IPC: Difference between revisions
No edit summary |
x/y were swapped between header table and command structure table |
||
| Line 6: | Line 6: | ||
|- | |- | ||
| 0-5 | | 0-5 | ||
| Number of translate parameters (= | | Number of translate parameters (=y) | ||
|- | |- | ||
| 6-11 | | 6-11 | ||
| Number of normal parameters (= | | Number of normal parameters (=x) | ||
|- | |- | ||
| 12-15 | | 12-15 | ||
Revision as of 21:31, 21 August 2014
Every IPC command sent to services starts with a u32 header code:
| Bits | Description |
|---|---|
| 0-5 | Number of translate parameters (=y) |
| 6-11 | Number of normal parameters (=x) |
| 12-15 | Unused |
| 16-31 | Command ID |
The entire command has the following structure:
| Word | Size | Description |
|---|---|---|
| 0 | 1 | Header code |
| 1 | x | Normal parameters |
| x | y | Translate parameters |
Translate parameters are modified/translated transparently by the kernel. They are used to transfer handles/buffers between the different processes.
The type of parameter is described by the bits 1-3 in the translation descriptor. Parameter types accepted for sending by the kernel are: 0, 1, 2, 5, 6, 7. Type 0 is used to send handles across processes:
if desc & 0x30 == 0x20:
write process id to value
else:
translate handle
if desc & 0x30 == 0x10:
close handle for caller
For replies, only 0, 1, 5, 6, 7 are allowed. In other words any type 2 fields must be zeroed before calling svcReplyAndReceive on the server-side. For replies type 0, 1, 2 are ignored. Types 5, 6, 7 do something with the mem pointer upon reply. The type 0 descriptor can be used to ignore parameters. The number of parameters covered by a type-0 descriptor is (desc >> 26) + 1.
| Type | Usual form | Description |
|---|---|---|
| 0 | 0x00000000
<handle> |
The corresponding value is a KHandle, that should be closed in calling process. |
| 0 | 0x00000010
<handle> |
The corresponding value is a KHandle, that will be duplicated. |
| 0 | 0x00000020
<placeholder> |
Let kernel set value to calling process ProcessID. |
| 1 | 0x0000???2 | (size<<14)
<ptr> |
The corresponding value contains a ptr to a buffer of said size, that should be copied to an already set-up buffer in destination process at threadlocalstorage+0x180. |
| 2 | 0x00000004 | Does something weird. |
| 3 | 0x00000006 | Does nothing? |
| 4 | 0x00000008 | This command will cause a kernelpanic. |
| 5 | 0x0000000A | (size<<4)
<ptr> |
The corresponding value contains a ptr to a buffer of said size. |
| 6 | 0x0000000C | (size<<4)
<ptr> |
The corresponding value contains a ptr to a buffer of said size. |
| 7 | 0x0000000E | (size<<4)
<ptr> |
The corresponding value contains a ptr to a buffer of said size. |
Buffers from commands 5,6,7 will get mapped at virtual address 0x04000000+ in destination process.