From 4d48d00feb4a7409bcca72d11aa5993de2d98c6c Mon Sep 17 00:00:00 2001
From: Jérôme Duval <jerome.duval@gmail.com>
Date: Thu, 21 May 2020 11:09:53 +0200
Subject: [PATCH] matrox: SMAP fixes
---
diff --git a/src/add-ons/kernel/drivers/graphics/matrox/driver.c b/src/add-ons/kernel/drivers/graphics/matrox/driver.c
index 4dcbfe9..df448f8 100644
a
|
b
|
|
381 | 381 | di->pcii.u.h0.base_registers[frame_buffer], |
382 | 382 | 32768, |
383 | 383 | B_ANY_KERNEL_ADDRESS, |
384 | | B_READ_AREA, |
| 384 | B_KERNEL_READ_AREA, |
385 | 385 | (void **)&(rom_temp) |
386 | 386 | ); |
387 | 387 | |
… |
… |
|
769 | 769 | /* create this area with NO user-space read or write permissions, to prevent accidental dammage */ |
770 | 770 | di->shared_area = create_area(shared_name, (void **)&(di->si), B_ANY_KERNEL_ADDRESS, |
771 | 771 | ((sizeof(shared_info) + (B_PAGE_SIZE - 1)) & ~(B_PAGE_SIZE - 1)), B_FULL_LOCK, |
772 | | B_CLONEABLE_AREA); |
| 772 | B_KERNEL_READ_AREA | B_KERNEL_WRITE_AREA | B_CLONEABLE_AREA); |
773 | 773 | if (di->shared_area < 0) { |
774 | 774 | /* return the error */ |
775 | 775 | result = di->shared_area; |
… |
… |
|
952 | 952 | switch (msg) { |
953 | 953 | /* the only PUBLIC ioctl */ |
954 | 954 | case B_GET_ACCELERANT_SIGNATURE: { |
955 | | char *sig = (char *)buf; |
956 | | strcpy(sig, current_settings.accelerant); |
| 955 | if (user_strlcpy((char*)buf, current_settings.accelerant, |
| 956 | B_FILE_NAME_LENGTH) < B_OK) { |
| 957 | return B_BAD_ADDRESS; |
| 958 | } |
957 | 959 | result = B_OK; |
958 | 960 | } break; |
959 | 961 | |
960 | 962 | /* PRIVATE ioctl from here on */ |
961 | 963 | case GX00_GET_PRIVATE_DATA: { |
962 | | gx00_get_private_data *gpd = (gx00_get_private_data *)buf; |
963 | | if (gpd->magic == GX00_PRIVATE_DATA_MAGIC) { |
964 | | gpd->shared_info_area = di->shared_area; |
965 | | result = B_OK; |
| 964 | gx00_get_private_data gpd; |
| 965 | if (user_memcpy(&gpd, buf, sizeof(gx00_get_private_data)) < B_OK) |
| 966 | return B_BAD_ADDRESS; |
| 967 | if (gpd.magic == GX00_PRIVATE_DATA_MAGIC) { |
| 968 | gpd.shared_info_area = di->shared_area; |
| 969 | result = user_memcpy(buf, &gpd, sizeof(gx00_get_private_data)); |
966 | 970 | } |
967 | 971 | } break; |
968 | 972 | case GX00_GET_PCI: { |
969 | | gx00_get_set_pci *gsp = (gx00_get_set_pci *)buf; |
970 | | if (gsp->magic == GX00_PRIVATE_DATA_MAGIC) { |
| 973 | gx00_get_set_pci gsp; |
| 974 | if (user_memcpy(&gsp, buf, sizeof(gx00_get_set_pci)) < B_OK) |
| 975 | return B_BAD_ADDRESS; |
| 976 | if (gsp.magic == GX00_PRIVATE_DATA_MAGIC) { |
971 | 977 | pci_info *pcii = &(di->pcii); |
972 | | gsp->value = get_pci(gsp->offset, gsp->size); |
973 | | result = B_OK; |
| 978 | gsp.value = get_pci(gsp.offset, gsp.size); |
| 979 | result = user_memcpy(buf, &gsp, sizeof(gx00_get_set_pci)); |
974 | 980 | } |
975 | 981 | } break; |
976 | 982 | case GX00_SET_PCI: { |
977 | | gx00_get_set_pci *gsp = (gx00_get_set_pci *)buf; |
978 | | if (gsp->magic == GX00_PRIVATE_DATA_MAGIC) { |
| 983 | gx00_get_set_pci gsp; |
| 984 | if (user_memcpy(&gsp, buf, sizeof(gx00_get_set_pci)) < B_OK) |
| 985 | return B_BAD_ADDRESS; |
| 986 | if (gsp.magic == GX00_PRIVATE_DATA_MAGIC) { |
979 | 987 | pci_info *pcii = &(di->pcii); |
980 | | set_pci(gsp->offset, gsp->size, gsp->value); |
| 988 | set_pci(gsp.offset, gsp.size, gsp.value); |
981 | 989 | result = B_OK; |
982 | 990 | } |
983 | 991 | } break; |
984 | 992 | case GX00_DEVICE_NAME: { // apsed |
985 | | gx00_device_name *dn = (gx00_device_name *)buf; |
986 | | if (dn->magic == GX00_PRIVATE_DATA_MAGIC) { |
987 | | strcpy(dn->name, di->name); |
988 | | result = B_OK; |
| 993 | gx00_device_name dn; |
| 994 | if (user_memcpy(&dn, buf, sizeof(gx00_device_name)) < B_OK) |
| 995 | return B_BAD_ADDRESS; |
| 996 | if (dn.magic == GX00_PRIVATE_DATA_MAGIC) { |
| 997 | strcpy(dn.name, di->name); |
| 998 | result = user_memcpy(buf, &dn, sizeof(gx00_device_name)); |
989 | 999 | } |
990 | 1000 | } break; |
991 | 1001 | case GX00_RUN_INTERRUPTS: { |
992 | | gx00_set_bool_state *ri = (gx00_set_bool_state *)buf; |
993 | | if (ri->magic == GX00_PRIVATE_DATA_MAGIC) { |
| 1002 | gx00_set_bool_state ri; |
| 1003 | if (user_memcpy(&ri, buf, sizeof(gx00_set_bool_state)) < B_OK) |
| 1004 | return B_BAD_ADDRESS; |
| 1005 | if (ri.magic == GX00_PRIVATE_DATA_MAGIC) { |
994 | 1006 | vuint32 *regs = di->regs; |
995 | | if (ri->do_it) { |
| 1007 | if (ri.do_it) { |
996 | 1008 | enable_vbi(regs); |
997 | 1009 | } else { |
998 | 1010 | disable_vbi(regs); |