4,564
edits
Changes
Jump to navigation
Jump to search
Line 86:
Line 86: − + Line 113:
Line 113: − +
→IPC Command Structure
| 1 || || Lower 32-bits of address.
| 1 || || Lower 32-bits of address.
|-
|-
| 2 || 1-0 || Flags. Always set to 1 or 3.
| 2 || 1-0 || Flags. Always set to 0, 1 or 3. Determines what [[SVC|MemoryState]] to use with the mapped memory in the sysmodule.
|-
|-
| 2 || 4-2 || Bit 38-36 of address.
| 2 || 4-2 || Bit 38-36 of address.
=== IPC buffers ===
=== IPC buffers ===
Buffer descriptor A and others map memory into the sysmodule process. With input buffers the memory permissions are set to read-only, for the mapped memory in the sysmodule. The buffer is automatically unmapped while the kernel handles the cmdreply, the sysmodule doesn't need to specify anything in the cmdreply to trigger this.
Buffer descriptor A/B/... map memory into the sysmodule process. For the mapped memory in the sysmodule the permissions are: desc-A = R--, desc-B = RW-. The buffer is automatically unmapped while the kernel handles the cmdreply, the sysmodule doesn't need to specify anything in the cmdreply to trigger this.
This memory is mapped in the sysmodule to the same vaddr from the original user-process cmd-request, except with with bits >=(~28(?)) changed to a different ASLR'd region.
This memory is mapped in the sysmodule to the same vaddr from the original user-process cmd-request, except with with bits >=(~28(?)) changed to a different ASLR'd region.