11.0.0: Difference between revisions
→Kernel: there's a whole lot of different stuff. |
|||
| (29 intermediate revisions by 4 users not shown) | |||
| Line 84: | Line 84: | ||
* KMemoryRegionTree::Insert now takes in last address instead of size. | * KMemoryRegionTree::Insert now takes in last address instead of size. | ||
** Several callsites now verify that last_address != 0xFFFF... | ** Several callsites now verify that last_address != 0xFFFF... | ||
* KMemoryRegionAllocator now uses a slabheap of count 200 instead of 1000. | |||
* KLinkedListNode now has slab size = #KThreads instead of #KThreads * 17. | |||
* "Virtual" cores now supported, KThread now stores core ID/affinity for both virtual and physical. | * "Virtual" cores now supported, KThread now stores core ID/affinity for both virtual and physical. | ||
* New SVC 0x37 "GetResourceLimitPeakValue" | * New SVC 0x37 "GetResourceLimitPeakValue" | ||
| Line 97: | Line 99: | ||
* Most KThread waits now use KThreadWaiterListIntrusiveNode instead of KThreadQueue | * Most KThread waits now use KThreadWaiterListIntrusiveNode instead of KThreadQueue | ||
* KConditionVariable no longer uses global threads for the call to .nfind() | * KConditionVariable no longer uses global threads for the call to .nfind() | ||
* KConditionVariable now sets the cv_key u32 value in userspace to 1 when a condvar has waiters, and to 0 when it does not. | |||
** New nnSdk code relies on this behavior. | |||
* SetupStackForUserModeThreadStarter (KThreadContext::Initialize) now sets X18 to (<cryptographically random u64> | 1), this value is unique for each thread. | |||
** This is used for Pointer Authentication changes in web browser. | |||
* KCoreLocalRegion deleted, replaced with pointer-to-current-thread | * KCoreLocalRegion deleted, replaced with pointer-to-current-thread | ||
** TPIDR_EL1 != X18 now, and TPIDR_EL1 now always points to the exception thread stack. | ** TPIDR_EL1 != X18 now, and TPIDR_EL1 now always points to the exception thread stack. | ||
| Line 115: | Line 121: | ||
* KPageHeapBitmapRng now has TinyMt as a data member, instead of directly implementing KPageHeap. | * KPageHeapBitmapRng now has TinyMt as a data member, instead of directly implementing KPageHeap. | ||
** This affects how constructor is invoked. | ** This affects how constructor is invoked. | ||
* New InfoType 24 ("FreeThreadCount") was added, gets the number of threads a process can allocate before exhausting its resource limit. | |||
* KMemoryBlock/KMemoryInfo now has extra members tracking u8 non_contig_bitflags, u16 ipc_non_contig_lock_count, u16 device_non_contig_lock_count | * KMemoryBlock/KMemoryInfo now has extra members tracking u8 non_contig_bitflags, u16 ipc_non_contig_lock_count, u16 device_non_contig_lock_count | ||
* KMemoryBlockManager Update now takes non-contig flags to determine where to coalesce (all coalescing must now happen forwards instead of either direction) | * KMemoryBlockManager Update now takes non-contig flags to determine where to coalesce (all coalescing must now happen forwards instead of either direction) | ||
| Line 166: | Line 173: | ||
* All titles were updated, except for the following (minus stubbed titles): SharedFont, Dictionary, UrlBlackList, LibraryAppletMiiEdit. | * All titles were updated, except for the following (minus stubbed titles): SharedFont, Dictionary, UrlBlackList, LibraryAppletMiiEdit. | ||
* The previously stubbed 010000000000001B sysmodule was replaced with [[Capmtp_services|capmtp]]. | * The previously stubbed 010000000000001B sysmodule was replaced with [[Capmtp_services|capmtp]]. | ||
The following sysmodules had IPC changes: [[USB_services|usb]], [[Settings_services|settings]], [[BCAT_services|bcat]], [[PTM_services|ptm]], [[Sockets_services|bsdsockets]], [[HID_services|hid]], [[Audio_services|audio]], [[WLAN_services|wlan]], [[Account_services|account]], [[NS_Services|ns]], [[PSC_services|psc]], [[Applet_Manager_services|am]], [[NIM_services|nim]], [[Display_services|vi]], [[Parental_Control_services|pctl]], [[Glue_services|glue]], [[ETicket_services|es]], [[Shared_Database_services|sdb]], [[OLSC_services|olsc]], [[PGL_services|pgl]], [[Filesystem_services|fs]], [[Loader_services|loader]], [[Services_API|sm]], [[Capture_services|capsrv]]. | |||
[[NPDM]] changes (see [[Services_API]] for service-hosting changes): | [[NPDM]] changes (see [[Services_API]] for service-hosting changes): | ||
| Line 221: | Line 230: | ||
* Applets: Various UI/graphics/sound/localization changes. | * Applets: Various UI/graphics/sound/localization changes. | ||
* Web-applets: "/buildinfo/buildinfo.dat" was updated, and "/.nrr/netfront.nrr" was renamed to "/.nrr/dll.nrr". | * Web-applets: "/buildinfo/buildinfo.dat" was updated, and "/.nrr/netfront.nrr" was renamed to "/.nrr/dll.nrr". | ||
* [[Album_Applet|LibraryAppletPhotoViewer]]: In addition to the above, "/http/" was added, which contains the following: | |||
** "index.html" | |||
** "js/index.js" | |||
** "styles/index.css" | |||
The new Nintendo Switch Online menu (which can be launched via qlaunch) is handled by [[Internet_Browser#Whitelisted_Applets|LibraryAppletLoginShare]]. | |||
=== [[HID_services|hid]]-sysmodule === | |||
Besides IPC changes, the ButtonConfig cmds updated the input s32 validation: when the input s32 is invalid (which now uses an unsigned compare), it now returns 0 or an error immediately, instead of Aborting. | |||
=== [[LDN_services|ldn]]-sysmodule === | |||
lp2p now supports using standard WPA2-PSK, which is used by [[#LibraryAppletPhotoViewer]]. | |||
=== [[SSL_services|ssl]]-sysmodule === | |||
TLS 1.3 is now [[SSL_services#SslVersion|supported]] if the user-process enables it. | |||
See also [[#OSS]]. | |||
=== [[PGL_services|pgl]]-sysmodule === | |||
* pgl now has a new ipc command, which just returns "ResultNotImplemented()" | |||
* pgl now detects when SnapShotDumper crashes, and launches creport in that case. | |||
* pgl now passes an additional argument to creport ("%d", formatted with the value of jit_debug!enable_jit_debug). | |||
=== [[Creport|creport]]-sysmodule === | |||
* creport now takes in an additional argument "jit_debug_enabled", when this is "1" the target process is not terminated on report completion. | |||
* creport now has access to fsp-srv, this is used to retrieve debugging information that is now attached to error reports. The following functions are called (with output/info attached to erpts): | |||
** GetSdCardSpeedMode | |||
** GetSdCardCid | |||
** GetSdCardUserAreaSize | |||
** GetSdCardProtectedAreaSize | |||
** GetAndClearSdCardErrorInfo | |||
** IsGameCardInserted | |||
** GetGameCardCid | |||
** GetGameCardErrorReportInfo | |||
** GetGameCardDeviceId | |||
** GetMmcSpeedMode | |||
** GetMmcCid | |||
** GetMmcPatrolCount | |||
** GetAndClearMmcErrorInfo | |||
** GetMmcExtendedCsd | |||
** GetAndClearMemoryReportInfo | |||
** GetAndClearFileSystemProxyErrorInfo | |||
=== [[Internet_Browser|Web-applets]] === | |||
These are now compiled with compiler Pointer Authentication / CFI mitigations enabled. This does not apply to non-web-applets. | |||
Pointer Authentication uses the crc32x instruction, and x18 as a cryptographically-random u64 provided by the kernel. The only userland code using x18 is the mul instruction for this, nothing else (applies to all NSOs/NROs). | |||
This is used to add/subtract x30 starting with bit40, during functions entry/exit. The code for entry/exit is identical, except that entry does add, and exit uses subtract: | |||
* The low 40-bits of x30 are extracted, then multiplied with x18. | |||
* <code>crc32x w17, wzr, x17</code> (which uses the above value) | |||
* Then the previously mentioned add/subtraction operation is done, with the output from the above shifted to bit40. | |||
The x18 is OR'd by kernel with 1, to make sure it is odd. This means that the multiply is a bijection; in other words, no entropy is lost when doing the multiply. If this had not been done, a random value that is divisible by a large power of two (the attacker can just keep spawning threads until gets such a one), would have weak cookies that allows the scheme to be trivially broken. | |||
CFI is implemented as follows: blr instructions no longer exist. When funcptrs are called, new functions are now called instead which handles the call. The u32 at funcptr_addr-4 must match 0xe7ffdefe, otherwise it will branch to undefined instruction 0x0000dead. Otherwise, it will jump to the funcptr_addr. | |||
Almost all functions now have the above u32 at -4, therefore funcptr calls now have to start at the actual funcptr start. However, this doesn't apply to calls done during functions' exit: these directly br to the funcptr_addr without extra validation. The br instructions in the .plt were also replaced with branches to the function described above. | |||
The above applies to all NSOs in ExeFs, except for LibraryAppletOfflineWeb which doesn't have it enabled. The NROs in the BrowserDll SystemData have it enabled for "/nro/netfront/dll_1/", however "dll_0" doesn't have it enabled (which is used by LibraryAppletOfflineWeb). | |||
This is referred to in the build-path strings as "NX-NXFP2-a64-cfi" (nnSdkEmpty), and "NX64-cfi" (OSS). | |||
=== LibraryAppletPhotoViewer === | |||
For details on the new sharing functionality in the Album applet, see [[Album_Applet|here]]. | |||
== OSS == | |||
[https://www.nintendo.co.jp/support/oss/index.html OSS] was updated. | |||
Besides WebKit, [[SSL_services|NSS/NSPR]] was updated: | |||
* NSPR was updated from 4.12 to 4.24. | |||
* <code>#define NSSUTIL_VERSION "3.26"</code> was changed to <code>#define NSSUTIL_VERSION "3.49.1"</code> | |||
Both src_{versions} directories were updated, with the same changes: | |||
* "rocrt_nro.cpp" updated | |||
* "NX-NXFP2-a64-cfi/rocrt.AssemblyOffset.h" Addded, identical to "NX-NXFP2-a64/rocrt.AssemblyOffset.h". | |||
==See Also== | ==See Also== | ||