#include <stdio.h>
#include <sys/mman.h>  // mmap 

#include <sys/types.h> // open 
#include <sys/stat.h>
#include <fcntl.h>

#include <stdlib.h>    // exit
#include <errno.h>     // perror

#include <unistd.h>    // sleep

int main()
{
     void *addr;
     void *pa, *p0, *as;
     int fd;
     int i;

     if( (fd = open("thepage", O_RDWR)) < 0 ){
	  perror("Failed to open thepage");
	  exit(1);
     }

     // pa = mmap(addr, len, prot, flags, fildes, off);

     // mmap a throw-away page to get into a sane virtual address
     //  range, where VAs are likely to be granted as requested.
     p0 = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
     if( p0 == (void*)-1 ){
	  perror( "Failed to map p0");
	  exit(2);
     }
     
     printf( "Mapped p0 as %p\n", p0);
     sleep(1);

     printf("gimme as: ");
     scanf("%p", &as);
     printf("got as: %p\n", as);

     addr = p0;

     for( i=0 ; i < 100000; i++, addr -= 4096*i ){
	  pa = mmap(addr, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
	  if( pa == (void*)-1 ){
	       // printf( "Address %p invalid, skipping\n", addr);
	       // skip through these fast
	       continue;
	  }
	  else {
	       printf( "Mapped %p for %p color %d\n", pa, addr,
	       /* 
		*  Color is simple enough to find: the following is
		*  the actual contents of AS_2_BIN for a 4K page! Thus you
		*  only need to know the as of the process, and 
		*  in fact only the second and third hex digits of it.
		*  Together with the lowest two hex digits of the 
		*  virtual page these define the color. 
	        */
		       (((uintptr_t)addr>>12) + ((uintptr_t)as>>4)) & 0x7f );
	       *((char*)pa) = 'C'; /* so that we don't deal with COW */
	  }                        /* comment this and see what happens */
	  sleep(1);
     }
     
     return(0);
}

/* 
   Get heads of color lists with:
   *page_freelists+8/K | ::map *. | ::array page_t* 7f | ::map *.    
     (these are actual page_t structs)
   For each such pointer, do  ::list page_t p_next 

   E.g., this will print all free pages on color lists: 
   *page_freelists+8/K | ::map *. | ::array page_t* 7f | ::map *. | ::list page_t p_next | ::print page_t p_pagenum

   To dump the color N list (N MUST be hex!)
   *page_freelists+8/K | ::map *. | ::map .+8*N | /K | ::list page_t p_next | ::print page_t p_pagenum

   /K and map *. seem to be synonymous; spaces inside expressions are not allowed

   Aim for the first page in freelist; unless snapped up by another
   process, it will be yours for the asking, if you pick the right 
   color of the virtual address. For pages further down in the list,
   you'll need to allocate as many pages as precede them.

   */