The-Homebrew-Cloud/MemoryMappingModule
2
0
Fork 0
mirror of https://github.com/wiiu-env/MemoryMappingModule.git synced 2024-11-22 01:39:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make sure we can execute code on all three cores, check heaps on application end

Browse Source
This commit is contained in:
Maschell 2024-04-19 18:24:51 +02:00
parent 5f249475c3
commit 8e53c22f2c
3 changed files with 176 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source/main.cpp
View File

@ -45,8 +45,6 @@ void UpdateFunctionPointer() {
gMEMAllocFromDefaultHeapExForThreads = (void *(*) (uint32_t, int) ) * allocPtr; gMEMAllocFromDefaultHeapExForThreads = (void *(*) (uint32_t, int) ) * allocPtr;
gMEMFreeToDefaultHeapForThreads = (void (*)(void *)) * freePtr; gMEMFreeToDefaultHeapForThreads = (void (*)(void *)) * freePtr;
OSDynLoad_Release(coreinitModule);
} }
WUMS_INITIALIZE(args) { WUMS_INITIALIZE(args) {
@ -86,6 +84,8 @@ WUMS_INITIALIZE(args) {
WUMS_APPLICATION_STARTS() { WUMS_APPLICATION_STARTS() {
OSReport("Running MemoryMappingModule " VERSION VERSION_EXTRA "\n"); OSReport("Running MemoryMappingModule " VERSION VERSION_EXTRA "\n");
MemoryMapping_checkHeaps();
// Now we can update the pointer with the "real" functions // Now we can update the pointer with the "real" functions
gMEMAllocFromDefaultHeapExForThreads = MEMAllocFromDefaultHeapEx; gMEMAllocFromDefaultHeapExForThreads = MEMAllocFromDefaultHeapEx;
gMEMFreeToDefaultHeapForThreads = MEMFreeToDefaultHeap; gMEMFreeToDefaultHeapForThreads = MEMFreeToDefaultHeap;
@ -95,11 +95,14 @@ WUMS_APPLICATION_STARTS() {
#endif #endif
} }
WUMS_APPLICATION_ENDS() {
MemoryMapping_checkHeaps();
#ifdef DEBUG #ifdef DEBUG
WUMS_APPLICATION_REQUESTS_EXIT() {
deinitLogging(); deinitLogging();
}
#endif #endif
}
void MemoryMappingFree(void *ptr) { void MemoryMappingFree(void *ptr) {
//DEBUG_FUNCTION_LINE("[%08X] free", ptr); //DEBUG_FUNCTION_LINE("[%08X] free", ptr);

167
source/memory_mapping.cpp
View File

@ -23,6 +23,149 @@ void runOnAllCores(CThread::Callback callback, void *callbackArg, int32_t iAttr
} }
} }
void KernelWriteU32(uint32_t addr, uint32_t value) {
ICInvalidateRange(&value, 4);
DCFlushRange(&value, 4);
auto dst = (uint32_t) OSEffectiveToPhysical(addr);
auto src = (uint32_t) OSEffectiveToPhysical((uint32_t) &value);
KernelCopyData(dst, src, 4);
DCFlushRange((void *) addr, 4);
ICInvalidateRange((void *) addr, 4);
}
void KernelWrite(uint32_t addr, const void *data, uint32_t length) {
// This is a hacky workaround, but currently it only works this way. ("data" is always on the stack, so maybe a problem with mapping values from the JIT area?)
// further testing required.
for (uint32_t i = 0; i < length; i += 4) {
KernelWriteU32(addr + i, *(uint32_t *) (((uint32_t) data) + i));
}
}
/*
static void SCSetupIBAT4DBAT5() {
asm volatile("sync; eieio; isync");
// Give our and the kernel full execution rights.
// 00800000-01000000 => 30800000-31000000 (read/write, user/supervisor)
unsigned int ibat4u = 0x008000FF;
unsigned int ibat4l = 0x30800012;
asm volatile("mtspr 560, %0" :: "r"(ibat4u));
asm volatile("mtspr 561, %0" :: "r"(ibat4l));
// Give our and the kernel full data access rights.
// 00800000-01000000 => 30800000-31000000 (read/write, user/supervisor)
unsigned int dbat5u = ibat4u;
unsigned int dbat5l = ibat4l;
asm volatile("mtspr 570, %0" :: "r"(dbat5u));
asm volatile("mtspr 571, %0" :: "r"(dbat5l));
asm volatile("eieio; isync");
}
*/
const uint32_t sSCSetupIBAT4DBAT5Buffer[] = {0x7c0004ac,
0x7c0006ac,
0x4c00012c,
0x3d400080,
0x614a00ff,
0x7d508ba6,
0x3d203080,
0x61290012,
0x7d318ba6,
0x7d5a8ba6,
0x7d3b8ba6,
0x7c0006ac,
0x4c00012c,
0x4e800020};
#define TARGET_ADDRESS_EXECUTABLE_MEM 0x017FF000
#define SCSetupIBAT4DBAT5_ADDRESS TARGET_ADDRESS_EXECUTABLE_MEM
const uint32_t sSC0x51Buffer[] = {
0x7c7082a6, // mfspr r3, 528
0x60630003, // ori r3, r3, 0x03
0x7c7083a6, // mtspr 528, r3
0x7c7282a6, // mfspr r3, 530
0x60630003, // ori r3, r3, 0x03
0x7c7283a6, // mtspr 530, r3
0x7c0006ac, // eieio
0x4c00012c, // isync
0x3c600000 | (SCSetupIBAT4DBAT5_ADDRESS >> 16), // lis r3, SCSetupIBAT4DBAT5@h
0x60630000 | (SCSetupIBAT4DBAT5_ADDRESS & 0xFFFF), // ori r3, r3, SCSetupIBAT4DBAT5@l
0x7c6903a6, // mtctr r3
0x4e800420, // bctr
};
#define SC0x51Buffer_ADDRESS (SCSetupIBAT4DBAT5_ADDRESS + sizeof(sSCSetupIBAT4DBAT5Buffer))
#define SC0x51Call_ADDRESS (SC0x51Buffer_ADDRESS + sizeof(sSC0x51Buffer))
const uint32_t sSC0x51CallBuffer[] = {
0x38005100, //li %r0, 0x5100
0x44000002, // sc
0x4e800020 //blr
};
void SetupIBAT4DBAT5OnAllCores() {
unsigned char backupBuffer[0x74];
KernelWrite((uint32_t) backupBuffer, (void *) TARGET_ADDRESS_EXECUTABLE_MEM, sizeof(backupBuffer));
static_assert(sizeof(backupBuffer) >= (sizeof(sSC0x51Buffer) + sizeof(sSCSetupIBAT4DBAT5Buffer) + sizeof(sSC0x51CallBuffer)), "Not enough memory in backup buffer");
static_assert(SCSetupIBAT4DBAT5_ADDRESS >= TARGET_ADDRESS_EXECUTABLE_MEM && SCSetupIBAT4DBAT5_ADDRESS < (TARGET_ADDRESS_EXECUTABLE_MEM + sizeof(backupBuffer)), "buffer in wrong memory region");
static_assert(SC0x51Buffer_ADDRESS >= TARGET_ADDRESS_EXECUTABLE_MEM && SC0x51Buffer_ADDRESS < (TARGET_ADDRESS_EXECUTABLE_MEM + sizeof(backupBuffer)), "buffer in wrong memory region");
static_assert(SC0x51Call_ADDRESS >= TARGET_ADDRESS_EXECUTABLE_MEM && SC0x51Call_ADDRESS < (TARGET_ADDRESS_EXECUTABLE_MEM + sizeof(backupBuffer)), "buffer in wrong memory region");
static_assert(SCSetupIBAT4DBAT5_ADDRESS != SC0x51Buffer_ADDRESS && SCSetupIBAT4DBAT5_ADDRESS != SC0x51Call_ADDRESS && SC0x51Buffer_ADDRESS != SC0x51Call_ADDRESS, "buffer are not different");
// We need copy the functions to a memory region which is executable on all 3 cores
KernelWrite(SCSetupIBAT4DBAT5_ADDRESS, sSCSetupIBAT4DBAT5Buffer, sizeof(sSCSetupIBAT4DBAT5Buffer)); // Set IBAT5 and DBAT5 to map the memory region
KernelWrite(SC0x51Buffer_ADDRESS, sSC0x51Buffer, sizeof(sSC0x51Buffer)); // Implementation of 0x51 syscall
KernelWrite(SC0x51Call_ADDRESS, sSC0x51CallBuffer, sizeof(sSC0x51CallBuffer)); // Call of 0x51 syscall
/* set our setup syscall to an unused position */
KernelPatchSyscall(0x51, SCSetupIBAT4DBAT5_ADDRESS);
// We want to run this on all 3 cores.
{
int32_t aff[] = {CThread::eAttributeAffCore2, CThread::eAttributeAffCore1, CThread::eAttributeAffCore0};
int iStackSize = 0x200;
//! allocate the thread and stack on the default Cafe OS heap
auto *pThread = (OSThread *) gMEMAllocFromDefaultHeapExForThreads(sizeof(OSThread), 0x10);
auto *pThreadStack = (uint8_t *) gMEMAllocFromDefaultHeapExForThreads(iStackSize, 0x20);
//! create the thread
if (pThread && pThreadStack) {
for (int i : aff) {
*pThread = {};
memset(pThreadStack, 0, iStackSize);
OSCreateThread(pThread, reinterpret_cast<OSThreadEntryPointFn>(SC0x51Call_ADDRESS), 0, nullptr, (void *) (pThreadStack + iStackSize), iStackSize, 16, (OSThreadAttributes) i);
OSResumeThread(pThread);
while (OSIsThreadSuspended(pThread)) {
OSResumeThread(pThread);
}
OSJoinThread(pThread, nullptr);
}
}
//! free the thread stack buffer
if (pThreadStack) {
memset(pThreadStack, 0, iStackSize);
gMEMFreeToDefaultHeapForThreads(pThreadStack);
}
if (pThread) {
memset(pThread, 0, sizeof(OSThread));
gMEMFreeToDefaultHeapForThreads(pThread);
}
}
/* repair data */
KernelWrite(TARGET_ADDRESS_EXECUTABLE_MEM, backupBuffer, sizeof(backupBuffer));
DCFlushRange((void *) TARGET_ADDRESS_EXECUTABLE_MEM, sizeof(backupBuffer));
}
void writeKernelNOPs(CThread *thread, void *arg) { void writeKernelNOPs(CThread *thread, void *arg) {
DEBUG_FUNCTION_LINE_VERBOSE("Writing kernel NOPs on core %d", OSGetThreadAffinity(OSGetCurrentThread()) / 2); DEBUG_FUNCTION_LINE_VERBOSE("Writing kernel NOPs on core %d", OSGetThreadAffinity(OSGetCurrentThread()) / 2);
@ -339,6 +482,11 @@ void MemoryMapping_memoryMappingForRegions(const memory_mapping_t *memory_mappin
} }
void MemoryMapping_setupMemoryMapping() { void MemoryMapping_setupMemoryMapping() {
/*
* We need to make sure that with have full access to the 0x0080000-0x01000000 region on all 3 cores.
*/
SetupIBAT4DBAT5OnAllCores();
// Override all writes to SR8 with nops. // Override all writes to SR8 with nops.
// Override some memory region checks inside the kernel // Override some memory region checks inside the kernel
runOnAllCores(writeKernelNOPs, nullptr); runOnAllCores(writeKernelNOPs, nullptr);
@ -443,6 +591,25 @@ void *MemoryMapping_allocEx(uint32_t size, int32_t align, bool videoOnly) {
return res; return res;
} }
extern "C" bool MEMCheckExpHeap(MEMHeapHandle heap, bool logProblems);
void MemoryMapping_checkHeaps() {
OSLockMutex(&allocMutex);
for (int32_t i = 0; /* waiting for a break */; i++) {
if (mem_mapping[i].physical_addresses == nullptr) {
break;
}
auto heapHandle = (MEMHeapHandle) mem_mapping[i].effective_start_address;
if (!MEMCheckExpHeap(heapHandle, true)) {
DEBUG_FUNCTION_LINE_ERR("MemoryMapping heap %08X (index %d) is corrupted.", heapHandle, i);
#ifdef DEBUG
OSFatal("MemoryMappingModule: Heap is corrupted");
#endif
}
}
OSUnlockMutex(&allocMutex);
}
void *MemoryMapping_alloc(uint32_t size, int32_t align) { void *MemoryMapping_alloc(uint32_t size, int32_t align) {
return MemoryMapping_allocEx(size, align, false); return MemoryMapping_allocEx(size, align, false);
} }

2
source/memory_mapping.h
View File

@ -201,6 +201,8 @@ void MemoryMapping_readTestValuesFromMemory();
void MemoryMapping_searchEmptyMemoryRegions(); void MemoryMapping_searchEmptyMemoryRegions();
void MemoryMapping_checkHeaps();
void *MemoryMapping_alloc(uint32_t size, int32_t align); void *MemoryMapping_alloc(uint32_t size, int32_t align);
void *MemoryMapping_allocVideoMemory(uint32_t size, int32_t align); void *MemoryMapping_allocVideoMemory(uint32_t size, int32_t align);