15.0.0: Difference between revisions

(4 intermediate revisions by 3 users not shown)

Line 126:

*** KMemoryState_Io now supports the CanAlignedDeviceMap and CanDeviceMap flags.

*** KPageTableBase::GetContiguousMemoryRangeWithState no longer checks that the passed memory address is heap.

**** KPageTable::MemoryRange now tracks whether the range is reference counted, and Close() only closes the pages if they are.

*** KPageTableBase::OpenMemoryRangeForMapDeviceAddressSpace no longer checks passes KMemoryState_FlagReferenceCounted.

*** KPageTableBase::LockForMapDeviceAddressSpace takes two new arguments, an output bool * to write whether the state was io, and a bool for whether to check KMemoryState_FlagReferenceCounted.

Line 161:

Line 162:

====Loader====

The broken RNG for ASLR was [[Switch_System_Flaws|fixed]].

===[[Bluetooth_Driver_services|bluetooth]]===

Line 168:

===[[HID_services|hid]]===

Besides the various IPC changes, an infoleak vuln was [[Switch_System_Flaws|fixed]].

===[[WLAN_services|wlan]]===

Besides the various IPC changes, a vulnerable func was [[Switch_System_Flaws|fixed]].

===[[NS_Services|ns]]===

Line 174:

Line 177:

===[[RO_services|ro]]===

The broken RNG for ASLR was [[Switch_System_Flaws|fixed]].

===nnSdk===

<code>nn::diag::detail::VAbortImpl</code> when handling the retaddr for storing elsewhere, now uses instruction [https://developer.arm.com/documentation/dui0801/g/A64-General-Instructions/XPACD--XPACI--XPACLRI xpaclri]. PAC instructions are NOPs on ARM hardware which doesn't support it, which includes current NX consoles.

This is likely due to a LLVM [https://reviews.llvm.org/D84502 patch] where xpaclri is now always emitted and not related to actual Armv8.3 hardware.

=== IPC Interface Changes ===

@@ Line 126: / Line 126: @@
 *** KMemoryState_Io now supports the CanAlignedDeviceMap and CanDeviceMap flags.
 *** KPageTableBase::GetContiguousMemoryRangeWithState no longer checks that the passed memory address is heap.
+**** KPageTable::MemoryRange now tracks whether the range is reference counted, and Close() only closes the pages if they are.
 *** KPageTableBase::OpenMemoryRangeForMapDeviceAddressSpace no longer checks passes KMemoryState_FlagReferenceCounted.
 *** KPageTableBase::LockForMapDeviceAddressSpace takes two new arguments, an output bool * to write whether the state was io, and a bool for whether to check KMemoryState_FlagReferenceCounted.
@@ Line 161: / Line 162: @@
 ====Loader====
 The broken RNG for ASLR was [[Switch_System_Flaws|fixed]].
 ===[[Bluetooth_Driver_services|bluetooth]]===
@@ Line 168: / Line 168: @@
 ===[[HID_services|hid]]===
 Besides the various IPC changes, an infoleak vuln was [[Switch_System_Flaws|fixed]].
+===[[WLAN_services|wlan]]===
+Besides the various IPC changes, a vulnerable func was [[Switch_System_Flaws|fixed]].
 ===[[NS_Services|ns]]===
@@ Line 174: / Line 177: @@
 ===[[RO_services|ro]]===
 The broken RNG for ASLR was [[Switch_System_Flaws|fixed]].
+===nnSdk===
+<code>nn::diag::detail::VAbortImpl</code> when handling the retaddr for storing elsewhere, now uses instruction [https://developer.arm.com/documentation/dui0801/g/A64-General-Instructions/XPACD--XPACI--XPACLRI xpaclri]. PAC instructions are NOPs on ARM hardware which doesn't support it, which includes current NX consoles.
+This is likely due to a LLVM [https://reviews.llvm.org/D84502 patch] where xpaclri is now always emitted and not related to actual Armv8.3 hardware.
 === IPC Interface Changes ===