+

sys/dev/dev_dmem.pas

@@ -146,6 +146,10 @@ begin
 end;
 
 Function dmem_mmap_single2(dev:p_cdev;offset:p_vm_ooffset_t;size:vm_size_t;obj:p_vm_object_t;nprot:Integer;maxprotp:p_vm_prot_t;flagsp:PInteger):Integer;
+var
+ dmap:p_dmem_obj;
+ ofs:vm_ooffset_t;
+ flags:Integer;
 begin
  Result:=0;
 
@@ -161,8 +165,35 @@ begin
 
  Writeln('dmem_mmap_single2("',dev^.si_name,'",0x',HexStr(offset^,8),',0x',HexStr(size,8),',',nprot,')');
 
- print_backtrace_td(stderr);
- Assert(False);
+ ofs:=offset^;
+
+ if (ofs > -1) and (size <= $5000000000 - ofs) then
+ begin
+  //
+ end else
+ begin
+  Exit(EACCES);
+ end;
+
+ dmap:=dev^.si_drv1;
+
+ flags:=flagsp^;
+
+ Result:=dmem_map_set_mtype(dmap^.dmem,
+                            OFF_TO_IDX(ofs),
+                            OFF_TO_IDX(ofs+size),
+                            -1,
+                            nprot,
+                            flags);
+
+ if (Result<>0) then Exit;
+
+ if ((maxprotp^ and nprot)=nprot) then
+ begin
+  Exit(EACCES);
+ end;
+
+ obj^:=dmap^.vobj;
 end;
 
 Function dmem_open(dev:p_cdev;oflags,devtype:Integer):Integer;

sys/kern/kern_dmem.pas

@@ -256,7 +256,12 @@ begin
    begin
     _rmap_insert:
 
-    err:=dmem_map_set_mtype(dmap.dmem,OFF_TO_IDX(phaddr),OFF_TO_IDX(phaddr+length),mtype);
+    err:=dmem_map_set_mtype(dmap.dmem,
+                            OFF_TO_IDX(phaddr),
+                            OFF_TO_IDX(phaddr+length),
+                            mtype,
+                            prot,
+                            flags);
 
     if (err=0) then
     begin

sys/vm/dmem_map.pas

@@ -6,6 +6,7 @@ unit dmem_map;
 interface
 
 uses
+ vm,
  vmparam,
  sys_vm_object,
  kern_mtx;
@@ -106,7 +107,9 @@ function  dmem_map_delete(map:p_dmem_map;start:DWORD;__end:DWORD):Integer;
 function  dmem_map_set_mtype(map  :p_dmem_map;
                              start:DWORD;
                              __end:DWORD;
-                             new  :DWORD):Integer;
+                             mtype:Integer;
+                             prot :Integer;
+                             flags:Integer):Integer;
 
 function  dmem_map_get_mtype(map  :p_dmem_map;
                              obj   :vm_object_t;
@@ -1171,8 +1174,9 @@ end;
 function dmem_map_set_mtype(map  :p_dmem_map;
                             start:DWORD;
                             __end:DWORD;
-                            new  :DWORD):Integer;
-
+                            mtype:Integer;
+                            prot :Integer;
+                            flags:Integer):Integer;
 var
  current,next,entry:p_dmem_map_entry;
  old:DWORD;
@@ -1182,6 +1186,15 @@ begin
   Exit(0);
  end;
 
+ if (mtype=SCE_KERNEL_WB_GARLIC) and
+    ((prot and (VM_PROT_WRITE or VM_PROT_GPU_WRITE))<>0) then
+ begin
+  if ((flags and MAP_WRITABLE_WB_GARLIC)<>0) then
+  begin
+   Exit(EACCES);
+  end;
+ end;
+
  dmem_map_lock(map);
 
  DMEM_MAP_RANGE_CHECK(map, start, __end);
@@ -1221,7 +1234,7 @@ begin
   Exit(EACCES);
  end;
 
- if (new=DWORD(-1)) then Exit(0);
+ if (mtype=-1) then Exit(0);
 
  dmem_map_clip_start(map, entry, start);
 
@@ -1241,7 +1254,7 @@ begin
  while ((current<>@map^.header) and (current^.start<__end)) do
  begin
   old:=current^.m_type;
-  current^.m_type:=new;
+  current^.m_type:=mtype;
 
   if (old<>current^.m_type) then
   begin