kernel: throne_tracker: offload to kthread #2632

backslashxx · 2025-06-11T04:01:04Z

Run throne_tracker() in kthread instead of blocking the caller.
Prevents full lockup during installation and removing the manager.

First run remains synchronous for compatibility purposes (FDE, FBEv1, FBEv2)

Features:
- looks and waits for manager UID in /data/system/packages.list
- run track_throne() in a kthread after the first synchronous run
- prevent duplicate thread creation with a single-instance check
- spinlock-on-d_lock based polling adressing possible race conditions.

Race conditions adressed
- single instance kthread lock, smp_mb()
- track_throne_function, packages.list, spinlock-on-d_lock based polling
- is_manager_apk, apk, spinlock-on-d_lock based polling

This is a squash of:
kernel: throne_tracker: move throne_tracker to kthread with spinlocks
kernel: throne_tracker: harden track_throne_function file read
kernel: throne_tracker, apk_sign: functionify d_lock spinlock check
kernel: throne_tracker: harden packages.list checker further
kernel: apk_sign: loop file open on is_manager_apk
kernel: throne_tracker: tweak search_manager
kernel: apk_sign: check for rw locking before processing

Original skeleton based on:
`kernelsu: move throne_tracker() to kthread`
`kernelsu: check locking before accessing files and dirs during searching manager`
`kernelsu: look for manager UID in /data/system/packages.list, not /data/system/packages.list.tmp`
https://github.com/acroreiser/android_kernel_lge_hammerhead/compare/0b05e927...8783badd

Co-Authored-By: backslashxx <[email protected]>
Co-Authored-By: Yaroslav Zviezda <[email protected]>
Signed-off-by: backslashxx <[email protected]>

backslashxx · 2025-06-11T04:04:07Z

context:

we are working on proper downstream support of MKSU on 3.X kernels.
we had a lot of stuckups/crashes when throne tracker runs, (manager uninstall, reinstall, install)

kthreaded throne tracker is based on the work and advice of @acroreiser (@LineageOS-UL)
initially, we tried to use a full fat sleepable one, but theres that issue where you can ps | grep throne
and it is too "fat" so we skipped it.

The one in here is a use and destroy one.
ofcourse for detection specialists, yes theres a pid increase everytime throne_tracker runs :^)

I believe that this is useful to send upstream (here). While the code kind of targeted 3.X kernels,
with the proper choices on here that is as generic as possible, this should work as is even on 6.X.

selfmusing · 2025-06-11T08:12:50Z

I've just tried this PR .
At first everything looks good and works fine as well , but after manually uninstalling and reinstalling the manager a few times it shows this error :

Crowning takes place as it should but it has no effect on manager :

[  621.832459] KernelSU: renameat: packages.list.tmp -> packages.list, new path: /system/packages.list
[  621.833171] KernelSU: throne_tracker_thread: pid: 22618 started
[  621.833450] KernelSU: track_throne_function: /data/system/packages.list found!
[  621.913086] KernelSU: Searching manager...
[  621.916076] KernelSU: sha256: d06917e6deece7bf9b3278b1bb4ca4123c7d546bfebfd204915465804750bd03, expected: d06917e6deece7bf9b3278b1bb4ca4123c7d546bfebfd204915465804750bd03
[  621.916175] KernelSU: Found new base.apk at path: /data/app/~~v5qVNzdlgF8NhZAORbb8Ww==/me.weishu.kernelsu-lLxyXj-GG2N6QSVPSXMPGg==/base.apk, is_manager: 1
[  621.916178] KernelSU: manager pkg: me.weishu.kernelsu
[  621.916254] KernelSU: Crowning manager: me.weishu.kernelsu(uid=10579)
[  621.916279] KernelSU: Stop searching
[  621.916390] KernelSU: Search manager finished
[  621.917127] KernelSU: throne_tracker_thread: pid: 22618 exit!

I had to reinstall it again several times to fix the signature hash mismatch on ksu manager.

backslashxx · 2025-06-11T08:15:28Z

yeah there can be an issue with that hash managemnent
I had a workaround for this, lemem push.

selfmusing · 2025-06-11T08:29:52Z

yeah theres can be an issue with that hash managemnent I had a workaround for this, lemem push.

Thanks! It fixed the issue.

oct888 · 2025-06-11T13:39:33Z

I've just tried this PR, Everything seems good on my end using 5.15. manager successfully crowned across multiple uninstall/reinstall cycles.

tiann · 2025-06-12T04:09:51Z

I understand that this PR has two features:

Switch to kthread
Use s_magic to replace super_block

Please split it into two PRs.

backslashxx · 2025-06-12T04:12:00Z

I understand that this PR has two features:

Switch to kthread

Use s_magic to replace super_block

Please split it into two PRs.

avira said so that I just push both, but sure, I will push cross-fs-avoidance first.
wait a little.

aviraxp · 2025-06-12T06:34:50Z

My idea is to vmalloc() package.list.tmp to memory, use vfs_read() to read it, create kthread to parse it and search. Or we are guaranteed to have a race.

backslashxx · 2025-06-12T06:37:30Z

now thats something above my paygrade, I can lookup about it later.
but yeah my current dumb check can cause a 1 second stuck time, I say its pretty cheap as were now fully async.

--
as for the lock, the spinlock there being unlocked right away is just a check for d_lock to prevent processing a file being renamed / deleted etc, whatever operation holds a d_lock

this likely is optional once packages.list is fully committed, so I'm not really sure about this.

we can hold this lock longer on apk_sign to assure proper processing.

we can also try to use this as logic to check for packages.list if its unlocked.

--
as for this being designed for 3.X , this already has been built and tested on @ShirkNeko 's SUKiSU, both with GKI and LKM
so it should build fine 5.10++

https://github.com/SukiSU-Ultra/SukiSU-Ultra/actions

backslashxx · 2025-06-12T06:58:56Z

@aviraxp theres also another race on having multiple kthreads.
I literally saw it happen on an SD 808 of all things.

right now I am putting smp_mb() on it, but this might be too much.

current behavior @ 8717a4d
https://paste.debian.net/plain/1379323

aviraxp

Prevent this being accidentally merged

Added from https://github.com/5ec1cff/KernelSU (+22) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes app: persist show system app settings magic mount: make mount points read only Other changes (+71): ksud: move workdir to /mnt/vendor ksud: remove tmpfs mounting ksud: tell sys_reboot interface about our mounts (5ec1cff#16) ksud: add cmd for add-try-umount, wipe-umount-list and nuke-ext4-sysfs workflows: debloat workflows: debloat pt. 2 ksud: add armeabi-v7a support manager: failure mode dummy demo dummy.keystore manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore compat code required for old kernels Reapply: "Handle unmount for isolated process correctly (tiann#2696)" kernel: core_hook: backport ksu_enhanced_security rules kernel: core_hook: disable seccomp for allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: core_hook, supercalls: expose umount list on sys_reboot interface kernel: supercalls: expose nuke_ext4_sysfs to sys_reboot interface kernel: throne_tracker: offload to kthread (tiann#2632) kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: expose allowlist workaround as Kconfig option kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat toggle support for manual hooks (tiann#2506) kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: kp_ksud: add security_bounded_transition hook for < 4.14 (tiann#1704) kernel: kp_ksud: add sys_reboot kp hook kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: base implementation of avc log spoofing kernel: extras/avc_spoof: add kprobe support kernel: extras: add avc spoof to feature kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide weak anon_inode_getfd_secure for < 5.12 kernel: compat: provide selinux_inode wrapper for < 5.1 kernel: compat: provide selinux_cred wrapper for < 5.1 kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux: fix wrong return type KernelSU v2.1.2+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

Run throne_tracker() in kthread instead of blocking the caller. Prevents full lockup during installation and removing the manager. By default, first run remains synchronous for compatibility purposes (FDE, FBEv1, FBEv2) Features: - looks and waits for manager UID in /data/system/packages.list - run track_throne() in a kthread after the first synchronous run - prevent duplicate thread creation with a single-instance check - spinlock-on-d_lock based polling adressing possible race conditions. Race conditions adressed - single instance kthread lock, smp_mb() - track_throne_function, packages.list, spinlock-on-d_lock based polling - is_manager_apk, apk, spinlock-on-d_lock based polling This is a squash of: tiann#2632 Original skeleton based on: `kernelsu: move throne_tracker() to kthread` `kernelsu: check locking before accessing files and dirs during searching manager` `kernelsu: look for manager UID in /data/system/packages.list, not /data/system/packages.list.tmp` acroreiser/android_kernel_lge_hammerhead@0b05e92...8783bad Co-Authored-By: backslashxx <[email protected]> Co-Authored-By: Yaroslav Zviezda <[email protected]> Signed-off-by: backslashxx <[email protected]>