Difference between revisions of "IPC"

From 3dbrew
Jump to navigation Jump to search
Line 53: Line 53:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Descriptor
+
Type
 +
! scope="col" width="150" |  Usual form
 
!  Description
 
!  Description
 
|-
 
|-
 +
| 0
 
| 0x00000000
 
| 0x00000000
| The corresponding value is a KHandle, that should be closed in calling process
+
<handle>
 +
| The corresponding value is a KHandle, that should be closed in calling process.
 
|-
 
|-
 +
| 0
 
| 0x00000010
 
| 0x00000010
| The corresponding value is a KHandle, that will be duplicated
+
<handle>
 +
| The corresponding value is a KHandle, that will be duplicated.
 
|-
 
|-
 +
| 0
 
| 0x00000020
 
| 0x00000020
| Let kernel set value to calling process ProcessID
+
<placeholder>
 +
| Let kernel set value to calling process ProcessID.
 
|-
 
|-
 +
| 1
 
| 0x0000???2 <nowiki>|</nowiki> (size<<14)
 
| 0x0000???2 <nowiki>|</nowiki> (size<<14)
 +
<ptr>
 
| The corresponding value contains a ptr to a buffer of said size, that should be copied to an already set-up buffer in destination process at threadlocalstorage+0x180.
 
| The corresponding value contains a ptr to a buffer of said size, that should be copied to an already set-up buffer in destination process at threadlocalstorage+0x180.
 
|-
 
|-
| 0x0000000A <nowiki>|</nowiki> (size<<4)
+
| 2
| The corresponding value contains a ptr to a input buffer of said size.
+
| 0x00000004
It will get mapped at virtual address 0x04000000+ in destination process.
+
| Does something weird.
 
|-
 
|-
 +
| 3
 +
| 0x00000006
 +
| Does nothing?
 +
|-
 +
| 4
 +
| 0x00000008
 +
| This command will cause a kernelpanic.
 +
|-
 +
| 5
 +
| <nowiki>0x0000000A | (size<<4)</nowiki>
 +
<ptr>
 +
| The corresponding value contains a ptr to a buffer of said size.
 +
|-
 +
| 6
 
| 0x0000000C <nowiki>|</nowiki> (size<<4)
 
| 0x0000000C <nowiki>|</nowiki> (size<<4)
| The corresponding value contains a ptr to a output buffer of said size.
+
<ptr>
It will get mapped at virtual address 0x04000000+ in destination process.
+
| The corresponding value contains a ptr to a buffer of said size.
 +
|-
 +
| 7
 +
| 0x0000000E <nowiki>|</nowiki> (size<<4)
 +
<ptr>
 +
| The corresponding value contains a ptr to a buffer of said size.
 
|}
 
|}
 +
 +
Buffers from commands 5,6,7 will get mapped at virtual address 0x04000000+ in destination process.

Revision as of 00:49, 4 August 2014

Every IPC command sent to services starts with a u32 header code:

Bits Description
0-5 Number of translate parameters (=x)
6-11 Number of normal parameters (=y)
12-15 Unused
16-31 Command ID

The entire command has the following structure:

Word Size Description
0 1 Header code
1 x Normal parameters
x y Translate parameters

Translate parameters are modified/translated transparently by the kernel. They are used to transfer handles/buffers between the different processes.

The type of parameter is described by the bits 1-3 in the translation descriptor. Parameter types accepted for sending by the kernel are: 0, 1, 2, 5, 6, 7. Type 0 is used to send handles across processes:

if desc & 0x30 == 0x20:
  write process id to value
else:
  translate handle
  if desc & 0x30 == 0x10:
    close handle for caller

For replies, only 0, 1, 5, 6, 7 are allowed. In other words any type 2 fields must be zeroed before calling svcReplyAndReceive on the server-side. For replies type 0, 1, 2 are ignored. Types 5, 6, 7 do something with the mem pointer upon reply. The type 0 descriptor can be used to ignore parameters. The number of parameters covered by a type-0 descriptor is (desc >> 26) + 1.

Type Usual form Description
0 0x00000000

<handle>

The corresponding value is a KHandle, that should be closed in calling process.
0 0x00000010

<handle>

The corresponding value is a KHandle, that will be duplicated.
0 0x00000020

<placeholder>

Let kernel set value to calling process ProcessID.
1 0x0000???2 | (size<<14)

<ptr>

The corresponding value contains a ptr to a buffer of said size, that should be copied to an already set-up buffer in destination process at threadlocalstorage+0x180.
2 0x00000004 Does something weird.
3 0x00000006 Does nothing?
4 0x00000008 This command will cause a kernelpanic.
5 0x0000000A | (size<<4)

<ptr>

The corresponding value contains a ptr to a buffer of said size.
6 0x0000000C | (size<<4)

<ptr>

The corresponding value contains a ptr to a buffer of said size.
7 0x0000000E | (size<<4)

<ptr>

The corresponding value contains a ptr to a buffer of said size.

Buffers from commands 5,6,7 will get mapped at virtual address 0x04000000+ in destination process.