OS X Kernel Programming
Duration: 4 days

Back to course list Home
Synopsis This course picks up where "OS X System Programming" leaves off. Meant as a follow-up to its predecessor, or for developers with comparable knowledge of the OS X user mode environment, it delves deeper into aspects of Kernel progr amming. The course describes the XNU kernel in depth, focusing on its three main components: the Mach core, the BSD API layer and the I/O Kit driver foundation. Plenty of hands-on enable students to develop a fully working device driver.
Target Audience OS X developers - both Mac and iPhone/iPad - interested in getting to know Apple's Operating Systems at the Kernel level, and write device drivers and Kernel extension s (KEXTs) for it.
Prerequisites Knowledge of OS X at a user level, and user mode programming. Familiar ity with POSIX is highly recommended.
Objectives
  • Gain intimate familiarity with the XNU Kernel, specifically its Mach core, and the I/O kit driver runtime
  • Create a fully functional character device driver
  • Explain the various Kernel subsystems, including the task scheduler, and virtual memory manager
  • Explain, interface with and hook Kernel system calls
Exercises This course allocates plenty of time for hands- on practice.
The hands-on exercises in this course include a large rolling exercise:
  • Creating a Kernel Extension
  • Turning the extension onto a character device driver
  • Passing data from user mode to Kernel mode and back
  • Responding to power management events
  • Responding to plug and play events
Modules
1. OS X Architectural Overview
1-2 hours
Introduction to the Architecture of OS X
  • The Darwin environment
    • XNU: The Kernel
      • Micro vs. Monolithic Kernels
        • Review of prerequisites
          2. The XNU Source
          2 hours
          Making sense of the XNU source, we discuss its directory structure, and how to navigate it. Unlike Linux, which has the Linux Cross Reference, OS X's XNU, while as formidable, has no such tools.
          • Obtaining the latest source code
            • Navigating the source: What's in each directory?
              • Compiling the Kernel
                • The Kernel debug kit


                  Exercises include:
                  • Compiling the Kernel and adding symbol information
                  3. Kernel Startup
                  2 (3) hours
                  Drawing on newfound familiarity with the Kernel sources, we begin to walk it by tracing its boot process, from its initial entry point, all the way to the launching of User mode threads
                  • Booting the Kernel from EFI
                    • The Kernel Entry point
                      • Master/Slave CPU initialization
                        • Mach Initialization
                          • BSD Initialization
                            • User space processes


                              Exercises include:
                              • Tracing the Kernel in verbose (command-V) boot
                              Day 2
                              4. Mach
                              2 (4) hours
                              At its very core, XNU contains Mach, the Carnegie Mellon project. Being a microkernel by design, Mach is not a "traditional" Kernel like Windows or Linux. What more, Apple has made significant modifications since Mach 3.0. In this module, we delve deep into Mach, and explain its key concepts, backing their implementations by looking at the actual source code.
                              • Introducing Mach
                                • Mach Tasks
                                  • Mach Threads
                                    • Mach Ports
                                      • Mach Messages & IPC
                                        • Mach Virtual Memory


                                          Exercises include:
                                          • Enumerating Mach Tasks and Threads
                                          • Creating a simple Mach API based client/server program
                                          5. Programming KEXTs
                                          2 (3) hours
                                          Kernel Extensions, or "KEXTs", are the Mac OS equivalent of Kernel modules. In this module, we detail the architecture of KEXTs, commands used to manipulate them, and the process of creating one.
                                          • Anatomy of a Kernel Extension
                                            • KEXT related commands:
                                              • kextk
                                                • kextstat
                                                  • kextload/kextutil
                                                    • kextfind
                                                    • Building your first KEXT:
                                                      • The Entry and exit
                                                        • The Info.plist
                                                          • Handling dependencies


                                                          Exercises include:
                                                          • Using Mach APIs to display loaded extensions
                                                          • Creating a simple Kernel Extension
                                                          • Hiding a Kernel Extension
                                                          Day 3
                                                          6. Kernel Survival Guide
                                                          2 hours
                                                          The Kernel is a very inhospitable environment. In user space, we have rock solid isolation. A crash in a process doesn't usually affect the system at all. In the Kernel, however, a single transgression causes a system panic. In this module, we show the dos and don'ts of Kernel programming, focusing on the APIs available for kernel developers, as well as common tasks in the Kernel.
                                                          • Kernel programming constraints
                                                            • LibKern and other APIs available
                                                              • Threading and synchronization
                                                                • Atomic operations
                                                                  • IOLog and output to dmesg
                                                                    • Panics
                                                                      7. Kernel/User Mode APIs
                                                                      2 (3) hours
                                                                      Sooner or later, Kernel code needs to communicate with user space. This is usually because the Kernel is meant to serve user mode requests. In this module, we explore the various models of User-Kernel mode communication OS X has to offer, including:
                                                                      • System calls, both Mach and BSD
                                                                        • The Kernel implementation of System Calls
                                                                          • SysCTLs
                                                                            • IOCTLs
                                                                              • OS X's Kernel-User Notification (KUNC)


                                                                                Exercises include:
                                                                                • Creating a custom SysCTL
                                                                                8. Character Device Drivers
                                                                                1 (2) hours
                                                                                Being a flavor of UNIX, OS X supports character and block devices. In this module, we transform our sample KEXT into a fully featured device driver, step by step:
                                                                                • Device System calls
                                                                                  • struct cdevsw
                                                                                    • Implementing system call callbacks
                                                                                      • User mode I/O (struct uio)
                                                                                        • Registering a device


                                                                                          Exercises include:
                                                                                          • Creating a fully functional custom character device
                                                                                          Day 4
                                                                                          9. I/O Kit
                                                                                          2 (4) hours
                                                                                          The I/O Kit is a complete driver runtime environment contained in XNU. I/O Kit is object oriented, and makes the development of drivers easier and, in many ways safer, by relying on object oriented concepts such as inheritance and overloading. In this module, we investigate the I/O Kit in depth, and create a sample I/O Kit driver
                                                                                          • Introducing I/O Kit
                                                                                            • The I/O Kit base classes
                                                                                              • IOService and your driver
                                                                                                • The IOWorkLoop
                                                                                                  • Interrupt Sources
                                                                                                    • Timer Sources
                                                                                                      • Command Gates
                                                                                                      • Creating your sample driver
                                                                                                        • The Entry and exit
                                                                                                          • The Info.plist
                                                                                                            • Driver personalities
                                                                                                              • Handling dependencies


                                                                                                              Exercises include:
                                                                                                              • Creating a sample I/O Kit driver for a virtual device
                                                                                                              10. Plug & Play
                                                                                                              2 (4) hours
                                                                                                              Advanced features of I/O Kit drivers, including:
                                                                                                              • Responding to device addition & removal
                                                                                                                • Responding to power management events


                                                                                                                  Exercises include:
                                                                                                                  • Extending the I/O Kit driver to support PnP