
I think I found a Mac kernel bug? - ingve
https://jvns.ca/blog/2018/01/28/mac-freeze/
======
mehrdada
Back in Leopard days, I was playing with the x86-64 ABI on Mac OS X (no real
documentation existed whatsoever, or at least that I could find, except for
the source code). Very soon I accidentally ran into a kernel panic that could
be reduced to a three-instruction program:

mov rax, 1

mov rdi, 1

syscall

and it would bring down the entire OS (kernel panic) when run by any user mode
application under a standard non-root user. Took a few releases for them to
fix that. I stopped trusting them from a low-level reliability perspective
since then.

Fuzzing their system call interface may not have been a bad idea.

P.S. XNU is an interesting as it lets userspace use Mach syscalls as well as a
bunch of BSD system calls directly. Probably esoteric interactions between
them are not very well-thought-out. (I hope I am not offending Avie Tevanian
here :))

------
djsumdog
I immediately thought of the htop bug and then she references that in the
article. How is this not fixed yet? Like, this is a security bug, right? You
can DoS from a simple usermode app with this bug.

Nothing official from Apple on this yet?

~~~
Moto7451
I don’t think the attack vector (presumably asking for admin credentials to
install a startup item) would be any different than an app that wanted to fork
bomb, allocate too much memory, or spin wait on all cores. In that way I don’t
think it’s any more security critical than any other bug that hangs the
system.

It’s definitely something that should be fixed of course.

------
Cogito
@cliffordheath on twitter says [0]

> _This will be a kernel data structure protected by a mutex or semaphore.
> task_for_pid waits at pri >=0 for a wakeup that won't happen because race.
> ps queues behind it at pri<0 (disabling ^C). At least two bugs there._

Seems like a reasonable explanation as to the underlying cause of the
behaviour.

[0]
[https://twitter.com/cliffordheath/status/957505667568353280](https://twitter.com/cliffordheath/status/957505667568353280)

------
Doctor_Fegg
Sounds very similar to
[https://github.com/hishamhm/htop/issues/682](https://github.com/hishamhm/htop/issues/682)

~~~
tomsmeding
Very true; she acknowledges it in the article as well.

~~~
ghusbands
Where? The only obvious link to github links to a tracking rbspy issue.

~~~
djsumdog
Closer to the bottom she has a "This appears to be affecting htop" section ...
she might have edited that in later since you read it?

------
phreack
It seems Apple just can't get a break these days. Has anyone checked if this
bug is exclusive to High Sierra?

~~~
terminalcommand
Htop also had segfaults after a while in OpenBSD 6.2 i386, when I used OpenBSD
exclusively for a couple of weeks. It could also be present in other BSD-like
kernels.

~~~
teamhappy
Htop segfaulting on OpenBSD doesn't show that the OpenBSD kernel has the same
bug, it shows that htop has some (unrelated) memory management issues (OpenBSD
is pretty good at exposing those).

------
jrochkind1
At first I remembered this and wondered if it was related:

"The rules for using Objective-C between fork() and exec() have changed in
macOS 10.13. Incorrect code that happened to work most of the time in the past
may now fail. Some workarounds are available."

[http://sealiesoftware.com/blog/archive/2017/6/5/Objective-
C_...](http://sealiesoftware.com/blog/archive/2017/6/5/Objective-
C_and_fork_in_macOS_1013.html)

But seems like no, actually, at least not obviously.

------
skissane
Question from someone who knows very little about the Mach/XNU APIs: Does this
code leak Mach ports? If you call task_for_pid, you get back a Mach task port.
Do you have to close the port with mach_port_deallocate? Could a resource leak
be contributing to the system freeze?

------
stochastic_monk
Additionally, valgrind is incompatible with Maverick.

Which is a huge pain, because it means that if I ever need to use it, I have
to debug on a server.

~~~
jchb
You mean Sierra / High Sierra. This is because of compatibility breaking
changes to some low-level kernel system calls. Since valgrind is essentially a
CPU emulator, it is tightly integrated with the OS kernel, and has to be
updated accordingly. The macOS contributors to valgrind seem to be relatively
few, probably because most macOS developers primarily use the various
sanitisers in clang (they also have UI integration in Xcode).

Have you tried the clang or gcc asan/tsan/usan sanitisers as a replacment?
There are pros and cons of valgrind vs compile time instrumentation. The
sanitisers increase the memory footprint, but run with less overhead. valgrind
can detect some errors that the sanitizers cannot etc.

~~~
stochastic_monk
I haven't, mostly just because it happens so rarely and I just want a quick
fix, but some of my colleagues have started building the sanitizers into their
production process. I probably should just for the sake of good practice.

------
pcwalton
Local kernel-level DoS sadly isn't uncommon on the Mac. I remember finding
some trivial ways to panic the kernel using ptrace() back in 2006 or so.

------
rokhinip
What version of macOS are you running with?

~~~
thibaut_barrere
I'm the initial bug reporter. This machine is on 10.13.3.

~~~
tgtweak
I don't even use a mac but I've heard terrible things about High Sierra, is it
really that bad?

Seems like they pushed a bunch of substantial changes to the kernel.

~~~
syncsynchalt
It's not _bad_ , nothing's a show-stopper, there's just several little
annoyances and embarrassing security issues.

My example is that there's an empty blank line in the bottom of about half of
my terminal sessions. I haven't looked into it, and I assume it'll disappear
in a future point release.

------
crypt1d
I found the style of the article to be quite refreshing somehow. The OP is not
trying to look like a smartass about the discovery (a trait very common in the
IT industry), and she acknowledges that she doesn't really understand what is
the underlying cause. She is just happy that she discovered something and is
keen on sharing it with the world.

~~~
tenaciousDaniel
I wish there was more of this. Exploring tech should be a _delight_.

~~~
__s
I've been writing a devlog on implementing a Lua vm in handwritten
WebAssembly,
[https://www.patreon.com/serprex](https://www.patreon.com/serprex) it pieces
together the commit log with a stream of consciousness aspect

Very much admits an 'I have no idea what I'm doing' experience

~~~
pjmlp
Looks quite interesting project, good luck.

------
tambourine_man
I think High Sierra is the worst Mac OS release yet.

I’m sure there’s a cognitive bias partially to blame (since it’s the most
recent) but it looks like we are way past that.

~~~
wsc981
As long as we are talking about anecdotical evidence: my MBP with High Sierra
has been running fine for the last few months. I haven't encountered any
issues in my day-to-day work as iOS app developer and neither in my home use.
I think it's a pretty decent release, though it didn't add any new features
that I feel I really need.

~~~
st3fan
Same here. My only reboots have been for system & security updates. No kernel
panics. Stable as a rock.

------
dang
I've edited 'he' to 'she' in the two otherwise fine comments that made this
mistake
([https://news.ycombinator.com/item?id=16251566](https://news.ycombinator.com/item?id=16251566)
and
[https://news.ycombinator.com/item?id=16251562](https://news.ycombinator.com/item?id=16251562))
and grouped several empty replies and one lame off-topic subthread under this
one. It's rare that we do something like this (and I've emailed the author),
but it seems fairer than to penalize their original posts, which were
otherwise informative and on topic.

~~~
freehunter
The gender of the author is one of the least interesting things about this
blog post, yet it's brought up in (at the time of writing this) three separate
comments here.

Comments that just say "It's a she" or "she" are basically spam and add
nothing to the conversation unless the gender of the author is _really_ that
important. Since the blog post doesn't mention anything gender specific, I
think it's safe to assume these comments are just spam.

~~~
dang
No doubt, but by getting further into it like this, you blew it up 100x and
produced by far the least interesting thing about this thread.

The internet is replete with opportunities for getting triggered and starting
flamewars. For HN not to sink into a deeper circle of hell, we all need to
resist these temptations. So could you and everyone else please not take HN
threads on generic, divisive tangents in the future?

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

~~~
freehunter
I apologize for how this blew up, I did not anticipate that. I was trying to
channel the guidelines similar to "it never does any good, and it makes boring
reading", hoping HN could focus on the substance of the article, rather than
the politics of whether or not it's okay to use "he" as a generic gender term.

It does get extremely boring to read on every article written by or about a
woman someone correcting every comment that uses "he" as a generic antecedent,
but in the future I will just ignore it instead of inciting a potential
flamewar.

~~~
dang
It's true, and a bit weird, that this happens even when one's sincere
intention is just the opposite. It takes a bit of forethought to realize this
in advance and avoid it. That's the skill we're most hoping to see become more
widespread here.

------
GoofballJones
I keep forgetting that the the great coders like Avie Tevanian are long-gone
from Apple.

