kernel: use sys_enter tracepoint for sucompat (#533)

* use sys_enter tracepoint for sucompat * update sucompat rules * clean tif mark * mark tif after load allow list * clear all tif first, then mark target * Fix shell su * allow when escape * fix bugs * kernel: Resolve logical inconsistencies --------- Co-authored-by: Ylarod <me@ylarod.cn> Co-authored-by: weishu <twsxtd@gmail.com>
2025-11-06 12:45:37 +08:00
parent ee9c20f62a
commit 71353a70d4
16 changed files with 262 additions and 302 deletions
--- a/kernel/ksud.c
+++ b/kernel/ksud.c
@@ -54,7 +54,7 @@ static void stop_vfs_read_hook(void);
 static void stop_execve_hook(void);
 static void stop_input_hook(void);

-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
 static struct work_struct stop_vfs_read_work;
 static struct work_struct stop_execve_hook_work;
 static struct work_struct stop_input_hook_work;
@@ -83,6 +83,9 @@ void on_post_fs_data(void)
    done = true;
    pr_info("%s!\n", __func__);
    ksu_load_allow_list();
+    extern void ksu_mark_running_process(void);
+    pr_info("mark tif for running process\n");
+    ksu_mark_running_process();
    ksu_observer_init();
    // sanity check, this may influence the performance
    stop_input_hook();
@@ -298,7 +301,7 @@ static ssize_t read_iter_proxy(struct kiocb *iocb, struct iov_iter *to)
 int ksu_handle_vfs_read(struct file **file_ptr, char __user **buf_ptr,
            size_t *count_ptr, loff_t **pos)
 {
-#ifndef CONFIG_KSU_KPROBES_HOOK
+#ifndef KSU_KPROBES_HOOK
    if (!ksu_vfs_read_hook) {
        return 0;
    }
@@ -411,7 +414,7 @@ static bool is_volumedown_enough(unsigned int count)
 int ksu_handle_input_handle_event(unsigned int *type, unsigned int *code,
                  int *value)
 {
-#ifndef CONFIG_KSU_KPROBES_HOOK
+#ifndef KSU_KPROBES_HOOK
    if (!ksu_input_hook) {
        return 0;
    }
@@ -453,7 +456,7 @@ bool ksu_is_safe_mode()
    return false;
 }

-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
 static int sys_execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
    /*
@@ -670,7 +673,7 @@ int __maybe_unused ksu_handle_compat_execve_ksud(const char __user *filename_use

 static void stop_vfs_read_hook(void)
 {
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    bool ret = schedule_work(&stop_vfs_read_work);
    pr_info("unregister vfs_read kprobe: %d!\n", ret);
 #else
@@ -681,7 +684,7 @@ static void stop_vfs_read_hook(void)

 static void stop_execve_hook(void)
 {
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    bool ret = schedule_work(&stop_execve_hook_work);
    pr_info("unregister execve kprobe: %d!\n", ret);
 #else
@@ -696,7 +699,7 @@ static void stop_execve_hook(void)

 static void stop_input_hook(void)
 {
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    static bool input_hook_stopped = false;
    if (input_hook_stopped) {
        return;
@@ -714,7 +717,7 @@ static void stop_input_hook(void)
 // ksud: module support
 void ksu_ksud_init(void)
 {
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    int ret;

    ret = register_kprobe(&execve_kp);
@@ -734,7 +737,7 @@ void ksu_ksud_init(void)

 void ksu_ksud_exit(void)
 {
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    unregister_kprobe(&execve_kp);
    // this should be done before unregister vfs_read_kp
    // unregister_kprobe(&vfs_read_kp);