Difference between revisions of "Sm modules"
|(One intermediate revision by the same user not shown)|
Latest revision as of 21:57, 6 January 2019
sm common code
sm modules are loaded to 0x80B000, then code from that addr is executed.
There is a lot of common code shared between sm: entry, cmd handler, cmd setup, etc
This is the first code executed in sm. It's located at 0x80B000. It does the following:
- Get random value (stack cookie?)
- syscall 1: Unload
- while(1) sleep()
These just call function pointers, basically libc_init_array.
It has a memory pool allocated on stack. It's filled with structures for command handlers. Then, it calls main_loop.
This uses syscall 4 (RegisterIrqHandler) to register a common handler for incoming commands (cmd_handler). Then it loops while sm is "active". Then it sets handler for commands = null pointer.
This is the common handler for all incoming commands. It reads paddr from 0xE0000014 and ANDs it with 1 to check validity. It checks that size is valid (>= 0x40 and < 0x1000), copies command buffer into private f00d memory and executes an appropriate command handler.
This is used by cmd_handler to check if the input address of command buffer is safe. The allowed address ranges are:
- Non-secure DRAM (starting at 0x40200000). Note: this is weird because if configuration (word at 0xE0062260) results in overflow, it does some crazy shit.