3DS System Flaws: Difference between revisions
mNo edit summary |
GSP behaviour |
||
| Line 1,315: | Line 1,315: | ||
| | | | ||
| smea, [[User:Yellows8|Yellows8]]/others before then | | smea, [[User:Yellows8|Yellows8]]/others before then | ||
|- | |||
| [[GSP_Services|GSP]] client management failures | |||
| Shared memory of GSP clients is all on the same page, this allows any GSP client to craft custom GX commands for other clients. | |||
When a process with memtype != APPLICATION acquires rights, the FCRAM cutoff is increased to 0x26800000 (O3DS) / 0x2D000000 (N3DS). Meanwhile, [[GSPGPU:TriggerCmdReqQueue]] does not check if the calling client has rendering rights. This allows any process to access most of the SYSTEM region by crafting DMA commands for the [[Home Menu]] (a non-APPLICATION process which is always a client of GSP) and jumping to it so that GSP updates the cutoff, while triggering queue processing from a separate thread. | |||
| Access to most of the SYSTEM memory region. | |||
| None | |||
| [[11.17.0-50|11.17.0-50]] | |||
| | |||
| May 2025 | |||
| [[User:kynex7510|kynex7510]], probably others | |||
|- | |- | ||
| rohax | | rohax | ||