21.0.0: Difference between revisions

From Nintendo Switch Brew
Jump to navigation Jump to search
← Older edit
No edit summary
Fix some kernel diffs that were new in 20.1.0, not 21.0.0. I bindiff'd against 20.0.0, sorry :)
 
(One intermediate revision by the same user not shown)
Line 343: Line 343:


The anti-downgrade fuses were [[Fuses#Anti-downgrade|updated]].
The anti-downgrade fuses were [[Fuses#Anti-downgrade|updated]].
==== Kernel ====
* Compiler was upgraded (to clang 18.1.0+).
** Besides the usual reordering, this is now most noticeable in the following:
*** Many atomic st(l)xrs now use cmp + csetm + tbz instead of cbnz.
**** Testing on godbolt indicates this seems to be a change made in clang 18.1.0+ (not present in 17.0.1).
*** Many cases where they previously did some_condition ? m_a : m_b now have different assembly.
**** Previously: add Xn, Xz, #A; add Xm, Xz, #B; csel Xn, Xn, Xm; ldr Xn, [Xn]
**** Now: mov Xn, #A; mov Xn, #B; csel Xn, Xn, Xm; ldr Xn, [Xz, Xn]
*** Many cases of booleans now explicitly test for 1 instead of <any non-zero value>
**** Previously: ldrb w8, [x8]; cbz w8, some_loc
**** Now: ldrb w8, [x8]; cmp w8, #1; b.ne some_loc
** Many, many cases of superfluous red-black-tree iteration prior to calls to KIntrusiveRedBlackTree::Remove have finally been optimized out.
*** Basically, KIntrusiveRedBlackTree::erase returns an iterator to the next item in the tree.
*** Previously, the table walk to find the next item was being performed even when the result was discarded/not-used, which was almost every case.
*** Now, it's successfully getting optimized out.
* KAutoObject's class token has been devirtualized.
** It is now stored as a 16-bit value in previously unused padding bytes, after the reference count.
** KAutoObject::Create() sets this to the correct value when setting refcount=1.
** This implementation is generally identical to the one already present in mesosphere.
* HandleFloatingPointException now sets a previously unused StackParameters flag (+0x2F) to 1.
** This flag doesn't seem to be referenced/used anywhere else in the kernel?
* KThread StackParameter exception_flags bitflags are now volatile and mostly atomic; many bits now use atomic read-modify-write loops to set and clear bits.
** This is not done for bit 0 ("is in svc"), accesses specifically for bit 0 continue to use non-atomic reads/writes.
** This generates pretty terrible assembly for GetThreadUserContext, which now must perform a volatile read of this value over and over in a loop.
* KIoRegion fields were reordered to save 8 bytes.
** The 8-byte size/alignment lock field is no longer wedged inbetween two 1-byte booleans.
* KScheduler::SwitchThread now writes a tick differential (thread->GetCpuTime() - context_switch_time) to user-tls + 0x108.
** NOTE: This is an ABI change which will not affect official software, but will force any homebrew software which uses TLS-slots to need re-compile.
* UserspaceAccess::CopyMemoryToUserSize32Bit now takes in a 32-bit word to write, instead of a kernel-pointer-to-32-bit-word.
* Nintendo appears to have done something akin to marking nn::Result nodiscard + gone through and fixed literally every instance of Result return values not being used.
** This results in sweeping changes (many Result-return functions are now void return, many new kernel panics, some changed behaviors), including e,g,
** KInterruptManager::ClearInterrupt no longer checks if a handler has been registered, and always clear the table entry.
** KInterruptManager::UnbindHandler is now void-return instead of Result; it no longer checks if the handler has been registered, and unconditionally clears to unbound state.
** KPageTableBase::InitializeForKernel now returns void, and panics if the KMemoryBlockManager::Initialize fails.
** KDebugBase::OnExitProcess/OnTerminateProcess now return void instead of Result.
** KEvent/KReadableEvent::Signal/Clear now return void instead of Result; svc::ClearEvent/SignalEvent now just calls the relevant function and returns ResultSuccess.
** KThreadLocalPage::Finalize now returns void + kernel-panics if unmapping the page fails; KProcess::DeleteThreadLocalRegion now returns void instead of Result.
** Every kernel-use of KInterruptManager::BindHandler now panics on failure.
** Every kernel-use of cpu::StoreDataCache and cpu::FlushDataCache and cpu::InvalidateDataCache now panics on failure.
** Every kernel-use of KThread::Initialize now panics on failure
** Every kernel-use of KThread::Run now panics on failure.
** The kernel-use of KDynamicSlabHeapPageAllocator::Initialize in resource manager init now panics on failure
** There are more cases, too many to fully enumerate with high confidence.


=== [[LDN_services|ldn]] ===
=== [[LDN_services|ldn]] ===

Latest revision as of 03:05, 12 November 2025

The Switch 21.0.0 system update was released on November 11, 2025 (UTC). This Switch update was released for the following regions: ALL.

Security flaws fixed: yes.

Change-log

Official ALL change-log:

  • Added symbols above software icons displayed on the HOME Menu to indicate whether the software is a physical or a digital version.
  • Added the ability to download data for a virtual game card even if the “Use Online License" setting is turned off.
  • This option is available in the Options of a virtual game card when accessed via Virtual Game Cards from the HOME Menu.
  • The information regarding Save Data Cloud Backup that appears when launching certain software has been updated.
  • The option "Platinum Point Notification Settings” was renamed to "Nintendo Switch Online Notification Settings" in the Notifications menu in System Settings.
  • Added the ability to disable the following options when performing a system transfer from a Nintendo Switch system to a Nintendo Switch 2 system using System Transfer to Nintendo Switch 2 in System Settings.
  • Redownload Software on Nintendo Switch 2
  • Transfer Album Data
  • Added the ability to adjust the volume from the Quick Settings menu while in VR mode.
  • General system stability improvements to enhance the user's experience.

System Titles

  • The following titles were updated:
    • Sysmodules: usb, htc.stub, boot2.ProdBoot, settings, Bus, bluetooth, bcat, friends, nifm, ptm, bsdsocket, hid, audio, LogManager.Prod, wlan, ldn, nvservices, pcv, capmtp, nvnflinger, pcie, account, ns, nfc, psc, capsrv, am, ssl, nim, btm, erpt, vi, pctl, npns, eupld, glue, eclct, es, fatal, creport, ro, sdb, grc, migration, jpegdec, safemode, olsc, ngct, jit, pgl, omm, eth, ngc.
    • SystemData (non-sysver): CertStore, ErrorMessage, MiiModel, BrowserDll, Help, NgWord, SsidList, TimeZoneBinary, FontNintendoExtension, FontStandard, FontKorean, FontChineseTraditional, FontChineseSimple, FirmwareDebugSettings, BootImagePackage, BootImagePackageSafe, BootImagePackageExFat, FatalMessage, PlatformConfigIcosa, PlatformConfigCopper, PlatformConfigHoag, ControllerFirmware, NgWord2, BootImagePackageExFatSafe, PlatformConfigIcosaMariko, ContentActionTable, NgWordT, PlatformConfigAula, AulaDockFirmware, ClientCertData, GameCardConfigurationData.
    • Applets: qlaunch, auth, cabinet, controller, dataErase, error, playerSelect, swkbd, miiEdit, LibAppletWeb, LibAppletShop, overlayDisp, photoViewer, LibAppletOff, LibAppletLns, LibAppletAuth, "starter" application, myPage, splay.

The ngct-sysmodule is now stubbed, the ngct:u service was moved into ngc.

NPDM changes (besides usual version-bump):

  • Bus: KernelCap HandleTableSize: removed HandleTableSize=0x100.
  • bcat: Service access: removed bsdcfg, npns:u.
  • friends: Service access: removed bsdcfg.
  • ptm: Service server access: added fgm:0, fgm, fgm:9, removed fgm*.
  • capmtp: Service access: removed fsp-srv, lm.
  • ns: Service access: removed htc.
  • psc: Service server access: added psc:c, psc:l, psc:m, srepo:a, srepo:u, removed psc*, srepo:*.
  • npns: Service access: removed time:u.
  • eclct: Service access: removed npns:s, psc:m.
  • sdb: Service access: removed set.
  • migration: Service access: removed nim:shp.
  • pgl: Service access: removed erpt:c, lm, set.
  • ngc: Service server access: added ngct:u.
  • LibAppletShop: Service access: added friend:m.
  • overlayDisp: Service access: added mnpp:sys.

RomFs changes:

  • ErrorMessage: updated
  • BrowserDll:
    • "/browser/effective_tld_names.dat" updated
    • "/browser/icudt62l.dat.lz4" added
    • "/browser/MediaControls.css" updated
    • "/browser/MediaControlsInline.css" updated
    • "/browser/MediaControlsInline.js" updated
    • "/browser/MediaControls.js" updated
    • "/browser/RootCaSdkAdditional.pem" updated
    • "/buildinfo/buildinfo.dat" updated
    • "/lyt/": Various data updated.
    • "/lyt/Browse/NodeMouse.arc" removed
    • "/lyt/Browse/TapHighlight.arc" added
    • "/message/": Various data updated.
    • "/nro/netfront/core_0/default/" removed
    • "/nro/netfront/core_0/Default/" added
    • "/nro/netfront/core_3/default/" removed
    • "/nro/netfront/core_3/Default/" added
  • Help: "/legallines.htdocs/index.html" updated
  • NgWord: "/0.txt" updated, "/version.dat" updated
  • SystemVersion: All files updated.
  • TimeZoneBinary: updated
  • FirmwareDebugSettings/PlatformConfigIcosa/PlatformConfigCopper/PlatformConfigHoag/PlatformConfigIcosaMariko/PlatformConfigAula: All files updated.
  • ControllerFirmware: "/FirmwareInfo.csv" updated, "/ukyosakyo_ep2_ota.bin" updated
  • NgWord2: updated
  • RebootlessSystemUpdateVersion: All files updated.
  • qlaunch applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/qlaunch_action.bksnd" updated
    • "/sound/qlaunch.bfsar" updated
  • auth applet:
    • "/message/": Various data updated.
    • "/sound/auth_action.bksnd" updated
  • cabinet applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/cabinet_action.bksnd" updated
  • controller applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/controller_action.bksnd" updated
  • dataErase applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/dataErase_action.bksnd" updated
  • error applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/error_action.bksnd" updated
  • playerSelect applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/playerSelect_action.bksnd" updated
  • swkbd applet:
    • "/message/": Various data updated.
    • "/sound/swkbd_action.bksnd" updated
  • overlayDisp applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/overlayDisp_action.bksnd" updated
  • photoViewer applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/photoViewer_action.bksnd" updated
  • LibAppletOff/LibAppletWeb/LibAppletShop/LibAppletLns/LibAppletAuth: All files updated.
  • "starter" application:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/starter_action.bksnd" updated
  • myPage applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/myPage_action.bksnd" updated
  • splay applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
    • "/sound/splay_action.bksnd" updated

IPC Interface Changes

  • Interface Changed: nn::settings::IFirmwareDebugSettingsServer
    • Added: 27 - buffer_entry_sizes: [0x141], buffers: [0x5], inbytes: 0x0, outbytes: 0x0
  • Interface Changed: nn::settings::ISystemSettingsServer
    • Added: 315 - buffer_entry_sizes: [0x141], buffers: [0x6], inbytes: 0x0, outbytes: 0x4
    • Added: 319 - buffer_entry_sizes: [0x40], buffers: [0x6], inbytes: 0x0, outbytes: 0x4
    • Added: 320 - buffer_entry_sizes: [0x40], buffers: [0x5], inbytes: 0x0, outbytes: 0x0
    • Added: 321 - inbytes: 0x0, outbytes: 0x40
  • Interface Changed: nn::pinmux::ISession
    • Added: 11 - inbytes: 0x4, outbytes: 0x0
    • Added: 12 - inbytes: 0x0, outbytes: 0x4
  • Interface Changed: nn::mnpp::detail::ipc::IServiceForSystem
    • Added: 200 - buffer_entry_sizes: [0x194], buffers: [0x16], inbytes: 0x10, outbytes: 0x0
  • Interface Changed: nn::prepo::detail::ipc::IPrepoService
    • Added: 10106 - buffers: [0x9, 0x5], inbytes: 0x10, outbytes: 0x0, pid: True
    • Added: 10107 - buffers: [0x9, 0x5], inbytes: 0x20, outbytes: 0x0, pid: True
    • Added: 20102 - buffers: [0x9, 0x5], inbytes: 0x10, outbytes: 0x0
    • Added: 20103 - buffers: [0x9, 0x5], inbytes: 0x20, outbytes: 0x0
  • Unknown Interface prev-version: 0x710008741C
  • Unknown Interface cur-version: 0x7100088640
  • Interface Changed: nn::friends::detail::ipc::IServiceCreator
    • Changed: 2 - outinterfaces: ['0x710008741C'] -> ['0x7100088640'] (final state: inbytes: 0x0, outbytes: 0x0, outinterfaces: ['0x7100088640'])
  • Interface Changed: nn::nifm::detail::IRequest
    • Added: 26 - buffer_entry_sizes: [0x100], buffers: [0x1A], inbytes: 0x0, outbytes: 0x0
  • Interface Changed: nn::psm::IPsmServer
    • Added: 25 - inbytes: 0x0, outbytes: 0x4
    • Added: 26 - inbytes: 0x0, outbytes: 0x1
    • Added: 27 - inbytes: 0x0, outbytes: 0x4
  • Interface Changed: nn::socket::sf::IClient
    • Changed: 39 - outhandles: [1, 1] -> {} (final state: inbytes: 0x10, outbytes: 0x8)
    • Added: 41 - inbytes: 0x4, outbytes: 0x8, outhandles: [1, 1, 1, 1, 1, 1]
    • Added: 42 - buffers: [0x21, 0x21, 0x21, 0x21, 0x21, 0x21, 0x21, 0x21], inbytes: 0x0, outbytes: 0x24
    • Added: 43 - buffers: [0x21, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22], inbytes: 0x10, outbytes: 0x24
  • Interface Changed: nn::hid::IHidDebugServer
    • Added: 23 - inbytes: 0x4, outbytes: 0x0
    • Added: 261 - inbytes: 0x40, outbytes: 0x0
    • Added: 266 - buffer_entry_sizes: [0x4], buffers: [0x6], inbytes: 0x8, outbytes: 0x0
    • Added: 267 - inbytes: 0x18, outbytes: 0x0
    • Added: 268 - inbytes: 0x10, outbytes: 0x0
    • Added: 700 - inbytes: 0x0, outbytes: 0x8
  • Interface Changed: nn::hid::IHidServer
    • Added: 320 - inbytes: 0x10, inhandles: [1], outbytes: 0x0, pid: True
    • Added: 321 - inbytes: 0x8, outbytes: 0x0, pid: True
    • Added: 3012 - buffer_entry_sizes: [0x80], buffers: [0x1A], inbytes: 0x0, outbytes: 0x0
    • Added: 3013 - buffer_entry_sizes: [0x80], buffers: [0x19], inbytes: 0x0, outbytes: 0x0
    • Added: 3014 - inbytes: 0x0, outbytes: 0x68
    • Added: 3015 - inbytes: 0x68, outbytes: 0x0
    • Added: 3150 - inbytes: 0x10, outbytes: 0x0, pid: True
  • Interface Changed: nn::hid::IHidSystemServer
    • Added: 1323 - inbytes: 0x0, outbytes: 0x0
    • Added: 1324 - inbytes: 0x0, outbytes: 0x0, outhandles: [1]
    • Added: 1325 - inbytes: 0x0, outbytes: 0x1
    • Added: 1326 - inbytes: 0x8, outbytes: 0x0
  • Interface Changed: nn::audio::detail::IAudioDevice
    • Added: 21 - inbytes: 0x0, outbytes: 0x1
  • Interface Changed: nn::audioctrl::detail::IAudioController
    • Added: 43 - inbytes: 0x4, outbytes: 0x1
  • Interface Changed: nn::wlan::detail::IPrivateWirelessCommunicationService
    • Removed: 4 - inbytes: 0x4, outbytes: 0x0
    • Removed: 5 - inbytes: 0x4, outbytes: 0x0
  • Unknown Interface prev-version: 0x71000055E0
  • Unknown Interface cur-version: 0x71000055C0
  • Interface Changed: nn::rtc::IRtcManager
    • Added: 14 - buffers: [0x22], inbytes: 0x4, outbytes: 0x8
    • Added: 15 - inbytes: 0x4, outbytes: 0x0
  • Interface Changed: nn::account::baas::IAdministrator
    • Added: 291 - buffer_entry_sizes: [0x1000], buffers: [0x1A], inbytes: 0x4, outbytes: 0x0
  • Interface Changed: nn::account::baas::IAdministrator
    • Added: 291 - buffer_entry_sizes: [0x1000], buffers: [0x1A], inbytes: 0x4, outbytes: 0x0
  • Interface Changed: nn::ns::detail::IApplicationManagerInterface
    • Added: 428 - inbytes: 0x0, outbytes: 0x0
    • Added: 429 - inbytes: 0x10, outbytes: 0x0
    • Added: 430 - inbytes: 0x28, outbytes: 0x0
    • Added: 516 - inbytes: 0x0, outbytes: 0x1
    • Added: 517 - buffer_entry_sizes: [0x8], buffers: [0x6], inbytes: 0x0, outbytes: 0x4
    • Added: 518 - inbytes: 0x0, outbytes: 0x0, outhandles: [1]
    • Added: 519 - inbytes: 0x4, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::ns::detail::IAsyncResult']
    • Added: 934 - inbytes: 0x0, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::ns::detail::IAsyncValue']
    • Added: 935 - inbytes: 0x0, outbytes: 0x0
    • Added: 936 - inbytes: 0x0, outbytes: 0x88
    • Added: 2369 - buffer_entry_sizes: [0x8], buffers: [0x6], inbytes: 0x1, outbytes: 0x4
    • Added: 4099 - inbytes: 0x20, outbytes: 0x0
  • Interface Changed: nn::ns::detail::IContentManagementInterface
    • Added: 608 - inbytes: 0x0, outbytes: 0x10
  • Interface Changed: nn::ns::detail::IDynamicRightsInterface
    • Added: 29 - inbytes: 0x10, outbytes: 0x4
    • Added: 30 - inbytes: 0x8, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::ns::detail::IAsyncValue']
  • Interface Changed: nn::ns::detail::IECommerceInterface
    • Added: 14 - inbytes: 0x0, outbytes: 0x0
  • Interface Changed: nn::ns::detail::IReadOnlyApplicationControlDataInterface
    • Added: 18 - buffers: [0x6], inbytes: 0x10, outbytes: 0x8
    • Added: 19 - buffers: [0x6], inbytes: 0x10, outbytes: 0xC
    • Added: 20 - buffers: [0x6], inbytes: 0x10, outbytes: 0xC
    • Added: 21 - buffers: [0x6], inbytes: 0x10, outbytes: 0xC
    • Added: 22 - buffers: [0x6], inbytes: 0x10, outbytes: 0xC
  • Interface Changed: nn::srepo::detail::ipc::ISrepoService
    • Changed: 10100 - inbytes: 0x8 -> 0x10 (final state: buffers: [0x9, 0x5], inbytes: 0x10, outbytes: 0x0)
    • Changed: 10101 - inbytes: 0x18 -> 0x20 (final state: buffers: [0x9, 0x5], inbytes: 0x20, outbytes: 0x0)
  • Interface Changed: nn::capsrv::sf::IAlbumAccessorService
    • Added: 50010 - inbytes: 0x0, outbytes: 0x0
  • Interface Changed: nn::am::service::IApplicationAccessor
    • Added: 310 - inbytes: 0x0, outbytes: 0x0
  • Interface Changed: nn::am::service::IApplicationFunctions
    • Changed: 14 - ininterfaces: [None] -> ['nn::am::service::IStorage'] (final state: buffer_entry_sizes: [0x20], buffers: [0x15], inbytes: 0x8, ininterfaces: ['nn::am::service::IStorage'], outbytes: 0x0)
    • Changed: 310 - inbytes: 0x1 -> 0x18 (final state: inbytes: 0x18, ininterfaces: [None], outbytes: 0x0)
  • Interface Changed: nn::am::service::ICommonStateGetter
    • Added: 130 - inbytes: 0x0, outbytes: 0x0
    • Added: 610 - inbytes: 0x8, outbytes: 0x0
    • Added: 1003 - inbytes: 0x0, outbytes: 0x10
    • Added: 1004 - inbytes: 0x0, outbytes: 0x8
    • Added: 1005 - inbytes: 0x0, outbytes: 0x8
  • Interface Changed: nn::am::service::IDebugFunctions
    • Added: 150 - inbytes: 0x0, outbytes: 0x0
  • Interface Changed: nn::am::service::IOverlayFunctions
    • Added: 70 - inbytes: 0x0, outbytes: 0x0
    • Added: 71 - inbytes: 0x0, outbytes: 0x0
    • Added: 75 - inbytes: 0x0, outbytes: 0x8
  • Interface Changed: nn::am::service::ISelfController
    • Added: 73 - inbytes: 0x4, outbytes: 0x0
  • Interface Changed: nn::ssl::sf::ISslService
    • Added: 10 - buffers: [0x6, 0x6], inbytes: 0x4, outbytes: 0x0
    • Added: 11 - inbytes: 0x0, outbytes: 0x4
  • Interface Changed: nn::ssl::sf::ISslServiceForSystem
    • Added: 10 - buffers: [0x6, 0x6], inbytes: 0x4, outbytes: 0x0
    • Added: 11 - inbytes: 0x0, outbytes: 0x4
  • Interface Changed: nn::nim::detail::INetworkInstallManager
    • Added: 92 - buffer_entry_sizes: [0x10], buffers: [0x5], inbytes: 0x8, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncData']
    • Added: 174 - inbytes: 0x0, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncValue']
    • Added: 175 - inbytes: 0x0, outbytes: 0x1
    • Added: 176 - inbytes: 0x1, outbytes: 0x0
    • Added: 177 - inbytes: 0x4, outbytes: 0x0
  • Interface Changed: nn::erpt::sf::IContext
    • Added: 5 - buffer_entry_sizes: [0x0, 0x0, 0x0, 0xC, 0x0, 0x0], buffers: [0x5, 0x5, 0x5, 0x5, 0x5, 0x5], inbytes: 0xC, outbytes: 0x0
    • Changed: 6 - buffer_entry_sizes: [0x4C8, 0x0] -> [0xC, 0x10, 0x0], buffers: [0x15, 0x5] -> [0x5, 0x5, 0x5] (final state: buffer_entry_sizes: [0xC, 0x10, 0x0], buffers: [0x5, 0x5, 0x5], inbytes: 0x0, outbytes: 0x0)
    • Changed: 7 - inbytes: 0x0 -> 0x10 (final state: inbytes: 0x10, outbytes: 0x0)
    • Added: 40 - inbytes: 0x0, outbytes: 0x0
  • Interface Changed: nn::visrv::sf::IApplicationDisplayService
    • Added: 2103 - inbytes: 0x0, outbytes: 0x18
  • Interface Changed: nn::pctl::detail::ipc::IParentalControlService
    • Added: 1021 - inbytes: 0x0, outbytes: 0x0
    • Added: 1022 - inbytes: 0x0, outbytes: 0x0
    • Removed: 1456 - inbytes: 0x0, outbytes: 0x34
    • Removed: 1951 - inbytes: 0x34, outbytes: 0x0
    • Added: 2024 - inbytes: 0x0, outbytes: 0x0
    • Changed: 145601 - outbytes: 0x36 -> 0x44 (final state: inbytes: 0x0, outbytes: 0x44)
    • Changed: 195101 - inbytes: 0x36 -> 0x44 (final state: inbytes: 0x44, outbytes: 0x0)
  • Unknown Interface prev-version: 0x7100097948 [ID = 0xfe214da9]
  • Unknown Interface cur-version: 0x7100099A00 [ID = 0xfe214da9]
  • Interface Changed: nn::npns::INpnsSystem
    • Added: 204 - inbytes: 0x8, outbytes: 0x0
  • Interface Changed: nn::es::IActiveRightsContext
    • Added: 19 - buffer_entry_sizes: [0x20, 0x8], buffers: [0x6, 0x5], inbytes: 0x8, outbytes: 0x0
  • Interface Changed: nn::es::IETicketService
    • Added: 1038 - buffer_entry_sizes: [0x8, 0x8], buffers: [0x6, 0x6], inbytes: 0x0, outbytes: 0x4
    • Added: 3001 - inbytes: 0x0, outbytes: 0x8
  • Interface Changed: nn::ndrm::low::detail::INdrmLowAdminInterface
    • Added: 51 - buffer_entry_sizes: [0x10], buffers: [0x6], inbytes: 0x18, outbytes: 0x4
  • Interface Changed: nn::fatalsrv::IService
    • Added: 3 - inbytes: 0x38, outbytes: 0x0
  • Interface Changed: nn::grcsrv::IContinuousRecorder
    • Removed: 1 - inbytes: 0x0, outbytes: 0x0
  • Unknown Interface prev-version: 0x710005EC90 [ID = 0xef2a5618]
  • Unknown Interface cur-version: 0x710005FEB0 [ID = 0xef2a5618]
  • Interface Changed: nn::pdm::detail::INotifyService
    • Changed: 100 - outinterfaces: ['0x710005EC90 [ID = 0xef2a5618]'] -> ['0x710005FEB0 [ID = 0xef2a5618]'] (final state: inbytes: 0x20, outbytes: 0x0, outinterfaces: ['0x710005FEB0 [ID = 0xef2a5618]'])
    • Changed: 101 - outinterfaces: ['0x710005EC90 [ID = 0xef2a5618]'] -> ['0x710005FEB0 [ID = 0xef2a5618]'] (final state: inbytes: 0x20, outbytes: 0x0, outinterfaces: ['0x710005FEB0 [ID = 0xef2a5618]'])
  • Interface Changed: nn::pl::detail::IPlatformServiceManagerForSystem
    • Removed: 1000 - buffers: [0x6], inbytes: 0x4, outbytes: 0x4
    • Removed: 1001 - inbytes: 0x0, outbytes: 0x4
  • Interface Removed: nn::migration::detail::IAsyncSaveDataMigrationPolicyInfoContext
  • Unknown Interface prev-version: 0x7100140F78 [ID = 0x29d8801c]
  • Unknown Interface cur-version: 0x7100127590 [ID = 0x29d8801c]
  • Interface Changed: nn::migration::device::IDownloader
    • Added: 390 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
  • Interface Changed: nn::migration::device::IServer
    • Removed: 120 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
    • Added: 121 - inbytes: 0x1, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
    • Removed: 510 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
    • Added: 511 - inbytes: 0x1, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
  • Interface Changed: nn::migration::device::IUploader
    • Removed: 100 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
    • Added: 101 - inbytes: 0x1, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
    • Removed: 610 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
    • Added: 611 - inbytes: 0x1, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
  • Interface Changed: nn::migration::savedata::IClient
    • Removed: 221 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
    • Added: 222 - inbytes: 0x10, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
  • Interface Changed: nn::migration::savedata::IServer
    • Added: 220 - inbytes: 0x0, outbytes: 0x10
    • Removed: 510 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
    • Added: 511 - inbytes: 0x1, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncContext']
  • Interface Changed: nn::migration::user::IService
    • Removed: 1001 - inbytes: 0x8, outbytes: 0x0, outinterfaces: ['nn::migration::detail::IAsyncSaveDataMigrationPolicyInfoContext']
    • Changed: 2250 - outinterfaces: ['0x7100140F78 [ID = 0x29d8801c]'] -> ['0x7100127590 [ID = 0x29d8801c]'] (final state: inbytes: 0x18, inhandles: [1], outbytes: 0x0, outinterfaces: ['0x7100127590 [ID = 0x29d8801c]'])
    • Changed: 2260 - outinterfaces: ['0x7100140F78 [ID = 0x29d8801c]'] -> ['0x7100127590 [ID = 0x29d8801c]'] (final state: inbytes: 0x4, inhandles: [1], outbytes: 0x0, outinterfaces: ['0x7100127590 [ID = 0x29d8801c]'])
  • Interface Changed: nn::olsc::srv::IOlscServiceForSystemService
    • Added: 206 - buffer_entry_sizes: [0x8], buffers: [0x5], inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::olsc::srv::IAsyncResult']
    • Added: 302 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::olsc::srv::IAsyncResult']
  • Interface Changed: nn::olsc::srv::IRemoteStorageController
    • Added: 29 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::olsc::srv::IAsyncResult']
  • Interface Changed: nn::omm::detail::IOperationModeManager
    • Added: 300 - inbytes: 0x1, outbytes: 0x0
    • Added: 301 - inbytes: 0x0, outbytes: 0x0
  • Interface Added: nn::ngc::t::detail::IService
  • Interface Changed: nn::ngc::detail::IService
    • Added: 4 - buffers: [0x5], inbytes: 0x18, outbytes: 0x4
    • Added: 5 - buffers: [0x6, 0x5], inbytes: 0x18, outbytes: 0x4

BootImagePackages

RomFs changes: all files updated.

Using updated master-key: master_key_14 (previously master_key_13). See NCA for the KeyGeneration listing.

The anti-downgrade fuses were updated.

Kernel

  • Compiler was upgraded (to clang 18.1.0+).
    • Besides the usual reordering, this is now most noticeable in the following:
      • Many atomic st(l)xrs now use cmp + csetm + tbz instead of cbnz.
        • Testing on godbolt indicates this seems to be a change made in clang 18.1.0+ (not present in 17.0.1).
      • Many cases where they previously did some_condition ? m_a : m_b now have different assembly.
        • Previously: add Xn, Xz, #A; add Xm, Xz, #B; csel Xn, Xn, Xm; ldr Xn, [Xn]
        • Now: mov Xn, #A; mov Xn, #B; csel Xn, Xn, Xm; ldr Xn, [Xz, Xn]
      • Many cases of booleans now explicitly test for 1 instead of <any non-zero value>
        • Previously: ldrb w8, [x8]; cbz w8, some_loc
        • Now: ldrb w8, [x8]; cmp w8, #1; b.ne some_loc
    • Many, many cases of superfluous red-black-tree iteration prior to calls to KIntrusiveRedBlackTree::Remove have finally been optimized out.
      • Basically, KIntrusiveRedBlackTree::erase returns an iterator to the next item in the tree.
      • Previously, the table walk to find the next item was being performed even when the result was discarded/not-used, which was almost every case.
      • Now, it's successfully getting optimized out.
  • KAutoObject's class token has been devirtualized.
    • It is now stored as a 16-bit value in previously unused padding bytes, after the reference count.
    • KAutoObject::Create() sets this to the correct value when setting refcount=1.
    • This implementation is generally identical to the one already present in mesosphere.
  • HandleFloatingPointException now sets a previously unused StackParameters flag (+0x2F) to 1.
    • This flag doesn't seem to be referenced/used anywhere else in the kernel?
  • KThread StackParameter exception_flags bitflags are now volatile and mostly atomic; many bits now use atomic read-modify-write loops to set and clear bits.
    • This is not done for bit 0 ("is in svc"), accesses specifically for bit 0 continue to use non-atomic reads/writes.
    • This generates pretty terrible assembly for GetThreadUserContext, which now must perform a volatile read of this value over and over in a loop.
  • KIoRegion fields were reordered to save 8 bytes.
    • The 8-byte size/alignment lock field is no longer wedged inbetween two 1-byte booleans.
  • KScheduler::SwitchThread now writes a tick differential (thread->GetCpuTime() - context_switch_time) to user-tls + 0x108.
    • NOTE: This is an ABI change which will not affect official software, but will force any homebrew software which uses TLS-slots to need re-compile.
  • UserspaceAccess::CopyMemoryToUserSize32Bit now takes in a 32-bit word to write, instead of a kernel-pointer-to-32-bit-word.
  • Nintendo appears to have done something akin to marking nn::Result nodiscard + gone through and fixed literally every instance of Result return values not being used.
    • This results in sweeping changes (many Result-return functions are now void return, many new kernel panics, some changed behaviors), including e,g,
    • KInterruptManager::ClearInterrupt no longer checks if a handler has been registered, and always clear the table entry.
    • KInterruptManager::UnbindHandler is now void-return instead of Result; it no longer checks if the handler has been registered, and unconditionally clears to unbound state.
    • KPageTableBase::InitializeForKernel now returns void, and panics if the KMemoryBlockManager::Initialize fails.
    • KDebugBase::OnExitProcess/OnTerminateProcess now return void instead of Result.
    • KEvent/KReadableEvent::Signal/Clear now return void instead of Result; svc::ClearEvent/SignalEvent now just calls the relevant function and returns ResultSuccess.
    • KThreadLocalPage::Finalize now returns void + kernel-panics if unmapping the page fails; KProcess::DeleteThreadLocalRegion now returns void instead of Result.
    • Every kernel-use of KInterruptManager::BindHandler now panics on failure.
    • Every kernel-use of cpu::StoreDataCache and cpu::FlushDataCache and cpu::InvalidateDataCache now panics on failure.
    • Every kernel-use of KThread::Initialize now panics on failure
    • Every kernel-use of KThread::Run now panics on failure.
    • The kernel-use of KDynamicSlabHeapPageAllocator::Initialize in resource manager init now panics on failure
    • There are more cases, too many to fully enumerate with high confidence.

ldn

A vuln was fixed.

See Also

System update report(s):


Nintendo Switch System Versions
1.0.0
2.0.02.1.02.2.02.3.0
3.0.03.0.13.0.2
4.0.04.0.14.1.0
5.0.05.0.15.0.25.1.0
6.0.06.0.16.1.06.2.0
7.0.07.0.1
8.0.08.0.18.1.08.1.1
9.0.09.0.19.1.09.2.0
10.0.010.0.110.0.210.0.310.0.410.1.010.1.110.2.0
11.0.011.0.1
12.0.012.0.112.0.212.0.312.1.0
13.0.013.1.013.2.013.2.1
14.0.014.1.014.1.114.1.2
15.0.015.0.1
16.0.016.0.116.0.216.0.316.1.0
17.0.017.0.1
18.0.018.0.118.1.0
19.0.019.0.1
20.0.020.0.120.1.020.1.120.1.520.2.020.3.020.4.020.5.0
21.0.0
Retrieved from "https://switchbrew.org/w/index.php?title=21.0.0&oldid=14098"