kernel: throne_tracker: move throne_tracker to kthread with spinlocks

acroreiser · backslashxx · commit 418b5d8497c1 · 2025-06-08T17:24:41.000+08:00
Run throne_tracker() in kthread instead of blocking the caller. Prevents full lockup during installation and removing the manager. First run remains synchronous for compatibility purposes. Changes: - look for manager UID in /data/system/packages.list - run track_throne() in a kthread after the first synchronous run - prevents duplicate thread creation with a single-instance check - use spinlock-based access control (spin_trylock/spin_unlock), instead of mutex - add missing path_put() Based on the following changes: `kernelsu: move throne_tracker() to kthread` - acroreiser/android_kernel_lge_hammerhead@8783bad `kernelsu: check locking before accessing files and dirs during searching manager` - acroreiser/android_kernel_lge_hammerhead@b8a00ee `kernelsu: look for manager UID in /data/system/packages.list, not /data/system/packages.list.tmp` - acroreiser/android_kernel_lge_hammerhead@0b05e92 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
diff --git a/kernel/apk_sign.c b/kernel/apk_sign.c
@@ -187,6 +187,17 @@ static __always_inline bool check_v2_signature(char *path,
 	bool v3_1_signing_exist = false;
 
 	int i;
+	struct path kpath;
+	if (kern_path(path, 0, &kpath))
+		return false;
+
+	if (!spin_trylock(&kpath.dentry->d_lock)) {
+		path_put(&kpath);
+		return false;
+	}
+	spin_unlock(&kpath.dentry->d_lock);
+	path_put(&kpath);
+
 	struct file *fp = ksu_filp_open_compat(path, O_RDONLY, 0);
 	if (IS_ERR(fp)) {
 		pr_err("open %s error.\n", path);
diff --git a/kernel/throne_tracker.c b/kernel/throne_tracker.c
@@ -13,9 +13,13 @@
 #include "throne_tracker.h"
 #include "kernel_compat.h"
 
+#include <linux/kthread.h>
+#include <linux/sched.h>
+
 uid_t ksu_manager_uid = KSU_INVALID_UID;
 
-#define SYSTEM_PACKAGES_LIST_PATH "/data/system/packages.list.tmp"
+static struct task_struct *throne_thread;
+#define SYSTEM_PACKAGES_LIST_PATH "/data/system/packages.list"
 
 struct uid_data {
 	struct list_head list;
@@ -241,6 +245,17 @@ void search_manager(const char *path, int depth, struct list_head *uid_data)
 						      .depth = pos->depth,
 						      .stop = &stop };
 			struct file *file;
+			struct path kpath;
+
+			if (kern_path(path, 0, &kpath))
+				goto skip_iterate;
+
+			if (!spin_trylock(&kpath.dentry->d_lock)) {
+				path_put(&kpath);
+				goto skip_iterate;
+			}
+			spin_unlock(&kpath.dentry->d_lock);
+			path_put(&kpath);
 
 			if (!stop) {
 				file = ksu_filp_open_compat(pos->dirpath, O_RDONLY | O_NOFOLLOW, 0);
@@ -284,7 +299,7 @@ static bool is_uid_exist(uid_t uid, char *package, void *data)
 	return exist;
 }
 
-void track_throne()
+static void track_throne_function()
 {
 	struct file *fp =
 		ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0);
@@ -379,6 +394,35 @@ void track_throne()
 	}
 }
 
+static int throne_tracker_thread(void *data)
+{
+	pr_info("%s: pid: %d started\n", __func__, current->pid);
+	track_throne_function();
+	throne_thread = NULL;
+	pr_info("%s: pid: %d exit!\n", __func__, current->pid);
+	return 0;
+}
+
+void track_throne()
+{
+	static bool throne_tracker_first_run = true;
+	if (throne_tracker_first_run) {
+		// be locking on first run, workaround for some kernels
+		track_throne_function();
+		throne_tracker_first_run = false;
+		return;
+	}
+
+	if (throne_thread != NULL) // single instance lock
+		return;
+
+	throne_thread = kthread_run(throne_tracker_thread, NULL, "throne_tracker");
+	if (IS_ERR(throne_thread)) {
+		throne_thread = NULL;
+		return;
+	}
+}
+
 void ksu_throne_tracker_init()
 {
 	// nothing to do
