Conversation
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
Contributor
There was a problem hiding this comment.
Pull request overview
Updates KernelSU’s SELinux sepolicy mutation helpers to use sleepable allocations now that they are invoked from a normal (non-atomic) context, aligning allocation flags with the actual call context.
Changes:
- Switch several
kzalloc/kcalloc/kstrdupallocations fromGFP_ATOMICtoGFP_KERNEL. - Switch
ksu_kvreallocwrappers to useGFP_KERNELacross supported kernel versions.
Comments suppressed due to low confidence (2)
kernel/selinux/sepolicy.c:610
- On
kstrdup(type_name, ...)failure,add_type()returns false but leaks the previously allocatedtypeobject. Add cleanup before returning (and similarly ensure later failure paths free any allocations they own).
char *key = kstrdup(type_name, GFP_KERNEL);
if (!key) {
pr_err("add_type: alloc key failed.\n");
return false;
}
kernel/selinux/sepolicy.c:546
new_key->name = kstrdup(...)andhashtab_insert(...)return values are unchecked. Ifkstrdupfails, later hashing/comparisons will dereference a NULL name; ifhashtab_insertfails,trans/new_keyleak and the function still proceeds as if the entry exists. Check both results and clean up/return false on failure.
new_key->name = kstrdup(key.name, GFP_KERNEL);
trans->next = last;
trans->otype = def->value;
hashtab_insert(&db->filename_trans, new_key, trans,
filenametr_key_params);
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
aviraxp
approved these changes
Mar 12, 2026
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 12, 2026
This reverts commit 279c750.
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 12, 2026
This reverts commit 279c750.
LeCmnGend
pushed a commit
to LeCmnGend/KernelSU
that referenced
this pull request
Mar 14, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
LeCmnGend
pushed a commit
to LeCmnGend/KernelSU
that referenced
this pull request
Mar 15, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Mar 15, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
LeCmnGend
pushed a commit
to LeCmnGend/KernelSU
that referenced
this pull request
Mar 15, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
rifsxd
pushed a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
Mar 15, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
TheMysticle
pushed a commit
to crdroidandroid/android_kernel_xiaomi_sm8550
that referenced
this pull request
Mar 20, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 and the lock that we'll be holding is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 and the lock that we'll be holding is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Mar 20, 2026
for 279c750 tiann#3271 however we can't do this on < 5.10 as the lock that we'll be trying to hold is an rwlock (spinlock). so we keep this conditional. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
fukazzz
pushed a commit
to fukazzz/KernelSU-Next
that referenced
this pull request
Mar 24, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
fukazzz
pushed a commit
to fukazzz/KernelSU-Next
that referenced
this pull request
Mar 24, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
Flopster101
added a commit
to FlopKernel-Series/flop_trinket-mi_kernel
that referenced
this pull request
Mar 25, 2026
5b8a76d4b5f4 kernel: selinux/rules: backport handle_sepolicy to legacy policydb 80bfcb7fd673 kernel: legacy support for new sepolicy on legacy kernels 942853eedc92 feat: jailbreak by Magica (tiann/KernelSU#3268) 934c152917a1 kernel: sync KSU_VERSION with dev branch 9a134d03ff8a kernel: fix process marking for built-in mode (tiann/KernelSU#3284) 04b9923fea0a kernel: Fix RLIMIT_NPROC leak on root escape (tiann/KernelSU#3286) 33349808ef0f kernel: upgrade ddk, use ddk-min (tiann/KernelSU#3280) 6a0712f248d9 kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271) 9515aa4b6812 kernel: enforcing selinux at late-load mode 3bfc56a35b10 feat: add late-load mode support (tiann/KernelSU#3258) 71e0585c3498 kernel: refine stackprotector workaround (tiann/KernelSU#3264) 1cd7fd81564e kernel: make clang-format happy 92e845f37c68 kernel: Only check CONFIG_STACKPROTECTOR_PER_TASK on arm64 (tiann/KernelSU#3263) 3f4eb7ddea0b kernel: add missing attribute 1d79ce51ead5 kernel: Provide own stackprotector symbol if necessary d8fa0fc817b3 kernel: Use ksu cred to save allowlist (tiann/KernelSU#3243) 8f39f4a163e0 Revert "kernel: Explicitly check zygote start in execve hook (tiann/KernelSU#3113) (#1038)" 1ce19e536de7 kernel: sync KSU_VERSION with v3.1.0 stable tag REVERT: f448093b05ec Revert "kernel: Explicitly check zygote start in execve hook (tiann/KernelSU#3113) (#1038)" REVERT: ba4422f0556e kernel: implement susfs v2.0.0 de-inlined with try_umount feature This is heavily modified susfs without inline hooks from the upstream susfs. REVERT: 357644070bc4 kernel: sync KSU_VERSION with v3.1.0 stable tag git-subtree-dir: drivers/kernelsu git-subtree-split: 5b8a76d4b5f4e65484e43048ae20a728445bc880
fukazzz
pushed a commit
to fukazzz/KernelSU-Next
that referenced
this pull request
Mar 25, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
elpaablo
pushed a commit
to AlphaDroid-devices/kernel_oneplus_sm8550
that referenced
this pull request
Mar 26, 2026
Change-Id: I2dd0030e2a72b2d21ce771284c99ec2a4c63b6ba Signed-off-by: Lunark :3 <jvillaltamatos3007@gmail.com> driver: kernelsu: Introduce SuSFS v2.0.0 - HEAD: 76caf8205dd1a94e84a868c5366b0b7306439913 -Cherry-picked and squashed from: https://github.com/pershoot/KernelSU-Next/tree/dev-susfs ..... kernel (susfs (v2.0.0)): Synced with official KernelSU main repo Author: simonpunk <simonpunk2016@gmail.com> Date: Mon Dec 15 20:03:01 2025 +0800 - See tiann/KernelSU@c95c2d7 -Makefile -> Kbuild (build-time info.) -Accommodate: 'Add mount namespace support 添加挂载命名空间支持 (#2909)' 'kernel: fix root_groups defs (#3028)' 'sulogv2' 'kernel, ksud, manager: Remove enhanced security feature' (https://github.com/KernelSU-Next/KernelSU-Next/pull/1035/commits) 'Explicitly check zygote start in execve hook' 'selinux: Cache SID lookups for domain checks' 'kernel: ksud: Refine rc injection' 'kernel: supercalls: expose spoof uname function to userspace' 'kernel: Fix setup_selinux using __task_cred directly' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Let ksud bootstrap Author: pershoot <190600+pershoot@users.noreply.github.com> Date: Mon Dec 29 21:36:12 2025 -0500 -Do not short-circuit; this will cause loss of root if this returns early (like on my / few specific device(s)) due to timing differences during init. kernel (susfs (v2.0.0)): Fixed ksu features not enabled and ksu fd not released Author: simonpunk <simonpunk2016@gmail.com> Date: Wed Dec 17 00:16:34 2025 +0800 -Synced with official KernelSU main repo - See tiann/KernelSU@91ed4ea -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Fixed compile error Author: simonpunk <simonpunk2016@gmail.com> Date: Sun Dec 21 01:30:55 2025 +0800 -Synced with official KernelSU main repo - See tiann/KernelSU@3d73f89 -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Synchronize with upstream Author: pershoot <190600+pershoot@users.noreply.github.com> Date: Tue Dec 30 06:39:56 2025 -0500 -'kernel (susfs (v2.0.0)): Let ksud bootstrap' -> 'KernelSU: Fixed root not accessible on some Samsung devices and AOSP devices' -Init. call at end; amend / add comments -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Fixed selinux issues by the fix from upstream Author: simonpunk <simonpunk2016@gmail.com> Date: Wed Dec 31 09:05:32 2025 +0800 -Remove ksu_enhanced_security_enabled check in ksu_handle_setresuid() since it may lead to side channel detection - For selinux issues, see tiann/KernelSU@f71d011 - For ksu_enhanced_security_enabled issue, Now no matter what value is set for the toggle "Enable enhanced security" in ksu manager, it will NOT be effective nor used to check in ksu_handle_setresuid() -Note: This was partially taken care of in: 'kernel (susfs (v2.0.0)): Synced with official KernelSU main repo' coinciding with: 'kernel, ksud, manager: Remove enhanced security feature' (https://github.com/KernelSU-Next/KernelSU-Next/pull/1035/commits) -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel & KernelSU (susfs (v2.0.0)): Added newfstatat syscall hook for handling latest Android Canary Author: simonpunk <simonpunk2016@gmail.com> Date: Sun Jan 11 21:48:35 2026 +0800 -Sycned with official KernelSU main repo - See tiann/KernelSU@df64091 -Note: Some of this was taken care of in: 'kernel (susfs (v2.0.0)): Synced with official KernelSU main repo' to coincide with: 'kernel: ksud: Refine rc injection, fix issue of Android Canary 2601' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Fix stat issue when injecting to init.rc for latest Android Canary and qpr3 beta2 Author: simonpunk <simonpunk2016@gmail.com> Date: Sat Jan 17 21:38:43 2026 +0800 - Sorry for my blinded eyes again since I did not read the references by the upstream fix carefully, it should hook fstat instead of newfstatat, and by hooking vfs_fstat we do not need to care which syscall family it uses -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Refined and renamed hide_sus_mnts_for_all_procs to hide_sus_mnts_for_non_su_procs Author: simonpunk <simonpunk2016@gmail.com> Date: Tue Jan 20 11:53:55 2026 +0800 - There is no good reason to even hide the sus mounts for su process at all and it makes ReZygisk not able to determine what to umount. - Now it can prevent zygote itself from caching the sus mounts while at the same time ReZyisk can still see them simply because the job is done by its daemon process which is running with su context. - So now the scenarios become like this: 1. No Zygisk enabled / ReZygisk enabled but without TreatWheel module => Enable hide_sus_mnts_for_non_su_procs in post-fs-data.sh, then disable hide_sus_mnts_for_non_su_procs in boot-completed.sh or leave it enabled. 2. [Zygisk Next|Rezygisk + TreatWheel|NeoZygisk] enabled => No need to enable/disable hide_sus_mnts_for_non_su_procs since they can handle traces left by zygote already. ** Friendly reminder ** - It is suggested to disable hide_sus_mnts_for_non_su_procs in boot-completed.sh since having it enabled will cause a bit more overheads unless there are sus mounts you do not want them to be umounted but do want them to be just hidden from proc mounts. -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Remove duplicated log and changed to a proper log message Author: simonpunk <simonpunk2016@gmail.com> Date: Wed Jan 21 12:56:39 2026 +0800 -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel & KernelSU (susfs (v2.0.0)): Replaced susfs_is_boot_completed_triggered with susfs_is_sdcard_android_data_decrypted Author: simonpunk <simonpunk2016@gmail.com> Date: Mon Feb 2 14:13:08 2026 +0800 -Sync with the official KernelSU main repo - 1st scene: There will be still some processes spawned by init after /data is decrypted, these processes will still go through the sucompat checks which takes more CPU cycle. 2nd scene: There can be some mounts mounted after /data is decrypted like yt rvx module, these mounts will leave a mnt_id gap or mnt_group_id gap if it is not a bind mount. So to mark no sucompat checks for all init spawned processes, and to capture the ksu mounts and leave no mnt_id/mnt_group_id gaps as much as possible, here we start a kthread after boot-completed stage to keep monitoring the accessbility of path /sdcard/Android/data in loop per 5 seconds with maximum 60 attempts. When it is accessible, we sleep for 5 more seconds just in case there are still some modules mounting stuff. On the contrary, the path will still be deemed as accessible after 60 failed attempts just to prevent infinite loop - For upstream commit, see tiann/KernelSU@35d8162 -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Various fixes for SUS_PATH and SUS_MOUNT -plus overall code improvement and optimization Author: simonpunk <simonpunk2016@gmail.com> Date: Sat Feb 14 01:06:42 2026 +0800 - Remove the need of flagging /sdcard or /sdcard/Android/data, so we can just do "ksu_susfs add_sus_path </sdcard/TWRP|/sdcard/Android/data/com.example.myapp" for example. To completely prevent unicode exploit users can pick up the patches from here if needed: https://github.com/WildKernels/kernel_patches/blob/main/common/unicode_bypass_fix_6.1%2B.patch / https://github.com/WildKernels/kernel_patches/blob/main/common/unicode_bypass_fix_6.1-.patch - To deal with FUSE based path, first we check for the inode->i_sb->s_magic, if its magic is FUSE, then we use get_fuse_inode(inode) API to retrieve its fuse inode and flag SUS_PATH on fi->i_mapping->flags. - Remove overall overheads as we can now get rid of linked list to check for sus path in "/sdcard" and "/sdcard/Android/data", however, for add_sus_path_loop we still need it. But we can consider to use userspace inotify to watch specific paths and pass list of paths to add_sus_path when needed, that will reduce the overheads of iterating the SUS_PATH_LOOP linked list every time zygote spawns a new process. - Apply only on proc with uid >= 10000 and marked umounted. - Fixed deadlock and race issues, see 4803afa7 and 068ebeb3 - d_lookup(), __d_lookup() and __d_lookup_rcu() will just return NULL if no dcache is found, so we can just dput() the dentry and set it to NULL, no need to do extra lookup with fake qstr. - Use d_lookup_done(dentry) to make sure "dentry->d_flags &= ~DCACHE_PAR_LOOKUP" and "dentry->d_wait = NULL" if it is found sus, and re-use DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq); - Fix several race issues by using proper locks: down_read(&namespace_sem); // needed when manipulating mnt_namespace lock_ns_list(mnt_ns); // needed when traversing mnt_ns->list lock_mount_hash(); // needed when modifying mount -https: //gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 Change-Id: Ia5a2996b9da3f3e09d96ffeed7e104ba535f03ab fs: Patch Kernel With Susfs 2.0 - HEAD: f3b016179ce1542826b931a560bd9ac5d411f94f Change-Id: Ia5741cb2331dab6427377b7a7ee65b4b160a6fcd Signed-off-by: Lunark :3 <jvillaltamatos3007@gmail.com> kernelsu: Allow compatible manager apks Signed-off-by: Pranav Vashi <neobuddy89@gmail.com> drivers: Update KernelSU-Next Includes latest changes from pershoot: pershoot/KernelSU-Next@b875504 pershoot/KernelSU-Next@c67d746 drivers: Update KernelSU-Next to v3.1.0 This Includes the following commits from the KernelSU-Next Repo: kernel: use rcu to access allowlist, refactor get allowlist api: KernelSU-Next/KernelSU-Next@56074f8 kernel: Avoid malloc in remove_uid_from_arr() (#3099): KernelSU-Next/KernelSU-Next@6fb44f0 manager: remove kpatch-next hardoced shortcut and hidden launcher: KernelSU-Next/KernelSU-Next@498ad0e manager: add confirmation dialog for anykernel zip flashing: KernelSU-Next/KernelSU-Next@4855fa3 Revert: kernel (susfs (v2.0.0)): [TEMP] Disable KSU_SUSFS_SUS_KSTAT and KSU_SUSFS_OPEN_REDIRECT This commit was originally here: pershoot/KernelSU-Next@c67d746 as an attempt to fix no-boot issues. However it was later reverted. So we shall also revert it. drivers: kernelsu: Update KernelSU & Susfs [SQUASH] -if magigc2 does not matched with the magic of KSU or susfs; Synced with official KernelSU main repo ## Bug fix ## - One of the user reported that the ksu_handle_sys_reboot() can cause reboot with KSU Next but not with official KSU, and the related fix commmit is here: Evolution-X-Devices/kernel_xiaomi_sm8450@0eeab5a, tho I do not know why it causes the issue with some KSU Next users but indeed there are some bugs with the returned value as it may not resume the original flow and return directly. If magic2 does not match with SUSFS_MAGIC or KSU_INSTALL_MAGIC2, or magic2 matches with SUSFS_MAGIC but none of the susfs cmd is matched, then we should return a non-zero value like -EINVAL so that it can continue with the original flow. ## Upstream ## - See tiann/KernelSU@28fedfa -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 drivers: kernelsu: Update KernelSU-Next Version We have synced our local KernelSU Folder with latest KernelSU-Next commits. So let's make sure the version reflects this. kernel: Only check CONFIG_STACKPROTECTOR_PER_TASK on arm64 (tiann/KernelSU#3263) CONFIG_STACKPROTECTOR_PER_TASK does not exist on x86_64. This will fix building KSU on that arch. Fixes: tiann/KernelSU@baf3f7d Signed-off-by: hmtheboy154 <buingoc67@gmail.com> kernel: add missing attribute kernel: Provide own stackprotector symbol if necessary LineageOS uses a too new clang version to compile GKI kernel, and as a result, -mstack-protector-guard=sysreg is recognized by clang. In the end, CC_HAVE_STACKPROTECTOR_SYSREG is enabled and make __stack_chk_guard symbol not exported. Thus, provide our own symbol when necessary. ABI compatibility can be guaranteed because no task struct symbol will be changed. kernel & KernelSU (susfs (v2.0.0)): Implement SRCU for SUS_PATH -Deprecate CMD_SUSFS_SET_ANDROID_DATA_ROOT_PATH and CMD_SUSFS_SET_SDCARD_ROOT_PATH - The way we use RSCU instead RCU for SUS_PATH is because running kern_path() within RCU CS will trigger kernel bugs since it will sleep and wait, so here we need to use the sleepable RCU. - Remove deprcated CMDs: "CMD_SUSFS_SET_ANDROID_DATA_ROOT_PATH" and "CMD_SUSFS_SET_SDCARD_ROOT_PATH" -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Update descriptions in Kconfig -Sync with the official KernelSU main repo ## Upstream ## - See tiann/KernelSU@6484caf -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Fix susfs_run_sus_path_loop() not executing when kernel umount is disabled - Since the susfs_run_sus_path_loop() is placed in umount_tw_func(), but if ksu_module_mounted or ksu_kernel_umount_enabled is false, then the function will not be executed, so here we just add another new taskwork execlusive for all extra susfs functions that need to be executed after ksu_handle_umount() -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 drivers: kernelsu: Apply changes from pershoot allowlist It looks like in old pershoot commits a lot of pershoot/KernelSU-Next@56074f8 was missed in the allowlist.c file. Let's reapply everything to make sure we are up to date. kernel: Use ksu cred to save allowlist (tiann/KernelSU#3243) Some modules mess up allowlist context, which makes init not able to modify it. This workarounds tiann/KernelSU#3234. kernel: make clang-format happy kernel: refine stackprotector workaround (tiann/KernelSU#3264) feat: add late-load mode support (tiann/KernelSU#3258) Co-Authored-By: Ylarod <me@ylarod.cn> Co-Authored-By: Wang Han <416810799@qq.com> kernel: enforcing selinux at late-load mode kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271) Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC. kernel: upgrade ddk, use ddk-min (tiann/KernelSU#3280) - Validate `__versions` section in check_symbol to ensure lkm can be force loaded on some kernel. kernel: Fix RLIMIT_NPROC leak on root escape (tiann/KernelSU#3286) After `escape_to_root`, `cred->uid` changes, but `cred->user` and `cred->ucounts` remain unchanged. Because `cred->user` does not change, `commit_creds()` does not decrement the `ucounts` associated with the original UID. When `execve` is executed afterwards, `cred->user` still does not change, but `cred->ucounts` changes. This happens because `cred->uid` is now different from `cred->ucounts->uid`. However, since `cred->user` is still unchanged, `commit_creds()` still does not decrement the original `ucounts`. After this point, it can never be decremented anymore, because `exit` will only decrease the `ucounts` of the new UID. Since the original UID’s `ucounts` increases every time `su` is executed, it will eventually exceed the limit until it reaches the `rlimit` threshold. This fixes tiann/KernelSU#3214. Update KSU config to require EXT4_FS (tiann/KernelSU#3266) Add dependency on EXT4_FS for KernelSU support for `ext4_unregister_sysfs`. Signed-off-by: shadichy <shadichy@blisslabs.org> drivers: kernelsu: Update Git Version Change-Id: I35ce9f78626e054cc192322d2ec191c3285413d9
elpaablo
pushed a commit
to AlphaDroid-devices/kernel_oneplus_sm8550
that referenced
this pull request
Mar 26, 2026
drivers: Import Ksu-next 3.0.1 Change-Id: I2dd0030e2a72b2d21ce771284c99ec2a4c63b6ba Signed-off-by: Lunark :3 <jvillaltamatos3007@gmail.com> driver: kernelsu: Introduce SuSFS v2.0.0 - HEAD: 76caf8205dd1a94e84a868c5366b0b7306439913 -Cherry-picked and squashed from: https://github.com/pershoot/KernelSU-Next/tree/dev-susfs ..... kernel (susfs (v2.0.0)): Synced with official KernelSU main repo Author: simonpunk <simonpunk2016@gmail.com> Date: Mon Dec 15 20:03:01 2025 +0800 - See tiann/KernelSU@c95c2d7 -Makefile -> Kbuild (build-time info.) -Accommodate: 'Add mount namespace support 添加挂载命名空间支持 (#2909)' 'kernel: fix root_groups defs (#3028)' 'sulogv2' 'kernel, ksud, manager: Remove enhanced security feature' (https://github.com/KernelSU-Next/KernelSU-Next/pull/1035/commits) 'Explicitly check zygote start in execve hook' 'selinux: Cache SID lookups for domain checks' 'kernel: ksud: Refine rc injection' 'kernel: supercalls: expose spoof uname function to userspace' 'kernel: Fix setup_selinux using __task_cred directly' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Let ksud bootstrap Author: pershoot <190600+pershoot@users.noreply.github.com> Date: Mon Dec 29 21:36:12 2025 -0500 -Do not short-circuit; this will cause loss of root if this returns early (like on my / few specific device(s)) due to timing differences during init. kernel (susfs (v2.0.0)): Fixed ksu features not enabled and ksu fd not released Author: simonpunk <simonpunk2016@gmail.com> Date: Wed Dec 17 00:16:34 2025 +0800 -Synced with official KernelSU main repo - See tiann/KernelSU@91ed4ea -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Fixed compile error Author: simonpunk <simonpunk2016@gmail.com> Date: Sun Dec 21 01:30:55 2025 +0800 -Synced with official KernelSU main repo - See tiann/KernelSU@3d73f89 -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Synchronize with upstream Author: pershoot <190600+pershoot@users.noreply.github.com> Date: Tue Dec 30 06:39:56 2025 -0500 -'kernel (susfs (v2.0.0)): Let ksud bootstrap' -> 'KernelSU: Fixed root not accessible on some Samsung devices and AOSP devices' -Init. call at end; amend / add comments -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Fixed selinux issues by the fix from upstream Author: simonpunk <simonpunk2016@gmail.com> Date: Wed Dec 31 09:05:32 2025 +0800 -Remove ksu_enhanced_security_enabled check in ksu_handle_setresuid() since it may lead to side channel detection - For selinux issues, see tiann/KernelSU@f71d011 - For ksu_enhanced_security_enabled issue, Now no matter what value is set for the toggle "Enable enhanced security" in ksu manager, it will NOT be effective nor used to check in ksu_handle_setresuid() -Note: This was partially taken care of in: 'kernel (susfs (v2.0.0)): Synced with official KernelSU main repo' coinciding with: 'kernel, ksud, manager: Remove enhanced security feature' (https://github.com/KernelSU-Next/KernelSU-Next/pull/1035/commits) -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel & KernelSU (susfs (v2.0.0)): Added newfstatat syscall hook for handling latest Android Canary Author: simonpunk <simonpunk2016@gmail.com> Date: Sun Jan 11 21:48:35 2026 +0800 -Sycned with official KernelSU main repo - See tiann/KernelSU@df64091 -Note: Some of this was taken care of in: 'kernel (susfs (v2.0.0)): Synced with official KernelSU main repo' to coincide with: 'kernel: ksud: Refine rc injection, fix issue of Android Canary 2601' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Fix stat issue when injecting to init.rc for latest Android Canary and qpr3 beta2 Author: simonpunk <simonpunk2016@gmail.com> Date: Sat Jan 17 21:38:43 2026 +0800 - Sorry for my blinded eyes again since I did not read the references by the upstream fix carefully, it should hook fstat instead of newfstatat, and by hooking vfs_fstat we do not need to care which syscall family it uses -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Refined and renamed hide_sus_mnts_for_all_procs to hide_sus_mnts_for_non_su_procs Author: simonpunk <simonpunk2016@gmail.com> Date: Tue Jan 20 11:53:55 2026 +0800 - There is no good reason to even hide the sus mounts for su process at all and it makes ReZygisk not able to determine what to umount. - Now it can prevent zygote itself from caching the sus mounts while at the same time ReZyisk can still see them simply because the job is done by its daemon process which is running with su context. - So now the scenarios become like this: 1. No Zygisk enabled / ReZygisk enabled but without TreatWheel module => Enable hide_sus_mnts_for_non_su_procs in post-fs-data.sh, then disable hide_sus_mnts_for_non_su_procs in boot-completed.sh or leave it enabled. 2. [Zygisk Next|Rezygisk + TreatWheel|NeoZygisk] enabled => No need to enable/disable hide_sus_mnts_for_non_su_procs since they can handle traces left by zygote already. ** Friendly reminder ** - It is suggested to disable hide_sus_mnts_for_non_su_procs in boot-completed.sh since having it enabled will cause a bit more overheads unless there are sus mounts you do not want them to be umounted but do want them to be just hidden from proc mounts. -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Remove duplicated log and changed to a proper log message Author: simonpunk <simonpunk2016@gmail.com> Date: Wed Jan 21 12:56:39 2026 +0800 -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel & KernelSU (susfs (v2.0.0)): Replaced susfs_is_boot_completed_triggered with susfs_is_sdcard_android_data_decrypted Author: simonpunk <simonpunk2016@gmail.com> Date: Mon Feb 2 14:13:08 2026 +0800 -Sync with the official KernelSU main repo - 1st scene: There will be still some processes spawned by init after /data is decrypted, these processes will still go through the sucompat checks which takes more CPU cycle. 2nd scene: There can be some mounts mounted after /data is decrypted like yt rvx module, these mounts will leave a mnt_id gap or mnt_group_id gap if it is not a bind mount. So to mark no sucompat checks for all init spawned processes, and to capture the ksu mounts and leave no mnt_id/mnt_group_id gaps as much as possible, here we start a kthread after boot-completed stage to keep monitoring the accessbility of path /sdcard/Android/data in loop per 5 seconds with maximum 60 attempts. When it is accessible, we sleep for 5 more seconds just in case there are still some modules mounting stuff. On the contrary, the path will still be deemed as accessible after 60 failed attempts just to prevent infinite loop - For upstream commit, see tiann/KernelSU@35d8162 -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 kernel (susfs (v2.0.0)): Various fixes for SUS_PATH and SUS_MOUNT -plus overall code improvement and optimization Author: simonpunk <simonpunk2016@gmail.com> Date: Sat Feb 14 01:06:42 2026 +0800 - Remove the need of flagging /sdcard or /sdcard/Android/data, so we can just do "ksu_susfs add_sus_path </sdcard/TWRP|/sdcard/Android/data/com.example.myapp" for example. To completely prevent unicode exploit users can pick up the patches from here if needed: https://github.com/WildKernels/kernel_patches/blob/main/common/unicode_bypass_fix_6.1%2B.patch / https://github.com/WildKernels/kernel_patches/blob/main/common/unicode_bypass_fix_6.1-.patch - To deal with FUSE based path, first we check for the inode->i_sb->s_magic, if its magic is FUSE, then we use get_fuse_inode(inode) API to retrieve its fuse inode and flag SUS_PATH on fi->i_mapping->flags. - Remove overall overheads as we can now get rid of linked list to check for sus path in "/sdcard" and "/sdcard/Android/data", however, for add_sus_path_loop we still need it. But we can consider to use userspace inotify to watch specific paths and pass list of paths to add_sus_path when needed, that will reduce the overheads of iterating the SUS_PATH_LOOP linked list every time zygote spawns a new process. - Apply only on proc with uid >= 10000 and marked umounted. - Fixed deadlock and race issues, see 4803afa7 and 068ebeb3 - d_lookup(), __d_lookup() and __d_lookup_rcu() will just return NULL if no dcache is found, so we can just dput() the dentry and set it to NULL, no need to do extra lookup with fake qstr. - Use d_lookup_done(dentry) to make sure "dentry->d_flags &= ~DCACHE_PAR_LOOKUP" and "dentry->d_wait = NULL" if it is found sus, and re-use DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq); - Fix several race issues by using proper locks: down_read(&namespace_sem); // needed when manipulating mnt_namespace lock_ns_list(mnt_ns); // needed when traversing mnt_ns->list lock_mount_hash(); // needed when modifying mount -https: //gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 Change-Id: Ia5a2996b9da3f3e09d96ffeed7e104ba535f03ab fs: Patch Kernel With Susfs 2.0 - HEAD: f3b016179ce1542826b931a560bd9ac5d411f94f Change-Id: Ia5741cb2331dab6427377b7a7ee65b4b160a6fcd Signed-off-by: Lunark :3 <jvillaltamatos3007@gmail.com> kernelsu: Allow compatible manager apks Signed-off-by: Pranav Vashi <neobuddy89@gmail.com> drivers: Update KernelSU-Next Includes latest changes from pershoot: pershoot/KernelSU-Next@b875504 pershoot/KernelSU-Next@c67d746 drivers: Update KernelSU-Next to v3.1.0 This Includes the following commits from the KernelSU-Next Repo: kernel: use rcu to access allowlist, refactor get allowlist api: KernelSU-Next/KernelSU-Next@56074f8 kernel: Avoid malloc in remove_uid_from_arr() (#3099): KernelSU-Next/KernelSU-Next@6fb44f0 manager: remove kpatch-next hardoced shortcut and hidden launcher: KernelSU-Next/KernelSU-Next@498ad0e manager: add confirmation dialog for anykernel zip flashing: KernelSU-Next/KernelSU-Next@4855fa3 Revert: kernel (susfs (v2.0.0)): [TEMP] Disable KSU_SUSFS_SUS_KSTAT and KSU_SUSFS_OPEN_REDIRECT This commit was originally here: pershoot/KernelSU-Next@c67d746 as an attempt to fix no-boot issues. However it was later reverted. So we shall also revert it. drivers: kernelsu: Update KernelSU & Susfs [SQUASH] -if magigc2 does not matched with the magic of KSU or susfs; Synced with official KernelSU main repo ## Bug fix ## - One of the user reported that the ksu_handle_sys_reboot() can cause reboot with KSU Next but not with official KSU, and the related fix commmit is here: Evolution-X-Devices/kernel_xiaomi_sm8450@0eeab5a, tho I do not know why it causes the issue with some KSU Next users but indeed there are some bugs with the returned value as it may not resume the original flow and return directly. If magic2 does not match with SUSFS_MAGIC or KSU_INSTALL_MAGIC2, or magic2 matches with SUSFS_MAGIC but none of the susfs cmd is matched, then we should return a non-zero value like -EINVAL so that it can continue with the original flow. ## Upstream ## - See tiann/KernelSU@28fedfa -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 drivers: kernelsu: Update KernelSU-Next Version We have synced our local KernelSU Folder with latest KernelSU-Next commits. So let's make sure the version reflects this. kernel: Only check CONFIG_STACKPROTECTOR_PER_TASK on arm64 (tiann/KernelSU#3263) CONFIG_STACKPROTECTOR_PER_TASK does not exist on x86_64. This will fix building KSU on that arch. Fixes: tiann/KernelSU@baf3f7d Signed-off-by: hmtheboy154 <buingoc67@gmail.com> kernel: add missing attribute kernel: Provide own stackprotector symbol if necessary LineageOS uses a too new clang version to compile GKI kernel, and as a result, -mstack-protector-guard=sysreg is recognized by clang. In the end, CC_HAVE_STACKPROTECTOR_SYSREG is enabled and make __stack_chk_guard symbol not exported. Thus, provide our own symbol when necessary. ABI compatibility can be guaranteed because no task struct symbol will be changed. kernel & KernelSU (susfs (v2.0.0)): Implement SRCU for SUS_PATH -Deprecate CMD_SUSFS_SET_ANDROID_DATA_ROOT_PATH and CMD_SUSFS_SET_SDCARD_ROOT_PATH - The way we use RSCU instead RCU for SUS_PATH is because running kern_path() within RCU CS will trigger kernel bugs since it will sleep and wait, so here we need to use the sleepable RCU. - Remove deprcated CMDs: "CMD_SUSFS_SET_ANDROID_DATA_ROOT_PATH" and "CMD_SUSFS_SET_SDCARD_ROOT_PATH" -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Update descriptions in Kconfig -Sync with the official KernelSU main repo ## Upstream ## - See tiann/KernelSU@6484caf -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 KernelSU (susfs (v2.0.0)): Fix susfs_run_sus_path_loop() not executing when kernel umount is disabled - Since the susfs_run_sus_path_loop() is placed in umount_tw_func(), but if ksu_module_mounted or ksu_kernel_umount_enabled is false, then the function will not be executed, so here we just add another new taskwork execlusive for all extra susfs functions that need to be executed after ksu_handle_umount() -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 drivers: kernelsu: Apply changes from pershoot allowlist It looks like in old pershoot commits a lot of pershoot/KernelSU-Next@56074f8 was missed in the allowlist.c file. Let's reapply everything to make sure we are up to date. kernel: Use ksu cred to save allowlist (tiann/KernelSU#3243) Some modules mess up allowlist context, which makes init not able to modify it. This workarounds tiann/KernelSU#3234. kernel: make clang-format happy kernel: refine stackprotector workaround (tiann/KernelSU#3264) feat: add late-load mode support (tiann/KernelSU#3258) Co-Authored-By: Ylarod <me@ylarod.cn> Co-Authored-By: Wang Han <416810799@qq.com> kernel: enforcing selinux at late-load mode kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271) Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC. kernel: upgrade ddk, use ddk-min (tiann/KernelSU#3280) - Validate `__versions` section in check_symbol to ensure lkm can be force loaded on some kernel. kernel: Fix RLIMIT_NPROC leak on root escape (tiann/KernelSU#3286) After `escape_to_root`, `cred->uid` changes, but `cred->user` and `cred->ucounts` remain unchanged. Because `cred->user` does not change, `commit_creds()` does not decrement the `ucounts` associated with the original UID. When `execve` is executed afterwards, `cred->user` still does not change, but `cred->ucounts` changes. This happens because `cred->uid` is now different from `cred->ucounts->uid`. However, since `cred->user` is still unchanged, `commit_creds()` still does not decrement the original `ucounts`. After this point, it can never be decremented anymore, because `exit` will only decrease the `ucounts` of the new UID. Since the original UID’s `ucounts` increases every time `su` is executed, it will eventually exceed the limit until it reaches the `rlimit` threshold. This fixes tiann/KernelSU#3214. Update KSU config to require EXT4_FS (tiann/KernelSU#3266) Add dependency on EXT4_FS for KernelSU support for `ext4_unregister_sysfs`. Signed-off-by: shadichy <shadichy@blisslabs.org> drivers: kernelsu: Update Git Version Change-Id: I35ce9f78626e054cc192322d2ec191c3285413d9
maxsteeel
added a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
Mar 26, 2026
This reverts commit 6a0712f.
maxsteeel
added a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
Mar 26, 2026
This reverts commit 6a0712f.
fukazzz
pushed a commit
to fukazzz/KernelSU-Next
that referenced
this pull request
Mar 27, 2026
This reverts commit 6a0712f.
fukazzz
pushed a commit
to fukazzz/KernelSU-Next
that referenced
this pull request
Mar 27, 2026
This reverts commit 6a0712f.
fukazzz
pushed a commit
to fukazzz/KernelSU-Next
that referenced
this pull request
Mar 27, 2026
This reverts commit 6a0712f.
Flopster101
added a commit
to FlopKernel-Series/flop_s5e8825_kernel
that referenced
this pull request
Mar 27, 2026
690042684b17 ksud: fork daemon to run late-load mode (tiann/KernelSU#3334) e5910e8a3ca6 feat: ksud-managed emulated soft reboot (tiann/KernelSU#3291) cd424a1987e7 manager / userspace: Add soft reboot (setprop; zygote) 6e4be1931ddd kernel: handle ksud execve by syscall_hook_manager, use static_key 0081da96ca8e kernel: remove usage of get_current_cred 2e945fa53457 supercall: perform free_pid() calls for kernel 6.15+ (tiann/KernelSU#3331) ac5bb5d6cef7 kernel: allow exit 93d56b3562a4 feat: safe exit (tiann/KernelSU#3317) 9707560bda0b [PARTIAL] Bring back x86_64 support with a catch (tiann/KernelSU#3328) 7e1401e0797e kernel: Format a few tabs to spaces (supercalls; syscall_hook_manager) e05540f4f3c8 kernel: use syscall table hook to avoid running in atomic context 7bb9d00ab7a1 feat: support switch to init_group (tiann/KernelSU#3322) 4cfb2a188da1 ksud: refine resetprop cli (tiann/KernelSU#3330) 80c081181fe2 update prop-rs-android & resetprop 5380d17cf21d ksud: embeded resetprop impl (tiann/KernelSU#3300) 326d35396dcd manager: Update min. supported kernel version dd808f86c50f [PARTIAL] feat: jailbreak by Magica (tiann/KernelSU#3268) ca8295ad20be kernel: fix process marking for built-in mode (tiann/KernelSU#3284) 31668a6cdc3b New Crowdin updates (#1166) 2c901a93eb3f ksud: refine boot-patch (tiann/KernelSU#3281) 6d662163d5e8 Update KSU config to require EXT4_FS (tiann/KernelSU#3266) d3cb4403e78e kernel: Fix RLIMIT_NPROC leak on root escape (tiann/KernelSU#3286) bf36fbbb1827 kernel: upgrade ddk, use ddk-min (tiann/KernelSU#3280) 95f4378f03fa kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271) 4693f14b7ef2 kernel: enforcing selinux at late-load mode 948f47715d46 feat: add late-load mode support (tiann/KernelSU#3258) 1425864dd741 manager: fix padding for module screen 71363abb087b kernel: refine stackprotector workaround (tiann/KernelSU#3264) fa060a8ae98a kernel: make clang-format happy 6e112b77cea5 kernel: Only check CONFIG_STACKPROTECTOR_PER_TASK on arm64 (tiann/KernelSU#3263) 271b2be159b4 kernel: add missing attribute 6a04abc6f04c kernel: Provide own stackprotector symbol if necessary d4ff3e20a96c New Crowdin updates (#1164) bee5000d7b2a manager: fix navigation for superuser and module destination buttons 690c5a010998 manager: improve navigation route animations d2866a6235fe manager: refactor navigation route for navbar and save state for destination 7ccc5dd1bab6 manager: refactor settings screen bedfb626f70a manager: improved padding for column and snackbar b4434f9730b1 manager: fixed bugs and improve backup and restore ed7515a0331a manager: disable toggle when module uninstalled 947edfe6b285 manager: remove dead strings 9aac87ab86a1 manager: minor tweak to strings 44a68e8dbe11 manager: removed hardcoded string 6ac83131ef89 ksud & ksuinit: fix wrong GetInfoCmd struct (tiann/KernelSU#3256) 9034d6cf21aa manager: add new string 613e333ef152 New Crowdin updates (#1157) de4ecb778375 manager: refactor and improve module/allowkist backup.restore 565b4649f4df manager: minor tweak to statuscard d7d2161acc6d manager: tweak a string e1d5e1d34384 manager: flipped the toggle state of sucompat, avc spoof and kernel umount b34be75f4c98 manager: bring back susfs info userspace: bring back susfsd da897dec916a manager: some small ui improvements 117af6325f6d Revert "ksuinit: ignore has_kernelsu and load kernelsu module overriding in-built kernel driver" 8e12bfb7a4fc manager: New Crowdin updates (#1155) 1112651be043 manager: clean translations for newer ones 95f42b5c9fc3 manager: fix some warning ff1eef21c6f7 manager: add stars count for module and meta repo and some improvements 598c11eb58bf manager: added dynamic and improved shortcut icons 9534e710b30d manager: added pull to refresh for module repo and meta module repo screens 077a76b04c06 manager: fetch superuser and module lists from main activity instead e566750a23bb ksud: support patch cmdline b3920c81e0c0 kernel: Use ksu cred to save allowlist (tiann/KernelSU#3243) 4855fa3a8445 manager: add confirmation dialog for anykernel zip flashing 498ad0e30673 manager: remove kpatch-next hardoced shortcut and hidden launcher 6fb44f009cf5 kernel: Avoid malloc in remove_uid_from_arr() (#3099) 56074f8f425d kernel: use rcu to access allowlist, refactor get allowlist api 5282df73b3e2 manager: module card and supercard in homescreen is now again a destination button 66ca82356bba manager: remove custom colors for update text 64e6797f0ed4 manager: refactor createShortcut method to use module name and webuiIcon same as module screen 3a5b1a37a597 manager: refactor manager update downloads to allow variant selection (main / spoofed) ce31df03984a manager: expose shortcut js interface api to webui 1acb912fb55e manager: refactor module shortcuts, now supports all OS and auto fetch icons for shortcuts )actionIcon, webuiIcon) 8a8c3b71cf96 manager: add selinux permissive toggle b0aa292b1320 manager: added top p[adding for home and settings screen 134d8de6288a manager: make kernel umount, avc spoof and sucompat toggles persistent on reboots 738be77ac673 manager: make superuser items a card d2a4a9944651 manager: fix strings 37b608e8ea4b manager: use separate interaction source for switch item d9fc2f0838f7 manager: fix padding for settings card 95221f385c3c manager: add banners for meta module repo card and improve size of install button bada46a9dc2e manager: add banner for module repo 1cbfc8408439 manager: add non-free module repo toggler bf2430b93242 manager: ability to add more than 1 repo ca29917ed3ba feat: load module banner on newly installed modules (#1129) 4868b7850522 Update Home.kt 26d7f4766831 Update strings.xml 6ab4a99cf6c6 manager: fix some colors 000852fe2801 manager: removed ksu_toolkit and zygisk shortcuts e002435ad5fd manager: optimize destination route and fix navbar button highlights for non nabvar destination screens b541ec689bf2 manager: prevent duplicate navigation to Home in NavBar 3769b42d3d6e manager: fixed navbar & shortcut destination route e771de7038b4 manager: refactor nav route animations e1b511d010ea kernel: Kbuild: Remove duplicate extras.o e7e293c8803c kernel: use correct errno when add_try_umount failed (tiann/KernelSU#3212) 6aa18400f727 manager: back to home page first cf8b3a8a2cbc manager: don't enforce predictive back gesture 314fbc5a2cf4 manager: add license info label for module repo fa2035d74c78 manager infocard now collapseable ca8e56e0eec4 manager: make the navbar size better dynamic depending on screen sizes/dpi 95c2d2282174 manager: adjust navbar shape 1760b5f1d186 manager: fixed navbar padding for snackbar 51c8f77ec2ca manager: add visibility parameter for module repo json c7603568c889 manager: add a-z sorting and search button ad1a886069b4 manager add custom repo links 99d4ae98a0ec manager changed refresh button icon fbdc23bcb2bc manager: remove unnessary onsync button, now poull to reffresh fetches online templates too 11e4b1d77db1 manager: remove floating action buttons and added the action to topar 58faf4ebcef4 manager: implement hide and reveal floating navbar on scroll cadc1b0d8942 manager: fix padding for navbar items 63868c72d6f8 manager: improve floating navbar size 304c1a1cbe53 manager: add jelly transition for floating navbar buttons 6501accc4b58 manager: implement floating navbar 56006c50c50b manager: integrate module repo into module screen ec215a2fc1f5 kernel: Fix `setup_selinux` using `__task_cred` directly (tiann/KernelSU#3189) fe1fb51bfb48 manager: add flash anykernel intent 70a2749986d3 manager: add module/action shortcuts ec17843701da manager: add fileOutputStream interface to WebUi 26ff5aeee60b manager: load module list from online repo json 699d513af0fd manager: add essential tool install screen d86d45bc8123 manager: add meta module install screen cfaa5d66369d manager: turn screen off first before rebooting to recovery a32cb83c6227 kernel: Fix potential memory leaks (tiann/KernelSU#3170) (#1082) 5ce30b0658aa manager: support install lkm by flashing apk in recovery ab7b99e340f2 kernel: fix bad pointer dereference for uname spoof 2567adae77cd manager: slight improvements to module screen 0098eea89ef8 kernel: supercalls: expose spoof uname function to userspace ecd489bbe3ca kernel: improve Git repository detection for KernelSU versioning (tiann/KernelSU#3108) 5da83f740643 kernel: Prune legacy (4.x) support (#1072) 9b6c22b49de3 kernel: Use more reasonable symbol name for newfstatat 81cd9e8bf118 kernel: Fixing symbol names causing x64 kernel compilation failure (#3147) d8dbb7b16add Add Dynamic Shortcuts and Refactor Static Shortcuts (#1067) e822400c6beb kernel: ksud: Refine rc injection, fix issue of Android Canary 2601 cacd27e53e3d ksud: Update resetprop from Magisk v30.6 (#3144) (#1065) 8de61e2305d0 kernel: Clean up selinux.c (tiann/KernelSU#3132) 8112c52b3ec6 manager: hint kpnext launcher be503e2b20f4 manager: true edge-to-edge support ef7c36a806cf manager: add KPatch-Next webui shortcut for ksun icon in homescreen 333bb622fc8d manager: improve fetchAppList df4dc6b5e6e7 Revert "manager: redo fetchAppList onCreate" f97c6762bfdb manager: redo fetchAppList onCreate ad22de91571b kernel: check package name before check manager signature (tiann/KernelSU#3134) (#1052) 56879181aea0 selinux: Cache SID lookups for domain checks (tiann/KernelSU#3128) (#1051) 8a61e8a842c3 Update AnyKernel3 Flashing logic and logging (#1045) 81dc3fa9b9db kernel: extras: avc log spoofing a30c086e6c88 kernel: Explicitly check zygote start in execve hook (tiann/KernelSU#3113) (#1038) f6a07575a78a Merge pull request #1035 from pershoot/dev1 abddb91c0185 kernel: fix Wcalloc-transposed-args (tiann/KernelSU#3121) ae76a3c550f7 manager: removed global namespace toggle f1aedff26ce2 kernel: supercalls: expose ksuver override 42e6e4a5c259 manager: fix anykernel selection bug 36eb7e50a130 manager: expose anykernel flasher for non-gki devices 0968ef549717 ksud: manager: fix unresolved crates and sync with upstream 51b66579b7ac kernel: Ensure manager is valid before installing fd (#3115) 022030192926 kernel: use selinux_cred() method instead of directly use cred->security (#3111) 7ed5985393d5 manager: fix all warnings 90cb7d2e3166 ksuinit: use upstream (#3095) b03d21cd58da ksud: update dependencies (#3096) ae238d1c99c3 manager: add module donation button 2bb9ace01542 manager: add anykernel3 flashing support f832368d6aa9 kernel: bumping fallback ksu_version to avoid bad integer value for userspace a93546acf1b6 workflow: combine normal and spoofed manager build in a single workflow 81c604ada8b4 kernel: append to init.rc instead of prepending to atrace.rc (tiann/KernelSU#3107) (#1017) a630cd8f5cd3 manager: refactor getZygiskImplementation 3e141e6afa20 manager: determine partition recommendation for patching based on kernel version instead of android release suffix 93e37eda1802 kernel: Update build setup (#1010) 0a05bd2127b6 manager: better working mode status 2031a08d78af manager: show superuser app uid with dev options 56471673e552 kernel: supercalls: allow userspace to pull list entries (tiann#3040) 83a45a356ad1 sulogv2 08dab4640149 ksuinit: update dependencies and migrate to 2024 (#3088) 7fc17d05bb79 kernel: fix kvrealloc compatibility (#3089) d017265508cc kernel: use kvrealloc 8a03b707f33d manager: fix app icons not loading in webui-next 1e8e3f05e454 kernel: adjust ioctl IDs to avoid future ioctl conflicts b3f15f277d5c manager: add webview padding if no request from insets css (#3083) - Also expose ksu.enableInsets() for js to enable/disable webview insets. - Since not all webui support insets, insets now is disabled by default, but if web request resource from `internal/insets.css`, insets will be enabled once automatically. - No changes are required for current WebUI. This makes insets feature fully opt-in only, web that doesn't support inset will not be affected anymore. - Usecase: if a webui want to use inset, it can request insets css at first, but if it want to load external webpage in current window afterwards then it can use ksu.enableInsets(false) to disable insets. 3b5f477caa5c kernel: Allocate fake struct on heap (#3081) 43287bda1fa0 manager: Remove androidCmakeVersion bce771bbd81f kernel: release seccomp filter (#3077) 11695a116c83 kernel: setuid_hook: Remove unused includes and function (#3072) c0944eb47235 kernel: Refactor file_wrapper (#3070) b606f0ab8c91 manager: add better nesting for toggles of supported features c1f113e86115 manager: fix enhanced security toggle state being inverted 66af7707bc5c manager: add avc spoof toggle 52b7fc033b77 ksud: add avc spoof to feature bc3763763bb1 kernel: extras: add avc spoof impl c298676e9ef4 manager: fix and improve intent handling to avoid creating new instances b8db8c84917e manager: add meta module implementation name and version f1ef1bdbc26b ksuinit: ignore has_kernelsu and load kernelsu module overriding in-built kernel driver 0041fe576749 manager: improve settings screen 6115d8e9598f manager: refactor amoled mode to take effect immedietly instead of restarting activity 899f900cbeaf kernel: fix check format again (#3071) 872e1b8def3c kernel: fix root_groups defs (#3028) 8490b4655ae9 Add mount namespace support 添加挂载命名空间支持 (#2909) 185362fe8d49 manager: improve exit and enter transition animations 2de3c864e4c2 manager: improve restart function to avoid activity crash 9b7c1e4ffb88 Merge pull request #936 from fatalcoder524/add-shortcuts f9fe9f6df1a0 kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot this is for debug and testing, this is locked to uid0 only anyway so I dont see issues. 5dc52a42cb00 manager: implement new method to get manager app uid (fix developer mode crash) c5d2b28c9f87 kernel: sulog: basic ringbuffer su log 65e226e796cc manager: add zygisk impl module indicator label item in module card cfa949a16bc3 manager: add meta module indicator label item in module card 7bcd00675d04 manager: fix tertiary label item color combination on amoled mode 2277612dcd80 src: removed more unused files 0829cb5035f3 ksud: add back KSU_NEXT variable to scripts environment ca24c0d2156c manager: fix applist fetching twice causing a crash if spammed open and close ec05b5c4c669 manager: bring back module restoration from backups df2ce803ce4c remove some unused files (#3034) e27687f359eb ci: Correct the file paths checked by clang-format; change trigger path in clang-format workflow (#3063) da81be97c5a4 kernel: reformat codes, add workflow to check format (#3062) 0ee37f60e639 ksud: Decrease log level on release build (#3058) 1b626e5a2b29 kernel: Install manager fd in task work (#3057) 1e119d30f395 ci: move ksuinit build to a single workflow (#3054) - This allow ksud-extras to include ksuinit. - Remove x64 ksuinit since there is no lkm for x64. 365ad88a9815 kernel: Use GFP_ATOMIC for atomic context (#3052) 919953e98d4f kernel: Identify manager without PER_USER_RANGE (#3038) 3ad5286f5603 ci: Fix cargo deps 1d81eca42036 ci: Run rust checks for ksuinit and fix them e4d02c8dd19e ci: add ksuinit (#3026) d837b01cbe1e kernel: use $(CC) for check_symbol target (#3041) ce3a89c8aa3b kernel: check lkm symbols (#3035) f8df04342f73 kernel: use our cred to unmount, remove sepolicy of zygote (#3032) 084152e9365a support kernel 6.18 (#2999) 37e48432e732 kernel: escape to ksu domain in execve hook, remove sepolicy between … (#3031) 84a0506da7b0 kernel: Remove sepolicy of kernel domain 50968fe52295 ksud: more verbose log (#3021) 36075e36aeff kernel: Remove second stage init handling for old system 8ccbd93bc437 ksud: Add process info in bugreport (#3014) cc31437d1049 kernel: Move kernel part build rules from Makefile to Kbuild (#3003) 8a74951080d1 manager: fix webui load indefenitely if app list is not initialized (#3012) edf8e48e4bdf workflow: always sign manager REVERT: f448093b05ec Revert "kernel: Explicitly check zygote start in execve hook (tiann/KernelSU#3113) (#1038)" REVERT: ba4422f0556e kernel: implement susfs v2.0.0 de-inlined with try_umount feature This is heavily modified susfs without inline hooks from the upstream susfs. REVERT: 357644070bc4 kernel: sync KSU_VERSION with v3.1.0 stable tag REVERT: ff629805ce25 kernel: Avoid malloc in remove_uid_from_arr() REVERT: 1a608613beed kernel: use rcu to access allowlist, refactor get allowlist api REVERT: 119b36986b37 kernel: don't use "reset seccomp filter count when escaping to root" for kernel version <5.9.0 REVERT: fe83b2d09385 kernel: sync KSU_VERSION wit dev branch REVERT: 8174393b324f kernel: use correct errno when add_try_umount failed (tiann/KernelSU#3212) REVERT: 0a815847e311 kernel: supercalls: take sulog_init_heap() out of kprobes guard to fix sulog for manual hooks REVERT: 1fe50d167faf kernel: Kbuild: Remove duplicate extras.o REVERT: 85dde0cdee93 kernel: ksud: Restore init.rc injection for manual hooks REVERT: 6f532c03eb48 kernel: sync KSU_VERSION with dev branch REVERT: d772243558ef kernel: Fix `setup_selinux` using `__task_cred` directly (tiann/KernelSU#3189) REVERT: c24b3a1ea664 kernel: ksud: read: add fallback to /init.rc REVERT: 57abef815abb kernel: improve Git repository detection for KernelSU versioning (tiann/KernelSU#3108) REVERT: 93c1961049e3 kernel: Use more reasonable symbol name for newfstatat REVERT: 8d7f119ce4ee kernel: Fixing symbol names causing x64 kernel compilation failure (#3147) REVERT: f9df4c57f359 kernel: ksud: Refine rc injection, fix issue of Android Canary 2601 REVERT: b966ce86d937 kernel: Clean up selinux.c (tiann/KernelSU#3132) REVERT: 21058f79bd5c kernel: Explicitly check zygote start in execve hook (tiann/KernelSU#3113) (#1038) REVERT: 863c18044bc8 kernel: remove innecesary code in ksud.c REVERT: 107de9c16a3c kernel: check package name before check manager signature (tiann/KernelSU#3134) (#1052) REVERT: 46644093b2ce selinux: Cache SID lookups for domain checks (tiann/KernelSU#3128) (#1051) REVERT: ed226983e1ad kernel: Fix potential memory leaks (tiann/KernelSU#3170) (#1082) REVERT: 5e276d4ed3eb kernel: abort manual hook compilation if not found ksu_handle_sys_reboot (#1093) REVERT: 8002f622b76d kernel: supercalls: expose spoof uname function to userspace (#1081) REVERT: 511dfff82181 kernel: remove unnecesary duplicated code in sys_reboot (#1073) REVERT: 00127f2dee0d Revert "kernel: ksud: migrate init.rc handling to security_file_permission LSM" (#1056) REVERT: d7de833a9c67 Sync legacy with dev branch and update scope minimized manual hooks 1.7 (#1047) REVERT: 0356464d9a4e kernel: fix ksu_handle_faccessat hook not found for manual hook check REVERT: bab4d90a65e8 Merge pull request #1029 from maxsteeel/legacy REVERT: 1551e9a0eec2 kernel: set KSU_KPROBES_HOOK if not defined KSU_MANUAL_HOOK REVERT: 919b79a60835 kernel: apk_sign: fix return check for ksu_sha256 REVERT: 8c0c055f93f1 kernel: supercalls: expose ksuver override REVERT: 5712ea72e663 kernel: Add some backports and remove some compatibility code REVERT: d20831e4ebd1 kernel: remove unused cflags REVERT: 70830cb12271 kernel: update sulogv2 REVERT: 90ce7c45f3db kernel: Explicitly check zygote start in execve hook REVERT: 69e9fa30cca5 kernel: Ensure manager is valid before installing fd (#3115) REVERT: b68370790476 kernel: use selinux_cred() method instead of directly use cred->security (#3111) REVERT: fd7bb77a4164 kernel: bumping fallback ksu_version to avoid bad integer value for userspace REVERT: 800a7a203071 sync legacy with dev branch and other things (#1021) REVERT: a7a85040f13f fix issues in legacy branch (#1007) REVERT: 391eb9129e86 kernel: legacy, add missing early return in ksu_handle_execveat_sucompat (#1009) REVERT: 3d303237dcb8 kernel: correct header guard in seccomp_cache.h REVERT: 5f4c923db1d8 kernel: sync KSU_VERSION with dev branch REVERT: 5abd0cbdcfff sync legacy branch with dev branch (#998) REVERT: cfd00daefb84 kernel: fix compilation errors in non-gki kernels (#996) REVERT: 4f8090cdc273 fix some issues in legacy branch (#995) REVERT: a93da680ebad add support for legacy/non-gki kernels (#976) git-subtree-dir: drivers/kernelsu git-subtree-split: 690042684b17064f228278d35f51b54f5b6d0224
sidex15
pushed a commit
to sidex15/KernelSU-Next
that referenced
this pull request
Mar 28, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
sidex15
pushed a commit
to sidex15/KernelSU-Next
that referenced
this pull request
Mar 28, 2026
This reverts commit 6a0712f.
fukazzz
pushed a commit
to fukazzz/KernelSU-Next
that referenced
this pull request
Mar 28, 2026
This reverts commit 6a0712f.
TheMysticle
pushed a commit
to crdroidandroid/android_kernel_xiaomi_sm8550
that referenced
this pull request
Mar 29, 2026
kernel: make clang-format happy kernel: refine stackprotector workaround (tiann/KernelSU#3264) feat: add late-load mode support (tiann/KernelSU#3258) kernel: enforcing selinux at late-load mode kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271) Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC. kernel: upgrade ddk, use ddk-min (tiann/KernelSU#3280) - Validate `__versions` section in check_symbol to ensure lkm can be force loaded on some kernel. kernel: Fix RLIMIT_NPROC leak on root escape (tiann/KernelSU#3286) After `escape_to_root`, `cred->uid` changes, but `cred->user` and `cred->ucounts` remain unchanged. Because `cred->user` does not change, `commit_creds()` does not decrement the `ucounts` associated with the original UID. When `execve` is executed afterwards, `cred->user` still does not change, but `cred->ucounts` changes. This happens because `cred->uid` is now different from `cred->ucounts->uid`. However, since `cred->user` is still unchanged, `commit_creds()` still does not decrement the original `ucounts`. After this point, it can never be decremented anymore, because `exit` will only decrease the `ucounts` of the new UID. Since the original UID’s `ucounts` increases every time `su` is executed, it will eventually exceed the limit until it reaches the `rlimit` threshold. This fixes tiann/KernelSU#3214. Update KSU config to require EXT4_FS (tiann/KernelSU#3266) Add dependency on EXT4_FS for KernelSU support for `ext4_unregister_sysfs`. Signed-off-by: shadichy <shadichy@blisslabs.org> Co-Authored-By: Ylarod <me@ylarod.cn> Co-Authored-By: Wang Han <416810799@qq.com>
osm1019
pushed a commit
to osm1019/kernel_oneplus_sm8750
that referenced
this pull request
Mar 29, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
fatalcoder524
added a commit
to fatalcoder524/Wild_KSU
that referenced
this pull request
Mar 30, 2026
This reverts commit 95f4378.
fatalcoder524
added a commit
to fatalcoder524/Wild_KSU
that referenced
this pull request
Mar 30, 2026
This reverts commit 95f4378.
fatalcoder524
added a commit
to fatalcoder524/Wild_KSU
that referenced
this pull request
Mar 30, 2026
This reverts commit 95f4378.
raebaexxx
pushed a commit
to raebaexxx/kernel_xiaomi_sm8550
that referenced
this pull request
Mar 30, 2026
kernel: make clang-format happy kernel: refine stackprotector workaround (tiann/KernelSU#3264) feat: add late-load mode support (tiann/KernelSU#3258) kernel: enforcing selinux at late-load mode kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271) Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC. kernel: upgrade ddk, use ddk-min (tiann/KernelSU#3280) - Validate `__versions` section in check_symbol to ensure lkm can be force loaded on some kernel. kernel: Fix RLIMIT_NPROC leak on root escape (tiann/KernelSU#3286) After `escape_to_root`, `cred->uid` changes, but `cred->user` and `cred->ucounts` remain unchanged. Because `cred->user` does not change, `commit_creds()` does not decrement the `ucounts` associated with the original UID. When `execve` is executed afterwards, `cred->user` still does not change, but `cred->ucounts` changes. This happens because `cred->uid` is now different from `cred->ucounts->uid`. However, since `cred->user` is still unchanged, `commit_creds()` still does not decrement the original `ucounts`. After this point, it can never be decremented anymore, because `exit` will only decrease the `ucounts` of the new UID. Since the original UID’s `ucounts` increases every time `su` is executed, it will eventually exceed the limit until it reaches the `rlimit` threshold. This fixes tiann/KernelSU#3214. Update KSU config to require EXT4_FS (tiann/KernelSU#3266) Add dependency on EXT4_FS for KernelSU support for `ext4_unregister_sysfs`. Signed-off-by: shadichy <shadichy@blisslabs.org> Co-Authored-By: Ylarod <me@ylarod.cn> Co-Authored-By: Wang Han <416810799@qq.com>
ziomek3120
pushed a commit
to ziomek3120/android_kernel_oneplus_sm8750
that referenced
this pull request
Mar 30, 2026
kernel: make clang-format happy kernel: refine stackprotector workaround (tiann/KernelSU#3264) feat: add late-load mode support (tiann/KernelSU#3258) kernel: enforcing selinux at late-load mode kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271) Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC. kernel: upgrade ddk, use ddk-min (tiann/KernelSU#3280) - Validate `__versions` section in check_symbol to ensure lkm can be force loaded on some kernel. kernel: Fix RLIMIT_NPROC leak on root escape (tiann/KernelSU#3286) After `escape_to_root`, `cred->uid` changes, but `cred->user` and `cred->ucounts` remain unchanged. Because `cred->user` does not change, `commit_creds()` does not decrement the `ucounts` associated with the original UID. When `execve` is executed afterwards, `cred->user` still does not change, but `cred->ucounts` changes. This happens because `cred->uid` is now different from `cred->ucounts->uid`. However, since `cred->user` is still unchanged, `commit_creds()` still does not decrement the original `ucounts`. After this point, it can never be decremented anymore, because `exit` will only decrease the `ucounts` of the new UID. Since the original UID’s `ucounts` increases every time `su` is executed, it will eventually exceed the limit until it reaches the `rlimit` threshold. This fixes tiann/KernelSU#3214. Update KSU config to require EXT4_FS (tiann/KernelSU#3266) Add dependency on EXT4_FS for KernelSU support for `ext4_unregister_sysfs`. Signed-off-by: shadichy <shadichy@blisslabs.org> Co-Authored-By: Ylarod <me@ylarod.cn> Co-Authored-By: Wang Han <416810799@qq.com>
xvergilantte
pushed a commit
to xvergilantte/KernelSU-Next
that referenced
this pull request
Mar 31, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
xvergilantte
pushed a commit
to xvergilantte/KernelSU-Next
that referenced
this pull request
Mar 31, 2026
This reverts commit 6a0712f.
Flopster101
added a commit
to FlopKernel-Series/flop_exynos2100_kernel
that referenced
this pull request
Apr 2, 2026
5335c5314df5 kernel: Kbuild: align KVER with dev branch changes 1cc0e7fa1142 kernel: selinux: fix slow path string comparison and remove dead code 44f24db348f3 kernel: compat: resolve mount math bugs, dead code, and memory allocation abuse ddbee0d81d63 kernel: throne_tracker: resolve race condition in async kworker state fd73431c1327 kernel: remove util.c and try_set_access_flag dead code 445e59b324cb kernel: hook_manager: resolve spinlock deadlocks and unsafe memory reads 8ac801eff44c kernel: lsm_hooks: fix race conditions, remove dead code and optimize logging e31482fc72f8 kernel: lsm_hooks: resolve strict signature mismatch and dentry anti-pattern a0cc442acd97 kernel: app_profile: remove dead mount namespace code 041c5388eab5 kernel: supercalls: prevent integer overflow and clean up dead code 9fd8a9e54044 kernel: setuid_hook: untangle preprocessor macros and prevent NULL pointer panic e3e7a8ae566d kernel: ksud: prevent atomic panics and fix 32-bit compat in fstat kretprobe 49a0fdc00fad fix(ksud): remove unsafe memory access hacks in execve kprobe b6724909dddc kernel: sucompat: align userspace stack buffer to 16 bytes fa88c188efd2 kernel: sucompat: safely read execve paths without preempt/access-flag hacks a0c6f9db8309 kernel: apk_sign: Optimize I/O reads in ZIP parsing loop for APK signature check 34eed292db73 kernel: apk_sign: Optimize EOCD signature search loop 3ab5830daa9c kernel: allowlist: optimize `ksu_get_root_profile` linear scan 296d4304dac5 kernel: throne_tracker: fixup deadlocks on iterate_dir e7351cf63506 kernel: throne_tracker: offload runtime tracking to delayed_work 8999162c19ac kernel: allowlist: use workqueue instead of init task_work for saving 1669edd4295a selinux: add compatibility for pre-4.12 kernels 37b80158f211 kernel: susfs: move susfs selinux related functions under 'out_flush:' 5074c2599bc9 kernel: selinux/rules: drop CPU pinning hacks and restore native rwlock 75b639edcd96 kernel: lsm_hooks: prevent VFS deadlocks and optimize permission checks c4b17ea2cc0b Revert "kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271)" dfac50c9589b fix: restore missing LSM init for built-in/manual hooks 4cea4d224974 kernel: selinux/rules: backport handle_sepolicy to legacy policydb 4d3f1f1ca22c kernel: legacy support for new sepolicy on legacy kernels b8f7ef3fb2e0 feat: jailbreak by Magica (tiann/KernelSU#3268) b8e6149f9b5c kernel: sync KSU_VERSION with dev branch 8f26e604df98 kernel: fix process marking for built-in mode (tiann/KernelSU#3284) e53aa34255c6 kernel: Fix RLIMIT_NPROC leak on root escape (tiann/KernelSU#3286) 398fa76739af kernel: upgrade ddk, use ddk-min (tiann/KernelSU#3280) d94f3320557c kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271) db2c57d6765b kernel: enforcing selinux at late-load mode 3d242dc46040 feat: add late-load mode support (tiann/KernelSU#3258) cca62ccbdead kernel: refine stackprotector workaround (tiann/KernelSU#3264) f17790beb65e kernel: make clang-format happy 1ea7ec6f8722 kernel: Only check CONFIG_STACKPROTECTOR_PER_TASK on arm64 (tiann/KernelSU#3263) 06cfab30b767 kernel: add missing attribute 13a0b6706ca3 kernel: Provide own stackprotector symbol if necessary e8e683642547 kernel: Use ksu cred to save allowlist (tiann/KernelSU#3243) 3725ef59eba6 kernel: susfs: update to latest upstream susfs 7a9e87cf1c37 kernel: susfs: update to upstream susfs bbf0906f7df7 kernel: Avoid malloc in remove_uid_from_arr() (#3099) 9e91a8f83f3a kernel: use rcu to access allowlist, refactor get allowlist api e9b5763ba2f6 Merge branch 'KernelSU-Next:legacy' into legacy 18f4d3442533 Revert "kernel: Explicitly check zygote start in execve hook" 5bf892e5d55e Merge branch 'KernelSU-Next:legacy' into legacy 695466596d46 Merge branch 'KernelSU-Next:legacy' into legacy 702e8cac8b98 kernel: Replaced susfs_is_boot_completed_triggered with susfs_is_sdcard_android_data_decrypted 2e595f8a7e0e kernel: implement susfs v2.0.0 de-inlined with try_umount feature REVERT: d8fa0fc817b3 kernel: Use ksu cred to save allowlist (tiann/KernelSU#3243) REVERT: 8f39f4a163e0 Revert "kernel: Explicitly check zygote start in execve hook (tiann/KernelSU#3113) (#1038)" REVERT: 1ce19e536de7 kernel: sync KSU_VERSION with v3.1.0 stable tag REVERT: ff629805ce25 kernel: Avoid malloc in remove_uid_from_arr() REVERT: 1a608613beed kernel: use rcu to access allowlist, refactor get allowlist api git-subtree-dir: drivers/kernelsu git-subtree-split: 5335c5314df561daab9341ad3f86eb4fc91229e7
Flopster101
added a commit
to FlopKernel-Series/flop_trinket-mi_kernel
that referenced
this pull request
Apr 2, 2026
5335c5314df5 kernel: Kbuild: align KVER with dev branch changes 1cc0e7fa1142 kernel: selinux: fix slow path string comparison and remove dead code 44f24db348f3 kernel: compat: resolve mount math bugs, dead code, and memory allocation abuse ddbee0d81d63 kernel: throne_tracker: resolve race condition in async kworker state fd73431c1327 kernel: remove util.c and try_set_access_flag dead code 445e59b324cb kernel: hook_manager: resolve spinlock deadlocks and unsafe memory reads 8ac801eff44c kernel: lsm_hooks: fix race conditions, remove dead code and optimize logging e31482fc72f8 kernel: lsm_hooks: resolve strict signature mismatch and dentry anti-pattern a0cc442acd97 kernel: app_profile: remove dead mount namespace code 041c5388eab5 kernel: supercalls: prevent integer overflow and clean up dead code 9fd8a9e54044 kernel: setuid_hook: untangle preprocessor macros and prevent NULL pointer panic e3e7a8ae566d kernel: ksud: prevent atomic panics and fix 32-bit compat in fstat kretprobe 49a0fdc00fad fix(ksud): remove unsafe memory access hacks in execve kprobe b6724909dddc kernel: sucompat: align userspace stack buffer to 16 bytes fa88c188efd2 kernel: sucompat: safely read execve paths without preempt/access-flag hacks a0c6f9db8309 kernel: apk_sign: Optimize I/O reads in ZIP parsing loop for APK signature check 34eed292db73 kernel: apk_sign: Optimize EOCD signature search loop 3ab5830daa9c kernel: allowlist: optimize `ksu_get_root_profile` linear scan 296d4304dac5 kernel: throne_tracker: fixup deadlocks on iterate_dir e7351cf63506 kernel: throne_tracker: offload runtime tracking to delayed_work 8999162c19ac kernel: allowlist: use workqueue instead of init task_work for saving 1669edd4295a selinux: add compatibility for pre-4.12 kernels 37b80158f211 kernel: susfs: move susfs selinux related functions under 'out_flush:' 5074c2599bc9 kernel: selinux/rules: drop CPU pinning hacks and restore native rwlock 75b639edcd96 kernel: lsm_hooks: prevent VFS deadlocks and optimize permission checks c4b17ea2cc0b Revert "kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271)" dfac50c9589b fix: restore missing LSM init for built-in/manual hooks 4cea4d224974 kernel: selinux/rules: backport handle_sepolicy to legacy policydb 4d3f1f1ca22c kernel: legacy support for new sepolicy on legacy kernels b8f7ef3fb2e0 feat: jailbreak by Magica (tiann/KernelSU#3268) b8e6149f9b5c kernel: sync KSU_VERSION with dev branch 8f26e604df98 kernel: fix process marking for built-in mode (tiann/KernelSU#3284) e53aa34255c6 kernel: Fix RLIMIT_NPROC leak on root escape (tiann/KernelSU#3286) 398fa76739af kernel: upgrade ddk, use ddk-min (tiann/KernelSU#3280) d94f3320557c kernel: sepolicy: use GFP_KERNEL (tiann/KernelSU#3271) db2c57d6765b kernel: enforcing selinux at late-load mode 3d242dc46040 feat: add late-load mode support (tiann/KernelSU#3258) cca62ccbdead kernel: refine stackprotector workaround (tiann/KernelSU#3264) f17790beb65e kernel: make clang-format happy 1ea7ec6f8722 kernel: Only check CONFIG_STACKPROTECTOR_PER_TASK on arm64 (tiann/KernelSU#3263) 06cfab30b767 kernel: add missing attribute 13a0b6706ca3 kernel: Provide own stackprotector symbol if necessary e8e683642547 kernel: Use ksu cred to save allowlist (tiann/KernelSU#3243) 3725ef59eba6 kernel: susfs: update to latest upstream susfs 7a9e87cf1c37 kernel: susfs: update to upstream susfs bbf0906f7df7 kernel: Avoid malloc in remove_uid_from_arr() (#3099) 9e91a8f83f3a kernel: use rcu to access allowlist, refactor get allowlist api e9b5763ba2f6 Merge branch 'KernelSU-Next:legacy' into legacy 18f4d3442533 Revert "kernel: Explicitly check zygote start in execve hook" 5bf892e5d55e Merge branch 'KernelSU-Next:legacy' into legacy 695466596d46 Merge branch 'KernelSU-Next:legacy' into legacy 702e8cac8b98 kernel: Replaced susfs_is_boot_completed_triggered with susfs_is_sdcard_android_data_decrypted 2e595f8a7e0e kernel: implement susfs v2.0.0 de-inlined with try_umount feature REVERT: f448093b05ec Revert "kernel: Explicitly check zygote start in execve hook (tiann/KernelSU#3113) (#1038)" REVERT: ba4422f0556e kernel: implement susfs v2.0.0 de-inlined with try_umount feature This is heavily modified susfs without inline hooks from the upstream susfs. REVERT: 357644070bc4 kernel: sync KSU_VERSION with v3.1.0 stable tag REVERT: ff629805ce25 kernel: Avoid malloc in remove_uid_from_arr() REVERT: 1a608613beed kernel: use rcu to access allowlist, refactor get allowlist api git-subtree-dir: drivers/kernelsu git-subtree-split: 5335c5314df561daab9341ad3f86eb4fc91229e7
Haywood69
pushed a commit
to Haywood69/kernel_oneplus_sm8750
that referenced
this pull request
Apr 5, 2026
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.
maxsteeel
added a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
Apr 11, 2026
This reverts commit 55b2208.
maxsteeel
added a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
Apr 11, 2026
This reverts commit 55b2208.
maxsteeel
added a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
Apr 11, 2026
This reverts commit 55b2208.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Now that all sepolicy functions are called from a normal context, we can stop using GFP_ATOMIC.