supplierdeeply

Canon EOS M5

  • 32 Replies
  • 7594 Views
*

Offline reyalp

  • ******
  • 10357
Re: Canon EOS M5
« Reply #30 on: 21 / January / 2017, 14:31:26 »
Advertisements
When I had a chance to make a dump on a G7x mark II should I use this version?
Yeah, I'd suggest starting with the one that worked on M5
Don't forget what the H stands for.

*

Offline a1ex

  • *****
  • 670
  • ML dev
Re: Canon EOS M5
« Reply #31 on: 22 / January / 2017, 19:00:56 »
MMU configuration (E0004C7A, see emulation log posted earlier):
Code: [Select]
BOTH: DACR <- 0x55555555          Client. Accesses are checked against the permission bits in the translation tables (all 16 entries)
BOTH: TTBCR <- 7                  TTBCR.N = 7 (TTBR0 "size", see [url=https://www.systems.ethz.ch/sites/default/files/file/aos2014/slides/02-MMUsEtc.pdf]AOS p23[/url])
CPU0: TTBR0_EL1 <- 0xE0004800     Translation table for low addresses (from 0 to 1FFFFFF)
CPU1: TTBR0_EL1 <- 0xE0004880     Translation table for low addresses (from 0 to 1FFFFFF)
BOTH: TTBR1_EL1 <- 0xE0000080     Translation table for high addresses (all others)
BOTH: CONTEXTIDR(S) <- MPIDR      Context ID Register <- current CPU
BOTH: TLBIALL <- 0x0              Instruction TLB Invalidate All
BOTH: SCTLR <- 0x40C50879         SCTLR |= 1 (enable MMU)

Memory map (see QEMU's target-arm/helper/helper.c:get_phys_addr_v6 and Cortex A series Programmer's Guide, chapter 8 - MMU ):
Code: [Select]
CPU0:
00001000-00001FFF -> 00000000-00000FFF (-1000) O:NCACH I:WB,WA  P:RW   
00002000-3FFFFFFF -> 00002000-3FFFFFFF (   +0) O:NCACH I:WB,WA  P:RW   

CPU1:
00001000-3FFFFFFF -> 00001000-3FFFFFFF (   +0) O:NCACH I:WB,WA  P:RW   

Both:
40000000-BFFFFFFF -> 40000000-BFFFFFFF (   +0) O:NCACH I:NCACH  P:RW   
C0000000-C1FFFFFF -> C0000000-C1FFFFFF (   +0) Device           P:RW XN
C4000000-C4FFFFFF -> C4000000-C4FFFFFF (   +0) Device           P:RW XN
C8000000-CAFFFFFF -> C8000000-CAFFFFFF (   +0) Device           P:RW XN
D0000000-D0FFFFFF -> D0000000-D0FFFFFF (   +0) Device           P:RW XN
D2000000-D2FFFFFF -> D2000000-D2FFFFFF (   +0) Device           P:RW XN
D4000000-D5FFFFFF -> D4000000-D5FFFFFF (   +0) Device           P:RW XN
D8000000-D9FFFFFF -> D8000000-D9FFFFFF (   +0) Device           P:RW XN
DE000000-DEFFFFFF -> DE000000-DEFFFFFF (   +0) Device           P:RW XN
DF000000-DFFFFFFF -> DF000000-DFFFFFFF (   +0) O:NCACH I:WB,WA  P:RW   
E0000000-E7FFFFFF -> E0000000-E7FFFFFF (   +0) O:WB,WA I:WB,WA  P:R   
E8000000-EFFFFFFF -> E8000000-EFFFFFFF (   +0) Strongly-ordered P:R  XN
F0000000-F7FFFFFF -> F0000000-F7FFFFFF (   +0) O:WB,WA I:WB,WA  P:R   
F8000000-FFFFFFFF -> F8000000-FFFFFFFF (   +0) Strongly-ordered P:R  XN

So, the MMU does mostly a flat mapping, and virtually all of the memory is visible from both CPUs, except for a 4K page private to each core, at virtual address 0x1000.

*

Offline reyalp

  • ******
  • 10357
Re: Canon EOS M5
« Reply #32 on: 22 / January / 2017, 23:29:34 »
I haven't looked at the details of ARM MMUs, but having one could potentially make hooking/replacing ROM code a lot more convenient.
Don't forget what the H stands for.

 

Related Topics