mirror of
synced 2025-03-02 16:31:07 +00:00
1004 lines
30 KiB
1004 lines
30 KiB
; Data structures internal to the NanoKernel
; Bit fields get defined inside a record only in order to give them a
; namespace (e.g. MSR_IP). The _bitEqu macro is used to produce three
; equates per bit:
; (name) = the bit's place value
; (name)bit = the bit's PowerPC index (0 is leftmost)
; (name)shift = the bit's 68k index (0 is rightmost)
_bitEqu &name, &bit
&name equ 1 << (31-&bit)
&name.bit equ &bit
&name.shift equ 31 - &bit
; Lives at 5fffe000 on most (all?) PowerPC Macs. The public-ish part
; is the InfoRecord, which lives in the upper 64 bytes. This contains
; logical pointers, sizes and versions for the data structures that
; are shared between the NanoKernel and userspace. See
; PPCInfoRecordsPriv.s for the contents of these structures.
IRP record 0xdc0,INCR
SystemInfo ds.l 80 ; dc0:f00 ; other NK versions keep their structures elsewhere,
HWInfo ds.l 48 ; f00:fc0 ; so always use InfoRecord to find them from userspace
InfoRecord ds.l 16 ; fc0:1000 ; the public part
; Some InfoRecord fields are obliquely referenced from PPCInfoRecordsPriv.h
; (e.g. nkSystemInfoPtr = 0x5FFFEFF0)
InfoRecord record 0,INCR
InfoRecordPtr ds.l 1 ; 00 kdp/irp+fc0 ; set in kdp, copied to irp
Zero ds.l 1 ; 04 kdp/irp+fc4 ; const
NKProcessorStatePtr ds.l 1 ; 08 kdp/irp+fc8 ; in PSA
NKProcessorStateVer ds.w 1 ; 0c kdp/irp+fcc ; const
NKProcessorStateLen ds.w 1 ; 0e kdp/irp+fce ; const
NKHWInfoPtr ds.l 1 ; 10 kdp/irp+fd0 ; in IRP
NKHWInfoVer ds.w 1 ; 14 kdp/irp+fd4 ; const
NKHWInfoLen ds.w 1 ; 16 kdp/irp+fd6 ; const
NKProcessorInfoPtr ds.l 1 ; 18 kdp/irp+fd8 ; in KDP
NKProcessorInfoVer ds.w 1 ; 1c kdp/irp+fdc ; const
NKProcessorInfoLen ds.w 1 ; 1e kdp/irp+fde ; const
NKNanoKernelInfoPtr ds.l 1 ; 20 kdp/irp+fe0 ; in KDP
NKNanoKernelInfoVer ds.w 1 ; 24 kdp/irp+fe4 ; BCD
NKNanoKernelInfoLen ds.w 1 ; 26 kdp/irp+fe6 ; const
NKDiagInfoPtr ds.l 1 ; 28 kdp/irp+fe8 ; in PSA
NKDiagInfoVer ds.w 1 ; 2c kdp/irp+fec ; const
NKDiagInfoLen ds.w 1 ; 2e kdp/irp+fee ; const
NKSystemInfoPtr ds.l 1 ; 30 kdp/irp+ff0 ; in IRP
NKSystemInfoVer ds.w 1 ; 34 kdp/irp+ff4 ; const
NKSystemInfoLen ds.w 1 ; 36 kdp/irp+ff6 ; const
NKProcessorInfoPtr2 ds.l 1 ; 38 kdp/irp+ff8 ; in KDP (same as above)
NKProcessorInfoVer2 ds.w 1 ; 3c kdp/irp+ffc ; const
NKProcessorInfoLen2 ds.w 1 ; 3e kdp/irp+ffe ; const
Size equ *
; The PSA is Rene's homage to the ESA390's prefix storage area.
; It contains "the PowerPC IVT and some NK pointers."
; New to NKv2, it lives in the page below the KDP. On CPU0, this is
; also just below the below-SPRG0 part of the Exception Work Area.
; It is almost always accessed by negative offset from GPR1, hence
; the negative offsets.
PSA record -0xb90,INCR
HTABLock ds.l 8 ; -b90:-b70
PIHLock ds.l 8 ; -b70:-b50
SchLock ds.l 8 ; -b50:-b30
ThudLock ds.l 8 ; -b30:-b10 ; for the interactive debugger
RTASLock ds.l 8 ; -b10:-af0
DbugLock ds.l 8 ; -af0:-ad0
PoolLock ds.l 8 ; -ad0:-ab0
FreePool ds.l 4 ; -ab0 ; LLL with signature 'POOL'
ds.l 1 ; -aa0
ds.l 1 ; -a9c
IndexPtr ds.l 1 ; -a98 ; index of opaque IDs
FirstGRPS ds.l 4 ; -a94:-a84
TimerQueue ds.l 16 ; -a84:-a44 ; there are more of these in the pool
DelayQueue ds.l 4 ; -a44:-a34
DbugQueue ds.l 4 ; -a34:-a24
PageQueue ds.l 4 ; -a24:-a14
NotQueue ds.l 4 ; -a14:-a04
ds.l 1 ; -a04
QueueRelatedZero1 ds.l 1 ; -a00 ; set to zero when queues are inited
QueueRelatedZero2 ds.l 1 ; -9fc ; same again
ds.l 1 ; -9f8
ds.l 1 ; -9f4
CriticalReadyQ ds.l 8 ; -9f0:-9d0
LatencyProtectReadyQ ds.l 8 ; -9d0:-9b0
NominalReadyQ ds.l 8 ; -9b0:-990
IdleReadyQ ds.l 8 ; -990:-970
PriorityFlags ds.l 1 ; -970 ; bit 0 is 0, bit 1 is 1, etc...
ScrambledMPCallTime ds.l 1 ; -96c ; by MP call return
EmpiricalCpuFeatures ds.l 1 ; -968 ; Init.s saves MQ (should be possible) here
MQFeatureBit equ 13 ; equals 0x00040000
AVFeatureBit equ 12 ; equals 0x00080000
; 8 0x00800000
; 10 0x00200000
;int vector checks 9 0x00400000
UserModeMSR ds.l 1 ; -964
ThudBuffer ds.b 96 ; -960:-900 ; that's the kernel debugger
NoIdeaR23 ds.l 1 ; -900 ; r23 copies here... replated to RTAS?
ds.l 1 ; -8fc
ds.l 1 ; -8f8
ds.l 1 ; -8f4
PA_BlueTask ds.l 1 ; -8f0 ; set at the same time as the one below
ds.l 1 ; -8ec
ds.l 1 ; -8e8
OtherSystemContextPtr ds.l 1 ; -8e4 ; sometimes set to PA_ECB
VectorRegInitWord ds.l 1 ; -8e0 ; task vector regs get inited with this word x 4
SevenFFFDead2 ds.l 1 ; -8dc
SevenFFFDead3 ds.l 1 ; -8d8
SevenFFFDead4 ds.l 1 ; -8d4
VioletVecBase ds.l 48 ; -8d0:-810
IndigoVecBase ds.l 48 ; -810:-750
BlueVecBase ds.l 48 ; -750:-690 ; gets enabled by PDM PIH
GreenVecBase ds.l 48 ; -690:-5d0
DiagInfo ds.b 256 ; -5d0:-4d0
ProcessorState ds.b 128 ; -4d0:-450 ; interesting what this gets used by
FreeList ds.l 4 ; -450:-440
ds.l 1 ; -440
Int ds.w 1 ; -43c ; set by CommonPIHPath: a one-byte 68k int ID or -1
ds.w 1 ; -43a
DecClockRateHzCopy ds.l 1 ; -438 ; copied by Init.s
OtherTimerQueuePtr ds.l 1 ; -434 ; unsigned timer queue in the pool, set by InitTMRQs
FreePageCount ds.l 1 ; -430 ; zeroed by InitFreeList
UnheldFreePageCount ds.l 1 ; -42c
ExternalHandlerID ds.l 1 ; -428 ; notification for PIH to bump
SystemAddressSpaceID ds.l 1 ; -424
ds.l 1 ; -420
blueProcessPtr ds.l 1 ; -41c ; physical ptr to first type-1 struct created
ThermalHandlerID ds.l 1 ; -418 ; is a Note struct
PMFHandlerID ds.l 1 ; -414 ; also a Note struct
SomeEvtGrpID ds.l 1 ; -410
ds.l 1 ; -40c
ds.l 1 ; -408
ds.l 1 ; -404
ds.l 1 ; -400
OtherSystemAddrSpcPtr ds.l 1 ; -3fc
OtherSystemAddrSpcPtr2 ds.l 1 ; -3f8 ; copied from the one above by InitFreeList
ZeroedByInitFreeList3 ds.l 1 ; -3f4
ds.l 1 ; -3f0
ds.l 1 ; -3ec
ds.l 1 ; -3e8
ds.l 1 ; -3e4
ds.l 1 ; -3e0
ds.l 1 ; -3dc
ds.l 1 ; -3d8
ds.l 1 ; -3d4
ds.l 1 ; -3d0
ds.l 1 ; -3cc
ds.l 1 ; -3c8
ds.l 1 ; -3c4
ds.l 1 ; -3c0
ds.l 1 ; -3bc
ds.l 1 ; -3b8
ds.l 1 ; -3b4
ds.l 1 ; -3b0
ds.l 1 ; -3ac
ds.l 1 ; -3a8
ds.l 1 ; -3a4
ds.l 1 ; -3a0
ds.l 1 ; -39c
ds.l 1 ; -398
ds.l 1 ; -394
ds.l 1 ; -390
ds.l 1 ; -38c
ds.l 1 ; -388
ds.l 1 ; -384
ds.l 1 ; -380
ds.l 1 ; -37c
ds.l 1 ; -378
ds.l 1 ; -374
ds.l 1 ; -370
ds.l 1 ; -36c
ds.l 1 ; -368
ds.l 1 ; -364
ds.l 1 ; -360
ds.l 1 ; -35c
ds.l 1 ; -358
ds.l 1 ; -354
ds.l 1 ; -350
ds.l 1 ; -34c
ds.l 1 ; -348
ds.l 1 ; -344
; Each CPU has one of these. It is half-heartedly enclosed by a "CPU"
; MP struct. Along with the SPRG registers, it is essential in order
; for the CPU to get its bearings at interrupt time. Each CPU's SPRG0
; always points *into* that CPU's EWA.
EWA record -0x340,INCR
; Fun fact: offsets before here contain the additional kernel globals
; ("Primary System Area"), but only on CPU-0.
; It's kind of complicated, but the CPU MP struct of CPU-0
; starts life as a chunk of the kernel globals, carefully placed
; so the "middle" (zero offset) of the Exception Work Area
; within that CPU struct will equal the "middle" (zero offset)
; of the kernel globals (i.e. between the negative-index v2-only
; Primary System Area and the positive-offset Kernel Data Page).
; Subsequent CPU structs are just large allocations in the kernel
; pool, with the CPU's SPRG0 register being pointed to the zero
; point of that CPU struct's EWA.
CPUBase ds.b 32 ; -340:-320 ; not really part of the EWA, but more an MP struct
Base ; used when init'ed as part of the enclosing CPU struct
; Now for the actual meat of sandwich.
; Many of these fields are used by functions at interrupt time
; to save/restore registers, in lieu of a stack.
TimeList ds.l 4 ; -320:-310, cpu+020
ds.l 1 ; -310, cpu+030
ds.b 1 ; -30c, cpu+034
ds.b 1 ; -30b, cpu+035
ds.b 1 ; -30a, cpu+036
GlobalTimeIsValid ds.b 1 ; -309, cpu+037
ds.l 1 ; -308, cpu+038
ds.l 1 ; -304, cpu+03c
ds.l 1 ; -300, cpu+040
ds.l 1 ; -2fc, cpu+044
ds.l 1 ; -2f8, cpu+048
ds.l 1 ; -2f4, cpu+04c
ds.l 1 ; -2f0, cpu+050
ds.l 1 ; -2ec, cpu+054
GlobalTime ds.l 2 ; -2e8, cpu+058
ThudSavedR29 ds.l 1 ; -2e0, cpu+060
ThudSavedR30 ds.l 1 ; -2dc, cpu+064
ThudSavedR31 ds.l 1 ; -2d8, cpu+068
ds.l 1 ; -2d4, cpu+06c
ds.l 1 ; -2d0, cpu+070
ds.l 1 ; -2cc, cpu+074
ds.l 1 ; -2c8, cpu+078
ds.l 1 ; -2c4, cpu+07c
ds.l 1 ; -2c0, cpu+080
ds.l 1 ; -2bc, cpu+084
ds.l 1 ; -2b8, cpu+088
ds.l 1 ; -2b4, cpu+08c
ds.l 1 ; -2b0, cpu+090
ds.l 1 ; -2ac, cpu+094
ds.l 1 ; -2a8, cpu+098
ds.l 1 ; -2a4, cpu+09c
ds.l 1 ; -2a0, cpu+0a0
ds.l 1 ; -29c, cpu+0a4
ds.l 1 ; -298, cpu+0a8
ds.l 1 ; -294, cpu+0ac
ds.l 1 ; -290, cpu+0b0
ds.l 1 ; -28c, cpu+0b4
ds.l 1 ; -288, cpu+0b8
ds.l 1 ; -284, cpu+0bc
ds.l 1 ; -280, cpu+0c0
ds.l 1 ; -27c, cpu+0c4
SpacesSavedLR ds.l 1 ; -278, cpu+0c8
SpacesSavedCR ds.l 1 ; -274, cpu+0cc
SpacesSavedAreaBase ds.l 1 ; -270, cpu+0d0
SpacesDeferredAreaPtr ds.l 1 ; -26c, cpu+0d4
ds.l 1 ; -268, cpu+0d8
ds.l 1 ; -264, cpu+0dc
ds.l 1 ; -260, cpu+0e0
ds.l 1 ; -25c, cpu+0e4
ds.l 1 ; -258, cpu+0e8
ds.l 1 ; -254, cpu+0ec
ds.l 1 ; -250, cpu+0f0
ds.l 1 ; -24c, cpu+0f4
ds.l 1 ; -248, cpu+0f8
ds.l 1 ; -244, cpu+0fc
ds.l 1 ; -240, cpu+100
ds.l 1 ; -23c, cpu+104
ds.l 1 ; -238, cpu+108
ds.l 1 ; -234, cpu+10c
ds.l 1 ; -230, cpu+110
ds.l 1 ; -22c, cpu+114
ds.l 1 ; -228, cpu+118
ds.l 1 ; -224, cpu+11c
ds.l 1 ; -220, cpu+120
ds.l 1 ; -21c, cpu+124
ds.l 1 ; -218, cpu+128
ds.l 1 ; -214, cpu+12c
ds.l 1 ; -210, cpu+130
ds.l 1 ; -20c, cpu+134
ds.l 1 ; -208, cpu+138
ds.l 1 ; -204, cpu+13c
ds.l 1 ; -200, cpu+140
ds.l 1 ; -1fc, cpu+144
ds.l 1 ; -1f8, cpu+148
ds.l 1 ; -1f4, cpu+14c
ds.l 1 ; -1f0, cpu+150
ds.l 1 ; -1ec, cpu+154
ds.l 1 ; -1e8, cpu+158
ds.l 1 ; -1e4, cpu+15c
ds.l 1 ; -1e0, cpu+160
ds.l 1 ; -1dc, cpu+164
ds.l 1 ; -1d8, cpu+168
ds.l 1 ; -1d4, cpu+16c
ds.l 1 ; -1d0, cpu+170
ds.l 1 ; -1cc, cpu+174
ds.l 1 ; -1c8, cpu+178
ds.l 1 ; -1c4, cpu+17c
ds.l 1 ; -1c0, cpu+180
ds.l 1 ; -1bc, cpu+184
ds.l 1 ; -1b8, cpu+188
ds.l 1 ; -1b4, cpu+18c
ds.l 1 ; -1b0, cpu+190
ds.l 1 ; -1ac, cpu+194
ds.l 1 ; -1a8, cpu+198
ds.l 1 ; -1a4, cpu+19c
ds.l 1 ; -1a0, cpu+1a0
ds.l 1 ; -19c, cpu+1a4
ds.l 1 ; -198, cpu+1a8
ds.l 1 ; -194, cpu+1ac
ds.l 1 ; -190, cpu+1b0
ds.l 1 ; -18c, cpu+1b4
ds.l 1 ; -188, cpu+1b8
ds.l 1 ; -184, cpu+1bc
ds.l 1 ; -180, cpu+1c0
ds.l 1 ; -17c, cpu+1c4
ds.l 1 ; -178, cpu+1c8
ds.l 1 ; -174, cpu+1cc
ds.l 1 ; -170, cpu+1d0
ds.l 1 ; -16c, cpu+1d4
ds.l 1 ; -168, cpu+1d8
ds.l 1 ; -164, cpu+1dc
ds.l 1 ; -160, cpu+1e0
ds.l 1 ; -15c, cpu+1e4
ds.l 1 ; -158, cpu+1e8
ds.l 1 ; -154, cpu+1ec
ds.l 1 ; -150, cpu+1f0
ds.l 1 ; -14c, cpu+1f4
ds.l 1 ; -148, cpu+1f8
ds.l 1 ; -144, cpu+1fc
ds.l 1 ; -140, cpu+200
ds.l 1 ; -13c, cpu+204
ds.l 1 ; -138, cpu+208
ds.l 1 ; -134, cpu+20c
ds.l 1 ; -130, cpu+210
ds.l 1 ; -12c, cpu+214
ds.l 1 ; -128, cpu+218
ds.l 1 ; -124, cpu+21c
ds.l 1 ; -120, cpu+220
ds.l 1 ; -11c, cpu+224
BinaryFlag ds.l 1 ; -118, cpu+228 ; 1 or 0, actually a byte!
ds.l 1 ; -114, cpu+22c
ds.l 1 ; -110, cpu+230
ds.l 1 ; -10c, cpu+234
ds.l 1 ; -108, cpu+238
ds.l 1 ; -104, cpu+23c
ds.l 1 ; -100, cpu+240
ds.l 1 ; -0fc, cpu+244
ds.l 1 ; -0f8, cpu+248
ds.l 1 ; -0f4, cpu+24c
ds.l 1 ; -0f0, cpu+250
ds.l 1 ; -0ec, cpu+254
ds.l 1 ; -0e8, cpu+258
ds.l 1 ; -0e4, cpu+25c
ds.l 1 ; -0e0, cpu+260
ds.l 1 ; -0dc, cpu+264
ds.l 1 ; -0d8, cpu+268
ds.l 1 ; -0d4, cpu+26c
ds.l 1 ; -0d0, cpu+270
ds.l 1 ; -0cc, cpu+274
ds.l 1 ; -0c8, cpu+278
ds.l 1 ; -0c4, cpu+27c
ds.l 1 ; -0c0, cpu+280
ds.l 1 ; -0bc, cpu+284
ds.l 1 ; -0b8, cpu+288
ds.l 1 ; -0b4, cpu+28c
ds.l 1 ; -0b0, cpu+290
ds.l 1 ; -0ac, cpu+294
ds.l 1 ; -0a8, cpu+298
ds.l 1 ; -0a4, cpu+29c
ds.l 1 ; -0a0, cpu+2a0
ds.l 1 ; -09c, cpu+2a4
ds.l 1 ; -098, cpu+2a8
ds.l 1 ; -094, cpu+2ac
ds.l 1 ; -090, cpu+2b0
ds.l 1 ; -08c, cpu+2b4
ds.l 1 ; -088, cpu+2b8
ds.l 1 ; -084, cpu+2bc
ds.l 1 ; -080, cpu+2c0
ds.l 1 ; -07c, cpu+2c4
ds.l 1 ; -078, cpu+2c8
ds.l 1 ; -074, cpu+2cc
ds.l 1 ; -070, cpu+2d0
ds.l 1 ; -06c, cpu+2d4
ds.l 1 ; -068, cpu+2d8
ds.l 1 ; -064, cpu+2dc
PoolSavedLR ds.l 1 ; -060, cpu+2e0
PoolSavedSizeArg ds.l 1 ; -05c, cpu+2e4
ds.l 1 ; -058, cpu+2e8
ds.l 1 ; -054, cpu+2ec
ds.l 1 ; -050, cpu+2f0
ds.l 1 ; -04c, cpu+2f4
ds.l 1 ; -048, cpu+2f8
ds.l 1 ; -044, cpu+2fc
CreateAreaSavedLR ds.l 1 ; -040, cpu+300
CreateAreaSavedR25 ds.l 1 ; -03c, cpu+304 ; ???!!!
CreateAreaSavedR26 ds.l 1 ; -038, cpu+308
CreateAreaSavedR27 ds.l 1 ; -034, cpu+30c
CreateAreaSavedR28 ds.l 1 ; -030, cpu+310
CreateAreaSavedR29 ds.l 1 ; -02c, cpu+314
CreateAreaSavedR30 ds.l 1 ; -028, cpu+318
CreateAreaSavedR31 ds.l 1 ; -024, cpu+31c
PA_IRP ds.l 1 ; -020, cpu+320
PA_CurAddressSpace ds.l 1 ; -01c, cpu+324
PA_PSA ds.l 1 ; -018, cpu+328
PA_ContextBlock ds.l 1 ; -014, cpu+32c
Flags ds.l 1 ; -010, cpu+330
ds.l 1 ; -00c, cpu+334
PA_CurTask ds.l 1 ; -008, cpu+338
PA_KDP ds.l 1 ; -004, cpu+33c
; ZERO (SPRG0 points here)
r0 ds.l 1 ; 000, cpu+340 ; used for quick register saves at exception time...
r1 ds.l 1 ; 004, cpu+344
r2 ds.l 1 ; 008, cpu+348
r3 ds.l 1 ; 00c, cpu+34c
r4 ds.l 1 ; 010, cpu+350
r5 ds.l 1 ; 014, cpu+354
r6 ds.l 1 ; 018, cpu+358
r7 ds.l 1 ; 01c, cpu+35c
r8 ds.l 1 ; 020, cpu+360
r9 ds.l 1 ; 024, cpu+364
r10 ds.l 1 ; 028, cpu+368
r11 ds.l 1 ; 02c, cpu+36c
r12 ds.l 1 ; 030, cpu+370
r13 ds.l 1 ; 034, cpu+374
r14 ds.l 1 ; 038, cpu+378
r15 ds.l 1 ; 03c, cpu+37c
r16 ds.l 1 ; 040, cpu+380
r17 ds.l 1 ; 044, cpu+384
r18 ds.l 1 ; 048, cpu+388
r19 ds.l 1 ; 04c, cpu+38c
r20 ds.l 1 ; 050, cpu+390
r21 ds.l 1 ; 054, cpu+394
r22 ds.l 1 ; 058, cpu+398
r23 ds.l 1 ; 05c, cpu+39c
r24 ds.l 1 ; 060, cpu+3a0
r25 ds.l 1 ; 064, cpu+3a4
r26 ds.l 1 ; 068, cpu+3a8
r27 ds.l 1 ; 06c, cpu+3ac
r28 ds.l 1 ; 070, cpu+3b0
r29 ds.l 1 ; 074, cpu+3b4
r30 ds.l 1 ; 078, cpu+3b8
r31 ds.l 1 ; 07c, cpu+3bc
; Fun fact: offsets past here contain the main kernel globals
; ("Kernel Data Page"), but only on CPU-0.
; Positive offsets from the kernel global pointer (which can be found
; in the PA_KDP field of any CPU's EWA, and directly in the SPRG0 of
; CPU-0). Except for offsets < 128 bytes, which belong to the GPR save
; area of CPU-0's EWA (see the r0, r1 etc. directly above here?)
KDP record 0x80,INCR
SegMap32SupInit ds.l 32 ; 080:100
SegMap32UsrInit ds.l 32 ; 100:180
SegMap32CPUInit ds.l 32 ; 180:200
SegMap32OvlInit ds.l 32 ; 200:280
BATs ds.l 32 ; 280:300
org 0x340
MinusOne1 ds.l 1 ; 340 ; several longs set at once
ds.l 1 ; 344
MinusOne2 ds.l 1 ; 348
ds.l 1 ; 34c
MinusOne3 ds.l 1 ; 350
ds.l 1 ; 354
MinusOne4 ds.l 1 ; 358
ds.l 1 ; 35c
YellowVecBase ds.l 48 ; 360:420 ; used to ignore illegal AltiVec insns by Init.s
OrangeVecBase ds.l 48 ; 420:4e0
RedVecBase ds.l 48 ; 4e0:5a0
OldKDP ds.l 1 ; 5a0 ; gotten from the old SPRG0
OtherFreeThing ds.l 1 ; 5a4
TopOfFreePages ds.l 1 ; 5a8 ; gotten from the old SPRG0
ds.l 1 ; 5ac
PA_InterruptHandler ds.l 1 ; 5b0
ds.l 1 ; 5b4
HiLevelPerfMonitorBits ds.l 1 ; 5b8
ds.l 1 ; 5bc
PerfMonitorBits ds.l 1 ; 5c0
ds.l 1 ; 5c4
SegMap32SupInitPtr ds.l 1 ; 5c8
BatMap32SupInit ds.l 1 ; 5cc
SegMap32UsrInitPtr ds.l 1 ; 5d0
BatMap32UsrInit ds.l 1 ; 5d4
SegMap32CPUInitPtr ds.l 1 ; 5d8
BatMap32CPUInit ds.l 1 ; 5dc
SegMap32OvlInitPtr ds.l 1 ; 5e0
BatMap32OvlInit ds.l 1 ; 5e4
ds.l 1 ; 5e8
ds.l 1 ; 5ec
NanoKernelCallTable ds.l 16 ; 5f0:630
PA_ConfigInfo ds.l 1 ; 630
PA_EmulatorData ds.l 1 ; 634
KernelMemoryBase ds.l 1 ; 638
KernelMemoryEnd ds.l 1 ; 63c ; Top of HTAB (and entire kernel reserved area). Set by Init.s
PA_RelocatedLowMemInit ds.l 1 ; 640 ; From ConfigInfo. Ptr to Mac LowMem vars, which Init.s sets up
SharedMemoryAddr ds.l 1 ; 644 ; From ConfigInfo. Not sure what latest use is.
LA_EmulatorKernelTrapTable ds.l 1 ; 648 ; Calculated from ConfigInfo.
PA_NanoKernelCode ds.l 1 ; 64c ; Calculated by NanoKernel itself.
PA_FDP ds.l 1 ; 650 ; See notes in NanoKernel. Very interesting.
LA_ECB ds.l 1 ; 654 ; Logical ptr into EDP.
PA_ECB ds.l 1 ; 658 ; gets called "system context"
PA_ECB_Old ds.l 1 ; 65c ; copied from NKv<=01.01 to EWA.PA_ContextBlock.
ds.l 1 ; 660
ds.l 1 ; 664
ds.l 1 ; 668
PA_PageMapEnd ds.l 1 ; 66c ; Set at the same time as PA_PageMapStart below...
TestIntMaskInit ds.l 1 ; 670 ; These are all copied from ConfigInfo...
PostIntMaskInit ds.l 1 ; 674
ClearIntMaskInit ds.l 1 ; 678
PA_EmulatorIplValue ds.l 1 ; 67c ; Physical ptr into EDP
SharedMemoryAddrPlus ds.l 1 ; 680 ; Really not sure
PA_PageMapStart ds.l 1 ; 684 ; Physical ptr to PageMap (= KDP+0x920)
PageAttributeInit ds.l 1 ; 688 ; defaults for page table entries (see ConfigInfo)
ds.l 1 ; 68c
ds.l 1 ; 690
ds.l 1 ; 694
ds.l 1 ; 698
ds.l 1 ; 69c
PTEGMask ds.l 1 ; 6a0
HTABORG ds.l 1 ; 6a4
UsablePhysicalPages ds.l 1 ; 6a8 ; does take MacOS into account
TotalPhysicalPages ds.l 1 ; 6ac ; does not take into acct maximum MacOS memory
FlatPageListPtr ds.l 1 ; 6b0
VMMaxVirtualPages ds.l 1 ; 6b4 ; size of main contiguous segment?
CpuSpecificByte1 ds.b 1 ; 6b8 ; seems to contain flags (set from PVR & tbl by Init.s)
CpuSpecificByte2 ds.b 1 ; 6b9 ; probably not flags (set in same way)
ds.b 1 ; 6ba
ds.b 1 ; 6bb
FlatPageListSegPtrs ds.l 16 ; 6bc
ds.l 1 ; 6fc
ThudSavedR0 ds.l 1 ; 700
ThudSavedR1 ds.l 1 ; 704 ; via SPRG1
ThudSavedR2 ds.l 1 ; 708
ThudSavedR3 ds.l 1 ; 70c
ThudSavedR4 ds.l 1 ; 710
ThudSavedR5 ds.l 1 ; 714
ThudSavedR6 ds.l 1 ; 718
ThudSavedR7 ds.l 1 ; 71c
ThudSavedR8 ds.l 1 ; 720
ThudSavedR9 ds.l 1 ; 724
ThudSavedR10 ds.l 1 ; 728
ThudSavedR11 ds.l 1 ; 72c
ThudSavedR12 ds.l 1 ; 730
ThudSavedR13 ds.l 1 ; 734
ThudSavedR14 ds.l 1 ; 738
ThudSavedR15 ds.l 1 ; 73c
ThudSavedR16 ds.l 1 ; 740
ThudSavedR17 ds.l 1 ; 744
ThudSavedR18 ds.l 1 ; 748
ThudSavedR19 ds.l 1 ; 74c
ThudSavedR20 ds.l 1 ; 750
ThudSavedR21 ds.l 1 ; 754
ThudSavedR22 ds.l 1 ; 758
ThudSavedR23 ds.l 1 ; 75c
ThudSavedR24 ds.l 1 ; 760
ThudSavedR25 ds.l 1 ; 764
ThudSavedR26 ds.l 1 ; 768
ThudSavedR27 ds.l 1 ; 76c
ThudSavedR28 ds.l 1 ; 770
ThudSavedR29 ds.l 1 ; 774
ThudSavedR30 ds.l 1 ; 778
ThudSavedR31 ds.l 1 ; 77c
ThudSavedCR ds.l 1 ; 780
ThudSavedMQ ds.l 1 ; 784
ThudSavedXER ds.l 1 ; 788
ThudSavedSPRG2 ds.l 1 ; 78c
ThudSavedCTR ds.l 1 ; 790
ThudSavedPVR ds.l 1 ; 794
ThudSavedDSISR ds.l 1 ; 798
ThudSavedDAR ds.l 1 ; 79c
ThudSavedTBU ds.l 1 ; 7a0 ; RTCU on 601
ThudSavedTB ds.l 1 ; 7a4 ; RTCL on 601
ThudSavedDEC ds.l 1 ; 7a8
ThudSavedHID0 ds.l 1 ; 7ac
ThudSavedSDR1 ds.l 1 ; 7b0
ThudSavedSRR0 ds.l 1 ; 7b4
ThudSavedSRR1 ds.l 1 ; 7b8
ThudSavedMSR ds.l 1 ; 7bc
ThudSavedSR0 ds.l 1 ; 7c0
ThudSavedSR1 ds.l 1 ; 7c4
ThudSavedSR2 ds.l 1 ; 7c8
ThudSavedSR3 ds.l 1 ; 7cc
ThudSavedSR4 ds.l 1 ; 7d0
ThudSavedSR5 ds.l 1 ; 7d4
ThudSavedSR6 ds.l 1 ; 7d8
ThudSavedSR7 ds.l 1 ; 7dc
ThudSavedSR8 ds.l 1 ; 7e0
ThudSavedSR9 ds.l 1 ; 7e4
ThudSavedSR10 ds.l 1 ; 7e8
ThudSavedSR11 ds.l 1 ; 7ec
ThudSavedSR12 ds.l 1 ; 7f0
ThudSavedSR13 ds.l 1 ; 7f4
ThudSavedSR14 ds.l 1 ; 7f8
ThudSavedSR15 ds.l 1 ; 7fc
ThudSavedF0 ds.d 1 ; 800
ThudSavedF1 ds.d 1 ; 808
ThudSavedF2 ds.d 1 ; 810
ThudSavedF3 ds.d 1 ; 818
ThudSavedF4 ds.d 1 ; 820
ThudSavedF5 ds.d 1 ; 828
ThudSavedF6 ds.d 1 ; 830
ThudSavedF7 ds.d 1 ; 838
ThudSavedF8 ds.d 1 ; 840
ThudSavedF9 ds.d 1 ; 848
ThudSavedF10 ds.d 1 ; 850
ThudSavedF11 ds.d 1 ; 858
ThudSavedF12 ds.d 1 ; 860
ThudSavedF13 ds.d 1 ; 868
ThudSavedF14 ds.d 1 ; 870
ThudSavedF15 ds.d 1 ; 878
ThudSavedF16 ds.d 1 ; 880
ThudSavedF17 ds.d 1 ; 888
ThudSavedF18 ds.d 1 ; 890
ThudSavedF19 ds.d 1 ; 898
ThudSavedF20 ds.d 1 ; 8a0
ThudSavedF21 ds.d 1 ; 8a8
ThudSavedF22 ds.d 1 ; 8b0
ThudSavedF23 ds.d 1 ; 8b8
ThudSavedF24 ds.d 1 ; 8c0
ThudSavedF25 ds.d 1 ; 8c8
ThudSavedF26 ds.d 1 ; 8d0
ThudSavedF27 ds.d 1 ; 8d8
ThudSavedF28 ds.d 1 ; 8e0
ThudSavedF29 ds.d 1 ; 8e8
ThudSavedF30 ds.d 1 ; 8f0
ThudSavedF31 ds.d 1 ; 8f8
SomethingSerial ds.l 1 ; 900
ThudSavedLR ds.l 1 ; 904
RTAS_Proc ds.l 1 ; 908 ; r8 on kernel entry
RTAS_PrivDataArea ds.l 1 ; 90c ; copied from HWInfo
ZeroWord ds.l 1 ; 910 ; Only NewWorld and Unknown PIHes touch this
ds.l 1 ; 914
ds.l 1 ; 918
ds.l 1 ; 91c
PageMap ds.b 1184; 920:dc0
NanoKernelInfo ds.b 352 ; dc0:f20 ; see NKNanoKernelInfo in PPCInfoRecordsPriv
ProcessorInfo ds.b 160 ; f20:fc0
InfoRecord ds.b 64 ; fc0:1000 ; was main copy in NKv1, now vestigial?
; The kernel creates several of these, and activates one by pointing
; a CPU's SPRG3 ("vecBase") register at it. Find them in PSA and KDP.
; (For want of more information, I have colour coded them for now.)
; Each entry is a (hopefully 64-byte aligned) physical pointer to an
; interrupt service routine in the kernel. One entry roughly
; corresponds with one of the 256-byte aligned entry points into
; the PowerPC interrupt (="exception") vector table. Code for those
; can be found in :RISC:ExceptionTable.s.
VecTable record 0,INCR
ds.l 1 ; 00 ; scratch for IVT?
SystemResetVector ds.l 1 ; 04 ; called by IVT+100 (system reset)
MachineCheckVector ds.l 1 ; 08 ; called by IVT+200 (machine check)
DSIVector ds.l 1 ; 0c ; called by IVT+300 (DSI)
ISIVector ds.l 1 ; 10 ; called by IVT+400 (ISI)
ExternalIntVector ds.l 1 ; 14 ; called by IVT+500 (external interrupt)
AlignmentIntVector ds.l 1 ; 18 ; called by IVT+600 (alignment)
ProgramIntVector ds.l 1 ; 1c ; called by IVT+700 (program)
FPUnavailVector ds.l 1 ; 20 ; called by IVT+800 (FP unavail)
DecrementerVector ds.l 1 ; 24 ; called by IVT+900 (decrementer)
ReservedVector1 ds.l 1 ; 28 ; called by IVT+a00 (reserved)
ReservedVector2 ds.l 1 ; 2c ; called by IVT+b00 (reserved)
SyscallVector ds.l 1 ; 30 ; called by IVT+c00 (system call)
TraceVector ds.l 1 ; 34 ; called by IVT+d00 (trace)
FPAssistVector ds.l 1 ; 38 ; called by IVT+e00 (FP assist)
PerfMonitorVector ds.l 1 ; 3c ; called by IVT+f00 (perf monitor)
ds.l 1 ; 40 ;
ds.l 1 ; 44 ;
ds.l 1 ; 48 ;
ds.l 1 ; 4c ; Vectors from here downwards are called from
ds.l 1 ; 50 ; odd places in the IVT????
ds.l 1 ; 54 ;
ds.l 1 ; 58 ; seems AltiVec-related
ThermalEventVector ds.l 1 ; 5c ;
ds.l 1 ; 60 ;
ds.l 1 ; 64 ;
ds.l 1 ; 68 ;
ds.l 1 ; 6c ;
ds.l 1 ; 70 ;
ds.l 1 ; 74 ;
ds.l 1 ; 78 ;
ds.l 1 ; 7c ;
ds.l 1 ; 80 ; shares with TraceVector in Y and G
ds.l 1 ; 84 ;
ds.l 1 ; 88 ;
ds.l 1 ; 8c ;
ds.l 1 ; 90 ;
ds.l 1 ; 94 ;
ds.l 1 ; 98 ;
ds.l 1 ; 9c ;
ds.l 1 ; a0 ;
ds.l 1 ; a4 ;
ds.l 1 ; a8 ;
ds.l 1 ; ac ;
ds.l 1 ; b0 ;
ds.l 1 ; b4 ;
ds.l 1 ; b8 ;
ds.l 1 ; bc ; called by IVT+0 (reserved)
Size equ *
; You can also use this record to index the NanoKernelCallCounts in
; PPCInfoRecordsPriv.s:NKNanoKernelInfo.
NanoKernelCallTable record 0,INCR
ReturnFromException ds.l 1 ; 00, kdp+5f0, trap 0 ; SS replaces with jump to emu+f900
RunAlternateContext ds.l 1 ; 04, kdp+5f4, trap 1
ResetSystem ds.l 1 ; 08, kdp+5f8, trap 2 ; SS replaces with jump to emu+fb00
VMDispatch ds.l 1 ; 0c, kdp+5fc, trap 3 ; FE0A (VM/MMU/NK) trap
PrioritizeInterrupts ds.l 1 ; 10, kdp+600, trap 4 ; SS forbids
PowerDispatch ds.l 1 ; 14, kdp+604, trap 5 ; FEOF
RTASDispatch ds.l 1 ; 18, kdp+608, trap 6 ; SS forbids the use of this trap and below
CacheDispatch ds.l 1 ; 1c, kdp+60c, trap 7
MPDispatch ds.l 1 ; 20, kdp+610, trap 8 ; also accessible via syscall interface
ds.l 1 ; 24, kdp+614, trap 9 ; unused
ds.l 1 ; 28, kdp+618, trap 10 ; unused
ds.l 1 ; 2c, kdp+61c, trap 11 ; unused
CallAdapterProcPPC ds.l 1 ; 30, kdp+620, trap 12 ; unused
ds.l 1 ; 34, kdp+624, trap 13 ; unused
CallAdapterProc68k ds.l 1 ; 38, kdp+628, trap 14 ; unused
Thud ds.l 1 ; 3c, kdp+62c, trap 15 ; basically just panic
Size equ *
; An 8-byte entry in the PageMap tables passed to the NanoKernel via
; ConfigInfo. Roughly corresponds with a contiguous logical address
; range lying within 256MB (segment) boundaries, and therefore
; roughly corresponds with the NKv2 MP "Area" struct.
; It could be that these are actually PageMap Descriptor *Entries*,
; and I have misunderstood.
PMDT record 0,INCR
LBase ds.w 1 ; 0 ; (base - segment) >> 12
PageCount ds.w 1 ; 2 ; page count MINUS ONE
PBaseAndFlags ds.l 1 ; 4 ; PBase page aligned
PBaseBits equ 20
FirstFlagBit equ 20
FirstFlag equ 0x800
DaddyFlag equ 0x800
CountingFlag equ 0x400
PhysicalIsRelativeFlag equ 0x200
Size equ *
; Seven of these, each with a four-byte signature, live in the PSA.
; The signatures describe the protected structures adequately.
; The function to acquire a lock seems to have been inlined, because
; it always saves and restores r8 and r9 (even to and from themselves)
; around a bl to NanoKernelInit.s:AcquireLock. It has therefore been
; macrofied as NanoKernelMacros.s:_Lock.
Lock record 0,INCR
Count ds.l 1 ; 00 ; target for lwarx/stwcx
Signature ds.l 1 ; 04
kHTABLockSignature equ 'htab'
kPIHLockSignature equ 'pih '
kSchLockSignature equ 'sch '
kThudLockSignature equ 'thud'
kRTASLockSignature equ 'rtas'
kDbugLockSignature equ 'dbug'
kPoolLockSignature equ 'pool'
org 0x10
Holder ds.l 1 ; 10
org 0x20
; Structs after this point are inadequately commented. Sorry!
Index record 0,INCR
kSignature equ 'INDX'
HalfOne ds.w 1 ; 000
HalfTwo ds.w 1 ; 002
Signature ds.l 1 ; 004
IDsPtr ds.l 1 ; 008
org 520
Size equ *
PoolPage record 0,INCR
FreeBytes ds.l 1 ; 000
org 4096
Size equ *
; Special opaque NanoKernel stuff!
GRPSStruct record 0,INCR
kSignature equ 'GRPS'
LLL ds.l 4 ; 00:10
; These seem to go in a notification queue?
LLL record 0,INCR
Freeform ds.l 1 ; 0
Signature ds.l 1 ; 4
Next ds.l 1 ; 8
Prev ds.l 1 ; c
; Special case of LLL
; Init'ed by InitTMRQs (called by Init.s)
; There is one copy of this struct at kdp-a84 below the (shorter) queue structs,
; and two copies in the pool, pointed to by kdp-434 and kdp-364.
TimerQueueStruct record 0,INCR
LLL ds.l 4 ; 00
Unused ds.l 1 ; 10
ZeroByte ds.b 1 ; 14 ; can also be set to 7 or 8
UnusedByte ds.b 1 ; 15
OneByte1 ds.b 1 ; 16
OneByte2 ds.b 1 ; 17 ; can also be unset
org 0x38
TimeCtr ds.d 1 ; 38 ; high half in DEC reg or whole thing in TB
; For altivec, mofo
VectorSaveArea record 0,INCR
org 23*16
;RegisterAreaSize equ *-VectorSaveArea
RegisterAreaSize equ 23*16
org 32*16 + 20