Kext logs and <private> tags on 10.13

58 views
Skip to first unread message

Grzegorz Antoniak

unread,
Sep 4, 2017, 8:58:14 AM9/4/17
to darwin-...@lists.apple.com
Hello,

Is it possible to globally turn off the "<private>" tags that are being
written to the log stream instead of real offsets?

I know this behavior probably can be controlled by using per-argument
privacy specificators like %{public} and %{private}, but if I understand
correctly this would require using new functions that are available only
on 10.13 (and maybe on 10.12). It seems that those specificators are not
working when using IOLog() or printf() functions, and because I would
like to support some older macOS system versions, I would like to stay
with IOLog() at least for some time.

I've also tried to use `sudo log config --mode 'private_data=on'` (and
'off'), but that doesn't appear to work.

Thanks for any answers,
Grzegorz Antoniak
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-drivers mailing list (Darwin-...@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/darwin-drivers/darwin-drivers-garchive-96018%40googlegroups.com

This email sent to darwin-drivers...@googlegroups.com

Stephen Larew

unread,
Oct 12, 2017, 8:03:51 PM10/12/17
to Grzegorz Antoniak, darwin-...@lists.apple.com
Have you resolved your issues with private data?

I just checked some notes from a project (w/ KEXT, daemons, and agents) that targets 10.12. The project exclusively uses os_log both in kernel and user space. `sudo log config --mode 'private_data=on'` worked for me if I can trust my notes, although I was specific in noting to use `log stream --source --level debug` after turning on private data (instead of using Console.app, not sure if that matters?). I haven’t tested on 10.13 yet.

I don’t know how “private data” would be handled in calls to IOLog or printf. Maybe the xnu sources would shed light?

Grzegorz Antoniak

unread,
Oct 13, 2017, 4:49:19 AM10/13/17
to Stephen Larew, darwin-...@lists.apple.com
Hello Stephen,

Thanks for the reply.

I've just checked on a minimal kext, and it doesn't work:

os_log_debug(OS_LOG_DEFAULT, "[os_log] addr=%llx", &kexttest_start);

Verification steps:

# log config --mode 'private_data:on'

# log config
System mode = INFO PRIVATE_DATA

# log stream --source --level debug --style=compact \
--predicate='eventMessage contains "[os_log]"'
...
... Db kernel[0:23c] (kexttest) < > [os_log] addr=<private>
...
^C

I suspect I might be doing something wrong, but I don't know what
exactly.

As a temporary solution, I've skipped os_log()'s filtering by using
sprintf() function, something like this:

int somevar = 10;
char buf[128];
sprintf(buf, "addr=0x%llx", &somevar);
os_log("%s", buf);

I've created my own function wrapper to perform logging and it seems to
work.

Also, I actually prefer the 'log stream' interface instead of Console.app,
because this new logging system seems to be partly broken in other ways
that seems to disqualify use of Console.app.

G.

Reply all
Reply to author
Forward
0 new messages