KernelSU
KernelSU copied to clipboard
tiann
kernel: fix filp_open on older kernel's kworker
On older kernel, kworker missing keyring from init process , and this keyring is related to FBE , which causes filp_open return ENOKEY or other errors.To fix this,just install init's keyring to per kworkers.This works on Kernel 4.4 and 4.9.
what does the newly commit do?
nothing,there is a Update branch button,and I clicked it by mistake😥,then force update to delete that commit
could you tell me which commit in android common kernel introduced "adding keyring from init"? so that i can backport it. i also tried your workaround. seems like it will caused a crash on my kernel :/ (as i mentioned here https://github.com/tiann/KernelSU/issues/276#issuecomment-1463832922)
could you tell me which commit in android common kernel introduced "adding keyring from init"? so that i can backport it. i also tried your workaround. seems like it will caused a crash on my kernel :/ (as i mentioned here #276 (comment))
Did you find anything? I couldn't find any commits related to this keyring thing (well, relevant to encryption and such). It appears that the change was introduced after 4.14.82, as with 4.14.82 I still see the issue reading/writing the encrypted file with filp_open.
could you tell me which commit in android common kernel introduced "adding keyring from init"? so that i can backport it. i also tried your workaround. seems like it will caused a crash on my kernel :/ (as i mentioned here #276 (comment))
Did you find anything? I couldn't find any commits related to this keyring thing (well, relevant to encryption and such). It appears that the change was introduced after 4.14.82, as with 4.14.82 I still see the issue reading/writing the encrypted file with filp_open.
im suspecting this commit. i havent try that yet. but seems like it also need lots of other commit to work.
here is a list of missing commit in mainline kernel path fs/crypto compare to android kernel. hopeful that would help you
6eec9191a79c ANDROID: fscrypt: fix DUN contiguity with inline encryption + IV_INO_LBLK_32 policies
84aad2655054 fscrypt: add support for IV_INO_LBLK_32 policies
7c2fcbe7ae97 fscrypt: make test_dummy_encryption use v2 by default
11807f32791a fscrypt: support test_dummy_encryption=v2
6dc3cb5f238a fscrypt: add fscrypt_add_test_dummy_key()
de635b5d05e1 fscrypt: remove unnecessary extern keywords
f382fc0ecfb6 fscrypt: fix all kerneldoc warnings
09075917fb5d ANDROID: fscrypt: handle direct I/O with IV_INO_LBLK_32
a52238353e67 BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_32 policies
6be68d89b4d5 ANDROID: fscrypt: set dun_bytes more precisely
72091967bfbb ANDROID: block: backport the ability to specify max_dun_bytes
a10564b7495e fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl
4efb7e218a4a ANDROID: fscrypt: fall back to filesystem-layer crypto when needed
a14fa7bc5f5a ANDROID: block: require drivers to declare supported crypto key type(s)
e9c80bd9a5a6 UPSTREAM: fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl
9e469e717b40 UPSTREAM: fscrypt: don't evict dirty inodes after removing key
53f2446e648c fscrypt: don't evict dirty inodes after removing key
207be96aba24 FROMLIST: fscrypt: Have filesystems handle their d_ops
166fda7a7ed0 ANDROID: block: Prevent crypto fallback for wrapped keys
fe6e85580b05 fscrypt: improve format of no-key names
216d8cabb6b8 fscrypt: clarify what is meant by a per-file key
7e2503236b61 fscrypt: derive dirhash key for casefolded directories
e16d8494ecc6 fscrypt: don't allow v1 policies with casefolding
0bc68c180e8e fscrypt: add "fscrypt_" prefix to fname_encrypt()
85b9c3e49199 fscrypt: don't print name of busy file when removing key
9c5c8c523222 fscrypt: document gfp_flags for bounce page allocation
bee5bd5b8f2e fscrypt: optimize fscrypt_zeroout_range()
1c88eea96e76 fscrypt: remove redundant bi_status check
04f51847e5ca fscrypt: Allow modular crypto algorithms
b21b79d7fe40 fscrypt: remove fscrypt_is_direct_key_policy()
19b132bac6d3 fscrypt: move fscrypt_valid_enc_modes() to policy.c
add6ac48dd85 fscrypt: check for appropriate use of DIRECT_KEY flag earlier
2454b5bb0df7 fscrypt: split up fscrypt_supported_policy() by policy version
387197777f21 fscrypt: move fscrypt_d_revalidate() to fname.c
39a0accbdfd3 fscrypt: constify inode parameter to filename encryption functions
394222909cb2 fscrypt: constify struct fscrypt_hkdf parameter to fscrypt_hkdf_expand()
a7b6398dee53 fscrypt: verify that the crypto_skcipher has the correct ivsize
9c1b3af1a686 fscrypt: use crypto_skcipher_driver_name()
35290265028f fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY
e1a94e6b17e2 ANDROID: dm: add dm-default-key target for metadata encryption
2871f7319401 ANDROID: fscrypt: add support for hardware-wrapped keys
d42ba87e29ab ANDROID: block: provide key size as input to inline crypto APIs
e12563c18d48 BACKPORT: FROMLIST: Update Inline Encryption from v5 to v6 of patch series
a0dc8da519cc BACKPORT: FROMLIST: fscrypt: add inline encryption support
959cb31e1ae8 fscrypt: add support for IV_INO_LBLK_64 policies
5d0a5024fd62 fscrypt: avoid data race on fscrypt_mode::logged_impl_name
85416094893e fscrypt: zeroize fscrypt_info before freeing
e3ba9dad312c fscrypt: remove struct fscrypt_ctx
17d43f2bf98c fscrypt: invoke crypto API for ESSIV handling
f61c00dc09cc ANDROID: fscrypt: add key removal notifier chain
c40d22f70d23 fscrypt: require that key be added when setting a v2 encryption policy
359ff0c6c60c fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl
17e4a18650c1 fscrypt: allow unprivileged users to add/remove keys for v2 policies
92d36e381429 fscrypt: v2 encryption policy support
6339fb094acd fscrypt: add an HKDF-SHA512 implementation
5d62479e64c8 fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl
025c8a42d7fb fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
3a7ee916f32b fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl
a85b9507a6fe fscrypt: rename keyinfo.c to keysetup.c
18ecd35bf480 fscrypt: move v1 policy key setup to keysetup_v1.c
d959b27c5c13 fscrypt: refactor key setup code in preparation for v2 policies
b7bd70f603ab fscrypt: rename fscrypt_master_key to fscrypt_direct_key
b89ff3b8b636 fscrypt: add ->ci_inode to fscrypt_info
5ba58245f057 fscrypt: use FSCRYPT_* definitions, not FS_*
ea3bb861548f fscrypt: use ENOPKG when crypto API support missing
15baa4dd7cfc fscrypt: improve warnings for missing crypto API support
abe8ed2bb7f3 fscrypt: improve warning messages for unsupported encryption contexts
468ac57ca9b2 fscrypt: make fscrypt_msg() take inode instead of super_block
86786a346dda fscrypt: clean up base64 encoding/decoding
89e227e14812 fscrypt: remove loadable module related code
26b7efed4295 fscrypt: remove selection of CONFIG_CRYPTO_SHA256
1fec4c7a7ab7 fscrypt: remove unnecessary includes of ratelimit.h
3fd2b3555f58 fscrypt: don't set policy for a dead directory
168d868471a5 fscrypt: decrypt only the needed blocks in __fscrypt_decrypt_bio()
2eef8a7cba54 fscrypt: support decrypting multiple filesystem blocks per page
4030e9708811 fscrypt: introduce fscrypt_decrypt_block_inplace()
ac879ae9558c fscrypt: handle blocksize < PAGE_SIZE in fscrypt_zeroout_range()
fbbf5b7c5cb4 fscrypt: support encrypting multiple filesystem blocks per page
cc48d4ee5b4f fscrypt: introduce fscrypt_encrypt_block_inplace()
6b251b0e8b72 fscrypt: clean up some BUG_ON()s in block encryption/decryption
bcdd742064b9 fscrypt: rename fscrypt_do_page_crypto() to fscrypt_crypt_block()
e8d00ff35bbe fscrypt: remove the "write" part of struct fscrypt_ctx
29f2b36f12c4 fscrypt: simplify bounce page handling
8b41d756c186 fscrypt: cache decrypted symlink target in ->i_link
6dc346e8fbe5 fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
dff458308828 fscrypt: only set dentry_operations on ciphertext dentries
576d5080b4f5 fscrypt: fix race allowing rename() and link() of ciphertext dentries
5c6d06a9de52 fscrypt: clean up and improve dentry revalidation
1c3a5b6e0cb4 fscrypt: use READ_ONCE() to access ->i_crypt_info
87487bbd6c8b fscrypt: remove WARN_ON_ONCE() when decryption fails
d7057b7381bf fscrypt: drop inode argument from fscrypt_get_ctx()
e6811d2fd4d0 fscrypt: remove filesystem specific build config option
318d23bc7188 fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
8f24e0b1c774 fscrypt: remove CRYPTO_CTR dependency
5ab4a1c1de52 fscrypt: add Adiantum support / removed speck
755a8a8a3bfc fscrypt: log the crypto algorithm implementations
e81950ade16d fscrypt: add Speck128/256 support
9637768c618d fscrypt: only derive the needed portion of the key
deba2007d2a1 fscrypt: separate key lookup from key derivation
04566cd68241 fscrypt: use a common logging function
2a95469530f3 fscrypt: remove internal key size constants
fc161f445010 fscrypt: remove unnecessary check for non-logon key type
ab8345a11caa fscrypt: make fscrypt_operations.max_namelen an integer
65702a6ef79b fscrypt: drop empty name check from fname_decrypt()
219e65410cae fscrypt: drop max_namelen check from fname_decrypt()
ef1def58e2fd fscrypt: don't special-case EOPNOTSUPP from fscrypt_get_encryption_info()
49ddcfcdd73a fscrypt: don't clear flags on crypto transform
ff8225b62ca0 fscrypt: remove stale comment from fscrypt_d_revalidate()
712401bc77ff fscrypt: remove error messages for skcipher_request_alloc() failure
6e4e39cc922c fscrypt: remove unnecessary NULL check when allocating skcipher
42b3feb2bd76 fscrypt: clean up after fscrypt_prepare_lookup() conversions
fc30ddc3b039 fscrypt: use unbound workqueue for decryption
fac0e4a8acde fscrypt: allow synchronous bio decryption
6b4edfb10398 fscrypt: fix build with pre-4.6 gcc versions
4bcc4865feab fscrypt: remove 'ci' parameter from fscrypt_put_encryption_info()
69e5234f04b6 fscrypt: fix up fscrypt_fname_encrypted_size() for internal use
7919cba92304 fscrypt: define fscrypt_fname_alloc_buffer() to be for presented names
aef0017f3b1a fscrypt: calculate NUL-padding length in one place only
5232cae0e922 fscrypt: move fscrypt_symlink_data to fscrypt_private.h
a85637d12cb1 fscrypt: remove fscrypt_fname_usr_to_disk()
0063988cc044 fscrypt: new helper function - fscrypt_get_symlink()
48a0375c8889 fscrypt: new helper functions for ->symlink()
585a194dd1d0 fscrypt: trim down fscrypt.h includes
411771ab56f4 fscrypt: move fscrypt_is_dot_dotdot() to fs/crypto/fname.c
ad35db34396b fscrypt: move fscrypt_valid_enc_modes() to fscrypt_private.h
8db0a6de3cf0 fscrypt: move fscrypt_info_cachep declaration to fscrypt_private.h
13b237d115a5 fscrypt: move to generic async completion
4bb665c7e388 locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()
91d09c052132 fscrypt: new helper function - fscrypt_prepare_lookup()
9a24d618cb8a fscrypt: new helper function - fscrypt_prepare_rename()
4bd6179f5211 fscrypt: new helper function - fscrypt_prepare_link()
b811faac6371 fscrypt: new helper function - fscrypt_file_open()
2edb5df148b3 fscrypt: switch from ->is_encrypted() to IS_ENCRYPTED()
8ec05db2542c fscrypt: clean up include file mess
could you tell me which commit in android common kernel introduced "adding keyring from init"? so that i can backport it. i also tried your workaround. seems like it will caused a crash on my kernel :/ (as i mentioned here #276 (comment))
Did you find anything? I couldn't find any commits related to this keyring thing (well, relevant to encryption and such). It appears that the change was introduced after 4.14.82, as with 4.14.82 I still see the issue reading/writing the encrypted file with filp_open.
im suspecting this commit. i havent try that yet. but seems like it also need lots of other commit to work. here is a list of missing commit in mainline kernel path
fs/cryptocompare to android kernel. hopeful that would help you6eec9191a79c ANDROID: fscrypt: fix DUN contiguity with inline encryption + IV_INO_LBLK_32 policies 84aad2655054 fscrypt: add support for IV_INO_LBLK_32 policies 7c2fcbe7ae97 fscrypt: make test_dummy_encryption use v2 by default 11807f32791a fscrypt: support test_dummy_encryption=v2 6dc3cb5f238a fscrypt: add fscrypt_add_test_dummy_key() de635b5d05e1 fscrypt: remove unnecessary extern keywords f382fc0ecfb6 fscrypt: fix all kerneldoc warnings 09075917fb5d ANDROID: fscrypt: handle direct I/O with IV_INO_LBLK_32 a52238353e67 BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_32 policies 6be68d89b4d5 ANDROID: fscrypt: set dun_bytes more precisely 72091967bfbb ANDROID: block: backport the ability to specify max_dun_bytes a10564b7495e fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl 4efb7e218a4a ANDROID: fscrypt: fall back to filesystem-layer crypto when needed a14fa7bc5f5a ANDROID: block: require drivers to declare supported crypto key type(s) e9c80bd9a5a6 UPSTREAM: fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl 9e469e717b40 UPSTREAM: fscrypt: don't evict dirty inodes after removing key 53f2446e648c fscrypt: don't evict dirty inodes after removing key 207be96aba24 FROMLIST: fscrypt: Have filesystems handle their d_ops 166fda7a7ed0 ANDROID: block: Prevent crypto fallback for wrapped keys fe6e85580b05 fscrypt: improve format of no-key names 216d8cabb6b8 fscrypt: clarify what is meant by a per-file key 7e2503236b61 fscrypt: derive dirhash key for casefolded directories e16d8494ecc6 fscrypt: don't allow v1 policies with casefolding 0bc68c180e8e fscrypt: add "fscrypt_" prefix to fname_encrypt() 85b9c3e49199 fscrypt: don't print name of busy file when removing key 9c5c8c523222 fscrypt: document gfp_flags for bounce page allocation bee5bd5b8f2e fscrypt: optimize fscrypt_zeroout_range() 1c88eea96e76 fscrypt: remove redundant bi_status check 04f51847e5ca fscrypt: Allow modular crypto algorithms b21b79d7fe40 fscrypt: remove fscrypt_is_direct_key_policy() 19b132bac6d3 fscrypt: move fscrypt_valid_enc_modes() to policy.c add6ac48dd85 fscrypt: check for appropriate use of DIRECT_KEY flag earlier 2454b5bb0df7 fscrypt: split up fscrypt_supported_policy() by policy version 387197777f21 fscrypt: move fscrypt_d_revalidate() to fname.c 39a0accbdfd3 fscrypt: constify inode parameter to filename encryption functions 394222909cb2 fscrypt: constify struct fscrypt_hkdf parameter to fscrypt_hkdf_expand() a7b6398dee53 fscrypt: verify that the crypto_skcipher has the correct ivsize 9c1b3af1a686 fscrypt: use crypto_skcipher_driver_name() 35290265028f fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY e1a94e6b17e2 ANDROID: dm: add dm-default-key target for metadata encryption 2871f7319401 ANDROID: fscrypt: add support for hardware-wrapped keys d42ba87e29ab ANDROID: block: provide key size as input to inline crypto APIs e12563c18d48 BACKPORT: FROMLIST: Update Inline Encryption from v5 to v6 of patch series a0dc8da519cc BACKPORT: FROMLIST: fscrypt: add inline encryption support 959cb31e1ae8 fscrypt: add support for IV_INO_LBLK_64 policies 5d0a5024fd62 fscrypt: avoid data race on fscrypt_mode::logged_impl_name 85416094893e fscrypt: zeroize fscrypt_info before freeing e3ba9dad312c fscrypt: remove struct fscrypt_ctx 17d43f2bf98c fscrypt: invoke crypto API for ESSIV handling f61c00dc09cc ANDROID: fscrypt: add key removal notifier chain c40d22f70d23 fscrypt: require that key be added when setting a v2 encryption policy 359ff0c6c60c fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl 17e4a18650c1 fscrypt: allow unprivileged users to add/remove keys for v2 policies 92d36e381429 fscrypt: v2 encryption policy support 6339fb094acd fscrypt: add an HKDF-SHA512 implementation 5d62479e64c8 fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl 025c8a42d7fb fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl 3a7ee916f32b fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl a85b9507a6fe fscrypt: rename keyinfo.c to keysetup.c 18ecd35bf480 fscrypt: move v1 policy key setup to keysetup_v1.c d959b27c5c13 fscrypt: refactor key setup code in preparation for v2 policies b7bd70f603ab fscrypt: rename fscrypt_master_key to fscrypt_direct_key b89ff3b8b636 fscrypt: add ->ci_inode to fscrypt_info 5ba58245f057 fscrypt: use FSCRYPT_* definitions, not FS_* ea3bb861548f fscrypt: use ENOPKG when crypto API support missing 15baa4dd7cfc fscrypt: improve warnings for missing crypto API support abe8ed2bb7f3 fscrypt: improve warning messages for unsupported encryption contexts 468ac57ca9b2 fscrypt: make fscrypt_msg() take inode instead of super_block 86786a346dda fscrypt: clean up base64 encoding/decoding 89e227e14812 fscrypt: remove loadable module related code 26b7efed4295 fscrypt: remove selection of CONFIG_CRYPTO_SHA256 1fec4c7a7ab7 fscrypt: remove unnecessary includes of ratelimit.h 3fd2b3555f58 fscrypt: don't set policy for a dead directory 168d868471a5 fscrypt: decrypt only the needed blocks in __fscrypt_decrypt_bio() 2eef8a7cba54 fscrypt: support decrypting multiple filesystem blocks per page 4030e9708811 fscrypt: introduce fscrypt_decrypt_block_inplace() ac879ae9558c fscrypt: handle blocksize < PAGE_SIZE in fscrypt_zeroout_range() fbbf5b7c5cb4 fscrypt: support encrypting multiple filesystem blocks per page cc48d4ee5b4f fscrypt: introduce fscrypt_encrypt_block_inplace() 6b251b0e8b72 fscrypt: clean up some BUG_ON()s in block encryption/decryption bcdd742064b9 fscrypt: rename fscrypt_do_page_crypto() to fscrypt_crypt_block() e8d00ff35bbe fscrypt: remove the "write" part of struct fscrypt_ctx 29f2b36f12c4 fscrypt: simplify bounce page handling 8b41d756c186 fscrypt: cache decrypted symlink target in ->i_link 6dc346e8fbe5 fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext dff458308828 fscrypt: only set dentry_operations on ciphertext dentries 576d5080b4f5 fscrypt: fix race allowing rename() and link() of ciphertext dentries 5c6d06a9de52 fscrypt: clean up and improve dentry revalidation 1c3a5b6e0cb4 fscrypt: use READ_ONCE() to access ->i_crypt_info 87487bbd6c8b fscrypt: remove WARN_ON_ONCE() when decryption fails d7057b7381bf fscrypt: drop inode argument from fscrypt_get_ctx() e6811d2fd4d0 fscrypt: remove filesystem specific build config option 318d23bc7188 fscrypt: return -EXDEV for incompatible rename or link into encrypted dir 8f24e0b1c774 fscrypt: remove CRYPTO_CTR dependency 5ab4a1c1de52 fscrypt: add Adiantum support / removed speck 755a8a8a3bfc fscrypt: log the crypto algorithm implementations e81950ade16d fscrypt: add Speck128/256 support 9637768c618d fscrypt: only derive the needed portion of the key deba2007d2a1 fscrypt: separate key lookup from key derivation 04566cd68241 fscrypt: use a common logging function 2a95469530f3 fscrypt: remove internal key size constants fc161f445010 fscrypt: remove unnecessary check for non-logon key type ab8345a11caa fscrypt: make fscrypt_operations.max_namelen an integer 65702a6ef79b fscrypt: drop empty name check from fname_decrypt() 219e65410cae fscrypt: drop max_namelen check from fname_decrypt() ef1def58e2fd fscrypt: don't special-case EOPNOTSUPP from fscrypt_get_encryption_info() 49ddcfcdd73a fscrypt: don't clear flags on crypto transform ff8225b62ca0 fscrypt: remove stale comment from fscrypt_d_revalidate() 712401bc77ff fscrypt: remove error messages for skcipher_request_alloc() failure 6e4e39cc922c fscrypt: remove unnecessary NULL check when allocating skcipher 42b3feb2bd76 fscrypt: clean up after fscrypt_prepare_lookup() conversions fc30ddc3b039 fscrypt: use unbound workqueue for decryption fac0e4a8acde fscrypt: allow synchronous bio decryption 6b4edfb10398 fscrypt: fix build with pre-4.6 gcc versions 4bcc4865feab fscrypt: remove 'ci' parameter from fscrypt_put_encryption_info() 69e5234f04b6 fscrypt: fix up fscrypt_fname_encrypted_size() for internal use 7919cba92304 fscrypt: define fscrypt_fname_alloc_buffer() to be for presented names aef0017f3b1a fscrypt: calculate NUL-padding length in one place only 5232cae0e922 fscrypt: move fscrypt_symlink_data to fscrypt_private.h a85637d12cb1 fscrypt: remove fscrypt_fname_usr_to_disk() 0063988cc044 fscrypt: new helper function - fscrypt_get_symlink() 48a0375c8889 fscrypt: new helper functions for ->symlink() 585a194dd1d0 fscrypt: trim down fscrypt.h includes 411771ab56f4 fscrypt: move fscrypt_is_dot_dotdot() to fs/crypto/fname.c ad35db34396b fscrypt: move fscrypt_valid_enc_modes() to fscrypt_private.h 8db0a6de3cf0 fscrypt: move fscrypt_info_cachep declaration to fscrypt_private.h 13b237d115a5 fscrypt: move to generic async completion 4bb665c7e388 locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() 91d09c052132 fscrypt: new helper function - fscrypt_prepare_lookup() 9a24d618cb8a fscrypt: new helper function - fscrypt_prepare_rename() 4bd6179f5211 fscrypt: new helper function - fscrypt_prepare_link() b811faac6371 fscrypt: new helper function - fscrypt_file_open() 2edb5df148b3 fscrypt: switch from ->is_encrypted() to IS_ENCRYPTED() 8ec05db2542c fscrypt: clean up include file mess
I have DM_DEFAULT_KEY enabled in my kernel, but I still observe the issue. It is strange that only KSU appears to be affected, everything else works fine.
@roberto-sartori-gl seems like it been fixed in 0.6.6
Thank you for letting me know. Do you know which commit fixed the issue? I found a couple of them that could, but one of those explicitly target kernel <4.10.
Are you running kernel 4.14?
@roberto-sartori-gl seems like it been fixed in 0.6.6
I tested the latest release and the issue is still there for me. I'm patching it myself for now.
Thank you for letting me know. Do you know which commit fixed the issue? I found a couple of them that could, but one of those explicitly target kernel <4.10.
i dont know which exact commit fixed it. but after i use the latest commit of kernelsu, the problem solved.
yes. i know that those fix are targeting < 4.10 . but after i force enable the install keys workaround. kernelsu abled to load the allowlist
Are you running kernel 4.14?
yes.and im using same upstream as you
Thank you for letting me know. Do you know which commit fixed the issue? I found a couple of them that could, but one of those explicitly target kernel <4.10.
i dont know which exact commit fixed it. but after i use the latest commit of kernelsu, the problem solved.
yes. i know that those fix are targeting < 4.10 . but after i force enable the install keys workaround. kernelsu abled to load the allowlist
Are you running kernel 4.14?
yes.and im using same upstream as you
Thanks! Did you changed the kernel version only in this file? https://github.com/tiann/KernelSU/blob/main/kernel/kernel_compat.c#L84
Thank you for letting me know. Do you know which commit fixed the issue? I found a couple of them that could, but one of those explicitly target kernel <4.10.
i dont know which exact commit fixed it. but after i use the latest commit of kernelsu, the problem solved. yes. i know that those fix are targeting < 4.10 . but after i force enable the install keys workaround. kernelsu abled to load the allowlist
Are you running kernel 4.14?
yes.and im using same upstream as you
Thanks! Did you changed the kernel version only in this file? https://github.com/tiann/KernelSU/blob/main/kernel/kernel_compat.c#L84
this is what i changed
diff --git a/drivers/kernelsu/core_hook.c b/drivers/kernelsu/core_hook.c
index ee28fee..6521032 100644
--- a/drivers/kernelsu/core_hook.c
+++ b/drivers/kernelsu/core_hook.c
@@ -375,7 +375,7 @@ static int ksu_task_prctl(int option, unsigned long arg2, unsigned long arg3,
return -ENOSYS;
}
// kernel 4.4 and 4.9
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+#if 1
static int ksu_key_permission(key_ref_t key_ref, const struct cred *cred,
unsigned perm)
{
@@ -400,7 +400,7 @@ static int ksu_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
LSM_HOOK_INIT(task_prctl, ksu_task_prctl),
LSM_HOOK_INIT(inode_rename, ksu_inode_rename),
LSM_HOOK_INIT(task_fix_setuid, ksu_task_fix_setuid),
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+#if 1
LSM_HOOK_INIT(key_permission, ksu_key_permission)
#endif
};
diff --git a/drivers/kernelsu/kernel_compat.c b/drivers/kernelsu/kernel_compat.c
index 339650f..4121a20 100644
--- a/drivers/kernelsu/kernel_compat.c
+++ b/drivers/kernelsu/kernel_compat.c
@@ -12,7 +12,7 @@
#endif
#include "klog.h" // IWYU pragma: keep
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+#if 1
#include "linux/key.h"
#include "linux/errno.h"
struct key *init_session_keyring = NULL;
@@ -80,7 +80,7 @@ void ksu_android_ns_fs_check()
struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode)
{
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+#if 1
if (init_session_keyring != NULL && !current_cred()->session_keyring &&
(current->flags & PF_WQ_WORKER)) {
pr_info("installing init session keyring for older kernel\n");
diff --git a/drivers/kernelsu/kernel_compat.h b/drivers/kernelsu/kernel_compat.h
index 8daa404..540ff61 100644
--- a/drivers/kernelsu/kernel_compat.h
+++ b/drivers/kernelsu/kernel_compat.h
@@ -9,7 +9,7 @@ extern long ksu_strncpy_from_user_nofault(char *dst,
const void __user *unsafe_addr,
long count);
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+#if 1
extern struct key *init_session_keyring;
#endif
Thank you for letting me know. Do you know which commit fixed the issue? I found a couple of them that could, but one of those explicitly target kernel <4.10.
i dont know which exact commit fixed it. but after i use the latest commit of kernelsu, the problem solved. yes. i know that those fix are targeting < 4.10 . but after i force enable the install keys workaround. kernelsu abled to load the allowlist
Are you running kernel 4.14?
yes.and im using same upstream as you
Thanks! Did you changed the kernel version only in this file? https://github.com/tiann/KernelSU/blob/main/kernel/kernel_compat.c#L84
this is what i changed
diff --git a/drivers/kernelsu/core_hook.c b/drivers/kernelsu/core_hook.c index ee28fee..6521032 100644 --- a/drivers/kernelsu/core_hook.c +++ b/drivers/kernelsu/core_hook.c @@ -375,7 +375,7 @@ static int ksu_task_prctl(int option, unsigned long arg2, unsigned long arg3, return -ENOSYS; } // kernel 4.4 and 4.9 -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) +#if 1 static int ksu_key_permission(key_ref_t key_ref, const struct cred *cred, unsigned perm) { @@ -400,7 +400,7 @@ static int ksu_inode_rename(struct inode *old_inode, struct dentry *old_dentry, LSM_HOOK_INIT(task_prctl, ksu_task_prctl), LSM_HOOK_INIT(inode_rename, ksu_inode_rename), LSM_HOOK_INIT(task_fix_setuid, ksu_task_fix_setuid), -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) +#if 1 LSM_HOOK_INIT(key_permission, ksu_key_permission) #endif }; diff --git a/drivers/kernelsu/kernel_compat.c b/drivers/kernelsu/kernel_compat.c index 339650f..4121a20 100644 --- a/drivers/kernelsu/kernel_compat.c +++ b/drivers/kernelsu/kernel_compat.c @@ -12,7 +12,7 @@ #endif #include "klog.h" // IWYU pragma: keep -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) +#if 1 #include "linux/key.h" #include "linux/errno.h" struct key *init_session_keyring = NULL; @@ -80,7 +80,7 @@ void ksu_android_ns_fs_check() struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode) { -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) +#if 1 if (init_session_keyring != NULL && !current_cred()->session_keyring && (current->flags & PF_WQ_WORKER)) { pr_info("installing init session keyring for older kernel\n"); diff --git a/drivers/kernelsu/kernel_compat.h b/drivers/kernelsu/kernel_compat.h index 8daa404..540ff61 100644 --- a/drivers/kernelsu/kernel_compat.h +++ b/drivers/kernelsu/kernel_compat.h @@ -9,7 +9,7 @@ extern long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr, long count); -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) +#if 1 extern struct key *init_session_keyring; #endif
Thanks, this appears to be working for me too!
applied this patch but this doesn't work for me, it silenced the error
[ 7.368806] KernelSU: load_allow_list open file failed: -126
but still after reboot sulist gets reset, v4.14.296
@rhjdvsgsgks just to update you, I got this working with the 4.14 kernel from Sony: https://github.com/roberto-sartori-gl/4.14-kernel-oneplus-msm8998/commit/a17851c434daee2c7c1df82146c2adcd162c4d7b
As you can see, I manually picked what's needed to obtain the needed ioctls because cherry-picking was a mess, so I will not create a pull request on the Sony repo. Adding the ioctls, the 'adding keyring from init' thing was automatically imported (see crypto.c changes) so now KSU works too (that was not the primary intention for this).