From 1726d0da58422231edc04401f820d0ec547bd67d Mon Sep 17 00:00:00 2001
From: backslashxx <118538522+backslashxx@users.noreply.github.com>
Date: Tue, 10 Jun 2025 07:43:45 +0700
Subject: [PATCH] kernel: core_hook: refactor escape_to_root

- Remove BUG_ON, bail out when failed
- Add put_cred

Signed-off-by: rsuntk <rissu.ntk@gmail.com>
---
 kernel/core_hook.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/kernel/core_hook.c b/kernel/core_hook.c
index a7013e26..269c18c5 100644
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -217,18 +217,23 @@ void ksu_escape_to_root(void)
 {
 	struct cred *cred;
 
+	if (current_euid().val == 0) {
+		pr_warn("Already root, don't escape!\n");
+		return;
+	}
+
 	rcu_read_lock();
 
 	do {
 		cred = (struct cred *)__task_cred((current));
-		BUG_ON(!cred);
+		if (!cred) {
+			pr_err("%s: cred is NULL! bailing out..\n", __func__);
+			rcu_read_unlock();
+			return;
+		}
 	} while (!get_cred_rcu(cred));
 
-	if (cred->euid.val == 0) {
-		pr_warn("Already root, don't escape!\n");
-		rcu_read_unlock();
-		return;
-	}
+	rcu_read_unlock();
 
 	struct root_profile *profile = ksu_get_root_profile(cred->uid.val);
 
@@ -259,8 +264,8 @@ void ksu_escape_to_root(void)
 	       sizeof(cred->cap_bset));
 
 	setup_groups(profile, cred);
-	
-	rcu_read_unlock();
+
+	put_cred(cred); // - release here - include/linux/cred.h
 
 	// Refer to kernel/seccomp.c: seccomp_set_mode_strict
 	// When disabling Seccomp, ensure that current->sighand->siglock is held during the operation.
@@ -989,7 +994,7 @@ static void ksu_sys_umount(const char *mnt, int flags)
 	char __user *usermnt = (char __user *)mnt;
 	mm_segment_t old_fs;
 	int ret; // although asmlinkage long
-	
+
 	old_fs = get_fs();
 	set_fs(KERNEL_DS);
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)