From 71f8944ffbe8700966a3f8854cd8c4c7bc344fee Mon Sep 17 00:00:00 2001 From: rsuntk Date: Mon, 28 Jul 2025 22:31:16 +0700 Subject: [PATCH] kernel: selinux: replace rcu_read_{lock, unlock} to mutex_{lock, unlock} * We got a splat related to atomic sleep. * The trace is from strncpy_from_user and might_fault Same case: https://github.com/rsuntk/KernelSU/commit/e47115e00956a8b25df73f92b544783a9fdc2afe Signed-off-by: rsuntk --- kernel/selinux/rules.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c index ebf19ff7..35aef06d 100644 --- a/kernel/selinux/rules.c +++ b/kernel/selinux/rules.c @@ -36,7 +36,7 @@ static struct policydb *get_policydb(void) return db; } -static DEFINE_MUTEX(ksu_rules); +static DEFINE_MUTEX(apply_ksu_rules_mutex); void ksu_apply_kernelsu_rules() { @@ -46,7 +46,7 @@ void ksu_apply_kernelsu_rules() pr_info("SELinux permissive or disabled, apply rules!\n"); } - mutex_lock(&ksu_rules); + mutex_lock(&apply_ksu_rules_mutex); db = get_policydb(); @@ -149,7 +149,7 @@ void ksu_apply_kernelsu_rules() susfs_set_zygote_sid(); #endif - mutex_unlock(&ksu_rules); + mutex_unlock(&apply_ksu_rules_mutex); } #define MAX_SEPOL_LEN 128 @@ -233,6 +233,7 @@ static void reset_avc_cache() selinux_xfrm_notify_policyload(); } +static DEFINE_MUTEX(ksu_handle_sepolicy_mutex); int ksu_handle_sepolicy(unsigned long arg3, void __user *arg4) { if (!arg4) { @@ -279,9 +280,11 @@ int ksu_handle_sepolicy(unsigned long arg3, void __user *arg4) subcmd = data.subcmd; } - rcu_read_lock(); + struct policydb *db; - struct policydb *db = get_policydb(); + mutex_lock(&ksu_handle_sepolicy_mutex); + + db = get_policydb(); int ret = -1; if (cmd == CMD_NORMAL_PERM) { @@ -531,7 +534,7 @@ int ksu_handle_sepolicy(unsigned long arg3, void __user *arg4) } exit: - rcu_read_unlock(); + mutex_unlock(&ksu_handle_sepolicy_mutex); // only allow and xallow needs to reset avc cache, but we cannot do that because // we are in atomic context. so we just reset it every time.