From 7f1762fb5729f1770e798ca3bc90476f98fdcab6 Mon Sep 17 00:00:00 2001 From: lvs1974 Date: Sun, 12 Mar 2023 11:33:28 +0100 Subject: [PATCH] Override one more NSS method _wlc_ratespec_nss (in debug only) --- AirportBrcmFixup/kern_brcmfx.cpp | 39 +++++++++++++++++++++++++++++++- AirportBrcmFixup/kern_brcmfx.hpp | 8 +++++++ AirportBrcmFixup/kern_misc.hpp | 11 +++++---- 3 files changed, 52 insertions(+), 6 deletions(-) diff --git a/AirportBrcmFixup/kern_brcmfx.cpp b/AirportBrcmFixup/kern_brcmfx.cpp index 97e0ed0..845f8e9 100644 --- a/AirportBrcmFixup/kern_brcmfx.cpp +++ b/AirportBrcmFixup/kern_brcmfx.cpp @@ -159,6 +159,8 @@ int64_t BRCMFX::siPmuFvcoPllreg(uint32_t *a1, int64_t a2, int64_t a3) return ret; } + +#ifdef DEBUG //============================================================================== template @@ -176,6 +178,12 @@ IOReturn BRCMFX::AirPort_BrcmNIC_getTX_NSS(void *that, OSObject *obj, apple80211 { auto result = FunctionCast(AirPort_BrcmNIC_getTX_NSS, callbackBRCMFX->orgAirPort_BrcmNIC_getTX_NSS[index])(that, obj, data); DBGLOG("BRCMFX", "AirPort_BrcmNIC::getTX_NSS: result = 0x%x, version = %d, ess = %d", result, data->version, data->nss); +// if ((result == KERN_SUCCESS || result == KERN_RESOURCE_SHORTAGE) && data->nss == 1) +// { +// data->nss = 2; +// DBGLOG("BRCMFX", "AirPort_BrcmNIC::getTX_NSS: version = %d, overrided nss = %d", data->version, data->nss); +// result = KERN_SUCCESS; +// } return result; } @@ -186,8 +194,25 @@ IOReturn BRCMFX::AirPort_BrcmNIC_getNSS(void *that, OSObject *obj, apple80211_ns { auto result = FunctionCast(AirPort_BrcmNIC_getNSS, callbackBRCMFX->orgAirPort_BrcmNIC_getNSS[index])(that, obj, data); DBGLOG("BRCMFX", "AirPort_BrcmNIC::getNSS: result = 0x%x, version = %d, nss = %d", result, data->version, data->nss); +// if ((result == KERN_SUCCESS || result == KERN_RESOURCE_SHORTAGE) && data->nss == 1) +// { +// data->nss = 2; +// DBGLOG("BRCMFX", "AirPort_BrcmNIC::getNSS: version = %d, overrided nss = %d", data->version, data->nss); +// result = KERN_SUCCESS; +// } + return result; +} + +//============================================================================== + +template +int64_t BRCMFX::wlc_ratespec_nss(int a1) +{ + auto result = FunctionCast(wlc_ratespec_nss, callbackBRCMFX->orgWlcRatespecNss[index])(a1); + DBGLOG("BRCMFX", "wlc_ratespec_nss: result = 0x%x, a1 = 0x%x", result, a1); return result; } +#endif //============================================================================== @@ -365,7 +390,8 @@ void BRCMFX::processKext(KernelPatcher &patcher, size_t index, mach_vm_address_t reinterpret_cast(BRCMFX::checkBoardId<2>), reinterpret_cast(BRCMFX::checkBoardId<3>) }; - + +#ifdef DEBUG static const mach_vm_address_t AirPort_BrcmNIC_setTX_NSS[MaxServices] { reinterpret_cast(BRCMFX::AirPort_BrcmNIC_setTX_NSS<0>), reinterpret_cast(BRCMFX::AirPort_BrcmNIC_setTX_NSS<1>), @@ -387,6 +413,14 @@ void BRCMFX::processKext(KernelPatcher &patcher, size_t index, mach_vm_address_t reinterpret_cast(BRCMFX::AirPort_BrcmNIC_getNSS<3>) }; + static const mach_vm_address_t wlc_ratespec_nss[MaxServices] { + reinterpret_cast(BRCMFX::wlc_ratespec_nss<0>), + reinterpret_cast(BRCMFX::wlc_ratespec_nss<1>), + reinterpret_cast(BRCMFX::wlc_ratespec_nss<2>), + reinterpret_cast(BRCMFX::wlc_ratespec_nss<3>) + }; +#endif + for (size_t i = 0; i < kextListSize; i++) { if (kextList[i].loadIndex == index && !kext_handled[i]) @@ -429,10 +463,13 @@ void BRCMFX::processKext(KernelPatcher &patcher, size_t index, mach_vm_address_t {symbolList[i][5], checkBoardId[i]}, // Disable "32KHz LPO Clock not running" panic in AirPort_BrcmXXX {symbolList[i][6], osl_panic}, +#ifdef DEBUG // Investigate issues with NSS {symbolList[i][9], AirPort_BrcmNIC_setTX_NSS[i], orgAirPort_BrcmNIC_setTX_NSS[i]}, {symbolList[i][10], AirPort_BrcmNIC_getTX_NSS[i], orgAirPort_BrcmNIC_getTX_NSS[i]}, {symbolList[i][11], AirPort_BrcmNIC_getNSS[i], orgAirPort_BrcmNIC_getNSS[i]}, + {symbolList[i][12], wlc_ratespec_nss[i], orgWlcRatespecNss[i]} +#endif }; if (!patcher.routeMultiple(index, requests, address, size)) diff --git a/AirportBrcmFixup/kern_brcmfx.hpp b/AirportBrcmFixup/kern_brcmfx.hpp index 206b54e..89c0a6d 100644 --- a/AirportBrcmFixup/kern_brcmfx.hpp +++ b/AirportBrcmFixup/kern_brcmfx.hpp @@ -74,12 +74,16 @@ class BRCMFX { template static int64_t siPmuFvcoPllreg(uint32_t *a1, int64_t a2, int64_t a3); +#ifdef DEBUG template static IOReturn AirPort_BrcmNIC_setTX_NSS(void *that, OSObject*, apple80211_tx_nss_data*); template static IOReturn AirPort_BrcmNIC_getTX_NSS(void *that, OSObject*, apple80211_tx_nss_data*); template static IOReturn AirPort_BrcmNIC_getNSS(void *that, OSObject*, apple80211_nss_data*); + template + static int64_t wlc_ratespec_nss(int a1); +#endif /** * Trampolines for original method invocations @@ -88,9 +92,13 @@ class BRCMFX { mach_vm_address_t orgProbe[MaxServices] {}; mach_vm_address_t orgWlcSetCountryCodeRev[MaxServices] {}; mach_vm_address_t orgSiPmuFvcoPllreg[MaxServices] {}; + +#ifdef DEBUG mach_vm_address_t orgAirPort_BrcmNIC_setTX_NSS[MaxServices] {}; mach_vm_address_t orgAirPort_BrcmNIC_getTX_NSS[MaxServices] {}; mach_vm_address_t orgAirPort_BrcmNIC_getNSS[MaxServices] {}; + mach_vm_address_t orgWlcRatespecNss[MaxServices] {}; +#endif // access to IOCatalogue methods IOCatalogue_startMatching_symbol startMatching_symbol {}; diff --git a/AirportBrcmFixup/kern_misc.hpp b/AirportBrcmFixup/kern_misc.hpp index c64d6b9..fac075b 100644 --- a/AirportBrcmFixup/kern_misc.hpp +++ b/AirportBrcmFixup/kern_misc.hpp @@ -45,22 +45,23 @@ static const char *binList[MaxServices][2] { {"/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4331.kext/Contents/MacOS/AirPortBrcm4331", ""} }; -static const char *symbolList[MaxServices][12] { +static const char *symbolList[MaxServices][13] { {"__ZN19AirPort_BrcmNIC_MFG5startEP9IOService", "__ZN19AirPort_BrcmNIC_MFG5probeEP9IOServicePi", "_si_pmu_fvco_pllreg", "_wlc_set_countrycode_rev", "__ZNK19AirPort_BrcmNIC_MFG15newVendorStringEv", "__ZN19AirPort_BrcmNIC_MFG12checkBoardIdEPKc", nullptr, - "__ZN19AirPort_BrcmNIC_MFG18wowCapablePlatformEv", "_wlc_wowl_enable", nullptr, nullptr, nullptr }, + "__ZN19AirPort_BrcmNIC_MFG18wowCapablePlatformEv", "_wlc_wowl_enable", nullptr, nullptr, nullptr, nullptr }, {"__ZN16AirPort_Brcm43605startEP9IOService", "__ZN16AirPort_Brcm43605probeEP9IOServicePi" , "_si_pmu_fvco_pllreg", "_wlc_set_countrycode_rev", "__ZNK16AirPort_Brcm436015newVendorStringEv", "__ZN16AirPort_Brcm436012checkBoardIdEPKc", nullptr, - "__ZN16AirPort_Brcm436018wowCapablePlatformEv", "_wlc_wowl_enable", nullptr, nullptr, nullptr }, + "__ZN16AirPort_Brcm436018wowCapablePlatformEv", "_wlc_wowl_enable", nullptr, nullptr, nullptr, nullptr }, {"__ZN15AirPort_BrcmNIC5startEP9IOService", "__ZN15AirPort_BrcmNIC5probeEP9IOServicePi", "_si_pmu_fvco_pllreg", "_wlc_set_countrycode_rev", "__ZNK15AirPort_BrcmNIC15newVendorStringEv", "__ZN15AirPort_BrcmNIC12checkBoardIdEPKc", "_osl_panic", - "__ZN15AirPort_BrcmNIC18wowCapablePlatformEv", "_wlc_wowl_enable" , "__ZN15AirPort_BrcmNIC9setTX_NSSEP8OSObjectP22apple80211_tx_nss_data", "__ZN15AirPort_BrcmNIC9getTX_NSSEP8OSObjectP22apple80211_tx_nss_data", "__ZN15AirPort_BrcmNIC6getNSSEP8OSObjectP19apple80211_nss_data" }, + "__ZN15AirPort_BrcmNIC18wowCapablePlatformEv", "_wlc_wowl_enable" , "__ZN15AirPort_BrcmNIC9setTX_NSSEP8OSObjectP22apple80211_tx_nss_data", + "__ZN15AirPort_BrcmNIC9getTX_NSSEP8OSObjectP22apple80211_tx_nss_data", "__ZN15AirPort_BrcmNIC6getNSSEP8OSObjectP19apple80211_nss_data", "_wlc_ratespec_nss" }, {"__ZN16AirPort_Brcm43315startEP9IOService", "__ZN16AirPort_Brcm43315probeEP9IOServicePi", nullptr, "_wlc_set_countrycode_rev", "__ZNK16AirPort_Brcm433115newVendorStringEv", nullptr, nullptr, - "__ZN16AirPort_Brcm433118wowCapablePlatformEv", "_wlc_wowl_enable", nullptr, nullptr, nullptr } + "__ZN16AirPort_Brcm433118wowCapablePlatformEv", "_wlc_wowl_enable", nullptr, nullptr, nullptr, nullptr } }; /**