From 1bac30930faf9919ac5b36fabaa1f87bd919f820 Mon Sep 17 00:00:00 2001
From: Wang Han <416810799@qq.com>
Date: Tue, 10 Jun 2025 22:43:27 +0800
Subject: [PATCH] Switch to prepare_creds/commit_creds

Update API as per kernel doc recommends, also fix setup_groups refcount
leak while at it.
---
 kernel/core_hook.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/kernel/core_hook.c b/kernel/core_hook.c
index 193f34e2..b0405ed1 100644
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -110,6 +110,7 @@ static void setup_groups(struct root_profile *profile, struct cred *cred)
 
 	groups_sort(group_info);
 	set_groups(cred, group_info);
+	put_group_info(group_info);
 }
 
 static void disable_seccomp()
@@ -134,18 +135,18 @@ void escape_to_root(void)
 {
 	struct cred *cred;
 
-	rcu_read_lock();
-
-	do {
-		cred = (struct cred *)__task_cred((current));
-		BUG_ON(!cred);
-	} while (!get_cred_rcu(cred));
+	cred = prepare_creds();
+	if (!cred) {
+		pr_warn("prepare_creds failed!\n");
+		return;
+	}
 
 	if (cred->euid.val == 0) {
 		pr_warn("Already root, don't escape!\n");
-		rcu_read_unlock();
+		abort_creds(cred);
 		return;
 	}
+
 	struct root_profile *profile = ksu_get_root_profile(cred->uid.val);
 
 	cred->uid.val = profile->uid;
@@ -176,7 +177,7 @@ void escape_to_root(void)
 
 	setup_groups(profile, cred);
 
-	rcu_read_unlock();
+	commit_creds(cred);
 
 	// Refer to kernel/seccomp.c: seccomp_set_mode_strict
 	// When disabling Seccomp, ensure that current->sighand->siglock is held during the operation.
@@ -243,6 +244,7 @@ static void nuke_ext4_sysfs() {
 	}
 
 	ext4_unregister_sysfs(sb);
+	path_put(&path);
 }
 #else
 static inline void nuke_ext4_sysfs() { }