mirror of
https://github.com/Atmosphere-NX/Atmosphere.git
synced 2024-11-29 23:32:23 +00:00
exo/kern: 1.0.0 requires access to bpmp smmu regs, userland (am) needs to map bpmp exception vectors
This commit is contained in:
parent
49af4fae32
commit
cc6b8ea4d1
2 changed files with 23 additions and 11 deletions
|
@ -155,10 +155,27 @@ namespace ams::secmon::smc {
|
||||||
/* Find the access table. */
|
/* Find the access table. */
|
||||||
const AccessTableEntry * const entry = GetAccessTableEntry(address);
|
const AccessTableEntry * const entry = GetAccessTableEntry(address);
|
||||||
|
|
||||||
/* If we have a table, perform the write. */
|
/* Translate our entry into an address to access. */
|
||||||
|
uintptr_t virtual_address = 0;
|
||||||
if (entry != nullptr) {
|
if (entry != nullptr) {
|
||||||
/* Get the address to read or write. */
|
/* Get the address to read or write. */
|
||||||
const uintptr_t virtual_address = entry->virtual_address + (address - entry->address);
|
virtual_address = entry->virtual_address + (address - entry->address);
|
||||||
|
} else {
|
||||||
|
/* For no clearly discernable reason, SmcReadWriteRegister returns success despite not doing the read/write */
|
||||||
|
/* when accessing the SMMU controls for the BPMP and for APB-DMA. */
|
||||||
|
/* This is "probably" to fuck with hackers who got access to the SMC and are trying to get control of the */
|
||||||
|
/* BPMP to exploit jamais vu, deja vu, or other related DMA/wake-from-sleep vulnerabilities. */
|
||||||
|
constexpr uintptr_t MC = MemoryRegionPhysicalDeviceMemoryController.GetAddress();
|
||||||
|
SMC_R_UNLESS((address == (MC + MC_SMMU_AVPC_ASID) || address == (MC + MC_SMMU_PPCS1_ASID)), InvalidArgument);
|
||||||
|
|
||||||
|
/* For backwards compatibility, we'll allow access to these devices on 1.0.0. */
|
||||||
|
if (GetTargetFirmware() < TargetFirmware_2_0_0) {
|
||||||
|
virtual_address = MemoryRegionVirtualDeviceMemoryController.GetAddress() + (address - MC);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Perform the read or write, if we should. */
|
||||||
|
if (virtual_address != 0) {
|
||||||
u32 out = 0;
|
u32 out = 0;
|
||||||
|
|
||||||
if (mask != ~static_cast<u32>(0)) {
|
if (mask != ~static_cast<u32>(0)) {
|
||||||
|
@ -169,13 +186,6 @@ namespace ams::secmon::smc {
|
||||||
}
|
}
|
||||||
|
|
||||||
args.r[1] = out;
|
args.r[1] = out;
|
||||||
} else {
|
|
||||||
/* For no clearly discernable reason, SmcReadWriteRegister returns success despite not doing the read/write */
|
|
||||||
/* when accessing the SMMU controls for the BPMP and for APB-DMA. */
|
|
||||||
/* This is "probably" to fuck with hackers who got access to the SMC and are trying to get control of the */
|
|
||||||
/* BPMP to exploit jamais vu, deja vu, or other related DMA/wake-from-sleep vulnerabilities. */
|
|
||||||
constexpr uintptr_t MC = MemoryRegionPhysicalDeviceMemoryController.GetAddress();
|
|
||||||
SMC_R_UNLESS((address == (MC + MC_SMMU_AVPC_ASID) || address == (MC + MC_SMMU_PPCS1_ASID)), InvalidArgument);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return SmcResult::Success;
|
return SmcResult::Success;
|
||||||
|
|
|
@ -70,9 +70,11 @@ namespace ams::kern {
|
||||||
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x50041000, 0x1000, KMemoryRegionType_InterruptDistributor | KMemoryRegionAttr_ShouldKernelMap));
|
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x50041000, 0x1000, KMemoryRegionType_InterruptDistributor | KMemoryRegionAttr_ShouldKernelMap));
|
||||||
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x50042000, 0x1000, KMemoryRegionType_InterruptCpuInterface | KMemoryRegionAttr_ShouldKernelMap));
|
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x50042000, 0x1000, KMemoryRegionType_InterruptCpuInterface | KMemoryRegionAttr_ShouldKernelMap));
|
||||||
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x50043000, 0x1D000, KMemoryRegionType_None | KMemoryRegionAttr_NoUserMap));
|
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x50043000, 0x1D000, KMemoryRegionType_None | KMemoryRegionAttr_NoUserMap));
|
||||||
|
if (GetTargetFirmware() >= TargetFirmware_2_0_0) {
|
||||||
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x6000F000, 0x1000, KMemoryRegionType_None | KMemoryRegionAttr_NoUserMap));
|
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x6000F000, 0x1000, KMemoryRegionType_None | KMemoryRegionAttr_NoUserMap));
|
||||||
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x6001DC00, 0x400, KMemoryRegionType_None | KMemoryRegionAttr_NoUserMap));
|
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(0x6001DC00, 0x400, KMemoryRegionType_None | KMemoryRegionAttr_NoUserMap));
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
void SetupDramPhysicalMemoryRegions() {
|
void SetupDramPhysicalMemoryRegions() {
|
||||||
const size_t intended_memory_size = KSystemControl::Init::GetIntendedMemorySize();
|
const size_t intended_memory_size = KSystemControl::Init::GetIntendedMemorySize();
|
||||||
|
|
Loading…
Reference in a new issue