VFS Implementation

VFS Operations

 * implemented operation is marked as
 * not implemented is marked as
 * return 0 placeholder is marked as
 * return error is marked with corresponding error name

VFS Node Operations

 * implemented operation is marked as
 * not implemented is marked as
 * return 0 placeholder is marked as
 * return error is marked with corresponding error name

Typical i/o operation execution
This is a very brief desctiption for overall understanding of io  operations. Implementation of SceIofilemgr is quite solid and most of the functions are implemented in the same manner however there could be exceptions. When io operation like  is called here is what happens:
 * all user space arguments are copied to kernel space, usually onto the kernel stack. all user space uids are converted to kernel space uids
 * optionally control may be passed to wrapper function that also does conversion
 * then control is passed to kernel level function like
 * kernel level function checks 0x2198 (IoSchedulerDispatcher initialized) flag

if dispatcher is not initialized:
 * kernel level function updates 0x1964 (i/o dirty) and 0x1980 (i/o counter) flags
 * kernel level function spawns separate thread and passes all arguments in single structure
 * separate thread then unpacks all arguments, finds  and calls exported function like
 * exported function packs all arguments into single stucture and calls real callback since it has  with node operation table
 * callback routine should be located in generic device driver, like SceSdstor, SceExfatfs or ScePfsMgr. It unpacks the arguments and then does something. For example SceSdstor dispatches the call further to SceSdif, SceWlanBt, SceMsif and SceUsbMass.
 * kernel level function updates 0x1980 (i/o counter) flag

if dispatcher is initialized:
 * kernel level function passes arguments to wrapper
 * wrapper initializes  and assigns i/o operation index
 * wrapper updates 0x1964 (i/o dirty) and 0x1980 (i/o counter) flags
 * wrapper runs dispatcher function (offset 0x17C00) in separate thread. this function selects proper  function based on i/o operation index.
 * wrapper updates 0x1980 (i/o counter) flag

i/o operation index
Typically operations are dispatched from kernel functions.

However there are exceptions: sceIoLseek32, sceIoDopenAsync, sceIoDreadAsync, sceIoDcloseAsync user functions can be dispatched.

Typically operations have normal and async version - regulated by async flag in.

However there are exceptions: sceIoLseek32, sceIoIoctlForDriver, sceIoDevctlForDriver, sceIoGetstatForDriver_2, sceIoChstatForDriver_2, sceIoDreadForDriver_2 do not have async version.

SceIofilemgrForDriver vfs callbacks
Vfs callbacks are harder to reverse since it looks like not all of them are exported. Looks like some of them are not even exposed as subroutines.

Here will go an attempt to desctibe interface of actual callbacks with single ctx argument (as opposed to exported functions that pack arguments into ctx)

SceIofilemgrForDriver vfs node callbacks
It looks like vfs callbacks are exported. Callbacks can be identified using these steps:
 * Find all functions that contain indirect calls
 * Locate only calls that use address, taken from table, that is pointed by vfs_node (offset 0x40, then valid offset inside pointer table)
 * Trace back to first exported function (usually this is single export, not far away in call stack)
 * Turns out ScePfsMgr and SceExfatfs use these exports from their vfs node function callbacks, so this information can be mapped/matched.

vfs_node_func1
arguments are packed into  and passed to   callback

vfs_node_func2
arguments are packed into  and passed to   callback

vfs_node_func3
arguments are packed into  and passed to   callback

vfs_node_func4
arguments are packed into  and passed to   callback

vfs_node_func5 (sceVfsReadForDriver)
arguments are packed into  and passed to   callback

vfs_node_func6 (sceVfsWriteForDriver)
arguments are packed into  and passed to   callback

vfs_node_func7 (sceVfsLseekForDriver)
arguments are packed into  and passed to   callback

vfs_node_func8 (sceVfsIoctlForDriver)
arguments are packed into  and passed to   callback

vfs_node_func9
arguments are packed into  and passed to   callback

vfs_node_func10
arguments are packed into  and passed to   callback

vfs_node_func11
arguments are packed into  and passed to   callback

vfs_node_func12
arguments are packed into  and passed to   callback

vfs_node_func13
arguments are packed into  and passed to   callback

vfs_node_func14 (sceVfsDreadForDriver)
arguments are packed into  and passed to   callback

vfs_node_func15
arguments are packed into  and passed to   callback

vfs_node_func16
arguments are packed into  and passed to   callback

vfs_node_func17
arguments are packed into  and passed to   callback

vfs_node_func19 (sceVfsPreadForDriver)
arguments are packed into  and passed to   callback

vfs_node_func20 (sceVfsPwriteForDriver)
arguments are packed into  and passed to   callback

vfs_node_func21
arguments are packed into  and passed to   callback

vfs_node_func22
arguments are packed into  and passed to   callback

vfs_node_func23
arguments are packed into  and passed to   callback

vfs_node_func24 (sceVfsSyncForDriver)
arguments are packed into  and passed to   callback

vfs_node_func25 (sceVfsGetstatByFdForDriver)
arguments are packed into  and passed to   callback

vfs_node_func26 (sceVfsChstatByFdForDriver)
arguments are packed into  and passed to   callback

vfs_node_func27
arguments are packed into  and passed to   callback

vfs_node_func28
arguments are packed into  and passed to   callback

vfs_node_func29
arguments are packed into  and passed to   callback