I found out that this code fails on Sonoma on apple silicon: #include <sys/mman.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <unistd.h> #include <cassert> #include <iostream> int main() { const char* filename = "data_file"; int dataSize = 1024; // 1 kilobyte int fd; // Create or overwrite the file fd = open(filename, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IXUSR ); if (fd == -1) { perror("Error creating file"); return 1; } // Make the file 1 KB in size if (ftruncate(fd, dataSize) == -1) { perror("Error setting file size"); close(fd); return 1; } // Map the file into memory for writing int* writeData = (int*)mmap(NULL, dataSize, PROT_WRITE, MAP_SHARED, fd, 0); if (writeData == MAP_FAILED) { perror("Error mmaping for write"); close(fd); return 1; } // Write some integer data for (int i = 0; i < dataSize/sizeof(int); ++i) { writeData[i] = i; } // Close the file and unmap memory if (munmap(writeData, dataSize) == -1) { perror("Error unmapping writeData"); } close(fd); // Reopen the file for reading and executing fd = open(filename, O_RDONLY); if (fd == -1) { perror("Error opening file for read|exec"); return 1; } int* readData = (int*)mmap(NULL, dataSize, PROT_READ | PROT_EXEC, MAP_SHARED, fd, 0); if (readData == MAP_FAILED) { perror("Error mmaping for read|exec"); close(fd); return 1; } // Assert the integer data is the same for (int i = 0; i < dataSize/sizeof(int); ++i) { assert(readData[i] == i); } std::cout << "Data verification succeeded!\n"; // Clean up if (munmap(readData, dataSize) == -1) { perror("Error unmapping readData"); } close(fd); unlink(filename); // Delete the file return 0; } mmap with PROT_READ | PROT_EXEC fails with EACCESS. and digging around the internet had led me to this commit: https://github.com/python/cpython/pull/109929/files what was the reasoning behind this change in the API, and where is it documented? it's quite unpleasant to find changes like that in a crucial low-level calls.

So upstream went and added a mutex_enter_interruptible() which Linux calls mutex_lock_interruptible() and FreeBSD sx_xlock_sig(lock). I was simply going to point it to lck_mtx_lock() and call it a day and ignoring the interruptible bit, but I am curious if there is a way to achieve something similar on XNU. In this case, to be able to hit ^C in userland, get a signal, and have lck_mtx_lock() or variant, giveup and return error.

My app uses a lot of memory, so I often get "memory limit" crashes. In Cerf & ID & Profiles i enabled increase Memory Limit Capability, in my myAppName.entitlements But result of print(os_proc_available_memory()) the same. Where my mistake? Thank you iPhone 8, iOS 15.2

Simple question, I want to determine the number of performance cores in an Python script (better a Python app frozen with PyInstaller, which could make a difference). there are some ways to get the number of CPUs/cores like os.cpu_count(), multiprocessing.cpu_count() or psutil.cpu_count() (the later allowing discrimination between physical and virtual cores). However, Apple Silicon CPUs are separated into performance and efficiency cores, which you can get with (e.g.) sysctl hw.perflevel0.logicalcpu_max for performance and sysctl hw.perflevel1.logicalcpu_max for efficiency cores. Is there any way to get this in Python besides running sysctl and get the shell output? Maybe using the pyobjc package?

Hello, My purpose is to understand how macOS works. Here is what i've done: I have wrote a c program on a M1 CPU with this lines: printf("Before breakpoint\n"); asm volatile("brk #0"); printf("After breakpoint\n"); When i run this program with lldb, a breakpoint is hit on the second line. So i suppose lldb is writing a "brk #0" instruction when we put a breakpoint manually. I can't continue to next line with lldb "c" command. PC stays on the brk instruction. I need to manually set PC to next instruction in lldb. Now, what i want to do is to create my own debugger. (I want to understand how lldb works). I have managed to ptrace the target program and i was able to catch an event with waitpid when "brk #0" is hit. But i don't know how i can increase PC value and continue execution because i can't do this on Silicon CPU: ptrace(PTRACE_GETREGS, child_pid, NULL, &regs); ptrace(PTRACE_SETREGS, child_pid, NULL, &regs); kill(child_pid, SIGCONT); So my question is: How does lldb managed to change ARM64 registers of a remote process ? Thanks

Hello, I have tried to create a thread with thread_create_running API. It works but i would like to suspend this thread. I can call thread_suspend, but my thread has already been start before i call this API. Is there a way to create a thread without running it automaticaly. Thanks

hi, I am using the openpty function in my code to run an interactive command, for example, "hdiutil convert -format UDRO /tmp/myFileName.sparsebundle -o ./test". The file myFileName.sparsebundle is an encrypted disk with a password. When running this command, it triggers the security server and a password input dialog box pops up. I don't want this dialog box to appear, and I want to provide the password through the fd_master returned by openpty. How can I achieve this?

I am using Xcode 15.2 Beta on macOS Sonoma 14.3 Beta with the macOS Sonoma 14.2 SDK. Similarly to post 702244, I am trying to build the same exact repository, partially for my own education. The issue I am running into is that one of the files references IOKit/hid/IOHIDDevice.h, which, in turn, references IOKit/IOReporter.h. Since both of these are searched for, with #include <…>, in a base path of Kernel.framework/Versions/A/Headers, it follows that there should at least be a file somewhere in that folder called IOReporter.h, but there is not. There isn't even a copy in IOKit.framework/Versions/A/Headers, although that folder has another version of hid/IOHIDDevice.h entirely, which does not reference a IOReporter.h file. Is the lack of an IOReporter.h file deliberate, accidental, or is the mere continued existence of a kernel-space IOKit IOHIDDevice.h, containing a deprecated kernel-space IOHIDDevice symbol, an accident; possibly a simple hold-over from a previous version? Is there a way to make this compile? Am I missing anything? Should it be assumed that deprecated kernel-mode APIs will simply not compile?

I am trying to debug a kernel panic in our kext. I can attach to the target Mac over ethernet if I: cause an NMI using add an IOPanic call to my kext and cause it to be executed use Dtrace to invoke a panic However if I reproduce the kernel panic which I am investigating, the Mac just restarts. How can I make the Mac wait for me to attach with lldb rather than restarting? My target configuration is: Mac is 2021 M1 Pro 14" MacBook Pro macOS 14.2 (23C64) Network: Apple Thunderbolt 3 <-> Thunderbolt 3 adapter + Apple Thunderbolt 2 to ethernet adapters Boot-args = "debug=0x44 wdt=-1 kdp_match_name=en8" (I have also tried debug=0x104C0C)

Hello, I'm trying to build XNU with KASAN support. However I get error: clang: error: unsupported option '-fsanitize=kernel-hwaddress' for target 'arm64e-apple-darwin23.2.0' If I try to compile a non-kernel C code with -fsanitize=hwaddress, I get the same target error. But Apple ships HWASan kernels with KDK, which shows there is a clang which is capable of compiling hwasan code for arm64e. How can we compile hwasan sanitized code ourselves? Is it a private toolchain or released somewhere?

I have a virtual device, which is redirected to Mac from Windows OS. However, In MacOS, it does not recognized as a HID device even it has only one HID interface. The device name is Virtual Fido, it more likes to be identified as an audio device. Could any one help check? Thanks. 2024-01-31 16:37:03.102014+0800 0x1df Error 0x0 0 0 kernel: (IOUSBFamily) AppleUSBLegacyRoot@(null): AppleUSBLegacyRoot::usbServiceCallback: controller <private> (S1F0) usbServiceArray <private>(count 1) options 0x00000000 2024-01-31 16:37:03.102020+0800 0x1df Error 0x0 0 0 kernel: (IOUSBFamily) AppleUSBLegacyRoot@(null): AppleUSBLegacyRoot::usbServiceCallback: [0] <private> 2024-01-31 16:37:03.102023+0800 0x1df Error 0x0 0 0 kernel: (IOUSBFamily) AppleUSBLegacyRoot@(null): AppleUSBLegacyRoot::usbServiceCall: controller <private> (S1F0) usbService <private> (Virtual FIDO) options 0x00000000 2024-01-31 16:37:03.102035+0800 0x1df Error 0x0 0 0 kernel: (IOUSBFamily) AppleUSBLegacyRoot@(null): AppleUSBLegacyRoot::getOrCreateLegacyControllerGated: located existing AppleUSBController@00000000 2024-01-31 16:37:03.102037+0800 0x1df Error 0x0 0 0 kernel: (IOUSBFamily) AppleUSBLegacyRoot@(null): AppleUSBLegacyRoot::usbServiceCallGated: IOUSBHostDevice <private> (Virtual FIDO) 2024-01-31 16:37:03.102046+0800 0x1df Error 0x0 0 0 kernel: (IOUSBFamily) AppleUSBLegacyRoot@(null): AppleUSBLegacyRoot::addDeviceToUsbPlane: 2024-01-31 16:37:03.102288+0800 0x1df Error 0x0 0 0 kernel: (IOUSBFamily) AppleUSBLegacyRoot@(null): AppleUSBLegacyRoot::usbServiceCall: usbServiceCallbackGated completed with 0x00000000 and service <private> 2024-01-31 16:37:03.102302+0800 0x1df Error 0x0 0 0 kernel: (IOUSBFamily) AppleUSBLegacyRoot@(null): AppleUSBLegacyRoot::usbServiceCall: registering Virtual FIDO@00810000 (<private>) for matching 2024-01-31 16:37:03.104499+0800 0x247c Info 0x0 120 0 kernelmanagerd: Received MIG message 2024-01-31 16:37:03.105412+0800 0x247c Info 0x0 120 0 kernelmanagerd: Received MIG message 2024-01-31 16:37:03.105453+0800 0x284b Default 0x0 120 0 kernelmanagerd: Received kext load notification: com.apple.iokit.IOAudioFamily 2024-01-31 16:37:03.105460+0800 0x284b Default 0x0 120 0 kernelmanagerd: Received kext load notification: com.apple.driver.AppleUSBAudio 2024-01-31 16:37:03.106066+0800 0x11d6 Default 0x0 643 0 icdd: [com.apple.imagecapture:icdd] Device DB | Creating local devices 2024-01-31 16:37:03.106170+0800 0x512 Info 0x0 244 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] new device skipped: 0x0e0f/0x0123 810000 (entryId=4294969016) 2024-01-31 16:37:03.106551+0800 0x11d6 Default 0x0 0 0 kernel: (Sandbox) Sandbox: icdd(643) allow file-read-data /Library/Image Capture/Devices 2024-01-31 16:37:03.106602+0800 0x11d6 Default 0x0 643 0 icdd: [com.apple.imagecapture:icdd] Device DB | Creating bonjour devices 2024-01-31 16:37:03.106968+0800 0x11d6 Default 0x0 643 0 icdd: [com.apple.imagecapture:icdd] => [Matching] | [ 0x00,0x00,0x00 ] 2024-01-31 16:37:03.106989+0800 0x11d6 Default 0x0 643 0 icdd: [com.apple.imagecapture:icdd] Added | 0x10000011 - [USB][ Virtual FIDO ] ( 0, 0, 0) @ 0x810000 | 2024-01-31 16:37:03.107041+0800 0x11d6 Default 0x0 643 0 icdd: [com.apple.imagecapture:icdd] Autolaunch | 00000000-0000-0000-0031-323334353637 => (null) 2024-01-31 16:37:03.335288+0800 0x276f Default 0x0 424 0 trustd: [com.apple.securityd:pinningQA] could not enable test hierarchy: no UAT pinning preferences set | | | +-o VMware Virtual USB Hub@00800000 <class IOUSBHostDevice, id 0x1000003de, registered, matched, active, busy 0 (35 ms), retain 38> | | | +-o AppleUSBHostLegacyClient <class AppleUSBHostLegacyClient, id 0x1000003e1, !registered, !matched, active, busy 0, retain 8> | | | +-o AppleUSB20Hub@00800000 <class AppleUSB20Hub, id 0x1000003e4, registered, matched, active, busy 0 (33 ms), retain 35> | | | | +-o AppleUSB20HubPort@00810000 <class AppleUSB20HubPort, id 0x1000003e7, registered, matched, active, busy 0 (33 ms), retain 16> | | | | | +-o Virtual FIDO@00810000 <class IOUSBHostDevice, id 0x1000006b8, registered, matched, active, busy 0 (3 ms), retain 20> | | | | | +-o AppleUSBHostLegacyClient <class AppleUSBHostLegacyClient, id 0x1000006bb, !registered, !matched, active, busy 0, retain 8> | | | | | +-o AppleUSBHostCompositeDevice <class AppleUSBHostCompositeDevice, id 0x1000006bf, !registered, !matched, active, busy 0, retain 4> | | | | +-o AppleUSB20HubPort@00820000 <class AppleUSB20HubPort, id 0x1000003e8, registered, matched, active, busy 0 (0 ms), retain 12> | | | | +-o AppleUSB20HubPort@00830000 <class AppleUSB20HubPort, id 0x1000003e9, registered, matched, active, busy 0 (0 ms), retain 12>

I have a 14 inch 2021 macbook pro, 32gb, running Sonoma 14.2.1. After 20-30 days of uptime, kernel_task starts to use about 100-250% cpu. On my last reboot, kernel_task had used 100 hours of cpu time with less than 30 days of uptime, suggesting an average usage of 13.9% cpu average for the entire 30 day period. Looking on the forums, I see others complaining about high kernel_task cpu usage related to thermals or external monitor usage. I do use an external monitor, however in my case I see no correlation between either temperature or monitor usage and the kernel_task cpu spike. Running the fan in full blast with Mac Fan Control does nothing, and neither does unplugging the external monitor. I also tried switching the usb-c cable to the right side as has been suggested, no success. I've also seen many threads where apple simply responds to reboot and see if the problem persists. For me a reboot "fixes" the problem, but it always comes back 20-30 days later, so this is not a fix. I'm fairly certain this is a kernel bug that apple needs to fix instead of just telling people to reboot more often...

I have some c code that returns memory usage of a current task on my machine and recently redacted it to use the proc_getallinfio struct so I can instead retrieve systemwide memory usage. im calling that code in swift however im getting the error "Initializer 'init(_:)' requires that 'proc_taskallinfo' conform to 'BinaryInteger'" and im not sure what the appropriate field is to pass that works with proc_getallinfo struct. resident_size does not work in this context. import IOKit import Foundation @_silgen_name("kernMem") func kernMem(storeMemData: UnsafeMutablePointer &lt;proc_taskallinfo&gt;) -&gt; kern_return_t @main struct MacStatAppApp: App { @State public var printMemory: String = "" //dynamic state object to store data that will be passed to swiftUI var body: some Scene { WindowGroup { ContentView(printMemory: $printMemory) //binding for printMemory to pass data to contentview .onAppear { var storeMemData = proc_taskallinfo() //define pointer let result = kernMem(storeMemData: &amp;storeMemData) if result == KERN_SUCCESS { let memoryUsage = Double(storeMemData) / (1024.0 * 1024.0 * 1024.0) //conversion for GB, 1024 to the power of 3 print(String(format: "memory usage: %.2f GB", memoryUsage)) } else { print("failed to obtain memory usage data:\(result)") } } } } }

Am I calling this right? host_priv_t hostPriv = 0; int err = host_get_host_priv_port(mach_host_self(), &amp;hostPriv); err = host_processors(hostPriv, &amp;processorList, &amp;processorCount); host_get_host_priv_port above returns 4 "(os/kern) invalid argument". Tried with App Sandbox enabled and disabled.

Hello, How can I get the boot args in C++ or Objective-C on macOS without launching the nvram command tool? Take -arm64e_preview_abi for example. How can I check if it exists and if it's effective now or a reboot is needed for it to take effect. Thanks!

Hey everyone, I'm currently working on developing a kernel extension (kext) for the custom file system on macOS. I opted for a kernel extension due to its potential for higher performance compared to using FileProvider. However, during development, I've noticed a significant performance bottleneck related to synchronous I/O operations within the VFS subsystem. It appears that all I/O operations in the macOS kernel, such as vnop_read/vnop_write (sock_receive/sock_send), are executed synchronously. (https://forums.swift.org/t/task-safe-way-to-write-a-file-asynchronously/54639/7) For example, the Linux kernel supports asynchronous I/O operations, which utilize struct file_operations.read_iter/write_iter. This discrepancy in implementation leads to a considerable performance gap, with macOS performing approximately 8-15 times slower than Linux implementation. Given this performance difference, I'm reaching out to seek advice and insights from the community. Are there any known strategies or best practices for improving the performance of kernel extensions related to file systems on macOS? Any guidance or suggestions on how to optimize the performance of file system operations on macOS kext would be greatly appreciated. Thank you in advance for your assistance!

I'm currently trying to develop a transparent data encryption(TDE) system on MacOS 12.6.8. Our company has its own file encryption format. In order to facilitate safe and convenient file transfer between Windows and Mac platforms, we need to develop a TDE system on the Mac platform (on the Windows platform, we have developed such a system based on the Minifilter framework). I tried to implement this system using a MacFuse based file system and the Endpoint Security system extension, but found that this did not allow complete control of files on the Mac system. For example, when you use Finder to copy an encrypted file, the decrypted data will be copied out. I'm guessing this might be due to Finder or some other system process cache. By referring to the current product introductions of other companies, I learned that the current TDE systems on Mac systems are all based on kernel extension. But I noticed that Apple no longer encourages kernel extension development, and the Mac kernel has fewer and fewer APIs open to development. So I would like to ask is it still feasible to develop a TDE system based on the kernel extension?