From 682effd0dd2b5a2d83f2d49f20821765e4787162 Mon Sep 17 00:00:00 2001
From: Lucas Fryzek <lucas.fryzek@fryzekconcepts.com>
Date: Sat, 10 Aug 2024 23:04:15 +0100
Subject: drv: Add more buffers captured from blob driver

---
 src/drv.c | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 114 insertions(+), 3 deletions(-)

(limited to 'src/drv.c')

diff --git a/src/drv.c b/src/drv.c
index 8a446ee..734eba5 100644
--- a/src/drv.c
+++ b/src/drv.c
@@ -26,6 +26,10 @@
 #include <pvr_bridge.h>
 #include <sgx_bridge.h>
 #include <pvr_drm_shared.h>
+#include <sgxconfig.h>
+#include <sgx_mkif_km.h>
+#include <sgx_options.h>
+#include <sgxapi_km.h>
 
 #define DRM_IOCTL_PVR_SRVKM DRM_IOWR(PVR_DRM_SRVKM_CMD, PVRSRV_BRIDGE_PACKAGE)
 
@@ -41,6 +45,13 @@ struct CCBEntry *ccb_entry = (struct CCBEntry *)ccb_buffer;
 #include "pds_pixel_code_data.h"
 uint32_t *pds_pcd = (uint32_t *)pds_pixel_code_data;
 
+#include "pixel_shader.h"
+
+#include "kernel_data_4.h"
+uint32_t *kernel_data_4_buf = (uint32_t*)kernel_data_4;
+
+#include "perctx_3d_2.h"
+
 #define UNUSED(x) (void)x
 
 struct mem_alloc {
@@ -60,12 +71,21 @@ struct driver_state {
     PVRSRV_HEAP_INFO perctx_3d_heap;
     PVRSRV_HEAP_INFO ta_data_heap;
     PVRSRV_HEAP_INFO pds_pixel_code_data_heap;
+    PVRSRV_HEAP_INFO pixel_shader_heap;
+    PVRSRV_HEAP_INFO general_heap;
     struct mem_alloc ccb_buffer;
     struct mem_alloc kernel_buffer_2;
     struct mem_alloc kernel_buffer_3;
     struct mem_alloc perctx_3d_buffer;
     struct mem_alloc ta_data_buffer;
     struct mem_alloc pds_pixel_code_data_0;
+    struct mem_alloc pixel_shader_buffer;
+    struct mem_alloc disp_buffer;
+
+    struct mem_alloc kernel_buffer_4;
+    struct mem_alloc ta_data_buffer_2;
+    struct mem_alloc ta_data_buffer_3;
+    struct mem_alloc perctx_3d_buffer_2;
 
     IMG_HANDLE hw_render_ctx;
     IMG_DEV_VIRTADDR hw_render_ctx_addr;
@@ -309,6 +329,14 @@ static void get_dev_mem_heapinfo(struct driver_state *state) {
         if (out.sHeapInfo[i].ui32HeapID == HEAP_ID( PVRSRV_DEVICE_TYPE_SGX, SGX_PDSPIXEL_CODEDATA_HEAP_ID)) {
             state->pds_pixel_code_data_heap = out.sHeapInfo[i];
         }
+
+        if (out.sHeapInfo[i].ui32HeapID == HEAP_ID( PVRSRV_DEVICE_TYPE_SGX, SGX_PIXELSHADER_HEAP_ID)) {
+            state->pixel_shader_heap = out.sHeapInfo[i];
+        }
+
+        if (out.sHeapInfo[i].ui32HeapID == HEAP_ID( PVRSRV_DEVICE_TYPE_SGX, SGX_GENERAL_HEAP_ID)) {
+            state->general_heap = out.sHeapInfo[i];
+        }
     }
 
     assert(state->kernel_heap.ui32HeapID != 0);
@@ -421,6 +449,60 @@ static void allocate_memory(struct driver_state *state) {
          .uAlignment = 0x8000,
      };
      state->pds_pixel_code_data_0 = allocate_memobj(state, &alloc_pds_pixel_code_data_0);
+
+     PVRSRV_BRIDGE_IN_ALLOCDEVICEMEM alloc_pixel_shader = {
+         .hDevCookie = state->dev_cookie,
+         .hDevMemHeap = state->pixel_shader_heap.hDevMemHeap,
+         .ui32Attribs = PVRSRV_MEM_READ | PVRSRV_MEM_NO_SYNCOBJ,
+         .uSize = 0x8000,
+         .uAlignment = 0x8000,
+     };
+     state->pixel_shader_buffer = allocate_memobj(state, &alloc_pixel_shader);
+
+     PVRSRV_BRIDGE_IN_ALLOCDEVICEMEM alloc_disp = {
+         .hDevCookie = state->dev_cookie,
+         .hDevMemHeap = state->general_heap.hDevMemHeap,
+         .ui32Attribs = PVRSRV_MEM_READ | PVRSRV_MEM_WRITE | PVRSRV_MEM_NO_SYNCOBJ,
+         .uSize = 0x40000,
+         .uAlignment = 0x8000,
+     };
+     state->disp_buffer = allocate_memobj(state, &alloc_disp);
+
+     PVRSRV_BRIDGE_IN_ALLOCDEVICEMEM alloc_kernel_buffer_4 = {
+         .hDevCookie = state->dev_cookie,
+         .hDevMemHeap = state->kernel_heap.hDevMemHeap,
+         .ui32Attribs = PVRSRV_MEM_READ | PVRSRV_MEM_WRITE | PVRSRV_MEM_CACHE_CONSISTENT | PVRSRV_MEM_NO_SYNCOBJ,
+         .uSize = 0x424,
+         .uAlignment = 0x20,
+     };
+     state->kernel_buffer_4 = allocate_memobj(state, &alloc_kernel_buffer_4);
+
+     PVRSRV_BRIDGE_IN_ALLOCDEVICEMEM alloc_ta_data_buffer_2 = {
+         .hDevCookie = state->dev_cookie,
+         .hDevMemHeap = state->ta_data_heap.hDevMemHeap,
+         .ui32Attribs = PVRSRV_MEM_READ | PVRSRV_MEM_WRITE | PVRSRV_MEM_NO_SYNCOBJ,
+         .uSize = 0xc00,
+         .uAlignment = 0x40,
+     };
+     state->ta_data_buffer_2 = allocate_memobj(state, &alloc_ta_data_buffer_2);
+
+     PVRSRV_BRIDGE_IN_ALLOCDEVICEMEM alloc_ta_data_buffer_3 = {
+         .hDevCookie = state->dev_cookie,
+         .hDevMemHeap = state->ta_data_heap.hDevMemHeap,
+         .ui32Attribs = PVRSRV_MEM_READ | PVRSRV_MEM_WRITE | PVRSRV_MEM_NO_SYNCOBJ,
+         .uSize = 0xc00,
+         .uAlignment = 0x40,
+     };
+     state->ta_data_buffer_3 = allocate_memobj(state, &alloc_ta_data_buffer_3);
+
+     PVRSRV_BRIDGE_IN_ALLOCDEVICEMEM alloc_perctx_3d_buffer_2 = {
+         .hDevCookie = state->dev_cookie,
+         .hDevMemHeap = state->perctx_3d_heap.hDevMemHeap,
+         .ui32Attribs = PVRSRV_MEM_READ | PVRSRV_MEM_WRITE | PVRSRV_MEM_NO_SYNCOBJ | PVRSRV_MEM_EDM_PROTECT,
+         .uSize = 0x200,
+         .uAlignment = 0x1000,
+     };
+     state->perctx_3d_buffer_2 = allocate_memobj(state, &alloc_perctx_3d_buffer_2);
 }
 
 static void register_hw_render_ctx(struct driver_state *state) {
@@ -473,6 +555,10 @@ static void register_hw_render_ctx(struct driver_state *state) {
 }
 
 void patch_memory(struct driver_state *state) {
+    memcpy(state->pixel_shader_buffer.data,
+           pixel_shader,
+           state->pixel_shader_buffer.dev_mem.sClientMemInfo.uAllocSize);
+
     /* Patch PDS Pixel Code Data 0 buffer */
     /* I think Pixel Shader address is encoded like so
      * ((num & 0xf0) << 4)     |
@@ -483,7 +569,34 @@ void patch_memory(struct driver_state *state) {
      * This was determined by experimentation to see where each bit ends up
      * in the PDS buffer after modifying the address returned by the driver
      */
-    //pds_pcd[0] = ;
+    uint32_t dev_addr = state->pixel_shader_buffer.dev_mem.sClientMemInfo.sDevVAddr.uiAddr;
+    dev_addr = ((dev_addr & 0x07ff0) <<  4) |
+               ((dev_addr & 0x78000) >> 11) |
+               ((dev_addr & 0x80000) >> 19);
+    pds_pcd[0] = dev_addr;
+    pds_pcd[16] = dev_addr + 0x100100;
+    /* Offset 22 appears to be the render buffer address */
+    pds_pcd[22] = state->disp_buffer.dev_mem.sClientMemInfo.sDevVAddr.uiAddr;
+    pds_pcd[32] = dev_addr + 0x080300;
+    pds_pcd[40] = dev_addr + 0x000500;
+    memcpy(state->pds_pixel_code_data_0.data,
+           pds_pcd,
+           state->pds_pixel_code_data_0.dev_mem.sClientMemInfo.uAllocSize);
+
+    memcpy(state->perctx_3d_buffer_2.data,
+           perctx_3d_2,
+           state->perctx_3d_buffer_2.dev_mem.sClientMemInfo.uAllocSize);
+
+    /* Modifiy kernel buffer 4 */
+    /* This buffer is just zeroed out data */
+    kernel_data_4_buf[6] = state->ta_data_buffer_2.dev_mem.sClientMemInfo.sDevVAddr.uiAddr;
+    kernel_data_4_buf[10] = state->ta_data_buffer_3.dev_mem.sClientMemInfo.sDevVAddr.uiAddr;
+    /* This address is encoded a little differently */
+    kernel_data_4_buf[18] = 0x02000000 |
+        (state->perctx_3d_buffer_2.dev_mem.sClientMemInfo.sDevVAddr.uiAddr - SGX_PERCONTEXT_3DPARAMETERS_HEAP_BASE);
+
+    /* TODO need to figure out what buffer this is */
+    //kernel_data_4_buf[22] = ;
 
     uint32_t modified_pds_addr =
         ((state->pds_pixel_code_data_0.dev_mem.sClientMemInfo.sDevVAddr.uiAddr & 0xffff) >> 8);
@@ -495,10 +608,8 @@ void patch_memory(struct driver_state *state) {
     ccb_entry->dev_addr_0.uiAddr =
         state->kernel_buffer_3.dev_mem.sClientMemInfo.sDevVAddr.uiAddr;
 
-#if 0
     ccb_entry->dev_addr_2.uiAddr =
         state->kernel_buffer_4.dev_mem.sClientMemInfo.sDevVAddr.uiAddr;
-#endif
 }
 
 int main(int argc, char *argv[]) {
-- 
cgit