mirror of
https://github.com/ps5-linux/ps5-linux-loader.git
synced 2026-05-09 00:24:16 +00:00
cleaning + notifications + autosleep
This commit is contained in:
Mateico
@@ -117,8 +117,7 @@ static void patch_hv(void) {
|
||||
}
|
||||
|
||||
// Install hv_shellcode 2
|
||||
uint64_t hv_shellcode = cave_hv;
|
||||
memcpy((void *)PHYS_TO_DMAP(hv_shellcode), shellcode_hypervisor,
|
||||
memcpy((void *)PHYS_TO_DMAP(cave_hv_code), shellcode_hypervisor,
|
||||
shellcode_hypervisor_len);
|
||||
|
||||
// Jump to shellcode final identity mapping
|
||||
@@ -130,8 +129,8 @@ static void patch_hv(void) {
|
||||
// Update code cave in hv 1:1 region
|
||||
*(uint32_t *)(&shellcode_jmp[3]) = (uint32_t)args.hv_code_cave_pa;
|
||||
|
||||
// Just patch the VMEXIT handler directly, avoiding all checks (0x6282b45d)
|
||||
memcpy(PHYS_TO_DMAP(args.hv_handle_vmexit_pa), shellcode_jmp,
|
||||
// Just patch the VMEXIT handler directly, avoiding all checks
|
||||
memcpy((void *)PHYS_TO_DMAP(args.hv_handle_vmexit_pa), shellcode_jmp,
|
||||
sizeof(shellcode_jmp));
|
||||
|
||||
uint8_t shellcode_identity_and_jmp[] = {
|
||||
@@ -149,7 +148,7 @@ static void patch_hv(void) {
|
||||
*(uint64_t *)(&shellcode_identity_and_jmp[15]) = cave_hv_code;
|
||||
|
||||
// Install shellcode 1 to update CR3 and jump to main HV shellcode
|
||||
memcpy(PHYS_TO_DMAP(args.hv_code_cave_pa), shellcode_identity_and_jmp,
|
||||
memcpy((void *)PHYS_TO_DMAP(args.hv_code_cave_pa), shellcode_identity_and_jmp,
|
||||
sizeof(shellcode_identity_and_jmp));
|
||||
}
|
||||
|
||||
@@ -157,7 +156,7 @@ void boot_linux(void) {
|
||||
|
||||
patch_hv();
|
||||
|
||||
memcpy((void *)PHYS_TO_DMAP(0xC0000), g_vbios, 0x10000);
|
||||
memcpy((void *)PHYS_TO_DMAP(0xC0000), (void *)g_vbios, 0x10000);
|
||||
|
||||
// Enable DP phys link.
|
||||
dp_enable_link_phy(4, 30);
|
||||
|
||||
@@ -3,12 +3,6 @@
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#define cave 0x100000000ULL
|
||||
#define cave_hv_paging cave
|
||||
#define cave_hv cave_hv_paging + 0x3000
|
||||
#define cave_linux cave_hv + 0x2000
|
||||
|
||||
#define PAGE_SIZE 4096
|
||||
#define ALIGN_UP(size, align) (((size) + (align) - 1) & ~((align) - 1))
|
||||
|
||||
static int dp_enable_link_phy(int lanenum, int linkrate);
|
||||
|
||||
@@ -55,7 +55,7 @@ __attribute__((section(".entry_point"))) uint32_t main(uint64_t add1,
|
||||
// Reconfigure IOMMU calling the HV
|
||||
int ret = ((uint64_t(*)(uint64_t, uint64_t, uint64_t, uint64_t,
|
||||
int *))args_ptr->fun_hv_iommu_set_buffers)(
|
||||
iommu_cb2_pa, iommu_cb3_pa, iommu_eb_pa, &unk, &n_devices);
|
||||
iommu_cb2_pa, iommu_cb3_pa, iommu_eb_pa, (uint64_t) &unk, &n_devices);
|
||||
|
||||
if (ret != 0) {
|
||||
putc_uart(args_ptr->dmap_base, 'I');
|
||||
@@ -126,7 +126,7 @@ __attribute__((section(".entry_point"))) uint32_t main(uint64_t add1,
|
||||
// Re-do this to force a VMEXIT without HV injecting faults
|
||||
((uint64_t(*)(uint64_t, uint64_t, uint64_t, uint64_t,
|
||||
int *))args_ptr->fun_hv_iommu_set_buffers)(
|
||||
iommu_cb2_pa, iommu_cb3_pa, iommu_eb_pa, &unk, &n_devices);
|
||||
iommu_cb2_pa, iommu_cb3_pa, iommu_eb_pa, (uint64_t) &unk, &n_devices);
|
||||
((uint64_t(*)(void))args_ptr->fun_hv_iommu_wait_completion)();
|
||||
|
||||
putc_uart(args_ptr->dmap_base, 'B');
|
||||
@@ -195,7 +195,7 @@ void halt(void) { __asm__ __volatile__("hlt"); }
|
||||
|
||||
// Submit a single 16-byte command and wait for completion
|
||||
__attribute__((noinline, optimize("O0"))) void
|
||||
iommu_submit_cmd(shellcode_kernel_args *args_ptr, uint64_t *cmd) {
|
||||
iommu_submit_cmd(volatile shellcode_kernel_args *args_ptr, uint64_t *cmd) {
|
||||
// Read the offset of current tail of command list
|
||||
uint64_t curr_tail = *(
|
||||
(uint64_t *)args_ptr->iommu_mmio_va +
|
||||
@@ -206,7 +206,7 @@ iommu_submit_cmd(shellcode_kernel_args *args_ptr, uint64_t *cmd) {
|
||||
|
||||
// We write the command in the current empty entry
|
||||
uint64_t *cmd_buffer =
|
||||
args_ptr->iommu_cb2_va + curr_tail / 8; // Downscale the size of the ptr
|
||||
(uint64_t *)args_ptr->iommu_cb2_va + curr_tail / 8; // Downscale the size of the ptr
|
||||
// Copy 0x10 bytes (CMD Size)
|
||||
cmd_buffer[0] = cmd[0];
|
||||
cmd_buffer[1] = cmd[1];
|
||||
@@ -224,7 +224,7 @@ iommu_submit_cmd(shellcode_kernel_args *args_ptr, uint64_t *cmd) {
|
||||
|
||||
// Write 8 bytes to a physical address using IOMMU completion wait store
|
||||
__attribute__((noinline, optimize("O0"))) void
|
||||
iommu_write8_pa(shellcode_kernel_args *args_ptr, uint64_t pa, uint64_t val) {
|
||||
iommu_write8_pa(volatile shellcode_kernel_args *args_ptr, uint64_t pa, uint64_t val) {
|
||||
uint32_t cmd[4] = {0};
|
||||
cmd[0] = (uint32_t)(pa & 0xFFFFFFF8) | 0x05;
|
||||
cmd[1] = ((uint32_t)(pa >> 32) & 0xFFFFF) | 0x10000000;
|
||||
@@ -234,7 +234,7 @@ iommu_write8_pa(shellcode_kernel_args *args_ptr, uint64_t pa, uint64_t val) {
|
||||
}
|
||||
|
||||
__attribute__((noinline, optimize("O0"))) void
|
||||
patch_vmcb(shellcode_kernel_args *args_ptr) {
|
||||
patch_vmcb(volatile shellcode_kernel_args *args_ptr) {
|
||||
for (int i = 0; i < 16; i++) {
|
||||
uint64_t pa = args_ptr->vmcb[i];
|
||||
// args_ptr->fun_printf("Patching core: %02d VMCB_PA: 0x%016lx\n", i,
|
||||
@@ -281,16 +281,17 @@ __attribute__((noinline, optimize("O0"))) int tmr_disable(uint64_t dmap) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
void init_global_pointers(shellcode_kernel_args *args_ptr) {
|
||||
void init_global_pointers(volatile shellcode_kernel_args *args_ptr) {
|
||||
|
||||
memcpy(&args, args_ptr, sizeof(args));
|
||||
memcpy(&args, (void *)args_ptr, sizeof(args));
|
||||
|
||||
printf = args.fun_printf;
|
||||
smp_rendezvous = args.fun_smp_rendezvous;
|
||||
smp_no_rendevous_barrier = args.fun_smp_no_rendevous_barrier;
|
||||
printf = (void (*)(const char *, ...)) args.fun_printf;
|
||||
smp_rendezvous = (void (*)(void (*)(void), void (*)(void),
|
||||
void (*)(void), void *)) args.fun_smp_rendezvous;
|
||||
smp_no_rendevous_barrier = (void (*)(void)) args.fun_smp_no_rendevous_barrier;
|
||||
|
||||
transmitter_control = args.fun_transmitter_control;
|
||||
mp3_initialize = args.fun_mp3_initialize;
|
||||
mp3_invoke = args.fun_mp3_invoke;
|
||||
transmitter_control = (int (*) (int, void*)) args.fun_transmitter_control;
|
||||
mp3_initialize = (int (*) (int)) args.fun_mp3_initialize;
|
||||
mp3_invoke = (int (*) (int, void*, void*)) args.fun_mp3_invoke;
|
||||
g_vbios = args.g_vbios;
|
||||
}
|
||||
@@ -13,11 +13,8 @@ uint64_t (*kernel_va_to_pa)(uint64_t va);
|
||||
uint32_t (*hv_iommu_set_buffers)(uint64_t cb2_pa, uint64_t cb3_pa,
|
||||
uint64_t eb_pa, uint64_t unk, int *n_devices);
|
||||
uint32_t (*hv_iommu_wait_completion)(void);
|
||||
void (*smp_rendezvous)(void (*setup_func)(void *), void (*action_func)(void *),
|
||||
void (*teardown_func)(void *), void *arg);
|
||||
void (*smp_rendezvous_cpus)(cpuset_t map, void (*setup_func)(void *),
|
||||
void (*action_func)(void *),
|
||||
void (*teardown_func)(void *), void *arg);
|
||||
void (*smp_rendezvous)(void (*setup_func)(void), void (*action_func)(void),
|
||||
void (*teardown_func)(void), void *arg);
|
||||
void (*smp_no_rendevous_barrier)(void);
|
||||
|
||||
// We are being called instead of AcpiSetFirmwareWakingVector from
|
||||
@@ -44,8 +41,7 @@ uint64_t rdmsr(uint32_t msr);
|
||||
|
||||
uint32_t tmr_read(uint64_t dmap, uint32_t addr);
|
||||
void tmr_write(uint64_t dmap, uint32_t addr, uint32_t val);
|
||||
|
||||
int tmr_relax(void);
|
||||
int tmr_disable(uint64_t dmap);
|
||||
|
||||
// Command buffer MMIO offsets
|
||||
#define IOMMU_MMIO_CB_HEAD 0xa000
|
||||
@@ -57,15 +53,16 @@ int tmr_relax(void);
|
||||
#define IOMMU_CMD_ENTRY_SIZE 0x10
|
||||
|
||||
// Submit a single 16-byte command and wait for completion
|
||||
void iommu_submit_cmd(shellcode_kernel_args *args_ptr, uint64_t *cmd);
|
||||
void iommu_submit_cmd(volatile shellcode_kernel_args *args_ptr, uint64_t *cmd);
|
||||
// Write 8 bytes to a physical address using IOMMU completion wait store
|
||||
void iommu_write8_pa(shellcode_kernel_args *args_ptr, uint64_t pa,
|
||||
void iommu_write8_pa(volatile shellcode_kernel_args *args_ptr, uint64_t pa,
|
||||
uint64_t val);
|
||||
|
||||
void patch_vmcb(shellcode_kernel_args *args_ptr);
|
||||
void patch_vmcb(volatile shellcode_kernel_args *args_ptr);
|
||||
|
||||
#define NULL (void *)0
|
||||
void vmmcall_dummy(void);
|
||||
void halt(void);
|
||||
void init_global_pointers(volatile shellcode_kernel_args *args_ptr);
|
||||
|
||||
#endif
|
||||
@@ -60,8 +60,8 @@ uint64_t va_to_pa_custom(uint64_t va, uint64_t cr3_custom) {
|
||||
|
||||
__attribute__((noinline, optimize("O0"))) uint32_t putc_uart(uint64_t dmap,
|
||||
uint8_t tx_byte) {
|
||||
volatile uint32_t *uart_tx = dmap + 0xc1010104ULL;
|
||||
volatile uint32_t *uart_busy = dmap + 0xc101010cULL;
|
||||
volatile uint32_t *uart_tx = (uint32_t *) (dmap + 0xc1010104ULL);
|
||||
volatile uint32_t *uart_busy = (uint32_t *) (dmap + 0xc101010cULL);
|
||||
uint64_t timeout = 0xFFFFFFFF;
|
||||
do {
|
||||
timeout--;
|
||||
|
||||
Reference in New Issue
Block a user