Rework the builtin kernel code

GaryOderNichts · GaryOderNichts · commit b9dfe514a38a · 2022-03-02T16:07:29.000+01:00
- provide imports in the linker to reduce code size
- btu_task no longer deadlocks
- fsa shim no longer crashes when being closed
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ Don't worry if building the emulator itself fails due to missing SDL headers. Ju
 1. Download the `bluubomb` binary and the `sd_kernels.zip` from the [releases page](https://github.com/GaryOderNichts/bluubomb/releases).  
 Copy a kernel binary of your choice from the `sd_kernels.zip` to the root of your SD Card and rename it to `bluu_kern.bin`.  
 Take a look at [Kernel binaries](#kernel-binaries) for more information.
-1. Power on the Wii U, insert your SD Card and press the sync button.
+1. Power on the Wii U, insert your SD Card and press the sync button. Make sure there are no other controllers connected.
 1. Open a new terminal and make the bluubomb file executable by running `chmod +x bluubomb`
 1. Run `sudo ./bluubomb` and wait for the pairing process to complete.  
 This might take a minute.  
diff --git a/arm_kernel/Makefile b/arm_kernel/Makefile
@@ -45,7 +45,7 @@ CFLAGS	:= -Wall -std=gnu11 -Os -flto $(MACHDEP) $(INCLUDE)
 ASFLAGS	:= $(MACHDEP)
 
 LDFLAGS := -nostartfiles -nodefaultlibs -mbig-endian -flto \
-	-Wl,-Map,$(notdir $*.map),-T $(TOPDIR)/link.ld
+	-Wl,-L $(TOPDIR) -Wl,-Map,$(notdir $*.map),-T $(TOPDIR)/link.ld
 
 LIBS	:= -lgcc
 
diff --git a/arm_kernel/imports.ld b/arm_kernel/imports.ld
@@ -0,0 +1,15 @@
+PROVIDE(kernel_memcpy = 0x08131D04);
+PROVIDE(kernel_memset = 0x08131DA0);
+PROVIDE(kernel_strncpy = 0x081329B8);
+PROVIDE(kernel_disable_interrupts = 0x0812E778);
+PROVIDE(kernel_enable_interrupts = 0x0812E78C);
+PROVIDE(kernel_bsp_command_5 = 0x0812EC40);
+PROVIDE(kernel_vsnprintf = 0x0813293c);
+PROVIDE(kernel_snprintf = 0x08132988);
+PROVIDE(kernel_strncmp = 0x08132a14);
+PROVIDE(kernel_invalidate_icache = 0x0812DCF0);
+PROVIDE(kernel_invalidate_dcache = 0x08120164);
+PROVIDE(kernel_ios_shutdown = 0xffffdc48);
+PROVIDE(kernel_ios_reset = 0x08129760);
+PROVIDE(kernel_flush_dcache = 0x08120160);
+PROVIDE(setClientCapability = 0x081260a8);
diff --git a/arm_kernel/link.ld b/arm_kernel/link.ld
@@ -1,5 +1,7 @@
 OUTPUT_ARCH(arm)
 
+INCLUDE "imports.ld"
+
 SECTIONS {
     . = (0x08135000);
 
diff --git a/arm_kernel/source/imports.h b/arm_kernel/source/imports.h
@@ -1,25 +1,26 @@
 #pragma once
 
 #include <stdint.h>
+#include <stdarg.h>
 
 #define ALIGNAS(x, align)  (((x) + ((align) - 1)) & ~((align) - 1))
 
 // Kernel functions
-
-#define kernel_memcpy               ((void* (*)(void*, const void*, int)) 0x08131D04)
-#define kernel_memset               ((void* (*)(void*, int, unsigned int)) 0x08131DA0)
-#define kernel_strncpy              ((char* (*)(char*, const char*, unsigned int)) 0x081329B8)
-#define kernel_disable_interrupts   ((int (*)(void)) 0x0812E778)
-#define kernel_enable_interrupts    ((int (*)(int)) 0x0812E78C)
-#define kernel_bsp_command_5        ((int (*)(const char*, int offset, const char*, int size, void *buffer)) 0x0812EC40)
-#define kernel_vsnprintf            ((int (*)(char *, size_t, const char *, va_list)) 0x0813293c)
-#define kernel_snprintf             ((int (*)(char *, size_t, const char *, ...)) 0x08132988)
-#define kernel_strncmp              ((int (*)(const char *, const char *, size_t)) 0x08132a14)
-#define kernel_invalidate_icache    ((void (*)(void)) 0x0812DCF0)
-#define kernel_invalidate_dcache    ((void (*)(unsigned int, unsigned int)) 0x08120164)
-#define kernel_ios_shutdown         ((void (*)(int)) 0xffffdc48)
-#define kernel_ios_reset            ((void (*)(void)) 0x08129760)
-#define kernel_flush_dcache         ((void (*)(unsigned int, unsigned int)) 0x08120160)
+void* kernel_memcpy(void*, const void*, int);
+void* kernel_memset(void*, int, unsigned int);
+char* kernel_strncpy(char*, const char*, unsigned int);
+int kernel_disable_interrupts(void);
+int kernel_enable_interrupts(int);
+int kernel_bsp_command_5(const char*, int offset, const char*, int size, void *buffer);
+int kernel_vsnprintf(char *, size_t, const char *, va_list);
+int kernel_snprintf(char *, size_t, const char *, ...);
+int kernel_strncmp(const char *, const char *, size_t);
+void kernel_invalidate_icache(void);
+void kernel_invalidate_dcache(unsigned int, unsigned int);
+void kernel_ios_shutdown(int);
+void kernel_ios_reset(void);
+void kernel_flush_dcache(unsigned int, unsigned int);
+int setClientCapability(int pid, int fid, uint64_t mask);
 
 static inline unsigned int disable_mmu(void)
 {
diff --git a/arm_kernel/source/main.c b/arm_kernel/source/main.c
@@ -3,6 +3,7 @@
 
 #include "../../arm_user/arm_user.bin.h"
 
+#define ARM_B(addr, func)  (0xEA000000 | ((((uint32_t) (func) - (uint32_t) (addr) -8) >> 2) & 0x00FFFFFF))
 #define ARM_BL(addr, func) (0xEB000000 | ((((uint32_t)(func) - (uint32_t)(addr) - 8) >> 2) & 0x00FFFFFF))
 
 #define SD_KERNEL_CODE_LOCATION 0x08135400
@@ -28,15 +29,7 @@ int _main()
     *(volatile uint32_t*) 0x08129a24 = 0xe12fff1e; // bx lr
 
     // replace the custom kernel syscall
-    *(volatile uint32_t*) 0x0812cd2c = ARM_BL(0x0812cd2c, kernel_syscall_0x81);
-
-    // patch ios-pad fsa handle check to always succeed
-    *(volatile uint32_t*) 0x11f7f418 = 0xe3a00001; // mov r0, #1
-    *(volatile uint32_t*) 0x11f7f41c = 0xe12fff1e; // bx lr
-
-    // give everything full access to fsa (we need this to access the sd from ios-pad)
-    *(volatile uint32_t*) 0x107043e4 = 0xe3e02000; // mvn r2, #0
-    *(volatile uint32_t*) 0x107043e8 = 0xe3e03000; // mvn r3, #0
+    *(volatile uint32_t*) 0x0812cd2c = ARM_B(0x0812cd2c, kernel_syscall_0x81);
 
     // load arm_user
     kernel_memcpy((void*) 0x11f85800, arm_user, arm_user_size);
@@ -45,11 +38,14 @@ int _main()
     restore_mmu(control_register);
 
     // invalidate all cache
-    // kernel_invalidate_dcache(0x081298BC, 0x4001);
+    kernel_invalidate_dcache(0x081298BC, 0x4001);
     kernel_invalidate_icache();
 
     // restore interrupts
     kernel_enable_interrupts(level);
 
+    // give IOS-PAD full access to FS
+    setClientCapability(6, 11, 0xFFFFFFFFFFFFFFFF);
+
     return 0;
 }
diff --git a/arm_user/Makefile b/arm_user/Makefile
@@ -45,7 +45,7 @@ CFLAGS	:= -Wall -std=gnu11 -Os -flto $(MACHDEP) $(INCLUDE)
 ASFLAGS	:= $(MACHDEP)
 
 LDFLAGS := -nostartfiles -nodefaultlibs -mbig-endian -flto \
-	-Wl,-Map,$(notdir $*.map),-T $(TOPDIR)/link.ld
+	-Wl,-L $(TOPDIR) -Wl,-Map,$(notdir $*.map),-T $(TOPDIR)/link.ld
 
 LIBS	:= -lgcc
 
diff --git a/arm_user/imports.ld b/arm_user/imports.ld
@@ -0,0 +1,23 @@
+PROVIDE(IOS_CancelThread = 0x11f82e78);
+PROVIDE(IOS_AllocAligned = 0x11f82fa8);
+PROVIDE(IOS_Free = 0x11f82fb0);
+PROVIDE(IOS_Open = 0x11f83000);
+PROVIDE(IOS_Close = 0x11f83008);
+PROVIDE(IOS_Ioctlv = 0x11f83030);
+PROVIDE(IOS_Shutdown = 0x11f831f8);
+
+PROVIDE(kernel_syscall_0x81 = 0x11f83270);
+
+PROVIDE(strncpy = 0x11f83e80);
+PROVIDE(memset = 0x11f83488);
+
+PROVIDE(FSAShimOpen = 0x11f7f7fc);
+PROVIDE(FSAShimClose = 0x11f7f728);
+
+PROVIDE(FSA_AllocIoBuf = 0x11f7f554);
+PROVIDE(FSA_FreeIoBuf = 0x11f7f59c);
+
+PROVIDE(FSA_CloseFile = 0x11f7fae8);
+PROVIDE(FSA_StatFile = 0x11f7fbc4);
+PROVIDE(FSA_ReadWriteFile = 0x11f7fccc);
+PROVIDE(FSA_OpenFile = 0x11f80024);
diff --git a/arm_user/link.ld b/arm_user/link.ld
@@ -1,5 +1,7 @@
 OUTPUT_ARCH(arm)
 
+INCLUDE "imports.ld"
+
 SECTIONS {
     . = (0x11f85800);
 
diff --git a/arm_user/source/crt0.s b/arm_user/source/crt0.s
@@ -6,4 +6,10 @@
 .type _main, %function
 
 _start:
-    b _main
+    bl _main
+
+    @ restore the original stack pointer
+    ldr sp, =0x12156424
+
+    @ jump back into the btu_task loop
+    ldr pc, =0x11f1bebc
diff --git a/arm_user/source/fsa.c b/arm_user/source/fsa.c
@@ -11,8 +11,8 @@ int FSA_Mount(int fd, char* device_path, char* volume_path, uint32_t flags, char
 	uint32_t* inbuf = (uint32_t*)inbuf8;
 	uint32_t* outbuf = (uint32_t*)outbuf8;
 
-	_strncpy((char*) &inbuf8[0x04], device_path, 0x27F);
-	_strncpy((char*) &inbuf8[0x284], volume_path, 0x27F);
+	strncpy((char*) &inbuf8[0x04], device_path, 0x27F);
+	strncpy((char*) &inbuf8[0x284], volume_path, 0x27F);
 	inbuf[0x504 / 4] = (uint32_t) flags;
 	inbuf[0x508 / 4] = (uint32_t) arg_string_len;
 
diff --git a/arm_user/source/fsa.h b/arm_user/source/fsa.h
@@ -16,12 +16,18 @@ typedef struct {
 	uint32_t unk2[0x0D];
 } fileStat_s;
 
+int FSAShimOpen(int *attach);
+int FSAShimClose(int fd);
+
+int FSA_AllocIoBuf(void **outBuf);
+void FSA_FreeIoBuf(void* buf);
+
 int FSA_Mount(int fd, char* device_path, char* volume_path, uint32_t flags, char* arg_string, int arg_string_len);
 
-#define FSA_CloseFile 		((int (*)(int fd, int fileHandle)) 0x11f7fae8)
+int FSA_CloseFile(int fd, int fileHandle);
 
-#define FSA_StatFile  		((int (*)(int fd, int handle, fileStat_s* out_data)) 0x11f7fbc4)
+int FSA_StatFile(int fd, int handle, fileStat_s* out_data);
 
-#define FSA_ReadWriteFile  	((int (*)(int fd, void* data, uint32_t size, uint32_t cnt, int flags, int fileHandle, int read_write_flag)) 0x11f7fccc)
+int FSA_ReadWriteFile(int fd, void* data, uint32_t size, uint32_t cnt, int flags, int fileHandle, int read_write_flag);
 
-#define FSA_OpenFile        ((int (*)(int fd, char* path, char* mode, int* outHandle)) 0x11f80024)
+int FSA_OpenFile(int fd, char* path, char* mode, int* outHandle);
diff --git a/arm_user/source/imports.h b/arm_user/source/imports.h
@@ -8,17 +8,15 @@ typedef struct {
 	uint32_t unk;
 } iovec_s;
 
-#define IOS_CancelThread	((int(*)(int threadid, uint32_t* returnVal)) 0x11f82e78)
-#define IOS_AllocAligned    ((void* (*)(int heap, uint32_t size, uint32_t alignment)) 0x11f82fa8)
-#define IOS_Free            ((void (*)(int heap, void* ptr)) 0x11f82fb0)
-#define IOS_Open            ((int (*)(const char* device, int mode)) 0x11f83000)
-#define IOS_Close           ((int (*)(int fd)) 0x11f83008)
-#define IOS_Ioctlv          ((int (*)(int fd, uint32_t request, uint32_t vector_count_in, uint32_t vector_count_out, iovec_s *vector)) 0x11f83030)
-#define IOS_Shutdown        ((void (*)(int)) 0x11f831f8)
+int IOS_CancelThread(int threadid, uint32_t* returnVal);
+void* IOS_AllocAligned(int heap, uint32_t size, uint32_t alignment);
+void IOS_Free(int heap, void* ptr);
+int IOS_Open(const char* device, int mode);
+int IOS_Close(int fd);
+int IOS_Ioctlv(int fd, uint32_t request, uint32_t vector_count_in, uint32_t vector_count_out, iovec_s *vector);
+void IOS_Shutdown(int);
 
-#define kernel_syscall_0x81 ((int (*)(void* ptr, uint32_t size)) 0x11f83270)
+int kernel_syscall_0x81(void* ptr, uint32_t size);
 
-#define FSA_AllocIoBuf  ((int (*)(void **outBuf)) 0x11f7f554)
-#define FSA_FreeIoBuf   ((void (*)(void* buf)) 0x11f7f59c)
-
-#define _strncpy        ((char* (*)(char*, const char*, uint32_t)) 0x11f83e80)
+char* strncpy(char*, const char*, uint32_t);
+void* memset(void*, int, uint32_t);
diff --git a/arm_user/source/main.c b/arm_user/source/main.c
@@ -3,7 +3,7 @@
 
 void _main()
 {
-    int fsaFd = IOS_Open("/dev/fsa", 0);
+    int fsaFd = FSAShimOpen(NULL);
     
     FSA_Mount(fsaFd, "/dev/sdcard01", "/vol/storage_hb", 2, NULL, 0);
 
@@ -17,15 +17,11 @@ void _main()
 
     FSA_ReadWriteFile(fsaFd, fileBuf, 1, stat.size, 0, fileHandle, 0);
 
-    // closing and freeing takes up too much space :P
-    // FSA_CloseFile(fsaFd, fileHandle);
-    // IOS_Close(fsaFd);
+    FSA_CloseFile(fsaFd, fileHandle);
+    FSAShimClose(fsaFd);
 
     // run the loaded code via the custom kernel syscall
     kernel_syscall_0x81(fileBuf, stat.size);
 
-    //IOS_Free(0xcaff, fileBuf);
-
-    // TODO maybe we can recover IOS-PAD execution somehow
-    while (1);
+    IOS_Free(0xcaff, fileBuf);
 }
