Ss #1
Merged
Ss #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prepair for 1.5.9
…D_GET_MANAGER_UID to 16, to avoid future conflitcs with upstream +
…rules() (tiann#2646) When kernel is compiled with CONFIG_DEBUG_ATOMIC_SLEEP enabled, it prints the following splat in dmesg during post boot: [ 6.739169] init: Opening SELinux policy [ 6.751520] init: Loading SELinux policy [ 6.894684] SELinux: policy capability network_peer_controls=1 [ 6.894688] SELinux: policy capability open_perms=1 [ 6.894690] SELinux: policy capability extended_socket_class=1 [ 6.894691] SELinux: policy capability always_check_network=0 [ 6.894693] SELinux: policy capability cgroup_seclabel=0 [ 6.894695] SELinux: policy capability nnp_nosuid_transition=1 [ 7.214323] selinux: SELinux: Loaded file context from: [ 7.214332] selinux: /system/etc/selinux/plat_file_contexts [ 7.214339] selinux: /system_ext/etc/selinux/system_ext_file_contexts [ 7.214345] selinux: /product/etc/selinux/product_file_contexts [ 7.214350] selinux: /vendor/etc/selinux/vendor_file_contexts [ 7.214356] selinux: /odm/etc/selinux/odm_file_contexts [ 7.216398] KernelSU: /system/bin/init argc: 2 [ 7.216401] KernelSU: /system/bin/init first arg: second_stage [ 7.216403] KernelSU: /system/bin/init second_stage executed [ 7.216506] BUG: sleeping function called from invalid context at security/selinux/ss/hashtab.c:47 [ 7.216512] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1, name: init [ 7.216516] preempt_count: 0, expected: 0 [ 7.216518] RCU nest depth: 1, expected: 0 [ 7.216524] CPU: 6 PID: 1 Comm: init Not tainted 5.4.289-Scarlet-v2.0-beta3 #1 [ 7.216526] Hardware name: redwood based Qualcomm Technologies, Inc. SM7325 (DT) [ 7.216528] Call trace: [ 7.216536] dump_backtrace+0x0/0x210 [ 7.216539] show_stack+0x14/0x20 [ 7.216544] dump_stack+0x9c/0xec [ 7.216548] __might_resched+0x1f0/0x210 [ 7.216552] hashtab_insert+0x38/0x230 [ 7.216557] add_type+0xd4/0x2e0 [ 7.216559] ksu_type+0x24/0x60 [ 7.216562] apply_kernelsu_rules+0xa8/0x650 [ 7.216565] ksu_handle_execveat_ksud+0x2a8/0x460 [ 7.216568] ksu_handle_execveat+0x2c/0x60 [ 7.216571] __arm64_sys_execve+0xe8/0xf0 [ 7.216574] el0_svc_common+0xf4/0x1a0 [ 7.216577] do_el0_svc+0x2c/0x40 [ 7.216579] el0_sync_handler+0x18c/0x200 [ 7.216582] el0_sync+0x140/0x180 This is because apply_kernelsu_rules() uses rcu_read_lock() to protect SELinux policy modifications. However, cond_resched() from hashtab_insert() at security/selinux/ss/hashtab.c is internally called and it sleeps which is illegal under an RCU read-side critical section. While replacing it with a spinlock would suppress the warning, this is fundamentally incorrect because sleeping is illegal while holding a spinlock and spinlock would turn off preemption which isn't an ideal solution since it intentionally turns off rescheduling, and can lead to deadlocks. Instead, replace the RCU lock with a mutex lock. Mutex lock allows sleeping when necessary, which is appropriate here because apply_kernelsu_rules() runs in process context, not in atomic or interrupt context. As apply_kernelsu_rules() is invoked only once during post boot (SYSTEM_RUNNING), the mutex lock does not introduce any major runtime performance regression and provides correct synchronization. Fixes: tiann#2637 Signed-off-by: Tashfin Shakeer Rhythm <[email protected]>
…h manager_uid +++
There are some ROMs based on AOSP that calls on second stage init with argc: 2 but with first_arg: "". This causes KSU to not work properly on those systems. Signed-off-by: Edrick Sinsuan <[email protected]>
* ksud: Address pagefault in ksu_handle_execveat_ksud As pointed out by @backslashxx, when strncpy pagefaults, it causes the first_arg to be completely NULL in some systems. This causes second_stage initialization to fail hence causing SU to be non-functional. This patch copies ksu_strncpy_from_user_retry from @backslashxx's commit: backslashxx@e2fe25e This adds a fallback to perform a normal strncpy_from_user when nofault fails which allows us to get the first_arg in such cases. Co-authored-by: backslashxx <[email protected]> Signed-off-by: Edrick Sinsuan <[email protected]> * Revert "ksud: Add second_stage init variant (tiann#653)" This reverts commit c6b60a2. --------- Signed-off-by: Edrick Sinsuan <[email protected]> Co-authored-by: backslashxx <[email protected]>
micro-opt Signed-off-by: backslashxx <[email protected]>
disabling this removes the need for LSM_HOOK_INIT, security_add_hooks and such,. furthermore, this will also allow easier integration on pre-4.1 kernels. Expose this and make it a configurable option. Signed-off-by: backslashxx <[email protected]>
use syscall hooks if you can though usage on do_execve_common: ksu_legacy_execve_sucompat(&filename, NULL, NULL); Signed-off-by: backslashxx <[email protected]>
context: this is known by many as `selinux hook`, `4.9 hook` add is_ksu_transition check which allows ksud execution under nosuid. it also eases up integration on 3.X kernels that does not have check_nnp_nosuid. Usage: if (is_ksu_transition(old_tsec, new_tsec)) return 0; on either check_nnp_nosuid or selinux_bprm_set_creds (after execve sid reset) reference: https://github.com/backslashxx/msm8953-kernel/commits/dfe003c9fdfa394a2bffe74668987a19a0d2f546 taken from: `allow init exec ksud under nosuid` - LineageOS/android_kernel_oneplus_msm8998@3df9df4 - tiann#166 (comment) 250611-edit: - remove ksu_execveat_hook entry check - turns out some devices needs the transition for multiple times Reported-by: edenadversary <[email protected]> Signed-off-by: backslashxx <[email protected]>
If ext4_unregister_sysfs ain't there, we don't care. This is mostly for UL builds. Signed-off-by: backslashxx <[email protected]>
as title Signed-off-by: backslashxx <[email protected]>
nothing uses this on old kernels, so even backporting this to file_operations is not really needed though if it is found, we probably need to proxy it https://elixir.bootlin.com/linux/v3.16.85/source/include/linux/fs.h#L1487 Signed-off-by: backslashxx <[email protected]>
style thing Signed-off-by: backslashxx <[email protected]>
seems it has the same abi anyway and this is what syscalls use this is to handle shitty backports common on 3.x vfs_llseek falls back to generic anyway depending on filesystem's f_op https://elixir.bootlin.com/linux/v3.10.108/source/fs/read_write.c#L225 Signed-off-by: backslashxx <[email protected]>
Clang splats the following:
drivers/kernelsu/throne_tracker.c:237:47: error: incompatible function pointer types initializing 'const filldir_t' (aka 'int (*const)(void *, const char *, int, long long, unsigned long long, unsigned int)') with an expression of type 'int (struct dir_context *, const char *, int, loff_t, u64, unsigned int)' (aka 'int (struct dir_context *, const char *, int, long long, unsigned long long, unsigned int)') [-Wincompatible-function-pointer-types]
237 | struct my_dir_context ctx = { .ctx.actor = my_actor,
| ^~~~~~~~
1 error generated.
reference:
- 3.18: https://elixir.bootlin.com/linux/v3.18/source/include/linux/fs.h#L1469
- 3.19: https://elixir.bootlin.com/linux/v3.19/source/include/linux/fs.h#L1489
so just pass as void, then cast it back
ximi-libra-test/android_kernel_xiaomi_libra@036c532
Signed-off-by: backslashxx <[email protected]>
I'll just copy what I put in comments originally: backslashxx@7a87f5c this is backported on msm-3.10 though SO YEAH WE STILL USE IT IF ITS THERE !! (ref: Makefile) but we have to try to follow what upstream linux is, and it is only added on 3.11 need to inline struct dir_context since this doesnt exist pre-iterate_dir era! ref: torvalds/linux@5c0ba4e analysis: int kernel_iterate_dir(struct file *file, struct dir_context *ctx) -> res = readdir(file, ctx, ctx->actor); ++++ file, struct -> file, struct, struct->member int vfs_readdir(struct file *file, filldir_t filler, void *buf) -> res = readdir(file, buf, filler); file, ??, ?? +++ 1 3 2 Signed-off-by: backslashxx <[email protected]> Update kernel_compat.h
upstream used IS_ERR to check for negative return and that is int, so correct it. This is one headache for old compilers. Signed-off-by: backslashxx <[email protected]>
this will make it support - this repo's manager - official manager, but I guess up to 1.0.1 for non-gki - 5ec1cff's MKSU - KernelSU NEXT - rsuntk's MKSU - SukiSU-Ultra
Signed-off-by: backslashxx <[email protected]>
I'm providing this as an option if you want an ultimatum. Usage: ksu_getname_flags_user(&filename, flags); on entry of getname_flags on namei.c This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <[email protected]>
put me right after strncpy_from user on getname_flags on namei.c ksu_getname_flags_kernel(&kname, flags); This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <[email protected]>
reorder ksu_handle_prctl checks a bit to allow non-manager to use CMD 15 this allows us to piggyback a small su to KernelSU's permission system after disabling kernel sucompat from: Relax prctl perm check - nampud@95125c3 Allow prctl only for root or manager or su binary - nampud@fa7af67 Refine prctl access check, allow /product/bin/su - nampud@dd466dc Refine prctl check a little bit more - nampud@e7c5b24 Signed-off-by: backslashxx <[email protected]>
LeCmnGend
pushed a commit
that referenced
this pull request
Jul 22, 2025
…rules() (tiann#2646) +++ When kernel is compiled with CONFIG_DEBUG_ATOMIC_SLEEP enabled, it prints the following splat in dmesg during post boot: [ 6.739169] init: Opening SELinux policy [ 6.751520] init: Loading SELinux policy [ 6.894684] SELinux: policy capability network_peer_controls=1 [ 6.894688] SELinux: policy capability open_perms=1 [ 6.894690] SELinux: policy capability extended_socket_class=1 [ 6.894691] SELinux: policy capability always_check_network=0 [ 6.894693] SELinux: policy capability cgroup_seclabel=0 [ 6.894695] SELinux: policy capability nnp_nosuid_transition=1 [ 7.214323] selinux: SELinux: Loaded file context from: [ 7.214332] selinux: /system/etc/selinux/plat_file_contexts [ 7.214339] selinux: /system_ext/etc/selinux/system_ext_file_contexts [ 7.214345] selinux: /product/etc/selinux/product_file_contexts [ 7.214350] selinux: /vendor/etc/selinux/vendor_file_contexts [ 7.214356] selinux: /odm/etc/selinux/odm_file_contexts [ 7.216398] KernelSU: /system/bin/init argc: 2 [ 7.216401] KernelSU: /system/bin/init first arg: second_stage [ 7.216403] KernelSU: /system/bin/init second_stage executed [ 7.216506] BUG: sleeping function called from invalid context at security/selinux/ss/hashtab.c:47 [ 7.216512] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1, name: init [ 7.216516] preempt_count: 0, expected: 0 [ 7.216518] RCU nest depth: 1, expected: 0 [ 7.216524] CPU: 6 PID: 1 Comm: init Not tainted 5.4.289-Scarlet-v2.0-beta3 #1 [ 7.216526] Hardware name: redwood based Qualcomm Technologies, Inc. SM7325 (DT) [ 7.216528] Call trace: [ 7.216536] dump_backtrace+0x0/0x210 [ 7.216539] show_stack+0x14/0x20 [ 7.216544] dump_stack+0x9c/0xec [ 7.216548] __might_resched+0x1f0/0x210 [ 7.216552] hashtab_insert+0x38/0x230 [ 7.216557] add_type+0xd4/0x2e0 [ 7.216559] ksu_type+0x24/0x60 [ 7.216562] apply_kernelsu_rules+0xa8/0x650 [ 7.216565] ksu_handle_execveat_ksud+0x2a8/0x460 [ 7.216568] ksu_handle_execveat+0x2c/0x60 [ 7.216571] __arm64_sys_execve+0xe8/0xf0 [ 7.216574] el0_svc_common+0xf4/0x1a0 [ 7.216577] do_el0_svc+0x2c/0x40 [ 7.216579] el0_sync_handler+0x18c/0x200 [ 7.216582] el0_sync+0x140/0x180 This is because apply_kernelsu_rules() uses rcu_read_lock() to protect SELinux policy modifications. However, cond_resched() from hashtab_insert() at security/selinux/ss/hashtab.c is internally called and it sleeps which is illegal under an RCU read-side critical section. While replacing it with a spinlock would suppress the warning, this is fundamentally incorrect because sleeping is illegal while holding a spinlock and spinlock would turn off preemption which isn't an ideal solution since it intentionally turns off rescheduling, and can lead to deadlocks. Instead, replace the RCU lock with a mutex lock. Mutex lock allows sleeping when necessary, which is appropriate here because apply_kernelsu_rules() runs in process context, not in atomic or interrupt context. As apply_kernelsu_rules() is invoked only once during post boot (SYSTEM_RUNNING), the mutex lock does not introduce any major runtime performance regression and provides correct synchronization. Fixes: tiann#2637 Signed-off-by: Tashfin Shakeer Rhythm <[email protected]>
LeCmnGend
added a commit
that referenced
this pull request
Jul 22, 2025
Merge pull request #1 from LeCmnGend/ss susfs 1.5.9
LeCmnGend
added a commit
that referenced
this pull request
Jul 22, 2025
Merge pull request #1 from LeCmnGend/ss susfs 1.5.9
LeCmnGend
pushed a commit
that referenced
this pull request
Jul 23, 2025
…rules() (tiann#2646) When kernel is compiled with CONFIG_DEBUG_ATOMIC_SLEEP enabled, it prints the following splat in dmesg during post boot: [ 6.739169] init: Opening SELinux policy [ 6.751520] init: Loading SELinux policy [ 6.894684] SELinux: policy capability network_peer_controls=1 [ 6.894688] SELinux: policy capability open_perms=1 [ 6.894690] SELinux: policy capability extended_socket_class=1 [ 6.894691] SELinux: policy capability always_check_network=0 [ 6.894693] SELinux: policy capability cgroup_seclabel=0 [ 6.894695] SELinux: policy capability nnp_nosuid_transition=1 [ 7.214323] selinux: SELinux: Loaded file context from: [ 7.214332] selinux: /system/etc/selinux/plat_file_contexts [ 7.214339] selinux: /system_ext/etc/selinux/system_ext_file_contexts [ 7.214345] selinux: /product/etc/selinux/product_file_contexts [ 7.214350] selinux: /vendor/etc/selinux/vendor_file_contexts [ 7.214356] selinux: /odm/etc/selinux/odm_file_contexts [ 7.216398] KernelSU: /system/bin/init argc: 2 [ 7.216401] KernelSU: /system/bin/init first arg: second_stage [ 7.216403] KernelSU: /system/bin/init second_stage executed [ 7.216506] BUG: sleeping function called from invalid context at security/selinux/ss/hashtab.c:47 [ 7.216512] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1, name: init [ 7.216516] preempt_count: 0, expected: 0 [ 7.216518] RCU nest depth: 1, expected: 0 [ 7.216524] CPU: 6 PID: 1 Comm: init Not tainted 5.4.289-Scarlet-v2.0-beta3 #1 [ 7.216526] Hardware name: redwood based Qualcomm Technologies, Inc. SM7325 (DT) [ 7.216528] Call trace: [ 7.216536] dump_backtrace+0x0/0x210 [ 7.216539] show_stack+0x14/0x20 [ 7.216544] dump_stack+0x9c/0xec [ 7.216548] __might_resched+0x1f0/0x210 [ 7.216552] hashtab_insert+0x38/0x230 [ 7.216557] add_type+0xd4/0x2e0 [ 7.216559] ksu_type+0x24/0x60 [ 7.216562] apply_kernelsu_rules+0xa8/0x650 [ 7.216565] ksu_handle_execveat_ksud+0x2a8/0x460 [ 7.216568] ksu_handle_execveat+0x2c/0x60 [ 7.216571] __arm64_sys_execve+0xe8/0xf0 [ 7.216574] el0_svc_common+0xf4/0x1a0 [ 7.216577] do_el0_svc+0x2c/0x40 [ 7.216579] el0_sync_handler+0x18c/0x200 [ 7.216582] el0_sync+0x140/0x180 This is because apply_kernelsu_rules() uses rcu_read_lock() to protect SELinux policy modifications. However, cond_resched() from hashtab_insert() at security/selinux/ss/hashtab.c is internally called and it sleeps which is illegal under an RCU read-side critical section. While replacing it with a spinlock would suppress the warning, this is fundamentally incorrect because sleeping is illegal while holding a spinlock and spinlock would turn off preemption which isn't an ideal solution since it intentionally turns off rescheduling, and can lead to deadlocks. Instead, replace the RCU lock with a mutex lock. Mutex lock allows sleeping when necessary, which is appropriate here because apply_kernelsu_rules() runs in process context, not in atomic or interrupt context. As apply_kernelsu_rules() is invoked only once during post boot (SYSTEM_RUNNING), the mutex lock does not introduce any major runtime performance regression and provides correct synchronization. Fixes: tiann#2637 Signed-off-by: Tashfin Shakeer Rhythm <[email protected]>
LeCmnGend
pushed a commit
that referenced
this pull request
Sep 30, 2025
[ 101.572296] CPU: 0 PID: 8674 Comm: main Tainted: G WC OE 5.15.148-Ghost@NVG-064-gce02b349fb2b #1 [ 101.572305] Hardware name: Qualcomm Technologies, Inc. KHAJE IDP nopmi topaz (DT) [ 101.572309] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 101.572315] pc : mntput_no_expire+0x25c/0x300 [ 101.572328] lr : mntput_no_expire+0x134/0x300 [ 101.572334] sp : ffffffc01d163c10 [ 101.572336] x29: ffffffc01d163c30 x28: ffffffdb2c74bff0 x27: 0000000000000000 [ 101.572345] x26: ffffff806cf11200 x25: ffffff806cf11200 x24: ffffffdb2db93000 [ 101.572353] x23: ffffff807df66da0 x22: ffffff807df66d80 x21: ffffff807df66d80 [ 101.572361] x20: ffffffdb2db89380 x19: ffffff806cf11200 x18: ffffffc013aad068 [ 101.572369] x17: 0000000000000001 x16: ffffffa6c928b000 x15: 0000000000000000 [ 101.572378] x14: 0000000000000020 x13: ffffffdb2db9f860 x12: 0000000000000020 [ 101.572385] x11: ffffffffffffffff x10: 00000000000000ff x9 : 0000000000000008 [ 101.572393] x8 : ffffff807df66d80 x7 : 61705f75736b203a x6 : 55536c656e72654b [ 101.572401] x5 : ffffffdb2de14332 x4 : ffffff81f6c435c1 x3 : 0000000000000000 [ 101.572409] x2 : 0000000200000000 x1 : 0000000000000000 x0 : 00000000ffffffff [ 101.572418] Call trace: [ 101.572422] mntput_no_expire+0x25c/0x300 [ 101.572431] path_put+0x3c/0x58 [ 101.572438] ksu_try_umount+0x14c/0x174 [ 101.572445] susfs_try_umount_all+0x6c/0x190 [ 101.572450] ksu_handle_setuid+0x20c/0x320 [ 101.572454] ksu_task_fix_setuid+0x18/0x2c [ 101.572459] __sys_setresuid+0x1e0/0x3dc [ 101.572466] __arm64_sys_setresuid+0x28/0x38 [ 101.572472] invoke_syscall+0x64/0x154 [ 101.572479] el0_svc_common+0x90/0xf4 [ 101.572484] do_el0_svc+0x2c/0x9c [ 101.572489] el0_svc+0x28/0x60 [ 101.572496] el0t_64_sync_handler+0xd4/0xf0 [ 101.572501] el0t_64_sync+0x1b8/0x1bc [ 101.572508] ---[ end trace b57c69edb246930f ]--- [ 101.572626] ------------[ cut here ]------------ Suggested-by: backslashxx <[email protected]> Signed-off-by: rsuntk <[email protected]>
LeCmnGend
pushed a commit
that referenced
this pull request
Sep 30, 2025
…rules() When kernel is compiled with CONFIG_DEBUG_ATOMIC_SLEEP enabled, it prints the following splat in dmesg during post boot: [ 6.739169] init: Opening SELinux policy [ 6.751520] init: Loading SELinux policy [ 6.894684] SELinux: policy capability network_peer_controls=1 [ 6.894688] SELinux: policy capability open_perms=1 [ 6.894690] SELinux: policy capability extended_socket_class=1 [ 6.894691] SELinux: policy capability always_check_network=0 [ 6.894693] SELinux: policy capability cgroup_seclabel=0 [ 6.894695] SELinux: policy capability nnp_nosuid_transition=1 [ 7.214323] selinux: SELinux: Loaded file context from: [ 7.214332] selinux: /system/etc/selinux/plat_file_contexts [ 7.214339] selinux: /system_ext/etc/selinux/system_ext_file_contexts [ 7.214345] selinux: /product/etc/selinux/product_file_contexts [ 7.214350] selinux: /vendor/etc/selinux/vendor_file_contexts [ 7.214356] selinux: /odm/etc/selinux/odm_file_contexts [ 7.216398] KernelSU: /system/bin/init argc: 2 [ 7.216401] KernelSU: /system/bin/init first arg: second_stage [ 7.216403] KernelSU: /system/bin/init second_stage executed [ 7.216506] BUG: sleeping function called from invalid context at security/selinux/ss/hashtab.c:47 [ 7.216512] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1, name: init [ 7.216516] preempt_count: 0, expected: 0 [ 7.216518] RCU nest depth: 1, expected: 0 [ 7.216524] CPU: 6 PID: 1 Comm: init Not tainted 5.4.289-Scarlet-v2.0-beta3 #1 [ 7.216526] Hardware name: redwood based Qualcomm Technologies, Inc. SM7325 (DT) [ 7.216528] Call trace: [ 7.216536] dump_backtrace+0x0/0x210 [ 7.216539] show_stack+0x14/0x20 [ 7.216544] dump_stack+0x9c/0xec [ 7.216548] __might_resched+0x1f0/0x210 [ 7.216552] hashtab_insert+0x38/0x230 [ 7.216557] add_type+0xd4/0x2e0 [ 7.216559] ksu_type+0x24/0x60 [ 7.216562] apply_kernelsu_rules+0xa8/0x650 [ 7.216565] ksu_handle_execveat_ksud+0x2a8/0x460 [ 7.216568] ksu_handle_execveat+0x2c/0x60 [ 7.216571] __arm64_sys_execve+0xe8/0xf0 [ 7.216574] el0_svc_common+0xf4/0x1a0 [ 7.216577] do_el0_svc+0x2c/0x40 [ 7.216579] el0_sync_handler+0x18c/0x200 [ 7.216582] el0_sync+0x140/0x180 This is because apply_kernelsu_rules() uses rcu_read_lock() to protect SELinux policy modifications. However, cond_resched() from hashtab_insert() at security/selinux/ss/hashtab.c is internally called and it sleeps which is illegal under an RCU read-side critical section. While replacing it with a spinlock would suppress the warning, this is fundamentally incorrect because sleeping is illegal while holding a spinlock and spinlock would turn off preemption which isn't an ideal solution since it intentionally turns off rescheduling, and can lead to deadlocks. Instead, replace the RCU lock with a mutex lock. Mutex lock allows sleeping when necessary, which is appropriate here because apply_kernelsu_rules() runs in process context, not in atomic or interrupt context. As apply_kernelsu_rules() is invoked only once during post boot (SYSTEM_RUNNING), the mutex lock does not introduce any major runtime performance regression and provides correct synchronization. Fixes: tiann#2637 Signed-off-by: Tashfin Shakeer Rhythm <[email protected]>
LeCmnGend
pushed a commit
that referenced
this pull request
Sep 30, 2025
Currently, handle_sepolicy() holds an RCU read lock across the entire
function including calls to strncpy_from_user() which can sleep, which
is illegal in RCU semantics.
This triggers the following warning when the kernel is compiled with
CONFIG_DEBUG_ATOMIC_SLEEP enabled:
[ 8.526345] BUG: sleeping function called from invalid context at lib/strncpy_from_user.c:40
[ 8.526349] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 683, name: ksud
[ 8.526351] preempt_count: 0, expected: 0
[ 8.526352] RCU nest depth: 1, expected: 0
[ 8.526354] 1 lock held by ksud/683:
[ 8.526355] #0: ffffffe013e1b970 (rcu_read_lock){....}, at: handle_sepolicy+0xe4/0xaa0
[ 8.526365] CPU: 6 PID: 683 Comm: ksud Tainted: G W 5.4.289-Scarlet-v2.2-beta2 #1
[ 8.526366] Hardware name: redwood based Qualcomm Technologies, Inc. SM7325 (DT)
[ 8.526367] Call trace:
[ 8.526371] dump_backtrace+0x0/0x1c0
[ 8.526374] dump_stack+0x90/0xcc
[ 8.526376] __might_sleep+0x1a0/0x200
[ 8.526378] __might_fault+0x28/0x40
[ 8.526381] strncpy_from_user+0xac/0x300
[ 8.526383] handle_sepolicy+0x588/0xaa0
[ 8.526385] ksu_handle_prctl+0x368/0xd60
[ 8.526386] ksu_task_prctl+0xc/0x20
[ 8.526389] security_task_prctl+0x5c/0xa0
[ 8.526391] __arm64_sys_prctl+0x58/0x7e0
[ 8.526393] do_el0_svc+0x68/0x120
[ 8.526394] el0_sync_handler+0x11c/0x1c0
[ 8.526395] el0_sync+0x140/0x180
To fix this, replace the rcu_read_lock() with the `ksu_rules` mutex_lock()
introduced with commit 9014c66 ("kernel: selinux: rules: Fix illegal RCU
lock usage in apply_kernelsu_rules()") which allows sleeping.
This mutex_lock() ensures mutual exclusion between threads invoking dynamic
policy modifications via handle_sepolicy() and those applying KernelSU rules
via apply_kernelsu_rules(), both of which access the policydb structure through
get_policydb().
Signed-off-by: Tashfin Shakeer Rhythm <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
how