SceSysmem

SceSysmem is a kernel module that acts as the heart of the kernel. It exports multiple libraries for different functionalities (one of the few modules that do so). SceSysmem is the first module that is loaded in the kernel load sequence and its libraries are imported by almost all other modules. See Memory for more details on the memory subsystem.

Module
This module exists in both non-secure and secure world. The non-secure world SELF can be found in. It also can be found in the Boot Image.

Libraries
This module only exports kernel libraries.

Memory Block Type
The  parameter indicates what kind of memory to allocate. Here is a mapping of  flags to ARM MMU flags. Higher bits are used for other options including where to allocate from. Not all flag values are valid, there is a table of valid types in the kernel. You cannot, for example, allocate RWX memory.

sceKernelAllocMemBlockForKernel
The interface is the same as the user version of this call, however more types can be specified and more options are in the pOpt argument.

To allocate a kernel RW block of memory, specify.

To allocate a block of memory with a specific physical address, specify,  , and.

To allocate a block of memory that is kernel executable, specify.

To allocate a block of memory inside the CDRAM, specify.

Unrestricted Write for Process
Unrestricted memcpy to the virtual address space for process. Both  and   must be in the address space of   but   must also be accessible in the address space of the caller. This is normally used for resolving stubs in module loads.

sceKernelMemcpyUserToKernelForPid
Same as above, but copies from the specified process.

get_paddr
This will write the physical address for a virtual address  to memory pointed to by. Returns <0 on error, values >=0 indicate success.

get paddr list
This function takes in two parameters: an array of length 2 specifying the virtual address and the size of the block of memory and a request information. The function will write into  an array of   that encompasses the block of memory specified in the input. will contain the number of entries written. If  is null, it will just write the count.

Remap Block
This is used to remap RW memory as RX. To do this, first allocate a memory block of type. After you are done writing, call this with  set to.

Create Heap Pool
The heap pool is thread safe.

Map User to Kernel
Permission is either "1" for read only, no execute or "2"/"3" for read write, no execute. Type is either 0, 1, or 17 and affects the block type. 0 is default. This will allocate kernel memory starting at kernel_page. To get the same memory as the user pointer, add the kernel_offset. kernel_size is how much is allocated.

Switch TTB to PID
Changes the TTBR to point to the tables for a given PID.

Write to RX for PID
Same as write to RO but does a cache flush.

Find Int for PID
Looks for an integer in user space.

memcpyk2u checked for PID
This will not crash on invalid user pointers, but instead return error.

SceSysmem
The SceSysmem library is responsible for both low-level and high-level memory management. There are functions for allocating raw blocks of memory (similar to Linux ) as well as functions for maintaining a heap-like structure (similar to  ) for kernel, however SceLibKernel implements a proper heap and that is used for user code.

SceCpu
This library provides wrapper for much ARM CP15 co-processor access as well as low level support of spinlocks and other synchronization primitives.

SceSysclib
The C standard library for use in the kernel only. (User code have SceLibKernel, which confusingly is user-only code). Include standard string functions (no insecure variants like ).

memmove
On 1.69, this seems to be implemented incorrectly.

Unrestricted Write for Kernel
Unrestricted memcpy by first setting the  register to   and then doing a memcpy.

SceCpuForDriver_D6ED0C46_unlock
These two functions implement a simple mutual exclusive access on a resource addr using LDREX/STREX.

SceCpuForDriver_7BB9D5DF_unlock_int
Same as the pair above, but while mutex is held, interrupts are disabled. Used like this:

SceCpuForDriver_9EC91017_unlock_int_2
Same as the pair above, but stores 0x80000000 as the addr value instead of LR.

SceCpuForDriver_821FC0EE_disable_irq
Disables irq (but not fiq) and returns previous interrupt bit status (so either 0 or 0x80).

SceCpuForDriver_F5BAD43B_restore_irq
Restores previous irq state, pass either 0 or 0x80.

SceKernelUtilsForDriver
Crypto utilities

AES Init
This sets up the AES engine. is a 960 byte buffer (int 1.69). and  is the security in bits. 128/196/256 are supported values.

AES Encrypt
Encrypt with AES. There are two functions that are the same on 1.69.

AES Decrypt
Decrypt with AES.

SceZlibForDriver
zlib compression library.

SceKernelSuspendForDriver
Libraries can register callbacks for handling suspend/resume related events.

Register Callback
Registers a function for handling suspend/resume. is 0 if we are currently suspending and 1 if we are currently resuming. is passed from the registration. Registration adds an entry to a linked list and returns the block id for the new entry.

Unregister
Call with the id returned from  to remove the entry from the linked list and free the memory.

Make Callback
This will go through the linked list and call each callback. If  is set, then the first callback that returns a negative value will stop the call chain and return the block id of the callback that broke the chain. Otherwise, this function will invoke each callback and return zero.

SceQafMgrForDriver
Provides many device permission checks including Vita model checks, running app privilege checks, and so on.