Changes

| 1

| 1

|-

|-

| W

| W (Invalid, see below)

| 2

| 2

|-

|-

| 0x10000000

| 0x10000000

|}

|}

== enum MemoryState ==

== enum MemoryState ==

ControlMemory parameter MemoryType with value 0x10003 is used for mapping the GSP [[Memory_layout|heap]]. The low 8-bits are the type: 1 is for un-mapping memory, 3 for mapping memory. Type4 is used to mirror the RW memory at Addr1, to Addr0. Type4 will return an error if Addr1 is located in read-only memory. Addr1 is not used for type1 and type3.

ControlMemory parameter MemoryType with value 0x10003 is used for mapping the GSP [[Memory_layout|heap]]. The low 8-bits are the type: 1 is for un-mapping memory, 3 for mapping memory. Type4 is used to mirror the RW memory at Addr1, to Addr0. Type4 will return an error if Addr1 is located in read-only memory. Addr1 is not used for type1 and type3.

The ARM11 kernel does not allow processes to create shared memory blocks via svcCreateMemoryBlock, when the process memorytype (from the kernel flags stored in the exheader kernel descriptor) is the application memorytype, and when addr=0. When the memorytype is not the application memorytype and addr=0, the kernel allocates new memory for the calling process and turns it into a shared memory block. When addr is non-zero, it must be located in memory which is already mapped. Furthermore, it appears that only regular heap pages (allocated using svcControlMemory op=COMMIT) are accepted as valid addrs.

The ARM11 kernel does not allow processes to create shared memory blocks via svcCreateMemoryBlock, when the process memorytype (from the kernel flags stored in the exheader kernel descriptor) is the application memorytype, and when addr=0. When the memorytype is not the application memorytype and addr=0, the kernel allocates new memory for the calling process and turns it into a shared memory block. When addr is non-zero, it must be located in memory which is already mapped. Furthermore, it appears that only regular heap pages (allocated using svcControlMemory op=COMMIT) are accepted as valid addrs. The addr(+size) must be >=0x00100000 and <0x14000000.

ControlProcessMemory maps memory in the specified process, this is the only SVC which allows mapping executable memory. Format of the permissions field for memory mapping SVCs: bit0=R, bit1=W, bit2=X. Type6 sets the Addr0 memory permissions to the input permissions, for already mapped memory. Type is the MemoryOperation enum, without the memory-type/memory-region. ControlProcessMemory only supports type4, type5, and type6. ControlProcessMemory does not support using the current KProcess handle alias.

ControlProcessMemory maps memory in the specified process, this is the only SVC which allows mapping executable memory. Format of the permissions field for memory mapping SVCs: bit0=R, bit1=W, bit2=X. Type6 sets the Addr0 memory permissions to the input permissions, for already mapped memory. Type is the MemoryOperation enum, without the memory-type/memory-region. ControlProcessMemory only supports type4, type5, and type6. ControlProcessMemory does not support using the current KProcess handle alias.

MapProcessMemory maps RW memory starting at address 0x00100000 in the specified KProcess, at the specified StartAddr in the current process. MapProcessMemory then maps 0x08000000 in the specified process, to StartAddr+0x7f00000 in the current process. UnmapProcessMemory unmaps the memory which was mapped by MapProcessMemory.

Note that with the MAP MemoryOperation, the kernel will refuse to MAP memory for the specified addr1, when addr1 was already used with another MAP operation as addr1. The kernel also doesn't allow memory to be freed via the FREE MemoryOperation, when other virtual-memory is mapped to this same memory(when the MAP MemoryOperation was used with this memory with addr1). With the MAP MemoryOperation, the memory permissions for the original buffer are also set to no-access.

Note that with the MAP MemoryOperation, the kernel will refuse to MAP memory for the specified addr1, when addr1 was already used with another MAP operation as addr1. The kernel also doesn't allow memory to be freed via the FREE MemoryOperation, when other virtual-memory is mapped to this same memory(when the MAP MemoryOperation was used with this memory with addr1).

<code>'''MapProcessMemory'''(Handle process, u32 destAddr, u32 limit)</code> maps memory from the given process into the current process. This memory is mapped with permissions RW-, regardless of the permissions for the memory under the specified process. First <code>min(limit, 0x3F00000)</code> bytes are mapped starting from <code>0x00100000</code> in the source process to <code>destAddr</code> in the current process. Then <code>min(limit - 0x7F00000, 0x6000000)</code> bytes (if more than 0) are mapped from <code>0x08000000</code> in the source process to <code>destAddr + 0x7F00000</code> in the current process. Another way to view this is that it is overlaying the two ranges <code>[0x0010_0000; 0x0400_0000]</code> and <code>[0x0800_0000; 0x0E00_0000]</code> from the source process onto <code>[destAddr - 0x100000; destAddr + limit]</code> in the current process, truncating whatever part of the mapping that doesn't fit.  This system call is used by [[RO Services]] to map the program's code and heap into ro. Memory mapped by MapProcessMemory is unmapped by UnmapProcessMemory.

= How The Kernel Allocates And Tracks Memory =

= How The Kernel Allocates And Tracks Memory =

|-

|-

| 0x10

| 0x10

|  

| u32

| Added with v11.0.

| Nonce, doesn't seem to be read at all except during MAC calculation. Added with v11.0. Used with the new heap [[11.0.0-33|security]] feature. A kernel state field is copied to this field before calculating the MAC. Once done, that kernel state field is subtracted by the value of the calculated MAC stored below. Since this kernel state field is initially 0x0, this field for the FCRAM APPLICATION+0 MemoryBlockHeader during kernel boot is set to 0x0.

|-

|-

| 0x14

| 0x14

|  

| u32

| Added with v11.0. Used with the new heap [[11.0.0-33|security]] feature.

| MAC calculated over rest of struct. Added with v11.0. Used with the new heap [[11.0.0-33|security]] feature.

|}

|}

== RegionDescriptor ==

== RegionDescriptor ==

Size : 0x10 bytes

Size: 0x10-bytes pre-[[11.0.0-33|11.0.0-X]], 0x20-bytes starting with [[11.0.0-33|11.0.0-X]].

{| class="wikitable" border="1"

{| class="wikitable" border="1"

| 0x0

| 0x0

| MemoryBlockHeader*

| MemoryBlockHeader*

|  

| First

|-

|-

| 0x4

| 0x4

| MemoryBlockHeader*

| MemoryBlockHeader*

|  

| Last

|-

|-

| 0x8

| 0x8

| u32

| u32

| Region size

| Region size

|}

|}

== FCRAM Region Descriptor ==

== FCRAM Region Descriptor ==

Size : 0x50 bytes

Size: 0x50-bytes pre-[[11.0.0-33|11.0.0-X]], 0x80-bytes starting with [[11.0.0-33|11.0.0-X]].

 

{| class="wikitable" border="1"

{| class="wikitable" border="1"

| RegionDescriptor for app memory

| RegionDescriptor for app memory

|-

|-

| 0x10

| RegionDescriptor_size*1

| RegionDescriptor

| RegionDescriptor

| RegionDescriptor for sys memory

| RegionDescriptor for sys memory

|-

|-

| 0x20

| RegionDescriptor_size*2

| RegionDescriptor

| RegionDescriptor

| RegionDescriptor for base memory

| RegionDescriptor for base memory

|-

|-

| 0x30

| X + 0x0

| u32

| u32

| Ptr to start of FCRAM region descriptor

| Ptr to start of FCRAM region descriptor

|-

|-

| 0x34

| X + 0x4

| u32

| u32

| FCRAM start

| FCRAM start

|-

|-

| 0x38

| X + 0x8

| u32

| u32

| FCRAM size in pages

| FCRAM size in pages

|-

|-

| 0x3C

| X + 0xC

| u32

| u32

| Base memory start in FCRAM

| Base memory start in FCRAM

|-

|-

| 0x40

| X + 0x10

| u32

| u32

| Count of physical FCRAM used by the kernel, in bytes. (used by [[SVC|svcGetSystemInfo]])

| Count of physical FCRAM used by the kernel, in bytes. (used by [[SVC|svcGetSystemInfo]])

|-

|-

| 0x44

| X + 0x14

| u32

| u32

| ?

| ?

|-

|-

| 0x48

| X + 0x18

| KThread*

| KThread*

| Thread operating on region data

| Thread operating on region data

|-

|-

| 0x4C

| X + 0x1C

| s16

| s16

| Error info for thread listed above

| Error info for thread listed above

|-

|-

| 0x4E

| X + 0x1E

| u16

| u16

| Alignment

| Alignment