Skip to content

Commit

Permalink
Enable interrupts during page-in
Browse files Browse the repository at this point in the history 
Failing to do so will results in random kernel panics at least on 10.12:

panic(cpu 2 caller 0xffffff80229fe255): Kernel trap at 0xfffffd0000091727, type 14=page fault, registers:
CR0: 0x0000000080010033, CR2: 0x0000000000000000, CR3: 0x00000001aac520e2, CR4: 0x00000000001626e0
RAX: 0x0000000000000990, RBX: 0xffffff8045128a60, RCX: 0xffffff9133313650, RDX: 0x0000000000000000
RSP: 0xfffffd000004c7c0, RBP: 0xffffff9133313690, RSI: 0xffffff8044b6e000, RDI: 0xffffff80230b02b8
R8:  0x0000000000000000, R9:  0x0000000000000000, R10: 0xffffff812968a000, R11: 0x0000000000000000
R12: 0x0000000000000001, R13: 0xffffff8044b6e000, R14: 0x000000407d55e57c, R15: 0xffffff80230b02b8
RFL: 0x0000000000010006, RIP: 0xfffffd0000091727, CS:  0x0000000000000008, SS:  0x0000000000000010
Fault CR2: 0x0000000000000000, Error code: 0x0000000000000000, Fault CPU: 0x2, PL: 1, VF: 0

Backtrace (CPU 2), Frame : Return Address
0xffffff802274c3b0 : 0xffffff80228e837c mach_kernel : _panic + 0xec
0xffffff802274c430 : 0xffffff80229fe255 mach_kernel : _kernel_trap + 0x935
0xffffff802274c610 : 0xffffff7fa556aabc as.vit9696.VirtualSMC : __ZN18VirtualSMCProvider10kernelTrapI22x86_saved_state_1010_tEEvPT_Pm + 0x44c
0xffffff802274c6b0 : 0xffffff80228993b3 mach_kernel : _return_from_trap + 0xe3
0xffffff802274c6d0 : 0xfffffd0000091727
0xffffff9133313690 : 0xffffff80229f5413 mach_kernel : _usimple_lock + 0x43
0xffffff91333136b0 : 0xffffff80229dc6d6 mach_kernel : _pmap_protect_options + 0x86
0xffffff9133313740 : 0xffffff80229766b3 mach_kernel : _vm_map_protect + 0x383
0xffffff91333137b0 : 0xffffff7fa556a94c as.vit9696.VirtualSMC : __ZN18VirtualSMCProvider10kernelTrapI22x86_saved_state_1010_tEEvPT_Pm + 0x2dc
0xffffff9133313850 : 0xffffff80228993b3 mach_kernel : _return_from_trap + 0xe3
0xffffff9133313870 : 0xffffff7fa4395623 com.apple.driver.AppleSMC : __ZN8AppleSMC16clearArbitrationEy + 0x7
0xffffff91333139a0 : 0xffffff7fa4397ca7 com.apple.driver.AppleSMC : __ZN8AppleSMC23smcGetKeyInfoMMIOStaticEP8OSObjectPvS2_S2_S2_ + 0x47
0xffffff91333139d0 : 0xffffff8022ebe07a mach_kernel : __ZN13IOCommandGate9runActionEPFiP8OSObjectPvS2_S2_S2_ES2_S2_S2_S2_ + 0x13a
0xffffff9133313a40 : 0xffffff7fa4397bfa com.apple.driver.AppleSMC : __ZN8AppleSMC13smcGetKeyInfoEjP14SMCKeyInfoData + 0x4a
0xffffff9133313a70 : 0xffffff7fa43991b3 com.apple.driver.AppleSMC : __ZN8AppleSMC17smcHandleYPCEventEP14SMCParamStructS1_jPy + 0x35f
0xffffff9133313ac0 : 0xffffff8022ee5b99 mach_kernel : _shim_io_connect_method_structureI_structureO + 0x1c9
0xffffff9133313b20 : 0xffffff8022ee3bc2 mach_kernel : __ZN12IOUserClient14externalMethodEjP25IOExternalMethodArgumentsP24IOExternalMethodDispatchP8OSObjectPv + 0x332
0xffffff9133313b80 : 0xffffff8022eecb43 mach_kernel : _is_io_connect_method + 0x223
0xffffff9133313cc0 : 0xffffff80229bbf58 mach_kernel : _iokit_server_routine + 0x5e08
0xffffff9133313dd0 : 0xffffff80228ed5fc mach_kernel : _ipc_kobject_server + 0x19c
0xffffff9133313e30 : 0xffffff80228c9df1 mach_kernel : _ipc_kmsg_send + 0xe1
0xffffff9133313e80 : 0xffffff80228de5b7 mach_kernel : _mach_msg_overwrite_trap + 0x147
0xffffff9133313f10 : 0xffffff80229e94c8 mach_kernel : _mach_call_munger64 + 0x1c8
0xffffff9133313fb0 : 0xffffff8022899bc6 mach_kernel : _hndl_mach_scall64 + 0x16
      Kernel Extensions in backtrace:
         as.vit9696.VirtualSMC(1.1.3)[EEE93905-156C-3137-8CCE-43A20A98139B]@0xffffff7fa555b000->0xffffff7fa5581fff
            dependency: as.vit9696.Lilu(1.4.4)[66A0FB44-0ECC-3B85-8ED8-F1B2378D4E70]@0xffffff7fa54d7000
            dependency: com.apple.iokit.IOACPIFamily(1.4)[4F7FB6AD-2498-3F71-827C-ED7AA4BF2511]@0xffffff7fa3525000
         com.apple.driver.AppleSMC(3.1.9)[88026B2E-E18A-3463-97D4-05EE7DED9F06]@0xffffff7fa438e000->0xffffff7fa43a7fff
            dependency: com.apple.iokit.IOACPIFamily(1.4)[4F7FB6AD-2498-3F71-827C-ED7AA4BF2511]@0xffffff7fa3525000
            dependency: com.apple.iokit.IOPCIFamily(2.9)[D5DA7B81-DCD5-39AC-8DC9-796A4D1D6A20]@0xffffff7fa3131000
  • Loading branch information
@vit9696
vit9696 committed Apr 19, 2020
1 parent b72dcd9 commit 2d0436a
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions VirtualSMC/kern_prov.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,9 +269,12 @@ void VirtualSMCProvider::kernelTrap(T *state, uintptr_t *lo_spp) {
// We receive T_PF_PROT when we need to upgrade from read-only pages, and in this case we need vm_fault.
if (faultUpgrade == FaultUpgradeVM) {
//DBGLOG("prov", "prot upgrade to ro page %u", pageIndex);

MachInfo::setInterrupts(true);
auto ret = vm_protect(kernel_map, monitorStart + pageIndex*PAGE_SIZE, PAGE_SIZE, FALSE, VM_PROT_READ|VM_PROT_WRITE);
if (ret != KERN_SUCCESS)
PANIC("prov", "cannot upgrade to ro page %u error %d", pageIndex, ret);
MachInfo::setInterrupts(false);
//DBGLOG("prov", "prot upgrade to ro page %u done", pageIndex);

// Ensure that our fault enables write protection, since we may write stuff now.
Expand Down

0 comments on commit 2d0436a

Please sign in to comment.