Conversation
use ksu_patch_text in replace_syscall_table, remove finit_module hook
There was a problem hiding this comment.
Pull request overview
This PR refactors the KernelSU allowlist implementation by replacing the previous linked list + bitmap + fixed array data structures with a Linux kernel hashtable. Additionally, the current_uid field in struct app_profile is renamed to curr_uid to avoid conflicts with a kernel macro of the same name.
Changes:
- Replaced
struct list_head allow_list,allow_list_bitmap[PAGE_SIZE], andallow_list_arr[PAGE_SIZE/sizeof(int)]withDEFINE_HASHTABLE(allow_list, ALLOW_LIST_BITS)for O(1) average-case UID lookup - Renamed
struct app_profile::current_uidtocurr_uidto avoid shadowing the kernel'scurrent_uid()macro - Updated all hashtable traversal/modification calls (
hash_for_each_*,hash_add_rcu,hlist_*) and removed the now-unnecessary bitmap/array fast-path in__ksu_is_allow_uid
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
kernel/app_profile.h |
Renames current_uid to curr_uid in struct app_profile |
kernel/allowlist.c |
Replaces linked list + bitmap + array with hashtable; updates all traversal and modification logic accordingly |
Comments suppressed due to low confidence (1)
kernel/allowlist.c:184
- The
countoverflow protection check (count == U16_MAX) no longer reflects the true total number of profiles in the allowlist. With the oldlist_for_each_entry,countaccumulated over all entries in the entire list. Withhash_for_each_possible, it only counts entries in the same hash bucket asprofile->curr_uid. Since hash buckets in a 256-bucket table will typically hold only a small fraction of total entries, this check will essentially never trigger unless there are 65535 entries mapping to the same bucket, which would be an extreme hash collision scenario. The intent was to prevent excessive total profile registrations, but the guard is now effectively non-functional. Consider using a separate global counter or checking the total count differently.
hash_for_each_possible (allow_list, p, list, profile->curr_uid) {
++count;
if (profile->curr_uid == p->profile.curr_uid) {
if (strcmp(profile->key, p->profile.key) != 0) {
pr_warn(
"ksu_set_app_profile: key changed: uid=%d orig=%s new=%s\n",
profile->curr_uid, p->profile.key, profile->key);
}
// found it, just override it all!
np = (struct perm_data *)kzalloc(sizeof(struct perm_data),
GFP_KERNEL);
if (!np) {
result = -ENOMEM;
goto out_unlock;
}
memcpy(&np->profile, profile, sizeof(*profile));
hlist_replace_rcu(&p->list, &np->list);
kfree_rcu(p, rcu);
goto out;
}
}
if (unlikely(count == U16_MAX)) {
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
5ec1cff
force-pushed
the
main
branch
5 times, most recently
from
829fa18 to
6a312d2
Compare
kernel: allowlist: remove allow_list_arr and allow_list_bitmap
kernel: allowlist: make current_uid as the only key
kernel: allowlist: rename current_uid to curr_uid to avoid conflict with kernel macro
kernel: allowlist: use hashtable