Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kernel: core_hook: automate and refactor umount #2531

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

kernel: core_hook: automate and refactor umount #2531

wants to merge 20 commits into from

Conversation

backslashxx
Copy link
Contributor

@backslashxx backslashxx commented Mar 27, 2025
edited
Loading

monitors and lists all incoming mounts by hooking security_sb_mount or alternatively, sys_mount / do_mount.
this requires ksud to go back and use sys_mount instead of fsopen + move_mount

this also fixes that MNT_DETACH issue. (#2386 (comment))
Modules also can create an overlay with KSU devname and it will be added to the list.
This will also restore pre 5.2 manager support.

Those might be a bit questionable, so it is a take it or reject it kind of situation.

sys_mount hook looks like

ksu_mount_monitor(copy_mount_string(dev_name), copy_mount_string(dir_name), copy_mount_string(type));

ref: backslashxx/mojito_krenol@ac020b0

sys_mount / do_mount compatibility is for LKM and 6.8+ where you cant just do LSM hooks as is.
torvalds/linux@9285c5a#diff-3b35df76d1c4627ed97cc307a957850d57b85e77917c19ac0813286c46b4ace2R556

Context: aviraxp@c7facef#commitcomment-153941502

@backslashxx
Copy link
Contributor Author

backslashxx commented Mar 27, 2025
edited
Loading

yes it is incomplete, it doesnt have sys_mount kprobe hook for LKM, but I cant really test this.

@backslashxx backslashxx force-pushed the umount-1 branch 2 times, most recently from f9156b0 to e38a41f Compare March 28, 2025 01:39
@backslashxx backslashxx changed the title kernel: core_hook: automate umount list kernel: core_hook: automate and refactor umount Mar 28, 2025
@tiann
Copy link
Owner

tiann commented Mar 28, 2025

What is the root cause of #2386 (comment), and how does it fix the issue?

@backslashxx
Copy link
Contributor Author

backslashxx commented Mar 28, 2025
edited
Loading

What is the root cause of #2386 (comment), and how does it fix the issue?

That I don't really have an idea, I suspect it has something to do with mount order and then unmount order.

image

maybe need to follow
mount: A B C D
unmount: D C B A

if its not that, then maybe it has something to do with the use of fsopen + move_mount.
since this is whats different on current implementation where everything is hardcoded.

@backslashxx backslashxx force-pushed the umount-1 branch 4 times, most recently from 0825348 to 94b6be6 Compare March 28, 2025 11:13
@backslashxx
collect and pass struct
bb00653 
[   12.751262] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: bin
[   12.754232] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: etc
[   12.760778] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: etc
[   12.767372] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: app
[   12.770883] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: media
[   12.773800] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: overlay
[   12.779962] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: app
[   12.783207] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: priv-app
[   12.790585] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: bin
[   12.794018] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: etc
[   12.796985] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: firmware
[   12.799988] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: lib
[   12.803699] KernelSU: security_sb_mount: devicename pattern fstype: overlay path: lib64

[   25.033029] KernelSU: umount lib64 failed: -22
[   25.033032] KernelSU: umount lib failed: -22
[   25.033033] KernelSU: umount firmware failed: -22
[   25.033034] KernelSU: umount etc failed: -22
[   25.033035] KernelSU: umount bin failed: -22
[   25.033036] KernelSU: umount priv-app failed: -22
[   25.033037] KernelSU: umount app failed: -22
[   25.033038] KernelSU: umount overlay failed: -22
[   25.033039] KernelSU: umount media failed: -22
[   25.033040] KernelSU: umount app failed: -22
[   25.033041] KernelSU: umount etc failed: -22
[   25.033043] KernelSU: umount etc failed: -22
[   25.033043] KernelSU: umount bin failed: -22

Revert "Update core_hook.c"

This reverts commit d93f20526cef320996c86e038ea308d74d1e563e.

Update core_hook.c
@backslashxx
kernel: ksu_mount_monitor: correct patter for official ksu
d51167d
@backslashxx
test resolve mount point from struct
a494e93
@backslashxx
simplify try_umount
1c9ef73 
DNM: debugging

core_hook: ksu_umount_mnt: tweak

Update core_hook.c

Update core_hook.c

Update core_hook.c
@backslashxx
pass string instead
0288b78 
we just de-struct the damn thing anyway. and with this
we can also probably reuse the function for hooking sys_mount or security_move_mount eventually
@backslashxx
make it compatible to sys_mount
10425d0 
backslashxx/mojito_krenol@d4b281f
@backslashxx backslashxx force-pushed the umount-1 branch 4 times, most recently from ad02d1b to dbe3881 Compare March 28, 2025 16:39
aviraxp
aviraxp reviewed Mar 29, 2025
View reviewed changes
aviraxp
aviraxp reviewed Mar 29, 2025
View reviewed changes
@backslashxx backslashxx force-pushed the umount-1 branch 2 times, most recently from fefc2e6 to 094a7ff Compare March 29, 2025 06:25
@backslashxx backslashxx requested a review from aviraxp March 29, 2025 06:26
@backslashxx backslashxx force-pushed the umount-1 branch 5 times, most recently from b992e8e to 594d366 Compare March 29, 2025 06:45
@backslashxx
address concerns
74994fe 
/**
 * d_path - return the path of a dentry
 * @path: path to report
 * @buf: buffer to return value in
 * @buflen: buffer length
 *
 * Convert a dentry into an ASCII path name. If the entry has been deleted
 * the string " (deleted)" is appended. Note that this is ambiguous.
 *
 * Returns a pointer into the buffer or an error code if the path was
 * too long. Note: Callers should use the returned pointer, not the passed
 * in buffer, to use the name! The implementation often starts at an offset
 * into the buffer, and may leave 0 bytes at the start.
 *
 * "buflen" should be positive.
 */
@backslashxx backslashxx force-pushed the umount-1 branch 6 times, most recently from 1705016 to 3d4254f Compare March 30, 2025 02:50
@backslashxx backslashxx force-pushed the umount-1 branch 2 times, most recently from 809c623 to fba601e Compare April 1, 2025 08:10
@backslashxx
Copy link
Contributor Author

I'm not really sure on the kprobe hook

@backslashxx backslashxx mentioned this pull request Apr 1, 2025
Closed
@backslashxx
DNM: untested kprobe hook for do_mount
eac15d4 
I cant test this, but this is how it goes right?
@backslashxx
tests: allow null fstype for MKSU
70e230f 
this assumes that workdir starts with /dev/workdir
@backslashxx
Revert "tests: allow null fstype for MKSU"
1dfd9c7 
This reverts commit 70e230f.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheSakshamSingla TheSakshamSingla TheSakshamSingla approved these changes

@aviraxp aviraxp Awaiting requested review from aviraxp

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@backslashxx @tiann @aviraxp @TheSakshamSingla @yujincheng08