KernelSU-Next

mirror of https://github.com/KernelSU-Next/KernelSU-Next.git synced 2025-08-27 23:46:34 +00:00

Go to file

Tashfin Shakeer Rhythm 4d633a1e0e kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (#2646 )

When kernel is compiled with CONFIG_DEBUG_ATOMIC_SLEEP enabled, it
prints the following splat in dmesg during post boot:

[ 6.739169] init: Opening SELinux policy
[ 6.751520] init: Loading SELinux policy
[ 6.894684] SELinux: policy capability network_peer_controls=1 [
6.894688] SELinux: policy capability open_perms=1 [ 6.894690] SELinux:
policy capability extended_socket_class=1 [ 6.894691] SELinux: policy
capability always_check_network=0 [ 6.894693] SELinux: policy capability
cgroup_seclabel=0 [ 6.894695] SELinux: policy capability
nnp_nosuid_transition=1 [ 7.214323] selinux: SELinux: Loaded file
context from: [ 7.214332] selinux:
/system/etc/selinux/plat_file_contexts [ 7.214339] selinux:
/system_ext/etc/selinux/system_ext_file_contexts [ 7.214345] selinux:
/product/etc/selinux/product_file_contexts [ 7.214350] selinux:
/vendor/etc/selinux/vendor_file_contexts [ 7.214356] selinux:
/odm/etc/selinux/odm_file_contexts [ 7.216398] KernelSU:
/system/bin/init argc: 2
[ 7.216401] KernelSU: /system/bin/init first arg: second_stage [
7.216403] KernelSU: /system/bin/init second_stage executed [ 7.216506]
BUG: sleeping function called from invalid context at
security/selinux/ss/hashtab.c:47 [ 7.216512] in_atomic(): 0,
irqs_disabled(): 0, non_block: 0, pid: 1, name: init [ 7.216516]
preempt_count: 0, expected: 0
[ 7.216518] RCU nest depth: 1, expected: 0
[ 7.216524] CPU: 6 PID: 1 Comm: init Not tainted
5.4.289-Scarlet-v2.0-beta3 #1 [ 7.216526] Hardware name: redwood based
Qualcomm Technologies, Inc. SM7325 (DT) [ 7.216528] Call trace:
[ 7.216536] dump_backtrace+0x0/0x210
[ 7.216539] show_stack+0x14/0x20
[ 7.216544] dump_stack+0x9c/0xec
[ 7.216548] __might_resched+0x1f0/0x210
[ 7.216552] hashtab_insert+0x38/0x230
[ 7.216557] add_type+0xd4/0x2e0
[ 7.216559] ksu_type+0x24/0x60
[ 7.216562] apply_kernelsu_rules+0xa8/0x650
[ 7.216565] ksu_handle_execveat_ksud+0x2a8/0x460
[ 7.216568] ksu_handle_execveat+0x2c/0x60
[ 7.216571] __arm64_sys_execve+0xe8/0xf0
[ 7.216574] el0_svc_common+0xf4/0x1a0
[ 7.216577] do_el0_svc+0x2c/0x40
[ 7.216579] el0_sync_handler+0x18c/0x200
[ 7.216582] el0_sync+0x140/0x180

This is because apply_kernelsu_rules() uses rcu_read_lock() to protect
SELinux policy modifications. However, cond_resched() from
hashtab_insert() at security/selinux/ss/hashtab.c is internally called
and it sleeps which is illegal under an RCU read-side critical section.

While replacing it with a spinlock would suppress the warning, this is
fundamentally incorrect because sleeping is illegal while holding a
spinlock and spinlock would turn off preemption which isn't an ideal
solution since it intentionally turns off rescheduling, and can lead to
deadlocks.

Instead, replace the RCU lock with a mutex lock. Mutex lock allows
sleeping when necessary, which is appropriate here because
apply_kernelsu_rules() runs in process context, not in atomic or
interrupt context. As apply_kernelsu_rules() is invoked only once during
post boot (SYSTEM_RUNNING), the mutex lock does not introduce any major
runtime performance regression and provides correct synchronization.

Fixes: https://github.com/tiann/KernelSU/issues/2637

Signed-off-by: Tashfin Shakeer Rhythm <tashfinshakeerrhythm@gmail.com>

2025-07-10 17:50:14 +06:00

.github

Workflow Updates (#481 )

2025-06-11 04:23:22 +06:00

assets

manager: improved app icon

2024-12-25 04:45:46 +06:00

docs

docs: add crowdin localization progress

2025-07-10 00:04:22 +06:00

kernel

kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (#2646 )

2025-07-10 17:50:14 +06:00

manager

kernel: changed constant value for CMD_HOOK_MODE to 0xC0DEAD1A and CMD_GET_MANAGER_UID to 16, to avoid future conflitcs with upstream

2025-07-10 00:50:45 +06:00

scripts

scripts: send ci build to message thread

2025-01-20 15:27:12 +06:00

userspace

susfsd: refactored show features & support to match ksu_susfs standards (ref https://gitlab.com/simonpunk/susfs4ksu/-/commit/ad56926 )

2025-07-03 19:30:06 +06:00

.gitattributes

Upgrade Gradle and AGP (#1431 )

2024-03-08 10:31:41 +08:00

.gitignore

manager: refactor to use AGP 8.0.0 (#414 )

2023-04-21 16:19:49 +08:00

crowdin.yml

Update Crowdin configuration file

2025-07-05 21:47:41 +06:00

justfile

misc: Add just command

2024-02-29 20:35:03 +08:00

LICENSE

Initial commit

2022-12-09 22:03:55 +08:00

SECURITY.md

Create SECURITY.md

2023-10-09 22:53:21 +08:00

docs/README.md

KernelSU Next

A kernel-based root solution for Android devices.

🚀 Features

Kernel-based su and root access management.
Module system based on Magic Mount and OverlayFS.
App Profile: Limit root privileges per app.

✅ Compatibility

KernelSU Next supports Android kernels from 4.4 up to 6.6:

Kernel version	Support notes
5.10+ (GKI 2.0)	Supports pre-built images and LKM/KMI
4.19 – 5.4 (GKI 1.0)	Requires KernelSU driver built-in
< 4.14 (EOL)	Requires KernelSU driver (3.18+ is experimental and may need backports)

Supported architectures: arm64-v8a, armeabi-v7a and x86_64

📦 Installation

Please refer to the Installation guide for setup instructions.

🔐 Security

To report security issues, please see SECURITY.md.

📜 License

/kernel directory: GPL-2.0-only.
All other files: GPL-3.0-or-later.

💸 Donations

If you’d like to support the project:

USDT (BEP20, ERC20): 0x12b5224b7aca0121c2f003240a901e1d064371c1
USDT (TRC20): TYUVMWGTcnR5svnDoX85DWHyqUAeyQcdjh
ETH (ERC20): 0x12b5224b7aca0121c2f003240a901e1d064371c1
LTC: Ld238uYBuRQdZB5YwdbkuU6ektBAAUByoL
BTC: 19QgifcjMjSr1wB2DJcea5cxitvWVcXMT6

🙏 Credits

Kernel-Assisted Superuser – Concept inspiration
Magisk – Core root implementation
Genuine – APK v2 signature validation
Diamorphine – Rootkit techniques
KernelSU – The original base that made KernelSU Next possible
Magic Mount Port – 💜 to 5ec1cff for keeping KernelSU alive
Crowdin Translators – 💬 Thanks to everyone for helping make KernelSU Next multi-lingual!

Releases 1

v1.0.8 Latest

2025-06-16 00:00:17 +00:00

Languages

Kotlin 44%

Rust 29.4%

C 16.5%

Java 4.4%

Shell 2.9%

Other 2.7%

docs/README.md Unescape Escape