Code: Select all
void dcache_wbinv_all()
{
int i;
for(i = 0; i < 8192; i += 64)
{
__builtin_allegrex_cache(0x14, i);
__builtin_allegrex_cache(0x14, i);
}
}crazyc wrote:I believe the entire cache (i+d) is 16kb, but i'm not 100% sure.Raphael wrote:Isn't the cache 16kb?
Though not the best source of information, I understand that as 16kb for each.http://en.wikipedia.org/wiki/PlayStation_Portable wrote:Both CPUs contain 16KiB of two-way set associative instruction cache and data cache respectively.
The code in sceKernelWritebackInvalidateAll looks like:Raphael wrote:Though not the best source of information, I understand that as 16kb for each.
Someone reversed the sony function for wbinvall to check?
Code: Select all
int sceKernelWritebackInvalidateAll(void) {
int i, j;
j = mfc0(0x16); // Config register
j = (j >> 6) & 3;
j = 2048 << j;
for(i = 0; i < j; i += 64)
{
__builtin_allegrex_cache(0x14, i);
__builtin_allegrex_cache(0x14, i);
}
}Being a two-way set, you have two entries for the same index, so 2 x 128 x 64b = 16kb. You need to do it twice only if you want to invalidate and/or writeback an index in both cache-lines. The reason is probably because those cache operations would handle the oldest entry (using LRU algorithm ?).crazyc wrote:The code in sceKernelWritebackInvalidateAll looks like:Raphael wrote:Though not the best source of information, I understand that as 16kb for each.
Someone reversed the sony function for wbinvall to check?mfc0 0x16 is 0x480 so 2048 << 2 is 8192, but after testing, it does appear the dcache is 16kb. I don't know why it's done this way.Code: Select all
int sceKernelWritebackInvalidateAll(void) { int i, j; j = mfc0(0x16); // Config register j = (j >> 6) & 3; j = 2048 << j; for(i = 0; i < j; i += 64) { __builtin_allegrex_cache(0x14, i); __builtin_allegrex_cache(0x14, i); } }
So if we suppose whenever we call CACHE instruction we are setting or resetting this bit LRU, it makes sense we need to do it twice to clear both cache-lines, since this LRU bit acts as a selector for WayA or WayB cache-line.For a two-way set associative cache, the replacement algorithm is a bit more complex. [...] However, remember the principle of temporal locality : if a memory location has been referenced recently, it is likely to be referenced again in the very near future. A corollary to this is "if a memory location has not been accessed in a while, it is likely to be a long time before the CPU accesses it again." Therefore, a good replacement policy that many caching controllers use is the "least recently used" or LRU algorithm. The idea is to pick the cache line that was not most frequently accessed and replace that cache line with the new data. An LRU policy is fairly easy to implement in a two-way set associative cache system. All you need is a bit that is set to zero whenever the CPU accessing one cache line and set it to one when you access the other cache line. This bit will indicate which cache line to replace when a replacement is necessary
I guess by this dcache_inv_all should be wrong too, and looking at sceKernelDcacheInvalidateAll does 4096 << 2 so it is.hlide wrote:Being a two-way set, you have two entries for the same index, so 2 x 128 x 64b = 16kb. You need to do it twice only if you want to invalidate and/or writeback an index in both cache-lines. The reason is probably because those cache operations would handle the oldest entry (using LRU algorithm ?).
Code: Select all
static void dcache_inv_all() {
int i;
store_tag(i, 0, 0);
for(i = 0; i < 16384; i += 64) {
__builtin_allegrex_cache(0x13, i);
__builtin_allegrex_cache(0x11, i);
}
}
Code: Select all
int sceKernelWritebackInvalidateAll(void) {
int i, j;
j = mfc0(0x16); // Config register
j = (j >> 6) & 3;
j = 2048 << j;
for(i = 0; i < j; i += 64)
{
__builtin_allegrex_cache(0x14, i);
__builtin_allegrex_cache(0x14, i);
}
}
Code: Select all
int sceKernelWritebackInvalidateAll(void) {
int i, j;
j = mfc0(0x16); // Config register
j = (j >> 6) & 3;
j = 4096 << j;
for(i = 0; i < j; i += 64)
{
__builtin_allegrex_cache(0x14, i);
}
}
I wonder why SCE decided to use both ways in different functions though. Must have a reason why.hlide wrote:indeed,
andCode: Select all
int sceKernelWritebackInvalidateAll(void) { int i, j; j = mfc0(0x16); // Config register j = (j >> 6) & 3; j = 2048 << j; for(i = 0; i < j; i += 64) { __builtin_allegrex_cache(0x14, i); __builtin_allegrex_cache(0x14, i); } }
should have similar effect if we suppose CACHE index operation truncates index in the range between 0 and 8191.Code: Select all
int sceKernelWritebackInvalidateAll(void) { int i, j; j = mfc0(0x16); // Config register j = (j >> 6) & 3; j = 4096 << j; for(i = 0; i < j; i += 64) { __builtin_allegrex_cache(0x14, i); } }
If they keep frames in the local memory for use when decoding video, it makes lots of sense to double the local memory. Just as you couldn't fit two full video frames (720x503) into vram, you can't fit them in local memory either unless you double it.hlide wrote:does it make sense to double this ME local EDRAM ? I wonder why... the latest 2 MB for VRAM couldn't fit the first 2MB of ME EDRAM and the latest 2MB for ME EDRAM the first 2MB of VRAM. It would be awesome but probably wrong.
Looking at the code, you find:tailerb wrote:Please tell me, when media engine runs my function how big the stack size is and at what adress(in case of mediaengine.prx)?
Code: Select all
li sp, 0x80200000Err - I just ran across something interesting today. The ME can't access the extended system memory in the Slim. Accesses to 0x08000000 to 0x09ffffff are fine, but trying to access 0x0a000000 on up hangs the ME.crazyc wrote:Access to system memory causes an exception unless that is done.Shazz wrote:Short question, what do we have in 0xbc100080 ?????? (And the value 7 for ?)
Shouldn't it be 0xbc100050 to enable the ME clock ?Code: Select all
li k0, 0xbc100000 li t0, 7 sw t0, 80(k0)
Thx
Yes, exactly. 15 instead of 7 didn't work. I even tried writing -1 out to 60 instead of 30 as well. I'll check if changing 40 has any affect. Thanks for the tip.hlide wrote:or there is a new mmio register to unlock access on the upper 32 MB we don't know about. Or the same mmio register may be written with a different value to do so. Did you ever try different values like 15 instead of 7 ? I guess you already did : "I tried modifying the code above a few ways to see if I could "unlock" the extra mem, but it didn't work", right ?
Code: Select all
me_stub:
li k0, 0xbc100000
li t0, 7
sw t0, 80(k0)
li t0, 2
sw t0, 64(k0)
I don't think you should worry about anything else in that register : its purpose is probably only for setting memory size, and i was speaking about those both bits according to what I read in Groepaz's pspdoc.J.F. wrote:Is there anything else in that reg I should worry about? You mentioned setting particular bits, but I'm just overwriting the whole thing. It DOES work though. You can now write to the second 32 MB with the ME with that change (the last two lines in the code above).Code: Select all
me_stub: li k0, 0xbc100000 li t0, 7 sw t0, 80(k0) li t0, 2 sw t0, 64(k0)
mediaengine.prx loaded/started
Initialized MediaEngine Instance
Now testing MediaEngine functions
Testing BeginME...passed!
1 0 0
1 0 0
:
:
1 0 0
1 0 0
Result is 00000000
Testing CallME...failed! Error calling CallME.
Testing SignalME...failed! Error calling BeginME.
Remember that 3.71 had different NIDs for the ME stuff, and no NID resolver. If you look at my MediaEngine PRX, you'll see have have special support for detecting 3.71 and using the 3.71 NIDs.emufan wrote:Why MediaEnginePRX-v1.0a can not run correct on my psp2000(3.71m33-4)?The result is:mediaengine.prx loaded/started
Initialized MediaEngine Instance
Now testing MediaEngine functions
Testing BeginME...passed!
1 0 0
1 0 0
:
:
1 0 0
1 0 0
Result is 00000000
Testing CallME...failed! Error calling CallME.
Testing SignalME...failed! Error calling BeginME.
1-2 ) The MediaEngine code in DX64 is the latest. You can tell because it has some fixes to the cache code compared to the original.Kreationz wrote:A few quick questions:
1. Is the current version of your code still "MediaEnginePRX-v1.0a"?
2. This is what we are using in DX64 correct?
3. Is there some short example code for using the MediaEngine? (I'm looking for something other than DX64 as I'm currently tearing it apart to be rebuilt and want to run some tests without interference from other parts of the code.)
(And sorry I resurrected anther old thread J.F.)
Code: Select all
#include <pspsdk.h>
#include <pspkernel.h>
#include <pspctrl.h>
#include <pspiofilemgr.h>
#include <pspdebug.h>
#include <psppower.h>
#include <pspdisplay.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "me.h"
#define printf pspDebugScreenPrintf
#define VERS 1
#define REVS 1
PSP_MODULE_INFO("DisplayTest", 0, VERS, REVS);
PSP_MAIN_THREAD_ATTR(PSP_THREAD_ATTR_USER);
PSP_HEAP_SIZE_KB(-256);
__attribute__((aligned(64))) unsigned int frame[512*272];
unsigned int *frameBuf;
volatile struct me_struct *mei;
__attribute__((aligned(64))) struct me_struct meinst;
/*
* ME functions
*
*/
int ColorCycle(volatile struct me_struct *mei)
{
int x, y;
int c = 0;
unsigned int *buffer;
buffer = (unsigned int *)((int)frameBuf | 0x40000000);
while (!(mei->signals & 0x00000001))
{
if (mei->signals & 0x00000002)
for(y=0;y<272;y++)
for(x=0;x<480;x++)
buffer[y*512+x]=(x&255)+((y&255)<<8)+((c&255)<<16);
c++;
}
return 0;
}
/*
* SC functions
*
*/
void *malloc_64(int size)
{
int mod_64 = size & 0x3f;
if (mod_64 != 0) size += 64 - mod_64;
return((void *)memalign(64, size));
}
int main(void)
{
//unsigned int b;
int mode, width, height, bufferwidth, pixelformat, x, y;
void *topaddr;
int hasME = 1;
int err;
pspDebugScreenInit();
pspDebugScreenSetBackColor(0x00000000);
pspDebugScreenSetTextColor(0x00ffffff);
pspDebugScreenClear();
sceCtrlSetSamplingCycle(0);
sceCtrlSetSamplingMode(PSP_CTRL_MODE_DIGITAL);
SceUID mod = pspSdkLoadStartModule("mediaengine.prx", PSP_MEMORY_PARTITION_KERNEL);
if (mod < 0)
{
printf(" Error 0x%08X loading/starting mediaengine.prx.\n", mod);
hasME = 0;
}
printf("\n Display Test\n\n");
// mei = malloc_64(sizeof(struct me_struct));
// mei = (volatile struct me_struct *)(((int) mei) | 0x40000000);
mei = (volatile struct me_struct *)((u32)&meinst | 0x40000000);
sceKernelDcacheWritebackInvalidateAll();
if(hasME)
if (InitME(mei, sceKernelDevkitVersion()) != 0)
{
printf(" Couldn't initialize MediaEngine Instance\n");
hasME = 0;
}
printf(" Media Engine Instance initialized\n");
sceKernelDelayThread(2*1000*1000);
// FILE *fh = fopen("dump.bin", "w");
// fwrite(0x49000000, 1, 0x10000, fh);
// fclose(fh);
KillME(mei, sceKernelDevkitVersion());
printf(" Media Engine Instance destroyed\n");
sceKernelDelayThread(2*1000*1000);
InitME(mei, sceKernelDevkitVersion());
printf(" Media Engine Instance initialized\n");
sceKernelDelayThread(2*1000*1000);
sceDisplayGetMode(&mode, &width, &height);
sceDisplayGetFrameBuf(&topaddr, &bufferwidth, &pixelformat, 0);
printf(" mode = %d, width = %d, height = %d\n", mode, width, height);
printf(" fbuf = 0x%08X, bufferwidth = %d, pixelformat = %d\n", (int)topaddr, bufferwidth, pixelformat);
sceKernelDelayThread(5*1000*1000);
// frameBuf = (unsigned int *)0x09000000; // phat
// frameBuf = (unsigned int *)0x0b000000; // slim
frameBuf = (unsigned int *)((u32)&frame | 0x40000000);
for(y=0;y<272;y++)
{
for(x=0;x<480;x++)
{
frameBuf[y*512+x]=(x&255)+((y&255)*256);
}
}
sceKernelDcacheWritebackAll();
sceDisplaySetMode(0,480,272);
sceDisplaySetFrameBuf(frameBuf, 512, PSP_DISPLAY_PIXEL_FORMAT_8888, PSP_DISPLAY_SETBUF_NEXTFRAME);
sceKernelDelayThread(2*1000*1000);
pspDebugScreenSetBase((u32 *)(0x40000000 | (int)frameBuf));
pspDebugScreenSetXY(0, 0);
printf(" Display Test");
sceKernelDelayThread(2*1000*1000);
if (hasME)
{
err = BeginME(mei, (int)ColorCycle, (int)mei, 0, 0, 0, 0);
if (err < 0)
printf(" failed! Error calling BeginME.\n");
}
if (hasME)
SignalME(mei, 0x00000002, 0x00000002); // start 480x272 ColorCycle
sceKernelDelayThread(3*1000*1000);
if (hasME)
SignalME(mei, 0x00000002, 0x00000000); // stop ColorCycle
sceKernelDelayThread(3*1000*1000);
if (hasME)
SignalME(mei, 0x00000002, 0x00000002); // start 480x272 ColorCycle
sceKernelDelayThread(3*1000*1000);
if (hasME)
SignalME(mei, 0x00000002, 0x00000000); // stop ColorCycle
if (hasME)
{
SignalME(mei, 0x00000001, 0x00000001); // exit ColorCycle
err = WaitME(mei);
}
sceKernelDelayThread(3*1000*1000);
sceKernelExitGame();
return 0; /* never reaches here - just to suppress warning */
}
Code: Select all
TARGET = DisplayTest
OBJS = main.o me.o MediaEngine.o
INCDIR =
CFLAGS = -O2 -G0 -Wall
CXXFLAGS = $(CFLAGS) -fno-exceptions -fno-rtti
ASFLAGS = $(CFLAGS)
PSP_FW_VERSION=500
BUILD_PRX = 1
PSP_LARGE_MEMORY = 1
LIBDIR =
LIBS = -lpspdisplay -lpsppower
LDFLAGS =
EXTRA_TARGETS = EBOOT.PBP
PSP_EBOOT_TITLE = Display Test
#PSP_EBOOT_ICON="icon0.png"
#PSP_EBOOT_PIC1="pic1.png"
#PSP_EBOOT_SND0="snd0.at3"
PSPSDK=$(shell psp-config --pspsdk-path)
include $(PSPSDK)/lib/build.mak
Code: Select all
//Do this once. because i think it causes memory leaks.
mei = malloc_64(sizeof(struct me_struct));
mei = (volatile struct me_struct *)(((int) mei) | 0x40000000);
me_param = malloc_64(sizeof(struct me_param_struct));
//me_param = (volatile struct me_param_struct *)(((int) me_param) | 0x40000000);
sceKernelDcacheWritebackInvalidateAll();
Code: Select all
else if (!strcasecmp(files[y + scrllpos].d_name+(strlen(files[y + scrllpos].d_name)-5), ".dict")) {
PrinToBox(LINESPACING, AUTOSCROLL, COPYPRINT, "Opening dict file %s\n", files[y + scrllpos].d_name);
fp = fopen(files[y + scrllpos].d_name, "rb");
if (fp == NULL) {
PrinToBox(LINESPACING, AUTOSCROLL, PRINT, "Error opening dictfile %s\n", files[y + scrllpos].d_name);
goto failed;
}
PrinToBox(LINESPACING, AUTOSCROLL, COPYPRINT, "Starting dictionary attack. Please be patient.\n");
sceKernelDelayThread(1500000);
gettimeofday(&start, 0);
if (InitME(mei) != 0)
{
PrinToBox(LINESPACING, AUTOSCROLL, PRINT, "Couldn't initialize MediaEngine Instance\n");
goto failed;
}
SceUID me_attack = sceKernelCreateThread("me_dict_attack_thread", me_dict_attack_thread, 0x30, 512 * 1024, PSP_THREAD_ATTR_USER, NULL);
if (me_attack < 0) {
PrinToBox(LINESPACING, AUTOSCROLL, PRINT, "Could not create me_dict_attack_thread!\n");
goto failed;
}
sceKernelStartThread(me_attack, 0, NULL);
}
while ((!keyfound) && (!stop) && (me_done+done != 1)) {
sceKernelDelayThread(100000);
sceCtrlReadBufferPositive(&pad, 1);
if((pad.Buttons & PSP_CTRL_CIRCLE) || (stop)) {
stop = 1; //Needs to be invalidated for the ME to see it
sceKernelDcacheWritebackInvalidateAll();
sceKernelDelayThread(300000);
}
}
Code: Select all
int me_attack(){
calc_pmk((char*)me_param->me_word, (char*)me_param->me_essid, (unsigned char*)me_param->me_pmk);
dcache_wbinv_all();
return 0;
}
int me_dict_attack_thread(SceSize args, void *argp){
u8 ptk[80];
u8 keymic[16];
char tpassphrase[MAXPASSLEN+1];
int fret;
sprintf((char*)me_param->me_essid, ssid);
while (!keyfound && !stop) {
while(eventwarn) {
cracking = 0;
sceKernelDelayThread(100000);
}
cracking = 1;
totalwords++;
menu.statusbox[0] = R_NULL;
PrinToBox(LINESPACING, AUTOSCROLL, COPY, "Reading word #%d, %d tested, %d invalid\n", totalwords+1, wordstested, badwords);
fret = nextword(tpassphrase, fp);
if (fret < 8 || fret > 63) {
if (fret == -1) {
PrinToBox(LINESPACING, AUTOSCROLL, COPYPRINT, "EOF!\n");
break;
}
else if (fret == -2) {
badwords++;
PrinToBox(LINESPACING, AUTOSCROLL, COPYPRINT, "Error reading file!\n");
continue;
}
else {
badwords++;
PrinToBox(LINESPACING, AUTOSCROLL, COPY, "Invalid passphrase length: (%d) %s\n", strlen(tpassphrase), tpassphrase);
continue;
}
}
wordstested++;
PrinToBox(LINESPACING, AUTOSCROLL, COPY, "Calculating PMK for \"%s\"\n", tpassphrase);
sprintf((char*)me_param->me_word, tpassphrase);
sceKernelDcacheWritebackInvalidateRange((struct me_param_struct*)me_param, sizeof(struct me_param_struct));
if (CallME(mei, (int)me_attack, 0) < 0) {
PrinToBox(LINESPACING, AUTOSCROLL, PRINT, "Error calling CallME.\n");
me_done = 1;
}
PrinToBox(LINESPACING, AUTOSCROLL, COPY, "Calculating PTK with collected data and PMK.\n");
wpa_pmk_to_ptk((unsigned char*)me_param->me_pmk, cdata.aa, cdata.spa, cdata.anonce, cdata.snonce, ptk, sizeof(ptk));
PrinToBox(LINESPACING, AUTOSCROLL, COPYPRINT, "Calculating hmac-MD5 Key MIC for this frame.\n");
hmac_hash(cdata.ver, ptk, 16, cdata.eapolframe, sizeof(cdata.eapolframe), keymic);
if (memcmp(&cdata.keymic, &keymic, sizeof(keymic)) == 0) {
strcpy(passphrase, tpassphrase);
keyfound = 1;
break;
}
cracking = 0;
}
KillME(mei);
sceKernelDcacheWritebackAll();
//sceKernelIcacheClearAll();
me_done = 1;
sceKernelExitDeleteThread(0);
return 0;
}