sys: Fix heap disclosure in compat7 kern.proc.filedesc sysctl
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56976
(cherry picked from commit e68433e1990d5f1bcc1bdd270d65f1e4792a8e1b)
src.opts.mk: Comment about CTF & DTRACE relationship
WITH_CTF enables building userland components with CTF, and not the ctf*
tools as one might expect. The tools are actually included with the
DTRACE knob. Add a comment where the dependency is handled, as this has
caused confusion.
Reported by: ivy
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56977
acpi_spmc(4): If verbose, print called functions
...as a debugging aid, in order to be able to check that some functions
are effectively called and to identify them quickly if they cause
a hang.
Reviewed by: obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56883
acpi_spmc(4): Auto-detect DSM revisions by default
Which revisions to use for the Intel and AMD DSMs is unclear. For the
Intel one, the written specification indicates only 0, but Linux uses
1 (possibly an oversight). For the AMD one, for which there is no
specification, Linux uses 0, but at least on the Framework 13 AMD 7040
series, the "enumerate functions" function only returns a mask that
covers all the functions we expect when called with revision 2.
Introduce an auto-detection strategy where each revision starting from
0 is tried in turn up to some limit (included; default: 15). As soon as
a revision implements all expected functions, we stop the loop and use
that one, in effect selecting the minimum revision that implements all
we need, which should avoid potential backwards-compatibility problems.
If no revision implements all expected functions, the highest available
revision in the checked range is selected, but higher revisions that do
not bring new functions are discarded (see the explanatory comment in
acpi_spmc_probe_dsm()).
[21 lines not shown]
acpi_spmc(4): softc: Move supported functions into a DSM info structure
This is in preparation to adding the revision as a probed information.
Reviewed by: obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56880
acpi_spmc(4): Only run DSM functions reported present
Examination of the DSDT in a Framework laptop generally hints at
firmware designers sometimes providing ACPI methods for convenience
(e.g., same firmware for multiple models) but not using them (or not
expecting them to be used) depending on tweaks or the actual hardware
platform.
On an Intel Framework laptop, we specifically observe the presence of
a Microsoft DSM that just reports availability of the SLEEP_ENTRY and
SLEEP_EXIT (7 and 8) functions although the Microsoft specification
requires other functions, whose purpose is similar to corresponding
Intel DSM's ones (such as DISPLAY_OFF). However, we currently always
call the latter even on the Microsoft DSM. On that laptop, fortunately,
the way the code is structured in the _DSM method leads to nothing being
executed on this call.
Given the similarity of intent between most functions from the Microsoft
DSM on one side and those of ADM and Intel on the other, it is
[24 lines not shown]
acpi_spmc(4): Factor out testing for present DSMs/functions
Since we are now keeping in the softc the information about which DSM
functions are available (in supported_functions[]), the 'dsms' field
there is somewhat redundant.
Make it completely redundant by keeping the bit representing the
enumeration function itself in each element of supported_functions[],
and then remove the field.
As a result, convert has_dsm() to rely on supports_function().
Adapt acpi_spmc_dsm_check_functions() so that it does not take into
account the enumeration function bit.
While here, use the self-explanatory stance
IDX_TO_BIT(DSM_ENUM_FUNCTIONS) instead of a hardcoded 1.
Reviewed by: obiwac
[2 lines not shown]
acpi_spmc(4): acpi_spmc_run_dsm(): Rename, rename parameters, constify
This function actually runs a function of a given DSM. Remove the
'_dsm' suffix to remove the inaccuracy and make things simpler.
Reviewed by: obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56877
acpi_spmc(4): Be less verbose by default
Do not print by default details of failures that are unlikely to help
a normal user and to have a crucial influence on whether suspension
works correctly. Do so only on a verbose boot or if requested
explicitly by the user via 'debug.acpi.spmc.verbose'.
In particular:
- On an Intel Framework laptop, the Microsoft DSM only reports the
SLEEP_ENTRY and SLEEP_EXIT functions. That makes some sense since,
according to its specification, all functions of a Microsoft DSM
except these two are in fact redundant with Intel DSM's ones (also,
that of AMD DSM's ones). Those functions being missing are only
a potential problem if there is no other DSM than Microsoft's (yet to
be observed in the field).
- The details of malformed/unapplicable constraints or ones with a newer
format the driver does not know about are not readily actionable
pieces of information, but rather debug/developer-oriented ones. When
verbosity is not requested, only print the details of the first such
[10 lines not shown]
acpi_spmc(4): Add a sysctl knob to request verbosity
The driver will be more verbose on this knob being non-zero or
'bootverbose' being set. The corresponding variable is typed as an
integer to leave room for expansion. To be used in subsequent commits.
Reviewed by: obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56875
acpi_spmc(4): acpi_spmc_probe_dsm(): Remove passing superfluous handle
The handle is already held by the softc, which is also passed.
No functional change (intended).
Reviewed by: imp, obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56818
acpi_spmc(4): Enable multiple instances
Support the (so far hypothetical) case of a machine with multiple
instances of the PNP0D80 device (e.g., if multiple DSMs are not
implemented on the same device), by allowing multiple instances of the
device to co-exist.
This is achieved by moving 'supported_functions' from 'struct dsm' into
the softc, so each instance has its own view of which functions are
supported.
Consequently, the check on the instance unit on probe can be removed.
Reviewed by: imp (older version), obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56817
acpi_spmc(4): Global message on constraints parsing failure
...in order to indicate to users that power state constraints will not
be checked at all.
Reviewed by: imp, obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56816
acpi_spmc(4): Print supported functions after DSMs
This makes things more top-down, as expected when probing devices.
Reviewed by: imp, obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56811
acpi_spmc(4): Gracefully support a standalone Microsoft DSM
In acpi_spmc_get_constraints(), stop assuming that if there is no AMD
DSM, then the Intel one is present. Although this is likely to be the
overwhelming majority of cases on amd64, there is no technical reason
nor constraint in our code that really needs assuming that. On (so far
hypothetical) machines with only the Microsoft DSM, this assumption
would cause a cryptic and irrelevant error message (and, prior to the
previous commit, a panic on INVARIANTS).
Warn the user if both the Intel and AMD DSMs are present, and use the
constraints reported by the Intel one (see the comment for why).
Reviewed by: imp (older version), obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56813
acpi_spmc(4): INVARIANTS: Do not panic on getting constraints failure
Just continue without constraints checking in this case.
To this end, remove the 'constraints_populated' field from 'struct
acpi_spmc_softc' and any reference to it.
However, we introduce another boolean, 'sc->get_constraints_succeeded',
in order to check (under INVARIANTS) that acpi_spmc_get_constraints() is
called only once on success. Calling that function another time after
a success would leak memory. It would be easy to change that function
to support multiple calls (e.g., by adding a call to
acpi_spmc_free_constraints() near its start), however trying to retrieve
the constraints again simply looks like wasted time as the same results
are expected to be returned on each call.
Reviewed by: imp, obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56812
acpi_spmc(4): Check DSMs only on attach, do not return 0 on probe
Once we have recognized a device by PNP ID, declare support
unconditionally on probe, and only check for DSMs in attach.
We do this for these reasons:
1. PNP0D80 is de-facto a device supposed to hold DSMs related to
suspend-to-idle, so we assume it cannot be used for other purposes.
And if that changes, we need another architecture anyway (e.g., have
a new driver claiming those devices and behaving like a bus, to which
this driver would be a sub-driver).
2. If there are no DSMs that we support on such a device, then a new DSM
was added that the driver does not know about and which "replaces"
(in terms of functionality) the known ones, or the firmware is buggy.
In both cases, failing the attach instead of the probe is reasonable,
as that leads to printing some error which we (and probably users
too) would like to know about.
3. This is a step to enable multiple instances of this driver (just to
be a good citizen, and also to be future proof against weird
[6 lines not shown]
acpi_spmc(4): Stop pretending that all constraints are verified
We do not check these constraints (yet), so stop printing that they are
verified.
While here, make the (not compiled in at the moment) "constraint
violated" message more terse, and move the warning it contains to
outside of the loop (no need to print it repeatedly if multiple
constraints are violated).
While here, bail out early if there are no constraints to avoid printing
(in the future) that constraints are respected even when there are none.
Reviewed by: imp (older version), obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56809
