SceIofilemgr

SceIofilemgr is the primary interface for file IO. Read File Management for more information on file IO.

Module
This module exists in only in non-secure world. The SELF can be found in.

Libraries
This module is accessible by usermode.

Mount Points
This table is stored in data segment of SceIofilemgr as array of  elements.

When sceVfsMount is executed it finds vfs_add_data element by filesystem string and then selects appropriate mount scenario by devMinor and devMajor.


 * means random numeric string of length 13

Block Device Naming Rules
First level prefix


 * int
 * ext
 * gcd
 * mcd
 * uma
 * usd
 * xmc

Second level prefix


 * lp
 * pp

Third level prefix


 * ina
 * act
 * ign

Forth level prefix


 * unused
 * idstor
 * sloader
 * os
 * vsh
 * vshdata
 * vtrm
 * user
 * userext
 * gamero
 * gamerw
 * updater
 * sysdata
 * mediaid
 * pidata
 * entire

Partition Block Devices
Each partition has numeric alias (string) that looks like to be used to reference the partition.

Numeric names most likely follow order of partitions in MBR.

To access device node use  prefix (like  ).

In total there can be 16 aliases from 0 to 15 per physical device (eMMC, Game Card, Memory Card). Alias 16 is hardcoded and is called.

Aliases 0-15 correspond to eMMC.

Aliases 100-115 correspond to Game Card.

Aliases 200-215 correspond to Memory Card.

VFS Operations

 * implemented operation is marked as
 * not implemented is marked as
 * return 0 placeholder is marked as
 * return error is marked with corresponding error name

VFS Node Operations

 * implemented operation is marked as
 * not implemented is marked as
 * return 0 placeholder is marked as
 * return error is marked with corresponding error name

Typical io operation execution
This is a very brief desctiption for overall understanding of io  operations. Implementation of SceIofilemgr is quite solid and most of the functions are implemented in the same manner however there could be exceptions. When io operation like  is called here is what happens:
 * all user space arguments are copied to kernel space, usually onto the kernel stack. all user space uids are converted to kernel space uids
 * optionally control may be passed to wrapper function that also does conversion
 * then control is passed to kernel level function like
 * kernel level function spawns separate thread and passes all arguments in single structure
 * separate thread then unpacks all arguments, finds  and calls exported function like
 * exported function packs all arguments into single stucture and calls real callback since it has  with node operation table
 * callback routine should be located in generic device driver, like SceSdstor, SceExfatfs or ScePfsMgr. It unpacks the arguments and then does something.
 * need to figure out how call is dispatched to specific device driver. For example SceSdstor should be able to dispatch to SceSdif, SceWlanBt, SceMsif and SceUsbMass

sceAppMgrGameDataVfsMountForDriver
operation index 1 in

sceAppMgrVfsUmountForDriver
operation index 2 in

scePfsMgrVfsMountForDriver
operation index 3 in

scePfsMgrVfsUmountForDriver
operation index 4 in

sceIoDreadForDriver
Call interface is same as

sceIoWriteForDriver
Call interface is same as

sceIoDopenForDriver
Call interface is same as

sceIoLseekForDriver
Call interface is same as

sceIoOpenForDriver
Call interface is same as

sceIoChstatForDriver
Call interface is same as

sceIoGetstatForDriver
Call interface is same as

sceIoMkdirForDriver
Call interface is same as

sceIoReadForDriver
Call interface is same as

sceIoCloseForDriver
Call interface is same as

sceIoRenameForDriver
Call interface is same as

sceIoRemoveForDriver
Call interface is same as

sceIoCancelForDriver
Derived from

sceIoChstatAsyncForDriver
Derived from

sceIoChstatByFdAsyncForDriver
Derived from

sceIoChstatByFdForDriver
Derived from

sceIoCloseAsyncForDriver
Derived from

sceIoDevctlAsyncForDriver
Derived from

sceIoDevctlForDriver
Derived from

sceIoDcloseForDriver
Derived from

sceIoFlockForDriver
Derived from

sceIoGetstatByFdAsyncForDriver
Derived from

sceIoGetstatByFdForDriver
Derived from

sceIoGetstatAsyncForDriver
Derived from

sceIoIoctlAsyncForDriver
Derived from

sceIoIoctlForDriver
Derived from

sceIoLseekAsyncForDriver
Derived from

sceIoMkdirAsyncForDriver
Derived from

sceIoOpenAsyncForDriver
Derived from

sceIoPreadAsyncForDriver
Derived from

sceIoPreadForDriver
Derived from

sceIoPwriteAsyncForDriver
Derived from

sceIoPwriteForDriver
Derived from

sceIoReadAsyncForDriver
Derived from

sceIoRemoveAsyncForDriver
Derived from

sceIoRenameAsyncForDriver
Derived from

sceIoRmdirAsyncForDriver
Derived from

sceIoRmdirForDriver
Derived from

sceIoSyncByFdAsyncForDriver
Derived from

sceIoSyncByFdForDriver
Derived from

sceIoSyncAsyncForDriver
Derived from

sceIoSyncForDriver
Derived from

sceIoWriteAsyncForDriver
Derived from

SceIofilemgrForDriver vfs callbacks
Vfs callbacks are harder to reverse since it looks like not all of them are exported. Looks like some of them are not even exposed as subroutines.

Here will go an attempt to desctibe interface of actual callbacks with single ctx argument (as opposed to exported functions that pack arguments into ctx)

SceIofilemgrForDriver vfs node callbacks
It looks like vfs callbacks are exported. Callbacks can be identified using these steps:
 * Find all functions that contain indirect calls
 * Locate only calls that use address, taken from table, that is pointed by vfs_node (offset 0x40, then valid offset inside pointer table)
 * Trace back to first exported function (usually this is single export, not far away in call stack)
 * Turns out ScePfsMgr and SceExfatfs use these exports from their vfs node function callbacks, so this information can be mapped/matched.

vfs_node_func1
arguments are packed into  and passed to   callback

vfs_node_func2
arguments are packed into  and passed to   callback

vfs_node_func3
arguments are packed into  and passed to   callback

vfs_node_func4
arguments are packed into  and passed to   callback

vfs_node_func7
arguments are packed into  and passed to   callback

vfs_node_func8
arguments are packed into  and passed to   callback

vfs_node_func9
arguments are packed into  and passed to   callback

vfs_node_func10
arguments are packed into  and passed to   callback

vfs_node_func11
arguments are packed into  and passed to   callback

vfs_node_func12
arguments are packed into  and passed to   callback

vfs_node_func13
arguments are packed into  and passed to   callback

vfs_node_func14
arguments are packed into  and passed to   callback

vfs_node_func15
arguments are packed into  and passed to   callback

vfs_node_func16
arguments are packed into  and passed to   callback

vfs_node_func17
arguments are packed into  and passed to   callback

vfs_node_func21
arguments are packed into  and passed to   callback

vfs_node_func22
arguments are packed into  and passed to   callback

vfs_node_func23
arguments are packed into  and passed to   callback

vfs_node_func24
arguments are packed into  and passed to   callback

vfs_node_func25
arguments are packed into  and passed to   callback

vfs_node_func26
arguments are packed into  and passed to   callback

vfs_node_func27
arguments are packed into  and passed to   callback

vfs_node_func28
arguments are packed into  and passed to   callback

vfs_node_func29
arguments are packed into  and passed to   callback