Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement core dumps for notarized applications on macOS #5813

Open
keithc-ca opened this issue Feb 17, 2021 · 6 comments · Fixed by #6014
Open

Implement core dumps for notarized applications on macOS #5813

keithc-ca opened this issue Feb 17, 2021 · 6 comments · Fixed by #6014
Labels
os:macos

Comments

@keithc-ca
Copy link
Member

On macOS, core dumps are currently created by sending a signal to the process (see omrdump_create()). This works fine for an application built locally, but requires requesting the com.apple.security.get-task-allow entitlement during the code signing processes.

Unfortunately, Apple will normally refuse to notarize applications which have requested that entitlement. The qualification, 'normally' comes from a WWDC video on the topic, but the speaker did not elaborate.

So, it would seem, we either need to learn how to convince Apple to notarize applications requiring the com.apple.security.get-task-allow entitlement, or the production of core dumps on macOS cannot rely on the built-in signal-handler behavior.

The structure of a core file is reasonably well documented (OpenJ9 contains code that can read them). Implementing code here in OMR to write them explicitly should eliminate the need for a special entitlement and thus allow applications to be notarized.
@keithc-ca keithc-ca mentioned this issue Feb 17, 2021
Closed
@manqingl
Copy link

@keithc-ca @tajila @mikezhang1234567890 : if we are to implement our own mechanism to save memory content, do we know how feasible/reliable it would be? What would be the size of work?

Intuitively I assume Apple would not leave an easy backdoor for us if Apple decides to block it; and I assume Apple can block it unexpectedly in the future.

@keithc-ca
Copy link
Member Author

It's not clear to me how Apple could block the creation of core files. The format is documented, and from the perspective of the OS, the application is simply writing a (large) file.

@manqingl
Copy link

manqingl commented Mar 16, 2021
edited
Loading

@keithc-ca So we do not have to figure out which memories are for what, just have to write from address 0 to the end?

@keithc-ca
Copy link
Member Author

We should be able to enumerate the regions of memory that need to be captured, using the same APIs as used by https://github.com/ePirat/gcore, but applied to the process itself rather than needing the entitlement required by using task_for_pid() to access a distinct process.

@keithc-ca keithc-ca mentioned this issue Apr 15, 2021
Closed
@mikezhang1234567890 mikezhang1234567890 mentioned this issue May 17, 2021
Merged
@pshipton pshipton mentioned this issue Jun 23, 2021
Open
@keithc-ca
Copy link
Member Author

This should be reopened: #6014 was reverted. @fjeremic can you do that, please?

@fjeremic fjeremic reopened this Aug 25, 2021
@keithc-ca
Copy link
Member Author

As @knn-k noted (eclipse-openj9/openj9#11164 (comment)), the solution needs to be extended for AArch64.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
os:macos
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add new core dump tool for OSX mikezhang1234567890/omr
3 participants
@fjeremic @keithc-ca @manqingl