From 6af2da13aea75365684df30d606d490635d31f93 Mon Sep 17 00:00:00 2001 From: backslashxx <118538522+backslashxx@users.noreply.github.com> Date: Fri, 3 Oct 2025 16:26:17 +0700 Subject: [PATCH] kernel: migrate barriers to spec barriers and code style thing overkill, but yeah, might as well move on to the real deal. [ rsuntk: Rename original variable name ] Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> Signed-off-by: rsuntk --- kernel/core_hook.c | 12 ++++-------- kernel/kernel_compat.h | 8 ++++++++ kernel/sucompat.c | 5 ++--- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/kernel/core_hook.c b/kernel/core_hook.c index d03ec7a0..7056574d 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -310,24 +310,20 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, // here we just let them suffer uid_t current_uid_val = current_uid().val; uid_t manager_uid = ksu_get_manager_uid(); - if (current_uid_val != manager_uid && + if (current_uid_val != manager_uid && current_uid_val % 100000 == manager_uid) { - ksu_set_manager_uid(current_uid_val); - // make sure all cpus sees this change, next line will check - smp_mb(); + ksu_set_manager_uid(current_uid_val); } skip_check: // yes this causes delay, but this keeps the delay consistent, which is what we want - barrier(); + // with a proper barrier for safety as the compiler and cpu might try to do something smart. + KCOMPAT_BARRIER(); if (!is_allow_su()) return 0; // we move it after uid check here so they cannot // compare 0xdeadbeef call to a non-0xdeadbeef call - // with barriers around for safety as the compiler - // might try to do something smart. - barrier(); if (KERNEL_SU_OPTION != option) return 0; diff --git a/kernel/kernel_compat.h b/kernel/kernel_compat.h index 779e2466..f0b493a2 100644 --- a/kernel/kernel_compat.h +++ b/kernel/kernel_compat.h @@ -7,6 +7,14 @@ #include "ss/policydb.h" #include "linux/key.h" +#if defined(CONFIG_X86) +#define KCOMPAT_BARRIER() barrier_nospec() +#elif defined(CONFIG_ARM) || defined(CONFIG_ARM64) +#define KCOMPAT_BARRIER() isb() // arch/arm64/include/asm/barrier.h +#else +#define KCOMPAT_BARRIER() barrier() // well, compiler atleast. +#endif + /** * list_count_nodes - count the number of nodes in a list * @head: the head of the list diff --git a/kernel/sucompat.c b/kernel/sucompat.c index 3c90175e..a7f27a0a 100644 --- a/kernel/sucompat.c +++ b/kernel/sucompat.c @@ -170,10 +170,9 @@ int __ksu_handle_devpts(struct inode *inode) return 0; #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) || defined(KSU_OPTIONAL_SELINUX_INODE) - struct inode_security_struct *sec = selinux_inode(inode); + struct inode_security_struct *sec = selinux_inode(inode); #else - struct inode_security_struct *sec = - (struct inode_security_struct *)inode->i_security; + struct inode_security_struct *sec = (struct inode_security_struct *)inode->i_security; #endif if (ksu_devpts_sid && sec) sec->sid = ksu_devpts_sid;