内存布局

Revision as of 11:59, 29 March 2013 by Syphurith (talk | contribs) (Partly translated)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

ARM11物理内存区域

地址 大小 说明
0x0 0x10000 Bootrom (超私密代码数据 @ 0x8000)
0x10000 0x10000 Bootrom备份
0x10000000 ? IO内存
0x17E00000 0x2000 MPCore私有内存区域
0x18000000 0x600000 VRAM
0x1FF00000 0x80000 DSP内存
0x1FF80000 0x80000 AXI WRAM
0x20000000 0x8000000 FCRAM

硬件内存映射

ARM11详细物理内存映射

18000000 - 18600000: VRAM

1FF80000 - 1FFAB000: Kernel code
1FFAB000 - 1FFF0000: SlabHeap [临时装载启动进程]
1FFF0000 - 1FFF1000: ?
1FFF1000 - 1FFF2000: ?
1FFF2000 - 1FFF3000: ?
1FFF3000 - 1FFF4000: ?
1FFF4000 - 1FFF5000: 异常向量表
1FFF5000 - 1FFF5800: Unused?
1FFF5800 - 1FFF5C00: 虚拟地址(VA)FF4xx000对应的256入口L2 MMU表
1FFF5C00 - 1FFF6000: 虚拟地址(VA)FF5xx000对应的256入口L2 MMU表
1FFF6000 - 1FFF6400: 虚拟地址(VA)FF6xx000对应的256入口L2 MMU表
1FFF6400 - 1FFF6800: 虚拟地址(VA)FF7xx000对应的256入口L2 MMU表
1FFF6800 - 1FFF6C00: 虚拟地址(VA)FF8xx000对应的256入口L2 MMU表
1FFF6C00 - 1FFF7000: 虚拟地址(VA)FF9xx000对应的256入口L2 MMU表
1FFF7000 - 1FFF7400: 虚拟地址(VA)FFAxx000对应的256入口L2 MMU表
1FFF7400 - 1FFF7800: 虚拟地址(VA)FFBxx000对应的256入口L2 MMU表
1FFF7800 - 1FFF7C00: 是MMU表但是好像没使用?
1FFF7C00 - 1FFF8000: 虚拟地址(VA)FFFxx000对应的256入口L2 MMU表
1FFF8000 - 1FFFC000: 虚拟地址(VA)xxx00000对应的4096入口L1 MMU表(CPU 0 or 1)
1FFFC000 - 20000000: 虚拟地址(VA)xxx00000对应的4096入口L1 MMU表(CPU 1 or 0)
20000000 - 28000000: 主内存

ARM11详细虚拟内存映射

E8000000 - E8600000: 映射到VRAM (18000000 - 18600000)

EFF00000 - F0000000: 映射到内部内存(1FF00000 - 20000000)
F0000000 - F8000000: 映射到主内存

FF401000 - FF402000: 映射到 ? (27FC7000 - 27FC8000)

FF403000 - FF404000: 映射到 ? (27FC2000 - 27FC3000)

FF405000 - FF406000: 映射到 ? (27FBB000 - 27FBC000)

FF407000 - FF408000: 映射到 ? (27FB3000 - 27FB4000)

FF409000 - FF40A000: 映射到 ? (27F8E000 - 27F8F000)

FFF00000 - FFF45000: 映射到SlabHeap 

FFF60000 - FFF8B000: 映射到内核代码

FFFCC000 - FFFCD000: 映射到IO I2C second bus (10144000 - 10145000)

FFFCE000 - FFFCF000: 映射到IO PDC (10400000 - 10401000)

FFFD0000 - FFFD1000: 映射到IO PDN (10141000 - 10142000)

FFFD2000 - FFFD3000: 映射到IO PXI (10163000 - 10164000)

FFFD4000 - FFFD5000: 映射到IO PAD (10146000 - 10147000)

FFFD6000 - FFFD7000: 映射到IO LCD (10202000 - 10203000)

FFFD8000 - FFFD9000: 映射到IO ? (10140000 - 10141000)

FFFDA000 - FFFDB000: 映射到IO XDMA (10200000 - 10201000)

FFFDC000 - FFFE0000: 映射到 ? (1FFF8000 - 1FFFC000)

FFFE1000 - FFFE2000: 映射到 ? (1FFF0000 - 1FFF1000)

FFFE3000 - FFFE4000: 映射到 ? (1FFF2000 - 1FFF3000)

FFFE5000 - FFFE9000: 映射到虚拟内存(VA)xxx00000的L1 MMU表

FFFEA000 - FFFEB000: 映射到 ? (1FFF1000 - 1FFF2000)

FFFEC000 - FFFED000: 映射到 ? (1FFF3000 - 1FFF4000)

FFFEE000 - FFFF0000: 映射到IO中断 (17E00000 - 17E02000)

FFFF0000 - FFFF1000: 映射到异常向量表

FFFF2000 - FFFF6000: 映射到虚拟内存(VA)xxx00000的L1 MMU表

FFFF7000 - FFFF8000: 映射到 ? (1FFF1000 - 1FFF2000)

FFFF9000 - FFFFA000: 映射到 ? (1FFF3000 - 1FFF4000)

FFFFB000 - FFFFE000: 映射到L2 MMU表(1FFF5000 - 1FFF8000)

ARM11用户空间内存区域

虚拟基地址 物理基地址 分区最大大小 描述
0x00100000 / 0x14000000 0x03F00000 ExeFS:/.code会装载到这里,可执行文件必须在exheader "special memory"标志清零前加载到0x00100000区域。 只有当标志清零后才会有0x03F00000字节大小的限制。当exheader "special memory"置数时,可执行文件一般会加载到0x14000000,其实这个地址可以任意。
0x08000000 For applications: FCRAM + GSP heap size 0x08000000 Heap mapped by ControlMemory
0x10000000-StackSize .bss physical address - total stack pages StackSize from process exheader Stack for the main-thread, initialized by the ARM11 kernel. The StackSize from the exheader is usually 0x4000, therefore the stack-bottom is usually 0x0FFFC000. The stack for the other threads is normally located in the process .data section however this can be arbitrary.
0x10000000 0x04000000 Shared memory
0x14000000 FCRAM+0 0x08000000 Can be mapped by ControlMemory, this is used for the application's GSP heap.
0x1EC00000 0x10100000 0x01000000 IO registers, the mapped IO pages which each process can access is specified in the CXI exheader.(Applications normally don't have access to registers in this range)
0x1F000000 0x18000000 0x00600000 VRAM, access to this is specified by the exheader.
0x1FF00000 0x1FF00000 0x00080000 DSP memory, access to this is specified by the exheader.
0x1FF80000 0x1000 Configuration Memory, all processes have access to this however write-permission to this page is specified by the exheader "Shared page writing" kernel flag.
0x1FF81000 0x1000 Shared page, access to this is the same as 0x1FF80000.

All executable pages are read-only, and data pages have the execute-never permission set. Normally .text from the loaded ExeFS:/.code is the only mapped executable memory. Executable CROs can be loaded into memory, once loaded the CRO .text section memory page permissions are changed via ControlProcessMemory from RW- to R-X. The address and size of each ExeFS:/.code section is stored in the exheader, the permissions for each section is: .text R-X, .rodata R--, .data RW-, and .bss RW-. The loaded .code is mapped to the addresses specified in the exheader by the ARM11 kernel. The stack permissions is initialized by the ARM11 kernel: RW-. The heap permissions is normally RW-.

All userland memory is mapped with RW permissions for privileged-mode. However, normally the ARM11 kernel only uses userland read/write instructions(or checks that the memory can be written from userland first) for accessing memory specified by SVCs.

The virtual memory located below 0x20000000 is process-unique, processes can't directly access memory for other processes. The virtual memory starting at 0x20000000 is only accessible in privileged-mode. When service commands are used, the kernel maps memory in the destination process for input/output buffers, where the addresses in the command received by the process is replaced by this mapped memory. When this is an input buffer, the buffer data is copied to the mapped memory. When this is an output buffer, the data stored in the mapped memory is copied to the destination buffer specified in the command.

The physical address which memory for the application memory-type is mapped to begins at FCRAM+0, the total memory allocated for this memory-type is stored in Configuration_Memory. Applications' exefs:/.code under the application memory-type is mapped at FCRAM + APPMEMALLOC - exefs:/.code size aligned to the page size. The application .bss is mapped at CODEADDR - .bss size aligned down to the page size. Once the application exefs:/.code, .bss, and stack are mapped, APPMEMALLOC is set to APPMEMALLOC - (stacksize + bss_size + codesize), where stacksize, bss_size, and code_size are aligned to the page size.

系统内存细节

0xFFFF9004是指向当前KProcess示例的指针。

句柄

句柄0xFFFF8001是到当前KProcess的引用。

VRAM Map While Running Webbrowser

  • 0x1e6000-0x22C500 -- top screen framebuffer 0(240x400x3)
  • 0x22C800-0x272D00 -- top screen framebuffer 1(240x400x3)
  • 0x273000-0x2B9500 -- top screen framebuffer 2(240x400x3)
  • 0x2B9800-0x2FFD00 -- top screen framebuffer 3(240x400x3)
  • 0x48F000-0x4C7400 -- bottom screen framebuffer 0(240x320x3)
  • 0x4C7800-0x4FF800 -- bottom screen framebuffer 1(240x320x3)