yuanzhe1999/ps5-linux-loader
1
0
Fork 0
mirror of https://github.com/ps5-linux/ps5-linux-loader.git synced 2026-05-14 02:31:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Format code.

Browse Source
This commit is contained in:
Andy Nguyen
2026-05-12 23:01:40 +02:00
parent 4b5fc13e80
commit f87828b554
39 changed files with 3121 additions and 3127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
include/config.h
View File

@@ -1,34 +1,34 @@
#ifndef CONFIG_H
#define CONFIG_H
#define PAGE_SIZE 0x4000ULL
// This is used to allocate resources for HV shellcode and Linux boot
#define cave 0x100000000ULL
#define cave_hv_paging cave
#define cave_hv_code \
cave_hv_paging + 0x3000ULL // Leave space for 3 pages but we only use 2 for
// 1GB 1:1 mapping
#define cave_linux_files cave_hv_code + 0x2000ULL
#define cave_linux_info cave_linux_files
#define cave_bzImage cave_linux_info + PAGE_SIZE
// #define cave_initrd // Allocated dynamically after bzImage
#define hv_base_rsp (cave + 0x10000000ULL)
#define hv_stack_size 0x1000ULL
// This is used as transitional storage from ProsperoOS to Kernel shellcode
#define kernel_cave_files 0xFFFF800000000000
#define kernel_cave_linux_info kernel_cave_files
#define kernel_cave_bzImage kernel_cave_linux_info + PAGE_SIZE
// #define kernel_cave_initrd // Allocated dynamically after bzImage
// Linux boot config
#define VRAM_SIZE (512ULL * 1024 * 1024)
#define CMD_LINE \
"root=/dev/sda2 rw rootwait console=ttyTitania0 console=tty0 " \
"video=DP-1:1920x1080@60 mitigations=off idle=halt pci=pcie_bus_perf"
#define DEBUG 0 // Toggle to 0 to disable logs
#endif
#ifndef CONFIG_H
#define CONFIG_H
#define PAGE_SIZE 0x4000ULL
// This is used to allocate resources for HV shellcode and Linux boot
#define cave 0x100000000ULL
#define cave_hv_paging cave
#define cave_hv_code \
cave_hv_paging + 0x3000ULL // Leave space for 3 pages but we only use 2 for
// 1GB 1:1 mapping
#define cave_linux_files cave_hv_code + 0x2000ULL
#define cave_linux_info cave_linux_files
#define cave_bzImage cave_linux_info + PAGE_SIZE
// #define cave_initrd // Allocated dynamically after bzImage
#define hv_base_rsp (cave + 0x10000000ULL)
#define hv_stack_size 0x1000ULL
// This is used as transitional storage from ProsperoOS to Kernel shellcode
#define kernel_cave_files 0xFFFF800000000000
#define kernel_cave_linux_info kernel_cave_files
#define kernel_cave_bzImage kernel_cave_linux_info + PAGE_SIZE
// #define kernel_cave_initrd // Allocated dynamically after bzImage
// Linux boot config
#define VRAM_SIZE (512ULL * 1024 * 1024)
#define CMD_LINE \
"root=/dev/sda2 rw rootwait console=ttyTitania0 console=tty0 " \
"video=DP-1:1920x1080@60 mitigations=off idle=halt pci=pcie_bus_perf"
#define DEBUG 0 // Toggle to 0 to disable logs
#endif

140
include/gpu.h
View File

@@ -1,70 +1,70 @@
/*** Source: ps5-hen by cragson ***/
#ifndef GPU_H
#define GPU_H
#include <stdint.h>
#define GPU_PDE_VALID_BIT 0
#define GPU_PDE_IS_PTE_BIT 54
#define GPU_PDE_TF_BIT 56
#define GPU_PDE_BLOCK_FRAG_BIT 59
#define GPU_PDE_ADDR_MASK 0x0000FFFFFFFFFFC0ULL
#define PROT_GPU_READ 0x10
#define PROT_GPU_WRITE 0x20
#define MAP_NO_COALESCE 0x00400000
#define GPU_SUBMIT_IOCTL 0xC0108102
#define PM4_TYPE3 3
#define PM4_SHADER_COMPUTE 1
#define PM4_OPCODE_DMA_DATA 0x50
#define PM4_OPCODE_INDIRECT_BUF 0x3F
struct gpu_kernel_offsets {
uint64_t proc_vmspace; // proc->p_vmspace offset
uint64_t vmspace_vm_vmid; // vmspace->vm_vmid offset
uint64_t data_base_gvmspace; // offset from kernel data base to gvmspace array
uint64_t sizeof_gvmspace; // size of each gvmspace entry
uint64_t gvmspace_page_dir_va; // gvmspace->page_dir_va offset (GPU PDB2)
uint64_t gvmspace_size; // gvmspace->size offset
uint64_t gvmspace_start_va; // gvmspace->start_va offset
};
struct gpu_ctx {
int fd; // /dev/gc file descriptor
int initialized; // 1 if gpu_init() succeeded
uint64_t victim_va; // CPU VA of victim buffer (GPU PTE remapped)
uint64_t transfer_va; // CPU VA of transfer/staging buffer
uint64_t cmd_va; // CPU VA of PM4 command buffer
uint64_t victim_real_pa; // original physical address of victim buffer
uint64_t victim_ptbe_va; // kernel VA of the GPU PTE for victim buffer
uint64_t cleared_ptbe; // GPU PTE with physical address cleared (template)
uint64_t page_size; // GPU page size for victim allocation (should be 2MB)
uint64_t dmem_size; // allocation size (2MB)
};
void gpu_set_offsets(struct gpu_kernel_offsets *offsets);
int gpu_init(void);
int gpu_init_internal(void);
int gpu_test(void);
int gpu_read_phys(uint64_t phys_addr, void *out_buf, uint32_t size);
uint8_t gpu_read_phys1(uint64_t phys_addr);
uint32_t gpu_read_phys4(uint64_t phys_addr);
uint64_t gpu_read_phys8(uint64_t phys_addr);
int gpu_write_phys(uint64_t phys_addr, const void *in_buf, uint32_t size);
void gpu_write_phys4(uint64_t phys_addr, uint32_t value);
void gpu_write_phys8(uint64_t phys_addr, uint64_t value);
void gpu_cleanup(void);
struct gpu_ctx *gpu_get_ctx(void);
#endif
/*** Source: ps5-hen by cragson ***/
#ifndef GPU_H
#define GPU_H
#include <stdint.h>
#define GPU_PDE_VALID_BIT 0
#define GPU_PDE_IS_PTE_BIT 54
#define GPU_PDE_TF_BIT 56
#define GPU_PDE_BLOCK_FRAG_BIT 59
#define GPU_PDE_ADDR_MASK 0x0000FFFFFFFFFFC0ULL
#define PROT_GPU_READ 0x10
#define PROT_GPU_WRITE 0x20
#define MAP_NO_COALESCE 0x00400000
#define GPU_SUBMIT_IOCTL 0xC0108102
#define PM4_TYPE3 3
#define PM4_SHADER_COMPUTE 1
#define PM4_OPCODE_DMA_DATA 0x50
#define PM4_OPCODE_INDIRECT_BUF 0x3F
struct gpu_kernel_offsets {
uint64_t proc_vmspace; // proc->p_vmspace offset
uint64_t vmspace_vm_vmid; // vmspace->vm_vmid offset
uint64_t data_base_gvmspace; // offset from kernel data base to gvmspace array
uint64_t sizeof_gvmspace; // size of each gvmspace entry
uint64_t gvmspace_page_dir_va; // gvmspace->page_dir_va offset (GPU PDB2)
uint64_t gvmspace_size; // gvmspace->size offset
uint64_t gvmspace_start_va; // gvmspace->start_va offset
};
struct gpu_ctx {
int fd; // /dev/gc file descriptor
int initialized; // 1 if gpu_init() succeeded
uint64_t victim_va; // CPU VA of victim buffer (GPU PTE remapped)
uint64_t transfer_va; // CPU VA of transfer/staging buffer
uint64_t cmd_va; // CPU VA of PM4 command buffer
uint64_t victim_real_pa; // original physical address of victim buffer
uint64_t victim_ptbe_va; // kernel VA of the GPU PTE for victim buffer
uint64_t cleared_ptbe; // GPU PTE with physical address cleared (template)
uint64_t page_size; // GPU page size for victim allocation (should be 2MB)
uint64_t dmem_size; // allocation size (2MB)
};
void gpu_set_offsets(struct gpu_kernel_offsets *offsets);
int gpu_init(void);
int gpu_init_internal(void);
int gpu_test(void);
int gpu_read_phys(uint64_t phys_addr, void *out_buf, uint32_t size);
uint8_t gpu_read_phys1(uint64_t phys_addr);
uint32_t gpu_read_phys4(uint64_t phys_addr);
uint64_t gpu_read_phys8(uint64_t phys_addr);
int gpu_write_phys(uint64_t phys_addr, const void *in_buf, uint32_t size);
void gpu_write_phys4(uint64_t phys_addr, uint32_t value);
void gpu_write_phys8(uint64_t phys_addr, uint64_t value);
void gpu_cleanup(void);
struct gpu_ctx *gpu_get_ctx(void);
#endif

38
include/hv_defeat.h
View File

@@ -1,19 +1,19 @@
#ifndef HV_DEFEAT_H
#define HV_DEFEAT_H
#include "iommu.h"
#include <stdint.h>
int hv_defeat(void);
int stage1_tmr_relax(void);
int stage2_find_vmcbs(void);
uint64_t get_vmcb(int core);
int iommu_selftest(void);
int stage3_patch_vmcbs(void);
int stage4_force_vmcb_reload(void);
int stage5_remove_xotext(void);
int stage6_kernel_pmap_invalidate_all(void);
int stage7_install_kexec(void);
int kexec(uint64_t fptr);
#endif
#ifndef HV_DEFEAT_H
#define HV_DEFEAT_H
#include "iommu.h"
#include <stdint.h>
int hv_defeat(void);
int stage1_tmr_relax(void);
int stage2_find_vmcbs(void);
uint64_t get_vmcb(int core);
int iommu_selftest(void);
int stage3_patch_vmcbs(void);
int stage4_force_vmcb_reload(void);
int stage5_remove_xotext(void);
int stage6_kernel_pmap_invalidate_all(void);
int stage7_install_kexec(void);
int kexec(uint64_t fptr);
#endif

92
include/iommu.h
View File

@@ -1,46 +1,46 @@
/*** Source: ps5-hen by cragson ***/
#ifndef IOMMU_H
#define IOMMU_H
#include <stdint.h>
// Command buffer MMIO offsets
#define IOMMU_MMIO_CB_HEAD 0xa000
#define IOMMU_MMIO_CB_TAIL 0xa008
// Queue constants
#define IOMMU_CB_SIZE 0x2000
#define IOMMU_CB_MASK (IOMMU_CB_SIZE - 1)
#define IOMMU_CMD_ENTRY_SIZE 0x10
// IOMMU softc field offsets
#define IOMMU_SC_MMIO_VA 0x40
#define IOMMU_SC_CB2_PTR 0x78
#define IOMMU_SC_CB3_PTR 0x80
#define IOMMU_SC_EB_PTR 0x60b90
typedef struct _iommu_ctx {
uint64_t cb2_base; // kernel VA of command buffer 2 (hv terminology)
uint64_t cb3_base; // kernel VA of command buffer 3 (hv terminology)
uint64_t eb_base; // kernel VA of event buffer
uint64_t mmio_va; // DMAP VA of IOMMU MMIO base
} iommu_ctx;
extern iommu_ctx iommu_store;
extern iommu_ctx *iommu;
int iommu_init(void);
// Submit a single 16-byte command and wait for completion
void iommu_submit_cmd(const void *cmd);
// Write 8 bytes to a physical address using IOMMU completion wait store
void iommu_write8_pa(uint64_t pa, uint64_t val);
// Write 4 bytes to a physical address
void iommu_write4_pa(uint64_t pa, uint32_t val);
// Write arbitrary length to a physical address in 8-byte chunks
void iommu_write_pa(uint64_t pa, const void *data, uint32_t len);
#endif
/*** Source: ps5-hen by cragson ***/
#ifndef IOMMU_H
#define IOMMU_H
#include <stdint.h>
// Command buffer MMIO offsets
#define IOMMU_MMIO_CB_HEAD 0xa000
#define IOMMU_MMIO_CB_TAIL 0xa008
// Queue constants
#define IOMMU_CB_SIZE 0x2000
#define IOMMU_CB_MASK (IOMMU_CB_SIZE - 1)
#define IOMMU_CMD_ENTRY_SIZE 0x10
// IOMMU softc field offsets
#define IOMMU_SC_MMIO_VA 0x40
#define IOMMU_SC_CB2_PTR 0x78
#define IOMMU_SC_CB3_PTR 0x80
#define IOMMU_SC_EB_PTR 0x60b90
typedef struct _iommu_ctx {
uint64_t cb2_base; // kernel VA of command buffer 2 (hv terminology)
uint64_t cb3_base; // kernel VA of command buffer 3 (hv terminology)
uint64_t eb_base; // kernel VA of event buffer
uint64_t mmio_va; // DMAP VA of IOMMU MMIO base
} iommu_ctx;
extern iommu_ctx iommu_store;
extern iommu_ctx *iommu;
int iommu_init(void);
// Submit a single 16-byte command and wait for completion
void iommu_submit_cmd(const void *cmd);
// Write 8 bytes to a physical address using IOMMU completion wait store
void iommu_write8_pa(uint64_t pa, uint64_t val);
// Write 4 bytes to a physical address
void iommu_write4_pa(uint64_t pa, uint32_t val);
// Write arbitrary length to a physical address in 8-byte chunks
void iommu_write_pa(uint64_t pa, const void *data, uint32_t len);
#endif

19
include/loader.h
View File

@@ -1,10 +1,9 @@
#include "utils.h"
#include <stdint.h>
uint64_t alloc_page(void);
void install_page(uintptr_t pml4, vm_offset_t va, vm_paddr_t pa,
int bits);
void pte_store(uintptr_t ptep, uint64_t pte);
int read_file(const char *path, void *buf, size_t bufsize);
void trim_newline(char *s);
int fetch_linux(struct linux_info *info);
#include "utils.h"
#include <stdint.h>
uint64_t alloc_page(void);
void install_page(uintptr_t pml4, vm_offset_t va, vm_paddr_t pa, int bits);
void pte_store(uintptr_t ptep, uint64_t pte);
int read_file(const char *path, void *buf, size_t bufsize);
void trim_newline(char *s);
int fetch_linux(struct linux_info *info);

16
include/main.h
View File

@@ -1,8 +1,8 @@
#ifndef MAIN_H
#define MAIN_H
int main(void);
int setup_env(void);
int prepare_resume(void);
#endif
#ifndef MAIN_H
#define MAIN_H
int main(void);
int setup_env(void);
int prepare_resume(void);
#endif

104
include/offsets.h
View File

@@ -1,52 +1,52 @@
#ifndef OFFSETS_H
#define OFFSETS_H
#include <stdint.h>
typedef struct _offset_list {
uint64_t PMAP_STORE;
uint64_t HV_VCPU; // Needed for 1.xx and 2.xx
uint64_t HV_VCPU_CPUID; // Needed for 1.xx and 2.xx
uint64_t HV_VCPU_ARRAY_OFF; // Needed for 1.xx and 2.xx
uint64_t HV_VCPU_STRIDE; // Needed for 1.xx and 2.xx
uint64_t HV_VCPU_VMCB_PTR; // Needed for 1.xx and 2.xx
uint64_t KERNEL_CODE_CAVE;
uint64_t KERNEL_DATA_CAVE;
uint64_t IOMMU_SOFTC;
uint64_t VMSPACE_VM_VMID;
uint64_t VMSPACE_VM_PMAP;
uint64_t PMAP_PM_PML4;
uint64_t PMAP_PM_CR3;
uint64_t DATA_BASE_GVMSPACE;
uint64_t HOOK_ACPI_WAKEUP_MACHDEP;
uint64_t FUN_PRINTF;
uint64_t FUN_VA_TO_PA;
uint64_t FUN_HV_IOMMU_SET_BUFFERS;
uint64_t FUN_HV_IOMM_WAIT_COMPLETION;
uint64_t FUN_SMP_RENDEZVOUS;
uint64_t FUN_SMP_NO_RENDEVOUS_BARRIER;
uint64_t HV_HANDLE_VMEXIT_PA;
uint64_t HV_CODE_CAVE_PA;
uint64_t HV_UART_OVERRIDE_PA;
uint64_t G_VBIOS;
uint64_t FUN_TRANSMITTER_CONTROL;
uint64_t FUN_MP3_INITIALIZE;
uint64_t FUN_MP3_INVOKE;
uint64_t KERNEL_UART_OVERRIDE;
uint64_t KERNEL_DEBUG_PATCH;
uint64_t KERNEL_CFI_CHECK;
uint64_t PS5_WIFI_FW_OFFSET;
uint64_t PS5_WIFI_FW_SIZE;
} offset_list;
extern offset_list off_0300;
extern offset_list off_0310;
extern offset_list off_0320;
extern offset_list off_0321;
extern offset_list off_0400;
extern offset_list off_0402;
extern offset_list off_0403;
extern offset_list off_0450;
extern offset_list off_0451;
#endif
#ifndef OFFSETS_H
#define OFFSETS_H
#include <stdint.h>
typedef struct _offset_list {
uint64_t PMAP_STORE;
uint64_t HV_VCPU; // Needed for 1.xx and 2.xx
uint64_t HV_VCPU_CPUID; // Needed for 1.xx and 2.xx
uint64_t HV_VCPU_ARRAY_OFF; // Needed for 1.xx and 2.xx
uint64_t HV_VCPU_STRIDE; // Needed for 1.xx and 2.xx
uint64_t HV_VCPU_VMCB_PTR; // Needed for 1.xx and 2.xx
uint64_t KERNEL_CODE_CAVE;
uint64_t KERNEL_DATA_CAVE;
uint64_t IOMMU_SOFTC;
uint64_t VMSPACE_VM_VMID;
uint64_t VMSPACE_VM_PMAP;
uint64_t PMAP_PM_PML4;
uint64_t PMAP_PM_CR3;
uint64_t DATA_BASE_GVMSPACE;
uint64_t HOOK_ACPI_WAKEUP_MACHDEP;
uint64_t FUN_PRINTF;
uint64_t FUN_VA_TO_PA;
uint64_t FUN_HV_IOMMU_SET_BUFFERS;
uint64_t FUN_HV_IOMM_WAIT_COMPLETION;
uint64_t FUN_SMP_RENDEZVOUS;
uint64_t FUN_SMP_NO_RENDEVOUS_BARRIER;
uint64_t HV_HANDLE_VMEXIT_PA;
uint64_t HV_CODE_CAVE_PA;
uint64_t HV_UART_OVERRIDE_PA;
uint64_t G_VBIOS;
uint64_t FUN_TRANSMITTER_CONTROL;
uint64_t FUN_MP3_INITIALIZE;
uint64_t FUN_MP3_INVOKE;
uint64_t KERNEL_UART_OVERRIDE;
uint64_t KERNEL_DEBUG_PATCH;
uint64_t KERNEL_CFI_CHECK;
uint64_t PS5_WIFI_FW_OFFSET;
uint64_t PS5_WIFI_FW_SIZE;
} offset_list;
extern offset_list off_0300;
extern offset_list off_0310;
extern offset_list off_0320;
extern offset_list off_0321;
extern offset_list off_0400;
extern offset_list off_0402;
extern offset_list off_0403;
extern offset_list off_0450;
extern offset_list off_0451;
#endif

38
include/tmr.h
View File

@@ -1,19 +1,19 @@
#ifndef TMR_H
#define TMR_H
#include <stdint.h>
#define ECAM_B0D18F2 dmap + (0xF0000000ULL + 0x18ULL * 0x8000 + 2 * 0x1000)
#define TMR_INDEX_OFF 0x80
#define TMR_DATA_OFF 0x84
#define TMR_BASE(n) ((n) * 0x10 + 0x00)
#define TMR_LIMIT(n) ((n) * 0x10 + 0x04)
#define TMR_CONFIG(n) ((n) * 0x10 + 0x08)
#define TMR_REQUESTORS(n) ((n) * 0x10 + 0x0C)
#define TMR_CFG_PERMISSIVE 0x3F07
uint32_t tmr_read(uint32_t addr);
void tmr_write(uint32_t addr, uint32_t val);
#endif
#ifndef TMR_H
#define TMR_H
#include <stdint.h>
#define ECAM_B0D18F2 dmap + (0xF0000000ULL + 0x18ULL * 0x8000 + 2 * 0x1000)
#define TMR_INDEX_OFF 0x80
#define TMR_DATA_OFF 0x84
#define TMR_BASE(n) ((n) * 0x10 + 0x00)
#define TMR_LIMIT(n) ((n) * 0x10 + 0x04)
#define TMR_CONFIG(n) ((n) * 0x10 + 0x08)
#define TMR_REQUESTORS(n) ((n) * 0x10 + 0x0C)
#define TMR_CFG_PERMISSIVE 0x3F07
uint32_t tmr_read(uint32_t addr);
void tmr_write(uint32_t addr, uint32_t val);
#endif

341
include/utils.h
View File

@@ -1,173 +1,168 @@
#ifndef UTILS_H
#define UTILS_H
#include "offsets.h"
#include <ps5/kernel.h>
#include <stdarg.h>
#include <stdint.h>
#include <string.h>
int sceKernelGetCurrentCpu();
int sceKernelSendNotificationRequest(int, void *, size_t, int);
int sceKernelOpenEventFlag(void*, const char *);
int sceKernelNotifySystemSuspendStart(void);
int sceKernelSetEventFlag(void *, int);
int sceKernelCloseEventFlag(void*);
typedef struct _sysent {
uint32_t n_arg;
uint32_t pad;
uint64_t sy_call;
uint64_t sy_auevent;
uint64_t sy_systrace_args;
uint32_t sy_entry;
uint32_t sy_return;
uint32_t sy_flags;
uint32_t sy_thrcnt;
} sysent;
typedef struct __flat_pmap {
uint64_t mtx_name_ptr;
uint64_t mtx_flags;
uint64_t mtx_data;
uint64_t mtx_lock;
uint64_t pm_pml4;
uint64_t pm_cr3;
} flat_pmap;
struct linux_info {
uintptr_t bzimage;
size_t bzimage_size;
uintptr_t initrd;
size_t initrd_size;
size_t vram_size;
char cmdline[2048];
int kit_type;
uintptr_t linux_info; // PA of linux_info
};
/** These vars are global for the payload to simplify things */
extern offset_list env_offset; // Defined on utils.c
extern uint64_t ktext; // Defined on utils.c
extern uint64_t kdata; // Defined on utils.c
extern uint64_t dmap; // Defined on utils.c
extern uint64_t cr3; // Defined on utils.c
extern uint32_t fw; // Defined on utils.c
extern uint64_t vmcb_pa[16]; // Defined on hv_defeat.c
extern struct linux_info linux_i; // Declared on main.c
static inline void kwrite(uint64_t ka, void *src, uint64_t len) {
kernel_copyin(src, ka, len);
}
static inline void kwrite64(uint64_t dst, uint64_t val) {
kernel_copyin(&val, dst, 8);
}
static inline void kwrite32(uint64_t dst, uint32_t val) {
kernel_copyin(&val, dst, 4);
}
static inline void kwrite8(uint64_t dst, uint8_t val) {
kernel_copyin(&val, dst, 1);
}
static inline void kread(uint64_t ka, void *dst, uint64_t len) {
kernel_copyout(ka, dst, len);
}
static inline uint64_t kread64(uint64_t src) {
uint64_t val;
kernel_copyout(src, &val, 8);
return val;
}
static inline uint32_t kread32(uint64_t src) {
uint32_t val;
kernel_copyout(src, &val, 4);
return val;
}
static inline uint8_t kread8(uint64_t src) {
uint8_t val;
kernel_copyout(src, &val, 1);
return val;
}
int set_offsets(void);
int init_global_vars(void);
uint64_t get_offset_va(uint64_t offset);
// Defines for Page management
#define ALIGN_UP(size, align) (((size) + (align) - 1) & ~((align) - 1))
#define INKERNEL(va) (va & 0xFFFF000000000000)
enum page_bits {
P = 0,
RW,
US,
PWT,
PCD,
A,
D,
PS,
G,
XO = 58,
PK = 59,
NX = 63
};
#define PG_B_P (1ULL << P)
#define PG_B_RW (1ULL << RW)
#define PAGE_P(x) (x & (1ULL << P))
#define PAGE_RW(x) (x & (1ULL << RW))
#define PAGE_PS(x) (x & (1ULL << PS))
#define PAGE_XO(x) (x & (1ULL << XO))
#define PAGE_CLEAR_XO(x) (x &= ~(1ULL << XO))
#define PAGE_CLEAR_G(x) (x &= ~(1ULL << G))
#define PAGE_SET_RW(x) (x |= (1ULL << RW))
#define PAGE_PA(x) (x & 0x000FFFFFFFFFF000ULL)
#define P_SIZE(l) ((l == 1) ? (1ULL << 30) : (1ULL << 21))
#define pmap_pml4e_index(va) ((va >> 39) & 0x1FF)
#define pmap_pdpe_index(va) ((va >> 30) & 0x1FF)
#define pmap_pde_index(va) ((va >> 21) & 0x1FF)
#define pmap_pte_index(va) ((va >> 12) & 0x1FF)
uint64_t va_to_pa_user(uint64_t va);
uint64_t va_to_pa_kernel(uint64_t va);
uint64_t va_to_pa_custom(uint64_t va, uint64_t cr3_custom);
uint64_t pa_to_dmap(uint64_t pa);
void page_chain_set_rw(uint64_t va);
uint64_t page_remove_global(uint64_t va);
uint64_t getpmap(uint64_t proc_ptr);
uint64_t get_pml4(uint64_t pmap);
int pin_to_core(int n);
int pin_to_first_available_core(void);
void unpin(void);
void notify(const char *fmt, ...);
void notify_internal(uint8_t *msg);
void enter_rest_mode(void);
#if DEBUG
#define DEBUG_PRINT(fmt, ...) printf(fmt, ##__VA_ARGS__)
#else
#define DEBUG_PRINT(fmt, ...)
#endif
bool if_exists(const char* path);
bool sceKernelIsTestKit(void);
bool sceKernelIsDevKit(void);
enum kit_type {
KIT_RETAIL,
KIT_TESTKIT,
KIT_DEVKIT
};
enum kit_type get_kit_type(void);
#endif
#ifndef UTILS_H
#define UTILS_H
#include "offsets.h"
#include <ps5/kernel.h>
#include <stdarg.h>
#include <stdint.h>
#include <string.h>
int sceKernelGetCurrentCpu();
int sceKernelSendNotificationRequest(int, void *, size_t, int);
int sceKernelOpenEventFlag(void *, const char *);
int sceKernelNotifySystemSuspendStart(void);
int sceKernelSetEventFlag(void *, int);
int sceKernelCloseEventFlag(void *);
typedef struct _sysent {
uint32_t n_arg;
uint32_t pad;
uint64_t sy_call;
uint64_t sy_auevent;
uint64_t sy_systrace_args;
uint32_t sy_entry;
uint32_t sy_return;
uint32_t sy_flags;
uint32_t sy_thrcnt;
} sysent;
typedef struct __flat_pmap {
uint64_t mtx_name_ptr;
uint64_t mtx_flags;
uint64_t mtx_data;
uint64_t mtx_lock;
uint64_t pm_pml4;
uint64_t pm_cr3;
} flat_pmap;
struct linux_info {
uintptr_t bzimage;
size_t bzimage_size;
uintptr_t initrd;
size_t initrd_size;
size_t vram_size;
char cmdline[2048];
int kit_type;
uintptr_t linux_info; // PA of linux_info
};
/** These vars are global for the payload to simplify things */
extern offset_list env_offset; // Defined on utils.c
extern uint64_t ktext; // Defined on utils.c
extern uint64_t kdata; // Defined on utils.c
extern uint64_t dmap; // Defined on utils.c
extern uint64_t cr3; // Defined on utils.c
extern uint32_t fw; // Defined on utils.c
extern uint64_t vmcb_pa[16]; // Defined on hv_defeat.c
extern struct linux_info linux_i; // Declared on main.c
static inline void kwrite(uint64_t ka, void *src, uint64_t len) {
kernel_copyin(src, ka, len);
}
static inline void kwrite64(uint64_t dst, uint64_t val) {
kernel_copyin(&val, dst, 8);
}
static inline void kwrite32(uint64_t dst, uint32_t val) {
kernel_copyin(&val, dst, 4);
}
static inline void kwrite8(uint64_t dst, uint8_t val) {
kernel_copyin(&val, dst, 1);
}
static inline void kread(uint64_t ka, void *dst, uint64_t len) {
kernel_copyout(ka, dst, len);
}
static inline uint64_t kread64(uint64_t src) {
uint64_t val;
kernel_copyout(src, &val, 8);
return val;
}
static inline uint32_t kread32(uint64_t src) {
uint32_t val;
kernel_copyout(src, &val, 4);
return val;
}
static inline uint8_t kread8(uint64_t src) {
uint8_t val;
kernel_copyout(src, &val, 1);
return val;
}
int set_offsets(void);
int init_global_vars(void);
uint64_t get_offset_va(uint64_t offset);
// Defines for Page management
#define ALIGN_UP(size, align) (((size) + (align) - 1) & ~((align) - 1))
#define INKERNEL(va) (va & 0xFFFF000000000000)
enum page_bits {
P = 0,
RW,
US,
PWT,
PCD,
A,
D,
PS,
G,
XO = 58,
PK = 59,
NX = 63
};
#define PG_B_P (1ULL << P)
#define PG_B_RW (1ULL << RW)
#define PAGE_P(x) (x & (1ULL << P))
#define PAGE_RW(x) (x & (1ULL << RW))
#define PAGE_PS(x) (x & (1ULL << PS))
#define PAGE_XO(x) (x & (1ULL << XO))
#define PAGE_CLEAR_XO(x) (x &= ~(1ULL << XO))
#define PAGE_CLEAR_G(x) (x &= ~(1ULL << G))
#define PAGE_SET_RW(x) (x |= (1ULL << RW))
#define PAGE_PA(x) (x & 0x000FFFFFFFFFF000ULL)
#define P_SIZE(l) ((l == 1) ? (1ULL << 30) : (1ULL << 21))
#define pmap_pml4e_index(va) ((va >> 39) & 0x1FF)
#define pmap_pdpe_index(va) ((va >> 30) & 0x1FF)
#define pmap_pde_index(va) ((va >> 21) & 0x1FF)
#define pmap_pte_index(va) ((va >> 12) & 0x1FF)
uint64_t va_to_pa_user(uint64_t va);
uint64_t va_to_pa_kernel(uint64_t va);
uint64_t va_to_pa_custom(uint64_t va, uint64_t cr3_custom);
uint64_t pa_to_dmap(uint64_t pa);
void page_chain_set_rw(uint64_t va);
uint64_t page_remove_global(uint64_t va);
uint64_t getpmap(uint64_t proc_ptr);
uint64_t get_pml4(uint64_t pmap);
int pin_to_core(int n);
int pin_to_first_available_core(void);
void unpin(void);
void notify(const char *fmt, ...);
void notify_internal(uint8_t *msg);
void enter_rest_mode(void);
#if DEBUG
#define DEBUG_PRINT(fmt, ...) printf(fmt, ##__VA_ARGS__)
#else
#define DEBUG_PRINT(fmt, ...)
#endif
bool if_exists(const char *path);
bool sceKernelIsTestKit(void);
bool sceKernelIsDevKit(void);
enum kit_type { KIT_RETAIL, KIT_TESTKIT, KIT_DEVKIT };
enum kit_type get_kit_type(void);
#endif