SPU Isolated Modules Reverse Engineering: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 17: Line 17:
=== Functions ===
=== Functions ===
{| class="wikitable"
{| class="wikitable"
| Address || Name || Info
| Address || Name || Parameters || Info
|-
|-
| 0x1440 || debug_print || As the name already states...
| 0x1440 || debug_print || unknown || As the name already states...
|-
|-
| 0x30c0 || do_dma || Used to dma data in and out of the isolated module's LS.
| 0x30c0 || do_dma || ls_addr:$4, dma_effective_addr:$5, size:$6, tag_id:$7, unk0:$8, unk1:$9 || Used to dma data in and out of the isolated module's LS.
|-
|-
| 0x3168 || write_tag_mask_bit || This function has one argument ($4).
| 0x3168 || write_tag_mask_bit || mask_bit:$4 || Used to set a specific bit in MFC_WrTagMask.
|}
|}


==== Disasm ====
==== Disasm ====
===== do_dma =====
From 0x30c0 to 0x3130 it just checks if the parameters are ok (ls_addr != 0, dma_effective_addr != 0, size-1 < 0x3fff, tag_id < 32) else it will jump to 0x3160.
//(ls_addr:$4, dma_effective_addr:$5, size:$6, tag_id:$7, unk0:$8, unk1:$9)
//...
{
  //3134: 21 a0 08 0a wrch $MFC_LSA,$10
  wrch(MFC_LSA, ls_addr);
  //3138: 21 a0 08 85 wrch $MFC_EAH,$5
  wrch(MFC_EAH, dma_effective_addr);
  //313c: 3f e1 02 8a shlqbyi $10,$5,4
  //3140: 21 a0 09 0a wrch $MFC_EAL,$10
  wrch(MFC_EAL, dma_effective_addr << 4);
  //3144: 21 a0 09 86 wrch $MFC_Size,$6
  wrch(MFC_Size, size);
  //3148: 21 a0 0a 07 wrch $MFC_TagID,$7
  wrch(MFC_TagID, tag_id);
  //314c: 0f 64 04 06 shli $6,$8,16
  //3150: 08 22 43 05 or $5,$6,$9
  //3154: 21 a0 0a 85 wrch $MFC_Cmd,$5
  wrch(MFC_Cmd, (unk0 << 16) | unk1);
  //3158: 40 80 00 03 il $3,0
  //315c: 35 00 00 00 bi $lr
  return 0; //0 is probably success
  err:;
  //3160: 40 80 04 83 il $3,9
  //3164: 35 00 00 00 bi $lr
  return 9; //9 is probably failure
}


===== write_tag_mask_bit =====
===== write_tag_mask_bit =====

Revision as of 21:01, 25 February 2011

aim_spu_module

It is used to retrieve the device type, device id, open psid and the pscode from the EID data that is passed in.

Debug messages

Address Message
0x36f0 "(spu)start aim spu module!\n"
0x3710 "(spu) PU DMA area start address is not align 16byte\n"
0x3750 "(spu) PU EID area start address is not align 16byte\n"
0x3790 "(spu) PU DMA area size is not equall to AIM_DMA_SIZE\n"

Functions

Address Name Parameters Info
0x1440 debug_print unknown As the name already states...
0x30c0 do_dma ls_addr:$4, dma_effective_addr:$5, size:$6, tag_id:$7, unk0:$8, unk1:$9 Used to dma data in and out of the isolated module's LS.
0x3168 write_tag_mask_bit mask_bit:$4 Used to set a specific bit in MFC_WrTagMask.

Disasm

do_dma

From 0x30c0 to 0x3130 it just checks if the parameters are ok (ls_addr != 0, dma_effective_addr != 0, size-1 < 0x3fff, tag_id < 32) else it will jump to 0x3160.

//(ls_addr:$4, dma_effective_addr:$5, size:$6, tag_id:$7, unk0:$8, unk1:$9)
//...
{
 //3134:	21 a0 08 0a 	wrch	$MFC_LSA,$10
 wrch(MFC_LSA, ls_addr);
 //3138:	21 a0 08 85 	wrch	$MFC_EAH,$5
 wrch(MFC_EAH, dma_effective_addr);
 //313c:	3f e1 02 8a 	shlqbyi	$10,$5,4
 //3140:	21 a0 09 0a 	wrch	$MFC_EAL,$10
 wrch(MFC_EAL, dma_effective_addr << 4);
 //3144:	21 a0 09 86 	wrch	$MFC_Size,$6
 wrch(MFC_Size, size);
 //3148:	21 a0 0a 07 	wrch	$MFC_TagID,$7
 wrch(MFC_TagID, tag_id);
 //314c:	0f 64 04 06 	shli	$6,$8,16
 //3150:	08 22 43 05 	or	$5,$6,$9
 //3154:	21 a0 0a 85 	wrch	$MFC_Cmd,$5
 wrch(MFC_Cmd, (unk0 << 16) | unk1);
 //3158:	40 80 00 03 	il	$3,0
 //315c:	35 00 00 00 	bi	$lr
 return 0; //0 is probably success
 err:;
 //3160:	40 80 04 83 	il	$3,9
 //3164:	35 00 00 00 	bi	$lr
 return 9; //9 is probably failure
}
write_tag_mask_bit
//(tag_mask_bit:$4)
{
 //3168:	40 80 00 02 	il	$2,0 //Update immediately, unconditional.
 //316c:	21 a0 0b 82 	wrch	$MFC_WrTagUpdate,$2
 wrch(MFC_WrTagUpdate, 0);
 //3170:	01 e0 0b 83 	rchcnt	$3,$MFC_WrTagUpdate
 //3174:	7c 00 41 85 	ceqi	$5,$3,1
 //3178:	20 7f ff 05 	brz	$5,0x3170	# 3170
 while(rchcnt(MFC_WrTagUpdate) != 1);
 //317c:	01 a0 0c 02 	rdch	$2,$MFC_RdTagStat
 $2 = rdch(MFC_RdTagStat);
 //3180:	0b 61 01 86 	shl	$6,$3,$4
 //3184:	21 a0 0b 06 	wrch	$MFC_WrTagMask,$6
 wrch(MFC_WrTagMask, 1 << tag_mask_bit);
 //3188:	40 80 01 03 	il	$3,2 //Update tag status if or when all enabled tag groups have “no outstanding operation” status.
 //318c:	21 a0 0b 83 	wrch	$MFC_WrTagUpdate,$3
 wrch(MFC_WrTagUpdate, 2);
 //3190:	01 a0 0c 02 	rdch	$2,$MFC_RdTagStat
 $2 = rdch(MFC_RdTagStat);
 //3194:	35 00 00 00 	bi	$lr
 return;
}