory mapped (by mmap_device_memory() ) by the differents DLLs I’m
using ?
I was using the NULL pointer to detect unitialized pointers : I’ve to
changed it.
Is it right ?
Mauro
“Mauro DI LIDDO” <m.diliddo@staubli.com> wrote in message
news:bvtd2t$soa$1@inn.qnx.com…
If I understand, the ThreadCtl() call gives me the right to access a
process address space from 0 to 0x07ffffff ( I’ve checked it ) between
the many things becoming accessible.
ThreadCtl() will set the PR bit in the MSR, allowing some privledged actions
to take place while in your thread.
Is it possible that the call to ThreadCtl() gives me the access to all
the memory mapped (by mmap_device_memory() ) by the differents DLLs I’m
using ?
Mappings are process wide, and thus any thread can see/use them.
I was using the NULL pointer to detect unitialized pointers : I’ve to
changed it.
Why? - I doubt very much that you’d ever really want to dereference a NULL
pointer (exceptional cases exist).
–
Cheers,
Adam
With a PC, I always felt limited by the software available.
On Unix, I am limited only by my knowledge.
–Peter J. Schoenster <pschon@baste.magibox.net>
“Adam Mallory” <amallory@qnx.com> wrote in message news:bvtib5
If I understand, the ThreadCtl() call gives me the right to access a
process address space from 0 to 0x07ffffff ( I’ve checked it ) between
the many things becoming accessible.ThreadCtl() will set the PR bit in the MSR, allowing some privledged
actions
to take place while in your thread.
This should really read - 'ThreadCtl() will clear the PR bit in the
MSR…".
–
Cheers,
Adam
With a PC, I always felt limited by the software available.
On Unix, I am limited only by my knowledge.
–Peter J. Schoenster <pschon@baste.magibox.net>
Adam Mallory wrote:
“Mauro DI LIDDO” <> m.diliddo@staubli.com> > wrote in message
news:bvtd2t$soa$> 1@inn.qnx.com> …
If I understand, the ThreadCtl() call gives me the right to access a
process address space from 0 to 0x07ffffff ( I’ve checked it ) between
the many things becoming accessible.
ThreadCtl() will set the PR bit in the MSR, allowing some privledged actions
to take place while in your thread.
Is it possible that the call to ThreadCtl() gives me the access to all
the memory mapped (by mmap_device_memory() ) by the differents DLLs I’m
using ?
Mappings are process wide, and thus any thread can see/use them.
I was using the NULL pointer to detect unitialized pointers : I’ve to
changed it.
Why? - I doubt very much that you’d ever really want to dereference a NULL
pointer (exceptional cases exist).–
Cheers,
AdamQNX Software Systems Ltd.
[ > amallory@qnx.com > ]With a PC, I always felt limited by the software available.
On Unix, I am limited only by my knowledge.
–Peter J. Schoenster <> pschon@baste.magibox.net
Thank you for your explanation.
I think you’re right : I will check the different mappings used in my
software.
For the NULL pointer, it’s just for testing a particular part of my
software, I initialize some buffers of pointer with an invalid address.
And the NULL pointer is exceptionnally a valid address.
Mauro.
“Mauro DI LIDDO” <m.diliddo@staubli.com> wrote in message
news:bvto2h$7vu$1@inn.qnx.com…
Thank you for your explanation.
I think you’re right : I will check the different mappings used in my
software.
NP - let us know if you have any further questions.
For the NULL pointer, it’s just for testing a particular part of my
software, I initialize some buffers of pointer with an invalid address.
And the NULL pointer is exceptionnally a valid address.
Yep, I agree. It’s just from your previous email I got the impression you
took out the code to do this type of NULL pointer checks. I was curious on
why you were taking them out or at least changing them - I’d say they’re
valid (as long as a NULL pointer is invalid in your software).
–
Cheers,
Adam
With a PC, I always felt limited by the software available.
On Unix, I am limited only by my knowledge.
–Peter J. Schoenster <pschon@baste.magibox.net>
Adam Mallory wrote:
“Mauro DI LIDDO” <> m.diliddo@staubli.com> > wrote in message
news:bvto2h$7vu$> 1@inn.qnx.com> …
Thank you for your explanation.I think you’re right : I will check the different mappings used in my
software.
NP - let us know if you have any further questions.
I’ve other questions :
I’ve checked my different mappings : there’s no map to address
0-0x07ff ffff.
Is it possible that a QNX library for PowerPC MPC860 provides
this mapping ? ( this mapping is the complete memory address space 1:1
of our board ).
Is the ThreadCtl() ( MSR PR bit ) call gives access to the
memory without a mapping ? or disables the MMU memory protection ?
I’ve tested my software on a QNX PC : there’s no access available to
this address space.
Mauro.
For the NULL pointer, it’s just for testing a particular part of my
software, I initialize some buffers of pointer with an invalid address.
And the NULL pointer is exceptionnally a valid address.
Yep, I agree. It’s just from your previous email I got the impression you
took out the code to do this type of NULL pointer checks. I was curious on
why you were taking them out or at least changing them - I’d say they’re
valid (as long as a NULL pointer is invalid in your software).–
Cheers,
AdamQNX Software Systems Ltd.
[ > amallory@qnx.com > ]With a PC, I always felt limited by the software available.
On Unix, I am limited only by my knowledge.
–Peter J. Schoenster <> pschon@baste.magibox.net
\
“Mauro DI LIDDO” <m.diliddo@staubli.com> wrote in message
news:bvvj2r$nq4$1@inn.qnx.com…
I’ve checked my different mappings : there’s no map to address
0-0x07ff ffff.Is it possible that a QNX library for PowerPC MPC860 provides
this mapping ? ( this mapping is the complete memory address space 1:1
of our board ).
No, but now that you have privledged access, privledged mappings are
available. These mappings are normal, and you should just ignore them.
Is the ThreadCtl() ( MSR PR bit ) call gives access to the
memory without a mapping ? or disables the MMU memory protection ?
Well the MMU is still active, but when you’re a privledged thread, you have
‘special’ access to what a general user privledged thread would not.
I’ve tested my software on a QNX PC : there’s no access available to
this address space.
X86, has a different memory map than PPC - in x86 the kernel and ‘special’
areas are mapped up high, whereas the PPC has them down low.
Cheers,
Adam
With a PC, I always felt limited by the software available.
On Unix, I am limited only by my knowledge.
–Peter J. Schoenster <pschon@baste.magibox.net>