Revert "kernel: getname might sleep in kprobe handler (#670)"
This reverts commit 79bb9813ef.
This commit is contained in:
weishu
@@ -52,8 +52,6 @@ static inline bool is_isolated_uid(uid_t uid)
|
|||||||
appid <= LAST_APP_ZYGOTE_ISOLATED_UID);
|
appid <= LAST_APP_ZYGOTE_ISOLATED_UID);
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct group_info root_groups = { .usage = ATOMIC_INIT(2) };
|
|
||||||
|
|
||||||
static void setup_groups(struct root_profile *profile, struct cred *cred)
|
static void setup_groups(struct root_profile *profile, struct cred *cred)
|
||||||
{
|
{
|
||||||
if (profile->groups_count > KSU_MAX_GROUPS) {
|
if (profile->groups_count > KSU_MAX_GROUPS) {
|
||||||
@@ -62,14 +60,6 @@ static void setup_groups(struct root_profile *profile, struct cred *cred)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (profile->groups_count == 1 && profile->groups[0] == 0) {
|
|
||||||
// it is root groups, setgroup to root and return early!
|
|
||||||
if (cred->group_info)
|
|
||||||
put_group_info(cred->group_info);
|
|
||||||
cred->group_info = get_group_info(&root_groups);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
u32 ngroups = profile->groups_count;
|
u32 ngroups = profile->groups_count;
|
||||||
struct group_info *group_info = groups_alloc(ngroups);
|
struct group_info *group_info = groups_alloc(ngroups);
|
||||||
if (!group_info) {
|
if (!group_info) {
|
||||||
|
|||||||
@@ -20,13 +20,6 @@
|
|||||||
#define SU_PATH "/system/bin/su"
|
#define SU_PATH "/system/bin/su"
|
||||||
#define SH_PATH "/system/bin/sh"
|
#define SH_PATH "/system/bin/sh"
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
|
|
||||||
#define ksu_copy_from_user_nofault(dst, src, sz) \
|
|
||||||
copy_from_user_nofault(dst, src, sz)
|
|
||||||
#else
|
|
||||||
#define ksu_copy_from_user_nofault(dst, src, sz) probe_user_read(dst, src, sz)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
extern void escape_to_root();
|
extern void escape_to_root();
|
||||||
|
|
||||||
static void __user *userspace_stack_buffer(const void *d, size_t len)
|
static void __user *userspace_stack_buffer(const void *d, size_t len)
|
||||||
@@ -48,30 +41,32 @@ static char __user *sh_user_path(void)
|
|||||||
int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
|
int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
|
||||||
int *flags)
|
int *flags)
|
||||||
{
|
{
|
||||||
|
struct filename *filename;
|
||||||
const char su[] = SU_PATH;
|
const char su[] = SU_PATH;
|
||||||
|
|
||||||
if (!ksu_is_allow_uid(current_uid().val)) {
|
if (!ksu_is_allow_uid(current_uid().val)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
char path[sizeof(su)];
|
filename = getname(*filename_user);
|
||||||
memset(path, 0, sizeof(path));
|
|
||||||
if (ksu_copy_from_user_nofault(path, *filename_user, sizeof(path))) {
|
if (IS_ERR(filename)) {
|
||||||
pr_info("faccessat filename ERR: %d!\n", current_uid().val);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
if (unlikely(!memcmp(filename->name, su, sizeof(su)))) {
|
||||||
if (unlikely(!memcmp(path, su, sizeof(su)))) {
|
pr_info("faccessat su->sh!\n");
|
||||||
pr_info("faccessat su found: %d!\n", current_uid().val);
|
|
||||||
*filename_user = sh_user_path();
|
*filename_user = sh_user_path();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
putname(filename);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
|
int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
|
||||||
{
|
{
|
||||||
// const char sh[] = SH_PATH;
|
// const char sh[] = SH_PATH;
|
||||||
|
struct filename *filename;
|
||||||
const char su[] = SU_PATH;
|
const char su[] = SU_PATH;
|
||||||
|
|
||||||
if (!ksu_is_allow_uid(current_uid().val)) {
|
if (!ksu_is_allow_uid(current_uid().val)) {
|
||||||
@@ -79,23 +74,21 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (unlikely(!filename_user)) {
|
if (unlikely(!filename_user)) {
|
||||||
pr_info("stat filename is NULL: %d\n", current_uid().val);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// filename = getname(*filename_user);
|
filename = getname(*filename_user);
|
||||||
char path[sizeof(su)];
|
|
||||||
memset(path, 0, sizeof(path));
|
if (IS_ERR(filename)) {
|
||||||
if (ksu_copy_from_user_nofault(path, *filename_user, sizeof(path))) {
|
|
||||||
pr_info("stat filename ERR: %d!\n", current_uid().val);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
if (unlikely(!memcmp(filename->name, su, sizeof(su)))) {
|
||||||
if (unlikely(!memcmp(path, su, sizeof(su)))) {
|
pr_info("newfstatat su->sh!\n");
|
||||||
pr_info("stat su found: %d\n", current_uid().val);
|
|
||||||
*filename_user = sh_user_path();
|
*filename_user = sh_user_path();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
putname(filename);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -120,7 +113,7 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
|
|||||||
if (!ksu_is_allow_uid(current_uid().val))
|
if (!ksu_is_allow_uid(current_uid().val))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
pr_info("do_execveat_common su found: %d\n", current_uid().val);
|
pr_info("do_execveat_common su found\n");
|
||||||
memcpy((void *)filename->name, sh, sizeof(sh));
|
memcpy((void *)filename->name, sh, sizeof(sh));
|
||||||
|
|
||||||
escape_to_root();
|
escape_to_root();
|
||||||
|
|||||||
Reference in New Issue
Block a user