From 0144a888daa1d24118e81c3b8ecb0f68cdbcd2d3 Mon Sep 17 00:00:00 2001 From: backslashxx <118538522+backslashxx@users.noreply.github.com> Date: Mon, 9 Jun 2025 07:23:35 +0800 Subject: [PATCH] kernel: throne_tracker: avoid cross-fs traversal using s_magic check Skip directories that does NOT have the same magic as /data/app. This is to avoid scanning incfs and any other stacked filesystems. While this is way dumber, it's way cheaper. no kern_path(), no missable path_put(), no ref handling. This is a workaround for Ultra-Legacy kernels where upstream's method fails. Seems doing 50+ kern_path() calls is a bad meme. This supercedes `throne_tracker: avoid cross fs access (tiann#2626)` - upstream https://github.com/tiann/KernelSU/commit/0b6998b474ed00610bbf2d6679f853cef07af3b8 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> --- kernel/throne_tracker.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/kernel/throne_tracker.c b/kernel/throne_tracker.c index ac7f8a14..38321988 100644 --- a/kernel/throne_tracker.c +++ b/kernel/throne_tracker.c @@ -201,6 +201,8 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name, return FILLDIR_ACTOR_CONTINUE; } +static unsigned long data_app_magic __read_mostly = 0; // its not like /data/app magic changes duh + void search_manager(const char *path, int depth, struct list_head *uid_data) { int i, stop = 0; @@ -238,6 +240,22 @@ void search_manager(const char *path, int depth, struct list_head *uid_data) pr_err("Failed to open directory: %s, err: %ld\n", pos->dirpath, PTR_ERR(file)); goto skip_iterate; } + + // grab magic on first folder, which is /data/app + if (unlikely(!data_app_magic)) { + if (file->f_inode->i_sb->s_magic) { + data_app_magic = file->f_inode->i_sb->s_magic; + pr_info("%s: dir: %s got magic! 0x%lx\n", __func__, pos->dirpath, data_app_magic); + } else + goto skip_iterate; + } + + if (file->f_inode->i_sb->s_magic != data_app_magic) { + pr_info("%s: skip: %s magic: 0x%lx expected: 0x%lx\n", __func__, pos->dirpath, + file->f_inode->i_sb->s_magic, data_app_magic); + filp_close(file, NULL); + goto skip_iterate; + } iterate_dir(file, &ctx.ctx); filp_close(file, NULL);