15.0.0: Difference between revisions
Move this to the sensible place. |
|||
| (10 intermediate revisions by 3 users not shown) | |||
| Line 126: | Line 126: | ||
*** KMemoryState_Io now supports the CanAlignedDeviceMap and CanDeviceMap flags. | *** KMemoryState_Io now supports the CanAlignedDeviceMap and CanDeviceMap flags. | ||
*** KPageTableBase::GetContiguousMemoryRangeWithState no longer checks that the passed memory address is heap. | *** KPageTableBase::GetContiguousMemoryRangeWithState no longer checks that the passed memory address is heap. | ||
**** KPageTable::MemoryRange now tracks whether the range is reference counted, and Close() only closes the pages if they are. | |||
*** KPageTableBase::OpenMemoryRangeForMapDeviceAddressSpace no longer checks passes KMemoryState_FlagReferenceCounted. | *** KPageTableBase::OpenMemoryRangeForMapDeviceAddressSpace no longer checks passes KMemoryState_FlagReferenceCounted. | ||
*** KPageTableBase::LockForMapDeviceAddressSpace takes two new arguments, an output bool * to write whether the state was io, and a bool for whether to check KMemoryState_FlagReferenceCounted. | *** KPageTableBase::LockForMapDeviceAddressSpace takes two new arguments, an output bool * to write whether the state was io, and a bool for whether to check KMemoryState_FlagReferenceCounted. | ||
| Line 159: | Line 160: | ||
** KHandleTable::Initialize now instantiates a KScopedDisableDispatch while setting up the table. | ** KHandleTable::Initialize now instantiates a KScopedDisableDispatch while setting up the table. | ||
===Loader=== | ====Loader==== | ||
The broken RNG for ASLR was [[Switch_System_Flaws|fixed]]. | The broken RNG for ASLR was [[Switch_System_Flaws|fixed]]. | ||
===[[Bluetooth_Driver_services|bluetooth]]=== | |||
Besides the various IPC changes, a vulnerable func was [[Switch_System_Flaws|fixed]]. | |||
===[[HID_services|hid]]=== | ===[[HID_services|hid]]=== | ||
Besides the various IPC changes, an infoleak vuln was [[Switch_System_Flaws|fixed]]. | Besides the various IPC changes, an infoleak vuln was [[Switch_System_Flaws|fixed]]. | ||
===[[WLAN_services|wlan]]=== | |||
Besides the various IPC changes, a vulnerable func was [[Switch_System_Flaws|fixed]]. | |||
===[[NS_Services|ns]]=== | |||
Besides the various IPC changes, vulnerable RNG usage was [[Switch_System_Flaws|fixed]] to properly use secure RNG where needed. | |||
===[[RO_services|ro]]=== | |||
The broken RNG for ASLR was [[Switch_System_Flaws|fixed]]. | |||
===nnSdk=== | |||
<code>nn::diag::detail::VAbortImpl</code> when handling the retaddr for storing elsewhere, now uses instruction [https://developer.arm.com/documentation/dui0801/g/A64-General-Instructions/XPACD--XPACI--XPACLRI xpaclri]. PAC instructions are NOPs on ARM hardware which doesn't support it, which includes current NX consoles. | |||
This is likely due to a LLVM [https://reviews.llvm.org/D84502 patch] where xpaclri is now always emitted and not related to actual Armv8.3 hardware. | |||
=== IPC Interface Changes === | === IPC Interface Changes === | ||
| Line 234: | Line 252: | ||
*** Added command 155 - inbytes: 6, outbytes: 1 | *** Added command 155 - inbytes: 6, outbytes: 1 | ||
** nn::btm::IBtm | ** nn::btm::IBtm | ||
*** | *** Removed command 112 - inbytes: 7, outbytes: 0 | ||
*** | *** Removed command 113 - inbytes: 6, outbytes: 1 | ||
*** Added command 116 - inbytes: 7, outbytes: 0 | *** Added command 116 - inbytes: 7, outbytes: 0 | ||
*** Added command 117 - inbytes: 6, outbytes: 1 | *** Added command 117 - inbytes: 6, outbytes: 1 | ||
| Line 291: | Line 309: | ||
*** Added command 4 - buffers: [5], inbytes: 0, outbytes: 0 | *** Added command 4 - buffers: [5], inbytes: 0, outbytes: 0 | ||
** nn::mnpp::detail::ipc::IServiceForSystem | ** nn::mnpp::detail::ipc::IServiceForSystem | ||
*** | *** Removed command 300 - inbytes: 0, outbytes: 1 | ||
*** | *** Removed command 400 - inbytes: 0, outbytes: 1 | ||
** nn::ncm::IContentMetaDatabase | ** nn::ncm::IContentMetaDatabase | ||
*** Added command 23 - inbytes: 16, outbytes: 1 | *** Added command 23 - inbytes: 16, outbytes: 1 | ||
| Line 310: | Line 328: | ||
*** Added command 141 - inbytes: 0, outbytes: 1 | *** Added command 141 - inbytes: 0, outbytes: 1 | ||
** nn::nim::detail::IShopServiceManager | ** nn::nim::detail::IShopServiceManager | ||
*** | *** Removed command 102 - inbytes: 0, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncValue'] | ||
*** | *** Removed command 103 - inbytes: 0, outbytes: 32 | ||
*** | *** Removed command 104 - inbytes: 0, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncValue'] | ||
*** | *** Removed command 105 - inbytes: 0, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncResult'] | ||
*** | *** Removed command 106 - inbytes: 0, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncResult'] | ||
*** | *** Removed command 501 - inbytes: 16, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncResult'] | ||
** nn::ns::detail::IApplicationManagerInterface | ** nn::ns::detail::IApplicationManagerInterface | ||
*** Added command 90 - inbytes: 8, outbytes: 0 | *** Added command 90 - inbytes: 8, outbytes: 0 | ||
*** Changed command 607 - inbytes: 16 -> 8 (final state: buffers: [6], inbytes: 8, outbytes: 4) | *** Changed command 607 - inbytes: 16 -> 8 (final state: buffers: [6], inbytes: 8, outbytes: 4) | ||
*** | *** Removed command 909 - inbytes: 8, outbytes: 0 | ||
*** Added command 2357 - inbytes: 0, outbytes: 0 | *** Added command 2357 - inbytes: 0, outbytes: 0 | ||
*** Added command 2358 - inbytes: 0, outbytes: 0 | *** Added command 2358 - inbytes: 0, outbytes: 0 | ||
*** Added command 2359 - inbytes: 0, outbytes: 1 | *** Added command 2359 - inbytes: 0, outbytes: 1 | ||
*** | *** Removed command 2516 - inbytes: 16, outbytes: 0 | ||
** nn::pdm::detail::IQueryService | ** nn::pdm::detail::IQueryService | ||
*** Removed command 7 - buffers: [6, 5], inbytes: 0, outbytes: 4 | *** Removed command 7 - buffers: [6, 5], inbytes: 0, outbytes: 4 | ||
| Line 333: | Line 351: | ||
*** Added command 10500 - buffers: [9], inbytes: 40, inhandles: [1], outbytes: 0, outinterfaces: ['nn::prepo::detail::ipc::IAsyncContext'], pid: True | *** Added command 10500 - buffers: [9], inbytes: 40, inhandles: [1], outbytes: 0, outinterfaces: ['nn::prepo::detail::ipc::IAsyncContext'], pid: True | ||
** nn::settings::ISystemSettingsServer | ** nn::settings::ISystemSettingsServer | ||
*** | *** Removed command 119 - inbytes: 1, outbytes: 3 | ||
** nn::srepo::detail::ipc::ISrepoService | ** nn::srepo::detail::ipc::ISrepoService | ||
*** Added command 10300 - buffers: [9], inbytes: 40, inhandles: [1], outbytes: 0, outinterfaces: ['nn::srepo::detail::ipc::IAsyncContext'] | *** Added command 10300 - buffers: [9], inbytes: 40, inhandles: [1], outbytes: 0, outinterfaces: ['nn::srepo::detail::ipc::IAsyncContext'] | ||