Difference between revisions of "Cafe OS"

From WiiUBrew
Jump to: navigation, search
Line 244: Line 244:
 
|-
 
|-
 
| 0xf6000000 - 0xf6800000
 
| 0xf6000000 - 0xf6800000
|  
+
| 0x1b000000 - 0x1b800000
|  
+
| 0x00800000
 
|  
 
|  
 
|  
 
|  
Line 314: Line 314:
 
|-
 
|-
 
| 0xff200000 - 0xff280000
 
| 0xff200000 - 0xff280000
|  
+
| 0x1b800000 - 0x1b880000
|  
+
| 0x00080000
 
|  
 
|  
 
|  
 
|  
Line 321: Line 321:
 
|-
 
|-
 
| 0xffe00000 - 0xfff20000
 
| 0xffe00000 - 0xfff20000
|  
+
| 0xffe00000 - 0xfff20000
|  
+
| 0x00120000
 
|  
 
|  
 
|  
 
|  

Revision as of 18:01, 10 December 2015

Cafe OS is the operating system running on the PowerPC in Wii U mode. It consists of the Cafe OS kernel, the executable loader, and system libraries. Unlike on the Wii, where games ran with full hardware access, Wii U applications run under the supervision of the kernel, isolating them from each other. All applications are modified ELFs, as are the libraries themselves, and applications dynamically link with them to gain access to OS services. Cafe OS also contains a few system processes, like the home menu and error handler.

Architecture

Kernel

Main article: Cafe_OS_Kernel

The kernel runs in supervisor mode on the PowerPC, and performs the basic tasks of a microkernel. It is responsible for process isolation, memory management, and interrupt dispatching, as well as communication with IOSU. Cafe OS applications run as user mode processes, with separate address spaces and W^X memory protection. The kernel provides basic syscalls for running processes.

Processes

A process in Cafe OS represents a single running application, with its own code, memory, and permissions. Cafe OS only executes the code of a single process at a time, but it can hold the data of multiple processes in memory simultaneously, and switch between them. Rather than allowing arbitrary process creation, there is RAM reserved for a single foreground app, a single background app, and various other special processes. Each running process is assigned a unique identifier called a RAMPID:

RAMPID Description
0 Cafe OS
1 root.rpx
2 ???
3 ???
4 Background app
5 Home Menu
6 Error display
7 Foreground app

In addition to RAMPID, Cafe OS processes have another type of process ID called a fixed process ID (PFID). Rather than representing which part of memory a process occupies, PFID actually specifies which specific app/task is running (browser, game, eShop, etc.). Cafe OS maps PFIDs to the RAMPID that they occupy when running (for example, a game is RAMPID 7 due to running in the foreground):

PFID Description RAMPID
0 Cafe OS 0
1 root.rpx 1
2 Wii U Menu 7
3 COS-RSVD-03 ???
4 E-manual ???
5 Home Menu 5
6 Error display 6
7 COS-SYS-APP ???
8 Internet Browser 4
9 COS-RSVD-09 ???
10 COS-RSVD-10 ???
11 COS-FLV ???
12 Download manager ???
13 COS-RSVD-13 ???
14 COS-RSVD-14 ???
15 Game 7

Loader

Main article: Loader

The loader is responsible for loading RPL formatted libraries and executables into memory. It is a standard ELF executable named loader.elf. It includes a statically linked copy of zlib, probably for decompressing sections of RPL files.

Libraries

Cafe OS applications dynamically link with system libraries to get access to OS services. These OS services include memory management, graphics, audio, and controller input. All libraries are RPL files, a modification of the standard ELF format with compressed sections and more Windows-like dynamic linking. The main system libraries are listed below, with some having their own pages of documentation:

Virtual Memory Map

Virtual address range Physical address range Size Userland memory permissions Kernel-mode memory permissions Description
0x01000000 - 0x01800000 0x800000 Loader and system libraries
0x0??????? - 0x10000000 App executable and libraries (start varies, but end is always 0x10000000)
0x10000000 - 0x50000000 0x40000000 Application/library data area (may be smaller)
0xa0000000 - 0xe0000000 0x40000000 Overlay of application memory (used by loader?)
0xe0000000 - 0xe4000000 0x14000000 - 0x18000000 0x04000000 Some sort of hardware communication area
0xefe00000 - 0xefe80000 Loader data area (only mapped when running loader)
0xf4000000 - 0xf6000000 0x00000000 - 0x02000000 0x02000000 MEM1
0xf6000000 - 0xf6800000 0x1b000000 - 0x1b800000 0x00800000 Unknown
0xf8000000 - 0xfb000000 Read-only shared data (system fonts mostly)
0xfc000000 - 0xfc0c0000 Processor Interface
0xfc200000 - 0xfc280000 GX2 TCL registers
0xfc280000 - 0xfc2a0000 DSP registers
0xfc2a0000 - 0xfc2c0000 GX2 FIFO space? (Radeon PKT3 sent here)
0xfc320000 - 0xfd000000 Espresso OTP (and other stuff?)
0xfd000000 - 0xfd?????? Latte registers
0xfd040250 - 0xfd046c00 I2C registers
0xfd046e00 - 0xfd060520 AI registers?
0xff200000 - 0xff280000 0x1b800000 - 0x1b880000 0x00080000 Kernel heap
0xffe00000 - 0xfff20000 0xffe00000 - 0xfff20000 0x00120000 Kernel ancast image
0xffffffe0(?) - 0xfffffffc(?) Per-thread data (e.g. pointer to thread descriptor and thread queue)