Accessing a directory on my custom distributed filesystem results in a kernel panic.
According to the backtrace, the last function called before the panic is triggered is mac_label_verify().
See the backtrace file attached.
mac_label_verify-panic.txt
The panic manifests itself given the following conditions:
Machine-a: make a directory in Finder.
Machine-b: remove the directory created on machine-a in Finder.
Machine-a: access the directory removed on machine-b in Finder. Kernel panic ensues.
The panic is reproducible on both Apple Silicon and x86-64.
The backtrace is for x86-64 as I wasn't able to symbolicate it on Apple Silicon.
Not sure how to tackle this one.
Any pointers would be much appreciated.
Post
Replies
Boosts
Views
Activity
Extracting an archive into the same directory on my custom filesystem more than once fails with the following message:
Unable to finish expanding 'misc.tar.xz' into 'extractme'.
Could not move 'misc' into destination directory.
I.e. initial extraction succeeds with archive contents extracted into extractme/misc.
Subsequent extraction fails to rename extractme.sb-db71cd27-lFjN1f/misc to extractme/misc 2.
This behaviour is observed on macOS Monterey and Ventura.
It does work as expected on macOS Sonoma though.
Dtrace(1)-ing the archive being extracted over smbfs results in the following sequence of calls being made:
2 -> smbfs_vnop_lookup AUHelperService-2163 -> extractme/misc 2 nameiop:0
2 <- smbfs_vnop_lookup AUHelperService-2163 -> extractme/misc 2 -> 2 ;ENOENT
2 -> smbfs_vnop_lookup AUHelperService-2163 -> extractme.sb-db71cd27-lFjN1f/misc nameiop:0x2 ;DELETE
2 <- smbfs_vnop_lookup AUHelperService-2163 -> extractme.sb-db71cd27-lFjN1f/misc -> 0
2 -> smbfs_vnop_lookup AUHelperService-2163 -> extractme/misc 2 nameiop:0x3 ;RENAME
2 <- smbfs_vnop_lookup AUHelperService-2163 -> extractme/misc 2 -> EJUSTRETURN
1 -> smbfs_vnop_rename AUHelperService-2163 -> extractme.sb-db71cd27-lFjN1f/misc -> extractme/nil
2 <- smbfs_vnop_rename AUHelperService-2163 -> extractme.sb-db71cd27-lFjN1f/misc -> extractme/nil -> 0
2 -> smbfs_vnop_lookup AUHelperService-2163 -> TheRooT/extractme/misc 2 nameiop:0
3 <- smbfs_vnop_lookup AUHelperService-2163 -> TheRooT/extractme/misc 2 -> 0 ;Successful lookup
What I don't understand is what causes vnop_lookup to be called for misc to be removed from the temporary directory and renamed into 'misc 2' and placed in the destination directory, 'extractme' via vnop_rename?
I had a look at smbfs_vnop_lookup and rename and didn't see anything that would cause 'misc 2' to come into being.
Based on the output of the dtrace(1) script running on my custom filesystem, there are no vnop_lookup and vnop_rename calls being made to remove the 'misc' directory from the temporary directory and to rename it to 'misc 2' and place it in the destination directory at extractme.
Archive extraction proceeds no further after extracting the archive contents into the temporary directory.
What am I missing?
I'm observing all sorts of race conditions occurring in various VNOPs my custom filesystem implements.
I'm inclined to attribute this to my implementation not following the locking rules expected by the system of a 3rd party filesystem as well as it should.
I've looked at how locking is done in Apple's own implementation of Samba and NFS clients.
The Samba client uses read/write locks to protect its node from data races.
While the NFS client uses mutex locks for the same purpose.
I realised that I don't have a clear model in my head of how locking should be done properly.
Thus my question, what are the locking rules for VFS and VNOP operations?
Thanks.
When recursively removing a directory with a large number of entries that resides on my custom filesystem, rm(1) aborts with ENOENT.
% rm -Rv /Volumes/myfs/linux-kernel/linux-6.10.6
[...]
/Volumes/myfs/linux-kernel/linux-6.10.6/include/drm/bridge/aux-bridge.h
/Volumes/myfs/linux-kernel/linux-6.10.6/include/drm/bridge/dw_hdmi.h
rm: fts_read: No such file or directory
I'm observing the following sequence of calls being made.
2024-09-17 17:58:25 vnops.c:281 myfs_vnop_lookup: rm-936 -> dw_hdmi.h ;initial lookup call
2024-09-17 17:58:25 vnops.c:315 myfs_vnop_lookup: -> cache_lookup(dw_hdmi.h)
2024-09-17 17:58:25 vnops.c:317 myfs_vnop_lookup: <- cache_lookup(dw_hdmi.h) -> 0 ;cache miss
2024-09-17 17:58:25 rpc.c:431 myfsLookup: rm-936 -> dw_hdmi.h ;do remote lookup
2024-09-17 17:58:25 rpc.c:500 myfsLookup: -> myfs_lookup_rpc(dw_hdmi.h)
2024-09-17 17:58:25 rpc.c:502 myfsLookup: <- myfs_lookup_rpc(dw_hdmi.h) -> 0 ;file found and added to vfs cache
2024-09-17 17:58:25 vnops.c:281 myfs_vnop_lookup: rm-936 -> dw_hdmi.h ;subsequent lookup call
2024-09-17 17:58:25 vnops.c:315 myfs_vnop_lookup: -> cache_lookup(dw_hdmi.h)
2024-09-17 17:58:25 vnops.c:317 myfs_vnop_lookup: <- cache_lookup(dw_hdmi.h) -> -1 ;cache hit
2024-09-17 17:58:25 vnops.c:1478 myfs_vnop_remove: -> myfs_unlink(dw_hdmi.h) ;unlink sequence
2024-09-17 17:58:25 rpc.c:1992 myfs_unlink: -> myfs_unlink_rpc(dw_hdmi.h)
2024-09-17 17:58:25 rpc.c:1994 myfs_unlink: <- myfs_unlink_rpc(dw_hdmi.h) -> 0 ;remote unlink succeeded
2024-09-17 17:58:25 vnops.c:1480 myfs_vnop_remove: <- myfs_unlink(dw_hdmi.h) -> 0
2024-09-17 17:58:25 vnops.c:1487 myfs_vnop_remove: -> cache_purge(dw_hdmi.h)
2024-09-17 17:58:25 vnops.c:1489 myfs_vnop_remove: <- cache_purge(dw_hdmi.h)
2024-09-17 17:58:25 vnops.c:1499 myfs_vnop_remove: -> vnode_recycle(dw_hdmi.h)
2024-09-17 17:58:25 vnops.c:1501 myfs_vnop_remove: <- vnode_recycle(dw_hdmi.h)
2024-09-17 17:58:27 vnops.c:281 myfs_vnop_lookup: fseventsd-101 -> dw_hdmi.h ;another lookup; why?
2024-09-17 17:58:27 vnops.c:315 myfs_vnop_lookup: -> cache_lookup(dw_hdmi.h)
2024-09-17 17:58:27 vnops.c:317 myfs_vnop_lookup: <- cache_lookup(dw_hdmi.h) -> 0
2024-09-17 17:58:27 rpc.c:431 myfsLookup: fseventsd-101 -> dw_hdmi.h
2024-09-17 17:58:27 rpc.c:500 myfsLookup: -> myfs_lookup_rpc(dw_hdmi.h)
2024-09-17 17:58:27 rpc.c:502 myfsLookup: <- myfs_lookup_rpc(dw_hdmi.h) -> ENOENT(2)
2024-09-17 17:58:27 vnops.c:371 myfs_vnop_lookup: SET(NNEGNCENTRIES): dw_hdmi.h
2024-09-17 17:58:27 vnops.c:373 myfs_vnop_lookup: ENOENT(2) <- shouldAddToNegativeNameCache(dw_hdmi.h)
I checked the value of vnode's v_iocount when vnop_remove and vnop_reclaim are being called.
Each vnop_remove and followed by vnop_reclaim with v_iocount set to 1 in both calls, as expected.
What I don't understand is why after removing the file is there another lookup call being made, which returns ENOENT to rm(1), which causes it to abort.
Any pointers on what could be amiss there would be much appreciated.
When running AJA System Test for my custom filesystem, the write and read tests get stuck intermittently.
I didn't observe any error codes being returned by my vnop_read/write or sock_receive/send functions.
Dtrace(1)'ing the vnops being called by AJA System Test for smbfs revealed that amongst other things vnop_advlock is being called:
0 -> smbfs_vnop_advlock ajasystemtest -> smbfs_vnop_advlock(ajatest.dat, op: 0x2, fl->l_start: 0, fl->l_len: 0, fl->l_pid: 0, fl->l_type: 2, fl->l_whence: 0, flags: 0x40, timeout: 0)
0 <- smbfs_vnop_advlock ajasystemtest -> smbfs_vnop_advlock(ajatest.dat) -> -1934627947504
op: 0x2
#define F_SETFD 2 /* set file descriptor flags */
fl->l_len: 0 ;len = 0 means until end of file
fl->l_type: 2 ;#define F_UNLCK 2 /* unlock */
fl->l_whence: 0 ;#define SEEK_SET 0 /* set file offset to offset */
flags: 0x40 ;#define F_POSIX 0x040 /* Use POSIX semantics for lock */
As my filesystem didn't implement vnop_advlock, I thought I'd explore that avenue.
My vnop_advlock simply returns KERN_SUCCESS.
Both f_capabilities.valid and f_capabilities.capabilities of struct vfs_attr have VOL_CAP_INT_ADVLOCK and VOL_CAP_INT_FLOCK set.
Yet, vnop_advlock doesn't get called for my filesystem when running AJA System Test.
Any tips on what could be amiss there would be much appreciated.
I've been using sock_upcall to do socket polling in my VFS kext.
Perusing the Darwin/XNU sources, I've stumbled upon select.
Which is the recommended way to do socket polling in the kernel, sock_upcall or select?
Thanks.
On implementing vnop_mmap, vnop_strategy and other related VNOPs as suggested in https://developer.apple.com/forums/thread/756358 my vnop_strategy routine ends up zero-extending files.
I don't understand why my filesystem behaves as described above.
Perusing the source code of both the relevant parts of Darwin/XNU and SMBClient did not clarify things for me.
A nudge in the right direction would be greatly appreciated.
The technical details of the issue are given in the plain text file attached, as some text was found to be sensitive. Unsure what exactly it was.
apple-dts-issue-desc.txt
I'm having trouble opening files residing on a custom filesystem implemented as a kext via sandboxed apps.
Preview.app is one such example.
The app launches, but it won't display file contents.
In system log files I'm seeing entries related to com.apple.foundation.filecoordination:claims with no error messages to indicate a possible reason why file contents aren't being displayed.
Non-sandboxed apps, such as GoogleChrome.app do not exhibit such behaviour.
The kext is unsigned and running in an environment with SIP disabled and Security Mode reduced to Permissive.
What is required for a 3rd party filesystem kext to integrate with sandboxed apps?
Any pointers and/or assistance would be greatly appreciated.
I am able to dtrace my custom kext on 12.5.1 running on Apple Silicon, but not on the subsequent releases of macOS.
Is that by design?
Thanks.