Difference between revisions of "Memory layout"
Jump to navigation
Jump to search
| Line 182: | Line 182: | ||
All executable pages are read-only, and data pages have the execute-never permission set. Normally .text from the loaded ExeFS:/.code is the only mapped executable memory. Executable [[RO Services|CROs]] can be loaded into memory, once loaded the CRO .text section memory page permissions are changed via [[SVC|ControlProcessMemory]] from RW- to R-X. The address and size of each ExeFS:/.code section is stored in the exheader, the permissions for each section is: .text R-X, .rodata R--, .data RW-, and .bss RW-. The loaded .code is mapped to the addresses specified in the exheader by the ARM11 kernel. The stack permissions is initialized by the ARM11 kernel: RW-. The heap permissions is normally RW-. | All executable pages are read-only, and data pages have the execute-never permission set. Normally .text from the loaded ExeFS:/.code is the only mapped executable memory. Executable [[RO Services|CROs]] can be loaded into memory, once loaded the CRO .text section memory page permissions are changed via [[SVC|ControlProcessMemory]] from RW- to R-X. The address and size of each ExeFS:/.code section is stored in the exheader, the permissions for each section is: .text R-X, .rodata R--, .data RW-, and .bss RW-. The loaded .code is mapped to the addresses specified in the exheader by the ARM11 kernel. The stack permissions is initialized by the ARM11 kernel: RW-. The heap permissions is normally RW-. | ||
| + | |||
| + | All userland memory is mapped with RW permissions for privileged-mode. However, normally the ARM11 kernel only uses userland read/write instructions(or checks that the memory can be written from userland first) for accessing memory specified by [[SVC|SVCs]]. | ||
Revision as of 19:17, 5 December 2012
ARM11 Physical memory regions
| Address | Size | Description |
|---|---|---|
| 0x0 | 0x10000 | Bootrom (super secret code/data @ 0x8000) |
| 0x10000 | 0x10000 | Bootrom mirror |
| 0x10000000 | ? | IO memory |
| 0x18000000 | 0x600000 | VRAM? |
| 0x1FF00000 | 0x80000 | DSP memory |
| 0x1FF80000 | 0x80000 | AXI WRAM |
| 0x20000000 | 0x8000000 | FCRAM |
ARM11 Detailed physical memory map
18000000 - 18600000: ? 1FFF0000 - 1FFF1000: ? 1FFF1000 - 1FFF2000: ? 1FFF2000 - 1FFF3000: ? 1FFF3000 - 1FFF4000: ? 1FFF4000 - 1FFF5000: Exception vectors 1FFF5000 - 1FFF5800: Unused? 1FFF5800 - 1FFF5C00: 256-entry L2 MMU table for VA FF4xx000 1FFF5C00 - 1FFF6000: 256-entry L2 MMU table for VA FF5xx000 1FFF6000 - 1FFF6400: 256-entry L2 MMU table for VA FF6xx000 1FFF6400 - 1FFF6800: 256-entry L2 MMU table for VA FF7xx000 1FFF6800 - 1FFF6C00: 256-entry L2 MMU table for VA FF8xx000 1FFF6C00 - 1FFF7000: 256-entry L2 MMU table for VA FF9xx000 1FFF7000 - 1FFF7400: 256-entry L2 MMU table for VA FFAxx000 1FFF7400 - 1FFF7800: 256-entry L2 MMU table for VA FFBxx000 1FFF7800 - 1FFF7C00: MMU table but unused? 1FFF7C00 - 1FFF8000: 256-entry L2 MMU table for VA FFFxx000 1FF80000 - 1FFAB000: Kernel code 1FFAB000 - 1FFF0000: SlabHeap [temporarily contains boot processes] 1FFF8000 - 1FFFC000: ? 1FFFC000 - 20000000: 4096-entry L1 MMU table for VA xxx00000 20000000 - 28000000: Main memory
ARM11 Detailed virtual memory map
E8000000 - E8600000: mapped ? (18000000 - 18600000) EFF00000 - F0000000: mapped Internal memory (1FF00000 - 20000000) F0000000 - F8000000: mapped Main memory FF401000 - FF402000: mapped ? (27FC7000 - 27FC8000) FF403000 - FF404000: mapped ? (27FC2000 - 27FC3000) FF405000 - FF406000: mapped ? (27FBB000 - 27FBC000) FF407000 - FF408000: mapped ? (27FB3000 - 27FB4000) FF409000 - FF40A000: mapped ? (27F8E000 - 27F8F000) FFF00000 - FFF45000: mapped SlabHeap FFF60000 - FFF8B000: mapped Kernel code FFFCC000 - FFFCD000: mapped IO ? (10144000 - 10145000) FFFCE000 - FFFCF000: mapped IO PDC (10400000 - 10401000) FFFD0000 - FFFD1000: mapped IO PDN (10141000 - 10142000) FFFD2000 - FFFD3000: mapped IO PXI (10163000 - 10164000) FFFD4000 - FFFD5000: mapped IO PAD (10146000 - 10147000) FFFD6000 - FFFD7000: mapped IO LCD (10202000 - 10203000) FFFD8000 - FFFD9000: mapped IO ? (10140000 - 10141000) FFFDA000 - FFFDB000: mapped IO XDMA (10200000 - 10201000) FFFDC000 - FFFE0000: mapped ? (1FFF8000 - 1FFFC000) FFFE1000 - FFFE2000: mapped ? (1FFF0000 - 1FFF1000) FFFE3000 - FFFE4000: mapped ? (1FFF2000 - 1FFF3000) FFFE5000 - FFFE9000: mapped L1 MMU table for VA xxx00000 FFFEA000 - FFFEB000: mapped ? (1FFF1000 - 1FFF2000) FFFEC000 - FFFED000: mapped ? (1FFF3000 - 1FFF4000) FFFEE000 - FFFF0000: mapped IO IRQ (17E00000 - 17E02000) FFFF0000 - FFFF1000: mapped Exception vectors FFFF2000 - FFFF6000: mapped L1 MMU table for VA xxx00000 FFFF7000 - FFFF8000: mapped ? (1FFF1000 - 1FFF2000) FFFF9000 - FFFFA000: mapped ? (1FFF3000 - 1FFF4000) FFFFB000 - FFFFE000: mapped L2 MMU tables (1FFF5000 - 1FFF8000)
ARM11 User-land memory regions
| Virtual Address Base | Physical Address Base | Region Max Size | Description |
|---|---|---|---|
| 0x00100000 / 0x14000000 | 0x03F00000 | The ExeFS:/.code is loaded here, executables must be loaded to the 0x00100000 region when the exheader "special memory" flag is clear. The 0x03F00000-byte size restriction only applies when this flag is clear. Executables are usually loaded to 0x14000000 when the exheader "special memory" flag is set, however this address can be arbitrary. | |
| 0x08000000 | 0x08000000 | Heap mapped by ControlMemory | |
| 0x10000000-StackSize | StackSize from process exheader | Stack for the main-thread, initialized by the ARM11 kernel. The StackSize from the exheader is usually 0x4000, therefore the stack-bottom is usually 0x0FFFC000. The stack for the other threads is normally located in the process .data section however this can be arbitrary. | |
| 0x10000000 | 0x04000000 | Applications usually map this region for HID | |
| 0x14000000 | 0x08000000 | Can be mapped by ControlMemory | |
| 0x1EC00000 | 0x10100000 | 0x01000000 | IO registers, the mapped IO pages which each process can access is specified in the CXI exheader.(Applications normally don't have access to registers in this range) |
| 0x1F000000 | 0x18000000 | 0x00600000 | VRAM? Access to this is specified by the exheader. |
| 0x1FF00000 | 0x1FF00000 | 0x00080000 | DSP memory, access to this is specified by the exheader. |
| 0x1FF80000 | 0x1000 | Configuration Memory, all processes have access to this however write-permission to this page is specified by the exheader "Shared page writing" kernel flag. | |
| 0x1FF81000 | 0x1000 | Shared page, access to this is the same as 0x1FF80000. |
All executable pages are read-only, and data pages have the execute-never permission set. Normally .text from the loaded ExeFS:/.code is the only mapped executable memory. Executable CROs can be loaded into memory, once loaded the CRO .text section memory page permissions are changed via ControlProcessMemory from RW- to R-X. The address and size of each ExeFS:/.code section is stored in the exheader, the permissions for each section is: .text R-X, .rodata R--, .data RW-, and .bss RW-. The loaded .code is mapped to the addresses specified in the exheader by the ARM11 kernel. The stack permissions is initialized by the ARM11 kernel: RW-. The heap permissions is normally RW-.
All userland memory is mapped with RW permissions for privileged-mode. However, normally the ARM11 kernel only uses userland read/write instructions(or checks that the memory can be written from userland first) for accessing memory specified by SVCs.