Here is project I am researching: https://developer.apple.com/documentation/hiddriverkit/handling_stylus_input_from_a_human_interface_device I have a Touch screen and I want: can control this screen, I can enable extension and control Touch screen successfully. can pen on this screen. To do this, I need to send X,Y to StylusApp(AppKit) But I Can not send X, Y to Swift StylusApp Eventhough I can log X,Y it by default code: But I don't know how to send it to AppKit to Pen. I have research about communicate Driver and Client: https://developer.apple.com/documentation/driverkit/communicating_between_a_driverkit_extension_and_a_client_app#4324306 but seem HID driver don't support inheritance from IOUserClient:

In my account, there is already a driver kit usb transport vendor id(4070) in the Identifiers capability . I posted a new request for new usb vendor id(14203) , and there are now 2 driver kit usb transport vendor id entitlement in the account's identifiers, one is for old id (4070), another is not for new id(14203). so how can I add a new usb vendor id ? or change the old one?

Hi, I'm trying to test "https://developer.apple.com/documentation/networkingdriverkit/connecting_a_network_driver" on MacBook Pro M3 with 14.5 Sonoma, XCode 15.4, SIP is disabled. Build steps are succesful, after running App, "Install Dext" is succesful, there is no error in XCode; "systemextensionctl list" show a record for "com.apple.system_extension.driver_extension" with [ activated enabled ] tag. But, "ioreg" doesn't show any service for the dext; and no new interface with name "enXX" appears in System Settings in contrast to what the document describes. In addition, seldomly my device experiences crash when the dext remains installed where crash report points "IOReg" function. I tried also Driver Kit Sample ( https://developer.apple.com/documentation/driverkit/driverkit_sample_code ) and a github project based on this sample having last commits 9 months ago. However, Dext installation reveals similar behavior and "Communicate with Dext" step is unsuccessful with the message "Driver is not connected". Is there an updated version of Networking Driver Kit documentation to reach a running sample app for Sonoma 14.5? Thanks.

Hi, I'm trying to test the NetworkingDriverKitSampleApp at https://developer.apple.com/documentation/networkingdriverkit/connecting_a_network_driver for a while but I couldn't reach the final steps described in the documentation. My setup: Xcode 15.4, MacBook Pro M3 with Sonoma 14.5, SIP is disabled. I prepared the required provisinning profiles with required entitelements. Dext and app builds successfully. Build path starts with "/Applications". "Install Dext" operation is successful without any error after allowing necessary permission. However, neither System Settings shows any new enXX interface, nor ioreg command shows a registered service while "systemextensionctl list" shows the expected result as a com.apple.system_extension.driver_extension record with [ activated enabled ]. I repeated the same steps for "Driver Kit Sample" at https://developer.apple.com/documentation/driverkit/driverkit_sample_code, "Install Dext" step succesful but "Communicate With Dext" results in "Driver is not connected" message. Similar to previous project, ioreg doesn't show any service for the dext while systemextensionctl lists [activeted enabled]. I also test an updated version of DriverKitSample at https://github.com/DanBurkhardt/DriverKitUserClientSample, which reproduced the same results. Finally, my device experiences seldom crashes after passing sleep state when the dext remains installed; where crash report points "IOReg". Is there any lacking steps on Apple documentation for Sonoma 14.5 or XCode 15.4 versions? Thanks.

I'm trying to build an XCode project that contains an app and another target for the DriverKit, and run into the following linker issue: ld: file cannot be open()ed, errno=2 path=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/15.0.0/lib/darwin/libclang_rt.profile_driverkit.a in '/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/15.0.0/lib/darwin/libclang_rt.profile_driverkit.a' clang: error: linker command failed with exit code 1 (use -v to see invocation) My project has Code Coverage enabled. I noticed that if I disabled Code Coverage for all targets, I would be able to build successfully, and the driverKit would work as expected. I wonder if it would be possible to build DriverKit without disabling code coverage. Thanks

Certain entitlements require special permission from Apple like DriverKit or Screentime API/Family controls. Those entitlements are tied to the bundle IDs of the app. If those entitlements have been granted for an app from developer A (personal account) and we transfer that app to developer B (organization account), including the bundle IDs, will those bundle IDs keep the entitlement? Or will we need to re-request from the developer account B? Any insights or experiences regarding this process would be greatly appreciated.

Many USB storage devices are NVMe devices accessed through a USB-NVMe bridge chip, such as those by JMicron and Asmedia. These chipsets do not forward SMART data requests to the devices, but do have the capability to forward raw NVMe commands to the devices using vendor specific requests. How can we provide access to SMART data for NVMe devices accessed through a bridge chip like this? Many people used the OSX SAT SMART kext driver to provide access to SMART data for devices using USB-SATA chips, but it is a kext and doesn't support NVMe. See https://binaryfruit.com/drivedx/usb-drive-support#install-instructions Would we need to implement a kext like that to make this work? Is there a DriverKit way to do this?

Hello everyone! I'm developing framework and app for macOS for PCI devices. For communication with driverkit, I'm verifying by giving userclient access entities of system extension to app. However, the app is just a sample program, and our customer is trying to develop the app using a framework with PCI communication part. Is there a way to build a framework with my company's signature, and to build and execute it without acquiring userclient access elements by any chance by a customer developer? Moreover, userclient access is only available to developers who have subscribed to the Apple Developer Program, so I hope that client/developers do not need to obtain separate entries.

Hi, I have a PCI DriverKit System Extension project that our team has tested, and the entitlements are not a problem. Once we decided to place the project to the Apple Store the review team requested to add "App Sandbox" entitlement to the project. Then I added the entitlement manually to the ".entitlements" file ( I couldn't do that using the Xcode add entitlement section because since it is a driverkit project, the "App sandbox" is not visible in the entitlements page ) and re-packaged the project for distribution. Later on, I saw that the entitlement was removed during the packaging process. I also tried to add that using the "build settings" page in Xcode (the signing section ), but I had no luck. I feel like I'm being misled by the review team. Do you know if the "App sandbox" entitlement is applicable to a DriverKit project ?

The situation: 1A) On last week our development team applied on-line for three idVendors with the format as the following: USB-VendorID: 547h(1351), 3488h(13448),4B4h(1204) Describe your apps: it shall be functional equivalence of existing Android-SDK for X-ray sensor-models:...with 15..25 text lines of the description below 1B) We received auto-reply, that we granted all the the entitlements. We've expected to have entitlements like approx like the these: <key>com.apple.developer.driverkit.transport.usb</key> <array> <dict> <key>idVendor</key> <integer>1351</integer> </dict> <dict> <key>idVendor</key> <integer>131448</integer> </dict> <dict> <key>idVendor</key> <integer>1204</integer> </dict> </array> 1C) Unexpectingly (for us) ASCII-strings-fragment from our iOS-target-binary "com.rayence.dexta.driver" (built with automatic signing; seemingly this shall be our actual granted prvisionintg profile) looks as the next: <plist version="1.0"> <dict> <key>com.apple.developer.driverkit</key> <true/><key>com.apple.developer.driverkit.transport.usb</key> <array><dict> <key>idVendor</key> <string>*</string> </dict></array> </dict> 1D) Repectively, now we shall specify (in our dext's entitlements in XCOde-project) <key>com.apple.developer.driverkit.transport.usb</key> <array> <dict> <key>idVendor</key> <string>*</string> </dict> </array> In DExt's info.plist we have "normal": <key>IOKitPersonalities</key> <dict> <key>IOKitPersonality_EzHD</key> <dict> blah-blah <key>idVendor</key><integer>1351</integer> <key>IOKitPersonality_EzR</key> <dict> blah-blah <key>idVendor</key><integer>131448</integer> <key>IOKitPersonality_EzR</key> <dict> blah-blah <key>idVendor</key><integer>1204</integer> blah-blah Our ambiguities: 2a) Without exact "1D)", our DExt-installer-application never starts in iPAD. OS-loader generates obectievly-meaningless error-messages and seemingly-meaninglessly suggest to look "system-logs" (which seemingly don't contain relevant information) 2b) With exatct "1D)", 2ba) the reaction (presence/absence and timing of relevant console.app's messages) of our iPAD 17.4 on plugging/unplugging our gadgets look "non-logical". It isn't completly wrong but suspicious. E.g. our Swift-module randomly receive/dontreceive relevant events and can't connect communicate driver's instance for newly-attached physical gadgets. We realize, thses it could be our bugs; but we need disambiguation to debug the issues (or at least to be sure that the quirks are like in production system). 2bd) we would prefer debug/develop rather with real "idVendor=number nnn"s in provisioning profile (than with "idVendor=string *"). So we could be sure that quircs "2ba" are like in a production system. Respective question: Which format in on-line application ~1A) shall we use to obtain provisioning profile 1B)

I'm trying to make an asynchronous bulk data read using AsyncIO/CompleteAsyncIO. The problem I'm facing is that the AsyncIO succeeds but CompleteAsyncIO/ReadComplete doesn't get called when the AsyncIO's completion timeout is set to 0. Changing the completion timeout to a non-zero would trigger ReadComplete but I keep getting the (0x2d6) "I/O Timeout" error Any idea what I'm doing wrong? Also, is there any limit for the maximum buffer length the callback can accept? Thanks. struct MyDriver_IVars { OSAction* callbackAction = nullptr; // registered callback action by app IOUSBHostInterface* interface; IOUSBHostPipe* pipe; IOBufferMemoryDescriptor* inDataBuffer; OSAction* ioCompleteCallback = nullptr; // read complete callback action uint32_t MAX_LENGTH = 1024; }; kern_return_t IMPL(MyDriver, Start){ //........... ret = ivars->interface->CopyPipe(endpoint->bEndpointAddress, &ivars->pipe); ret = ivars->interface->CreateIOBuffer(kIOMemoryDirectionInOut, ivars->MAX_LENGTH, &ivars->inDataBuffer); ret = CreateActionReadComplete(ivars->MAX_LENGTH, &ivars->ioCompleteCallback); //........... } kern_return_t MyDriver::ReadData(int nbytes, int timeout) { //........... kern_return_t ret = ivars->pipe->AsyncIO(ivars->inDataBuffer, ivars->MAX_LENGTH, ivars->ioCompleteCallback, 0); //........... } void IMPL(MyDriver, ReadComplete) { Log("ReadComplete() - status - %d; bytes count - %d", status, actualByteCount); //AsyncCompletion(ivars->callbackAction, .................. } virtual void ReadComplete(OSAction* action, IOReturn status, uint32_t actualByteCount, uint64_t completionTimestamp) TYPE(IOUSBHostPipe::CompleteAsyncIO);

Hello, We're developing a framework that needs to talk to a camera on iOS. We've written a Driverkit Extension to enable this but we're having trouble working out how to distribute this to third parties. We have to specify the application's bundle id in the driverkit's bundle ID. But as far as I can tell that means if there are multiple consumers, they each need their own specially built driverkit extension. For MacOS, we can see an entitlement that allow any 'user client' to connect to our driverkit extension. But from what I can tell, that doesn't seem to be the same for iOS. Am I missing something? Or is it expected that we should have to build a new driverkit extension with a different bundle ID for every app that every third party wants to develop? Let me know if I'm missing too much context, thanks in advance!

I've added my Vendor ID to the appropriate entitlement files but my binary fails validation when trying to upload it to the store for distribution. The embeded.mobileprovision file in the generated archive shows an asterisk instead of my approved Vendor ID. How can I make sure the embedded provisioning file has my Vendor ID?

We have developed a library and a DriverKit driver on Mac platform. And we need to disable SIP to install dext and later point of time if we enable SIP then the dext is non functional. So is it mandatory to disable the SIP for whole life time of dext? Also it is not recommended to disable the SIP for a long time, as it may create a security hole. Standard ways are given on Apple support page that how to notarise an application to distribute over the internet. Here one mandatory account is required that is Apple Developer account which is a paid account we believe. Standing at this point can you share the complete steps of software distribution process which will include code signing, notarisation process and stapling.

How can a Dext be activated from C++. Specifically we need to load our Dext from our c++ CoreAudio server plugin. I guess it all boils down to how to call the OSSystemExtensionRequest Swift interface from C++... Thanks for any hints!

My company has been developing a DriverKit Extension for our ThunderBolt attached devices. Our testing has gone well on Intel based machines but it seems to be able to cause kernel panics on my M1/M2 Mac when click "Allow" in Privacy & Security. It always crash immediately. Unfortunately it is " ApplePPMCPMS: Could not register client id 5. Error code 0xe00002bc " and I have no way to debug it. Has anyone deal with something like this? panic(cpu 5 caller 0xfffffe002fd92b7c): "ApplePPM: virtual IOReturn ApplePPMCPMS::callPlatformFunction(const OSSymbol *, bool, void *, void *, void *, void *):2003 " "ApplePPMCPMS: Could not register client id 5. Error code 0xe00002bc\n" @ApplePPMCPMS.cpp:2003 Debugger message: panic Memory ID: 0x6 OS release type: User OS version: 22G90 Kernel version: Darwin Kernel Version 22.6.0: Wed Jul 5 22:22:52 PDT 2023; root:xnu-8796.141.3~6/RELEASE_ARM64_T8103 Fileset Kernelcache UUID: 593DE91B6B9F1B49F8178C99AC56A8C2 Kernel UUID: CE831117-201E-35F6-A293-FCC0F02097A3 Boot session UUID: EB9DE635-C521-4672-9251-955CEC7BC487 iBoot version: iBoot-8422.141.2 secure boot?: YES roots installed: 0 Paniclog version: 14 KernelCache slide: 0x00000000264e4000 KernelCache base: 0xfffffe002d4e8000 Kernel slide: 0x00000000264ec000 Kernel text base: 0xfffffe002d4f0000 Kernel text exec slide: 0x00000000278a4000 Kernel text exec base: 0xfffffe002e8a8000 mach_absolute_time: 0x3b74899144 Epoch Time: sec usec Boot : 0x66176032 0x000c0192 Sleep : 0x00000000 0x00000000 Wake : 0x00000000 0x00000000 Calendar: 0x661789be 0x0006abb4 Zone info: Zone map: 0xfffffe10002b4000 - 0xfffffe30002b4000 . VM : 0xfffffe10002b4000 - 0xfffffe14ccf80000 . RO : 0xfffffe14ccf80000 - 0xfffffe1666918000 . GEN0 : 0xfffffe1666918000 - 0xfffffe1b335e4000 . GEN1 : 0xfffffe1b335e4000 - 0xfffffe20002b0000 . GEN2 : 0xfffffe20002b0000 - 0xfffffe24ccf7c000 . GEN3 : 0xfffffe24ccf7c000 - 0xfffffe2999c48000 . DATA : 0xfffffe2999c48000 - 0xfffffe30002b4000 Metadata: 0xfffffe3efce64000 - 0xfffffe3f04e64000 Bitmaps : 0xfffffe3f04e64000 - 0xfffffe3f06478000 Extra : 0 - 0 CORE 0 recently retired instr at 0xfffffe002ea385fc CORE 1 recently retired instr at 0xfffffe002ea385fc CORE 2 recently retired instr at 0xfffffe002ea385fc CORE 3 recently retired instr at 0xfffffe002ea385fc CORE 4 recently retired instr at 0xfffffe002ea385fc CORE 5 recently retired instr at 0xfffffe002ea36edc CORE 6 recently retired instr at 0xfffffe002ea385fc CORE 7 recently retired instr at 0xfffffe002ea385fc TPIDRx_ELy = {1: 0xfffffe166798e020 0: 0x0000000000000005 0ro: 0x0000000000000000 } CORE 0 PVH locks held: None CORE 1 PVH locks held: None CORE 2 PVH locks held: None CORE 3 PVH locks held: None CORE 4 PVH locks held: None CORE 5 PVH locks held: None CORE 6 PVH locks held: None CORE 7 PVH locks held: None CORE 0: PC=0xfffffe002e919618, LR=0xfffffe002e90f630, FP=0xfffffe5d6457bc00 CORE 1: PC=0xfffffe002e936000, LR=0xfffffe002e936000, FP=0xfffffe5d6429bef0 CORE 2: PC=0xfffffe002eaacaa8, LR=0xfffffe002eaacae8, FP=0xfffffe5d63fe3690 CORE 3: PC=0xfffffe002e936000, LR=0xfffffe002e936000, FP=0xfffffe5d64693ef0 CORE 4: PC=0xfffffe002e92fbac, LR=0xfffffe002e914b70, FP=0xfffffe5d65befc60 CORE 5 is the one that panicked. Check the full backtrace for details. CORE 6: PC=0x0000000199b5b5b4, LR=0x000000018c06db24, FP=0x000000016f324ff0 CORE 7: PC=0xfffffe002ef4937c, LR=0xfffffe002ef492f0, FP=0xfffffe5d657e7de0 Compressor Info: 0% of compressed pages limit (OK) and 0% of segments limit (OK) with 0 swapfiles and OK swap space Panicked task 0xfffffe24cd09a738: 0 pages, 970 threads: pid 0: kernel_task Panicked thread: 0xfffffe166798e020, backtrace: 0xfffffe5d643735d0, tid: 62085 lr: 0xfffffe002e8fe5fc fp: 0xfffffe5d64373650 lr: 0xfffffe002ea3e6e4 fp: 0xfffffe5d64373670 lr: 0xfffffe002ea2fe4c fp: 0xfffffe5d643736e0 lr: 0xfffffe002ea2e518 fp: 0xfffffe5d643737a0 lr: 0xfffffe002e8af7f8 fp: 0xfffffe5d643737b0 lr: 0xfffffe002e8fdee4 fp: 0xfffffe5d64373b60 lr: 0xfffffe002f07a548 fp: 0xfffffe5d64373b80 lr: 0xfffffe002fd92b7c fp: 0xfffffe5d64373d30 lr: 0xfffffe002f13c88c fp: 0xfffffe5d64373d80 lr: 0xfffffe002ef44b08 fp: 0xfffffe5d64373de0 lr: 0xfffffe002ef4c3ac fp: 0xfffffe5d64373e50 lr: 0xfffffe002ef51cc8 fp: 0xfffffe5d64373f20 lr: 0xfffffe002e8b8e98 fp: 0x0000000000000000 Kernel Extensions in backtrace: com.apple.AGXG13G(227.7.14)[9A593B36-8560-3700-B806-A6531D4F72EC]@0xfffffe002f0be6a0->0xfffffe002f15dbbf dependency: com.apple.driver.AppleARMPlatform(1.0.2)[5478478E-CF49-3A40-9437-4298C08DC081]@0xfffffe002f2123d0->0xfffffe002f263173 dependency: com.apple.driver.AppleMobileFileIntegrity(1.0.5)[28D5832D-79F4-3C81-AA70-0775A365BA35]@0xfffffe002fca3580->0xfffffe002fccf587 dependency: com.apple.driver.RTBuddy(1.0.0)[8695C672-1FB4-3954-A525-C10AE1CE4E57]@0xfffffe0031348720->0xfffffe003138444b dependency: com.apple.iokit.CoreAnalyticsFamily(1)[38EC9902-05F4-3412-8CB3-1B5001455BCA]@0xfffffe00303385f0->0xfffffe0030340407 dependency: com.apple.iokit.IOGPUFamily(65.60.1)[683A153B-7683-363B-B6E8-6DC60D57D55F]@0xfffffe0030a85180->0xfffffe0030abab17 dependency: com.apple.iokit.IOReportFamily(47)[FE904E47-8D35-3152-8035-2BFA7B69A77E]@0xfffffe0030d44820->0xfffffe0030d478bf dependency: com.apple.iokit.IOSurface(336.60.1)[64104E9B-CF29-3BAC-ABF7-134DCEE9A195]@0xfffffe0030e15d20->0xfffffe0030e450e3 dependency: com.apple.kec.Libm(1)[BA66FD46-3E12-378D-A1A3-67C765DB2A21]@0xfffffe00313313c0->0xfffffe0031334e4b com.apple.driver.ApplePassthroughPPM(3.0)[495FD94A-224A-3C8B-B377-925FF62F0257]@0xfffffe002fd7ac40->0xfffffe002fdbb7c3 dependency: com.apple.driver.AppleARMPlatform(1.0.2)[5478478E-CF49-3A40-9437-4298C08DC081]@0xfffffe002f2123d0->0xfffffe002f263173 dependency: com.apple.driver.ApplePMGR(1)[8202FFB5-EBDB-333D-9001-9A2582407585]@0xfffffe002fd26380->0xfffffe002fd6c30f dependency: com.apple.iokit.IOReportFamily(47)[FE904E47-8D35-3152-8035-2BFA7B69A77E]@0xfffffe0030d44820->0xfffffe0030d478bf dependency: com.apple.kec.Libm(1)[BA66FD46-3E12-378D-A1A3-67C765DB2A21]@0xfffffe00313313c0->0xfffffe0031334e4b last started kext at 254801217669: com.apple.filesystems.exfat 1.4 (addr 0xfffffe002de1c690, size 6208) last stopped kext at 252590757699: com.apple.filesystems.exfat 1.4 (addr 0xfffffe002de1c690, size 6208)

In the process of accessing DEXT by applications, for the sake of simplicity in configuration, I used com.apple.developer.driverkit.allow-any-userclient-access in DEXT. However, for the sake of security in DEXT, I want to identify applications within DEXT and restrict access only to applications developed by my own team. How can this be implemented? Are there any APIs in DEXT that can be used to obtain information about applications for identification purposes? Thanks!

I have a macOS app which contains a dext. I'd like to distribute it to external testers using TestFlight, so it has to pass Mac App Store review. It failed, because the App Sandbox entitlement was missing. I checked the app, it has the entitlement, but the dext does not. However, the .entitlements file used by the dext does contain App Sandbox set to true. I tried adding a "fake-entitlement" value to the .entitlements file, and that made it into the dext's code signature, but the App Sandbox entitlement appears to be stripped out by the build process? For a dext target, it isn't possible to add the App Sandbox capability in Xcode's Signing and Capability section. I have to add the entitlement manually in the .entitlement file (or it was put there by the Xcode driver template, I don't remember). I've tried clean building several times, I've tried Xcode 15.0.1, 15.2 and 15.3, but the result is always the same. I'm inspecting the entitlements using codesign -dvvv --entitlements - Does anyone know what I can do to put the App Sandbox entitlement into my dext's signature? Is this happening to anyone else?

I have an app that loads a DEXT (driver). This app includes a settings bundle that allows me to activate/deactivate the driver. When I issue the API call to activate the driver, iOS switches to the Settings app and displays the page for my DEXT loading application but the switch to enable the driver, which is part of my settings bundle, does not appear. I'm using this API call: OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: "driver-id", queue: .main) Here are the contents of my settings bundle Root.plist: ` Here are the contents of my Root.strings file: "Group" = "Group"; "Name" = "Name"; "none given" = "none given"; "Enabled" = "Enabled";

Hardware and software configuration MacBook Air M2 2022 16GB, MacOS Ventura 13.2.1 Full description This is a DriverKit that controls PCIE FPGA devices for low-latency data exchange. This driver has been implemented on Iokit, and now it needs to be launched on Driverkit to adapt to newer Macs. Driverkit lacks the IOMemoryDescriptor::withAddressRange(Iokit) function to convert the app's memory of any size to a Descriptor. Currently, we use args->structureOutputDescriptor->CreateMapping to map the Descriptor passed by the application to the kernel layer. // App size_t ***::xxRead(long long addr, size_t size, void * buff){ std::lock_guard<std::mutex> guard(usrLock); kern_return_t kr; uint64_t info[2] = {(uint64_t)addr, (uint64_t)size}; kr = IOConnectCallMethod( connect, kUserReadIO, info, 2, NULL, NULL, NULL, NULL, buff, &size); return size; } // Driverkit const IOUserClientMethodDispatch sMethods[kNumMethods] = { [kUserReadIO] = { (IOUserClientMethodFunction) &SmiPcieUc::sUserReadIo, .checkCompletionExists = false, .checkScalarInputCount = 2, // Read Addr, size .checkStructureInputSize = 0, .checkScalarOutputCount = 0, .checkStructureOutputSize = kIOUserClientVariableStructureSize} // Read Data }; kern_return_t SmiPcieUc::sUserReadIo (OSObject * target, void* reference, IOUserClientMethodArguments* args){ IOMemoryMap * memMap = nullptr; uint32_t * buffKptr = nullptr; kern_return_t rt = 0; if(target == nullptr){ Log("***Err***: sUserReadIo Target is Null!"); return kIOReturnError; } if(args->structureOutputDescriptor){ rt = args->structureOutputDescriptor->CreateMapping(0,0,0,0,0, &memMap); if(rt == kIOReturnSuccess){ buffKptr = reinterpret_cast<uint32_t *>(memMap->GetAddress()); } else { Log("***Err***: sUserReadIo Mapping Failed!"); return kIOReturnNoMemory; } } else { buffKptr = (uint32_t *) args->structureOutput; } rt = ((SmiPcieUc *)target)->UserReadIo((uint64_t *)&args->scalarInput[0], (size_t *)&args->scalarInput[1], buffKptr); OSSafeReleaseNULL(memMap); return rt; } phenomenon When StructureOutputSize is greater than 4096, args>structureOutputDescriptor exists, and when it is less than or equal to 4096, args->structureOutputDescriptor and args->structureOutput are both equal to nullptr, (in IOkit, args->structureOutput is not empty)。 How to properly convert any size of application memory into the kernel space of Driverkit？