Bump wiiu-env/devkitppc from 20240423 to 20240505

Bumps wiiu-env/devkitppc from 20240423 to 20240505.

---
updated-dependencies:
- dependency-name: wiiu-env/devkitppc
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/ci.yml

@@ -3,21 +3,21 @@ name: CI-Release
 on:
   push:
     branches:
-      - master
+      - main
     
 jobs:
   clang-format:
     runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: clang-format
       run: |
-        docker run --rm -v ${PWD}:/src  wiiuenv/clang-format:13.0.0-2 -r ./source
+        docker run --rm -v ${PWD}:/src ghcr.io/wiiu-env/clang-format:13.0.0-2 -r ./source
   build-binary:
     runs-on: ubuntu-22.04
     needs: clang-format
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: create version.h
       run: |
         git_hash=$(git rev-parse --short "$GITHUB_SHA")
@@ -42,32 +42,18 @@ jobs:
       run: |
         echo REPOSITORY_NAME=$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}' | sed -e "s/:refs//") >> $GITHUB_ENV
         echo DATETIME=$(echo $(date '+%Y%m%d-%H%M%S')) >> $GITHUB_ENV
-        echo COMMIT_MESSAGES=$(echo "${{join(github.event.commits.*.message, '||END||') }}" |  sed -e 's/||END||/\r\n/g') >> $GITHUB_ENV
     - uses: actions/download-artifact@master
       with:
         name: binary
     - name: zip artifact
       run: zip -r ${{ env.REPOSITORY_NAME }}_${{ env.DATETIME }}.zip *.wms
     - name: Create Release
-      id: create_release
-      uses: actions/create-release@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      uses: "softprops/action-gh-release@v2"
       with:
         tag_name: ${{ env.REPOSITORY_NAME }}-${{ env.DATETIME }}
-        release_name: Nightly-${{ env.REPOSITORY_NAME }}-${{ env.DATETIME }}
-        draft: false
+        draft: falsee
         prerelease: true
-        body: |
-           Not a stable release:
-           ${{ env.COMMIT_MESSAGES }}
-    - name: Upload Release Asset
-      id: upload-release-asset 
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps 
-        asset_path: ./${{ env.REPOSITORY_NAME }}_${{ env.DATETIME }}.zip
-        asset_name: ${{ env.REPOSITORY_NAME }}_${{ env.DATETIME }}.zip
-        asset_content_type: application/zip
+        generate_release_notes: true
+        name: Nightly-${{ env.REPOSITORY_NAME }}-${{ env.DATETIME }}
+        files: |
+          ./${{ env.REPOSITORY_NAME }}_${{ env.DATETIME }}.zip

.github/workflows/pr.yml

@@ -6,15 +6,15 @@ jobs:
   clang-format:
     runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: clang-format
       run: |
-        docker run --rm -v ${PWD}:/src  wiiuenv/clang-format:13.0.0-2 -r ./source
+        docker run --rm -v ${PWD}:/src ghcr.io/wiiu-env/clang-format:13.0.0-2 -r ./source
   check-build-with-logging:
     runs-on: ubuntu-22.04
     needs: clang-format
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: build binary with logging
         run: |
           docker build . -t builder
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-22.04
     needs: clang-format
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: create version.h
       run: |
         git_hash=$(git rev-parse --short "${{ github.event.pull_request.head.sha }}")

.gitignore

@@ -8,3 +8,4 @@ build/
 cmake-build-debug/
 CMakeLists.txt
 *.wms
+*.zip

Dockerfile

@@ -1,7 +1,7 @@
-FROM wiiuenv/devkitppc:20220806
+FROM ghcr.io/wiiu-env/devkitppc:20240505
 
-COPY --from=wiiuenv/libkernel:20220904 /artifacts $DEVKITPRO
-COPY --from=wiiuenv/libfunctionpatcher:20220904 /artifacts $DEVKITPRO
-COPY --from=wiiuenv/wiiumodulesystem:20220904 /artifacts $DEVKITPRO
+COPY --from=ghcr.io/wiiu-env/libkernel:20230621 /artifacts $DEVKITPRO
+COPY --from=ghcr.io/wiiu-env/libfunctionpatcher:20230621 /artifacts $DEVKITPRO
+COPY --from=ghcr.io/wiiu-env/wiiumodulesystem:20240424 /artifacts $DEVKITPRO
 
 WORKDIR project

Makefile

@@ -36,7 +36,7 @@ CFLAGS	+=	$(INCLUDE) -D__WIIU__ -D__WUT__
 CXXFLAGS	:= $(CFLAGS) -std=c++17 -fno-exceptions -fno-rtti
 
 ASFLAGS	:=	-g $(ARCH)
-LDFLAGS	=	-g $(ARCH) $(RPXSPECS) -Wl,-Map,$(notdir $*.map) -T$(WUMS_ROOT)/share/libkernel.ld -T$(WUMS_ROOT)/share/libfunctionpatcher.ld $(WUMSSPECS)
+LDFLAGS	=	-g $(ARCH) $(RPXSPECS) -Wl,-Map,$(notdir $*.map) -T$(WUMS_ROOT)/share/libkernel.ld -Tfunctionpatcher.ld $(WUMSSPECS)
 
 ifeq ($(DEBUG),1)
 CXXFLAGS += -DDEBUG -g
@@ -74,6 +74,7 @@ export DEPSDIR	:=	$(CURDIR)/$(BUILD)
 CFILES		:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
 CPPFILES	:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
 SFILES		:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
+DEFFILES	:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.def)))
 BINFILES	:=	$(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
 
 #-------------------------------------------------------------------------------
@@ -91,7 +92,7 @@ endif
 #-------------------------------------------------------------------------------
 
 export OFILES_BIN	:=	$(addsuffix .o,$(BINFILES))
-export OFILES_SRC	:=	$(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
+export OFILES_SRC	:=	$(DEFFILES:.def=.o) $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
 export OFILES 	:=	$(OFILES_BIN) $(OFILES_SRC)
 export HFILES_BIN	:=	$(addsuffix .h,$(subst .,_,$(BINFILES)))
 
@@ -138,7 +139,11 @@ $(OFILES_SRC)	: $(HFILES_BIN)
 #-------------------------------------------------------------------------------
 	@echo $(notdir $<)
 	@$(bin2o)
-
+#---------------------------------------------------------------------------------
+%.o: %.def
+	$(SILENTMSG) $(notdir $<)
+	$(SILENTCMD)rplimportgen $< $*.s $*.ld $(ERROR_FILTER)
+	$(SILENTCMD)$(CC) -x assembler-with-cpp $(ASFLAGS) -c $*.s -o $@ $(ERROR_FILTER)
 #---------------------------------------------------------------------------------
 %.o: %.s
 	@echo $(notdir $<)

README.md

@@ -29,4 +29,4 @@ docker run -it --rm -v ${PWD}:/project memorymappingmodule-builder make clean
 ```
 
 ## Format the code via docker
-`docker run --rm -it  -v ${PWD}:/src  wiiuenv/clang-format:13.0.0-2 -r ./source  -i`
+`docker run --rm -it  -v ${PWD}:/src ghcr.io/wiiu-env/clang-format:13.0.0-2 -r ./source  -i`

source/CThread.h

@@ -16,8 +16,10 @@
  ****************************************************************************/
 #pragma once
 
+#include "globals.h"
 #include <coreinit/thread.h>
 #include <cstdint>
+#include <cstring>
 #include <malloc.h>
 #include <unistd.h>
 
@@ -26,14 +28,15 @@ public:
     typedef void (*Callback)(CThread *thread, void *arg);
 
     //! constructor
-    explicit CThread(int32_t iAttr, int32_t iPriority = 16, int32_t iStackSize = 0x8000, CThread::Callback callback = nullptr, void *callbackArg = nullptr)
+    explicit CThread(int32_t iAttr, int32_t iPriority = 16, int32_t stacksize = 0x8000, CThread::Callback callback = nullptr, void *callbackArg = nullptr)
         : pThread(nullptr), pThreadStack(nullptr), pCallback(callback), pCallbackArg(callbackArg) {
         //! save attribute assignment
         iAttributes = iAttr;
-        //! allocate the thread
-        pThread = (OSThread *) memalign(8, 0x1000);
-        //! allocate the stack
-        pThreadStack = (uint8_t *) memalign(0x20, iStackSize);
+        iStackSize  = stacksize;
+        //! allocate the thread on the default Cafe OS heap
+        pThread = (OSThread *) gMEMAllocFromDefaultHeapExForThreads(sizeof(OSThread), 0x10);
+        //! allocate the stack on the default Cafe OS heap
+        pThreadStack = (uint8_t *) gMEMAllocFromDefaultHeapExForThreads(iStackSize, 0x20);
         //! create the thread
         if (pThread && pThreadStack) {
             // clang-format off
@@ -71,7 +74,9 @@ public:
     //! Resume thread
     virtual void resumeThread() {
         if (!isThreadSuspended()) return;
-        if (pThread) OSResumeThread(pThread);
+        if (pThread) {
+            OSResumeThread(pThread);
+        }
     }
 
     //! Set thread priority
@@ -111,12 +116,16 @@ public:
             }
             OSJoinThread(pThread, nullptr);
         }
+        // Some games (e.g. Minecraft) expect the default heap to be empty.
+        // Make sure to clean up the memory after using it
         //! free the thread stack buffer
         if (pThreadStack) {
-            free(pThreadStack);
+            memset(pThreadStack, 0, iStackSize);
+            gMEMFreeToDefaultHeapForThreads(pThreadStack);
         }
         if (pThread) {
-            free(pThread);
+            memset(pThread, 0, sizeof(OSThread));
+            gMEMFreeToDefaultHeapForThreads(pThread);
         }
         pThread      = nullptr;
         pThreadStack = nullptr;
@@ -139,6 +148,7 @@ private:
         return 0;
     }
 
+    uint32_t iStackSize;
     int32_t iAttributes;
     OSThread *pThread;
     uint8_t *pThreadStack;

source/function_replacements.cpp

@@ -10,6 +10,23 @@ DECL_FUNCTION(uint32_t, KiEffectiveToPhysical, uint32_t addressSpace, uint32_t v
     return result;
 }
 
+
+DECL_FUNCTION(int32_t, KiValidateUserDataRange, uint32_t address, uint32_t size) {
+    if ((address >= 0x00800000 && address < 0x01000000) || (address & 0xF0000000) == (MEMORY_START_BASE & 0xF0000000)) {
+        return 1;
+    }
+
+    return real_KiValidateUserDataRange(address, size);
+}
+
+DECL_FUNCTION(int32_t, KiValidateUserCodeRange, uint32_t address, uint32_t size) {
+    if ((address >= 0x00800000 && address < 0x01000000) || (address & 0xF0000000) == (MEMORY_START_BASE & 0xF0000000)) {
+        return 1;
+    }
+
+    return real_KiValidateUserCodeRange(address, size);
+}
+
 DECL_FUNCTION(int32_t, sCheckDataRange, uint32_t address, uint32_t maxDataSize) {
     if ((address >= 0x00800000 && address < 0x01000000) || (address & 0xF0000000) == (MEMORY_START_BASE & 0xF0000000)) {
         return 1;
@@ -56,17 +73,22 @@ DECL_FUNCTION(uint32_t, KiIsEffectiveRangeValid, uint32_t addressSpace, uint32_t
 // clang-format on
 
 DECL_FUNCTION(uint32_t, KiGetOrPutUserData, void *src, uint32_t size, void *dst, bool isRead) {
-    //
-    if (isRead && MemoryMapping_EffectiveToPhysical((uint32_t) src) > 0) {
-        k_memcpy(dst, src, size);
-        return 1;
-    } else if (!isRead && MemoryMapping_EffectiveToPhysical((uint32_t) dst) > 0) {
-        // src and dst are swapped here
-        k_memcpy(src, dst, size);
+    if (real_KiGetOrPutUserData(src, size, dst, isRead)) {
         return 1;
     }
 
-    return real_KiGetOrPutUserData(src, size, dst, isRead);
+    // check if the src (src is the destication for writes) buffer is valid
+    if (MemoryMapping_EffectiveToPhysical((uint32_t) src) == 0) {
+        return 0;
+    }
+
+    if (isRead) {
+        k_memcpy(dst, src, size);
+    } else if (!isRead && MemoryMapping_EffectiveToPhysical((uint32_t) src) > 0) {
+        // src and dst are swapped here
+        k_memcpy(src, dst, size);
+    }
+    return 1;
 }
 
 DECL_FUNCTION(MEMHeapHandle, MEMFindContainHeap, void *block) {
@@ -101,6 +123,8 @@ function_replacement_data_t function_replacements[] __attribute__((section(".dat
         REPLACE_FUNCTION_VIA_ADDRESS(KiPhysicalToEffectiveUncached,         0xffee0a80, 0xffee0a80),
         REPLACE_FUNCTION_VIA_ADDRESS(KiIsEffectiveRangeValid,               0xffee0d6c, 0xffee0d6c),
         REPLACE_FUNCTION_VIA_ADDRESS(IPCKDriver_ValidatePhysicalAddress,    0xfff0cb5c, 0xfff0cb5c),
+        REPLACE_FUNCTION_VIA_ADDRESS(KiValidateUserDataRange,               0xffee10cc, 0xffee10cc),
+        REPLACE_FUNCTION_VIA_ADDRESS(KiValidateUserCodeRange,               0xffee1074, 0xffee1074),
         REPLACE_FUNCTION_VIA_ADDRESS(KiGetOrPutUserData,                    0xffee0794, 0xffee0794),
         REPLACE_FUNCTION(MEMFindContainHeap,                                LIBRARY_COREINIT, MEMFindContainHeap),
 };

source/functionpatcher.def

@@ -0,0 +1,4 @@
+:NAME homebrew_functionpatcher
+
+:TEXT
+FPAddFunctionPatch

source/globals.c

@@ -0,0 +1,4 @@
+#include "globals.h"
+
+void *(*gMEMAllocFromDefaultHeapExForThreads)(uint32_t size, int align);
+void (*gMEMFreeToDefaultHeapForThreads)(void *ptr);

source/globals.h

@@ -0,0 +1,5 @@
+#pragma once
+#include <stdint.h>
+
+extern void *(*gMEMAllocFromDefaultHeapExForThreads)(uint32_t size, int align);
+extern void (*gMEMFreeToDefaultHeapForThreads)(void *ptr);

source/main.cpp

@@ -1,4 +1,6 @@
 #include "function_replacements.h"
+#include "globals.h"
+#include "logger.h"
 #include "memory_mapping.h"
 #include "version.h"
 #include <coreinit/debug.h>
@@ -8,11 +10,42 @@
 #include "logger.h"
 #endif
 
-#define VERSION "v0.2"
+#define VERSION "v0.2.6"
 
 WUMS_MODULE_EXPORT_NAME("homebrew_memorymapping");
 WUMS_MODULE_SKIP_INIT_FINI();
 WUMS_MODULE_INIT_BEFORE_RELOCATION_DONE_HOOK();
+WUMS_DEPENDS_ON(homebrew_kernel);
+WUMS_DEPENDS_ON(homebrew_functionpatcher);
+
+#include <coreinit/dynload.h>
+#include <coreinit/memdefaultheap.h>
+
+// We can't use the functions from libfunctionpatcher. Defined in functionpatcher.def
+extern "C" FunctionPatcherStatus FPAddFunctionPatch(function_replacement_data_t *function_data, PatchedFunctionHandle *outHandle, bool *outHasBeenPatched);
+
+void UpdateFunctionPointer() {
+    // We need the real MEMAllocFromDefaultHeapEx/MEMFreeToDefaultHeap function pointer to force-allocate memory on the default heap.
+    // Our custom heap doesn't work (yet) for threads and causes an app panic.
+    OSDynLoad_Module coreinitModule;
+    if (OSDynLoad_Acquire("coreinit", &coreinitModule) != OS_DYNLOAD_OK) {
+        DEBUG_FUNCTION_LINE_ERR("Failed to acquire coreinit.rpl");
+        OSFatal("FunctionPatcherModule: Failed to acquire coreinit.rpl");
+    }
+    /* Memory allocation functions */
+    uint32_t *allocPtr, *freePtr;
+    if (OSDynLoad_FindExport(coreinitModule, OS_DYNLOAD_EXPORT_DATA, "MEMAllocFromDefaultHeapEx", reinterpret_cast<void **>(&allocPtr)) != OS_DYNLOAD_OK) {
+        DEBUG_FUNCTION_LINE_ERR("OSDynLoad_FindExport for MEMAllocFromDefaultHeapEx");
+        OSFatal("MemoryMappingModule: OSDynLoad_FindExport for MEMAllocFromDefaultHeapEx");
+    }
+    if (OSDynLoad_FindExport(coreinitModule, OS_DYNLOAD_EXPORT_DATA, "MEMFreeToDefaultHeap", reinterpret_cast<void **>(&freePtr)) != OS_DYNLOAD_OK) {
+        DEBUG_FUNCTION_LINE_ERR("OSDynLoad_FindExport for MEMFreeToDefaultHeap");
+        OSFatal("MemoryMappingModule: OSDynLoad_FindExport for MEMFreeToDefaultHeap");
+    }
+
+    gMEMAllocFromDefaultHeapExForThreads = (void *(*) (uint32_t, int) ) * allocPtr;
+    gMEMFreeToDefaultHeapForThreads      = (void (*)(void *)) * freePtr;
+}
 
 WUMS_INITIALIZE(args) {
     static uint8_t ucSetupRequired = 1;
@@ -20,30 +53,55 @@ WUMS_INITIALIZE(args) {
         return;
     }
 
+#ifdef DEBUG
+    initLogging();
+#endif
+
+    UpdateFunctionPointer();
+
     ucSetupRequired = 0;
     MemoryMapping_setupMemoryMapping();
     MemoryMapping_CreateHeaps();
 
+    /* We can not use FunctionPatcher_InitLibrary here because OSDynLoadAcquire is not patched yet.
+    if (FunctionPatcher_InitLibrary() != FUNCTION_PATCHER_RESULT_SUCCESS) {
+        OSFatal("homebrew_memorymapping: FunctionPatcher_InitLibrary failed");
+    }*/
+
     for (uint32_t i = 0; i < function_replacements_size; i++) {
-        if (!FunctionPatcherPatchFunction(&function_replacements[i], nullptr)) {
+        bool wasPatched = false;
+        // We don't need to save the handles because we never restore them anyway.
+        if (FPAddFunctionPatch(&function_replacements[i], nullptr, &wasPatched) != FUNCTION_PATCHER_RESULT_SUCCESS || !wasPatched) {
             OSFatal("homebrew_memorymapping: Failed to patch function");
         }
     }
+
+#ifdef DEBUG
+    deinitLogging();
+#endif
 }
 
-
 WUMS_APPLICATION_STARTS() {
-    OSReport("Running MemoryMappingModule " VERSION VERSION_EXTRA "\n");
 #ifdef DEBUG
     initLogging();
 #endif
+    OSReport("Running MemoryMappingModule " VERSION VERSION_EXTRA "\n");
+
+    MemoryMapping_checkHeaps();
+
+    // Now we can update the pointer with the "real" functions
+    gMEMAllocFromDefaultHeapExForThreads = MEMAllocFromDefaultHeapEx;
+    gMEMFreeToDefaultHeapForThreads      = MEMFreeToDefaultHeap;
 }
 
+
+WUMS_APPLICATION_ENDS() {
+    MemoryMapping_checkHeaps();
 #ifdef DEBUG
-WUMS_APPLICATION_REQUESTS_EXIT() {
     deinitLogging();
-}
 #endif
+}
+
 
 void MemoryMappingFree(void *ptr) {
     //DEBUG_FUNCTION_LINE("[%08X] free", ptr);

source/memory_mapping.cpp

@@ -12,7 +12,7 @@
 
 // #define DEBUG_FUNCTION_LINE(x,...)
 
-OSMutex allocMutex;
+//OSMutex allocMutex;
 
 void runOnAllCores(CThread::Callback callback, void *callbackArg, int32_t iAttr = 0, int32_t iPriority = 16, int32_t iStackSize = 0x8000) {
     int32_t aff[] = {CThread::eAttributeAffCore2, CThread::eAttributeAffCore1, CThread::eAttributeAffCore0};
@@ -23,6 +23,149 @@ void runOnAllCores(CThread::Callback callback, void *callbackArg, int32_t iAttr
     }
 }
 
+void KernelWriteU32(uint32_t addr, uint32_t value) {
+    ICInvalidateRange(&value, 4);
+    DCFlushRange(&value, 4);
+
+    auto dst = (uint32_t) OSEffectiveToPhysical(addr);
+    auto src = (uint32_t) OSEffectiveToPhysical((uint32_t) &value);
+
+    KernelCopyData(dst, src, 4);
+
+    DCFlushRange((void *) addr, 4);
+    ICInvalidateRange((void *) addr, 4);
+}
+
+void KernelWrite(uint32_t addr, const void *data, uint32_t length) {
+    // This is a hacky workaround, but currently it only works this way. ("data" is always on the stack, so maybe a problem with mapping values from the JIT area?)
+    // further testing required.
+    for (uint32_t i = 0; i < length; i += 4) {
+        KernelWriteU32(addr + i, *(uint32_t *) (((uint32_t) data) + i));
+    }
+}
+
+
+/*
+static void SCSetupIBAT4DBAT5() {
+    asm volatile("sync; eieio; isync");
+
+    // Give our and the kernel full execution rights.
+    // 00800000-01000000 => 30800000-31000000 (read/write, user/supervisor)
+    unsigned int ibat4u = 0x008000FF;
+    unsigned int ibat4l = 0x30800012;
+    asm volatile("mtspr 560, %0" :: "r"(ibat4u));
+    asm volatile("mtspr 561, %0" :: "r"(ibat4l));
+
+    // Give our and the kernel full data access rights.
+    // 00800000-01000000 => 30800000-31000000 (read/write, user/supervisor)
+    unsigned int dbat5u = ibat4u;
+    unsigned int dbat5l = ibat4l;
+    asm volatile("mtspr 570, %0" :: "r"(dbat5u));
+    asm volatile("mtspr 571, %0" :: "r"(dbat5l));
+
+    asm volatile("eieio; isync");
+}
+*/
+const uint32_t sSCSetupIBAT4DBAT5Buffer[] = {0x7c0004ac,
+                                             0x7c0006ac,
+                                             0x4c00012c,
+                                             0x3d400080,
+                                             0x614a00ff,
+                                             0x7d508ba6,
+                                             0x3d203080,
+                                             0x61290012,
+                                             0x7d318ba6,
+                                             0x7d5a8ba6,
+                                             0x7d3b8ba6,
+                                             0x7c0006ac,
+                                             0x4c00012c,
+                                             0x4e800020};
+
+#define TARGET_ADDRESS_EXECUTABLE_MEM 0x017FF000
+#define SCSetupIBAT4DBAT5_ADDRESS     TARGET_ADDRESS_EXECUTABLE_MEM
+
+const uint32_t sSC0x51Buffer[] = {
+        0x7c7082a6,                                        // mfspr r3, 528
+        0x60630003,                                        // ori r3, r3, 0x03
+        0x7c7083a6,                                        // mtspr 528, r3
+        0x7c7282a6,                                        // mfspr r3, 530
+        0x60630003,                                        // ori r3, r3, 0x03
+        0x7c7283a6,                                        // mtspr 530, r3
+        0x7c0006ac,                                        // eieio
+        0x4c00012c,                                        // isync
+        0x3c600000 | (SCSetupIBAT4DBAT5_ADDRESS >> 16),    // lis r3, SCSetupIBAT4DBAT5@h
+        0x60630000 | (SCSetupIBAT4DBAT5_ADDRESS & 0xFFFF), // ori r3, r3, SCSetupIBAT4DBAT5@l
+        0x7c6903a6,                                        // mtctr   r3
+        0x4e800420,                                        // bctr
+};
+
+#define SC0x51Buffer_ADDRESS (SCSetupIBAT4DBAT5_ADDRESS + sizeof(sSCSetupIBAT4DBAT5Buffer))
+#define SC0x51Call_ADDRESS   (SC0x51Buffer_ADDRESS + sizeof(sSC0x51Buffer))
+
+const uint32_t sSC0x51CallBuffer[] = {
+        0x38005100, //li %r0, 0x5100
+        0x44000002, // sc
+        0x4e800020  //blr
+};
+
+void SetupIBAT4DBAT5OnAllCores() {
+    unsigned char backupBuffer[0x74];
+    KernelWrite((uint32_t) backupBuffer, (void *) TARGET_ADDRESS_EXECUTABLE_MEM, sizeof(backupBuffer));
+
+    static_assert(sizeof(backupBuffer) >= (sizeof(sSC0x51Buffer) + sizeof(sSCSetupIBAT4DBAT5Buffer) + sizeof(sSC0x51CallBuffer)), "Not enough memory in backup buffer");
+    static_assert(SCSetupIBAT4DBAT5_ADDRESS >= TARGET_ADDRESS_EXECUTABLE_MEM && SCSetupIBAT4DBAT5_ADDRESS < (TARGET_ADDRESS_EXECUTABLE_MEM + sizeof(backupBuffer)), "buffer in wrong memory region");
+    static_assert(SC0x51Buffer_ADDRESS >= TARGET_ADDRESS_EXECUTABLE_MEM && SC0x51Buffer_ADDRESS < (TARGET_ADDRESS_EXECUTABLE_MEM + sizeof(backupBuffer)), "buffer in wrong memory region");
+    static_assert(SC0x51Call_ADDRESS >= TARGET_ADDRESS_EXECUTABLE_MEM && SC0x51Call_ADDRESS < (TARGET_ADDRESS_EXECUTABLE_MEM + sizeof(backupBuffer)), "buffer in wrong memory region");
+    static_assert(SCSetupIBAT4DBAT5_ADDRESS != SC0x51Buffer_ADDRESS && SCSetupIBAT4DBAT5_ADDRESS != SC0x51Call_ADDRESS && SC0x51Buffer_ADDRESS != SC0x51Call_ADDRESS, "buffer are not different");
+
+    // We need copy the functions to a memory region which is executable on all 3 cores
+    KernelWrite(SCSetupIBAT4DBAT5_ADDRESS, sSCSetupIBAT4DBAT5Buffer, sizeof(sSCSetupIBAT4DBAT5Buffer)); // Set IBAT5 and DBAT5 to map the memory region
+    KernelWrite(SC0x51Buffer_ADDRESS, sSC0x51Buffer, sizeof(sSC0x51Buffer));                            // Implementation of 0x51 syscall
+    KernelWrite(SC0x51Call_ADDRESS, sSC0x51CallBuffer, sizeof(sSC0x51CallBuffer));                      // Call of 0x51 syscall
+
+    /* set our setup syscall to an unused position */
+    KernelPatchSyscall(0x51, SCSetupIBAT4DBAT5_ADDRESS);
+
+    // We want to run this on all 3 cores.
+    {
+        int32_t aff[] = {CThread::eAttributeAffCore2, CThread::eAttributeAffCore1, CThread::eAttributeAffCore0};
+
+        int iStackSize = 0x200;
+
+        //! allocate the thread and stack on the default Cafe OS heap
+        auto *pThread      = (OSThread *) gMEMAllocFromDefaultHeapExForThreads(sizeof(OSThread), 0x10);
+        auto *pThreadStack = (uint8_t *) gMEMAllocFromDefaultHeapExForThreads(iStackSize, 0x20);
+        //! create the thread
+        if (pThread && pThreadStack) {
+            for (int i : aff) {
+                *pThread = {};
+                memset(pThreadStack, 0, iStackSize);
+                OSCreateThread(pThread, reinterpret_cast<OSThreadEntryPointFn>(SC0x51Call_ADDRESS), 0, nullptr, (void *) (pThreadStack + iStackSize), iStackSize, 16, (OSThreadAttributes) i);
+                OSResumeThread(pThread);
+
+                while (OSIsThreadSuspended(pThread)) {
+                    OSResumeThread(pThread);
+                }
+                OSJoinThread(pThread, nullptr);
+            }
+        }
+
+        //! free the thread stack buffer
+        if (pThreadStack) {
+            memset(pThreadStack, 0, iStackSize);
+            gMEMFreeToDefaultHeapForThreads(pThreadStack);
+        }
+        if (pThread) {
+            memset(pThread, 0, sizeof(OSThread));
+            gMEMFreeToDefaultHeapForThreads(pThread);
+        }
+    }
+
+    /* repair data */
+    KernelWrite(TARGET_ADDRESS_EXECUTABLE_MEM, backupBuffer, sizeof(backupBuffer));
+    DCFlushRange((void *) TARGET_ADDRESS_EXECUTABLE_MEM, sizeof(backupBuffer));
+}
+
 void writeKernelNOPs(CThread *thread, void *arg) {
     DEBUG_FUNCTION_LINE_VERBOSE("Writing kernel NOPs on core %d", OSGetThreadAffinity(OSGetCurrentThread()) / 2);
 
@@ -339,6 +482,11 @@ void MemoryMapping_memoryMappingForRegions(const memory_mapping_t *memory_mappin
 }
 
 void MemoryMapping_setupMemoryMapping() {
+    /*
+     * We need to make sure that with have full access to the 0x0080000-0x01000000 region on all 3 cores.
+     */
+    SetupIBAT4DBAT5OnAllCores();
+
     // Override all writes to SR8 with nops.
     // Override some memory region checks inside the kernel
     runOnAllCores(writeKernelNOPs, nullptr);
@@ -346,13 +494,18 @@ void MemoryMapping_setupMemoryMapping() {
     //runOnAllCores(readAndPrintSegmentRegister,nullptr,0,16,0x80000);
 
     sr_table_t srTableCpy;
-    uint32_t pageTableCpy[0x8000];
+
+    uint32_t sizePageTable = sizeof(uint32_t) * 0x8000;
+    auto *pageTableCpy     = (uint32_t *) gMEMAllocFromDefaultHeapExForThreads(sizePageTable, 0x10);
+    if (!pageTableCpy) {
+        OSFatal("MemoryMappingModule: Failed to alloc memory for page table");
+    }
 
     KernelReadSRs(&srTableCpy);
-    KernelReadPTE((uint32_t) pageTableCpy, sizeof(pageTableCpy));
+    KernelReadPTE((uint32_t) pageTableCpy, sizePageTable);
 
     DCFlushRange(&srTableCpy, sizeof(srTableCpy));
-    DCFlushRange(pageTableCpy, sizeof(pageTableCpy));
+    DCFlushRange(pageTableCpy, sizePageTable);
 
     for (int32_t i = 0; i < 16; i++) {
         DEBUG_FUNCTION_LINE_VERBOSE("SR[%d]=%08X", i, srTableCpy.value[i]);
@@ -384,9 +537,9 @@ void MemoryMapping_setupMemoryMapping() {
     //printPageTableTranslation(srTableCpy,pageTableCpy);
 
     DEBUG_FUNCTION_LINE_VERBOSE("Writing PageTable... ");
-    DCFlushRange(pageTableCpy, sizeof(pageTableCpy));
-    KernelWritePTE((uint32_t) pageTableCpy, sizeof(pageTableCpy));
-    DCFlushRange(pageTableCpy, sizeof(pageTableCpy));
+    DCFlushRange(pageTableCpy, sizePageTable);
+    KernelWritePTE((uint32_t) pageTableCpy, sizePageTable);
+    DCFlushRange(pageTableCpy, sizePageTable);
     DEBUG_FUNCTION_LINE_VERBOSE("done");
 
     //printPageTableTranslation(srTableCpy,pageTableCpy);
@@ -399,11 +552,14 @@ void MemoryMapping_setupMemoryMapping() {
     //readTestValuesFromMemory();
 
     //runOnAllCores(writeSegmentRegister,&srTableCpy);
-    OSInitMutex(&allocMutex);
+    // OSInitMutex(&allocMutex);
+
+    memset(pageTableCpy, 0, sizePageTable);
+    gMEMFreeToDefaultHeapForThreads(pageTableCpy);
 }
 
 void *MemoryMapping_allocEx(uint32_t size, int32_t align, bool videoOnly) {
-    OSLockMutex(&allocMutex);
+    //OSLockMutex(&allocMutex);
     void *res = nullptr;
     for (int32_t i = 0; /* waiting for a break */; i++) {
         if (mem_mapping[i].physical_addresses == nullptr) {
@@ -431,10 +587,94 @@ void *MemoryMapping_allocEx(uint32_t size, int32_t align, bool videoOnly) {
         }
     }
     OSMemoryBarrier();
-    OSUnlockMutex(&allocMutex);
+    //OSUnlockMutex(&allocMutex);
     return res;
 }
 
+bool CheckMemExpHeapBlock(MEMExpHeap *heap, MEMExpHeapBlockList *block, uint32_t tag, const char *listName, uint32_t &totalSizeOut) {
+    MEMExpHeapBlock *prevBlock = nullptr;
+    for (auto *cur = block->head; cur != nullptr; cur = cur->next) {
+        if (cur->prev != prevBlock) {
+            DEBUG_FUNCTION_LINE_ERR("[Exp Heap Check] \"%s\" prev is invalid. expected %08X actual %08X", listName, prevBlock, cur->prev);
+            return false;
+        }
+        if (cur < heap->header.dataStart || cur > heap->header.dataEnd || ((uint32_t) cur + sizeof(MEMExpHeapBlock) + cur->blockSize) > (uint32_t) heap->header.dataEnd) {
+            DEBUG_FUNCTION_LINE_ERR("[Exp Heap Check] Block is not inside heap. block: %08X size %d; heap start %08X heap end %08X", cur, sizeof(MEMExpHeapBlock) + cur->blockSize, heap->header.dataStart, heap->header.dataEnd);
+            return false;
+        }
+        if (cur->tag != tag) {
+            DEBUG_FUNCTION_LINE_ERR("[Exp Heap Check] Invalid block tag expected %04X, actual %04X", tag, cur->tag);
+            return false;
+        }
+
+        totalSizeOut = totalSizeOut + cur->blockSize + (cur->attribs >> 8 & 0x7fffff) + sizeof(MEMExpHeapBlock);
+        prevBlock    = cur;
+    }
+    if (prevBlock != block->tail) {
+        DEBUG_FUNCTION_LINE_ERR("[Exp Heap Check] \"%s\" tail is unexpected! expected %08X, actual %08X", listName, heap->usedList.tail, prevBlock);
+        return false;
+    }
+    return true;
+}
+
+bool CheckMemExpHeapCore(MEMExpHeap *heap) {
+    uint32_t totalSize = 0;
+#pragma GCC diagnostic ignored "-Waddress-of-packed-member"
+    if (!CheckMemExpHeapBlock(heap, &heap->usedList, 0x5544, "used", totalSize)) {
+        return false;
+    }
+
+#pragma GCC diagnostic ignored "-Waddress-of-packed-member"
+    if (!CheckMemExpHeapBlock(heap, &heap->freeList, 0x4652, "free", totalSize)) {
+        return false;
+    }
+
+    if (totalSize != (uint32_t) heap->header.dataEnd - (uint32_t) heap->header.dataStart) {
+        DEBUG_FUNCTION_LINE_ERR("[Exp Heap Check] heap size is unexpected! expected %08X, actual %08X", (uint32_t) heap->header.dataEnd - (uint32_t) heap->header.dataStart, totalSize);
+        return false;
+    }
+    return true;
+}
+
+bool CheckMemExpHeap(MEMExpHeap *heap) {
+    OSMemoryBarrier();
+    if (heap->header.tag != MEM_EXPANDED_HEAP_TAG) {
+        DEBUG_FUNCTION_LINE_ERR("[Exp Heap Check] Invalid heap handle. - %08X", heap->header.tag);
+        return false;
+    }
+
+    if (heap->header.flags & MEM_HEAP_FLAG_USE_LOCK) {
+#pragma GCC diagnostic ignored "-Waddress-of-packed-member"
+        OSUninterruptibleSpinLock_Acquire(&(heap->header).lock);
+    }
+
+    auto result = CheckMemExpHeapCore(heap);
+
+    if (heap->header.flags & MEM_HEAP_FLAG_USE_LOCK) {
+#pragma GCC diagnostic ignored "-Waddress-of-packed-member"
+        OSUninterruptibleSpinLock_Release(&(heap->header).lock);
+    }
+
+    return result;
+}
+
+void MemoryMapping_checkHeaps() {
+    //OSLockMutex(&allocMutex);
+    for (int32_t i = 0; /* waiting for a break */; i++) {
+        if (mem_mapping[i].physical_addresses == nullptr) {
+            break;
+        }
+        auto heapHandle = (MEMHeapHandle) mem_mapping[i].effective_start_address;
+        if (!CheckMemExpHeap(reinterpret_cast<MEMExpHeap *>(heapHandle))) {
+            DEBUG_FUNCTION_LINE_ERR("MemoryMapping heap %08X (index %d) is corrupted.", heapHandle, i);
+#ifdef DEBUG
+            OSFatal("MemoryMappingModule: Heap is corrupted");
+#endif
+        }
+    }
+    //OSUnlockMutex(&allocMutex);
+}
+
 void *MemoryMapping_alloc(uint32_t size, int32_t align) {
     return MemoryMapping_allocEx(size, align, false);
 }
@@ -470,7 +710,7 @@ void MemoryMapping_free(void *ptr) {
     if (ptr == nullptr) {
         return;
     }
-    OSLockMutex(&allocMutex);
+    //OSLockMutex(&allocMutex);
     auto ptr_val = (uint32_t) ptr;
     for (int32_t i = 0; /* waiting for a break */; i++) {
         if (mem_mapping[i].physical_addresses == nullptr) {
@@ -483,7 +723,7 @@ void MemoryMapping_free(void *ptr) {
         }
     }
     OSMemoryBarrier();
-    OSUnlockMutex(&allocMutex);
+    //OSUnlockMutex(&allocMutex);
 }
 
 uint32_t MemoryMapping_MEMGetAllocatableSize() {
@@ -491,7 +731,7 @@ uint32_t MemoryMapping_MEMGetAllocatableSize() {
 }
 
 uint32_t MemoryMapping_MEMGetAllocatableSizeEx(uint32_t align) {
-    OSLockMutex(&allocMutex);
+    //OSLockMutex(&allocMutex);
     uint32_t res = 0;
     for (int32_t i = 0; /* waiting for a break */; i++) {
         if (mem_mapping[i].physical_addresses == nullptr) {
@@ -503,12 +743,12 @@ uint32_t MemoryMapping_MEMGetAllocatableSizeEx(uint32_t align) {
             res = curRes;
         }
     }
-    OSUnlockMutex(&allocMutex);
+    //OSUnlockMutex(&allocMutex);
     return res;
 }
 
 uint32_t MemoryMapping_GetFreeSpace() {
-    OSLockMutex(&allocMutex);
+    //OSLockMutex(&allocMutex);
     uint32_t res = 0;
     for (int32_t i = 0; /* waiting for a break */; i++) {
         if (mem_mapping[i].physical_addresses == nullptr) {
@@ -518,12 +758,12 @@ uint32_t MemoryMapping_GetFreeSpace() {
         DEBUG_FUNCTION_LINE_VERBOSE("heap at %08X MEMGetTotalFreeSizeForExpHeap: %d KiB", mem_mapping[i].effective_start_address, curRes / 1024);
         res += curRes;
     }
-    OSUnlockMutex(&allocMutex);
+    //OSUnlockMutex(&allocMutex);
     return res;
 }
 
 void MemoryMapping_CreateHeaps() {
-    OSLockMutex(&allocMutex);
+    //OSLockMutex(&allocMutex);
     for (int32_t i = 0; /* waiting for a break */; i++) {
         if (mem_mapping[i].physical_addresses == nullptr) {
             break;
@@ -540,11 +780,11 @@ void MemoryMapping_CreateHeaps() {
         DEBUG_FUNCTION_LINE("Created heap @%08X, size %d KiB", heap, size / 1024);
 #endif
     }
-    OSUnlockMutex(&allocMutex);
+    //OSUnlockMutex(&allocMutex);
 }
 
 void MemoryMapping_DestroyHeaps() {
-    OSLockMutex(&allocMutex);
+    //OSLockMutex(&allocMutex);
     for (int32_t i = 0; /* waiting for a break */; i++) {
         if (mem_mapping[i].physical_addresses == nullptr) {
             break;
@@ -556,7 +796,7 @@ void MemoryMapping_DestroyHeaps() {
         memset(address, 0, size);
         DEBUG_FUNCTION_LINE_VERBOSE("Destroyed heap @%08X", address);
     }
-    OSUnlockMutex(&allocMutex);
+    //OSUnlockMutex(&allocMutex);
 }
 
 uint32_t MemoryMapping_getAreaSizeFromPageTable(uint32_t start, uint32_t maxSize) {

source/memory_mapping.h

@@ -42,12 +42,12 @@ typedef struct _memory_mapping_t {
 
 // clang-format off
 const memory_values_t mem_vals_heap_1[] = {
-        {0x28000000 + 0x06620000, 0x28000000 + 0x07F80000}, // size: 25984 kB
+        {0x28000000 + 0x06620000 + 0x2A0000, 0x28000000 + 0x07F80000}, // size: 23296 kB
         {0,                       0}
 };
 // clang-format on
 
-#define MEMORY_HEAP0_SIZE       0x1960000
+#define MEMORY_HEAP0_SIZE       0x16C0000
 #define MEMORY_HEAP0            MEMORY_START_BASE
 
 // clang-format off
@@ -201,6 +201,8 @@ void MemoryMapping_readTestValuesFromMemory();
 
 void MemoryMapping_searchEmptyMemoryRegions();
 
+void MemoryMapping_checkHeaps();
+
 void *MemoryMapping_alloc(uint32_t size, int32_t align);
 
 void *MemoryMapping_allocVideoMemory(uint32_t size, int32_t align);