Kernel Interrupt Events

Kernel Interrupt Events

KBaseInterruptEvent

Kernel Interrupt Events

Abstract base class for all interrupt events.

Size: 0x4 bytes

OffsetTypeDescription
0x0void **Pointer to vtable

This abstract base class defines virtual KSchedulableInterruptEvent* handleInterruptAndGetKSchedulableInterruptEvent(u32 interruptID) = 0. It’s actually the function called by the IRQ handler, which returns a KSchedulableInterruptEvent to call the second virtual method of (which signals the object) after a reschedule.

If either NULL or 1 is returned, nothing will be signaled. If NULL is returned, no post-interrupt rescheduling will be done.

KCacheMaintenanceInterruptEvent

Kernel Interrupt Events

class KCacheMaintenanceInterruptEvent extends KBaseInterruptEvent

This object handles data cache (L2C not included) and instruction cache maintainance.

There is only one instance of this object.

Size : 0x4C bytes (N3DS) / 0x34 bytes (O3DS)

OffsetTypeDescription
0x0void **Pointer to vtable
0x4u8Cache operation
0x5u8Indicates whether to do the operation asynchronically (this is what is used when processes are running for ranges >= 0x200 bytes)
0x6s8Number of cores still doing cache maintenance operations
0x7u8Padding
0x8KThread *Thread operating on the object
0xCvoid *Start address (when applicable)
0x10void *End address (when applicable)
0x14KThreadLinkedListNode *Related to KThread+0xA0
0x18KThreadLinkedList *KThread+0xA8 of the current thread
0x1CKAsyncCacheMaintenanceInterruptEvent[number of cores]Used when the field at offset 0x5 is 1, see below

Possible operations (any other value leads to a kernel panic):

KDebug

Kernel Synchronization Objects, Kernel Interrupt Events

class KDebug extends KSynchronizationObject and KSendableInterruptEvent;

Size : 0xA0 bytes

OffsetTypeDescription
0x0u32Pointer to vtable
0x4u32Reference count
0x8u32Count of KThreads that sync with this object - number of nodes in the linked list below
0xCKLinkedListNode*Pointer to first KLinkedListNode in node list of KThreads that sync with this object
0x10KLinkedListNode*Pointer to last KLinkedListNode in node list of KThreads that sync with this object
0x14KSendableInterruptEventProcess termination event
0x1Cu8Indicates an ATTACH PROCESS event has been signaled to this object
0x1Du8Debug string length >> 31, always 0
0x1Eu8Indicates that a debug event is currently being signaled to this object
0x1Fu8Indicates that the parent process is paused (using svcBreakDebugProcess). svcContinueDebugEvent will ignore all debug events other than EXIT PROCESS, and some other debug SVCs will return an error.
0x20DebugEventTypeType of the latest debug event
0x24u32Unknown, probably unused
0x28KThread *Thread having exclusive access to this object
0x2Cu32Debug event flags set by svcContinueDebugEvents Bit0: no exception dumps are made if this is set. Bit1 and following: report EXCEPTION (this flag is bypassed for svc 0xFF), SCHEDULE, SYSCALL, MAP debug events, respectively.
0x30u32Stop point type that caused the event: 0 = svc 0xFF, 1 = breakpoint, 2 = watchpoint (otherwise it’s not updated).
0x34u32Count of KEventInfo object nodes to be fetched with svcGetProcessDebugEvent (associated with this KDebug object)
0x38KLinkedListNode*Pointer to first KLinkedListNode in linked list of KEventInfo objects to be fetched with svcGetProcessDebugEvent
0x3CKLinkedListNode*Pointer to last KLinkedListNode in linked list of KEventInfo objects to be fetched with svcGetProcessDebugEvent
0x40u32Count of KEventInfo object nodes to be fetched with svcContinueDebugEvent (associated with this KDebug object)
0x44KLinkedListNode*Pointer to first KLinkedListNode in linked list of KEventInfo objects to be fetched with svcContinueDebugEvent
0x48KLinkedListNode*Pointer to last KLinkedListNode in linked list of KEventInfo objects to be fetched with svcContinueDebugEvent
0x4CKProcess*Parent process
0x50KThread*Current KThread- thread being debugged
0x54KThread*Thread using ContinueDebugEvent
0x58s32Cpu core of thread using ContinueDebugEvent
0x5Cu32Count of KDebugThread object nodes associated with this KDebug object
0x60KLinkedListNode*Pointer to first KLinkedListNode in linked list of KDebugThread objects
0x64KLinkedListNode*Pointer to last KLinkedListNode in linked list of KDebugThread objects
0x68u32List size; this KLinkedList of all the KThread instances of the parent process: the currently running threads followed the others, by core then by dynamic priority.
0x6CKLinkedListNode*Pointer to first KLinkedListNode in the above list
0x70KLinkedListNode*Pointer to last KLinkedListNode in the above list
0x74KRecursiveLockRecursive lock
0x7CKThread*Current KThread- used in svcBreak
0x80u8Cleared when an EXCEPTION debug event was (attempted to be) signaled (i.e. even when bit2 of the debug flag is clear)
0x81u8Indicates that an EXCEPTION debug event was signaled
0x82u8Indicates that all threads should be unlocked
0x83u8Indicates that an EXCEPTION debug event different from USER_BREAK was continued, while the process was paused
0x84u8Indicates that a USER_BREAK debug event was continued while the process was paused
0x85u8Indicates that the KProcess instance it belongs to has exited (normally ?)
0x86u8Indicates that the KProcess instance it belongs to has been terminated
0x87u8Indicates that svcBreak was used and not yet handled by svcContinueDebugEvent, with type != (UN)LOAD_RO
0x88u32 *Register dump
0x8Cu32Exception type
0x90u16Number of “EXCEPTION” events encountered (0 or 1)
0x92u16ID of the invalid SVC that was attempted
0x94u16Total number of debug events associated with this object awaiting svcContinueDebugEvent
0x96u16Number of EXIT PROCESS debug events associated with this object awaiting svcContinueDebugEvent
0x98const char *Debug string
0x9Cu32Debug string length

Category:Kernel synchronization objects Category:Kernel interrupt events

KEvent

Kernel Synchronization Objects, Kernel Interrupt Events

class KEvent extends KSynchronizationObject and KUserBindableInterruptEvent;

Size : 0x28 bytes

OffsetTypeDescription
0x0u32Pointer to vtable
0x4u32Reference count
0x8u32Count of KThreads that sync with this object - number of nodes in the linked list below
0xCKLinkedListNode*Pointer to first KLinkedListNode in node list of KThreads that sync with this object
0x10KLinkedListNode*Pointer to last KLinkedListNode in node list of KThreads that sync with this object
0x14KUserBindableInterruptEventInterrupt event (*this)
0x20boolEvent is signaled
0x21boolManual clear
0x22u8Reset type
0x23u8Unused, alignment
0x24KProcess *Owner

Category:Kernel synchronization objects Category:Kernel interrupt events

KFIQInterruptEvent

Kernel Interrupt Events

class KFIQInterruptEvent extends KSynchronizationInterruptEvent

Size : 0x10 bytes

Interrupt event object associated with SGI #15, which is the only private interrupt that can be bound using svcBindInterrupt.

Although that SGI #15 is sent to both core0 and core1, there’s only one instance of KFIQInterruptEvent for all cores, the fields of which are set by svcBindInterrupt. If it has been bound on one core, it can’t be bound on the others (0xD8A007FC, “already exists”, is returned). It is usually bound by the dmnt or the debugger sysmodules.

KProcess

Kernel Synchronization Objects, Kernel Interrupt Events

class KProcess extends KSynchronizationObject and KSendableInterruptEvent;

Size : 0x270 (N3DS) / 0x268 bytes (O3DS post 8.x) / 0x260 bytes (O3DS pre 8.x). 0x4D8 bytes on ARM9. The only field that changed is the KProcessHwInfo member instance. The definition of KProcess remain identical in all cases.

The listed offsets are N3DS-only.

OffsetTypeDescription
0x0void**Pointer to vtable
0x4u32Reference count
0x8u32Count of KThreads that sync with this object - number of nodes in the linked list below
0xCKLinkedListNode*Pointer to first KLinkedListNode in node list of KThreads that sync with this object
0x10KLinkedListNode*Pointer to last KLinkedListNode in node list of KThreads that sync with this object
0x14KSendableInterruptEventInterrupt event (*this) sent to terminate the process
0x1CKProcessHwInfoProcess hardware/context info. Used to manage segmentation, etc.
0x68u32Total size of all Thread Context pages owned by threads that belong to this process
0x6Cu32Number of KThreadLocalPages used by this KProcess
0x70KLinkedListNode*Pointer to first KLinkedListNode in the list of KThreadLocalPages
0x74KLinkedListNode*Pointer to last KLinkedListNode in the list of KThreadLocalPages
0x78u32Unknown
0x7Cs32Ideal processor for this process
0x80KDebug*KDebug object created from svc 0x60 to debug the process
0x84KResourceLimit*Pointer to resource limits for process.
0x88u8Normally 1 to indicate process is open/available. Set to 2 to indicate process is exiting/closing and 3 to indicate exited/closed.
0x89u8Process affinity mask
0x8Au16Unused, alignment
0x8Cs16Number of threads which belong to this process.
0x8Es16Max number of threads which can belong to this process. This is always 0.
0x900x10-bytesSVC access control mask from the exheader kernel descriptors. This is copied to the Thread Context area when creating threads, which is the actual data the SVC-handler checks for SVC-access-control.
0xA0u32[4]Interrupt flags- 32 interrupts per word, 4 words, 0x80 interrupts total divided evenly across 4 words
0xB0u32Kernel flags from the exheader kernel descriptors.
0xB4u16Handle table size from the exheader kernel descriptors. When this is 0, handle table is stored in WRAM.
0xB6u16Kernel release version field, from the exheader kernel descriptors.
0xB8KCodeSet*Pointer to KCodeSet instance
0xBCu32Process id, this always begins at 0x0 for the first process.
0xC0s64Process creation time as tick count
0xC8KThread*Pointer to the process’s main thread.
0xCCu32[4]Interrupt enabled flags- 32 interrupts per word, 4 words, 0x80 interrupts total divided evenly across 4 words
0xDCKProcessHandleTableThis is the data for tracking and using all of the KProcess’s handles.
0x234u32Unused (From here up, everything is set to 0 on creation, has 0 written to it again during process creation, and is never used again.)
0x238u64Unused
0x240u64Unused
0x248u64Unused
0x250u64Unused
0x258u64Unused
0x260u64Unused
0x268u64Unused

KProcessHandleTable #

OffsetTypeDescription
0x0HandleDescriptor*Pointer to the process’s handle table.
0x4s16The max number of handles that can be open at once - usually 0x200.
0x6s16The highest count of handles that have been open at once
0x8HandleDescriptor*Pointer to the next open HandleDescriptor entry in the handle table.
0xCs16Total handles used by this KProcess.
0xEs16The current number of handles in use.
0x10KObjectMutexMutex
0x18HandleDescriptor[0x28]This small handle data table, internal to the KProcess, is only used in certain processes that don’t have an external handle descriptor table in FCRAM. It is all zeros in most processes.

HandleDescriptor #

OffsetTypeDescription
0x0u32Handle info
0x4u32Pointer to the kernel object that the handle references.

The handle info u32 works as such:

KSchedulableInterruptEvent

Kernel Interrupt Events

class KSchedulableInterruptEvent extends KSynchronizationInterruptEvent

Size : 0x8 bytes

Abstract class used as base for KScheduler, KFIQInterruptEvent, KUserBindableInterruptEvent, KThread, etc.

The virtual interrupt function of this class returns an instance to this (as KSchedulableInterruptEvent). After being added to the KSchedulableInterruptEventLinkedList instance of the current core and picked up by its kernel thread, the second virtual function is executed. The instances of the subclasses that also inherit from KSynchronizationObject are signaled as well.

KScheduler

Kernel Interrupt Events

class KScheduler extends KSchedulableInterruptEvent;

Size : 0x228 bytes

OffsetTypeDescription
0x0void **Pointer to vtable
0x4KSynchronizationObject *Inherited field. Unused.
0x8u32Count for thread switch attempts - this is only added to if a context switch function runs but exits because the scheduler is locked by another thread.
0xCboolContext switch needed
0xDboolContext switch started during interrupt
0xEboolTrigger CPU cross-core interrupt (interrupt 8)
0xFboolPost-interrupt rescheduling needed
0x10s16Scheduler core number
0x12s16Count of threads currently being managed by this scheduler object
0x14u32Bit field for high priority threads in KScheduler(0-31)
0x18u32Bit field for low priority threads in KScheduler(32-63)
0x1CKThread*Scheduler’s idle thread (runs when no other runnable thread is available)
0x20KThreadLinkedListLinked list of threads managed by this KScheduler instance
0x28ThreadSchedulePrioList[64]List of KThread pair structs by priority

There is 1 KScheduler object per core.

KSemaphore

Kernel Synchronization Objects, Kernel Interrupt Events

class KSemaphore extends KSynchronizationObject and KUserBindableInterruptEvent;

Size : 0x2C bytes

OffsetTypeDescription
0x0u32Pointer to vtable
0x4u32Reference count
0x8u32Count of KThreads that sync with this object - number of nodes in the linked list below
0xCKLinkedListNode*Pointer to first KLinkedListNode in list of KThreads that sync with this semaphore
0x10KLinkedListNode*Pointer to last KLinkedListNode in list of KThreads that sync with this semaphore
0x14KUserBindableInterruptEventInterrupt event (*this)
0x20u32Count
0x24u32Max count
0x28KProcess*Owner

Category:Kernel synchronization objects Category:Kernel interrupt events

KSynchronizationInterruptEvent

Kernel Interrupt Events

class KSynchronizationInterruptEvent extends KBaseInterruptEvent

Size : 0x8 bytes

This this the abstract base class for all interrupt events related to synchronization objects: KSchedulableInterruptEvent, KTimeableInterruptEvent and KSendableInterruptEvent

There’s no new virtual function defined by this class.

OffsetTypeDescription
0x0void **Pointer to vtable
0x4KSynchronizationInterruptEvent *Next interrupt event (associated with the current one). The linked list represented by this attribute can contain cycles

Category:Kernel interrupt events

KThread

Kernel Synchronization Objects, Kernel Interrupt Events

class KThread extends KSynchronizationObject, KTimeableInterruptEvent, KSendableInterruptEvent and KSchedulableInterruptEvent;

Size : 0xB0 bytes

OffsetTypeDescription
0x0u32Pointer to vtable
0x4u32Reference count
0x8u32Count of KThreads that sync with this object - number of nodes in the linked list below
0xCKLinkedListNode*Pointer to first KLinkedListNode in node list of KThreads that sync with this object
0x10KLinkedListNode*Pointer to last KLinkedListNode in node list of KThreads that sync with this object
0x14KTimeableInterruptEventUsed to suspend threads (*this)
0x24KSendableInterruptEventInterrupt event (*this) sent to terminate a thread, except in the case just below
0x2CKSchedulableInterruptEventInterrupt event (*this) scheduled by the IRQ handler when the thread should terminate (*this)
0x34u8Scheduling mask
0x35u8Set to 1 when a thread is woken up from a svcSendSyncRequest call due to the ServerSession endpoint closing down
0x36s8Indicates that the thread shall terminate
0x37u8Indicates there was an error translating the parameters in the command buffer during an IPC call
0x38KDebugThread*Pointer to KDebugThread object used with the current KThread
0x3Cu32Base thread priority
0x40u32Pointer to object the KThread is waiting on- can be a timer, event, session, etc.
0x44ResultStatus for object above
0x48KObjectMutex*Locking kernel mutex
0x4Cu32Arbitration address
0x50KLinkedListNode*Pointer to first KLinkedListNode in node list of objects this thread is waiting on
0x54KLinkedListNode*Pointer to last KLinkedListNode in node list of objects this thread is
0x5CKMutexLinkedList *Set in some very specific circumstances
0x60u32Count of KMutex objects this thread is using
0x64KLinkedListNode*Pointer to first KLinkedListNode in node list of KMutex objects this thread is using
0x68KLinkedListNode*Pointer to last KLinkedListNode in node list of KMutex objects this thread is using
0x6Cs32Dynamic thread priority
0x70s32Processor that created the thread (in the sense of “first ran”) ; processor the thread is running in
0x74KPreemptionTimer *Points to KResourceLimit+0x60, which among other things holds the amount of CPU time available in ticks, or NULL
0x7Cu8Thread is alive
0x7Du8Thread has been terminated
0x7Eu8Thread affinity mask - set differently depending on whether the thread is created via svc call or from inside the kernel
0x80KProcess*Process the thread belongs to (virtual address)
0x84u32Thread id
0x88u32*Ptr to svc mode register storage for KThread inside the thread context.
0x8Cu32*End-address of the page for this thread context allocated in the 0xFF4XX000 region. Thus, if the beginning of this mapped page is 0xFF401000, this ptr would be 0xFF402000. Thread context page - used for thread svc stack, preserving svc mode registers and VFP exception register for thread.
0x90s32Ideal processor (processorid value from svcCreateThread)
0x94void*Ptr to Thread Local Storage
0x98void*Ptr to Thread Local Storage in FCRAM via kernel vmem
0xA0KThreadLinkedListNodePrevious and next scheduled threads
0xA8KThreadLinkedList *Pointer to linked list of scheduled threads that has stolen it, or 0 if in normal list
0xACs32Priority to restore after sleep if suspended, otherwise -1

With the following declarations: struct KThreadLinkedList { KThread *first, *last; }; and struct KThreadLinkedListNode { KThread *prev, *next; };.

KTimeableInterruptEvent

Kernel Interrupt Events

class KTimeableInterruptEvent extends KSynchronizationInterruptEvent

Size : 0x10 bytes

Abstract class used as base for KThread, KTimer, and the dummy subclass of the attribute at offset 0x10 of KTimerAndWDTManager. Instances of these classes are kept track of by the KTimerAndWDTManager.

As of 11.3.0-36, a second virtual method was added to decide whether to remove an object from the list of objects tracked by the KTimerAndWDTManager instance, see changelog.

OffsetTypeDescription
0x0void **Pointer to vtable
0x4KSynchronizationInterruptEvent *Next interrupt event (associated with the current one). The linked list represented by this attribute can contain cycles. For KThread instances, this is usually a KTimer, and vice-versa
0x8s64Desired time point (relative to the CPU power-on) in CPU ticks for KTimerAndWDTManager when it’s handling its list of KTimeableInterruptEvent instances

Category:Kernel interrupt events

KTimer

Kernel Synchronization Objects, Kernel Interrupt Events

class KTimer extends KSynchronizationObject and KTimeableInterruptEvent;

Size : 0x3C bytes

OffsetTypeDescription
0x0u32Pointer to vtable
0x4u32Reference count
0x8u32Count of KThreads that sync with this object - number of nodes in the linked list below
0xCKLinkedListNode*Pointer to first KLinkedListNode in node list of KThreads that sync with this object
0x10KLinkedListNode*Pointer to last KLinkedListNode in node list of KThreads that sync with this object
0x14KTimeableInterruptEventInterrupt event (*this) to be used with KTimerAndWDTManager holding its desired time point (relative to the CPU power-on) in CPU ticks (when handling its list of KTimableInterruptEvent instances). Gets incremented at each interval
0x24u8Timer is signaled
0x25u8Timer reset type (one shot, sticky, pulse)
0x26u16Starting from 11.3.0-36: set to 0 prior to removing the timer from the KTimerAndWDTManager queue, set to 1 just after that.
0x28s64Interval in nanoseconds
0x30s64Current value in nanoseconds: current system uptime + user-specified time offset, updated at each interval
0x38KProcess*Owner

Negative intervals and time offsets are considered null.

KTimerAndWDTManager

Kernel Interrupt Events

class KTimerAndWDTManager extends KSchedulableInterruptEvent

Size : 0x28 bytes

This is the interrupt event object associated with SGIs #29 and #30 (timer and watchdog timer interrupts). It keeps tracks of the system uptime and manages KTimeableInterruptEvent instances.

The interrupt handler of this object updates its counter attributes and returns 0 if it was called with interuptID = 31 (or any invalid interruptID value) (Watchdog timer underflow), otherwise it does nothing and returns the object itself (timer interrupt).

KTLBOperationsInterruptEvent

Kernel Interrupt Events

class KTLBOperationsInterruptEvent extends KBaseInterruptEvent

There is one instance of this object per core.

Size : 0x10 bytes

OffsetTypeDescription
0x0void **Pointer to vtable
0x4KProcessHwInfo*Context info (for operation 1)
0x8void *Virtual address (for operation 2)
0xCu32Current operation

Possible operations (any other value leads to a kernel panic):

OperationDescription
0No operation (when an operation is completed, the interrupt handler sets this value)
1Invalidate unified TLB entries on context ID match
2Invalidate entire unified TLB
3Invalidate unified TLB entries on VA match
4Reset context: sets the context ID to 0 and TTB0 to

Category:Kernel interrupt events

KUserBindableInterruptEvent

Kernel Interrupt Events

class KUserBindableInterruptEvent extends KSchedulableInterruptEvent

Size : 0xC bytes

Abstract class which is a base class for KEvent and KSemaphore, to be used with svcBindInterrupt.

Semaphores cannot be bound to level high (“rising edge”) active interrupts.

For public interrupts (i.e. anything else than SGI #15 in this case), svcBindInterrupt sets the flag that indicates that the interrupt shall be disabled after each time the interrupt is received.

The second virtual function reenables the interrupt (using the interrupt ID) and signals the object (as synchronization object). In the case of KSemaphore this also increments the semaphore’s count.