Memory layout: Difference between revisions
(23 intermediate revisions by 7 users not shown) | |||
Line 33: | Line 33: | ||
| 0x17E10000 | | 0x17E10000 | ||
| 0x00001000 | | 0x00001000 | ||
| L2C-310 Level 2 Cache Controller (2MB) | | L2C-310 r3p3 Level 2 Cache Controller (2MB) | ||
|- | |- | ||
| style="background: green" | Yes | | style="background: green" | Yes | ||
| 0x18000000 | | 0x18000000 | ||
| 0x00600000 | | 0x00600000 | ||
| VRAM (divided in two | | VRAM (divided in two areas VRAM A and B, four banks in total) | ||
|- | |- | ||
| style="background: red" | No | | style="background: red" | No | ||
Line 72: | Line 72: | ||
===0x17E10000=== | ===0x17E10000=== | ||
The | The 32-bit register at <code>0x17E10000</code>+<code>0x100</code> only has bit 0 set when, on New 3DS, [[PTMSYSM:ConfigureNew3DSCPU]] was used with bit 1 set for the input value (the L2 cache flag). All other bits in this register are normally all-zero. Therefore, bit 0 set = new cache hardware enabled, bit 0 clear = new cache hardware disabled. This bit is how the ARM11 kernel checks whether the additional cache hardware is enabled). | ||
To enable the additional cache | To enable the additional cache hardware, the following is used by the ARM11 kernel: | ||
* Sets | * Sets bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>. | ||
To disable the additional cache | To disable the additional cache hardware, the following is used by the ARM11 kernel: | ||
* Writes value 0xFFFF to | * Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>. | ||
* Waits for | * Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear. | ||
* Writes value 0x0 to | * Writes value <code>0x0</code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>. | ||
* Clears | * Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>. | ||
=== 0x1F000000 ([[ | === <code>0x1F000000</code> ([[New 3DS]] only) === | ||
This area is used by [[QTM Services]] | This area is used by [[QTM Services]] and Kernel11,starting at offset <code>0x200000</code>, size <code>0x180000</code>. This area is not accessible to the GPU on the old 3DS. The old 3DS and New 3DS GSP module has <code>vaddr->physaddr</code> conversion code for this entire region. On the New 3DS, only the first <code>0x200000</code> bytes (half of this memory) are accessible to the GPU. | ||
== ARM9 == | == ARM9 == | ||
Line 152: | Line 152: | ||
| 0xFFF00000 | | 0xFFF00000 | ||
| 0x00004000 | | 0x00004000 | ||
| Data TCM (Mapped during bootrom) | | Data TCM (Mapped during bootrom). Enabled at the time Boot9 jumps to FIRM, however Kernel9+arm9loader disables it. | ||
|- | |- | ||
| style="background: green" | Yes | | style="background: green" | Yes | ||
Line 366: | Line 366: | ||
| RO | | RO | ||
|} | |} | ||
===[[Bootloader|Boot9]]=== | |||
{| class="wikitable" border="1" | |||
|- | |||
! Region | |||
! Address | |||
! Size | |||
! Privileged-mode data permissions | |||
! User-mode data permissions | |||
! Privileged-mode instruction permissions | |||
! User-mode instruction permissions | |||
|- | |||
| 0 | |||
| 0x20000000 | |||
| 0x08000000 | |||
| None | |||
| None | |||
| None | |||
| None | |||
|- | |||
| 1 | |||
| 0x10000000 | |||
| 0x10000000 | |||
| RW | |||
| RW | |||
| None | |||
| None | |||
|- | |||
| 2 | |||
| 0x08000000 | |||
| 0x00100000 | |||
| RW | |||
| RW | |||
| None | |||
| None | |||
|- | |||
| 3 | |||
| 0x08000000 | |||
| 0x00000400 | |||
| RW | |||
| RW | |||
| RO | |||
| RO | |||
|- | |||
| 4 | |||
| 0xFFF00000 | |||
| 0x00004000 | |||
| RW | |||
| RW | |||
| None | |||
| None | |||
|- | |||
| 5 | |||
| 0x07FF8000 | |||
| 0x00008000 | |||
| RW | |||
| RW | |||
| RO | |||
| RO | |||
|- | |||
| 6 | |||
| 0xFFFF0000 | |||
| 0x00010000 | |||
| RO | |||
| RO | |||
| RO | |||
| RO | |||
|- | |||
| 7 | |||
| 0x1FFFE000 | |||
| 0x00000800 | |||
| RW | |||
| RW | |||
| None | |||
| None | |||
|} | |||
* Instruction cachable bits = 0x40(only enabled for region6). | |||
* Data cachable bits = 0x44(only enabled for region2 and region6). | |||
* Data bufferable bits = 0x44(only enabled for region2 and region6). | |||
These are the same for both Old3DS/New3DS. | |||
==ARM9 ITCM== | ==ARM9 ITCM== | ||
Line 391: | Line 473: | ||
| | | | ||
| 0x3800 | | 0x3800 | ||
| | | 0x100 | ||
| This is the first 0x90 bytes of [[OTP_Registers#Plaintext_OTP|plaintext OTP]] when OTP hash verification is successful. The remaining 0x70 bytes are cleared. | |||
| This is the [[ | |||
|- | |- | ||
| 0x01FFB880 | | 0x01FFB880 | ||
| | | | ||
| | | 0x3890 | ||
| | | 0x70 | ||
| This is all- | | This is all zeros; boot ROM does not reveal the console-specific keys or the OTP hash in ITCM. | ||
|- | |- | ||
| 0x01FFB900 | | 0x01FFB900 | ||
Line 464: | Line 492: | ||
| 0x3B00 | | 0x3B00 | ||
| 0x200 | | 0x200 | ||
| This is the 0x200-bytes from the plaintext | | This is the 0x200-bytes from the plaintext FIRM header for the FIRM which was loaded by [[Bootloader|Boot9]]. This is the only location Boot9 uses for storing the loaded FIRM headers internally, it's not stored anywhere else. | ||
|- | |- | ||
| 0x01FFBD00 | | 0x01FFBD00 | ||
Line 553: | Line 581: | ||
| 0xB90 | | 0xB90 | ||
| Uninitialized memory. | | Uninitialized memory. | ||
0x01FFFC00 | |- | ||
| 0x01FFFC00 | |||
| | |||
| 0x7C00 | |||
| 0x100 | |||
| Starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching. | |||
|} | |} | ||
Line 573: | Line 606: | ||
* [[Virtual address mapping New3DS v9.0]] | * [[Virtual address mapping New3DS v9.0]] | ||
* [[Virtual address mapping New3DS v9.2]] | * [[Virtual address mapping New3DS v9.2]] | ||
* [[Virtual address mapping New3DS v11.1]] | |||
=ARM11 Detailed physical memory map= | =ARM11 Detailed physical memory map= | ||
Line 602: | Line 636: | ||
== FCRAM memory-regions layout == | == FCRAM memory-regions layout == | ||
FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]). | |||
Support for APPMEMTYPEs 6 and 7 (and 8?) was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]]. | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
! | ! APPMEMTYPE | ||
! | ! APPLICATION starting address (relative to FCRAM) | ||
! | ! APPLICATION region size | ||
! | ! SYSTEM starting address (relative to FCRAM) | ||
! | ! SYSTEM region size | ||
! | ! BASE starting address (relative to FCRAM) | ||
! | ! BASE region size | ||
|- | |- | ||
| 0 (default with regular 3DS kernel, used when the type is not 2-5) | | 0 (default with regular 3DS kernel, used when the type is not 2-5) | ||
Line 651: | Line 689: | ||
| 0x01400000 | | 0x01400000 | ||
|- | |- | ||
| 6 ( | | 6 and 8 (6 is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is neither 7 nor 8) | ||
| 0x0 | | 0x0 | ||
| 0x07C00000(124MB) | | 0x07C00000(124MB) | ||
Line 669: | Line 707: | ||
The SYSTEM mem-region size is calculated with: size = FCRAMTOTALSIZE - (APPLICATION_MEMREGIONSIZE + BASE_MEMREGIONSIZE). | The SYSTEM mem-region size is calculated with: size = FCRAMTOTALSIZE - (APPLICATION_MEMREGIONSIZE + BASE_MEMREGIONSIZE). | ||
All memory allocated by the kernel itself for kernel use is located under BASE. Most system-modules run under the BASE memregion too. | All memory allocated by the kernel itself for kernel use is located under BASE. Most system-modules run under the BASE memregion too. | ||
Line 772: | Line 808: | ||
==0xFF4XX000== | ==0xFF4XX000== | ||
Each [[KThread|thread]] is allocated a 0x1000-byte page in this region: the first page at 0xFF401000 is for the first created thread, 0xFF403000 for the second thread. This region is used to store the SVC-mode stack for the thread, and thread context data used for context switching. When the IRQ handler, prefetch/data abort handlers, and undefined instruction handler are entered where the SPSR-mode=user, these handlers then store LR+SPSR for the current mode on the SVC-mode stack, then these handlers switch to SVC-mode. | Each [[KThread|thread]] is allocated a 0x1000-byte page in this region for the [[KThreadContext|thread context]]: the first page at 0xFF401000 is for the first created thread, 0xFF403000 for the second thread. This region is used to store the SVC-mode stack for the thread, and thread context data used for context switching. When the IRQ handler, prefetch/data abort handlers, and undefined instruction handler are entered where the SPSR-mode=user, these handlers then store LR+SPSR for the current mode on the SVC-mode stack, then these handlers switch to SVC-mode. | ||
This page does not contain a dedicated block for storing R0-PC(etc). For user-mode, the user-mode regs are instead saved on the SVC-mode stack when IRQs such as timers for context switching are triggered. | This page does not contain a dedicated block for storing R0-PC(etc). For user-mode, the user-mode regs are instead saved on the SVC-mode stack when IRQs such as timers for context switching are triggered. | ||
For NATIVE_FIRM the memory pages for this region are located in FCRAM, however for TWL_FIRM these are located in AXI WRAM. For TWL_FIRM v6704 the first thread's page for this region is located at physical address 0x1FF93000, the next one at 0x1FF92000, etc. | For NATIVE_FIRM the memory pages for this region are located in FCRAM, however for TWL_FIRM these are located in AXI WRAM. For TWL_FIRM v6704 the first thread's page for this region is located at physical address 0x1FF93000, the next one at 0x1FF92000, etc. | ||
Line 855: | Line 872: | ||
| 0x1EC00000 | | 0x1EC00000 | ||
| 0x10100000 | | 0x10100000 | ||
| | | 0x00400000 | ||
| No | | No | ||
| [[IO]] registers, the mapped IO pages which each process can access is specified in the [[NCCH/Extended_Header|exheader]]. (Applications normally don't have access to registers in this range) | | [[IO]] registers, the mapped IO pages which each process can access is specified in the [[NCCH/Extended_Header|exheader]]. (Applications normally don't have access to registers in this range) | ||
Line 994: | Line 1,011: | ||
0xFFFF9004 Pointer to the current KProcess instance | 0xFFFF9004 Pointer to the current KProcess instance | ||
0xFFFF9008 Pointer to the current KScheduler instance | 0xFFFF9008 Pointer to the current KScheduler instance | ||
0xFFFF900C Pointer to the current KSchedulableInterruptEventLinkedList instance | |||
0xFFFF9010 Pointer to the last KThread to encounter an exception | 0xFFFF9010 Pointer to the last KThread to encounter an exception | ||