内存布局
ARM11物理内存区域
地址 | 大小 | 说明 |
---|---|---|
0x0 | 0x10000 | Bootrom (超私密代码数据 @ 0x8000) |
0x10000 | 0x10000 | Bootrom备份 |
0x10000000 | ? | IO内存 |
0x17E00000 | 0x2000 | MPCore私有内存区域 |
0x18000000 | 0x600000 | VRAM |
0x1FF00000 | 0x80000 | DSP内存 |
0x1FF80000 | 0x80000 | AXI WRAM |
0x20000000 | 0x8000000 | FCRAM |
硬件内存映射
ARM11详细物理内存映射
18000000 - 18600000: VRAM 1FF80000 - 1FFAB000: Kernel code 1FFAB000 - 1FFF0000: SlabHeap [临时装载启动进程] 1FFF0000 - 1FFF1000: ? 1FFF1000 - 1FFF2000: ? 1FFF2000 - 1FFF3000: ? 1FFF3000 - 1FFF4000: ? 1FFF4000 - 1FFF5000: 异常向量表 1FFF5000 - 1FFF5800: Unused? 1FFF5800 - 1FFF5C00: 虚拟地址(VA)FF4xx000对应的256入口L2 MMU表 1FFF5C00 - 1FFF6000: 虚拟地址(VA)FF5xx000对应的256入口L2 MMU表 1FFF6000 - 1FFF6400: 虚拟地址(VA)FF6xx000对应的256入口L2 MMU表 1FFF6400 - 1FFF6800: 虚拟地址(VA)FF7xx000对应的256入口L2 MMU表 1FFF6800 - 1FFF6C00: 虚拟地址(VA)FF8xx000对应的256入口L2 MMU表 1FFF6C00 - 1FFF7000: 虚拟地址(VA)FF9xx000对应的256入口L2 MMU表 1FFF7000 - 1FFF7400: 虚拟地址(VA)FFAxx000对应的256入口L2 MMU表 1FFF7400 - 1FFF7800: 虚拟地址(VA)FFBxx000对应的256入口L2 MMU表 1FFF7800 - 1FFF7C00: 是MMU表但是好像没使用? 1FFF7C00 - 1FFF8000: 虚拟地址(VA)FFFxx000对应的256入口L2 MMU表 1FFF8000 - 1FFFC000: 虚拟地址(VA)xxx00000对应的4096入口L1 MMU表(CPU 0 or 1) 1FFFC000 - 20000000: 虚拟地址(VA)xxx00000对应的4096入口L1 MMU表(CPU 1 or 0) 20000000 - 28000000: 主内存
ARM11详细虚拟内存映射
E8000000 - E8600000: 映射到VRAM (18000000 - 18600000) EFF00000 - F0000000: 映射到内部内存(1FF00000 - 20000000) F0000000 - F8000000: 映射到主内存 FF401000 - FF402000: 映射到 ? (27FC7000 - 27FC8000) FF403000 - FF404000: 映射到 ? (27FC2000 - 27FC3000) FF405000 - FF406000: 映射到 ? (27FBB000 - 27FBC000) FF407000 - FF408000: 映射到 ? (27FB3000 - 27FB4000) FF409000 - FF40A000: 映射到 ? (27F8E000 - 27F8F000) FFF00000 - FFF45000: 映射到SlabHeap FFF60000 - FFF8B000: 映射到内核代码 FFFCC000 - FFFCD000: 映射到IO I2C second bus (10144000 - 10145000) FFFCE000 - FFFCF000: 映射到IO PDC (10400000 - 10401000) FFFD0000 - FFFD1000: 映射到IO PDN (10141000 - 10142000) FFFD2000 - FFFD3000: 映射到IO PXI (10163000 - 10164000) FFFD4000 - FFFD5000: 映射到IO PAD (10146000 - 10147000) FFFD6000 - FFFD7000: 映射到IO LCD (10202000 - 10203000) FFFD8000 - FFFD9000: 映射到IO ? (10140000 - 10141000) FFFDA000 - FFFDB000: 映射到IO XDMA (10200000 - 10201000) FFFDC000 - FFFE0000: 映射到 ? (1FFF8000 - 1FFFC000) FFFE1000 - FFFE2000: 映射到 ? (1FFF0000 - 1FFF1000) FFFE3000 - FFFE4000: 映射到 ? (1FFF2000 - 1FFF3000) FFFE5000 - FFFE9000: 映射到虚拟内存(VA)xxx00000的L1 MMU表 FFFEA000 - FFFEB000: 映射到 ? (1FFF1000 - 1FFF2000) FFFEC000 - FFFED000: 映射到 ? (1FFF3000 - 1FFF4000) FFFEE000 - FFFF0000: 映射到IO中断 (17E00000 - 17E02000) FFFF0000 - FFFF1000: 映射到异常向量表 FFFF2000 - FFFF6000: 映射到虚拟内存(VA)xxx00000的L1 MMU表 FFFF7000 - FFFF8000: 映射到 ? (1FFF1000 - 1FFF2000) FFFF9000 - FFFFA000: 映射到 ? (1FFF3000 - 1FFF4000) FFFFB000 - FFFFE000: 映射到L2 MMU表(1FFF5000 - 1FFF8000)
ARM11用户空间内存区域
虚拟基地址 | 物理基地址 | 分区最大大小 | 描述 |
---|---|---|---|
0x00100000 / 0x14000000 | 0x03F00000 | ExeFS:/.code会装载到这里,可执行文件必须在exheader "special memory"标志清零前加载到0x00100000区域。 只有当标志清零后才会有0x03F00000字节大小的限制。当exheader "special memory"置数时,可执行文件一般会加载到0x14000000,其实这个地址可以任意。 | |
0x08000000 | For applications: FCRAM + GSP heap size | 0x08000000 | Heap mapped by ControlMemory |
0x10000000-StackSize | .bss physical address - total stack pages | StackSize from process exheader | Stack for the main-thread, initialized by the ARM11 kernel. The StackSize from the exheader is usually 0x4000, therefore the stack-bottom is usually 0x0FFFC000. The stack for the other threads is normally located in the process .data section however this can be arbitrary. |
0x10000000 | 0x04000000 | Shared memory | |
0x14000000 | FCRAM+0 | 0x08000000 | Can be mapped by ControlMemory, this is used for the application's GSP heap. |
0x1EC00000 | 0x10100000 | 0x01000000 | IO registers, the mapped IO pages which each process can access is specified in the CXI exheader.(Applications normally don't have access to registers in this range) |
0x1F000000 | 0x18000000 | 0x00600000 | VRAM, access to this is specified by the exheader. |
0x1FF00000 | 0x1FF00000 | 0x00080000 | DSP memory, access to this is specified by the exheader. |
0x1FF80000 | 0x1000 | Configuration Memory, all processes have access to this however write-permission to this page is specified by the exheader "Shared page writing" kernel flag. | |
0x1FF81000 | 0x1000 | Shared page, access to this is the same as 0x1FF80000. |
All executable pages are read-only, and data pages have the execute-never permission set. Normally .text from the loaded ExeFS:/.code is the only mapped executable memory. Executable CROs can be loaded into memory, once loaded the CRO .text section memory page permissions are changed via ControlProcessMemory from RW- to R-X. The address and size of each ExeFS:/.code section is stored in the exheader, the permissions for each section is: .text R-X, .rodata R--, .data RW-, and .bss RW-. The loaded .code is mapped to the addresses specified in the exheader by the ARM11 kernel. The stack permissions is initialized by the ARM11 kernel: RW-. The heap permissions is normally RW-.
All userland memory is mapped with RW permissions for privileged-mode. However, normally the ARM11 kernel only uses userland read/write instructions(or checks that the memory can be written from userland first) for accessing memory specified by SVCs.
The virtual memory located below 0x20000000 is process-unique, processes can't directly access memory for other processes. The virtual memory starting at 0x20000000 is only accessible in privileged-mode. When service commands are used, the kernel maps memory in the destination process for input/output buffers, where the addresses in the command received by the process is replaced by this mapped memory. When this is an input buffer, the buffer data is copied to the mapped memory. When this is an output buffer, the data stored in the mapped memory is copied to the destination buffer specified in the command.
The physical address which memory for the application memory-type is mapped to begins at FCRAM+0, the total memory allocated for this memory-type is stored in Configuration_Memory. Applications' exefs:/.code under the application memory-type is mapped at FCRAM + APPMEMALLOC - exefs:/.code size aligned to the page size. The application .bss is mapped at CODEADDR - .bss size aligned down to the page size. Once the application exefs:/.code, .bss, and stack are mapped, APPMEMALLOC is set to APPMEMALLOC - (stacksize + bss_size + codesize), where stacksize, bss_size, and code_size are aligned to the page size.
系统内存细节
0xFFFF9004是指向当前KProcess示例的指针。
句柄
句柄0xFFFF8001是到当前KProcess的引用。
VRAM Map While Running Webbrowser
- 0x1e6000-0x22C500 -- top screen framebuffer 0(240x400x3)
- 0x22C800-0x272D00 -- top screen framebuffer 1(240x400x3)
- 0x273000-0x2B9500 -- top screen framebuffer 2(240x400x3)
- 0x2B9800-0x2FFD00 -- top screen framebuffer 3(240x400x3)
- 0x48F000-0x4C7400 -- bottom screen framebuffer 0(240x320x3)
- 0x4C7800-0x4FF800 -- bottom screen framebuffer 1(240x320x3)