There are some gaffes no operating system developer can afford to make: one of them is to leak kernel memory. If that were to happen, every one of your users would be running a time bomb, which ticks and leaks away until memory runs dry, and the only way out is for the kernel to panic and take the whole system down. Anyone relying on your operating system for 24/7 services will suffer repeated outages over which they have no control, which damage them and their reputation. Kernel memory leaks are a highly effective way of driving away customers present and future.
Yet on 15 July, Apple did just that in macOS Catalina 10.15.6 update. The combination of a kernel which had been built only ten days before that public release and a set of new graphics drivers set up conditions which on some Macs at least resulted in a large leak in Mach zones, ready-use pools of memory dedicated to the kernel and its extensions. Although first reported on Macs which were running specific virtualisation software, it has since become clear that many more users were suffering as a result.
Apple redeemed itself in part by its swift and effective response: within a couple of weeks of receiving first reports of the problem, it released a Supplemental Update which appears to have restored stability to the kernel memory zones.
Looking inside that update is another revelation: the suspect graphics drivers, which in 10.15.5SU were at version 3.9.5 and progressed to 3.10.5 in 10.15.6, had been ‘fixed’ in a minor patch to version 3.10.6 in the Supplemental Update to macOS 10.15.6. In contrast, the stable kernel to accompany them had gone back to an earlier version from more than two weeks before that in the 10.15.6 update, having been built on 18 June.
More worrying is the fact that Apple doesn’t appear to have recognised that this memory leak affected more Macs than just those running VMware or VirtualBox: its description in the terse note describing the Supplemental Update states that it “fixes a stability issue that could occur when running virtualization apps”. And in Apple’s growing dictionary of euphemisms, a kernel panic is now considered to be a “stability issue” as well as an “unexpected restart“. Perhaps if we returned to calling a spade a spade Apple might treat its latest failure with the seriousness which it deserves.
We’ll never know how this fatal flaw in the 10.15.6 update leaked from Apple, but it once again speaks forcefully of lack of testing and absence of quality control, which have bedevilled macOS of late.
Some features and apps in macOS are notoriously difficult to test adequately in betas. The Mail app and Time Machine backups are two recent cases which have also plagued Catalina. Both were radically revised for this major release. As far as Mail was concerned, this wasn’t an upgrade or update but involved the removal of popular features such as controls in Column View. For Time Machine it was the opposite, with a marked increase in complexity which has left some users simply unable to make stable backups any more. At least Big Sur promises to address these, with the exciting prospect of at last being able to store backups on APFS-formatted volumes.
When it comes to testing the kernel and its extensions, Apple holds all the cards with special debug versions of the kernel, and engineers for whom tools like
zprint are second nature.
The deepest irony with this kernel memory leak, though, is Apple’s current campaign to drive third-parties away from using kernel extensions. Big Sur is still promised to allow them, but their days are clearly numbered, with the substitution of System Extensions and their relatives, which run in user rather than kernel space. One strong argument in favour of Apple’s new regime is that it will ensure that no third-party extensions will be able to perpetrate the kernel memory leak and inevitable panic which macOS 10.15.6 introduced.
Now’s the time for Apple to address its own shortcomings in improving its pre-beta testing and exercising much better quality control. Otherwise we could be looking forward to more leaks in the future.