sysctl hooking: disable F16C reporting on Ivy Bridge (#12)

* sysctl hooking: Disable f16c on Ivy Bridge * SoftwareUpdate.cpp: Fix return * SoftwareUpdate.cpp: Drop process check * RestrictEvents.cpp: Adjust indentation * Sync README * SoftwareUpdate.cpp: Don’t save original f16c * Sync Changelog
acidanthera · Apr 1, 2023 · 5e5f36e · 5e5f36e
1 parent 1e480dc
commit 5e5f36e
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 0 deletions.
diff --git a/Changelog.md b/Changelog.md
@@ -1,5 +1,10 @@
 RestrictEvents Changelog
 ========================
+#### v1.1.0
+- Added `hw.optional.f16c` disabling for macOS 13.3+
+  - Resolves CoreGraphics.framework invoking AVX2.0 code paths on Ivy Bridge CPUs
+  - Configurable via `revpatch`'s `f16c` argument
+
 #### v1.0.9
 - Added `revblock` for user configuration of blocking processes
 - Added additional process blocking:

diff --git a/README.md b/README.md
@@ -29,6 +29,7 @@ _Note_: Apple CPU identifier must be `0x0F01` for 8 core CPUs or higher and `0x0
   - `diskread` - disables uninitialized disk warning in Finder
   - `asset` - allows Content Caching when `sysctl kern.hv_vmm_present` returns `1` on macOS 11.3 or newer
   - `sbvmm` - forces VMM SB model, allowing OTA updates for unsupported models on macOS 11.3 or newer
+  - `f16c` - resolve CoreGraphics crashing on Ivy Bridge CPUs by disabling f16c instruction set reporting in macOS 13.3 or newer
   - `none` - disable all patching
   - `auto` - same as `memtab,pci,cpuname`, without `memtab` and `pci` patches being applied on real Macs
 - `revcpu=value` to enable (`1`, non-Intel default)/disable (`0`, Intel default) CPU brand string patching.

diff --git a/RestrictEvents/RestrictEvents.cpp b/RestrictEvents/RestrictEvents.cpp
@@ -49,6 +49,7 @@ static bool enableCpuNamePatching;
 static bool enableDiskArbitrationPatching;
 static bool enableAssetPatching;
 static bool enableSbvmmPatching;
+static bool enableF16cPatching;
 
 static bool verboseProcessLogging;
 static mach_vm_address_t orgCsValidateFunc;
@@ -369,6 +370,9 @@ struct RestrictEventsPolicy {
 		if (strstr(value, "sbvmm", strlen("sbvmm"))) {
 			enableSbvmmPatching = true;
 		}
+		if (strstr(value, "f16c", strlen("f16c"))) {
+			enableF16cPatching = true;
+		}
 		if (strstr(value, "auto", strlen("auto"))) {
 			// Do not enable Memory and PCI UI patching on real Macs
 			// Reference: https://github.com/acidanthera/bugtracker/issues/2046
@@ -484,6 +488,7 @@ struct RestrictEventsPolicy {
 static RestrictEventsPolicy restrictEventsPolicy;
 
 void rerouteHvVmm(KernelPatcher &patcher);
+void reroutef16c(KernelPatcher &patcher);
 
 PluginConfiguration ADDPR(config) {
 	xStringify(PRODUCT_NAME),
@@ -560,6 +565,10 @@ PluginConfiguration ADDPR(config) {
 						(getKernelVersion() == KernelVersion::BigSur && getKernelMinorVersion() >= 4)) &&
 						(revsbvmmIsSet || revassetIsSet))
 						rerouteHvVmm(patcher);
+					if ((enableF16cPatching) &&
+						(getKernelVersion() > KernelVersion::Ventura ||
+						(getKernelVersion() == KernelVersion::Ventura && getKernelMinorVersion() >= 4)))
+						reroutef16c(patcher);
 				});
 			}
 		}

diff --git a/RestrictEvents/SoftwareUpdate.cpp b/RestrictEvents/SoftwareUpdate.cpp
@@ -159,6 +159,12 @@ static int my_sysctl_vmm_present(__unused struct sysctl_oid *oidp, __unused void
 	return FunctionCast(my_sysctl_vmm_present, org_sysctl_vmm_present)(oidp, arg1, arg2, req);
 }
 
+static int my_sysctl_f16c(__unused struct sysctl_oid *oidp, __unused void *arg1, int arg2, struct sysctl_req *req) {
+	int f16c_off = 0;
+	return SYSCTL_OUT(req, &f16c_off, sizeof(f16c_off));
+}
+
+
 void rerouteHvVmm(KernelPatcher &patcher) {
 	auto sysctl_children = reinterpret_cast<sysctl_oid_list *>(patcher.solveSymbol(KernelPatcher::KernelID, "_sysctl__children"));
 	if (!sysctl_children) {
@@ -180,3 +186,24 @@ void rerouteHvVmm(KernelPatcher &patcher) {
 		return;
 	}
 }
+
+void reroutef16c(KernelPatcher &patcher) {
+	auto sysctl_children = reinterpret_cast<sysctl_oid_list *>(patcher.solveSymbol(KernelPatcher::KernelID, "_sysctl__children"));
+	if (!sysctl_children) {
+		SYSLOG("supd", "failed to resolve _sysctl__children");
+		return;
+	}
+
+	// WARN: sysctl_children access should be locked. Unfortunately the lock is not exported.
+	sysctl_oid *f16c = sysctl_by_name(sysctl_children, "hw.optional.f16c");
+	if (!f16c) {
+		SYSLOG("supd", "failed to resolve hw.optional.f16c sysctl");
+		return;
+	}
+
+	if (!patcher.routeFunction(reinterpret_cast<mach_vm_address_t>(f16c->oid_handler), reinterpret_cast<mach_vm_address_t>(my_sysctl_f16c), true)) {
+		SYSLOG("supd", "failed to route hw.optional.f16c sysctl");
+		patcher.clearError();
+		return;
+	}
+}