SceVeneziaImage: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
m (→‎RPC calls: Fix id marked as int instead of unsigned)
No edit summary
 
Line 161: Line 161:
| 0x1252DE || <code>__nesf2</code>
| 0x1252DE || <code>__nesf2</code>
|}
|}
[[Category:ARM]]
[[Category:Kernel]]
[[Category:Modules]]

Latest revision as of 21:40, 1 May 2023

The VENEZIA binary image module.

Module

This module doesn't contain any ARM code; instead, it holds the image for execution on the VENEZIA coprocessor.

The module doesn't import from any library, and doesn't export any library.

Module layout description
Segment Description
.text Module metadata (SceModuleInfo, etc)
.data VENEZIA image

The VENEZIA image is an executable binary for the MeP architecture. The binary is copied to physical address 0x40800000 by SceSblFwLoader (mapped at vaddr 0x28200000).

On the VENEZIA MeP cores, the image is visible at address 0x800000 (i.e. the binary's base address is 0x800000).

Image

General information

The image contains MeP code for SceNgs, SceAudioDec, JPEG encoder, decoder and CSC.

The MP3 decoder used is SoCrates MP3 Decoder FIXED-1-16.

The AAC decoder used is Toshiba Enhanced MPEG-4 ADTS & RAW AACPLUS LC Decoder (Fixed Point) 0-04.

All offsets in the following sections are relative to the start of the image, for vnzimg.skprx from firmware ???.

More information is available in the VVNZRunner GitHub repository.

RPC calls

MeP code parses RPC calls from ARM (issued with sceVeneziaRpcCallGenericThunk() in a function at 0x11482. It maps RPC call ID to a function with the following code:

void* get_function_by_id(unsigned int id) {
    if (id >= 0x200)
        return NULL;
    return FUNCTABLE[id];
}

FUNCTABLE is located at 0xEADD0 and cointains pointers to other functions. An example of such a function is <code>vnsJpegEncoderEncode</code> located at 0x1F988.

VENEZIA memory model

Venezia works with memory by using physical addresses directly However since Venezia supports threading it includes memory mapping model to prevent race conditions This model is described in detail in the US20120324167A1 patent.

PRIVATE state

In this state, only a task that has changed a memory region to this state is permitted to perform a read/write access by the L1C/L2C. This access is achieved by accessing a virtual address that is mapped in a physical memory by the L1 CFL2C.

PROTECTED state

In this state, one or more tasks that belong to the same process and that have requested a transition to this state are permitted to perform a read access by the L1C/L2C. A task is not permitted to perform a write access to a memory region in this state.

PUBLIC state

In this state, tasks of which mapping set by the ATU is the same, that is, tasks that belong to the same process, share data. However, a task cannot directly access a memory region in this state. Only tasks that belong to the same process are permitted to access, after changing a memory in this state to the PRIVATE state or the PROTECTED state

UNMANAGED state

This state is a state that is not managed by the kernel. That is, this is a portion excluding the kernel management region out of memory regions that the memory has. Because the kernel does not manage consistency of caches in a memory region in this state, a task must hold consistency of the caches by taking responsibility, when a task uses this memory region.

Any memory must be switched to at least PUBLIC state to ensure cache coherence.

Functions

The VENEZIA image includes the following functions:

Toshiba functions

Those functions are described in the US20120324167A1 patent.

Offset Function
0x11A30 enter_memory_access_protocol
0x11ADC leave_memory_access_protocol
0x11E02 open_private_memory
0x11D34 open_protected_memory
0x11C4E open_public_memory
0x11E76 close_private_memory
0x11DA8 close_protected_memory
0x11CBC close_public_memory

Sony functions

These functions are wrappers for the Toshiba functions, written by SCE.

See vnz/memory.h.

VENEZIA threads

VENEZIA can run up to 7 threads in parallel (one on each core). Threads are assigned to cores automatically and have a priority system.

See vnz/vthread.h.

Generic functions

Offset Function
C stdlib
0x124F28 memset
0x124F3C abs
0x124F48 memcpy
0x124F60 memmove
softfp functions
0x124F90 __mulsf3
0x125268 __divsf3
0x125324 __eqsf2
0x125686 __fixsfsi
0x1256DC __floatsisf
0x1253F0 __gesf2
0x12536A __gtsf2
0x1254FC __lesf2
0x125476 __ltsf2
0x1252DE __nesf2