Override one more NSS method _wlc_ratespec_nss (in debug only)

acidanthera · Mar 12, 2023 · 7f1762f · 7f1762f
1 parent 5646ec3
commit 7f1762f
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 6 deletions.
diff --git a/AirportBrcmFixup/kern_brcmfx.cpp b/AirportBrcmFixup/kern_brcmfx.cpp
@@ -159,6 +159,8 @@ int64_t BRCMFX::siPmuFvcoPllreg(uint32_t *a1, int64_t a2, int64_t a3)
 	return ret;
 }
 
+
+#ifdef DEBUG
 //==============================================================================
 
 template <size_t index>
@@ -176,6 +178,12 @@ IOReturn BRCMFX::AirPort_BrcmNIC_getTX_NSS(void *that, OSObject *obj, apple80211
 {
 	auto result = FunctionCast(AirPort_BrcmNIC_getTX_NSS<index>, callbackBRCMFX->orgAirPort_BrcmNIC_getTX_NSS[index])(that, obj, data);
 	DBGLOG("BRCMFX", "AirPort_BrcmNIC::getTX_NSS: result = 0x%x, version = %d, ess = %d", result, data->version, data->nss);
+//	if ((result == KERN_SUCCESS || result == KERN_RESOURCE_SHORTAGE) && data->nss == 1)
+//	{
+//		data->nss = 2;
+//		DBGLOG("BRCMFX", "AirPort_BrcmNIC::getTX_NSS: version = %d, overrided nss = %d", data->version, data->nss);
+//		result = KERN_SUCCESS;
+//	}
 	return result;
 }
 
@@ -186,8 +194,25 @@ IOReturn BRCMFX::AirPort_BrcmNIC_getNSS(void *that, OSObject *obj, apple80211_ns
 {
 	auto result = FunctionCast(AirPort_BrcmNIC_getNSS<index>, callbackBRCMFX->orgAirPort_BrcmNIC_getNSS[index])(that, obj, data);
 	DBGLOG("BRCMFX", "AirPort_BrcmNIC::getNSS: result = 0x%x, version = %d, nss = %d", result, data->version, data->nss);
+//	if ((result == KERN_SUCCESS || result == KERN_RESOURCE_SHORTAGE) && data->nss == 1)
+//	{
+//		data->nss = 2;
+//		DBGLOG("BRCMFX", "AirPort_BrcmNIC::getNSS: version = %d, overrided nss = %d", data->version, data->nss);
+//		result = KERN_SUCCESS;
+//	}
+	return result;
+}
+
+//==============================================================================
+
+template <size_t index>
+int64_t BRCMFX::wlc_ratespec_nss(int a1)
+{
+	auto result = FunctionCast(wlc_ratespec_nss<index>, callbackBRCMFX->orgWlcRatespecNss[index])(a1);
+	DBGLOG("BRCMFX", "wlc_ratespec_nss: result = 0x%x, a1 = 0x%x", result, a1);
 	return result;
 }
+#endif
 
 //==============================================================================
 
@@ -365,7 +390,8 @@ void BRCMFX::processKext(KernelPatcher &patcher, size_t index, mach_vm_address_t
 		reinterpret_cast<mach_vm_address_t>(BRCMFX::checkBoardId<2>),
 		reinterpret_cast<mach_vm_address_t>(BRCMFX::checkBoardId<3>)
 	};
-
+
+#ifdef DEBUG
 	static const mach_vm_address_t AirPort_BrcmNIC_setTX_NSS[MaxServices] {
 		reinterpret_cast<mach_vm_address_t>(BRCMFX::AirPort_BrcmNIC_setTX_NSS<0>),
 		reinterpret_cast<mach_vm_address_t>(BRCMFX::AirPort_BrcmNIC_setTX_NSS<1>),
@@ -387,6 +413,14 @@ void BRCMFX::processKext(KernelPatcher &patcher, size_t index, mach_vm_address_t
 		reinterpret_cast<mach_vm_address_t>(BRCMFX::AirPort_BrcmNIC_getNSS<3>)
 	};
 
+	static const mach_vm_address_t wlc_ratespec_nss[MaxServices] {
+		reinterpret_cast<mach_vm_address_t>(BRCMFX::wlc_ratespec_nss<0>),
+		reinterpret_cast<mach_vm_address_t>(BRCMFX::wlc_ratespec_nss<1>),
+		reinterpret_cast<mach_vm_address_t>(BRCMFX::wlc_ratespec_nss<2>),
+		reinterpret_cast<mach_vm_address_t>(BRCMFX::wlc_ratespec_nss<3>)
+	};
+#endif
+
 	for (size_t i = 0; i < kextListSize; i++)
 	{
 		if (kextList[i].loadIndex == index && !kext_handled[i])
@@ -429,10 +463,13 @@ void BRCMFX::processKext(KernelPatcher &patcher, size_t index, mach_vm_address_t
 					{symbolList[i][5], checkBoardId[i]},
 					// Disable "32KHz LPO Clock not running" panic in AirPort_BrcmXXX
 					{symbolList[i][6], osl_panic},
+#ifdef DEBUG
 					// Investigate issues with NSS
 					{symbolList[i][9],  AirPort_BrcmNIC_setTX_NSS[i], orgAirPort_BrcmNIC_setTX_NSS[i]},
 					{symbolList[i][10], AirPort_BrcmNIC_getTX_NSS[i], orgAirPort_BrcmNIC_getTX_NSS[i]},
 					{symbolList[i][11], AirPort_BrcmNIC_getNSS[i],    orgAirPort_BrcmNIC_getNSS[i]},
+					{symbolList[i][12], wlc_ratespec_nss[i],          orgWlcRatespecNss[i]}
+#endif
 				};
 
 				if (!patcher.routeMultiple(index, requests, address, size))

diff --git a/AirportBrcmFixup/kern_brcmfx.hpp b/AirportBrcmFixup/kern_brcmfx.hpp
@@ -74,12 +74,16 @@ class BRCMFX {
 	template <size_t index>
 	static int64_t          siPmuFvcoPllreg(uint32_t *a1, int64_t a2, int64_t a3);
 
+#ifdef DEBUG
 	template <size_t index>
 	static IOReturn         AirPort_BrcmNIC_setTX_NSS(void *that, OSObject*, apple80211_tx_nss_data*);
 	template <size_t index>
 	static IOReturn         AirPort_BrcmNIC_getTX_NSS(void *that, OSObject*, apple80211_tx_nss_data*);
 	template <size_t index>
 	static IOReturn         AirPort_BrcmNIC_getNSS(void *that, OSObject*, apple80211_nss_data*);
+	template <size_t index>
+	static int64_t          wlc_ratespec_nss(int a1);
+#endif
 
 	/**
 	 *  Trampolines for original method invocations
@@ -88,9 +92,13 @@ class BRCMFX {
 	mach_vm_address_t orgProbe[MaxServices] {};
 	mach_vm_address_t orgWlcSetCountryCodeRev[MaxServices] {};
 	mach_vm_address_t orgSiPmuFvcoPllreg[MaxServices] {};
+
+#ifdef DEBUG
 	mach_vm_address_t orgAirPort_BrcmNIC_setTX_NSS[MaxServices] {};
 	mach_vm_address_t orgAirPort_BrcmNIC_getTX_NSS[MaxServices] {};
 	mach_vm_address_t orgAirPort_BrcmNIC_getNSS[MaxServices] {};
+	mach_vm_address_t orgWlcRatespecNss[MaxServices] {};
+#endif
 
 	// access to IOCatalogue methods
 	IOCatalogue_startMatching_symbol startMatching_symbol {};

diff --git a/AirportBrcmFixup/kern_misc.hpp b/AirportBrcmFixup/kern_misc.hpp
@@ -45,22 +45,23 @@ static const char *binList[MaxServices][2] {
 	{"/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4331.kext/Contents/MacOS/AirPortBrcm4331", ""}
 };
 
-static const char *symbolList[MaxServices][12] {
+static const char *symbolList[MaxServices][13] {
 	{"__ZN19AirPort_BrcmNIC_MFG5startEP9IOService",     "__ZN19AirPort_BrcmNIC_MFG5probeEP9IOServicePi", "_si_pmu_fvco_pllreg",  "_wlc_set_countrycode_rev",
 	 "__ZNK19AirPort_BrcmNIC_MFG15newVendorStringEv",   "__ZN19AirPort_BrcmNIC_MFG12checkBoardIdEPKc",   nullptr,
-	 "__ZN19AirPort_BrcmNIC_MFG18wowCapablePlatformEv", "_wlc_wowl_enable", nullptr, nullptr, nullptr },
+	 "__ZN19AirPort_BrcmNIC_MFG18wowCapablePlatformEv", "_wlc_wowl_enable", nullptr, nullptr, nullptr, nullptr },
 
 	{"__ZN16AirPort_Brcm43605startEP9IOService",        "__ZN16AirPort_Brcm43605probeEP9IOServicePi" ,   "_si_pmu_fvco_pllreg",  "_wlc_set_countrycode_rev",
 	 "__ZNK16AirPort_Brcm436015newVendorStringEv",      "__ZN16AirPort_Brcm436012checkBoardIdEPKc",      nullptr,
-	 "__ZN16AirPort_Brcm436018wowCapablePlatformEv",    "_wlc_wowl_enable", nullptr, nullptr, nullptr },
+	 "__ZN16AirPort_Brcm436018wowCapablePlatformEv",    "_wlc_wowl_enable", nullptr, nullptr, nullptr, nullptr },
 
 	{"__ZN15AirPort_BrcmNIC5startEP9IOService",         "__ZN15AirPort_BrcmNIC5probeEP9IOServicePi",     "_si_pmu_fvco_pllreg",  "_wlc_set_countrycode_rev",
 	 "__ZNK15AirPort_BrcmNIC15newVendorStringEv",       "__ZN15AirPort_BrcmNIC12checkBoardIdEPKc",       "_osl_panic",
-	 "__ZN15AirPort_BrcmNIC18wowCapablePlatformEv",     "_wlc_wowl_enable" , "__ZN15AirPort_BrcmNIC9setTX_NSSEP8OSObjectP22apple80211_tx_nss_data", "__ZN15AirPort_BrcmNIC9getTX_NSSEP8OSObjectP22apple80211_tx_nss_data", "__ZN15AirPort_BrcmNIC6getNSSEP8OSObjectP19apple80211_nss_data" },
+	 "__ZN15AirPort_BrcmNIC18wowCapablePlatformEv",     "_wlc_wowl_enable" , "__ZN15AirPort_BrcmNIC9setTX_NSSEP8OSObjectP22apple80211_tx_nss_data",
+	 "__ZN15AirPort_BrcmNIC9getTX_NSSEP8OSObjectP22apple80211_tx_nss_data",  "__ZN15AirPort_BrcmNIC6getNSSEP8OSObjectP19apple80211_nss_data", "_wlc_ratespec_nss" },
 
 	{"__ZN16AirPort_Brcm43315startEP9IOService",        "__ZN16AirPort_Brcm43315probeEP9IOServicePi",    nullptr,                "_wlc_set_countrycode_rev",
 	 "__ZNK16AirPort_Brcm433115newVendorStringEv",       nullptr,                                        nullptr,
-	 "__ZN16AirPort_Brcm433118wowCapablePlatformEv",    "_wlc_wowl_enable", nullptr, nullptr, nullptr  }
+	 "__ZN16AirPort_Brcm433118wowCapablePlatformEv",    "_wlc_wowl_enable", nullptr, nullptr, nullptr, nullptr  }
 };
 
 /**