Big Sur: fix WindowServer crash on startup

osy · osy · commit 60d1b6f2592e · 2020-08-18T20:53:05.000-07:00
A new function amdMtl_CreateTargetDeviceArchitecture in AMDMTLBronzeDriver has a bug where if the deviceID
is not found in a list of supported ids, then amdMtl_HWL_GetDeviceArchGroup returns NULL and crashes the
process (WindowServer). We patch AMDRadeonX4000_AMDAccelDevice::getHardwareInfo which returns the deviceID
to return a fake ID and prevent the crash.
diff --git a/Polaris22Fixup.xcodeproj/project.pbxproj b/Polaris22Fixup.xcodeproj/project.pbxproj
@@ -404,7 +404,7 @@
 				MODULE_NAME = com.osy86.Polaris22Fixup;
 				MODULE_START = "$(PRODUCT_NAME)_kern_start";
 				MODULE_STOP = "$(PRODUCT_NAME)_kern_stop";
-				MODULE_VERSION = 1.2.1;
+				MODULE_VERSION = 1.3.0b1;
 				PRODUCT_BUNDLE_IDENTIFIER = com.osy86.Polaris22Fixup;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				WRAPPER_EXTENSION = kext;
@@ -428,7 +428,7 @@
 				MODULE_NAME = com.osy86.Polaris22Fixup;
 				MODULE_START = "$(PRODUCT_NAME)_kern_start";
 				MODULE_STOP = "$(PRODUCT_NAME)_kern_stop";
-				MODULE_VERSION = 1.2.1;
+				MODULE_VERSION = 1.3.0b1;
 				PRODUCT_BUNDLE_IDENTIFIER = com.osy86.Polaris22Fixup;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				WRAPPER_EXTENSION = kext;
diff --git a/Polaris22Fixup/Info.plist b/Polaris22Fixup/Info.plist
@@ -39,7 +39,7 @@
 	<key>OSBundleLibraries</key>
 	<dict>
 		<key>as.vit9696.Lilu</key>
-		<string>1.3.8</string>
+		<string>1.4.7</string>
 		<key>com.apple.kpi.bsd</key>
 		<string>12.0.0</string>
 		<key>com.apple.kpi.dsep</key>
diff --git a/Polaris22Fixup/kern_start.cpp b/Polaris22Fixup/kern_start.cpp
@@ -17,6 +17,8 @@ static const int kPathMaxLen = 1024;
 
 #pragma mark - Patches
 
+static const int kEllesmereDeviceId = 0x67DF;
+
 static const uint8_t kAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal[] = {
     0xb8, 0x02, 0x00, 0x00, 0x00, 0x0f, 0x43, 0xc1, 0xeb,
 };
@@ -39,13 +41,21 @@ static const char kDyldCachePath[] = "/private/var/db/dyld/dyld_shared_cache_x86
 
 static const char *kAmdRadeonX4000HwLibsPath[] { "/System/Library/Extensions/AMDRadeonX4000HWServices.kext/Contents/PlugIns/AMDRadeonX4000HWLibs.kext/Contents/MacOS/AMDRadeonX4000HWLibs" };
 
+static const char *kAmdRadeonX4000Path[] { "/System/Library/Extensions/AMDRadeonX4000.kext/Contents/MacOS/AMDRadeonX4000" };
+
+enum {
+    kAmdRadeonX4000=0,
+    kAmdRadeonX4000HwLibs,
+};
+
 static KernelPatcher::KextInfo kAMDHWLibsInfo[] = {
-    { "com.apple.kext.AMDRadeonX4000HWLibs", kAmdRadeonX4000HwLibsPath, arrsize(kAmdRadeonX4000HwLibsPath), {true}, {}, KernelPatcher::KextInfo::Unloaded },
+    [kAmdRadeonX4000] = { "com.apple.kext.AMDRadeonX4000", kAmdRadeonX4000Path, arrsize(kAmdRadeonX4000Path), {true}, {}, KernelPatcher::KextInfo::Unloaded },
+    [kAmdRadeonX4000HwLibs] = { "com.apple.kext.AMDRadeonX4000HWLibs", kAmdRadeonX4000HwLibsPath, arrsize(kAmdRadeonX4000HwLibsPath), {true}, {}, KernelPatcher::KextInfo::Unloaded },
 };
 
 static mach_vm_address_t orig_cs_validate_range {};
-
 static mach_vm_address_t orig_IsEarlySAMUInitEnabled {};
+static mach_vm_address_t orig_getHardwareInfo {};
 
 static uint8_t const *patchFind {};
 static uint8_t const *patchReplace {};
@@ -106,6 +116,16 @@ static int patched_IsEarlySAMUInitEnabled(void *ctx) {
     return 0;
 }
 
+static int patched_getHardwareInfo(void *obj, uint32_t *hwInfo) {
+    int ret = FunctionCast(patched_getHardwareInfo, orig_getHardwareInfo)(obj, hwInfo);
+    DBGLOG(MODULE_SHORT, "AMDRadeonX4000_AMDAccelDevice::getHardwareInfo: return 0x%08X");
+    if (ret == 0) {
+        SYSLOG(MODULE_SHORT, "getHardwareInfo: deviceId = 0x%x", *hwInfo);
+        *hwInfo = kEllesmereDeviceId;
+    }
+    return ret;
+}
+
 #pragma mark - Patches on start/stop
 
 static void pluginStart() {
@@ -145,7 +165,16 @@ static void pluginStart() {
     error = lilu.onKextLoad(kAMDHWLibsInfo, arrsize(kAMDHWLibsInfo), [](void *user, KernelPatcher &patcher, size_t index, mach_vm_address_t address, size_t size){
         DBGLOG(MODULE_SHORT, "processing AMDRadeonX4000HWLibs");
         for (size_t i = 0; i < arrsize(kAMDHWLibsInfo); i++) {
-            if (kAMDHWLibsInfo[i].loadIndex == index) {
+            if (i == kAmdRadeonX4000 && kAMDHWLibsInfo[i].loadIndex == index) {
+                KernelPatcher::RouteRequest amd_requests[] {
+                    KernelPatcher::RouteRequest("__ZN29AMDRadeonX4000_AMDAccelDevice15getHardwareInfoEP24_sAMD_GET_HW_INFO_VALUES", patched_getHardwareInfo, orig_getHardwareInfo),
+                };
+                if (patcher.routeMultiple(index, amd_requests, address, size, true, true)) {
+                    DBGLOG(MODULE_SHORT, "patched getHardwareInfo");
+                } else {
+                    SYSLOG(MODULE_SHORT, "failed to patch getHardwareInfo: %d", patcher.getError());
+                }
+            } else if (i == kAmdRadeonX4000HwLibs && kAMDHWLibsInfo[i].loadIndex == index) {
                 KernelPatcher::RouteRequest amd_requests[] {
                     KernelPatcher::RouteRequest("_PECI_IsEarlySAMUInitEnabled", patched_IsEarlySAMUInitEnabled, orig_IsEarlySAMUInitEnabled),
                 };
@@ -185,6 +214,6 @@ PluginConfiguration ADDPR(config) {
     bootargBeta,
     arrsize(bootargBeta),
     KernelVersion::Mojave,
-    KernelVersion::Catalina,
+    KernelVersion::BigSur,
     pluginStart
 };
