Create a RTFM guardrail re: arm64e ABI

[donaldguy]

I wasted 3-5 hours plus of my life cause I wasn't all that observant.

A more ambitious version of this would link into the universal binary an arm64 helper that did the sysctl check (or wouldn't need to? cause it would only be run when booted without the flag?) and failed louder at runtime

[donaldguy]

Comments (shortly to be) deleted from koekeishiya#923:

EDIT: I do have SIP enabled ; This is maybe dumb of me - but I'm not sure its relevant to just getting as far as attempting injection (and its not apparently getting that far)

@xorpse @alin23 xorpse/master builds and can be (almost?) spawned by lldb for me on M1.

under lldb (but not directly exec'd) it spawns a crashreporter. (It never seems to live long enough to attach though?)

KERN_INVALID_ADDRESS at 0x0000000000000000 ?

Looks like PC is in fact zeroed out; so ... we got a NPE somewhere?

(It's been a while since I've done any systems-y stuff, let alone on arm macOS, so sorry if I am not seeing or including something / this is unhelpful )

full report

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------
Incident Identifier: 05CB8341-0F3D-4F5B-A9E2-36DC11C6AF38

CrashReporter Key:   76D63C0B-357D-1700-5FC9-67A5DDB76A54

Hardware Model:      MacBookAir10,1

Process:             yabai [28984]

Path:                /Users/USER/*/yabai

Identifier:          yabai

Version:             ???

Code Type:           ARM-64 (Native)

Role:                Unspecified

Parent Process:      lldb [28969]

Coalition:           com.googlecode.iterm2 [7285]

Responsible Process: iTerm2 [28233]
Date/Time:           2021-07-22 18:04:20.1006 -0400

Launch Time:         2021-07-22 18:04:20.1002 -0400

OS Version:          macOS 12.0 (21A5284e)

Release Type:        User

Report Version:      104
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)

Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000

Exception Codes: 0x0000000000000001, 0x0000000000000000

VM Region Info: 0 is not in any region.

REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL

UNUSED SPACE AT START

--->

UNUSED SPACE AT END

Exception Note:  EXC_CORPSE_NOTIFY

Termination Reason: SIGNAL 11 Segmentation fault: 11

Terminating Process: exc handler [28984]
Highlighted by Thread:  0
Backtrace not available
No thread state (register information) available
Binary Images:

Binary images description not available
Error Formulating Crash Report:

dyld_process_info_create failed with 1

Failed to create CSSymbolicatorRef - corpse still valid ¯_(ツ)/¯
EOF

Full Report
{"app_name":"yabai","timestamp":"2021-07-22 18:04:20.00 -0400","app_version":"","slice_uuid":"ac01cd6b-bc98-3b78-a475-f40c20e640fc","build_version":"","platform":0,"share_with_app_devs":0,"is_first_party":1,"etl_key":"3","bug_type":"309","os_version":"macOS 12.0 (21A5284e)","incident_id":"05CB8341-0F3D-4F5B-A9E2-36DC11C6AF38","name":"yabai"}

{

"uptime" : 38000,

"procLaunch" : "2021-07-22 18:04:20.1002 -0400",

"procRole" : "Unspecified",

"version" : 2,

"userID" : 501,

"deployVersion" : 209,

"modelCode" : "MacBookAir10,1",

"procStartAbsTime" : 927931409813,

"coalitionID" : 7285,

"osVersion" : {

"train" : "macOS 12.0",

"build" : "21A5284e",

"releaseType" : "User"

},

"captureTime" : "2021-07-22 18:04:20.1006 -0400",

"incident" : "05CB8341-0F3D-4F5B-A9E2-36DC11C6AF38",

"pid" : 28984,

"procExitAbsTime" : 927931413136,

"translated" : false,

"cpuType" : "ARM-64",

"procName" : "yabai",

"procPath" : "/Users/USER/*/yabai",

"parentProc" : "lldb",

"parentPid" : 28969,

"coalitionName" : "com.googlecode.iterm2",

"crashReporterKey" : "76D63C0B-357D-1700-5FC9-67A5DDB76A54",

"responsiblePid" : 28233,

"responsibleProc" : "iTerm2",

"wakeTime" : 820,

"sleepWakeUUID" : "AD96A59D-AB80-4A35-8875-81F13BB3E210",

"sip" : "enabled",

"vmRegionInfo" : "0 is not in any region.  \n      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      UNUSED SPACE AT END",

"isCorpse" : 1,

"exception" : {"codes":"0x0000000000000001, 0x0000000000000000","rawCodes":[1,0],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_INVALID_ADDRESS at 0x0000000000000000"},

"termination" : {"flags":0,"code":11,"namespace":"SIGNAL","indicator":"Segmentation fault: 11","byProc":"exc handler","byPid":28984},

"vmregioninfo" : "0 is not in any region.  \n      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      UNUSED SPACE AT END",

"extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},

"legacyInfo" : {

"threadHighlighted" : 0

},

"trialInfo" : {

"rollouts" : [

{

"rolloutId" : "607844aa04477260f58a8077",

"factorPackIds" : {

"SIRI_MORPHUN_ASSETS" : "60ef663fea07ad5dba6c903e"

},

"deploymentId" : 250000055

},

{

"rolloutId" : "602ad4dac86151000cf27e46",

"factorPackIds" : {

"SIRI_DICTATION_ASSETS" : "60f32ee7acdbc05299343789"

},

"deploymentId" : 250000131

},

{

"rolloutId" : "5fc94383418129005b4e9ae0",

"factorPackIds" : {
  },
  "deploymentId" : 250000096
},
{
  "rolloutId" : "601d9415f79519000ccd4b69",
  "factorPackIds" : {
    "SIRI_TEXT_TO_SPEECH" : "60f6dfc2d2af457cffe62e0d"
  },
  "deploymentId" : 250000118
}

],

"experiments" : [

{

"treatmentId" : "e4f26a06-e220-41f9-8539-5302c9a13e15",

"experimentId" : "60d371a0ec19657d9a4419a7",

"deploymentId" : 500000003

}

]

},

"reportNotes" : [

"dyld_process_info_create failed with 1",

"Failed to create CSSymbolicatorRef - corpse still valid ¯\(ツ)_/¯"

]

}
Model: MacBookAir10,1, BootROM 7429.0.181.131.1, proc 8:4:4 processors, 16 GB, SMC

Graphics: kHW_AppleM1Item, Apple M1, spdisplays_builtin

Memory Module: LPDDR4

AirPort: spairport_wireless_card_type_wifi, wl0: Jun 21 2021 18:40:00 version 18.20.298.0.7.8.110 FWID 01-03951c1a

Bluetooth: Version (null), 0 services, 0 devices, 0 incoming serial ports

Network Service: Wi-Fi, AirPort, en0

USB Device: USB 3.1 Bus

USB Device: USB 3.1 Bus

Thunderbolt Bus: MacBook Air, Apple Inc.

Thunderbolt Bus: MacBook Air, Apple Inc.

Also maybe of relevance, the actual link complains:
ld: warning: object file (src/osax/arm64/injector.o) was built for newer macOS version (12.0) than being linked (11.0)

❯ rm ./bin/yabai-arm64
❯ make ./bin/yabai-arm64
makefile:40: warning: overriding commands for target `src/osax/sa_payload.c'
makefile:32: warning: ignoring old commands for target `src/osax/sa_payload.c'
mkdir -p ./bin
/Library/Developer/CommandLineTools/usr/bin/clang src/manifest.m src/osax/arm64/injector.o src/osax/sa_payload.c -arch arm64e -std=c99 -Wall -g -O0 -fvisibility=hidden -mmacosx-version-min=10.13 -F/System/Library/PrivateFrameworks -framework Carbon -framework Cocoa -framework CoreServices -framework SkyLight -framework ScriptingBridge -isysroot "/Applications/Xcode-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.0.sdk" -o bin/yabai-arm64
ld: warning: object file (src/osax/arm64/injector.o) was built for newer macOS version (12.0) than being linked (11.0)

EDIT 2: xcode-selecting over to the actual-newer Commandline tools and having that -isysroot be "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk" doesn't seem to make a difference;

with mac's whacky linking in mem stuff -- that could be enough? (or it could be irrelevant, if there are just old nums floating around on equivalent things)

Note sure why or what LDFLAGS(?) would help

`otool -L ./bin/yabai-arm64`

./bin/yabai-arm64:
	/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon (compatibility version 2.0.0, current version 165.0.0)
	/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa (compatibility version 1.0.0, current version 23.0.0)
	/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices (compatibility version 1.0.0, current version 1141.1.0)
	/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/SkyLight (compatibility version 64.0.0, current version 600.0.0)
	/System/Library/Frameworks/ScriptingBridge.framework/Versions/A/ScriptingBridge (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1308.0.0)
	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit (compatibility version 45.0.0, current version 2077.14.0)
	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices (compatibility version 1.0.0, current version 56.0.0)
	/System/Library/Frameworks/ColorSync.framework/Versions/A/ColorSync (compatibility version 1.0.0, current version 4.7.0)
	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1835.0.0)
	/System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics (compatibility version 64.0.0, current version 1526.0.0)
	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation (compatibility version 300.0.0, current version 1835.0.0)
	/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)

EDIT 3: running it as clang -v the ld invocation is very explicitly (for not clear reasons) -platform_version macos 11.0.0 12.0 - maybe that's supposed to offer backwards compatibility? – I am having trouble pinning down docs for this flag

---

Also maybe of relevance, the actual link complains:
ld: warning: object file (src/osax/arm64/injector.o) was built for newer macOS version (12.0) than being linked (11.0)

manually changing BUILD_FLAGS flag to -mmacosx-version-min=12.0 does pass -platform_version macos 12.0.0 12.0 on the ld and thus eliminate this error; it does not appear to change the resulting dynamic linking (per libtool) or how it goes down on exec

---

Well this is a fun twist:

yabai/arm64-injector-standalone on  xorpse [!?]
❯ cat inject.c
───────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: inject.c
───────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ #include <stdio.h>
   2 _ │ #include <stdlib.h>
   3   │
   4   │ int main(int argc, char **argv) {
   5   │   if (argc != 2) {
   6   │     fprintf(stderr, "usage: %s <pid-of-dock>\n", argv[0]);
   7 ~ │     return 1;
   8   │   }
   9   │
  10 ~ │   //pid_t pid = atoi(argv[1]);
  11 ~ │   return 0;
  12   │ }
───────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

yabai/arm64-injector-standalone on  xorpse [!?]
❯ make clean all
rm -f inject inject.o
rm -f sa_arm64e sa_arm64e.o sa_arm64e.h
./extract.sh
clang -o inject inject.c -arch arm64e -std=c99 -Wall -DNDEBUG -O2 -fvisibility=hidden -mmacosx-version-min=10.13

yabai/arm64-injector-standalone on  xorpse [!?]
❯ ./inject
zsh: killed     ./inject

yabai/arm64-injector-standalone on  xorpse [!?]
❯ echo $?
137

EDIT: And/But

yabai/arm64-injector-standalone on  xorpse [!?]
❯ clang -o inject inject.c -arch arm64e

yabai/arm64-injector-standalone on  xorpse [!?]
❯ ./inject
zsh: killed     ./inject

yabai/arm64-injector-standalone on  xorpse [!?]
❯ clang -o inject inject.c -std=c99 -Wall -DNDEBUG -O2 -fvisibility=hidden -mmacosx-version-min=10.13

yabai/arm64-injector-standalone on  xorpse [!?]
❯ ./inject
usage: ./inject <pid-of-dock>

❯ file inject
inject: Mach-O 64-bit executable arm64

(but obvs other things apple has shipped are arm64e (universal) and run fine; but as is ... this will not exec at all)

---

Oh hey, so I haven't done the

sudo nvram boot-args=-arm64e_preview_abi

again, there are apple-delivered arm64e binaries on disk that run fine, but seems like a thing that I
(and possibly @alin23 ) might be importantly missing

[xorpse]

Thanks for investigating and submitting the PR---what you've added seems sensible to me :-). I see you've opened a second PR for the 12.x specific problems, so I'll close this issue and we can discuss those there.