HIPC
IPC Command Structure
This is an array of u32's.
Word | Bits | Description |
---|---|---|
0 | 15-0 | Type. 4=IpcRequest, 5=QueryPointerBufferSize |
0 | 19-16 | Number of buf X descriptors (each: 2 words). |
0 | 23-20 | Number of buf A descriptors (each: 3 words). |
0 | 27-24 | Number of buf B descriptors (each: 3 words). |
0 | 31-28 | Number of type W desciptors (each: 3 words), never observed. |
1 | 9-0 | Total word count (in u32's). |
1 | 13-10 | If set to 2, enable buf C descriptor. |
1 | 31 | Enable handle descriptor. |
... | Handle descriptor, if enabled. | |
... | Buf X descriptors, each one 2 words. | |
... | Buf A descriptors, each one 3 words. | |
... | Buf B descriptors, each one 3 words. | |
... | Type W descriptors, each one 3 words. | |
... | Padding | |
... | Raw data | |
... | Buf C descriptors, each one 2 words. |
Handle descriptor
There can only be one of this descriptor type. It is enabled by bit31 of the second word.
Word | Bits | Description |
---|---|---|
0 | 0 | Send current PID. |
0 | 4-1 | Number of handles to move? |
0 | 8-5 | Number of handles to copy? |
... | Handles to move? | |
... | Handles to copy? |
Buffer descriptor A/B
This packing is so unnecessarily complex.
Word | Bits | Description |
---|---|---|
0 | Lower 32-bits of size. | |
1 | Lower 32-bits of address. | |
2 | 1-0 | Always set to 1 or 3. R/RW. |
2 | 4-2 | Bit 38-36 of address. |
2 | 27-24 | Bit 35-32 of size. |
2 | 31-28 | Bit 35-32 of address. |
Buffer descriptor C
Word | Bits | Description |
---|---|---|
0 | Lower 32-bits of address. | |
1 | 15-0 | Rest of address. |
1 | 31-16 | Size |
Buffer descriptor X
This one is packed even worse than A, they inserted the bit38-36 of the address on top of the counter field.
Word | Bits | Description |
---|---|---|
0 | 5-0 | Bits 5-0 of counter. |
0 | 8-6 | Bit 38-36 of address. |
0 | 11-9 | Bits 11-9 of counter. |
0 | 15-12 | Bit 35-32 of address. |
0 | 31-16 | Size |
1 | Lower 32-bits of address. |
Raw data portion
This is an array of u64's. It's always aligned to 16 so sometimes there is padding words before it.
Word | Description |
---|---|
... | Pid is written here if enabled. |
+0 | Magic ("SFCI" for requests, "SFCO" for responses) |
+1 | Cmd id |
... | Rest of raw data. |
Official marshalling code
The official marshalling function takes an array of (buf_ptr, size) pairs and a type-field for each such pair.
Bitmask 0x10 seems to indicate null-terminated strings, but that flag is ignored by the marshalling code.
Type Mask | Description |
---|---|
4 + 1 | Creates an A descriptor |
4 + 2 | Creates a B descriptor |
8 + 1 | Creates an X descriptor |
8 + 2 | Creates a C descriptor |
0x20 + 1 | Creates both an A and X descriptor |
Type | Description |
---|---|
0x1A | Output-buf, copy? |