15.0.0: Difference between revisions

The Switch 15.0.0 system update was released on October 11, 2022 (UTC). This Switch update was released for the following regions: ALL, and CHN.

Security flaws fixed: yes.

Change-log

Official ALL change-log:

• The location of the Bluetooth® Audio menu within System Settings has moved.
• Screenshots can be taken using the Capture Button while in the Nintendo Switch Online application found on the Nintendo Switch HOME Menu. Video capture is not supported.
• General system stability improvements to enhance the user's experience.

System Titles

• All sysmodules were updated, except for lbl which was previously stubbed. New sysmodule eth was added.
• All SystemData were updated, except for the following: SharedFont, Dictionary, AvatarImage, Eula, ControllerIcon, ApplicationBlackList, FunctionBlackList.
• The following applets were updated: qlaunch, controller, dataErase, error, netConnect, playerSelect, web-applets, OverlayApplet, photoViewer.

NPDM changes (see here for service hosting changes):

• bluetooth: Access to srepo:u was added.
• bcat: Access to sprof:sp was removed.
• nifm: Access to ethc:c, ethc:i, and various wlan:* services were removed. Access to bsd:nu, eth:nd, wlan, and wlan:nd were added.
• bsdsocket: "Lowest Allowed CPU ID" was changed from 3 to 0. Access to usb:hs and the various wlan:* services were removed.
• wlan: Access to srepo:u was added.
• ldn: Access to psc:m and the various wlan:* services were removed. Access to the wlan service was added.
• ns: Access to audctl was removed. Access to csrng and dauth:0 was added.
• ssl: "Lowest Allowed CPU ID" was changed from 3 to 0.
• nim: Access to ssl was replaced with ssl:s.
• glue: FS permissions now has bitmask 0x0000004000000000 set.
• ro: Access to csrng was added.
• omm: FS permissions now has bitmask 0x0000000000100000 set.
• qlaunch: Access to mnpp:sys and spbg:sp were removed.

RomFs changes (besides sysver titles):

• CertStore: "/ssl_TrustedCerts.bdf" updated
• ErrorMessage: various error messages updated/added
• BrowserDll:
  • "/browser/MediaControlsInline.css" updated
  • "/browser/MediaControlsInline.js" updated
  • "/buildinfo/buildinfo.dat" updated
  • "/lyt/Browse/FocusNodeFrame.arc" updated
  • "/message/": localization data updated
  • "/nro/": The various NROs located under these sub-dirs were updated.
• Help:
  • "/legallines.htdocs/img/HDMI.png" updated
  • "/legallines.htdocs/index.html" updated
  • "/safe.htdocs/html/{dir}/", where {dir} is "JPja", "KRko", and "TWzh":
    • "index.html", "page_02.html", "page_04.html": updated
• UrlBlackList:
  • "/listCommon.txt" updated
• TimeZoneBinary: updated
• FirmwareDebugSettings/PlatformConfigIcosa/PlatformConfigCopper/PlatformConfigHoag/PlatformConfigIcosaMariko/PlatformConfigAula: updated
• ControllerFirmware: "/FirmwareInfo.csv" and "/raizo_ep2_ota.bin" updated
• NgWordT: updated
• Applets: Various UI/localization data updated. For web-applets, the NRR and buildinfo.dat were also updated.

BootImagePackages

All files in RomFs were updated.

Kernel

• Compiler changes:
  • Compiler upgrade
    • [What version of clang?]
    • Clang is optimizing much more aggressively in some places.
    • Notably, there are many code locations now where clang doesn't actually increment the KSchedulerLock's count field, presumably because it sees it will be decremented at end of scope...
      • This isn't exploitable, and it is """correct""", but it is worth noting to other reverse engineers because it is very confusing to see the count field unchanged or reloaded after function calls.
  • Code is now compiled with -fomit-frame-pointer.
• Initialization changes:
  • When the thread resource limit is increased, 24 MB of virtual space is now reserved for the Kernel stack region instead of 14 MB.
• In HorizonKernelMain:
  • DoOnEachCoreInOrder is no longer inlined, when setting up the main/interrupt threads. It is still inlined in all other places.
• Multiple fixed-allocations from the system pool/resource limit were removed/revised, presumably to prevent them from unnecessarily fragmenting the pool forever.
  • AppletSecureMemory is now allocated statically, instead of dynamically.
    • Previously, 4 MB was allocated from the system pool/resource limit during main.
    • Initialize0 now reserves the 4 MB immediately after the slab heaps for this.
      • DRAM layout is now like [tz reserved] [kernel] [slab heaps] [applet secure memory] [pt heap] [init pt] [memory pool partitions].
      • The virtual memory region type is 0x62; the physical memory region type is 0xC200018E.
  • The KPageBuffer slab heap is no longer dynamically allocated from KMemoryManager.
    • Previously, the required number of pages were allocated from the system pool/resource limit to setup the heap *immediately* after KMemoryManager was initialized.
    • Now, it is set up during Kernel::InitializeResourceManagers, after setting up the page manager.
      • InitializeKPageBufferSlabHeap now takes heap and page manager as arguments; the slab heap's members are randomly allocated pages from the page manager.
        • This effectively randomizes the page buffer slabheap's page locations, where previously they were a contiguous range somewhere in the system pool.
        • To facilitate this, the page manager now has an Allocate(count) member function in addition to the previous single-page Allocate().
          • To facilitate this, the page manager now tracks the bitmap ends in addition to the bitmap starts, to enable a linear walk of the lowest bitmap layer.
    • This has an important knock-on effect: TLS pages are allocated from the page buffer slab, and correspondingly are no longer heap pages.
      • Correspondingly, KMemoryState_ThreadLocal no longer has the FlagReferenceCounted (0x400000) bit set.
      • However, removing this bit naively breaks IPC, which previously checked FlagReferenceCounted before copying to/from the message buffer.
      • Now, FlagReferenceCounted is checked if and only if the message buffer is a UserBuffer. If it is not, a new flag "FlagLinearMapped" (0x4000000) is checked.
        • This bit is set only on memory types guaranteed to be accessible via the kernel's linear mapping of non-kernel dram (physical ranges with memory region flag 0x80000000).
        • This new flag is set on all memory states other than Free, Io, Static, Inaccessible, Kernel, Coverage.
• Two new SVCs were added for a new "InsecureMemory" concept.
  • Svc 0x90 is Result MapInsecureMemory(uintptr_t address, size_t size);
    • This allocates the requested size memory from a pool partition/resource limit, and map it with a new memory state ("KMemoryState_Insecure") at the user-specified address.
      • The resource limit/pool partition are gotten via new KSystemControl functions ("KSystemControl::GetInsecureMemoryResourceLimit", "KSystemControl::GetInsecureMemoryPool").
        • On NX board, these are the system resource limit, and Pool_SystemNonSecure respectively.
      • The specified address/size must be within the alias code region.
      • KMemoryState_Insecure has value 0x5583817.
        • This is type 0x17 with flags CanUseNonDeviceIpc, CanUseNonSecureIpc, Mapped, CanDeviceMap, CanAlignedDeviceMap, ReferenceCounted, CanChangeAttribute, LinearMapped.
  • Svc 0x91 is Result UnmapInsecureMemory(uintptr_t address, size_t size);
    • This unmaps/deallocates/releases memory previously mapped with MapInsecureMemory.
• More changes to SvcMapDeviceAddressSpace(ByForce/Aligned).
  • The argument which was previously a memory permission ("device_perm") is now an encoded u32 ("option").
    • The low 16 bits of this are the device permission.
    • The upper 16 bits of this are an enum (only defined values are 0 and 1).
  • If the enum-arg is not 0 or 1, svc::ResultInvalidEnumValue() is now returned.
  • If the enum-arg is 1 and the specified memory is IO, svc::ResultInvalidCombination is returned.
• Partial support was added for the KPageBuffer size being different from the hardware page size.
  • There are now two globals, g_PageBufferSize = 0x1000, g_PageBufferCount = 0.
  • The KPageBuffer slab heap is initialized with g_PageBufferCount blocks of g_PageBufferSize.
    • if g_PageBufferSize is 0x1000, g_PageBufferCount has the number of required TLS pages added to it (# processes + # threads + (# processes + #threads) / 8).
  • KDynamicPageManager::Initialize now takes in an alignment argument for the page buffer size.
    • KSecureSystemResource always passes 0x1000.
  • It is possible this is full support but ifdef'd, but on NX board at least all places which allocate/free to the heap panic if g_PageBufferSize != 0x1000...
• The page table heap now receives all but 64 of the available pages; prior to this, it was all but 70.
• KSessionRequest's additional mappings (when sending an IPC request with more than 8 buffers) are now slab-allocated, rather than using KPageBuffers.
  • This slab has a count of 40; object size is 0x4A0 (exactly the maximum required size).
  • 13.0.0+ Dynamic expansion is supported.
• Scoped setting/clearing of the 14.0.0 exception flag for cache operations has changed.
  • Previously, |= on set, &= ~ on clear. Now, the flag is orr'd in only if it is not already set, and cleared only if it was newly set.
  • This adds support for recursively setting these flags via a scoped setter, although there are no places in kernel where it is possible for this to occur.
  • This applies to cpu::InvalidateDataCache, cpu::StoreDataCache, cpu::FlushDataCache
• The IsInUsermodeExceptionHandler exception flag management was changed:
  • This is now cleared by RestoreContext (same place it clears other flags) rather than ClearExceptionSvcPermissions. It is still set by SetExceptionSvcPermissions.
• Changes in and surrounding page table logic:
  • Devices can now theoretically (but not on the NX board) be given access to memory mapped as Io.
    • Why one would want to do this is unclear.
    • KMemoryState_Io now supports the CanAlignedDeviceMap and CanDeviceMap flags.
    • KPageTableBase::GetContiguousMemoryRangeWithState no longer checks that the passed memory address is heap.
      • KPageTable::MemoryRange now tracks whether the range is reference counted, and Close() only closes the pages if they are.
    • KPageTableBase::OpenMemoryRangeForMapDeviceAddressSpace no longer checks passes KMemoryState_FlagReferenceCounted.
    • KPageTableBase::LockForMapDeviceAddressSpace takes two new arguments, an output bool * to write whether the state was io, and a bool for whether to check KMemoryState_FlagReferenceCounted.
      • The bool is always passed on true on NX board, preventing this feature from being actually used.
    • KPageTableBase::LockForUnmapDeviceAddressSpace now takes a bool argument for whether to check KMemoryState_FlagReferenceCounted
      • The bool is always passed on true on NX board, preventing this feature from being actually used.
  • Pages mapped via MapIoRegion now have KMemoryAttribute_Locked instead of KMemoryAttribute_None.
  • Changes were made with respect to the way MapPhysicalMemory/UnmapPhysicalMemory are implemented:
    • KMemoryManager::AllocatePageGroupForProcess no longer calls KPageGroup::Open on the returned page group (essentially reverting the change in 11.0.0).
      • Other KMemoryManager::Allocate* functions still call KPageGroup::Open.
    • KPageTableBase::MapPhysicalMemory now calls a new KPageTable::Operate operation ("MapFirst"), which behaves the same as Map but calls KernelPanic() if the mapped pages have a non-zero reference count.
      • This enforces that MapPhysicalMemory is the first place the pages being mapped have been allocated/opened.
    • KPageTableBase::UnmapPhysicalMemory now calls a new KPageTable::Operate operation ("SeparatePages"), which performs page separation on the requested range.
      • SeparatePages is identical to the separation done at the prologue of ChangePermissions; practically, this just enforces that the pages exist.
    • KPageTableBase::UnmapPhysicalMemory now calls KernelPanic if the unmapping operation fails (since it is guaranteed to succeed by the success of SeparatePages).
      • Logic which previously existed for re-mapping on failure has been removed.
  • New Kernel Objects ("KSystemResource", "KSecureSystemResource").
    • Type ID = 0x4600, KSystemResource : public KAutoObject, KSecureSystemResource : public KSystemResource
    • KSystemResource just stores pointers to the three kinds of dynamic resource managers required by processes/page tables.
    • KSecureSystemResource stores the pointed-to objects for these as members.
      • Previously, these were just KProcess members; they are no longer KProcess members and instead live in the KSecureSystemResource object.
    • The slab heap for KSecureSystemResource has capacity = KProcess slab heap.
    • When a process is created with system resource size > 0, it now creates a KSecureSystemResource (which manages allocation with KSystemControl).
      • All actual underlying logic is the same, this just abstracts the KSystemControl/secure memory interaction out of KProcess.
• KInterruptEventTask was removed and no longer exists.
  • KInterruptEvent now inherits from KInterruptTask directly.
  • There is no longer a global task table; KInterruptManager is expected to return ResultBusy if an interrupt is already bound (it already did this).
  • KInterruptEvent::Finalize now unbinds the interrupt directly, and then calls KDpcManager::Request() with a no-op KDpcTask.
    • In practice, this unbinds the interrupt, and then creates an ordering to guarantee all cores will see the interrupt as unbound before continuing.
    • Trivia: this is the first use of KDpcManager::Request on non-debug kernels.
• Minor changes to KHandleTable:
  • KHandleTable::KHandleTable now initializes the table_size, max_count, and next_id fields to zero, previously they were uninitialized until Initialize was called.
  • KHandleTable::Initialize now instantiates a KScopedDisableDispatch while setting up the table.

Loader

The broken RNG for ASLR was fixed.

bluetooth

Besides the various IPC changes, a vulnerable func was fixed.

hid

Besides the various IPC changes, an infoleak vuln was fixed.

wlan

Besides the various IPC changes, a vulnerable func was fixed.

ns

Besides the various IPC changes, vulnerable RNG usage was fixed to properly use secure RNG where needed.

ro

The broken RNG for ASLR was fixed.

nnSdk

nn::diag::detail::VAbortImpl when handling the retaddr for storing elsewhere, now uses instruction xpaclri. PAC instructions are NOPs on ARM hardware which doesn't support it, which includes current NX consoles.

This is likely due to a LLVM patch where xpaclri is now always emitted and not related to actual Armv8.3 hardware.

IPC Interface Changes

• The following new interfaces were removed:
  • nn::eth::sf::IEthInterface
  • nn::eth::sf::IEthInterfaceGroup
  • nn::socket::sf::IClient
  • nn::wlan::detail::IDetectManager
  • nn::wlan::detail::IInfraManager
  • nn::wlan::detail::ILocalGetActionFrame
  • nn::wlan::detail::ILocalGetFrame
  • nn::wlan::detail::ILocalManager
  • nn::wlan::detail::ISocketGetFrame
  • nn::wlan::detail::ISocketManager
• The following new interfaces were added:
  • nn::anif::detail::ISfAssignedNetworkInterfaceService
  • nn::anif::detail::ISfDriverService
  • nn::anif::detail::ISfDriverServiceCreator
  • nn::anif::detail::ISfNetworkInterfaceService
  • nn::anif::detail::ISfUserService
  • nn::anif::detail::ISfUserServiceCreator
  • nn::pl::detail::IPlatformServiceManager
  • nn::prepo::detail::ipc::IAsyncContext
  • nn::socket::sf::IClient_MC
  • nn::srepo::detail::ipc::IAsyncContext
  • nn::ssl::sf::ISslContextForSystem
  • nn::ssl::sf::ISslServiceForSystem
  • nn::wlan::detail::IGeneralServiceCreator
  • nn::wlan::detail::IPrivateServiceCreator
  • nn::wlan::detail::IPrivateWirelessCommunicationService
  • nn::wlan::detail::IWirelessCommunicationService
• The following interfaces were changed:
  • nn::account::baas::IAdministrator
    • Added command 143 - inbytes: 0, outbytes: 16
    • Added command 160 - inbytes: 0, outbytes: 0
  • nn::account::baas::IManagerForSystemService
    • Added command 143 - inbytes: 0, outbytes: 16
    • Added command 160 - inbytes: 0, outbytes: 0
  • nn::am::service::IAppletCommonFunctions
    • Added command 90 - inbytes: 16, outbytes: 0, outinterfaces: ['nn::am::service::IStorageChannel']
    • Added command 91 - inbytes: 16, outbytes: 0, outinterfaces: ['nn::am::service::IStorageChannel']
    • Added command 100 - inbytes: 4, outbytes: 0
  • nn::am::service::IDebugFunctions
    • Added command 50 - inbytes: 16, outbytes: 0
    • Added command 200 - buffers: [5], inbytes: 8, outbytes: 0, outinterfaces: ['nn::am::service::IAllSystemAppletProxiesService'], pid: True
  • nn::am::service::ILibraryAppletProxy
    • Added command 22 - inbytes: 0, outbytes: 0, outinterfaces: ['nn::am::service::IHomeMenuFunctions']
    • Added command 23 - inbytes: 0, outbytes: 0, outinterfaces: ['nn::am::service::IGlobalStateController']
  • nn::am::service::IOverlayAppletProxy
    • Added command 23 - inbytes: 0, outbytes: 0, outinterfaces: ['nn::am::service::IGlobalStateController']
  • nn::arp::detail::IWriter
    • Added command 3 - inbytes: 8, outbytes: 0, outinterfaces: ['nn::arp::detail::IUpdater']
  • nn::audio::detail::IAudioRenderer
    • Added command 12 - inbytes: 4, outbytes: 0
    • Added command 13 - inbytes: 0, outbytes: 4
  • nn::audioctrl::detail::IAudioController
    • Removed command 26 - inbytes: 1, outbytes: 0
    • Removed command 35 - inbytes: 8, outbytes: 0
    • Removed command 36 - inbytes: 0, outbytes: 8
    • Removed command 37 - inbytes: 1, outbytes: 0
    • Removed command 38 - inbytes: 0, outbytes: 1
    • Removed command 39 - inbytes: 0, outbytes: 1
    • Changed command 40 - buffers: [26] -> [22] (final state: buffers: [22], inbytes: 0, outbytes: 0)
    • Added command 41 - inbytes: 8, outbytes: 0
    • Added command 42 - inbytes: 8, outbytes: 0
    • Added command 50000 - inbytes: 4, outbytes: 0
  • nn::bluetooth::IBluetoothDriver
    • Added command 101 - inbytes: 0, outbytes: 0
    • Added command 102 - inbytes: 0, outbytes: 0
    • Added command 155 - inbytes: 6, outbytes: 1
  • nn::btm::IBtm
    • Removed command 112 - inbytes: 7, outbytes: 0
    • Removed command 113 - inbytes: 6, outbytes: 1
    • Added command 116 - inbytes: 7, outbytes: 0
    • Added command 117 - inbytes: 6, outbytes: 1
  • nn::btm::IBtmDebug
    • Added command 14 - inbytes: 8, outbytes: 0
    • Added command 15 - inbytes: 0, outbytes: 0
    • Added command 16 - inbytes: 0, outbytes: 0
    • Added command 17 - inbytes: 0, outbytes: 0
  • nn::capsrv::sf::IAlbumAccessorService
    • Added command 110 - buffers: [6, 5], inbytes: 16, outbytes: 8
  • nn::clkrst::IClkrstManager
    • Added command 6 - inbytes: 0, outbytes: 0
  • nn::dauth::detail::IService
    • Added command 1000 - inbytes: 0, outbytes: 0, outhandles: [1]
    • Added command 9000 - buffers: [5, 5], inbytes: 0, outbytes: 0
    • Added command 9010 - inbytes: 0, outbytes: 0
  • nn::es::IActiveRightsContext
    • Removed command 5 - buffers: [5], inbytes: 0, outbytes: 0
    • Added command 216 - inbytes: 0, outbytes: 0, outhandles: [1]
  • nn::es::IETicketService
    • Added command 1022 - inbytes: 0, outbytes: 0, outinterfaces: ['nn::es::IActiveRightsContext']
  • nn::fssrv::sf::IFileSystem
    • Added command 16 - inbytes: 0, outbytes: 192
  • nn::fssrv::sf::IFileSystemProxy
    • Added command 207 - inbytes: 16, outbytes: 0, outinterfaces: ['nn::fssrv::sf::IFileSystem']
    • Added command 1400 - inbytes: 1, outbytes: 0
  • nn::grcsrv::IGrcService
    • Changed command 1 - inbytes: 72 -> 32 (final state: inbytes: 32, inhandles: [1], outbytes: 0, outinterfaces: ['nn::grcsrv::IContinuousRecorder'])
  • nn::hid::IHidDebugServer
    • Added command 137 - inbytes: 16, outbytes: 0, pid: True
  • nn::hid::IHidServer
    • Added command 3000 - buffers: [26], inbytes: 0, outbytes: 0
    • Added command 3001 - buffers: [25], inbytes: 0, outbytes: 0
    • Added command 3002 - inbytes: 0, outbytes: 0
    • Added command 3003 - inbytes: 0, outbytes: 56
    • Added command 3004 - inbytes: 56, outbytes: 0
    • Added command 3005 - inbytes: 0, outbytes: 0
    • Added command 3006 - buffers: [26], inbytes: 4, outbytes: 0
    • Added command 3007 - buffers: [25], inbytes: 4, outbytes: 0
    • Added command 3008 - inbytes: 4, outbytes: 0
    • Added command 3009 - inbytes: 4, outbytes: 64
    • Added command 3010 - inbytes: 68, outbytes: 0
    • Added command 3011 - inbytes: 4, outbytes: 0
  • nn::hid::IHidSystemServer
    • Added command 32 - inbytes: 48, outbytes: 0, pid: True
    • Added command 33 - inbytes: 0, outbytes: 0
    • Added command 1135 - inbytes: 8, outbytes: 0, pid: True
  • nn::lr::IAddOnContentLocationResolver
    • Added command 5 - buffers: [22, 22], inbytes: 8, outbytes: 0
    • Added command 6 - buffers: [21], inbytes: 16, outbytes: 0
    • Added command 7 - buffers: [21, 21], inbytes: 16, outbytes: 0
  • nn::lr::ILocationResolver
    • Added command 20 - inbytes: 0, outbytes: 0
  • nn::lr::ILocationResolverManager
    • Added command 4 - buffers: [5], inbytes: 0, outbytes: 0
  • nn::mnpp::detail::ipc::IServiceForSystem
    • Removed command 300 - inbytes: 0, outbytes: 1
    • Removed command 400 - inbytes: 0, outbytes: 1
  • nn::ncm::IContentMetaDatabase
    • Added command 23 - inbytes: 16, outbytes: 1
    • Added command 24 - inbytes: 24, outbytes: 24
    • Added command 25 - inbytes: 24, outbytes: 24
  • nn::ndrm::low::detail::INdrmLowAdminInterface
    • Changed command 3 - inbytes: 8 -> 24 (final state: buffers: [5], inbytes: 24, outbytes: 0)
    • Added command 40 - buffers: [6], inbytes: 8, outbytes: 4
    • Added command 42 - buffers: [6], inbytes: 16, outbytes: 4
    • Added command 43 - buffers: [6], inbytes: 16, outbytes: 4
    • Added command 44 - buffers: [6], inbytes: 16, outbytes: 4
  • nn::nim::detail::INetworkInstallManager
    • Removed command 91 - buffers: [5], inbytes: 16, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncResult']
    • Added command 138 - buffers: [5], inbytes: 8, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncResult']
    • Added command 139 - inbytes: 0, outbytes: 0
    • Added command 140 - inbytes: 0, outbytes: 0
    • Added command 141 - inbytes: 0, outbytes: 1
  • nn::nim::detail::IShopServiceManager
    • Removed command 102 - inbytes: 0, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncValue']
    • Removed command 103 - inbytes: 0, outbytes: 32
    • Removed command 104 - inbytes: 0, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncValue']
    • Removed command 105 - inbytes: 0, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncResult']
    • Removed command 106 - inbytes: 0, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncResult']
    • Removed command 501 - inbytes: 16, outbytes: 0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncResult']
  • nn::ns::detail::IApplicationManagerInterface
    • Added command 90 - inbytes: 8, outbytes: 0
    • Changed command 607 - inbytes: 16 -> 8 (final state: buffers: [6], inbytes: 8, outbytes: 4)
    • Removed command 909 - inbytes: 8, outbytes: 0
    • Added command 2357 - inbytes: 0, outbytes: 0
    • Added command 2358 - inbytes: 0, outbytes: 0
    • Added command 2359 - inbytes: 0, outbytes: 1
    • Removed command 2516 - inbytes: 16, outbytes: 0
  • nn::pdm::detail::IQueryService
    • Removed command 7 - buffers: [6, 5], inbytes: 0, outbytes: 4
    • Removed command 13 - buffers: [6, 5], inbytes: 0, outbytes: 4
    • Removed command 14 - buffers: [6], inbytes: 24, outbytes: 4
    • Removed command 15 - inbytes: 0, outbytes: 0, outhandles: [1]
    • Removed command 16 - buffers: [6, 5], inbytes: 16, outbytes: 4
  • nn::prepo::detail::ipc::IPrepoService
    • Added command 10500 - buffers: [9], inbytes: 40, inhandles: [1], outbytes: 0, outinterfaces: ['nn::prepo::detail::ipc::IAsyncContext'], pid: True
  • nn::settings::ISystemSettingsServer
    • Removed command 119 - inbytes: 1, outbytes: 3
  • nn::srepo::detail::ipc::ISrepoService
    • Added command 10300 - buffers: [9], inbytes: 40, inhandles: [1], outbytes: 0, outinterfaces: ['nn::srepo::detail::ipc::IAsyncContext']
    • Added command 20600 - inbytes: 20, outbytes: 0
  • nn::usb::ds::IDsEndpoint
    • Removed command 8 - inbytes: 8, inhandles: [1], outbytes: 0
    • Removed command 9 - inbytes: 16, outbytes: 4
  • nn::usb::ds::IDsInterface
    • Added command 12 - inbytes: 8, inhandles: [1], outbytes: 0
  • nn::visrv::sf::IManagerDisplayService
    • Changed command 8293 - inbytes: 16 -> 40 (final state: buffers: [6], inbytes: 40, outbytes: 8)

See Also

System update report(s):

• [1]