void main(void)
{
for (int i = 0; i < 128; i++)
{
uint64_t pte0 = *(uint64_t *)(MKA(0xf000000 | (i<<7)));
uint64_t pte1 = *(uint64_t *)(MKA(0xf000000 | ((i<<7)+8)));
lv1_write_htab_entry(0, i << 3, pte0, (pte1 & 0xff0000) | 0x190);
}
}
process_t get_vsh_process(void)
{
uint64_t *proc_list = *(uint64_t **)MKA(TOC+process_rtoc_entry_1);
proc_list = *(uint64_t **)proc_list;
proc_list = *(uint64_t **)proc_list;
for (int i = 0; i < 16; i++)
{
process_t p = (process_t)proc_list[1];
proc_list += 2;
if ((((uint64_t)p) & 0xFFFFFFFF00000000ULL) != MKA(0)) continue;
if (is_vsh_process(p)) return p;
}
return 0;
}
int inst_and_run_kernel_dynamic(uint8_t *payload, int size, uint64_t *residence)
{
if(!size)
return -1;
if(!payload)
return -2;
void *skprx=alloc(size, 0x27);
if(skprx)
{
memcpy(skprx, get_secure_user_ptr(payload), size);
f_desc_t f;
int (* func)(void);
f.addr = skprx;
f.toc = (void *)MKA(TOC);
func = (void *)&f;
func();
uint64_t resident=(uint64_t)skprx;
copy_to_user(&resident, get_secure_user_ptr(residence), 8);
return 1;
}
return 0;
}
int main(void)
{
u8 *payload, *stage2;
int payload_size, result;
#ifdef DEBUG
debug_init();
#endif
DPRINTF("Stage 1.5 lan hello.\n");
result = gelic_init();
if (result != 0)
goto error;
payload = (void *)MKA(0x700000);//alloc(MAX_PAYLOAD_SIZE, 0x27);
if (!payload)
goto error;
payload_size = gelic_recv_data(payload, MAX_PAYLOAD_SIZE);
if (payload_size <= 0)
goto error;
DPRINTF("Receive data: %d\n", payload_size);
stage2 = alloc(payload_size, 0x27);
if (!stage2)
goto error;
memcpy(stage2, payload, payload_size);
clear_icache(stage2, payload_size);
memset(payload, 0, payload_size);
//dealloc(payload, 0x27);
result = gelic_deinit();
if (result != 0)
goto error;
/*result = mm_deinit();
if (result != 0)
goto error;*/
f_desc_t desc;
desc.addr = stage2;
DPRINTF("Calling stage2...\n");
debug_end();
void (* stage2_func)(void) = (void *)&desc;
stage2_func();
return 0;
error:
lv1_panic(0);
return -1;
}
int inst_and_run_kernel(uint8_t *payload, int size)
{
if((!size) || (size>0x10000))
return -1;
if(!payload)
return -2;
memcpy((void *)0x80000000007f0000, get_secure_user_ptr(payload), size);
f_desc_t f;
int (* func)(void);
f.addr = (void *)0x80000000007f0000;
f.toc = (void *)MKA(TOC);
func = (void *)&f;
func();
return 0;
}
int sys_load_mamba(char *mamba_file)
{
if (mamba_loaded == 1) return ECANCELED;
mamba_file = get_secure_user_ptr(mamba_file);
CellFsStat stat;
int ret = cellFsStat(mamba_file, &stat);
if (ret == 0)
{
int fd;
ret = cellFsOpen(mamba_file, CELL_FS_O_RDONLY, &fd, 0, NULL, 0);
if (ret == 0)
{
uint32_t psize = stat.st_size;
void *mamba = alloc(psize, 0x27);
if (mamba)
{
uint64_t rs;
ret = cellFsRead(fd, mamba, psize, &rs);
cellFsClose(fd);
if (ret != 0)
{
dealloc(mamba, 0x27);
mamba = NULL;
return ret;
}
mamba_loaded = 1;
f_desc_t f;
f.toc = (void *)MKA(TOC);
int (* func)(void);
f.addr = mamba;
func = (void *)&f;
func();
return 0;
}
return ENOMEM;
}
}
return ret;
}
int main(void)
{
void *stage2 = NULL;
f_desc_t f;
int (* func)(void);
int ret;
#ifdef DEBUG
debug_init();
DPRINTF("Stage 1 hello.\n");
#endif
f.addr = flash_mount_clone;
f.toc = (void *)MKA(TOC);
func = (void *)&f;
ret = func();
if (ret != 0 && ret != 1)
{
DPRINTF("Flash mount failed!\n");
}
else
{
CellFsStat stat;
DPRINTF("Flash mounted\n");
if (cellFsStat(STAGE2_FILE, &stat) == 0)
{
int fd;
if (cellFsOpen(STAGE2_FILE, CELL_FS_O_RDONLY, &fd, 0, NULL, 0) == 0)
{
uint32_t psize = stat.st_size;
DPRINTF("Payload size = %d\n", psize);
stage2 = alloc(psize, 0x27);
if (stage2)
{
uint64_t rs;
if (cellFsRead(fd, stage2, psize, &rs) != 0)
{
DPRINTF("Stage 2 read fail.\n");
dealloc(stage2, 0x27);
stage2 = NULL;
}
}
else
{
DPRINTF("Cannot allocate stage2\n");
}
cellFsClose(fd);
}
}
else
{
DPRINTF("There is no stage 2, booting system.\n");
}
}
if (stage2)
{
f.addr = stage2;
func = (void *)&f;
DPRINTF("Calling stage 2...\n");
func();
}
return ret;
}