Update README.md

* origin/master: (98 commits)
  rosalina: fix for latest libctru changes
  pm: fix critical bugs where 1.0(?) titles not in the list have scheduling mode misconfigured
  loader: revert to use the NS patch due to a Nintendo bug: https://www.3dbrew.org/wiki/NCCH/Extended_Header#Flag1
  loader: replace NS N3DS CPU patch with exheader override, fix overriding exheader with homebrew
  rosalina: ntp: use PTMSYSM_SetRtcTime
  revert the memory map to the old one (mostly)
  fix module loading
  kext: fix outer memory cacheability on newer versions
  so bascially rosalina's image...
  rosalina: add hidden debug info menu
  rosalina: refactor menu handling
  rosalina: rephrase brightness warning
  rosalina: add brightness control menu
  rosalina/pm: remove fs patch, use pm instead
  rosalina: cleanup variable names
  rosalina: reorder menus
  Fix latest commit
  rosalina menu: add scrolling, cpad and inputredir support (note: no ZL/ZR due to technical reasons)
  stuff
  newlib...
  ...

# Conflicts:
#	k11_extension/source/main.c
#	k11_extension/source/svc/UnmapProcessMemoryEx.c
#	sysmodules/rosalina/Makefile
#	sysmodules/rosalina/include/menu.h
#	sysmodules/rosalina/include/utils.h
#	sysmodules/rosalina/source/errdisp.c
#	sysmodules/rosalina/source/main.c
#	sysmodules/rosalina/source/menu.c
#	sysmodules/rosalina/source/menus.c

.gitattributes

@@ -0,0 +1 @@
+*.xml text eol=lf

.github/ISSUE_TEMPLATE/bug-report.md

@@ -11,7 +11,7 @@ about: Use this to report bugs you encounter with Luma3DS. Make sure you upload
 --
 -- Also check the Wiki (https://github.com/AuroraWright/Luma3DS/wiki) before making an issue.
 --
--- For GBA/DSiWare/DS/AGB_FIRM/TWL_FIRM problems: https://3ds.hacks.guide/troubleshooting
+-- For GBA/DSiWare/DS/AGB_FIRM/TWL_FIRM problems: use https://github.com/MechanicalDragon0687/TWLFix-CFW and update your system.
 -- If you're using an emu/redNAND try installing anything on it to sysNAND.
 -- Please make sure to read "Enable game patching" https://github.com/AuroraWright/Luma3DS/wiki/Options-and-usage before posting any issues about the "Enable game patching" option(s).
 --
@@ -25,7 +25,8 @@ about: Use this to report bugs you encounter with Luma3DS. Make sure you upload
 
 **SysNAND version (+emu/redNAND version if applicable):**
 
-[e.g. 11.6.0-39U SysNAND, 11.6.0-39J EmuNAND]
+[e.g. 11.13.0-45U SysNAND, 11.13.0-45E EmuNAND]
+<!--You can check which version you're on in System Settings. It will be on the bottom right of the top screen.-->
 
 **Entrypoint (How/what you're using to boot Luma3DS):**
 
@@ -33,9 +34,7 @@ about: Use this to report bugs you encounter with Luma3DS. Make sure you upload
 
 **Luma3DS version:**
 
-[e.g. 8.1.1 stable or if using nightly/hourly specify the commit like this https://github.com/AuroraWright/Luma3DS/commit/9570e6cbeca53128433abbf5e3473cb8a07fe69e]
-<!--You can check which version you're on in System Settings. It will be on the bottom right of the top screen.-->
-
+[e.g. v10.1.3 stable or if using non-releases specify the commit like this https://github.com/AuroraWright/Luma3DS/commit/0543c208fd154e6326ea5da8cbf66ffcbdef010c]
 
 **Luma3DS configuration/options:**
 
@@ -71,11 +70,11 @@ Show NAND or user string in System Settings: ( )
 
 Show GBA boot screen in patched AGB_FIRM: ( )
 
-Patch ARM9 access: ( )
+Patch Arm9 access: ( )
 
 Set developer UNITINFO: ( )
 
-Disable ARM11 exception handlers: ( )
+Disable Arm11 exception handlers: ( )
 
 --
 
@@ -95,6 +94,6 @@ Disable ARM11 exception handlers: ( )
 
 
 **Dump file:**
-<!--If the issue leads to a crash you must uncheck the "Disable ARM11 exception handlers" option.
+<!--If the issue leads to a crash you must uncheck the "Disable Arm11 exception handlers" option.
 -- The error message will tell you where the dump is.
 -- Zip the dmp file and drag & drop it below.-->

README.md

@@ -1,41 +1,70 @@
-# Luma3DS
-*Noob-proof (N)3DS "Custom Firmware"*
+# Luma3DS-3GX Plugin Edition
+*Noob-proof (N)3DS "Custom Firmware", with 3GX plugins support*
 
-## What it is
+### 3GX Plugin Edition
+This edition of **Luma3DS** allows the loading of **.3GX plugins** in Luma3DS, which are otherwise officially unsupported.
+
+
+### How to install this Edition
+1. download the latest `boot.firm` from [the releases page](https://github.com/mind-overflow/Luma3DS-3GX/releases/latest)
+2. put the downloaded `boot.firm` file in the `root` directory of your SD card (`sd:/boot.firm`), overwriting the official Luma3DS `boot.firm`.
+3. (re)boot your 3DS, and when prompted, enable:
+    - "Enable game patching"
+    - "Show NAND or user string in System Settings"
+4. press `START` and let your 3DS boot.
+
+You successfully installed the 3GX Plugin Loader! Now, proceed to the next step to learn how to install and enable 3GX plugins.
+
+### How to install 3GX plugins
+Plugins have to be installed in the `sd:/luma/plugins` folder.
+Usually, you need to put your specific plugin in the `<TITLEID>` subdirectory, eg: `sd:/luma/plugins/<TITLEID>/<filename>.3gx`.
+However, a `default.3gx` plugin can also be placed in the main `sd:/luma/plugins` directory: `sd:/luma/plugins/default.3gx`.
+
+So:
+``` yaml
+    sd:/luma/plugins/default.3gx # will be loaded for all games, low priority
+    sd:/luma/plugins/<TITLEID>/<filename>.3gx # will only be loaded for the specified title, high priority
+```
+
+Now you know how to install 3GX plugins! Proceed to the next step to learn how how to enable 3GX plugins.
+
+### How to enable 3GX plugins
+1. when booted, press `L + D-Pad Down + Select` to open the Rosalina menu.
+2. Press `D-Pad Down` again until `Plugin Loader`, is selected, then press `A` and set it to `[Enabled]`.
+
+Done! You learned to install the 3GX Plugin loader, install 3GX Plugins and enable them. Now, simply launch the game you want to play and press `SELECT` to open up the 3GX menu!
+
+
+### Luma3DS introduction
+**Luma3DS** is a program to patch the system software of (New) Nintendo (2)3DS handheld consoles "on the fly", adding features such as per-game language settings, debugging capabilities for developers, and removing restrictions enforced by Nintendo such as the region lock.
 
-**Luma3DS** is a program to patch the system software of (New) Nintendo 3DS handheld consoles "on the fly", adding features (such as per-game language settings and debugging capabilities for developers) and removing restrictions enforced by Nintendo (such as the region lock).
 It also allows you to run unauthorized ("homebrew") content by removing signature checks.
-To use it, you will need a console capable of running homebrew software on the ARM9 processor. We recommend [Plailect's guide](https://3ds.hacks.guide/) for details on how to get your system ready.
+To use it, you will need a console capable of running homebrew software on the Arm9 processor.
 
-Since Luma3DS v8.0, Luma3DS has its own in-game menu, triggerable by `L+Down+Select` (see the [release notes](https://github.com/AuroraWright/Luma3DS/releases/tag/v8.0)).
+Since v8.0, Luma3DS has its own in-game menu, triggerable by <kbd>L+Down+Select</kbd> (see the [release notes](https://github.com/LumaTeam/Luma3DS/releases/tag/v8.0)).
 
----
+#
+### Compiling
+* Prerequisites
+    1. git
+    2. [makerom](https://github.com/jakcron/Project_CTR) in PATH
+    3. [firmtool](https://github.com/TuxSH/firmtool)
+    4. Up-to-date devkitARM+libctru
+1. Clone the repository with `git clone https://github.com/mind-overflow/Luma3DS-3GX.git`
+2. Run `make`.
 
-## Compiling
+    The produced `boot.firm` is meant to be copied to the root of your SD card for usage with Boot9Strap.
 
-First you need to clone the repository with: `git clone https://github.com/AuroraWright/Luma3DS.git`  
-To compile, you'll need a recent commit of [makerom](https://github.com/profi200/Project_CTR) added to your PATH. You'll also need to install [firmtool](https://github.com/TuxSH/firmtool), its README contains installation instructions.
-You'll also need to update your libctru and devkitARM installation to their latest releases.
-Then, run `make`.
-The produced file is called `boot.firm` and is meant to be copied to the root of your SD card, for usage with boot9strap.
+#
+### Setup / Usage / Features
+See https://github.com/LumaTeam/Luma3DS/wiki
 
----
+#
+### Credits
+See https://github.com/LumaTeam/Luma3DS/wiki/Credits
 
-## Setup / Usage / Features
+#
+### Licensing
+This software is licensed under the terms of the GPLv3. You can find a copy of the license in the LICENSE.txt file.
 
-See https://github.com/AuroraWright/Luma3DS/wiki
-
----
-
-## Credits
-
-See https://github.com/AuroraWright/Luma3DS/wiki/Credits
-
----
-
-## Licensing
-
-This software is licensed under the terms of the GPLv3.
-You can find a copy of the license in the LICENSE.txt file.
-
-Files in the GDB stub are instead double-licensed as MIT or "GPLv2 or any later version", in which case it is specified in the file header.
+Files in the GDB stub are instead triple-licensed as MIT or "GPLv2 or any later version", in which case it's specified in the file header.

arm11/source/main.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm11/source/memory.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm11/source/memory.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm11/source/start.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+@   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by
@@ -71,7 +71,7 @@ start:
 .global prepareForFirmlaunch
 .type   prepareForFirmlaunch, %function
 prepareForFirmlaunch:
-    str r0, [r1]            @ tell ARM9 we're done
+    str r0, [r1]            @ tell Arm9 we're done
     mov r0, #0x20000000
 
     _wait_for_core0_entrypoint_loop:

arm11/source/types.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/Makefile

@@ -158,7 +158,7 @@ $(OUTPUT).elf	:	$(OFILES)
 $(OFILES_SRC)	: $(HFILES_BIN)
 
 memory.o strings.o:	CFLAGS +=	-O3
-config.o:			CFLAGS +=	-DCONFIG_TITLE="\"$(APP_TITLE) $(REVISION) configuration\""
+config.o:			CFLAGS +=	-DCONFIG_TITLE="\"$(APP_TITLE) $(REVISION)_3gx_beta configuration\""
 patches.o:			CFLAGS +=	-DVERSION_MAJOR="$(VERSION_MAJOR)" -DVERSION_MINOR="$(VERSION_MINOR)"\
 								-DVERSION_BUILD="$(VERSION_BUILD)" -DISRELEASE="$(IS_RELEASE)" -DCOMMIT_HASH="0x$(COMMIT)"
 #---------------------------------------------------------------------------------

arm9/source/3dsheaders.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/alignedseqmemcpy.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/alignedseqmemcpy.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+@   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by

arm9/source/arm9_exception_handlers.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/arm9_exception_handlers.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/arm9_exception_handlers_asm.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+@   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by

arm9/source/buttons.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/cache.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -33,7 +33,7 @@
     The data cache and/or the instruction cache MUST be flushed before doing one of the following:
         - rebooting
         - powering down
-        - setting the ARM11 entrypoint to execute a function
+        - setting the Arm11 entrypoint to execute a function
         - jumping to a payload
 ***/
 

arm9/source/cache.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+@   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by
@@ -31,7 +31,7 @@
 flushEntireDCache:
     @ Adapted from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0155a/ch03s03s05.html,
     @ and https://github.com/gemarcano/libctr9_io/blob/master/src/ctr_system_ARM.c#L39 as well
-    @ Note: ARM's example is actually for a 8KB DCache (which is what the 3DS has)
+    @ Note: Arm's example is actually for a 8KB DCache (which is what the 3DS has)
 
     @ Implemented in bootROM at address 0xffff0830
     mov r1, #0                          @ segment counter

arm9/source/chainloader.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/chainloader.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -29,4 +29,4 @@
 #include "types.h"
 #include "firm.h"
 
-void chainload(int argc, char **argv, Firm *firm);
+void chainload(int argc, char **argv, Firm *firm);

arm9/source/config.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -94,7 +94,8 @@ void configMenu(bool oldPinStatus, u32 oldPinMode)
                                                "( ) Show NAND or user string in System Settings",
                                                "( ) Show GBA boot screen in patched AGB_FIRM",
                                                "( ) Set developer UNITINFO",
-                                               "( ) Disable ARM11 exception handlers",
+                                               "( ) Disable Arm11 exception handlers",
+                                               "( ) Enable Rosalina on SAFE_FIRM",
                                              };
 
     static const char *optionsDescription[]  = { "Select the default EmuNAND.\n\n"
@@ -189,11 +190,20 @@ void configMenu(bool oldPinStatus, u32 oldPinMode)
                                                  "are doing!",
 
                                                  "Disables the fatal error exception\n"
-                                                 "handlers for the ARM11 CPU.\n\n"
+                                                 "handlers for the Arm11 CPU.\n\n"
                                                  "Note: Disabling the exception handlers\n"
                                                  "will disqualify you from submitting\n"
                                                  "issues or bug reports to the Luma3DS\n"
-                                                 "GitHub repository!"
+                                                 "GitHub repository!",
+
+                                                 "Enables Rosalina, the kernel ext.\n"
+                                                 "and sysmodule reimplementations on\n"
+                                                 "SAFE_FIRM (New 3DS only).\n\n"
+                                                 "Also suppresses QTM error 0xF96183FE,\n"
+                                                 "allowing to use 8.1-11.3 N3DS on\n"
+                                                 "New 2DS XL consoles.\n\n"
+                                                 "Only select this if you know what you\n"
+                                                 "are doing!",
                                                };
 
     FirmwareSource nandType = FIRMWARE_SYSNAND;
@@ -229,7 +239,8 @@ void configMenu(bool oldPinStatus, u32 oldPinMode)
         { .visible = true },
         { .visible = true },
         { .visible = true },
-        { .visible = true }
+        { .visible = true },
+        { .visible  = ISN3DS },
     };
 
     //Calculate the amount of the various kinds of options and pre-select the first single one

arm9/source/config.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -34,7 +34,7 @@
 
 #define CONFIG_FILE         "config.bin"
 #define CONFIG_VERSIONMAJOR 2
-#define CONFIG_VERSIONMINOR 3
+#define CONFIG_VERSIONMINOR 4
 
 #define BOOTCFG_NAND         BOOTCONFIG(0, 7)
 #define BOOTCFG_FIRM         BOOTCONFIG(3, 7)
@@ -60,7 +60,8 @@ enum singleOptions
     PATCHVERSTRING,
     SHOWGBABOOT,
     PATCHUNITINFO,
-    DISABLEARM11EXCHANDLERS
+    DISABLEARM11EXCHANDLERS,
+    ENABLESAFEFIRMROSALINA,
 };
 
 typedef enum ConfigurationStatus

arm9/source/crypto.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -599,11 +599,11 @@ void kernel9Loader(Arm9Bin *arm9Section)
     __attribute__((aligned(4))) u8 arm9BinCtr[AES_BLOCK_SIZE];
     memcpy(arm9BinCtr, arm9Section->ctr, sizeof(arm9BinCtr));
 
-    //Decrypt ARM9 binary
+    //Decrypt Arm9 binary
     aes_use_keyslot(arm9BinSlot);
     aes(startOfArm9Bin, startOfArm9Bin, arm9SectionSize / AES_BLOCK_SIZE, arm9BinCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
 
-    if(*startOfArm9Bin != 0x47704770 && *startOfArm9Bin != 0xB0862000) error("Failed to decrypt the ARM9 binary.");
+    if(*startOfArm9Bin != 0x47704770 && *startOfArm9Bin != 0xB0862000) error("Failed to decrypt the Arm9 binary.");
 }
 
 void computePinHash(u8 *outbuf, const u8 *inbuf)
@@ -612,7 +612,7 @@ void computePinHash(u8 *outbuf, const u8 *inbuf)
                                    cipherText[AES_BLOCK_SIZE];
 
     sdmmc_get_cid(1, (u32 *)cid);
-    aes_use_keyslot(0x04); //Console-unique keyslot whose keys are set by the ARM9 bootROM
+    aes_use_keyslot(0x04); //Console-unique keyslot whose keys are set by the Arm9 bootROM
     aes(cipherText, inbuf, 1, cid, AES_CBC_ENCRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
     sha(outbuf, cipherText, sizeof(cipherText), SHA_256_MODE);
 }

arm9/source/crypto.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/draw.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/draw.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/emunand.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/emunand.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/exceptions.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -85,8 +85,8 @@ void detectAndProcessExceptionDumps(void)
 
     drawString(true, 10, 10, COLOR_RED, "An exception occurred");
     u32 posY;
-    if(dumpHeader->processor == 11) posY = drawFormattedString(true, 10, 30, COLOR_WHITE, "Processor:       ARM11 (core %u)", dumpHeader->core);
-    else posY = drawString(true, 10, 30, COLOR_WHITE, "Processor:       ARM9");
+    if(dumpHeader->processor == 11) posY = drawFormattedString(true, 10, 30, COLOR_WHITE, "Processor:       Arm11 (core %u)", dumpHeader->core);
+    else posY = drawString(true, 10, 30, COLOR_WHITE, "Processor:       Arm9");
 
     if(dumpHeader->type == 2)
     {

arm9/source/exceptions.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/firm.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -58,7 +58,7 @@ static __attribute__((noinline)) bool inRange(u32 as, u32 ae, u32 bs, u32 be)
 
 static bool checkFirm(u32 firmSize)
 {
-    if(memcmp(firm->magic, "FIRM", 4) != 0 || firm->arm9Entry == NULL) //Allow for the ARM11 entrypoint to be zero in which case nothing is done on the ARM11 side
+    if(memcmp(firm->magic, "FIRM", 4) != 0 || firm->arm9Entry == NULL) //Allow for the Arm11 entrypoint to be zero in which case nothing is done on the Arm11 side
         return false;
 
     bool arm9EpFound = false,
@@ -184,7 +184,7 @@ u32 loadNintendoFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadF
         else if(ctrNandError) error("Unable to mount CTRNAND or load the CTRNAND FIRM.\nPlease use an external one.");
     }
 
-    //Check that the FIRM is right for the console from the ARM9 section address
+    //Check that the FIRM is right for the console from the Arm9 section address
     if((firm->section[3].offset != 0 ? firm->section[3].address : firm->section[2].address) != (ISN3DS ? (u8 *)0x8006000 : (u8 *)0x8006800))
         error("The %s FIRM is not for this console.", loadedFromStorage ? "external" : "CTRNAND");
 
@@ -278,7 +278,8 @@ static inline void mergeSection0(FirmwareType firmType, u32 firmVersion, bool lo
         srcModuleSize = moduleList[nbModules].size = ((Cxi *)src)->ncch.contentSize * 0x200;
     }
 
-    if(firmType == NATIVE_FIRM && (ISN3DS || firmVersion >= 0x1D))
+    // SAFE_FIRM only for N3DS and only if ENABLESAFEFIRMROSALINA is on
+    if((firmType == NATIVE_FIRM || firmType == SAFE_FIRM) && (ISN3DS || firmVersion >= 0x1D))
     {
         //2) Merge that info with our own modules'
         for(u8 *src = (u8 *)0x18180000; memcmp(((Cxi *)src)->ncch.magic, "NCCH", 4) == 0; src += srcModuleSize)
@@ -303,7 +304,9 @@ static inline void mergeSection0(FirmwareType firmType, u32 firmVersion, bool lo
     //3) Read or copy the modules
     u8 *dst = firm->section[0].address;
     const char *extModuleSizeError = "The external FIRM modules are too large.";
-    for(u32 i = 0, dstModuleSize, maxModuleSize = firmType == NATIVE_FIRM ? 0x80000 : 0x600000; i < nbModules; i++, dst += dstModuleSize, maxModuleSize -= dstModuleSize)
+    // SAFE_FIRM only for N3DS and only if ENABLESAFEFIRMROSALINA is on
+    u32 maxModuleSize = (firmType == NATIVE_FIRM || firmType == SAFE_FIRM) ? 0x80000 : 0x600000;
+    for(u32 i = 0, dstModuleSize; i < nbModules; i++, dst += dstModuleSize, maxModuleSize -= dstModuleSize)
     {
         if(loadFromStorage)
         {
@@ -335,7 +338,7 @@ static inline void mergeSection0(FirmwareType firmType, u32 firmVersion, bool lo
         memcpy(dst, moduleList[i].src, dstModuleSize);
     }
 
-    //4) Patch NATIVE_FIRM if necessary
+    //4) Patch NATIVE_FIRM/SAFE_FIRM (N3DS) if necessary
     if(nbModules == 6)
     {
         if(patchK11ModuleLoading(firm->section[0].size, dst - firm->section[0].address, (u8 *)firm + firm->section[1].offset, firm->section[1].size) != 0)
@@ -350,7 +353,7 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, bool loadFromStora
 
     if(ISN3DS)
     {
-        //Decrypt ARM9Bin and patch ARM9 entrypoint to skip kernel9loader
+        //Decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
         kernel9Loader((Arm9Bin *)arm9Section);
         firm->arm9Entry = (u8 *)0x801B01C;
     }
@@ -409,7 +412,7 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, bool loadFromStora
         if(!ISDEVUNIT) ret += patchCheckForDevCommonKey(process9Offset, process9Size);
     }
 
-    //ARM9 exception handlers
+    //Arm9 exception handlers
     ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
     ret += patchSvcBreak9(arm9Section, kernel9Size, (u32)firm->section[2].address);
     ret += patchKernel9Panic(arm9Section, kernel9Size);
@@ -426,7 +429,7 @@ u32 patchTwlFirm(u32 firmVersion, bool loadFromStorage, bool doUnitinfoPatch)
 {
     u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
 
-    //On N3DS, decrypt ARM9Bin and patch ARM9 entrypoint to skip kernel9loader
+    //On N3DS, decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
     if(ISN3DS)
     {
         kernel9Loader((Arm9Bin *)arm9Section);
@@ -465,7 +468,7 @@ u32 patchAgbFirm(bool loadFromStorage, bool doUnitinfoPatch)
 {
     u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
 
-    //On N3DS, decrypt ARM9Bin and patch ARM9 entrypoint to skip kernel9loader
+    //On N3DS, decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
     if(ISN3DS)
     {
         kernel9Loader((Arm9Bin *)arm9Section);
@@ -501,7 +504,7 @@ u32 patch1x2xNativeAndSafeFirm(void)
 
     if(ISN3DS)
     {
-        //Decrypt ARM9Bin and patch ARM9 entrypoint to skip kernel9loader
+        //Decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
         kernel9Loader((Arm9Bin *)arm9Section);
         firm->arm9Entry = (u8 *)0x801B01C;
     }
@@ -518,10 +521,36 @@ u32 patch1x2xNativeAndSafeFirm(void)
 
     ret += ISN3DS ? patchSignatureChecks(process9Offset, process9Size) : patchOldSignatureChecks(process9Offset, process9Size);
 
-    //ARM9 exception handlers
+    //Arm9 exception handlers
     ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
     ret += patchSvcBreak9(arm9Section, kernel9Size, (u32)firm->section[2].address);
 
+    if(ISN3DS && CONFIG(ENABLESAFEFIRMROSALINA))
+    {
+        u8 *arm11Section1 = (u8 *)firm + firm->section[1].offset;
+        //Find the Kernel11 SVC table and handler, exceptions page and free space locations
+        u32 baseK11VA;
+        u8 *freeK11Space;
+        u32 *arm11SvcHandler,
+            *arm11ExceptionsPage,
+            *arm11SvcTable = getKernel11Info(arm11Section1, firm->section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11ExceptionsPage);
+
+        ret += installK11Extension(arm11Section1, firm->section[1].size, false, baseK11VA, arm11ExceptionsPage, &freeK11Space);
+        ret += patchKernel11(arm11Section1, firm->section[1].size, baseK11VA, arm11SvcTable, arm11ExceptionsPage);
+
+        // Add some other patches to the mix, as we can now launch homebrew on SAFE_FIRM:
+
+        //Apply firmlaunch patches
+        //Or don't, this makes usm not work
+        //ret += patchFirmlaunches(process9Offset, process9Size, process9MemAddr);
+
+        ret += patchKernel9Panic(arm9Section, kernel9Size);
+        ret += patchP9AccessChecks(process9Offset, process9Size);
+
+        mergeSection0(NATIVE_FIRM, 0x45, false); // may change in the future
+        firm->section[0].size = 0;
+    }
+
     return ret;
 }
 

arm9/source/firm.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/fmt.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/fmt.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/fs.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/fs.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/large_patches.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2017 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/main.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -226,11 +226,21 @@ void main(int argc, char **argv, u32 magicWord)
     }
 
     u32 pinMode = MULTICONFIG(PIN);
+    bool shouldLoadConfigMenu = needConfig == CREATE_CONFIGURATION || ((pressed & (BUTTON_SELECT | BUTTON_L1)) == BUTTON_SELECT);
     bool pinExists = pinMode != 0 && verifyPin(pinMode);
 
-    //If no configuration file exists or SELECT is held or if booted from NTRCARD, load configuration menu
-    bool shouldLoadConfigMenu = needConfig == CREATE_CONFIGURATION || ((pressed & (BUTTON_SELECT | BUTTON_L1)) == BUTTON_SELECT);
+    /* If the PIN has been verified, wait to make it easier to press the SAFE_MODE combo or the configuration menu button
+       (if not already pressed, for the latter) */
+    if(pinExists && !shouldLoadConfigMenu)
+    {
+        while(HID_PAD & PIN_BUTTONS);
+        wait(2000ULL);
 
+        //Update pressed buttons
+        pressed = HID_PAD;
+    }
+
+    shouldLoadConfigMenu = needConfig == CREATE_CONFIGURATION || ((pressed & (BUTTON_SELECT | BUTTON_L1)) == BUTTON_SELECT);
     if(shouldLoadConfigMenu)
     {
         configMenu(pinExists, pinMode);
@@ -247,13 +257,6 @@ void main(int argc, char **argv, u32 magicWord)
         isSafeMode = true;
         needToInitSd = true;
 
-        //If the PIN has been verified, wait to make it easier to press the SAFE_MODE combo
-        if(pinExists && !shouldLoadConfigMenu)
-        {
-            while(HID_PAD & PIN_BUTTONS);
-            wait(2000ULL);
-        }
-
         goto boot;
     }
 
@@ -271,7 +274,19 @@ void main(int argc, char **argv, u32 magicWord)
     else if((((pressed & SINGLE_PAYLOAD_BUTTONS) || (!autoBootEmu && (pressed & DPAD_BUTTONS))) && !(pressed & (BUTTON_L1 | BUTTON_R1))) ||
             (((pressed & L_PAYLOAD_BUTTONS) || (autoBootEmu && (pressed & DPAD_BUTTONS))) && (pressed & BUTTON_L1))) loadHomebrewFirm(pressed);
 
-    if(splashMode == 2) loadSplash();
+    if(splashMode == 2 && loadSplash()) pressed = HID_PAD;
+
+    //Check SAFE_MODE combo again
+    if(!CFG_BOOTENV && pressed == SAFE_MODE)
+    {
+        nandType = FIRMWARE_SYSNAND;
+        firmSource = FIRMWARE_SYSNAND;
+
+        isSafeMode = true;
+        needToInitSd = true;
+
+        goto boot;
+    }
 
     //If booting from CTRNAND, always use SysNAND
     if(!isSdMode) nandType = FIRMWARE_SYSNAND;

arm9/source/memory.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/memory.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/patches.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -42,6 +42,8 @@
 #include "arm9_exception_handlers.h"
 #include "large_patches.h"
 
+#define K11EXT_VA         0x70000000
+
 u8 *getProcess9Info(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
 {
     u8 *temp = memsearch(pos, "NCCH", size, 4);
@@ -79,8 +81,8 @@ u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 *
     return arm11SvcTable;
 }
 
-// For ARM prologs in the form of: push {regs} ... sub sp, #off (this obviously doesn't intend to cover all cases)
-static inline u32 computeARMFrameSize(const u32 *prolog)
+// For Arm prologs in the form of: push {regs} ... sub sp, #off (this obviously doesn't intend to cover all cases)
+static inline u32 computeArmFrameSize(const u32 *prolog)
 {
     const u32 *off;
 
@@ -108,9 +110,12 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     struct KExtParameters
     {
         u32 basePA;
+        u32 stolenSystemMemRegionSize;
         void *originalHandlers[4];
         u32 L1MMUTableAddrs[4];
 
+        volatile bool done;
+
         struct CfwInfo
         {
             char magic[4];
@@ -126,6 +131,7 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
             u32 config, multiConfig, bootConfig;
             u64 hbldr3dsxTitleId;
             u32 rosalinaMenuCombo;
+            u32 rosalinaFlags;
         } info;
     };
 
@@ -134,8 +140,9 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     static const u8 patternHook3_4[] = {0x00, 0x00, 0xA0, 0xE1, 0x03, 0xF0, 0x20, 0xE3, 0xFD, 0xFF, 0xFF, 0xEA}; //SGI0 setup code, etc.
 
     //Our kernel11 extension is initially loaded in VRAM
-    u32 kextTotalSize = *(u32 *)0x18000020 - 0x40000000;
-    u32 dstKextPA = (ISN3DS ? 0x2E000000 : 0x26C00000) - kextTotalSize;
+    u32 kextTotalSize = *(u32 *)0x18000020 - K11EXT_VA;
+    u32 stolenSystemMemRegionSize = kextTotalSize; // no need to steal any more mem on N3DS. Currently, everything fits in BASE on O3DS too (?)
+    u32 dstKextPA = (ISN3DS ? 0x2E000000 : 0x26C00000) - stolenSystemMemRegionSize; // start of BASE memregion (note: linear heap ---> <--- the rest)
 
     u32 *hookVeneers = (u32 *)*freeK11Space;
     u32 relocBase = 0xFFFF0000 + (*freeK11Space - (u8 *)arm11ExceptionsPage);
@@ -143,11 +150,11 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     hookVeneers[0] = 0xE51FF004; //ldr pc, [pc, #-8+4]
     hookVeneers[1] = 0x18000004;
     hookVeneers[2] = 0xE51FF004;
-    hookVeneers[3] = 0x40000000;
+    hookVeneers[3] = K11EXT_VA;
     hookVeneers[4] = 0xE51FF004;
-    hookVeneers[5] = 0x40000008;
+    hookVeneers[5] = K11EXT_VA + 8;
     hookVeneers[6] = 0xE51FF004;
-    hookVeneers[7] = 0x4000000C;
+    hookVeneers[7] = K11EXT_VA + 0xC;
 
     (*freeK11Space) += 32;
 
@@ -175,14 +182,16 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     off += 4;
     *off = MAKE_BRANCH_LINK(baseK11VA + ((u8 *)off - pos), relocBase + 24);
 
-    struct KExtParameters *p = (struct KExtParameters *)(*(u32 *)0x18000024 - 0x40000000 + 0x18000000);
+    struct KExtParameters *p = (struct KExtParameters *)(*(u32 *)0x18000024 - K11EXT_VA + 0x18000000);
     p->basePA = dstKextPA;
+    p->done = false;
+    p->stolenSystemMemRegionSize = stolenSystemMemRegionSize;
 
     for(u32 i = 0; i < 4; i++)
     {
         u32 *handlerPos = getKernel11HandlerVAPos(pos, arm11ExceptionsPage, baseK11VA, 1 + i);
         p->originalHandlers[i] = (void *)*handlerPos;
-        *handlerPos = 0x40000010 + 4 * i;
+        *handlerPos = K11EXT_VA + 0x10 + 4 * i;
     }
 
     struct CfwInfo *info = &p->info;
@@ -195,6 +204,7 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     info->bootConfig = configData.bootConfig;
     info->hbldr3dsxTitleId = configData.hbldr3dsxTitleId;
     info->rosalinaMenuCombo = configData.rosalinaMenuCombo;
+    info->rosalinaFlags = configData.rosalinaFlags;
     info->versionMajor = VERSION_MAJOR;
     info->versionMinor = VERSION_MINOR;
     info->versionBuild = VERSION_BUILD;
@@ -221,6 +231,10 @@ u32 patchKernel11(u8 *pos, u32 size, u32 baseK11VA, u32 *arm11SvcTable, u32 *arm
     u8 *ControlMemoryPos = instrPos + 8 + displ;
     u32 *off;
 
+    // Patch ControlMemory bounds checks for mem mapping
+    for (off = (u32 *)ControlMemoryPos; *off != 0xE0E01BF5; ++off);
+    *off = 0;
+
     /*
         Here we replace currentProcess->processID == 1 by additionnalParameter == 1.
         This patch should be generic enough to work even on firmware version 5.0.
@@ -230,7 +244,7 @@ u32 patchKernel11(u8 *pos, u32 size, u32 baseK11VA, u32 *arm11SvcTable, u32 *arm
     */
     for(off = (u32 *)ControlMemoryPos; (off[0] & 0xFFF0FFFF) != 0xE3500001 || (off[1] & 0xFFFF0FFF) != 0x13A00000; off++);
     off -= 2;
-    *off = 0xE59D0000 | (*off & 0x0000F000) | (8 + computeARMFrameSize((u32 *)ControlMemoryPos)); // ldr r0, [sp, #(frameSize + 8)]
+    *off = 0xE59D0000 | (*off & 0x0000F000) | (8 + computeArmFrameSize((u32 *)ControlMemoryPos)); // ldr r0, [sp, #(frameSize + 8)]
 
     //Patch DebugActiveProcess
     for(off = (u32 *)(pos + (arm11SvcTable[0x60] - baseK11VA)); *off != 0xE3110001; off++);
@@ -248,14 +262,14 @@ u32 patchKernel11(u8 *pos, u32 size, u32 baseK11VA, u32 *arm11SvcTable, u32 *arm
 
     //Redirect enableUserExceptionHandlersForCPUExc (= true)
     for(off = arm11ExceptionsPage; *off != 0x96007F9; off++);
-    off[1] = 0x40000028;
+    off[1] = K11EXT_VA + 0x28;
 
     off = (u32 *)memsearch(pos, patternKThreadDebugReschedule, size, sizeof(patternKThreadDebugReschedule));
     if(off == NULL)
         return 1;
 
     off[-5] = 0xE51FF004;
-    off[-4] = 0x4000002C;
+    off[-4] = K11EXT_VA + 0x2C;
 
     return 0;
 }
@@ -312,7 +326,7 @@ u32 patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr)
 
     off -= 0x13;
 
-    //Firmlaunch function offset - offset in BLX opcode (A4-16 - ARM DDI 0100E) + 1
+    //Firmlaunch function offset - offset in BLX opcode (A4-16 - Arm DDI 0100E) + 1
     u32 fOpenOffset = (u32)(off + 9 - (-((*(u32 *)off & 0x00FFFFFF) << 2) & (0xFFFFFF << 2)) - pos + process9MemAddr);
 
     //Put the fOpen offset in the right location
@@ -434,7 +448,7 @@ u32 patchK11ModuleLoading(u32 section0size, u32 modulesSize, u8 *pos, u32 size)
     off32 += 2;
     off32[1] = off32[0] + modulesSize;
     for(; *off32 != section0size; off32++);
-    *off32 += ((modulesSize + 0x1FF) >> 9) << 9;
+    *off32 = ((modulesSize + 0x1FF) >> 9) << 9;
 
     off = memsearch(pos, modulePidPattern, size, 4);
 

arm9/source/patches.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/pin.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/pin.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/screen.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/screen.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/start.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+@   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by
@@ -77,7 +77,7 @@ _start:
     ldr r1, =0xFFF0001B @ fff00000 16k  | dtcm
     ldr r2, =0x01FF801D @ 01ff8000 32k  | itcm
     ldr r3, =0x08000027 @ 08000000 1M   | arm9 mem
-    ldr r4, =0x10000029 @ 10000000 2M   | io mem (ARM9 / first 2MB)
+    ldr r4, =0x10000029 @ 10000000 2M   | io mem (Arm9 / first 2MB)
     ldr r5, =0x20000035 @ 20000000 128M | fcram
     ldr r6, =0x1FF00027 @ 1FF00000 1M   | dsp / axi wram
     ldr r7, =0x1800002D @ 18000000 8M   | vram (+ 2MB)
@@ -153,11 +153,11 @@ disableMpuAndJumpToEntrypoints:
     bic r0, #(1<<0)            @ - MPU disable
     mcr p15, 0, r0, c1, c0, 0  @ write control register
 
-    @ Set the ARM11 entrypoint
+    @ Set the Arm11 entrypoint
     mov r0, #0x20000000
     str r7, [r0, #-4]
 
-    @ Jump to the ARM9 entrypoint
+    @ Jump to the Arm9 entrypoint
     mov r0, r4
     mov r1, r5
     ldr r2, =0x3BEEF

arm9/source/strings.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/strings.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/types.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -69,6 +69,7 @@ typedef struct __attribute__((packed, aligned(4)))
     u32 config, multiConfig, bootConfig;
     u64 hbldr3dsxTitleId;
     u32 rosalinaMenuCombo;
+    u32 rosalinaFlags;
 } CfgData;
 
 typedef struct

arm9/source/utils.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

arm9/source/utils.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

exception_dump_parser/luma3ds_exception_dump_parser/__main__.py

@@ -2,7 +2,7 @@
 # Requires Python >= 3.2 or >= 2.7
 
 #   This file is part of Luma3DS
-#   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+#   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -22,7 +22,7 @@
 #   Notices displayed by works containing it.
 
 __author__    = "TuxSH"
-__copyright__ = "Copyright (c) 2016 TuxSH"
+__copyright__ = "Copyright (c) 2016-2020 TuxSH"
 __license__   = "GPLv3"
 __version__   = "v1.2"
 
@@ -121,8 +121,8 @@ def main(args=None):
     addtionalDataOffset = stackOffset + stackDumpSize
     additionalData = data[addtionalDataOffset : addtionalDataOffset + additionalDataSize]
 
-    if processor == 9: print("Processor: ARM9")
-    else: print("Processor: ARM11 (core {0})".format(processor >> 16))
+    if processor == 9: print("Processor: Arm9")
+    else: print("Processor: Arm11 (core {0})".format(processor >> 16))
 
     typeDetailsStr = ""
     if exceptionType == 2:
@@ -159,7 +159,7 @@ def main(args=None):
         print("{0:<15}{1:<20}Access type: {2}".format("FAR", "{0:08x}".format(registers[19]), "Write" if registers[17] & (1 << 11) != 0 else "Read"))
 
     thumb = registers[16] & 0x20 != 0
-    addr = registers[15] - codeDumpSize + (2 if thumb else 4)
+    addr = registers[15] - codeDumpSize / 2 + (2 if thumb else 4)
 
     print("\nCode dump:\n")
 
@@ -167,8 +167,9 @@ def main(args=None):
     try:
         path = os.path.join(os.environ["DEVKITARM"], "bin", "arm-none-eabi-objdump")
 
+
         if os.name == "nt" and path[0] == '/':
-            path = ''.join((path[1], ':', path[2:]))
+            path = ''.join(('c:', path[0], path[5:]))
 
         objdump_res = subprocess.check_output((
                                                     path, "-marm", "-b", "binary",
@@ -176,6 +177,7 @@ def main(args=None):
                                                      "--stop-address="+hex(addr + codeDumpSize), "-D", "-z", "-M",
                                                      "reg-names-std" + (",force-thumb" if thumb else ""), args.filename
                                              )).decode("utf-8")
+
         objdump_res = '\n'.join(objdump_res[objdump_res.find('<.data+'):].split('\n')[1:])
     except: objdump_res = ""
 

k11_extension/include/config.h

@@ -33,5 +33,6 @@ enum singleOptions
     PATCHVERSTRING,
     SHOWGBABOOT,
     PATCHUNITINFO,
-    DISABLEARM11EXCHANDLERS
+    DISABLEARM11EXCHANDLERS,
+    ENABLESAFEFIRMROSALINA,
 };

k11_extension/include/debug.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/fatalExceptionHandlers.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/globals.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -44,8 +44,12 @@ extern KAutoObject * (*KProcessHandleTable__ToKAutoObject)(KProcessHandleTable *
 extern void (*KSynchronizationObject__Signal)(KSynchronizationObject *this, bool isPulse);
 extern Result (*WaitSynchronization1)(void *this_unused, KThread *thread, KSynchronizationObject *syncObject, s64 timeout);
 extern Result (*KProcessHandleTable__CreateHandle)(KProcessHandleTable *this, Handle *out, KAutoObject *obj, u8 token);
+extern Result (*KProcessHwInfo__QueryMemory)(KProcessHwInfo *this, MemoryInfo *memoryInfo, PageInfo *pageInfo, void *address);
 extern Result (*KProcessHwInfo__MapProcessMemory)(KProcessHwInfo *this, KProcessHwInfo *other, void *dst, void *src, u32 nbPages);
 extern Result (*KProcessHwInfo__UnmapProcessMemory)(KProcessHwInfo *this, void *addr, u32 nbPages);
+extern Result (*KProcessHwInfo__CheckVaState)(KProcessHwInfo *hwInfo, u32 va, u32 size, u32 state, u32 perm);
+extern Result (*KProcessHwInfo__GetListOfKBlockInfoForVA)(KProcessHwInfo *hwInfo, KLinkedList *list, u32 va, u32 sizeInPage);
+extern Result (*KProcessHwInfo__MapListOfKBlockInfo)(KProcessHwInfo *this, u32 va, KLinkedList *list, u32 state, u32 perm, u32 sbz);
 extern Result (*KEvent__Clear)(KEvent *this);
 extern void (*KObjectMutex__WaitAndAcquire)(KObjectMutex *this);
 extern void (*KObjectMutex__ErrorOccured)(void);
@@ -53,8 +57,11 @@ extern void (*KObjectMutex__ErrorOccured)(void);
 extern void (*KScheduler__AdjustThread)(KScheduler *this, KThread *thread, u32 oldSchedulingMask);
 extern void (*KScheduler__AttemptSwitchingThreadContext)(KScheduler *this);
 
+extern void (*KLinkedList_KBlockInfo__Clear)(KLinkedList *list);
+
 extern Result (*ControlMemory)(u32 *addrOut, u32 addr0, u32 addr1, u32 size, MemOp op, MemPerm perm, bool isLoader);
 extern void (*SleepThread)(s64 ns);
+extern Result (*CreateEvent)(Handle *out, ResetType resetType);
 extern Result (*CloseHandle)(Handle handle);
 extern Result (*GetHandleInfo)(s64 *out, Handle handle, u32 type);
 extern Result (*GetSystemInfo)(s64 *out, s32 type, s32 param);
@@ -65,6 +72,7 @@ extern Result (*SendSyncRequest)(Handle handle);
 extern Result (*OpenProcess)(Handle *out, u32 processId);
 extern Result (*GetProcessId)(u32 *out, Handle process);
 extern Result (*DebugActiveProcess)(Handle *out, u32 processId);
+extern Result (*SignalEvent)(Handle event);
 extern Result (*UnmapProcessMemory)(Handle processHandle, void *dst, u32 size);
 extern Result (*KernelSetState)(u32 type, u32 varg1, u32 varg2, u32 varg3);
 
@@ -129,9 +137,14 @@ typedef struct CfwInfo
     u32 config, multiConfig, bootConfig;
     u64 hbldr3dsxTitleId;
     u32 rosalinaMenuCombo;
+    u32 rosalinaFlags;
 } CfwInfo;
 
 extern CfwInfo cfwInfo;
+extern u32 kextBasePa;
+extern u32 stolenSystemMemRegionSize;
 
 extern vu32 rosalinaState;
 extern bool hasStartedRosalinaNetworkFuncsOnce;
+
+KLinkedList*    KLinkedList__Initialize(KLinkedList *list);

k11_extension/include/ipc.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -57,5 +57,4 @@ void SessionInfo_Add(KSession *session, const char *name);
 void SessionInfo_Remove(KSession *session);
 
 bool doLangEmu(Result *res, u32 *cmdbuf);
-Result doPublishToProcessHook(Handle handle, u32 *cmdbuf);
 bool doErrfThrowHook(u32 *cmdbuf);

k11_extension/include/kernel.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -105,6 +105,14 @@ typedef struct ALIGN(4) KMutex
   union KProcess *owner;
 } KMutex;
 
+typedef struct KAddressArbiter
+{
+  KAutoObject     autoObject;
+  struct KThread  *first;
+  struct KThread  *last;
+  union  KProcess *owner;
+} KAddressArbiter;
+
 /* 92 */
 typedef struct KMutexLinkedList
 {
@@ -112,6 +120,30 @@ typedef struct KMutexLinkedList
   KMutex *last;
 } KMutexLinkedList;
 
+enum
+{
+    TOKEN_KAUTOOBJECT = 0,
+    TOKEN_KSYNCHRONIZATIONOBJECT = 1,
+    TOKEN_KEVENT = 0x1F,
+    TOKEN_KSEMAPHORE = 0x2F,
+    TOKEN_KTIMER = 0x35,
+    TOKEN_KMUTEX = 0x39,
+    TOKEN_KDEBUG = 0x4D,
+    TOKEN_KSERVERPORT = 0x55,
+    TOKEN_KDMAOBJECT = 0x59,
+    TOKEN_KCLIENTPORT = 0x65,
+    TOKEN_KCODESET = 0x68,
+    TOKEN_KSESSION = 0x70,
+    TOKEN_KTHREAD = 0x8D,
+    TOKEN_KSERVERSESSION = 0x95,
+    TOKEN_KADDRESSARBITER = 0x98,
+    TOKEN_KCLIENTSESSION = 0xA5,
+    TOKEN_KPORT = 0xA8,
+    TOKEN_KSHAREDMEMORY = 0xB0,
+    TOKEN_KPROCESS = 0xC5,
+    TOKEN_KRESOURCELIMIT = 0xC8
+};
+
 /* 45 */
 typedef struct KClassToken
 {
@@ -540,6 +572,20 @@ typedef struct KBlockInfo
   u32 pageCount;
 } KBlockInfo;
 
+typedef struct KSharedMemory
+{
+  KAutoObject   autoObject;
+  KLinkedList   ownedKBlockInfo;
+  union KProcess *owner;
+  u32           ownerPermissions;
+  u32           otherPermissions;
+  u8            isBlockInfoGenerated;
+  s8            allBlockInfoGenerated;
+  u8            unknown_1;
+  u8            unknown_2;
+  u32           address;
+} KSharedMemory;
+
 /* 25 */
 typedef struct KMemoryBlock
 {
@@ -1037,10 +1083,26 @@ typedef struct KProcess##sys\
   KThread *mainThread;\
   u32 interruptEnabledFlags[4];\
   KProcessHandleTable handleTable;\
-  u8 gap234[52];\
+  /* Custom fields for plugin system
+     { */ \
+  u32     customFlags; /* see KProcess_CustomFlags enum below */ \
+  Handle  onMemoryLayoutChangeEvent;\
+  Handle  onProcessExitEvent;\
+  Handle  resumeProcessExitEvent;\
+  /* } */ \
+  u8 gap234[36];\
   u64 unused;\
 } KProcess##sys;
 
+enum KProcess_CustomFlags
+{
+    ForceRWXPages = 1 << 0,
+    SignalOnMemLayoutChanges = 1 << 1,
+    SignalOnExit = 1 << 2,
+
+    MemLayoutChanged = 1 << 16
+};
+
 INSTANCIATE_KPROCESS(N3DS);
 INSTANCIATE_KPROCESS(O3DS8x);
 INSTANCIATE_KPROCESS(O3DSPre8x);
@@ -1126,11 +1188,11 @@ typedef union KCacheMaintenanceInterruptEvent
 
 typedef struct FcramLayout
 {
-  void *applicationAddr;
+  u32 applicationAddr;
   u32 applicationSize;
-  void *systemAddr;
+  u32 systemAddr;
   u32 systemSize;
-  void *baseAddr;
+  u32 baseAddr;
   u32 baseSize;
 } FcramLayout;
 
@@ -1138,15 +1200,15 @@ extern bool isN3DS;
 extern void *officialSVCs[0x7E];
 
 #define KPROCESSRELATED_OFFSETOFF(classname, field) (isN3DS ? offsetof(classname##N3DS, field) :\
-((kernelVersion >= SYSTEM_VERSION(2, 44, 6)) ? offsetof(classname##O3DS8x, field) :\
+((GET_VERSION_MINOR(kernelVersion) >= 44) ? offsetof(classname##O3DS8x, field) :\
 offsetof(classname##O3DSPre8x, field)))
 
 #define KPROCESSRELATED_GET_PTR(obj, field) (isN3DS ? &(obj)->N3DS.field :\
-((kernelVersion >= SYSTEM_VERSION(2, 44, 6)) ? &(obj)->O3DS8x.field :\
+((GET_VERSION_MINOR(kernelVersion) >= 44) ? &(obj)->O3DS8x.field :\
 &(obj)->O3DSPre8x.field))
 
 #define KPROCESSRELATED_GET_PTR_TYPE(type, obj, field) (isN3DS ? (type *)(&(obj)->N3DS.field) :\
-((kernelVersion >= SYSTEM_VERSION(2, 44, 6)) ? (type *)(&(obj)->O3DS8x.field) :\
+((GET_VERSION_MINOR(kernelVersion) >= 44) ? (type *)(&(obj)->O3DS8x.field) :\
 (type *)(&(obj)->O3DSPre8x.field)))
 
 #define KPROCESS_OFFSETOF(field)                    KPROCESSRELATED_OFFSETOFF(KProcess, field)
@@ -1189,7 +1251,7 @@ static inline KDebug *debugOfProcess(KProcess *process)
 static inline const char *classNameOfAutoObject(KAutoObject *object)
 {
     const char *name;
-    if(kernelVersion >= SYSTEM_VERSION(2, 46, 0))
+    if(GET_VERSION_MINOR(kernelVersion) >= 46)
     {
         KClassToken tok;
         object->vtable->GetClassToken(&tok, object);
@@ -1205,7 +1267,7 @@ extern Result (*KProcessHandleTable__CreateHandle)(KProcessHandleTable *this, Ha
 static inline Result createHandleForProcess(Handle *out, KProcess *process, KAutoObject *obj)
 {
     u8 token;
-    if(kernelVersion >= SYSTEM_VERSION(2, 46, 0))
+    if(GET_VERSION_MINOR(kernelVersion) >= 46)
     {
         KClassToken tok;
         obj->vtable->GetClassToken(&tok, obj);

k11_extension/include/mmu.h

@@ -0,0 +1,129 @@
+#pragma once
+
+#include "types.h"
+#include "kernel.h"
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b00
+}   Desc_TranslationFault;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b01
+    u32     sbz     : 3;
+    u32     domain  : 4;
+    u32     p       : 1;
+    u32     addr    : 21;
+}   Desc_CoarsePageTable;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b10
+    u32     b       : 1;
+    u32     c       : 1;
+    u32     xn      : 1;
+    u32     domain  : 4;
+    u32     p       : 1;
+    u32     ap      : 2;
+    u32     tex     : 3;
+    u32     apx     : 1;
+    u32     s       : 1;
+    u32     ng      : 1;
+    u32     bit18   : 1;    ///< 0
+    u32     sbz     : 1;
+    u32     addr    : 12;
+}   Desc_Section;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b10
+    u32     b       : 1;
+    u32     c       : 1;
+    u32     xn      : 1;
+    u32     domain  : 4;
+    u32     p       : 1;
+    u32     ap      : 2;
+    u32     tex     : 3;
+    u32     sbz     : 3;
+    u32     bit18   : 1;    ///< 1
+    u32     sbz2    : 5;
+    u32     addr    : 8;
+}   Desc_Supersection;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b11
+}   Desc_Reserved;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b01
+    u32     b       : 1;
+    u32     c       : 1;
+    u32     ap      : 2;
+    u32     sbz     : 3;
+    u32     apx     : 1;
+    u32     s       : 1;
+    u32     ng      : 1;
+    u32     tex     : 3;
+    u32     xn      : 1;
+    u32     addr    : 16;
+}   Desc_LargePage;
+
+typedef struct
+{
+    u32     xn      : 1;
+    u32     bit1    : 1;    ///< 1
+    u32     b       : 1;
+    u32     c       : 1;
+    u32     ap      : 2;
+    u32     tex     : 3;
+    u32     apx     : 1;
+    u32     s       : 1;
+    u32     ng      : 1;
+    u32     addr    : 20;
+}   Desc_SmallPage;
+
+typedef union
+{
+    u32     raw;
+
+    Desc_TranslationFault   translationFault;
+    Desc_CoarsePageTable    coarsePageTable;
+    Desc_Section            section;
+    Desc_Supersection       supersection;
+    Desc_Reserved           reserved;
+
+}   L1Descriptor;
+
+typedef union
+{
+    u32     raw;
+
+    Desc_TranslationFault   translationFault;
+    Desc_LargePage          largePage;
+    Desc_SmallPage          smallPage;
+}   L2Descriptor;
+
+typedef enum
+{
+    Descriptor_TranslationFault,
+    Descriptor_CoarsePageTable,
+    Descriptor_Section,
+    Descriptor_Supersection,
+    Descriptor_Reserved,
+    Descriptor_LargePage,
+    Descriptor_SmallPage
+}   DescType;
+
+void    L1MMUTable__RWXForAll(u32 *table);
+void    L2MMUTable__RWXForAll(u32 *table);
+u32     L1MMUTable__GetPAFromVA(u32 *table, u32 va);
+u32     L2MMUTable__GetPAFromVA(u32 *table, u32 va);
+u32     L1MMUTable__GetAddressUserPerm(u32 *table, u32 va);
+u32     L2MMUTable__GetAddressUserPerm(u32 *table, u32 va);
+
+void    KProcessHwInfo__SetMMUTableToRWX(KProcessHwInfo *hwInfo);
+u32     KProcessHwInfo__GetPAFromVA(KProcessHwInfo *hwInfo, u32 va);
+u32     KProcessHwInfo__GetAddressUserPerm(KProcessHwInfo *hwInfo, u32 va);

k11_extension/include/svc.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/Backdoor.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/Break.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/ConnectToPort.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/ControlMemory.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/ControlProcess.h

@@ -0,0 +1,21 @@
+#pragma once
+
+#include "utils.h"
+#include "kernel.h"
+#include "svc.h"
+
+/// Operations for svcControlProcess
+typedef enum ProcessOp
+{
+    PROCESSOP_GET_ALL_HANDLES,  ///< List all handles of the process, varg3 can be either 0 to fetch all handles, or token of the type to fetch
+                                ///< svcControlProcess(handle, PROCESSOP_GET_ALL_HANDLES, (u32)&outBuf, 0)
+    PROCESSOP_SET_MMU_TO_RWX,   ///< Set the whole memory of the process with rwx access
+                                ///< svcControlProcess(handle, PROCESSOP_SET_MMU_TO_RWX, 0, 0)
+    PROCESSOP_GET_ON_MEMORY_CHANGE_EVENT,
+    PROCESSOP_GET_ON_EXIT_EVENT,
+    PROCESSOP_GET_PA_FROM_VA,   ///< Get the physical address of the va within the process
+                                ///< svcControlProcess(handle, PROCESSOP_GET_PA_FROM_VA, (u32)&outPa, va)
+    PROCESSOP_SCHEDULE_THREADS,
+} ProcessOp;
+
+Result  ControlProcess(Handle process, ProcessOp op, u32 varg2, u32 varg3);

k11_extension/include/svc/ControlService.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/CopyHandle.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/CustomBackdoor.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/GetCFWInfo.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/GetHandleInfo.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/GetProcessInfo.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/GetSystemInfo.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/GetThreadInfo.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/KernelSetState.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/MapProcessMemoryEx.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -30,4 +30,5 @@
 #include "kernel.h"
 #include "svc.h"
 
-Result MapProcessMemoryEx(Handle processHandle, void *dst, void *src, u32 size);
+Result MapProcessMemoryEx(Handle dstProcessHandle, u32 vaDst, Handle srcProcessHandle, u32 vaSrc, u32 size);
+Result MapProcessMemoryExWrapper(Handle dstProcessHandle, u32 vaDst, Handle srcProcessHandle, u32 vaSrc, u32 size);

k11_extension/include/svc/SendSyncRequest.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/SetGpuProt.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/SetWifiEnabled.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/TranslateHandle.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svc/UnmapProcessMemoryEx.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/svcHandler.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/synchronization.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/include/types.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -78,6 +78,15 @@ typedef s32 Result;                 ///< Function result.
 #define SYSTEM_VERSION(major, minor, revision) \
     (((major)<<24)|((minor)<<16)|((revision)<<8))
 
+/// Retrieves the major version from a packed system version.
+#define GET_VERSION_MAJOR(version)    ((version) >>24)
+
+/// Retrieves the minor version from a packed system version.
+#define GET_VERSION_MINOR(version)    (((version)>>16)&0xFF)
+
+/// Retrieves the revision version from a packed system version.
+#define GET_VERSION_REVISION(version) (((version)>> 8)&0xFF)
+
 #define CUR_THREAD_HANDLE       0xFFFF8000
 #define CUR_PROCESS_HANDLE      0xFFFF8001
 

k11_extension/include/utils.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -33,7 +33,7 @@
 #define PA_PTR(addr)            (void *)((u32)(addr) | 1u << 31)
 #define PA_FROM_VA_PTR(addr)    PA_PTR(convertVAToPA(addr, false))
 
-static inline u32 makeARMBranch(const void *src, const void *dst, bool link) // the macros for those are ugly and buggy
+static inline u32 makeArmBranch(const void *src, const void *dst, bool link) // the macros for those are ugly and buggy
 {
     u32 instrBase = link ? 0xEB000000 : 0xEA000000;
     u32 off = (u32)((const u8 *)dst - ((const u8 *)src + 8)); // the PC is always two instructions ahead of the one being executed
@@ -41,7 +41,7 @@ static inline u32 makeARMBranch(const void *src, const void *dst, bool link) //
     return instrBase | ((off >> 2) & 0xFFFFFF);
 }
 
-static inline void *decodeARMBranch(const void *src)
+static inline void *decodeArmBranch(const void *src)
 {
     u32 instr = *(const u32 *)src;
     s32 off = (instr & 0xFFFFFF) << 2;
@@ -50,8 +50,8 @@ static inline void *decodeARMBranch(const void *src)
     return (void *)((const u8 *)src + 8 + off);
 }
 
-// For ARM prologs in the form of: push {regs} ... sub sp, #off (this obviously doesn't intend to cover all cases)
-static inline u32 computeARMFrameSize(const u32 *prolog)
+// For Arm prologs in the form of: push {regs} ... sub sp, #off (this obviously doesn't intend to cover all cases)
+static inline u32 computeArmFrameSize(const u32 *prolog)
 {
     const u32 *off;
 

k11_extension/linker.ld

@@ -5,7 +5,7 @@ ENTRY(_start)
 MEMORY
 {
     vram                : ORIGIN = 0x18000000, LENGTH = 0x18180000 - 0x18000000 /* Up to the kernel builtins. */
-    main                : ORIGIN = 0x40000000, LENGTH = 1M
+    main                : ORIGIN = 0x70000000, LENGTH = 1M
 }
 
 PHDRS
@@ -15,7 +15,7 @@ PHDRS
 
 SECTIONS
 {
-    PROVIDE(__start__ = 0x40000000);
+    PROVIDE(__start__ = ORIGIN(main));
     . = ABSOLUTE(__start__);
 
     .text :

k11_extension/source/debug.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/source/fatalExceptionHandlers.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+@   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by

k11_extension/source/fatalExceptionHandlersMain.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -28,10 +28,43 @@
 #include "fatalExceptionHandlers.h"
 #include "utils.h"
 #include "kernel.h"
+#include "memory.h"
+#include "mmu.h"
 #include "globals.h"
 
 #define REG_DUMP_SIZE   4 * 23
-#define CODE_DUMP_SIZE  48
+#define CODE_DUMP_SIZE  96
+
+// Return true if parameters are invalid
+static bool checkExceptionHandlerValidity(KProcess *process, vu32 *threadLocalStorage)
+{
+    if (process == NULL)
+        return true;
+
+    u32             stackBottom = threadLocalStorage[0x11];
+    u32             exceptionBuf = threadLocalStorage[0x12];
+    MemoryInfo      memInfo;
+    PageInfo        pageInfo;
+    KProcessHwInfo *hwInfo = hwInfoOfProcess(process);
+
+    u32 perm = KProcessHwInfo__GetAddressUserPerm(hwInfo, threadLocalStorage[0x10]);
+
+    if (stackBottom != 1)
+    {
+        if (KProcessHwInfo__QueryMemory(hwInfo, &memInfo, &pageInfo, (void *)stackBottom)
+            || (memInfo.permissions & MEMPERM_RW) != MEMPERM_RW)
+            return true;
+    }
+
+    if (exceptionBuf > 1)
+    {
+        if (KProcessHwInfo__QueryMemory(hwInfo, &memInfo, &pageInfo, (void *)exceptionBuf)
+            || (memInfo.permissions & MEMPERM_RW) != MEMPERM_RW)
+            return true;
+    }
+
+    return (perm & MEMPERM_RX) != MEMPERM_RX;
+}
 
 bool isExceptionFatal(u32 spsr, u32 *regs, u32 index)
 {
@@ -43,7 +76,7 @@ bool isExceptionFatal(u32 spsr, u32 *regs, u32 index)
     KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
 
     if(thread != NULL && thread->threadLocalStorage != NULL && *((vu32 *)thread->threadLocalStorage + 0x10) != 0)
-       return false;
+       return checkExceptionHandlerValidity(currentProcess, (vu32 *)thread->threadLocalStorage);
 
     if(currentProcess != NULL)
     {
@@ -52,7 +85,7 @@ bool isExceptionFatal(u32 spsr, u32 *regs, u32 index)
 
         thread = KPROCESS_GET_RVALUE(currentProcess, mainThread);
         if(thread != NULL && thread->threadLocalStorage != NULL && *((vu32 *)thread->threadLocalStorage + 0x10) != 0)
-           return false;
+           return checkExceptionHandlerValidity(currentProcess, thread->threadLocalStorage);
 
         if(index == 3 && strcmp(codeSetOfProcess(currentProcess)->processName, "menu") == 0 && // workaround a Home Menu bug leading to a dabort
            regs[0] == 0x3FFF && regs[2] == 0 && regs[5] == 2 && regs[7] == 1)
@@ -70,6 +103,7 @@ bool isDataAbortExceptionRangeControlled(u32 spsr, u32 addr)
                 ((u32)safecpy <= addr && addr < (u32)safecpy + safecpy_sz)
             );
 }
+
 void fatalExceptionHandlersMain(u32 *registerDump, u32 type, u32 cpuId)
 {
     ExceptionDumpHeader dumpHeader;
@@ -96,7 +130,7 @@ void fatalExceptionHandlersMain(u32 *registerDump, u32 type, u32 cpuId)
     registerDump[15] = pc;
 
     //Dump code
-    u8 *instr = (u8 *)pc + ((cpsr & 0x20) ? 2 : 4) - dumpHeader.codeDumpSize; //wouldn't work well on 32-bit Thumb instructions, but it isn't much of a problem
+    u8 *instr = (u8 *)pc + ((cpsr & 0x20) ? 2 : 4) - (dumpHeader.codeDumpSize >> 1) ; //wouldn't work well on 32-bit Thumb instructions, but it isn't much of a problem
     dumpHeader.codeDumpSize = ((u32)instr & (((cpsr & 0x20) != 0) ? 1 : 3)) != 0 ? 0 : safecpy(codeDump, instr, dumpHeader.codeDumpSize);
 
     //Copy register dump and code dump

k11_extension/source/globals.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -40,8 +40,12 @@ KAutoObject * (*KProcessHandleTable__ToKAutoObject)(KProcessHandleTable *this, H
 void (*KSynchronizationObject__Signal)(KSynchronizationObject *this, bool isPulse);
 Result (*WaitSynchronization1)(void *this_unused, KThread *thread, KSynchronizationObject *syncObject, s64 timeout);
 Result (*KProcessHandleTable__CreateHandle)(KProcessHandleTable *this, Handle *out, KAutoObject *obj, u8 token);
+Result (*KProcessHwInfo__QueryMemory)(KProcessHwInfo *this, MemoryInfo *memoryInfo, PageInfo *pageInfo, void *address);
 Result (*KProcessHwInfo__MapProcessMemory)(KProcessHwInfo *this, KProcessHwInfo *other, void *dst, void *src, u32 nbPages);
 Result (*KProcessHwInfo__UnmapProcessMemory)(KProcessHwInfo *this, void *addr, u32 nbPages);
+Result (*KProcessHwInfo__CheckVaState)(KProcessHwInfo *hwInfo, u32 va, u32 size, u32 state, u32 perm);
+Result (*KProcessHwInfo__GetListOfKBlockInfoForVA)(KProcessHwInfo *hwInfo, KLinkedList *list, u32 va, u32 sizeInPage);
+Result (*KProcessHwInfo__MapListOfKBlockInfo)(KProcessHwInfo *this, u32 va, KLinkedList *list, u32 state, u32 perm, u32 sbz);
 Result (*KEvent__Clear)(KEvent *this);
 void (*KObjectMutex__WaitAndAcquire)(KObjectMutex *this);
 void (*KObjectMutex__ErrorOccured)(void);
@@ -49,8 +53,11 @@ void (*KObjectMutex__ErrorOccured)(void);
 void (*KScheduler__AdjustThread)(KScheduler *this, KThread *thread, u32 oldSchedulingMask);
 void (*KScheduler__AttemptSwitchingThreadContext)(KScheduler *this);
 
+void (*KLinkedList_KBlockInfo__Clear)(KLinkedList *list);
+
 Result (*ControlMemory)(u32 *addrOut, u32 addr0, u32 addr1, u32 size, MemOp op, MemPerm perm, bool isLoader);
 void (*SleepThread)(s64 ns);
+Result (*CreateEvent)(Handle *out, ResetType resetType);
 Result (*CloseHandle)(Handle handle);
 Result (*GetHandleInfo)(s64 *out, Handle handle, u32 type);
 Result (*GetSystemInfo)(s64 *out, s32 type, s32 param);
@@ -61,6 +68,7 @@ Result (*SendSyncRequest)(Handle handle);
 Result (*OpenProcess)(Handle *out, u32 processId);
 Result (*GetProcessId)(u32 *out, Handle process);
 Result (*DebugActiveProcess)(Handle *out, u32 processId);
+Result (*SignalEvent)(Handle event);
 Result (*UnmapProcessMemory)(Handle processHandle, void *dst, u32 size);
 Result (*KernelSetState)(u32 type, u32 varg1, u32 varg2, u32 varg3);
 
@@ -102,13 +110,21 @@ u32 nbSection0Modules;
 Result (*InterruptManager__MapInterrupt)(InterruptManager *manager, KBaseInterruptEvent *iEvent, u32 interruptID,
                                          u32 coreID, u32 priority, bool disableUponReceipt, bool levelHighActive);
 InterruptManager *interruptManager;
-KBaseInterruptEvent *customInterruptEvent;
 
 void (*initFPU)(void);
 void (*mcuReboot)(void);
 void (*coreBarrier)(void);
 
 CfwInfo cfwInfo;
+u32 kextBasePa;
+u32 stolenSystemMemRegionSize;
 
 vu32 rosalinaState;
 bool hasStartedRosalinaNetworkFuncsOnce;
+
+KLinkedList*    KLinkedList__Initialize(KLinkedList *list)
+{
+    list->size = 0;
+    list->nodes.first = list->nodes.last = (KLinkedListNode *)&list->nodes;
+    return list;
+}

k11_extension/source/ipc.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -235,48 +235,6 @@ bool doLangEmu(Result *res, u32 *cmdbuf)
     return skip;
 }
 
-Result doPublishToProcessHook(Handle handle, u32 *cmdbuf)
-{
-    Result res = 0;
-    u32 pid;
-    bool terminateRosalina = cmdbuf[1] == 0x100 && cmdbuf[2] == 0; // cmdbuf[2] to check for well-formed requests
-    u32 savedCmdbuf[4];
-    memcpy(savedCmdbuf, cmdbuf, 16);
-
-    if(!terminateRosalina || GetProcessId(&pid, cmdbuf[3]) != 0)
-        terminateRosalina = false;
-    else
-    {
-        KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
-        KProcess *process = KProcessHandleTable__ToKProcess(handleTable, cmdbuf[3]);
-        if((strcmp(codeSetOfProcess(process)->processName, "socket") == 0 && (rosalinaState & 2)) ||
-            strcmp(codeSetOfProcess(process)->processName, "pxi") == 0)
-            terminateRosalina = true;
-        else
-            terminateRosalina = false;
-        ((KAutoObject *)process)->vtable->DecrementReferenceCount((KAutoObject *)process);
-    }
-
-    if(terminateRosalina && nbSection0Modules == 6)
-    {
-        Handle rosalinaProcessHandle;
-        res = OpenProcess(&rosalinaProcessHandle, 5);
-        if(res == 0)
-        {
-            cmdbuf[0] = cmdbuf[0];
-            cmdbuf[1] = 0x100;
-            cmdbuf[2] = 0;
-            cmdbuf[3] = rosalinaProcessHandle;
-
-            res = SendSyncRequest(handle);
-            CloseHandle(rosalinaProcessHandle);
-            memcpy(cmdbuf, savedCmdbuf, 16);
-        }
-    }
-
-    return SendSyncRequest(handle);
-}
-
 bool doErrfThrowHook(u32 *cmdbuf)
 {
     // If fatalErrorInfo->type is "card removed" or "logged", returning from ERRF:Throw is a no-op
@@ -288,24 +246,24 @@ bool doErrfThrowHook(u32 *cmdbuf)
     u8 *srcerrbuf = (u8 *)r0_to_r7_r12_usr[(spsr & 0x20) ? 4 : 6];
     const char *pname = codeSetOfProcess(currentCoreContext->objectContext.currentProcess)->processName;
 
-    static const struct
+    const struct
     {
         const char *name;
         Result errCode;
+        bool enabled;
     } errorCodesToIgnore[] =
     {
         /*
-            If you're getting this error, you have broken your head-tracking hardware,
-            and should uncomment the following line:
+            If you're getting this error, you may have broken your head-tracking hardware,
+            and you need to enable the qtm error bypass below:
         */
-        //{ "qtm", (Result)0xF96183FE },
-
-        { "", 0 }, // impossible case to ensure the array has at least 1 element
+        { "qtm", 0xF96183FEu, CONFIG(ENABLESAFEFIRMROSALINA)},
+        {   "",             0,                         false}, // impossible case to ensure the array has at least 1 element
     };
 
     for(u32 i = 0; i < sizeof(errorCodesToIgnore) / sizeof(errorCodesToIgnore[0]); i++)
     {
-        if(strcmp(pname, errorCodesToIgnore[i].name) == 0 && (Result)cmdbuf[2] == errorCodesToIgnore[i].errCode)
+        if(errorCodesToIgnore[i].enabled && strcmp(pname, errorCodesToIgnore[i].name) == 0 && (Result)cmdbuf[2] == errorCodesToIgnore[i].errCode)
         {
             srcerrbuf[0] = 5;
             cmdbuf[0] = 0x10040;

k11_extension/source/main.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -32,22 +32,27 @@
 #include "svc/ConnectToPort.h"
 #include "svcHandler.h"
 
+#define K11EXT_VA         0x70000000
+
 struct KExtParameters
 {
     u32 basePA;
+    u32 stolenSystemMemRegionSize;
     void *originalHandlers[4];
     u32 L1MMUTableAddrs[4];
 
+    volatile bool done;
+
     CfwInfo cfwInfo;
 } kExtParameters = { .basePA = 0x12345678 }; // place this in .data
 
-static ALIGN(1024) u32 L2TableFor0x40000000[256] = {0};
+static ALIGN(1024) u32 g_L2Table[256] = {0};
 
 void relocateAndSetupMMU(u32 coreId, u32 *L1Table)
 {
-    struct KExtParameters *p0 = (struct KExtParameters *)((u32)&kExtParameters - 0x40000000 + 0x18000000);
-    struct KExtParameters *p = (struct KExtParameters *)((u32)&kExtParameters - 0x40000000 + p0->basePA);
-    u32 *L2Table = (u32 *)((u32)L2TableFor0x40000000 - 0x40000000 + p0->basePA);
+    struct KExtParameters *p0 = (struct KExtParameters *)((u32)&kExtParameters - K11EXT_VA + 0x18000000);
+    struct KExtParameters *p = (struct KExtParameters *)((u32)&kExtParameters - K11EXT_VA + p0->basePA);
+    u32 *L2Table = (u32 *)((u32)g_L2Table - K11EXT_VA + p0->basePA);
 
     if(coreId == 0)
     {
@@ -56,16 +61,32 @@ void relocateAndSetupMMU(u32 coreId, u32 *L1Table)
         memcpy((void *)p0->basePA, (const void *)0x18000000, __bss_start__ - __start__);
         memset((u32 *)(p0->basePA + (__bss_start__ - __start__)), 0, __bss_end__ - __bss_start__);
 
-        // Map the kernel ext to 0x40000000
-        // 4KB extended small pages: [SYS:RW USR:-- X  TYP:NORMAL SHARED OUTER NOCACHE, INNER CACHED WB WA]
+        // Map the kernel ext at K11EXT_VA
+        // 4KB extended small pages:
+        // Outer Write-Through cached, No Allocate on Write, Buffered
+        // Inner Cached Write-Back Write-Allocate, Buffered
+        // This was changed at some point (8.0 maybe?), it was outer noncached before
         for(u32 offset = 0; offset < (u32)(__end__ - __start__); offset += 0x1000)
-            L2Table[offset >> 12] = (p0->basePA + offset) | 0x516;
+            L2Table[offset >> 12] = (p0->basePA + offset) | 0x596;
+
+        p0->done = true;
+
+        // DSB, Flush Prefetch Buffer (more or less "isb")
+        __asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
+        __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
 
         __asm__ __volatile__ ("sev");
     }
-    else
-        __asm__ __volatile__ ("wfe");
+    else {
+        do
+        {
+            __asm__ __volatile__ ("wfe");
+        } while(!p0->done);
 
+        // DSB, Flush Prefetch Buffer (more or less "isb")
+        __asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
+        __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
+    }
     // bit31 idea thanks to SALT
     // Maps physmem so that, if addr is in physmem(0, 0x30000000), it can be accessed uncached&rwx as addr|(1<<31)
     u32 attribs = 0x40C02; // supersection (rwx for all) of strongly ordered memory, shared
@@ -76,9 +97,13 @@ void relocateAndSetupMMU(u32 coreId, u32 *L1Table)
             L1Table[i + (VA >> 20)] = PA | attribs;
     }
 
-    L1Table[0x40000000 >> 20] = (u32)L2Table | 1;
+    L1Table[K11EXT_VA >> 20] = (u32)L2Table | 1;
 
     p->L1MMUTableAddrs[coreId] = (u32)L1Table;
+
+    // DSB, Flush Prefetch Buffer (more or less "isb")
+    __asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
+    __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
 }
 
 void bindSGI0Hook(void)
@@ -98,77 +123,139 @@ void configHook(vu8 *cfgPage)
     *isDevUnit = true; // enable debug features
 }
 
+void KProcessHwInfo__MapL1Section_Hook(void);
+void KProcessHwInfo__MapL2Section_Hook(void);
+
+static void installMmuHooks(void)
+{
+    u32 *mapL1Section = NULL;
+    u32 *mapL2Section = NULL;
+    u32 *off;
+
+    for(off = (u32 *)officialSVCs[0x1F]; *off != 0xE1CD60F0; ++off);
+    off = decodeArmBranch(off + 1);
+
+    for (; *off != 0xE58D5000; ++off);
+    off = decodeArmBranch(off + 1);
+
+    for (; *off != 0xE58DC000; ++off);
+    off = decodeArmBranch(off + 1);
+    for (; *off != 0xE1A0000B; ++off);
+    off = decodeArmBranch(off + 1);
+    for (; *off != 0xE59D2030; ++off);
+    off = decodeArmBranch(off + 1);
+
+    for (; *off != 0xE88D1100; ++off);
+    mapL2Section = (u32 *)PA_FROM_VA_PTR(decodeArmBranch(off + 1));
+
+    do
+    {
+        for (; *off != 0xE58D8000; ++off);
+        u32 *loc = (u32 *)PA_FROM_VA_PTR(decodeArmBranch(++off));
+        if (loc != mapL2Section)
+            mapL1Section = loc;
+    } while (mapL1Section == NULL);
+
+    mapL1Section[1] = 0xE28FE004; // add lr, pc, #4
+    mapL1Section[2] = 0xE51FF004; // ldr pc, [pc, #-4]
+    mapL1Section[3] = (u32)KProcessHwInfo__MapL1Section_Hook;
+
+    mapL2Section[1] = 0xE28FE004; // add lr, pc, #4
+    mapL2Section[2] = 0xE51FF004; // ldr pc, [pc, #-4]
+    mapL2Section[3] = (u32)KProcessHwInfo__MapL2Section_Hook;
+}
+
 static void findUsefulSymbols(void)
 {
     u32 *off;
 
-    for(off = (u32 *)0xFFFF0000; *off != 0xE1A0D002; off++);
+    // Patch ERRF__DumpException
+    for(off = (u32 *)0xFFFF0000; *off != 0xE1A04005; ++off);
+    ++off;
+    *(u32 *)PA_FROM_VA_PTR(off) = makeArmBranch(off, off + 51, false);
+
+    for(; *off != 0xE2100102; ++off);
+    KProcessHwInfo__QueryMemory = (Result (*)(KProcessHwInfo *, MemoryInfo *, PageInfo *, void *))decodeArmBranch(off - 1);
+
+    for(; *off != 0xE1A0D002; off++);
     off += 3;
     initFPU = (void (*) (void))off;
 
     for(; *off != 0xE3A0A0C2; off++);
     mcuReboot = (void (*) (void))--off;
-    coreBarrier = (void (*) (void))decodeARMBranch(off - 4);
+    coreBarrier = (void (*) (void))decodeArmBranch(off - 4);
 
     for(off = (u32 *)originalHandlers[2]; *off != 0xE1A00009; off++);
-    svcFallbackHandler = (void (*)(u8))decodeARMBranch(off + 1);
+    svcFallbackHandler = (void (*)(u8))decodeArmBranch(off + 1);
     for(; *off != 0xE92D000F; off++);
-    officialPostProcessSvc = (void (*)(void))decodeARMBranch(off + 1);
+    officialPostProcessSvc = (void (*)(void))decodeArmBranch(off + 1);
 
-    KProcessHandleTable__ToKProcess = (KProcess * (*)(KProcessHandleTable *, Handle))decodeARMBranch(5 + (u32 *)officialSVCs[0x76]);
+    KProcessHandleTable__ToKProcess = (KProcess * (*)(KProcessHandleTable *, Handle))decodeArmBranch(5 + (u32 *)officialSVCs[0x76]);
 
     for(off = (u32 *)KProcessHandleTable__ToKProcess; *off != 0xE1A00004; off++);
-    KAutoObject__AddReference = (void (*)(KAutoObject *))decodeARMBranch(off + 1);
+    KAutoObject__AddReference = (void (*)(KAutoObject *))decodeArmBranch(off + 1);
 
     for(; *off != 0xE320F000; off++);
-    KProcessHandleTable__ToKAutoObject = (KAutoObject * (*)(KProcessHandleTable *, Handle))decodeARMBranch(off + 1);
+    KProcessHandleTable__ToKAutoObject = (KAutoObject * (*)(KProcessHandleTable *, Handle))decodeArmBranch(off + 1);
 
-    for(off = (u32 *)decodeARMBranch(3 + (u32 *)officialSVCs[9]); /* KThread::Terminate */ *off != 0xE5D42034; off++);
+    for(off = (u32 *)decodeArmBranch(3 + (u32 *)officialSVCs[9]); /* KThread::Terminate */ *off != 0xE5D42034; off++);
     off -= 2;
     criticalSectionLock = (KRecursiveLock *)off[2 + (off[0] & 0xFF) / 4];
-    KRecursiveLock__Lock = (void (*)(KRecursiveLock *))decodeARMBranch(off + 1);
+    KRecursiveLock__Lock = (void (*)(KRecursiveLock *))decodeArmBranch(off + 1);
     off += 4;
 
     for(; (*off >> 16) != 0xE59F; off++);
-    KRecursiveLock__Unlock = (void (*)(KRecursiveLock *))decodeARMBranch(off + 1);
+    KRecursiveLock__Unlock = (void (*)(KRecursiveLock *))decodeArmBranch(off + 1);
 
     for(; *off != 0xE5C4007D; off++);
-    KSynchronizationObject__Signal = (void (*)(KSynchronizationObject *, bool))decodeARMBranch(off + 3);
+    KSynchronizationObject__Signal = (void (*)(KSynchronizationObject *, bool))decodeArmBranch(off + 3);
 
     for(off = (u32 *)officialSVCs[0x19]; *off != 0xE1A04005; off++);
-    KEvent__Clear = (Result (*)(KEvent *))decodeARMBranch(off + 1);
+    KEvent__Clear = (Result (*)(KEvent *))decodeArmBranch(off + 1);
     for(off = (u32 *)KEvent__Clear; *off != 0xE8BD8070; off++);
     synchronizationMutex = *(KObjectMutex **)(off + 1);
 
     for(off = (u32 *)officialSVCs[0x24]; *off != 0xE59F004C; off++);
-    WaitSynchronization1 = (Result (*)(void *, KThread *, KSynchronizationObject *, s64))decodeARMBranch(off + 6);
+    WaitSynchronization1 = (Result (*)(void *, KThread *, KSynchronizationObject *, s64))decodeArmBranch(off + 6);
 
-    for(off = (u32 *)decodeARMBranch(3 + (u32 *)officialSVCs[0x33]) /* OpenProcess */ ; *off != 0xE1A05000; off++);
-    KProcessHandleTable__CreateHandle = (Result (*)(KProcessHandleTable *, Handle *, KAutoObject *, u8))decodeARMBranch(off - 1);
+    for(off = (u32 *)decodeArmBranch(3 + (u32 *)officialSVCs[0x33]) /* OpenProcess */ ; *off != 0xE1A05000; off++);
+    KProcessHandleTable__CreateHandle = (Result (*)(KProcessHandleTable *, Handle *, KAutoObject *, u8))decodeArmBranch(off - 1);
 
-    for(off = (u32 *)decodeARMBranch(3 + (u32 *)officialSVCs[0x34]) /* OpenThread */; *off != 0xD9001BF7; off++);
+    for(off = (u32 *)decodeArmBranch(3 + (u32 *)officialSVCs[0x34]) /* OpenThread */; *off != 0xD9001BF7; off++);
     threadList = *(KObjectList **)(off + 1);
 
-    off = (u32 *)decodeARMBranch((u32 *)officialSVCs[0x37] + 3) + 5; /* GetThreadId */
-    KProcessHandleTable__ToKThread = (KThread * (*)(KProcessHandleTable *, Handle))decodeARMBranch((*off >> 16) == 0xEB00 ? off : off + 2);
+    off = (u32 *)decodeArmBranch((u32 *)officialSVCs[0x37] + 3) + 5; /* GetThreadId */
+    KProcessHandleTable__ToKThread = (KThread * (*)(KProcessHandleTable *, Handle))decodeArmBranch((*off >> 16) == 0xEB00 ? off : off + 2);
 
     for(off = (u32 *)officialSVCs[0x50]; off[0] != 0xE1A05000 || off[1] != 0xE2100102 || off[2] != 0x5A00000B; off++);
-    InterruptManager__MapInterrupt = (Result (*)(InterruptManager *, KBaseInterruptEvent *, u32, u32, u32, bool, bool))decodeARMBranch(--off);
+    InterruptManager__MapInterrupt = (Result (*)(InterruptManager *, KBaseInterruptEvent *, u32, u32, u32, bool, bool))decodeArmBranch(--off);
     interruptManager = *(InterruptManager **)(off - 4 + (off[-6] & 0xFFF) / 4);
     for(off = (u32 *)officialSVCs[0x54]; *off != 0xE8BD8008; off++);
     flushDataCacheRange = (void (*)(void *, u32))(*(u32 **)(off[1]) + 3);
 
     for(off = (u32 *)officialSVCs[0x71]; *off != 0xE2101102; off++);
-    KProcessHwInfo__MapProcessMemory = (Result (*)(KProcessHwInfo *, KProcessHwInfo *, void *, void *, u32))decodeARMBranch(off - 1);
+    KProcessHwInfo__MapProcessMemory = (Result (*)(KProcessHwInfo *, KProcessHwInfo *, void *, void *, u32))decodeArmBranch(off - 1);
 
     // From 4.x to 6.x the pattern will match but the result will be wrong
     for(off = (u32 *)officialSVCs[0x72]; *off != 0xE2041102; off++);
-    KProcessHwInfo__UnmapProcessMemory = (Result (*)(KProcessHwInfo *, void *, u32))decodeARMBranch(off - 1);
+    KProcessHwInfo__UnmapProcessMemory = (Result (*)(KProcessHwInfo *, void *, u32))decodeArmBranch(off - 1);
+
+    for (off = (u32 *)officialSVCs[0x70]; *off != 0xE8881200 && *off != 0xE8891900; ++off);
+    for (off = (u32 *)decodeArmBranch(off + 1); *off != 0xE2101102; ++off);
+    KProcessHwInfo__CheckVaState = (Result (*)(KProcessHwInfo *, u32, u32, u32, u32))decodeArmBranch(off - 1);
+    for (; *off != 0xE28D1008; ++off);
+    KProcessHwInfo__GetListOfKBlockInfoForVA = (Result (*)(KProcessHwInfo*, KLinkedList*, u32, u32))decodeArmBranch(off + 1);
+
+    for (; *off != 0xE2000102; ++off);
+    KProcessHwInfo__MapListOfKBlockInfo = (Result (*)(KProcessHwInfo*, u32, KLinkedList*, u32, u32, u32))decodeArmBranch(off - 1);
+
+    for (; *off != 0xE8BD8FF0; ++off);
+    KLinkedList_KBlockInfo__Clear = (void (*)(KLinkedList *))decodeArmBranch(off - 6);
 
     for(off = (u32 *)officialSVCs[0x7C]; *off != 0x03530000; off++);
-    KObjectMutex__WaitAndAcquire = (void (*)(KObjectMutex *))decodeARMBranch(++off);
+    KObjectMutex__WaitAndAcquire = (void (*)(KObjectMutex *))decodeArmBranch(++off);
     for(; *off != 0xE320F000; off++);
-    KObjectMutex__ErrorOccured = (void (*)(void))decodeARMBranch(off + 1);
+    KObjectMutex__ErrorOccured = (void (*)(void))decodeArmBranch(off + 1);
 
     for(off = (u32 *)originalHandlers[4]; *off != (u32)exceptionStackTop; off++);
     kernelUsrCopyFuncsStart = (void *)off[1];
@@ -208,26 +295,28 @@ static void findUsefulSymbols(void)
 
     // The official prototype of ControlMemory doesn't have that extra param'
     ControlMemory = (Result (*)(u32 *, u32, u32, u32, MemOp, MemPerm, bool))
-                    decodeARMBranch((u32 *)officialSVCs[0x01] + 5);
+                    decodeArmBranch((u32 *)officialSVCs[0x01] + 5);
     SleepThread = (void (*)(s64))officialSVCs[0x0A];
+    CreateEvent = (Result (*)(Handle *, ResetType))decodeArmBranch((u32 *)officialSVCs[0x17] + 3);
     CloseHandle = (Result (*)(Handle))officialSVCs[0x23];
-    GetHandleInfo = (Result (*)(s64 *, Handle, u32))decodeARMBranch((u32 *)officialSVCs[0x29] + 3);
-    GetSystemInfo = (Result (*)(s64 *, s32, s32))decodeARMBranch((u32 *)officialSVCs[0x2A] + 3);
-    GetProcessInfo = (Result (*)(s64 *, Handle, u32))decodeARMBranch((u32 *)officialSVCs[0x2B] + 3);
-    GetThreadInfo = (Result (*)(s64 *, Handle, u32))decodeARMBranch((u32 *)officialSVCs[0x2C] + 3);
-    ConnectToPort = (Result (*)(Handle *, const char*))decodeARMBranch((u32 *)officialSVCs[0x2D] + 3);
+    GetHandleInfo = (Result (*)(s64 *, Handle, u32))decodeArmBranch((u32 *)officialSVCs[0x29] + 3);
+    GetSystemInfo = (Result (*)(s64 *, s32, s32))decodeArmBranch((u32 *)officialSVCs[0x2A] + 3);
+    GetProcessInfo = (Result (*)(s64 *, Handle, u32))decodeArmBranch((u32 *)officialSVCs[0x2B] + 3);
+    GetThreadInfo = (Result (*)(s64 *, Handle, u32))decodeArmBranch((u32 *)officialSVCs[0x2C] + 3);
+    ConnectToPort = (Result (*)(Handle *, const char*))decodeArmBranch((u32 *)officialSVCs[0x2D] + 3);
     SendSyncRequest = (Result (*)(Handle))officialSVCs[0x32];
-    OpenProcess = (Result (*)(Handle *, u32))decodeARMBranch((u32 *)officialSVCs[0x33] + 3);
-    GetProcessId = (Result (*)(u32 *, Handle))decodeARMBranch((u32 *)officialSVCs[0x35] + 3);
-    DebugActiveProcess = (Result (*)(Handle *, u32))decodeARMBranch((u32 *)officialSVCs[0x60] + 3);
+    OpenProcess = (Result (*)(Handle *, u32))decodeArmBranch((u32 *)officialSVCs[0x33] + 3);
+    GetProcessId = (Result (*)(u32 *, Handle))decodeArmBranch((u32 *)officialSVCs[0x35] + 3);
+    DebugActiveProcess = (Result (*)(Handle *, u32))decodeArmBranch((u32 *)officialSVCs[0x60] + 3);
+    SignalEvent = (Result (*)(Handle event))officialSVCs[0x18];
     UnmapProcessMemory = (Result (*)(Handle, void *, u32))officialSVCs[0x72];
     KernelSetState = (Result (*)(u32, u32, u32, u32))((u32 *)officialSVCs[0x7C] + 1);
 
     for(off = (u32 *)svcFallbackHandler; *off != 0xE8BD4010; off++);
-    kernelpanic = (void (*)(void))decodeARMBranch(off + 1);
+    kernelpanic = (void (*)(void))decodeArmBranch(off + 1);
 
     for(off = (u32 *)0xFFFF0000; off[0] != 0xE3A01002 || off[1] != 0xE3A00004; off++);
-    SignalDebugEvent = (Result (*)(DebugEventType type, u32 info, ...))decodeARMBranch(off + 2);
+    SignalDebugEvent = (Result (*)(DebugEventType type, u32 info, ...))decodeArmBranch(off + 2);
 
     for(; *off != 0x96007F9; off++);
     isDevUnit = *(bool **)(off - 1);
@@ -251,6 +340,8 @@ static void findUsefulSymbols(void)
             invalidateInstructionCacheRange = (void (*)(void *, u32))off2;
         }
     }
+
+    installMmuHooks();
 }
 
 void main(FcramLayout *layout, KCoreContext *ctxs)
@@ -259,7 +350,11 @@ void main(FcramLayout *layout, KCoreContext *ctxs)
     u32 TTBCR_;
     s64 nb;
 
-    layout->systemSize -= __end__ - __start__;
+    cfwInfo = p->cfwInfo;
+    kextBasePa = p->basePA;
+    stolenSystemMemRegionSize = p->stolenSystemMemRegionSize;
+
+    layout->systemSize -= stolenSystemMemRegionSize;
     fcramLayout = *layout;
     coreCtxs = ctxs;
 
@@ -268,7 +363,6 @@ void main(FcramLayout *layout, KCoreContext *ctxs)
     isN3DS = getNumberOfCores() == 4;
     memcpy(L1MMUTableAddrs, (const void *)p->L1MMUTableAddrs, 16);
     exceptionStackTop = (u32 *)0xFFFF2000 + (1 << (32 - TTBCR - 20));
-    cfwInfo = p->cfwInfo;
 
     memcpy(originalHandlers + 1, p->originalHandlers, 16);
     void **arm11SvcTable = (void**)originalHandlers[2];
@@ -282,4 +376,8 @@ void main(FcramLayout *layout, KCoreContext *ctxs)
 
     rosalinaState = 0;
     hasStartedRosalinaNetworkFuncsOnce = false;
+
+    // DSB, Flush Prefetch Buffer (more or less "isb")
+    __asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
+    __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
 }

k11_extension/source/mmu.c

@@ -0,0 +1,315 @@
+#include "mmu.h"
+#include "globals.h"
+#include "utils.h"
+
+DescType     L1Descriptor__GetType(u32 descriptor)
+{
+    L1Descriptor   pdesc = {descriptor};
+
+    if (pdesc.reserved.bits1_0 == 0b00)
+        return Descriptor_TranslationFault;
+    if (pdesc.reserved.bits1_0 == 0b01)
+        return Descriptor_CoarsePageTable;
+    if (pdesc.reserved.bits1_0 == 0b10)
+        return pdesc.section.bit18 == 0 ? Descriptor_Section : Descriptor_Supersection;
+    return Descriptor_Reserved;
+}
+
+DescType     L2Descriptor__GetType(u32 descriptor)
+{
+    L2Descriptor    pdesc = {descriptor};
+
+    if (pdesc.translationFault.bits1_0 == 0b01)
+        return Descriptor_LargePage;
+    if (pdesc.smallPage.bit1 == 1)
+        return Descriptor_SmallPage;
+
+    return Descriptor_TranslationFault;
+}
+
+void    L1MMUTable__RWXForAll(u32 *table)
+{
+    u32     *tableEnd = table + 1024;
+
+    for (; table != tableEnd; ++table)
+    {
+        L1Descriptor    descriptor = {*table};
+
+        switch (L1Descriptor__GetType(descriptor.raw))
+        {
+            case Descriptor_CoarsePageTable:
+            {
+                u32     *l2table = (u32 *)((descriptor.coarsePageTable.addr << 10) - 0x40000000);
+
+                L2MMUTable__RWXForAll(l2table);
+                break;
+            }
+            case Descriptor_Section:
+            {
+                descriptor.section.xn = 0;
+                descriptor.section.apx = 0;
+                descriptor.section.ap = 3;
+                *table = descriptor.raw;
+                break;
+            }
+            case Descriptor_Supersection:
+            {
+                descriptor.supersection.xn = 0;
+                descriptor.supersection.ap = 3;
+                *table = descriptor.raw;
+                break;
+            }
+            default:
+                break;
+        }
+    }
+}
+
+void    L2MMUTable__RWXForAll(u32 *table)
+{
+    u32     *tableEnd = table + 256;
+
+    for (; table != tableEnd; ++table)
+    {
+        L2Descriptor    descriptor = {*table};
+
+        switch (L2Descriptor__GetType(descriptor.raw))
+        {
+            case Descriptor_LargePage:
+            {
+                descriptor.largePage.xn = 0;
+                descriptor.largePage.apx = 0;
+                descriptor.largePage.ap = 3;
+                *table = descriptor.raw;
+                break;
+            }
+            case Descriptor_SmallPage:
+            {
+                descriptor.smallPage.xn = 0;
+                descriptor.smallPage.apx = 0;
+                descriptor.smallPage.ap = 3;
+                *table = descriptor.raw;
+                break;
+            }
+            default:
+                break;
+        }
+    }
+}
+
+u32     L1MMUTable__GetPAFromVA(u32 *table, u32 va)
+{
+    u32             pa = 0;
+    L1Descriptor    descriptor = {table[va >> 20]};
+
+    switch (L1Descriptor__GetType(descriptor.raw))
+    {
+        case Descriptor_CoarsePageTable:
+        {
+            u32     *l2table = (u32 *)((descriptor.coarsePageTable.addr << 10) - 0x40000000);
+
+            pa = L2MMUTable__GetPAFromVA(l2table, va);
+            break;
+        }
+        case Descriptor_Section:
+        {
+            pa = descriptor.section.addr << 20;
+            pa |= (va << 12) >> 12;
+            break;
+        }
+        case Descriptor_Supersection:
+        {
+            pa = descriptor.supersection.addr << 24;
+            pa |= (va << 8) >> 8;
+            break;
+        }
+        default:
+            // VA not found
+            break;
+    }
+
+    return pa;
+}
+
+u32     L2MMUTable__GetPAFromVA(u32 *table, u32 va)
+{
+    u32             pa = 0;
+    L2Descriptor    descriptor = {table[(va << 12) >> 24]};
+
+    switch(L2Descriptor__GetType(descriptor.raw))
+    {
+        case Descriptor_LargePage:
+        {
+            pa = descriptor.largePage.addr << 16;
+            pa |= va & 0xFFFF;
+            break;
+        }
+        case Descriptor_SmallPage:
+        {
+            pa = descriptor.smallPage.addr << 12;
+            pa |= va & 0xFFF;
+            break;
+        }
+        default:
+            break;
+    }
+
+    return pa;
+}
+
+u32     L1MMUTable__GetAddressUserPerm(u32 *table, u32 va)
+{
+    u32             perm = 0;
+    L1Descriptor    descriptor = {table[va >> 20]};
+
+    switch (L1Descriptor__GetType(descriptor.raw))
+    {
+        case Descriptor_CoarsePageTable:
+        {
+            u32     *l2table = (u32 *)((descriptor.coarsePageTable.addr << 10) - 0x40000000);
+
+            perm = L2MMUTable__GetAddressUserPerm(l2table, va);
+            break;
+        }
+        case Descriptor_Section:
+        {
+            perm = descriptor.section.ap >> 1;
+
+            if (perm)
+            {
+                perm |= (!descriptor.section.apx && (descriptor.section.ap & 1)) << 1;
+                perm |= (!descriptor.section.xn) << 2;
+            }
+            break;
+        }
+        case Descriptor_Supersection:
+        {
+            perm = descriptor.supersection.ap >> 1;
+
+            if (perm)
+            {
+                perm |= (descriptor.supersection.ap & 1) << 1;
+                perm |= (!descriptor.supersection.xn) << 2;
+            }
+            break;
+        }
+        default:
+            // VA not found
+            break;
+    }
+
+    return perm;
+}
+
+u32     L2MMUTable__GetAddressUserPerm(u32 *table, u32 va)
+{
+    u32             perm = 0;
+    L2Descriptor    descriptor = {table[(va << 12) >> 24]};
+
+    switch(L2Descriptor__GetType(descriptor.raw))
+    {
+        case Descriptor_LargePage:
+        {
+            perm = descriptor.largePage.ap >> 1;
+            if (perm)
+            {
+                perm |= (!descriptor.largePage.apx && (descriptor.largePage.ap & 1)) << 1;
+                perm |= (!descriptor.largePage.xn) << 2;
+            }
+            break;
+        }
+        case Descriptor_SmallPage:
+        {
+            perm = descriptor.smallPage.ap >> 1;
+            if (perm)
+            {
+                perm |= (!descriptor.smallPage.apx && (descriptor.smallPage.ap & 1)) << 1;
+                perm |= (!descriptor.smallPage.xn) << 2;
+            }
+            break;
+        }
+        default:
+            break;
+    }
+
+    return perm;
+}
+
+void    KProcessHwInfo__SetMMUTableToRWX(KProcessHwInfo *hwInfo)
+{
+    KObjectMutex    *mutex = KPROCESSHWINFO_GET_PTR(hwInfo, mutex);
+    u32             *table = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA);
+
+    KObjectMutex__Acquire(mutex);
+
+    L1MMUTable__RWXForAll(table);
+
+    KObjectMutex__Release(mutex);
+}
+
+u32     KProcessHwInfo__GetPAFromVA(KProcessHwInfo *hwInfo, u32 va)
+{
+    KObjectMutex    *mutex = KPROCESSHWINFO_GET_PTR(hwInfo, mutex);
+    u32             *table = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA);
+
+    KObjectMutex__Acquire(mutex);
+
+    u32 pa = L1MMUTable__GetPAFromVA(table, va);
+
+    KObjectMutex__Release(mutex);
+
+    return pa;
+}
+
+u32     KProcessHwInfo__GetAddressUserPerm(KProcessHwInfo *hwInfo, u32 va)
+{
+    KObjectMutex    *mutex = KPROCESSHWINFO_GET_PTR(hwInfo, mutex);
+    u32             *table = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA);
+
+    KObjectMutex__Acquire(mutex);
+
+    u32 perm = L1MMUTable__GetAddressUserPerm(table, va);
+
+    KObjectMutex__Release(mutex);
+
+    return perm;
+}
+
+static union
+{
+    u32     raw;
+    struct
+    {
+        u32     xn      : 1;
+        u32     unkn    : 1;
+        u32     cb      : 2;
+        u32     ap      : 2;
+        u32     tex     : 3;
+        u32     apx     : 1;
+        u32     s       : 1;
+        u32     ng      : 1;
+    };
+} g_rwxState;
+
+// This function patch the permission when memory is mapped in the mmu table (rwx)
+KProcessHwInfo *PatchDescriptorAccessControl(KProcessHwInfo *hwInfo, u32 **outState)
+{
+    KProcess    *process = (KProcess *)((u32)hwInfo - 0x1C);
+    u32 state = **outState;
+    u32 flags =  KPROCESS_GET_RVALUE(process, customFlags);
+
+    if (flags & SignalOnMemLayoutChanges)
+        *KPROCESS_GET_PTR(process, customFlags) |= MemLayoutChanged;
+
+    if (!(flags & ForceRWXPages))
+        return hwInfo;
+
+    g_rwxState.raw = state;
+    g_rwxState.xn = 0;
+    g_rwxState.ap = 3;
+    g_rwxState.apx = 0;
+
+    *outState = &g_rwxState.raw;
+
+    return hwInfo;
+}

k11_extension/source/start.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+@   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by

k11_extension/source/svc.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -44,6 +44,7 @@
 #include "svc/MapProcessMemoryEx.h"
 #include "svc/UnmapProcessMemoryEx.h"
 #include "svc/ControlService.h"
+#include "svc/ControlProcess.h"
 #include "svc/CopyHandle.h"
 #include "svc/TranslateHandle.h"
 
@@ -59,13 +60,16 @@ void signalSvcEntry(u8 *pageEnd)
 
     // Since DBGEVENT_SYSCALL_ENTRY is non blocking, we'll cheat using EXCEVENT_UNDEFINED_SYSCALL (debug->svcId is fortunately an u16!)
     if(debugOfProcess(currentProcess) != NULL && shouldSignalSyscallDebugEvent(currentProcess, svcId))
+    {
         SignalDebugEvent(DBGEVENT_OUTPUT_STRING, 0xFFFFFFFE, svcId);
+    }
 }
 
 void signalSvcReturn(u8 *pageEnd)
 {
     u32 svcId = (u32) *(u8 *)(pageEnd - 0xB5);
     KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
+    u32      flags = KPROCESS_GET_RVALUE(currentProcess, customFlags);
 
     if(svcId == 0xFE)
         svcId = *(u32 *)(pageEnd - 0x110 + 8 * 4); // r12 ; note: max theortical SVC atm: 0x1FFFFFFF. We don't support catching svcIds >= 0x100 atm either
@@ -73,6 +77,13 @@ void signalSvcReturn(u8 *pageEnd)
     // Since DBGEVENT_SYSCALL_RETURN is non blocking, we'll cheat using EXCEVENT_UNDEFINED_SYSCALL (debug->svcId is fortunately an u16!)
     if(debugOfProcess(currentProcess) != NULL && shouldSignalSyscallDebugEvent(currentProcess, svcId))
         SignalDebugEvent(DBGEVENT_OUTPUT_STRING, 0xFFFFFFFF, svcId);
+
+    // Signal if the memory layout of the process changed
+    if (flags & SignalOnMemLayoutChanges && flags & MemLayoutChanged)
+    {
+        *KPROCESS_GET_PTR(currentProcess, customFlags) = flags & ~MemLayoutChanged;
+        SignalEvent(KPROCESS_GET_RVALUE(currentProcess, onMemoryLayoutChangeEvent));
+    }
 }
 
 void postprocessSvc(void)
@@ -91,10 +102,27 @@ void *svcHook(u8 *pageEnd)
     u32 svcId = *(u8 *)(pageEnd - 0xB5);
     if(svcId == 0xFE)
         svcId = *(u32 *)(pageEnd - 0x110 + 8 * 4); // r12 ; note: max theortical SVC atm: 0x3FFFFFFF. We don't support catching svcIds >= 0x100 atm either
+
     switch(svcId)
     {
         case 0x01:
             return ControlMemoryHookWrapper;
+        case 0x03: /* svcExitProcess */
+        {
+            // Signal that the process is about to be terminated
+            u32      flags = KPROCESS_GET_RVALUE(currentProcess, customFlags);
+
+            if (flags & SignalOnExit)
+            {
+                SignalEvent(KPROCESS_GET_RVALUE(currentProcess, onProcessExitEvent));
+
+                KEvent* event = (KEvent *)KProcessHandleTable__ToKAutoObject(handleTableOfProcess(currentProcess),
+                                                            KPROCESS_GET_RVALUE(currentProcess, resumeProcessExitEvent));
+                WaitSynchronization1(NULL, currentCoreContext->objectContext.currentThread, (KSynchronizationObject *)event, 10000000000ULL);
+                ((KAutoObject *)event)->vtable->DecrementReferenceCount((KAutoObject *)event);
+            }
+            return officialSVCs[0x3];
+        }
         case 0x29:
             return GetHandleInfoHookWrapper;
         case 0x2A:
@@ -136,7 +164,7 @@ void *svcHook(u8 *pageEnd)
             return invalidateEntireInstructionCache;
 
         case 0xA0:
-            return MapProcessMemoryEx;
+            return MapProcessMemoryExWrapper;
         case 0xA1:
             return UnmapProcessMemoryEx;
         case 0xA2:
@@ -148,6 +176,8 @@ void *svcHook(u8 *pageEnd)
             return CopyHandleWrapper;
         case 0xB2:
             return TranslateHandleWrapper;
+        case 0xB3:
+            return ControlProcess;
 
         default:
             return (svcId <= 0x7D) ? officialSVCs[svcId] : NULL;

k11_extension/source/svc/Backdoor.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+@   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by

k11_extension/source/svc/Break.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+@   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by

k11_extension/source/svc/ConnectToPort.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/source/svc/ControlMemory.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2019 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by

k11_extension/source/svc/ControlProcess.c

@@ -0,0 +1,215 @@
+#include "svc/ControlProcess.h"
+#include "memory.h"
+#include "mmu.h"
+#include "synchronization.h"
+
+typedef bool (*ThreadPredicate)(KThread *thread);
+
+void    rosalinaLockThread(KThread *thread);
+void    rosalinaRescheduleThread(KThread *thread, bool lock);
+
+Result  ControlProcess(Handle processHandle, ProcessOp op, u32 varg2, u32 varg3)
+{
+    Result              res = 0;
+    KProcess            *process;
+    KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
+
+    if(processHandle == CUR_PROCESS_HANDLE)
+    {
+        process = currentCoreContext->objectContext.currentProcess;
+        KAutoObject__AddReference((KAutoObject *)process);
+    }
+    else
+        process = KProcessHandleTable__ToKProcess(handleTable, processHandle);
+
+    if(process == NULL)
+        return 0xD8E007F7; // invalid handle
+
+    switch (op)
+    {
+        case PROCESSOP_GET_ALL_HANDLES:
+        {
+            KProcessHandleTable *table = handleTableOfProcess(process);
+            u32                 *originalHandleList = (u32 *)varg2;
+            u32                 count = 0;
+            u32                 searchForToken = varg3;
+            HandleDescriptor    *handleDesc = table->handleTable == NULL ? table->internalTable : table->handleTable;
+
+            for (u32 idx = 0; idx < (u32)table->maxHandleCount; ++idx, ++handleDesc)
+            {
+                if (handleDesc->pointer == NULL)
+                    continue;
+
+                if (searchForToken)
+                {
+                    KClassToken token;
+
+                    handleDesc->pointer->vtable->GetClassToken(&token, handleDesc->pointer);
+                    if (searchForToken != token.flags)
+                        continue;
+                }
+
+                *originalHandleList++ = idx | ((handleDesc->info << 16) >> 1);
+                ++count;
+            }
+            res = count;
+            break;
+        }
+
+        case PROCESSOP_SET_MMU_TO_RWX:
+        {
+            KProcessHwInfo  *hwInfo = hwInfoOfProcess(process);
+
+            *KPROCESS_GET_PTR(process, customFlags) |= ForceRWXPages;
+            KProcessHwInfo__SetMMUTableToRWX(hwInfo);
+            break;
+        }
+        case PROCESSOP_GET_ON_MEMORY_CHANGE_EVENT:
+        {
+            // Only accept current process for this command
+            if (process != currentCoreContext->objectContext.currentProcess)
+            {
+                res = 0xD8E007F7; // invalid handle
+                break;
+            }
+
+            Handle  *onMemoryLayoutChangeEvent = KPROCESS_GET_PTR(process, onMemoryLayoutChangeEvent);
+
+            if (*onMemoryLayoutChangeEvent == 0)
+                res = CreateEvent(onMemoryLayoutChangeEvent, RESET_ONESHOT);
+
+            if (res >= 0)
+            {
+                *KPROCESS_GET_PTR(process, customFlags) |= SignalOnMemLayoutChanges;
+                KAutoObject * event = KProcessHandleTable__ToKAutoObject(handleTable, *onMemoryLayoutChangeEvent);
+
+                createHandleForThisProcess((Handle *)varg2, event);
+                ((KAutoObject *)event)->vtable->DecrementReferenceCount((KAutoObject *)event);  ///< This avoid an extra operation on process exit
+                                                                                                ///< Closing the handle in the handle table will destroy the event
+            }
+
+            break;
+        }
+
+        case PROCESSOP_GET_ON_EXIT_EVENT:
+        {
+            // Only accept current process for this command
+            if (process != currentCoreContext->objectContext.currentProcess)
+            {
+                res = 0xD8E007F7; // invalid handle
+                break;
+            }
+
+            Handle  *onProcessExitEvent = KPROCESS_GET_PTR(process, onProcessExitEvent);
+            Handle  *resumeProcessExitEvent = KPROCESS_GET_PTR(process, resumeProcessExitEvent);
+
+            if (*onProcessExitEvent == 0)
+                res = CreateEvent(onProcessExitEvent, RESET_ONESHOT);
+            if (*resumeProcessExitEvent == 0)
+                res |= CreateEvent(resumeProcessExitEvent, RESET_ONESHOT);
+
+            if (res >= 0)
+            {
+                *KPROCESS_GET_PTR(process, customFlags) |= SignalOnExit;
+                KAutoObject * event = KProcessHandleTable__ToKAutoObject(handleTable, *onProcessExitEvent);
+
+                createHandleForThisProcess((Handle *)varg2, event);
+                ((KAutoObject *)event)->vtable->DecrementReferenceCount((KAutoObject *)event); ///< See higher
+
+                event = KProcessHandleTable__ToKAutoObject(handleTable, *resumeProcessExitEvent);
+
+                createHandleForThisProcess((Handle *)varg3, event);
+                ((KAutoObject *)event)->vtable->DecrementReferenceCount((KAutoObject *)event); ///< See higher
+            }
+
+            break;
+        }
+        case PROCESSOP_GET_PA_FROM_VA:
+        {
+            KProcessHwInfo  *hwInfo = hwInfoOfProcess(process);
+
+            u32 pa = KProcessHwInfo__GetPAFromVA(hwInfo, varg3);
+            *(u32 *)varg2 = pa;
+
+            if (pa == 0)
+                res = 0xE0E01BF5; ///< Invalid address
+
+            break;
+        }
+        case PROCESSOP_SCHEDULE_THREADS:
+        {
+            ThreadPredicate threadPredicate = (ThreadPredicate)varg3;
+
+            KRecursiveLock__Lock(criticalSectionLock);
+
+            if (varg2 == 0) // Unlock
+            {
+                for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
+                {
+                    KThread *thread = (KThread *)node->key;
+
+                    if((thread->schedulingMask & 0xF) == 2) // thread is terminating
+                        continue;
+
+                    if(thread->schedulingMask & 0x40)
+                        rosalinaRescheduleThread(thread, false);
+                }
+            }
+            else // Lock
+            {
+                bool currentThreadsFound = false;
+
+                for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
+                {
+                    KThread *thread = (KThread *)node->key;
+
+                    if(thread->ownerProcess != process
+                       || (threadPredicate != NULL && !threadPredicate(thread)))
+                        continue;
+
+                    if(thread == coreCtxs[thread->coreId].objectContext.currentThread)
+                        currentThreadsFound = true;
+                    else
+                        rosalinaLockThread(thread);
+                }
+
+                if(currentThreadsFound)
+                {
+                    for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
+                    {
+                        KThread *thread = (KThread *)node->key;
+
+                        if(thread->ownerProcess != process
+                           || (threadPredicate != NULL && !threadPredicate(thread)))
+                            continue;
+
+                        if(!(thread->schedulingMask & 0x40))
+                        {
+                            rosalinaLockThread(thread);
+                            KRecursiveLock__Lock(criticalSectionLock);
+                            if(thread->coreId != getCurrentCoreID())
+                            {
+                                u32 cpsr = __get_cpsr();
+                                __disable_irq();
+                                coreCtxs[thread->coreId].objectContext.currentScheduler->triggerCrossCoreInterrupt = true;
+                                currentCoreContext->objectContext.currentScheduler->triggerCrossCoreInterrupt = true;
+                                __set_cpsr_cx(cpsr);
+                            }
+                            KRecursiveLock__Unlock(criticalSectionLock);
+                        }
+                    }
+                    KScheduler__TriggerCrossCoreInterrupt(currentCoreContext->objectContext.currentScheduler);
+                }
+            }
+
+            KRecursiveLock__Unlock(criticalSectionLock);
+            break;
+        }
+        default:
+            res = 0xF8C007F4;
+    }
+
+    ((KAutoObject *)process)->vtable->DecrementReferenceCount((KAutoObject *)process);
+
+    return res;
+}