10.0.0

From Nintendo Switch Brew
Revision as of 00:22, 19 April 2020 by SciresM (talk | contribs) (→‎Kernel: why does out size not get the real parameter)
Jump to navigation Jump to search

The Switch 10.0.0 system update was released on April 14, 2020 (UTC). This Switch update was released for the following regions: ALL.

Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.

Change-log

Official ALL change-log:

  • Added a bookmark feature to News.
  • This feature allows you to bookmark your favorite news items.
  • A maximum of 300 news items can be bookmarked.
  • An internet connection is required to view bookmarked News items.
  • News items that are no longer available cannot be viewed, even if they were bookmarked.
  • Added an option to transfer software data between the system memory and an SD card.
  • Users can now transfer downlopadable software, update data, and DLC from the system memory to an SD card (and vice versa).
  • Note that save data and some update data cannot be transferred to an SD card.
  • Added an option to remap the controller buttons.
  • Analog stick and button configurations can now be changed for each paired controller.
  • Custom configurations can be saved as favorites in System Settings > Controllers and Sensors.
  • Custom configurations are stored on the Nintendo Switch system.
  • Configurations can be customized for the following controllers: Joy-Con (L), Joy-Con (R), Nintendo Switch Pro Controller. Button configurations can also be customized on the Nintendo Switch Lite system.
  • This feature is not available for other controllers.
  • On each system, up to five favorite custom configurations can be saved for Joy-Con (L), five for Joy-Con (R), five for Nintendo Switch Pro Controller. Five configurations can also be saved as favorites for Nintendo Switch Lite.
  • Added a new section in User Settings for Play Activity Settings.
  • The options for "Display play activity to:" and "Delete Play Activity" have been moved from Friends Settings to the new Play Activity Settings.
  • Added new selections to the lineup of user profile icons.
  • Select from 6 new icons from the Animal Crossing: New Horizons game for your user.
  • General system stability improvements to enhance the user's experience.

BootImagePackage

All files in RomFS were updated.

Secure Monitor

Secure Monitor was updated.

  • Compiler/optimization flags were changed, many functions now use more optimized asm to accomplish the same functionality.
  • The firmware revision magic was changed from 0x18C to 0x1AD.
  • Support was added for an additional 5 DRAM models.
  • Asynchronous RSA SMCs now set a global to the result that GetResult should return instead of setting a bool that GetResult checks.
  • DecryptOrImportRsaPrivateKey now imports the modulus in addition to the exponent for the ES use cases.
    • This fixes a problem where you could specify a "smooth" modulus instead of the correct one when talking to TrustZone and then use Pohlig-Hellman to calculate the discrete logarithm and recover the private key.
  • Passing a use case to StorageExpMod for which DecryptOrImportRsaPrivateKey does not import modulus now validates that the provided modulus is correct for the previously imported exponent.
    • Future invocations of StorageExpMod will ignore the user-provided modulus, and use the imported one.
  • UnwrapTitleKey now returns new result 7 ("NotImported") when attempting to unwrap a titlekey before importing the exponent and modulus.

Warmboot

  • The firmware revision magic was changed from 0x18C to 0x1AD.

<check back for more diffs later>

Kernel

  • Kernel crt0 was heavily refactored.
    • Core 0 init vs Core 1/2/3 init are now separate functions.
    • The initial arguments are now stored inside the Core Local regions before those regions are initialized.
      • This saves a little memory by allowing for reusing that space.
    • The initial arguments now store an entrypoint invocation function pointer in addition to the entrypoint.
    • Core 1/2/3 now panic if cpuactlr/cpuectlr hold a value different than the one in init argument. Previously, they they did if (real value != expected value) { real value = expected value }.
  • Physical ASLR for certain backing regions (Kernel .text/.rodata/.rwdata/.bss + the Slab Heap region) was implemented.
    • Physical randomization of the kernel image is done by KernelLdr.
    • Randomization of the slab heap region is done by kernel during init.
    • To accommodate this, the virtual/physical memory trees no longer track pair blocks for the kernel/slab heap regions (as they no longer correlate directly).
  • The global rng is now std::mt19937_64 instead of std::mt19937
  • KPageHeap bitmaps now store a small TinyMT rng.
    • This is used to allocate random pages from the bitmap instead of first-available. Thus, KPageHeap allocation order is now random/non-deterministic.
  • KSpinLock was changed. Previously it used two u16s, each aligned to cache line. Now it packs the u16s into a single non-cache-line aligned u32.
    • The new spin lock is identical to the implementation in the ARM Reference Manual.
    • KScheduler's spin lock still uses the old cache-line aligned u16s.
    • Speculatively, we can consider the following motivation for the change:
      • The old spin lock cannot atomically update both tickets with a single write. Thus, it is required to do two loops (one to update the current ticket, one to check if the obtained ticket is the active and the lock is taken).
      • The new spin lock can atomically update both tickets with a single write. Thus, in the case where the lock is not held by another core when it is acquired, the new spin lock only has to do one atomic loop.
      • From this we can observe that the new spin lock is likely more performant under low contention (where it is expected that the lock is not held), however its downsides are potential false sharing (due to not owning the cache line). It is also probably better when at the start of a cache line and the locked data exists entirely within that cache line.
      • Most kernel locks are expected to be relatively uncontended (and there aren't really cases where two locks are in the same cache line so false sharing isn't such a problem), and thus the switch to the new ARM reference manual style lock should lead to an overall performance upgrade.
      • However, the scheduler lock is heavily contended (all cores will be locking it and unlocking it pretty much all the time). Thus, it makes more sense for it to continue using the old two-cache-line style lock, which performs better under high contention.
  • KProcess now has an additional data member storing the kernel virtual address of the process local region.
    • This is now used instead of the process virtual address for the tls region when writing context during exception handling.
    • This probably fixes a bug if an exception is being handled for a non-current process and the relevant codepath is taken(?)
  • Page table entry handling code was changed. Bit 56 is now used as an is valid/present flag. Previously checks that checked entries with bitmask 0x3 now check 0x100000000000002.
  • KPageTableBase now has an additional data member storing how much unsafe memory is currently mapped. (This value is incremented/decremented on calls to svcMapPhysicalMemoryUnsafe/svcUnmapPhysicalMemoryUnsafe).
  • KPageTableBase::LockForIpc* now takes a KPhysicalAddress * argument. Mapping code will try to write the physical address of the locked virtual address to this out pointer, KernelPanic() is called if physical address translation fails.
  • KServerSession::SendReply now takes an additional argument for the physical address of the user message buffer. NULL is passed when doing ReplyAndReceive without a user buffer.
    • When this argument is not null, the message buffer is accessed by doing linear phys-to-virt translation on this physaddress, otherwise the message buffer is accessed by doing linear phys-to-virt translation on the TLS physical address.
    • Previously, the process virtual address for the user buffer was accessed directly.
  • Pages allocated from the dynamic page slab heap are no longer memset to zero after being allocated.
    • Instead, they are memset to zero when the heap is first initialized, and when being freed.
    • This fixes the issue that pages were sometimes memset to zero unnecessarily, because they were already zero'd by some previous operation.
    • Newly allocated pages being all-zero is now a kernel invariant.
  • A new KMemoryPermission bit (0x40) was added. When this bit is set, the page is completely unmapped (for both user and kernel). This is done when e.g. memory is mirrored via MapMemory, when memory is locked for IPC usage, etc.
  • KPageTable::ChangePermissions was changed substantially to accommodate this.
    • Previously, it separated pages, iterated over mappings changing permissions as required (and invalidating + flushing cache if bool arg is true), then merged pages.
    • Now, the function has a lambda which iterates over all mappings, changing permissions as required and performing additional operations depending on a bitflag parameter.
    • First, the function separates pages.
    • Then if the input bool is false, this lambda is called with entry template = input entry template, bitflag parameter = 0. This changes all mappings to the new permissions. Pages are then merged, and the function returns.
    • Otherwise if the input bool is true, the lambda is called with entry template = input entry template & ~1 and bitflag parameter = 2. This changes all mappings to be invalid (as low bit of pte is zero). Bitflag & 2 causes entries to be merged during traversal.
    • Next, the scheduling lock is locked and immediately unlocked. This forces a reschedule.
    • Next, the lambda is called with entry template = input entry template, bitflag parameter = 1. This changes all mappings to new permissions, and flushes data cache on all new mappings.
    • Finally, mappings are merged, and the function returns.
  • SvcQueryIoMapping's ABI was changed.
    • Previously signature was Result QueryIoMapping(uintptr_t *out_address, PhysicalAddress physical_address, size_t size).
    • New signature is Result QueryIoMapping(uintptr_t *out_address, size_t *out_size, PhysicalAddress physical_address, size_t size);
    • For normal IO, out_size is just written with the input size parameter.
    • For special debug regions (mapped using 8.0.0+ memory region descriptor, queried by passing 1/2/3 as phys_addr parameter), out_size is written with the real size of the queried region.

<check back for more diffs later>

FIRM Sysmodules

FIRM sysmodules were updated. Specific diffs available below: <check back for more diffs later>

System Titles

NPDM changes:

  • The version was bumped. See Services_API for service-hosting changes.
  • nifm now has access to pl:u.
  • ptm now hosts lbl. lbl is now stubbed, there's no content besides the Meta and the ContentMetaType is now SystemData.
  • bsdsocket no longer has access to bgtc:t. It now has access to psc:l and time:al.
  • The pcie.withoutHb sysmodule was renamed to pcie.
  • The mapped IO range for wlan and pcie was updated.
  • ns now has access to arp:w and pgl. Access to ldr:shel, ncm:v, and pm:shell were removed. Bitmask 0x0000001000000000 is now set in the FS permissions.
  • ssl now has access to lm, but the sysmodule doesn't actually use it.
  • eupld now has access to srepo:u.
  • glue no longer has access to bpc, and access to time:al was added.
  • grc now has access to time:su.
  • creport no longer has access to ns:dev, and access to pgl was added.
  • sdb no longer has access to prepo:s, and access to srepo:u was added.
  • olsc now hosts a new service, and access to arp:r was added. SVCs svcMapTransferMemory and svcUnmapTransferMemory are now accessible.
  • All web-applets now have access to SVCs svcMapPhysicalMemoryUnsafe/svcUnmapPhysicalMemoryUnsafe.
  • LibraryAppletMyPage now has access to npns:s.

RomFs changes:

  • ErrorMessage has a number of new errors/modules, etc.
  • BrowserDll:
    • "/browser/ErrorPageFilteringTemplate.html" was updated.
    • "/buildinfo/buildinfo.dat" was updated.
    • The OSS NROs under /dll_0/ and /dll_1/ were updated.
    • "/font/NintendoCruiserExt.ttf" was updated.
    • "/lyt/Common/BtnFooter.arc" was updated.
    • The localization under /message/ was updated.
  • Help: "/legallines.htdocs/index.html" and "/safe.htdocs/html/CNzh/index.html" were updated.
  • NgWord was updated.
  • SsidList: "/ssid_list.csv" was updated.
  • AvatarImage: new icons were added.
  • UrlBlackList: The whitelists from the web-applets were moved into here:
    • "/blacklist.txt" was replaced by "/listCommon.txt", which is the same except the following was inserted at the beginning: ----
    • "/listEcGlobal.txt" and "/listEcChina.txt" were added, which contain the same content and are the same as the whitelist originally from LibraryAppletShop.
    • "/listLnsGlobal.txt" and "/listLnsChina.txt" were added, these are the same except "/listLnsChina.txt" contains the following additional line: ^https://([0-9A-Za-z\-]+\.)*qq\.com(/|$) Besides that line, these are the same as the whitelist originally from LibraryAppletLoginShare.
    • "/listWebYouTubePlayerCommon.txt" was added, containing the same youtube whitelist originally from LibraryAppletWeb.
  • TimeZoneBinary was updated with new timezone info.
  • FontNintendoExtension: "/nintendo_ext2_003.bfttf" was updated.
  • The config in FirmwareDebugSettings, PlatformConfigIcosa, PlatformConfigCopper, PlatformConfigHoag, and PlatformConfigIcosaMariko were updated.
  • ControllerFirmware was updated with new firmware. See that page for the new files, and also regarding hid-sysmodule RomFs. The following files were updated:
    • /ExpectVersionInfo-platform.hoag.csv
    • /FirmwareInfo.csv
    • /FirmwareInfo-platform.hoag.csv
    • /sioh.bin
    • /sioh_iap.bin
    • /ukyosakyo_ep2_ota.bin
  • NgWord2 was updated.
  • NgWordT was updated.
  • "/common/agl/agl_resource_min.Nin_Nx_NVN.release.sarc.szs" and "/common/shader/VarietyOceanShader_Nx.arc.szs" were updated in various applets. Various /lyt/, graphics, localization, and sound files were updated.
  • LibraryAppletWeb, LibraryAppletShop, and LibraryAppletLoginShare: "/buildinfo/buildinfo.dat" and "/.nrr/netfront.nrr" were updated. "/whitelist" was removed, see UrlBlackList above.
  • LibraryAppletOfflineWeb and LibraryAppletWifiWebAuth: "/buildinfo/buildinfo.dat" and "/.nrr/netfront.nrr" were updated.

See Also

System update report(s):

Nintendo Switch System Versions
1.0.0
2.0.02.1.02.2.02.3.0
3.0.03.0.13.0.2
4.0.04.0.14.1.0
5.0.05.0.15.0.25.1.0
6.0.06.0.16.1.06.2.0
7.0.07.0.1
8.0.08.0.18.1.08.1.1
9.0.09.0.19.1.09.2.0
10.0.010.0.110.0.210.0.310.0.410.1.010.1.110.2.0
11.0.011.0.1
12.0.012.0.112.0.212.0.312.1.0
13.0.013.1.013.2.013.2.1
14.0.014.1.014.1.114.1.2
15.0.015.0.1
16.0.016.0.116.0.216.0.316.1.0
17.0.017.0.1
18.0.018.0.118.1.0
19.0.019.0.1