SceSdif

SceSdif is a kernel module that is primary responsible for communicating with SD devices. This includes onboard eMMC, game card MMC, wi-fi/bluetooth SDIO devices. To communicate with particular device SceSdif module uses device index (sd_ctx_index)

There is one more index value that closely correlates with device index. This is speculated to be device type index. It is initialized by internal subroutine that does preinitialization (cmd0, cmd8, cmd5_sdio, cmd55, acmd41). Value is typically stored in sd_context_data structure in field dev_type_idx.

Device type index will be validated when sd_context_part* will be aquired through these functions:
 * get_sd_context_part_validate_mmc - device type index must be 1
 * get_sd_context_part_validate_sd - device type index must be 2
 * get_sd_context_part_validate_sdio - device type index must be 3

Allocated blocks
During initialization step Sdif driver allocates couple of memory blocks. This happens when 'module_start' function is called, inside 'init' function.

There are 2 blocks per device context. Each block is named as SceSdif where N is array index.

First block is of size 0x1000 - SceUID and void* are stored in sd_context_data per device context.

Second block is of size 0x10000 - SceUID and void* are stored in sd_context_data per device context.

It is possible that first block is DMA copied to / from corresponding SceSdif physical address.

First memblock looks like to be array of 16 elements 0x100 bytes each. It is speculated that this memblock has some relation to cyclic buffer of 16 commands in sd_context_global.

Layout of single block is partially known:

initialize_mmc_device
this function only initializes devices with sd_ctx_index 0 and 1 and returns 0x80320013 on any other sd_ctx_index

it is confirmed that this function sends sequence of commands that correspond to MMC initialization protocol

wlan_bt_initialize_custom_context2
this function can send these commands: cmd3, cmd52_sdio, cmd0, cmd5_sdio, cmd55, acmd41, cmd7, cmd8

this function uses array of 2 custom contexts.

this function can either set device type index to 3 and use custom context for initialization.

or it can use preinitialization (cmd0, cmd8, cmd5_sdio, cmd55, acmd41) and then check that device type index is 3.

if device type index is not 3 then 0x80320017 error is returned.

wlan_bt_initialize_custom_context1
this function is just a wrapper for wlan_bt_initialize_custom_context2 (aabaa0f0)

initialize_sd_device
it is confirmed that this function sends sequence of commands that correspond to SD initialization protocol

these commands include: cmd0, cmd8, cmd5_sdio, cmd2, cmd3, cmd6, cmd9, cmd7, cmd16

some paired commands: (cmd55, acmd41), (cmd55, acmd42), (cmd55, acmd13), (cmd55, acmd51)

there are couple of special points:


 * it does not check sd_ctx_index argument.
 * it uses array of 3 custom contexts instead of sd_context_part structures.
 * it checks device type index after preinitialization (cmd0, cmd8, cmd5_sdio, cmd55, acmd41)
 * it only initializes device with device type index 2. otherwise 0x80320017 error is returned.