From 0d70cc8e58fc0a0efb719e8717a49dd20081452f Mon Sep 17 00:00:00 2001 From: backslashxx <118538522+backslashxx@users.noreply.github.com> Date: Sun, 16 Feb 2025 23:23:40 +0800 Subject: [PATCH] kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) This is done like how vfs_read_hook, input_hook and execve_hook is disabled. While this is not exactly the same thing, this CAN achieve the same results. The complete disabling of all KernelSU hooks. While this is likely unneeded, It keeps feature parity to non-kprobe builds. adapted from upstream: kernel: Allow to re-enable sucompat - https://github.com/tiann/KernelSU/commit/4593ae81c78998dffbc81291eac15726a273a538 Rejected: https://github.com/tiann/KernelSU/pull/2506 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> --- kernel/sucompat.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/kernel/sucompat.c b/kernel/sucompat.c index 40699878..6410947b 100644 --- a/kernel/sucompat.c +++ b/kernel/sucompat.c @@ -22,6 +22,10 @@ extern void escape_to_root(); +#ifndef CONFIG_KPROBES +static bool ksu_sucompat_non_kp __read_mostly = true; +#endif + static void __user *userspace_stack_buffer(const void *d, size_t len) { /* To avoid having to mmap a page in userspace, just write below the stack @@ -50,6 +54,12 @@ int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode, { const char su[] = SU_PATH; +#ifndef CONFIG_KPROBES + if (!ksu_sucompat_non_kp) { + return 0; + } +#endif + if (!ksu_is_allow_uid(current_uid().val)) { return 0; } @@ -71,6 +81,11 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags) // const char sh[] = SH_PATH; const char su[] = SU_PATH; +#ifndef CONFIG_KPROBES + if (!ksu_sucompat_non_kp) { + return 0; + } +#endif if (!ksu_is_allow_uid(current_uid().val)) { return 0; } @@ -115,6 +130,11 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr, const char sh[] = KSUD_PATH; const char su[] = SU_PATH; +#ifndef CONFIG_KPROBES + if (!ksu_sucompat_non_kp) { + return 0; + } +#endif if (unlikely(!filename_ptr)) return 0; @@ -144,6 +164,11 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user, const char su[] = SU_PATH; char path[sizeof(su) + 1]; +#ifndef CONFIG_KPROBES + if (!ksu_sucompat_non_kp){ + return 0; + } +#endif if (unlikely(!filename_user)) return 0; @@ -237,6 +262,9 @@ void ksu_sucompat_init() su_kps[0] = init_kprobe(SYS_EXECVE_SYMBOL, execve_handler_pre); su_kps[1] = init_kprobe(SYS_FACCESSAT_SYMBOL, faccessat_handler_pre); su_kps[2] = init_kprobe(SYS_NEWFSTATAT_SYMBOL, newfstatat_handler_pre); +#else + ksu_sucompat_non_kp = true; + pr_info("ksu_sucompat_init: hooks enabled: execve/execveat_su, faccessat, stat\n"); #endif } @@ -246,5 +274,8 @@ void ksu_sucompat_exit() for (int i = 0; i < ARRAY_SIZE(su_kps); i++) { destroy_kprobe(&su_kps[i]); } +#else + ksu_sucompat_non_kp = false; + pr_info("ksu_sucompat_exit: hooks disabled: execve/execveat_su, faccessat, stat\n"); #endif }