Race: callbacks and callback removal during kext unloading in OSX

Question

Race: callbacks and callback removal during kext unloading in OSX

It seems there is no synchronization between setting / removing callbacks (e.g. kauth_unlisten_scope) and the callbacks themselves (in the xnu database, yes, I know, it is dated). This puts the burden of tracking / draining callbacks and synchronizing with calls to the extension itself. But it is also problematic in that there is a window in which it is noted that the thread has exited the callback and is actually returning from the extension code.

Is there any pattern that gives the correct avoidance of this race? Or is there any Apple documentation that indicates that they synced this correctly?

+1

kernel xnu macos kernel-extension

Mjz Jun 28 '16 at 19:29

source share

1 answer

pmdj · Accepted Answer · 2016-06-29T08:36:08+0000

As far as I know, there is no 100% reliable way to prevent the cashback callbacks; The API is simply poorly designed. Apple themselves implement / recommend a simple atomic counter mechanism, which you can see in the Kauth-O-Rama example . Locate gActivationCount in the source file KauthORama.c. There is still a small chance that the thread runs the code before the increment or after decrement in the callback, but I have never seen a failure caused by this.

Race: callbacks and callback removal during kext unloading in OSX

More articles: