1

In similar vein to the question posted here: Can't Unload Kernel Extension; Classes Have Instances I am trying to understand what needs to be done to solve it.

With our KEXT, we have a launchctl daemon that is started, waits for the kext the be loaded, executes sysctl to load the config for the KEXT.

We do this by having the kext call registerService(): https://github.com/openzfsonosx/zfs/blob/master/module/zfs/zfs_osx.cpp#L192 and the little "zconfigd" waits for it here: https://github.com/openzfsonosx/zfs/blob/master/cmd/zconfigd/zconfigd.c#L186

Quite a small little code, lifted from one of the Apple examples. So I would assume it is releasing everything as expected?

If I try to unload the kext, it refuses (on Sierra) due to Classes Have Instances. If I kill zconfigd (even though launchctl will start a new one) I can kextunload it fine. Presumably I can make it exit(0) once sysctl has been executed, but it'd be nice to figure out why it holds on to the Class in this example. Presumably it is something simple.

We have one other Class problem, but this is the simplest, figured I'd start with baby steps.

Community
  • 1
  • 1
lundman
  • 1,616
  • 13
  • 25
  • Ah, love finding the problem once you post/ask about it. In this case, objects returned by IOIteratorNext() must be released by calling IOObjectRelease(). By sticking that in the clause with Found Match, we can unload the kext without restarting zconfigd. The next probably will probably be much harder. – lundman Nov 02 '16 at 05:35
  • Yep, retaining references from userspace (surprisingly?) keeps the instances around in the kernel too. I don't think Clang's static analyser can detect IOKitLib leaks unfortunately. – pmdj Nov 02 '16 at 10:25

0 Answers0