I've noticed that breakpoints don't always work when debugging kernel code (kexts).
Is there something special that needs to be done for them to work reliably?
Also, sometimes the target hangs while debugging.
The panic log says something like "mpkdpenter() timed-out during locked wait after NMI;" "expected 8 acks bug received 7 ..."
boot-args does include watchdog=0 and pmuflags=1
This is on Big Sur.
Thanks.
Devendra.
Post
Replies
Boosts
Views
Activity
Hi,
I'm working on creating an xpc service, using the C APIs (gets launched from launchd via plist) and an application that wants to use this service.
Generally it works fine, communication is proper and as expected.
However, in case the service's plist has not been installed in /Library/LaunchDaemons, the client gets stuck! Neither the event handler (set with xpcconnectionseteventhandler) nor the reply block provided to xpcconnectionsendmessagewithreply get called.
If I use xpcconnectionsendmessagewithreplysync() - it never returns!
So how is a client to know that the service is not available in this case?
My assumption was that in such a case the event handler would be called with XPCERRORCONNECTIONINVALID.
Thanks in advance!
Devendra.
Hi,
Just discovered that taskinfo on BigSur no longer shows details of kernel task threads.
Is there a way to get around this limitation?
Thanks.
Devendra.
We have kernel extension - which works fine after setting the security level to allow 3rd party Kexts.
However, we are unable to uninstall the Kext.
Tried calling kumtil unload + removing the Kext from /Library/Extensions + reboot.
Also tried clear-staging.
But the only way to remove the kext from the aux. collection is to use the trigger-panic-medic from Recovery mode.
Thanks.
Devendra.
ps: Note that if we install a newer version - the aux. kext collection gets rebuilt correctly.
Hi,
We're working on implementing our app with custom network protocol (existing solution was to use a kext with an interface filter).
Note that we don't intend to distribute our app via the App Store.
Now in order to add the Custom Network Protocol capability to the app (com.apple.developer.networking.custom-protocol entitlement), Xcode requires a few things...
We cannot sign to run locally. Xcode says that our app has entitlements to require signing with a development certificate.
Once I "Enable Development Signing" - a provisioning profile is used.
All works fine (on the development Mac) after doing this.
However, now I cannot run this app on just any other Mac.
If I understand this right, each of those Macs will need to be added to the provisioning profile by our (corporate) account admin (or we install Xcode on those machines and open the project - not desirable).
Is there a simpler path?
What happens when we need to distribute our application to our customers (we don't want to go through the App Store).
Are custom network protocol entitled apps only distributable via the App Store?
Thanks.
Devendra.
What's the proper way to enable showing "private" items from os_log?
I see various mobileconfig files on different web sites - signed by people I may not trust!
I would like to know where this is documented and if Apple provides such configuration profiles?
Thanks.
Devendra.
We need to enumerate the available network interfaces(NWInterface) which can be used to initialize a NWEthernetChannel.
Note that this is for creating a custom network protocol. So we don't expect these interfaces to have any Internet connectivity.
In fact, we want to be able to enumerate the interfaces even when the cable is disconnected.
So we cannot use use the method described in this thread - which only works for interfaces which have a cable connection:
Getting NWInterface for ... - https://developer.apple.com/forums/thread/128215
Alternatively, is there a way to get an NWInterface from a SCNetworkInterfaceRef (obtained via SCNetworkServiceCopyAll() - SCNetworkServiceGetInterface())?
There is the undocumented nw_interface_create_with_name() - but I'm not sure if that's a good idea.
Thanks.
Devendra.
Hi,
We have been able to successfully use NWEthernetChannel to send and receive packets with our custom protocol.
However, we don't see any incoming packets (with our protocol) if they have the broadcast destination (ff:ff:ff:ff:ff:ff).
I have verified that the packets in question are being received by the lower layers by doing a network capture with tcpdump - just that they don't show up on the NWEthernetChannel's receive handler.
Also there are no log entries from any layers (enabled --debug --info).
Is there something special that we need to do to enable receiving broadcast packets?
Thanks.
Devendra.
It seems like signposts generated with os_signpost() APIs are not appearing in the trace files collected with ktrace (ktrace artrace).
On the other hand, if the signposts are generated with kdebug_signpost APIs - they do show up correctly.
Is this expected behavior?
Specially since the kdebug_signpost APIs are now deprecated?
Thanks.
Devendra.
ps: The os_signpost generated signposts do appear if capturing with Instruments app, just that they are not captured by ktrace.
I'm using macOS BigSur, Instruments 12.4.
Every time I try to capture a System Trace (no matter how short) it leads to the entire system eventually getting stuck.
First of all Instruments starts analyzing data, and at some point stops moving further.
If I try to kill Instruments - it goes away from the Force Quit Applications list, but still stays on screen.
At this point, I'm not able to close any other applications or even shut down the system - everything starts getting stuck.
The only way to recover is to do a hard power reset.
This is on a MacBook Pro.
Is there a solution for this?
The first time it asks - makes sense, because the file was not writeable.
But after that, even when the file is writeable, Xcode keeps asking the same question - after almost every edit.
The only way to get rid of the prompts is to close Xcode and start it again.
Almost as if Xcode caches the file attributes, and does not update when it makes the file writeable.
This happens on one of my Macs, not on others.
Any help on how to fix this would be greatly appreaciated!
Even when SIP is disabled.
It shows an error, and dumps the dtrace script to console!
Used to work fine until BigSur.
If I physically disconnect a MIDI (USB) device, the MIDI Studio correctly shows the device as offline, yet MIDISend does not return an error when trying to send to this disconnected device.
I realize that MIDISend is deprecated for macOS 11.0 but we need this to work pre-11.0
Is this expected behaviour?
We have encountered a problem where the dyld ends up using the incorrect dylib.
Here's the use case:
Plugin A (a bundle) depends on Dynamic Library A - referenced with "@loader_path".
Plugin B (a bundle) depends on Dynamic Library B - referenced with "@loader_path".
Relevant File (binaries) layout is like this:
MyPluginA.bundle/Contents/MacOS/MyPluginA
[depends on @loader_path/../../../MyLibraryA.framework/MyLibrary]
MyLibraryA.framework/MyLibrary
MyPluginB.bundle/Contents/MacOS/MyPluginB
[depends on @loader_path/../../../MyLibraryB.framework/MyLibrary]
MyLibraryB.framework/MyLibrary
This scheme works fine on most machines.
But on some Macs, dyld tries to link MyPluginB with the library in MyLibraryA - which causes the plugin not to be loaded because it cannot find the required symbols in the library.
If we try to print dyld debug information, it shows that MyLibraryB is loaded and then unloaded, without showing any reason. And following that, the MyPluginB tries to look for MyLibraryB's symbols in MyLibraryA.
Can this be due to some kind of caching done by dyld?
Why is the @loader_path not being used to refer to the actual library being used?
We have noticed that in our application that creates worker threads for audio processing, these threads (time-constrained priority) in some cases do not run on the P-Cores (on Apple Silicon Macs).
It was my understanding that once we use audio workgroups, the scheduler will always schedule our threads on the P-Cores.
This works okay as long as the CoreAudio buffer size used is 256 samples or less (@ 48K). But if the buffer size is 512 or above, the threads are run on E-Cores (checked using System Trace).
Is this expected behavior?
Can I find any documentation for this (short of analyzing the scheduler source in kernel)?
Thanks.
Devendra.