##raspberrypi-internals on 2024-05-21 — irc logs at libera.irclog.whitequark.org

2024-01-15 19:00 f_ changed the topic of ##raspberrypi-internals to: The inner workings of the Raspberry Pi (Low level VPU/HW) -- for general queries please visit #raspberrypi -- open firmware: https://librerpi.github.io/ -- VC4 VPU Programmers Manual: https://github.com/hermanhermitage/videocoreiv/wiki -- chat logs: https://libera.irclog.whitequark.org/~h~raspberrypi-internals -- bridged to matrix and discord

03:52 jcea has quit [Ping timeout: 260 seconds]

11:23 bonda_000 has joined ##raspberrypi-internals

12:14 jcea has joined ##raspberrypi-internals

14:27 <bonda_000> clever: this is where camera capture begin

14:28 <bonda_000> when you pass a '3' to cdi_camera_change_state

14:28 <bonda_000> that's param_3='3'

14:28 <bonda_000> that means begin capture

14:29 <bonda_000> it's gonna do

14:29 <bonda_000> update_channel_control_params(param_1,iVar13);

14:29 <bonda_000> where

14:29 <bonda_000> param_1 = cdi_struct of size 0x784c

14:30 <bonda_000> param_2 = (int)cdi_struct + 0x18

14:31 <bonda_000> update_channel_control_params will do a bunch of function pointer calls where

14:31 <bonda_000> param_1 + 0x7838 is the unicam_func_table

14:32 <bonda_000> so it will call

14:32 <bonda_000> 1)unicam_set_pipeline_control

14:32 <bonda_000> line 70:

14:32 <bonda_000> (**(code **)(*(int *)(param_1 + 0x7838) + 0x34))

14:32 <bonda_000> (*(undefined4 *)(param_2 + 0x1ac),*(undefined4 *)(iVar9 + 0x3c),uVar3,uVar4,uVar5,uVar6,

14:32 <bonda_000> *(undefined4 *)(iVar9 + 0x38));

14:33 <bonda_000> 2) unicam_set_crop

14:33 <bonda_000> line 89:

14:33 <bonda_000> pcVar1 = *(code **)(*(int *)(param_1 + 0x7838) + 0x44);

14:33 <bonda_000> (*pcVar1)(*(undefined4 *)(param_2 + 0x1ac),*(undefined2 *)(iVar9 + 0x68),

14:33 <bonda_000> *(undefined2 *)(iVar9 + 0x6a),uVar7 & 0xffff,uVar8 & 0xffff,pcVar1);

14:33 <bonda_000> 3) unicam_set_downscale

14:34 <bonda_000> line 96: pcVar1 = *(code **)(*(int *)(param_1 + 0x7838) + 0x48);

14:34 <bonda_000> (*pcVar1)(*(undefined4 *)(param_2 + 0x1ac),uVar7 & 0xffff,*(int *)(iVar9 + 0x60),

14:34 <bonda_000> *(int *)(iVar9 + 100),pcVar1);

14:34 <bonda_000> 4) unicam_set_pixel_correction

14:34 <bonda_000> line 99 pcVar1 = *(code **)(*(int *)(param_1 + 0x7838) + 0x4c);

14:34 <bonda_000> iVar9 = *(int *)(param_2 + 0xc4);

14:34 <bonda_000> (*pcVar1)(*(undefined4 *)(param_2 + 0x1ac),uVar7 & 0xffff,pcVar1);

14:35 <bonda_000> and then the final one:

14:35 <bonda_000> 5) unicam_rx_start

14:35 <bonda_000> line 103: (**(code **)(*(int *)(param_1 + 0x7838) + 0x38))

14:35 <bonda_000> (*(undefined4 *)(param_2 + 0x1ac),*(undefined *)(iVar9 + 0x37),

14:35 <bonda_000> *(undefined4 *)(param_2 + 0x20));

14:36 <bonda_000> so, param_1 into unicam_rx_start is cdi_struct + 0x1ac+ 0x18 = cdi_struct + 0x1c4

14:38 <bonda_000> and that is set in unicam_open, which is called from open_camera_peripheral, which is called from cdi_change_state with param_3='2'

14:38 <bonda_000> in open_camera_peripheral: line 42

14:38 <bonda_000> /* unicam_open */

14:38 <bonda_000> pcVar3 = *(code **)(*(int *)(param_1 + 0x7838) + 0xc);

14:39 <bonda_000> iVar2 = (*pcVar3)(&local_54,iVar4 + 0x1c4,pcVar3);

14:39 <bonda_000> prior to which:

14:40 <bonda_000> /* camera_subsystem_state table entries 0xf8 and 0xf7 */

14:40 <bonda_000> local_51 = 0;

14:40 <bonda_000> local_53 = *(undefined *)(*(int *)(iVar4 + 0x2c) + 0x18);

14:40 <bonda_000> local_54 = *(undefined *)(*(int *)(iVar4 + 0x2c) + 0x17);

14:40 <bonda_000> local_50 = unicam_int_callback;

14:41 <bonda_000> and here iVar4 is just the cdi_struct, so at offset 0x2C it has a pointer to camera_subsystem_state + 224d

14:42 <bonda_000> so the unicam_open will set at line 103:

14:42 <bonda_000> *param_2 = iVar2 + 0xf37c7b0;

14:51 <bonda_000> so cdi_struct + 0x1c4 becomes equal to (int)unicam_state + 4 + 0x68 * i for some i, where from initial camera_subsystem_init it is '1'

14:51 <bonda_000> i.e. some offset into camera_subsystem_state_table

14:52 <bonda_000> so we get a function call to begin camera capture:

14:53 <bonda_000> unicam_rx_start(camera_subsystem_state + offset, *(cdi_struct + 0xDC) + 0x37, *(cdi_struct + 0x38))

15:46 bonda_000 has quit [Remote host closed the connection]

15:47 bonda_000 has joined ##raspberrypi-internals

16:03 Herc has joined ##raspberrypi-internals

16:37 bonda_000 has quit [Quit: Leaving]

17:51 bonda_000 has joined ##raspberrypi-internals

18:32 jcea has quit [Ping timeout: 256 seconds]

18:35 jcea has joined ##raspberrypi-internals

18:45 jcea1 has joined ##raspberrypi-internals

18:49 jcea has quit [Ping timeout: 260 seconds]

18:49 jcea1 is now known as jcea

18:54 jcea has quit [Read error: Connection reset by peer]

18:54 jcea1 has joined ##raspberrypi-internals

18:57 jcea1 is now known as jcea

23:13 <bonda_000> clever: do you know what this means

23:13 <bonda_000> the camera is using four software "ports"

23:14 <bonda_000> 0x46, 0x47, 0x47 a '1' port and 0x46 a '0' port

23:16 <bonda_000> and then it does

23:16 <bonda_000> ca_process_frame(&param_1->ca_port_0x1000005_0x49_0,param_1);

23:16 <bonda_000> ca_process_frame(&param_1->ca_port_0x1000004_0x47_1,param_1);

23:16 <bonda_000> ca_process_frame(&param_1->ca_port_0x1000003_0x48_1,param_1)

23:16 <bonda_000> in ca_process_thread()

23:17 <bonda_000> where param_1 is camera_ril_ctrl_struct pointer

23:18 <bonda_000> and then it does

23:18 <bonda_000> iVar11 = ca_process_buffer((int)param_1,(int *)&param_1->ca_port_0x1000004_0x46_1);

23:18 <bonda_000> iVar7 = ca_process_buffer((int)param_1,(int *)&param_1->ca_port_0x1000005_0x49_0);

23:18 <bonda_000> iVar8 = ca_process_buffer((int)param_1,(int *)&param_1->ca_port_0x1000004_0x47_1);

23:18 <bonda_000> iVar9 = ca_process_buffer((int)param_1,(int *)&param_1->ca_port_0x1000003_0x48_1);

23:19 <bonda_000> 0x1000004, 0x46 and 1 are the arguments to ca_setup_port()

23:29 bonda_000 has quit [Quit: Leaving]