kernel: core_hook: automate and refactor umount #2531

backslashxx · 2025-03-27T22:32:10Z

monitors and lists all incoming mounts by hooking security_sb_mount or alternatively, sys_mount / do_mount.
this requires ksud to go back and use sys_mount instead of fsopen + move_mount

this also fixes that MNT_DETACH issue. (#2386 (comment))
Modules also can create an overlay with KSU devname and it will be added to the list.
This will also restore pre 5.2 manager support.

Those might be a bit questionable, so it is a take it or reject it kind of situation.

sys_mount hook looks like

ksu_mount_monitor(copy_mount_string(dev_name), copy_mount_string(dir_name), copy_mount_string(type));

ref: backslashxx/mojito_krenol@ac020b0

sys_mount / do_mount compatibility is for LKM and 6.8+ where you cant just do LSM hooks as is.
torvalds/linux@9285c5a#diff-3b35df76d1c4627ed97cc307a957850d57b85e77917c19ac0813286c46b4ace2R556

Context: aviraxp@c7facef#commitcomment-153941502

tiann · 2025-03-28T04:43:45Z

What is the root cause of #2386 (comment), and how does it fix the issue?

backslashxx · 2025-03-28T04:45:49Z

What is the root cause of #2386 (comment), and how does it fix the issue?

That I don't really have an idea, I suspect it has something to do with mount order and then unmount order.

maybe need to follow
mount: A B C D
unmount: D C B A

if its not that, then maybe it has something to do with the use of fsopen + move_mount.
since this is whats different on current implementation where everything is hardcoded.

kernel/core_hook.c

Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+48) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize kernel: opt-out of struct filename use when unused kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud, core_hook: migrate ksud execution to security_bprm_check kernel: ksud: stack-ify args, envp on ksu_handle_pre_ksud kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: deadcode / no-op old hooks kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+49) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: opt-out of struct filename use when unused kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: deadcode / no-op old hooks kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for <= 3.18 kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+48) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: remove and no-op old hooks kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for <= 3.18 kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

monitors and lists all incoming mounts by hooking security_sb_mount this requires ksud to go back and use sys_mount instead of fsopen + move_mount this also fixes that MNT_DETACH issue. tiann/KernelSU#2386 (comment) Modules also can create an overlay with KSU devname and it will be added to the list. Context: aviraxp/KernelSU@c7facef#commitcomment-153941502 Stale: tiann/KernelSU#2531 Signed-off-by: backslashxx <[email protected]>

Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+49) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: remove and no-op old hooks kernel: compat: handle strncpy_from_user -> copy_from_user migration kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for <= 3.13 kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+50) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: remove and no-op old hooks kernel: compat: handle strncpy_from_user -> copy_from_user migration kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for <= 3.13 kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook kernel: core_hook: add support for KernelNoSU KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

backslashxx force-pushed the umount-1 branch 3 times, most recently from f9156b0 to e38a41f Compare March 28, 2025 01:39

backslashxx changed the title ~~kernel: core_hook: automate umount list~~ kernel: core_hook: automate and refactor umount Mar 28, 2025

backslashxx force-pushed the umount-1 branch from e38a41f to dab3bb2 Compare March 28, 2025 02:49

backslashxx force-pushed the umount-1 branch 12 times, most recently from e51fe8d to 807ce07 Compare March 28, 2025 16:57

TypeFlu approved these changes Mar 29, 2025

View reviewed changes

aviraxp reviewed Mar 29, 2025

View reviewed changes

kernel/core_hook.c Outdated Show resolved Hide resolved

aviraxp reviewed Mar 29, 2025

View reviewed changes

kernel/core_hook.c Outdated Show resolved Hide resolved

backslashxx force-pushed the umount-1 branch 2 times, most recently from fefc2e6 to 094a7ff Compare March 29, 2025 06:25

backslashxx requested a review from aviraxp March 29, 2025 06:26

backslashxx force-pushed the umount-1 branch 5 times, most recently from b992e8e to 594d366 Compare March 29, 2025 06:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

kernel: core_hook: automate and refactor umount #2531

kernel: core_hook: automate and refactor umount #2531

Uh oh!

backslashxx commented Mar 27, 2025 •

edited

Loading

Uh oh!

tiann commented Mar 28, 2025

Uh oh!

backslashxx commented Mar 28, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kernel: core_hook: automate and refactor umount #2531

kernel: core_hook: automate and refactor umount #2531

Uh oh!

Conversation

backslashxx commented Mar 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

tiann commented Mar 28, 2025

Uh oh!

backslashxx commented Mar 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

backslashxx commented Mar 27, 2025 •

edited

Loading

backslashxx commented Mar 28, 2025 •

edited

Loading