From 91df9a771b3dad1ef44b4f8401cb461ee7899ac3 Mon Sep 17 00:00:00 2001 From: GarfieldHan <2652609017@qq.com> Date: Wed, 1 May 2024 20:15:19 +0800 Subject: [PATCH] Optimize android safe mode, apply some optimizations, introduce dependabot and upgrade deps (#84) * userd: Optimize android safe mode 1. Fix input_handle_event hook 2. Split safemode write operation 3. Add more point to trigger writting Signed-off-by: GarfieldHan <2652609017@qq.com> * kernel: Add a few bp hot path Signed-off-by: GarfieldHan <2652609017@qq.com> * userspace: Apply optimizations Signed-off-by: GarfieldHan <2652609017@qq.com> * workflows: Upgrade to ndk r26d Signed-off-by: GarfieldHan <2652609017@qq.com> * github: Introduce dependabot Signed-off-by: GarfieldHan <2652609017@qq.com> * Bump the action-dependencies group with 3 updates Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [ncipollo/release-action](https://github.com/ncipollo/release-action). Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) Updates `actions/upload-artifact` from 3 to 4 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) Updates `ncipollo/release-action` from 1.12.0 to 1.14.0 - [Release notes](https://github.com/ncipollo/release-action/releases) - [Commits](https://github.com/ncipollo/release-action/compare/v1.12.0...v1.14.0) --------- Signed-off-by: GarfieldHan <2652609017@qq.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/dependabot.yml | 11 ++++++ .github/workflows/build.yml | 32 ++++++++--------- .github/workflows/build_dev.yml | 24 ++++++------- kernel/Makefile | 2 +- kernel/base/start.c | 10 ++---- kernel/patch/android/sucompat.c | 6 ++-- kernel/patch/android/userd.c | 63 ++++++++++++++++++++------------- kernel/patch/common/accctl.c | 6 ++-- kernel/patch/common/supercall.c | 22 ++++++------ kernel/patch/common/syscall.c | 4 +-- user/CMakeLists.txt | 20 +++++++---- 11 files changed, 113 insertions(+), 87 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..92c9e836 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +version: 2 +updates: + - package-ecosystem: github-actions + target-branch: main + directory: / + schedule: + interval: daily + groups: + action-dependencies: + patterns: + - "*" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 54be42af..448553ad 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: "recursive" fetch-depth: 0 @@ -65,7 +65,7 @@ jobs: mv syscallhook.kpm demo-syscallhook.kpm - name: Upload elf - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: path: | kernel/kpimg.elf-linux @@ -73,7 +73,7 @@ jobs: name: kpimg.elf - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }} @@ -95,7 +95,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate version id: parse_version run: | @@ -115,7 +115,7 @@ jobs: zip -r kpuser.zip user - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }} @@ -131,7 +131,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: "recursive" fetch-depth: 0 @@ -149,7 +149,7 @@ jobs: uses: nttld/setup-ndk@v1 id: setup-ndk with: - ndk-version: r26b + ndk-version: r26d add-to-path: true - name: Make hdr @@ -187,7 +187,7 @@ jobs: mv kptools kptools-android - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }} @@ -205,7 +205,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate version id: parse_version run: | @@ -232,7 +232,7 @@ jobs: mv kptools kptools-linux - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }} @@ -248,7 +248,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate version shell: pwsh run: | @@ -286,7 +286,7 @@ jobs: cp .\tools\kptools.exe .\tools\kptools-msys2.exe 7z a kptools-msys2-win .\tools\kptools-msys2.exe D:\a\_temp\msys64\usr\bin\msys-2.0.dll - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ env.VERSION }} @@ -301,7 +301,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install mingw32 cross toolchains run: | MINGW_LLVM_URL="https://github.com/mstorsjo/llvm-mingw/releases/download/20231128/llvm-mingw-20231128-msvcrt-ubuntu-20.04-x86_64.tar.xz" @@ -332,7 +332,7 @@ jobs: done 7za a kptools-llvm-win.zip -tZIP *.exe - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }} @@ -348,7 +348,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate version id: parse_version run: | @@ -374,7 +374,7 @@ jobs: make mv kptools kptools-mac - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }} diff --git a/.github/workflows/build_dev.yml b/.github/workflows/build_dev.yml index 725be0df..0b10da8c 100644 --- a/.github/workflows/build_dev.yml +++ b/.github/workflows/build_dev.yml @@ -27,7 +27,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: "recursive" fetch-depth: 0 @@ -73,7 +73,7 @@ jobs: mv syscallhook.kpm demo-syscallhook.kpm - name: Upload elf - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: path: | kernel/kpimg.elf-linux @@ -81,7 +81,7 @@ jobs: name: kpimg.elf - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }}-dev @@ -103,7 +103,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate version id: parse_version run: | @@ -123,7 +123,7 @@ jobs: zip -r kpuser.zip user - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }}-dev @@ -140,7 +140,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: "recursive" fetch-depth: 0 @@ -158,7 +158,7 @@ jobs: uses: nttld/setup-ndk@v1 id: setup-ndk with: - ndk-version: r26b + ndk-version: r26d add-to-path: true - name: Make hdr @@ -196,7 +196,7 @@ jobs: mv kptools kptools-android - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }}-dev @@ -215,7 +215,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate version id: parse_version run: | @@ -242,7 +242,7 @@ jobs: mv kptools kptools-linux - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }}-dev @@ -259,7 +259,7 @@ jobs: contents: write steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate version id: parse_version run: | @@ -285,7 +285,7 @@ jobs: make mv kptools kptools-mac - name: Release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.14.0 with: token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.parse_version.outputs.VERSION }}-dev diff --git a/kernel/Makefile b/kernel/Makefile index 3dc9fdc9..5916b6d8 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -75,4 +75,4 @@ hdr: clean: rm -rf *.elf rm -rf kpimg - find . -name *.o | xargs rm -f \ No newline at end of file + find . -name *.o | xargs rm -f diff --git a/kernel/base/start.c b/kernel/base/start.c index 4a901b84..ddf7eb94 100644 --- a/kernel/base/start.c +++ b/kernel/base/start.c @@ -436,22 +436,16 @@ static void start_init(uint64_t kimage_voff, uint64_t linear_voff) static int nice_zone() { - int err = 0; - - err = patch(); - - return err; + return patch(); } int __attribute__((section(".start.text"))) __noinline start(uint64_t kimage_voff, uint64_t linear_voff) { - int rc = 0; start_init(kimage_voff, linear_voff); prot_myself(); restore_map(); log_regs(); predata_init(); symbol_init(); - rc = nice_zone(); - return rc; + return nice_zone(); } diff --git a/kernel/patch/android/sucompat.c b/kernel/patch/android/sucompat.c index 28dccbf6..cc059373 100644 --- a/kernel/patch/android/sucompat.c +++ b/kernel/patch/android/sucompat.c @@ -408,9 +408,9 @@ static void handle_before_execve(hook_local_t *hook_local, char **__user u_filen char __user *ufilename = *u_filename_p; char filename[SU_PATH_MAX_LEN]; int flen = compat_strncpy_from_user(filename, ufilename, sizeof(filename)); - if (flen <= 0) return; + if (unlikely(flen <= 0)) return; - if (!strcmp(current_su_path, filename)) { + if (unlikely(!strcmp(current_su_path, filename))) { uid_t uid = current_uid(); if (!is_su_allow_uid(uid)) return; struct su_profile profile = profile_su_allow_uid(uid); @@ -484,7 +484,7 @@ static void handle_before_execve(hook_local_t *hook_local, char **__user u_filen logkfi("call apd uid: %d, to_uid: %d, sctx: %s, cplen: %d, %d\n", uid, to_uid, sctx, cplen, argv_cplen); } - } else if (!strcmp(SUPERCMD, filename)) { + } else if (unlikely(!strcmp(SUPERCMD, filename))) { // key const char __user *p1 = get_user_arg_ptr(is_compact, *uargv, 1); if (!p1 || IS_ERR(p1)) return; diff --git a/kernel/patch/android/userd.c b/kernel/patch/android/userd.c index feb174c9..2141d08f 100644 --- a/kernel/patch/android/userd.c +++ b/kernel/patch/android/userd.c @@ -33,13 +33,19 @@ #include #include +#define EV_KEY 0x01 +#define KEY_VOLUMEDOWN 114 + +int android_is_safe_mode = 0; +KP_EXPORT_SYMBOL(android_is_safe_mode); + static const void *kernel_read_file(const char *path, loff_t *len) { set_priv_selinx_allow(current, 1); void *data = 0; struct file *filp = filp_open(path, O_RDONLY, 0); - if (!filp || IS_ERR(filp)) { + if (unlikely(!filp) || unlikely(IS_ERR(filp))) { log_boot("open file: %s error: %d\n", path, PTR_ERR(filp)); goto out; } @@ -61,12 +67,12 @@ static loff_t kernel_write_file(const char *path, const void *data, loff_t len, set_priv_selinx_allow(current, 1); struct file *fp = filp_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode); - if (!fp || IS_ERR(fp)) { + if (unlikely(!fp) || unlikely(IS_ERR(fp))) { log_boot("create file %s error: %d\n", path, PTR_ERR(fp)); goto out; } kernel_write(fp, data, len, &off); - if (off != len) { + if (unlikely(off != len)) { log_boot("write file %s error: %x\n", path, off); goto free; } @@ -84,6 +90,15 @@ static loff_t kernel_write_exec(const char *path, const void *data, loff_t len) return kernel_write_file(path, data, len, 0744); } +static void notify_safemode_userspace() { + set_priv_selinx_allow(current, 1); + const char data = '1'; + log_boot("Write safe mode flag"); + kernel_write_file(SAFE_MODE_FLAG_FILE, &data, sizeof(data), 0644); + log_boot("Write safe mode flag done"); + set_priv_selinx_allow(current, 0); +} + static int extract_kpatch_call_back(const patch_extra_item_t *extra, const char *arg, const void *con, void *udata) { const char *event = (const char *)udata; @@ -110,7 +125,9 @@ static void pre_user_exec_init() { log_boot("event: %s\n", EXTRA_EVENT_PRE_EXEC_INIT); try_extract_kpatch(EXTRA_EVENT_PRE_EXEC_INIT); - + if (unlikely(android_is_safe_mode)) { + notify_safemode_userspace(); + } // struct file *work_dir = filp_open(KPATCH_DEV_WORK_DIR, O_DIRECTORY | O_CREAT, S_IRUSR); // if (!work_dir || IS_ERR(work_dir)) { // log_boot("creat work dir error: %s\n", KPATCH_DEV_WORK_DIR); @@ -122,6 +139,9 @@ static void pre_user_exec_init() static void pre_init_second_stage() { log_boot("event: %s\n", EXTRA_EVENT_PRE_SECOND_STAGE); + if (unlikely(android_is_safe_mode)) { + notify_safemode_userspace(); + } } static void on_first_app_process() @@ -146,9 +166,9 @@ static void handle_before_execve(hook_local_t *hook_local, char **__user u_filen char __user *ufilename = *u_filename_p; char filename[SU_PATH_MAX_LEN]; int flen = compat_strncpy_from_user(filename, ufilename, sizeof(filename)); - if (flen <= 0) return; + if (unlikely(flen <= 0)) return; - if (!strcmp(system_bin_init, filename) || !strcmp(root_init, filename)) { + if (unlikely(!strcmp(system_bin_init, filename)) || unlikely(!strcmp(root_init, filename))) { // if (!first_user_init_executed) { first_user_init_executed = 1; @@ -306,16 +326,16 @@ static void before_openat(hook_fargs4_t *args, void *udata) loff_t ori_len = 0; struct file *newfp = filp_open(REPLACE_RC_FILE, O_WRONLY | O_CREAT | O_TRUNC, 0600); - if (!newfp || IS_ERR(newfp)) { + if (unlikely(!newfp || IS_ERR(newfp))) { log_boot("create replace rc error: %d\n", PTR_ERR(newfp)); goto out; } loff_t off = 0; const char *ori_rc_data = kernel_read_file(ORIGIN_RC_FILE, &ori_len); - if (!ori_rc_data) goto out; + if (unlikely(!ori_rc_data)) goto out; kernel_write(newfp, ori_rc_data, ori_len, &off); - if (off != ori_len) { + if (unlikely(off != ori_len)) { log_boot("write replace rc error: %x\n", off); goto free; } @@ -325,7 +345,7 @@ static void before_openat(hook_fargs4_t *args, void *udata) sprintf(added_rc_data, user_rc_data, sk, sk, sk, sk, sk, sk, sk, sk, sk, sk, sk, sk, sk, sk); kernel_write(newfp, added_rc_data, strlen(added_rc_data), &off); - if (off != strlen(added_rc_data) + ori_len) { + if (unlikely(off != strlen(added_rc_data) + ori_len)) { log_boot("write replace rc error: %x\n", off); goto free; } @@ -362,12 +382,6 @@ static void after_openat(hook_fargs4_t *args, void *udata) } } -#define EV_KEY 0x01 -#define KEY_VOLUMEDOWN 114 - -int android_is_safe_mode = 0; -KP_EXPORT_SYMBOL(android_is_safe_mode); - // void input_handle_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) static void before_input_handle_event(hook_fargs4_t *args, void *udata) { @@ -378,10 +392,9 @@ static void before_input_handle_event(hook_fargs4_t *args, void *udata) if (value && type == EV_KEY && code == KEY_VOLUMEDOWN) { volumedown_pressed_count++; if (volumedown_pressed_count == 3) { - log_boot("entering safemode ..."); + log_boot("notify entering safemode ..."); android_is_safe_mode = 1; - struct file *filp = filp_open(SAFE_MODE_FLAG_FILE, O_WRONLY | O_CREAT | O_TRUNC, 0666); - if (filp && !IS_ERR(filp)) filp_close(filp, 0); + notify_safemode_userspace(); } } } @@ -404,11 +417,11 @@ int kpuserd_init() ret |= rc; unsigned long input_handle_event_addr = get_preset_patch_sym()->input_handle_event; - if (input_handle_event_addr) { - rc = hook_wrap4((void *)input_handle_event_addr, before_input_handle_event, 0, 0); - ret |= rc; - log_boot("hook input_handle_event rc: %d\n", rc); - } + log_boot("input handle event is: %llx", input_handle_event_addr); + // TODO: Check addr validation + rc = hook_wrap4((void *)input_handle_event_addr, before_input_handle_event, 0, 0); + ret |= rc; + log_boot("hook input_handle_event rc: %d\n", rc); return ret; -} \ No newline at end of file +} diff --git a/kernel/patch/common/accctl.c b/kernel/patch/common/accctl.c index e8b345d2..0716b21c 100644 --- a/kernel/patch/common/accctl.c +++ b/kernel/patch/common/accctl.c @@ -80,7 +80,7 @@ int commit_su(uid_t to_uid, const char *sctx) struct thread_info *thi = current_thread_info(); thi->flags &= ~(_TIF_SECCOMP); - if (task_struct_offset.comm_offset > 0) { + if (likely(task_struct_offset.comm_offset > 0)) { struct seccomp *seccomp = (struct seccomp *)((uintptr_t)task + task_struct_offset.seccomp_offset); seccomp->mode = SECCOMP_MODE_DISABLED; // only be called when the task is exiting, so no barriers @@ -110,7 +110,7 @@ int task_su(pid_t pid, uid_t to_uid, const char *sctx) int rc = 0; int scontext_changed = 0; struct task_struct *task = find_get_task_by_vpid(pid); - if (!task) { + if (unlikely(!task)) { logkfe("no such pid: %d\n", pid); return -ESRCH; } @@ -125,7 +125,7 @@ int task_su(pid_t pid, uid_t to_uid, const char *sctx) struct thread_info *thi = get_task_thread_info(task); thi->flags &= ~(_TIF_SECCOMP); - if (task_struct_offset.comm_offset > 0) { + if (likely(task_struct_offset.comm_offset > 0)) { struct seccomp *seccomp = (struct seccomp *)((uintptr_t)task + task_struct_offset.seccomp_offset); seccomp->mode = SECCOMP_MODE_DISABLED; // only be called when the task is exiting, so no barriers diff --git a/kernel/patch/common/supercall.c b/kernel/patch/common/supercall.c index 3d3bd33f..b0a9220f 100644 --- a/kernel/patch/common/supercall.c +++ b/kernel/patch/common/supercall.c @@ -69,8 +69,8 @@ static long call_klog(const char __user *arg1) { char buf[1024]; long len = compat_strncpy_from_user(buf, arg1, sizeof(buf)); - if (len <= 0) return -EINVAL; - if (len > 0) logki("user log: %s", buf); + if (unlikely(len <= 0)) return -EINVAL; + if (likely(len > 0)) logki("user log: %s", buf); return 0; } @@ -78,7 +78,7 @@ static long call_kpm_load(const char __user *arg1, const char *__user arg2, void { char path[1024], args[KPM_ARGS_LEN]; long pathlen = compat_strncpy_from_user(path, arg1, sizeof(path)); - if (pathlen <= 0) return -EINVAL; + if (unlikely(pathlen <= 0)) return -EINVAL; long arglen = compat_strncpy_from_user(args, arg2, sizeof(args)); return load_module_path(path, arglen <= 0 ? 0 : args, reserved); } @@ -87,7 +87,7 @@ static long call_kpm_control(const char __user *arg1, const char *__user arg2, v { char name[KPM_NAME_LEN], args[KPM_ARGS_LEN]; long namelen = compat_strncpy_from_user(name, arg1, sizeof(name)); - if (namelen <= 0) return -EINVAL; + if (unlikely(namelen <= 0)) return -EINVAL; long arglen = compat_strncpy_from_user(args, arg2, sizeof(args)); return module_control0(name, arglen <= 0 ? 0 : args, out_msg, outlen); } @@ -96,7 +96,7 @@ static long call_kpm_unload(const char *__user arg1, void *__user reserved) { char name[KPM_NAME_LEN]; long len = compat_strncpy_from_user(name, arg1, sizeof(name)); - if (len <= 0) return -EINVAL; + if (unlikely(len <= 0)) return -EINVAL; return unload_module(name, reserved); } @@ -110,7 +110,7 @@ static long call_kpm_list(char *__user names, int len) if (len <= 0) return -EINVAL; char buf[4096]; int sz = list_modules(buf, sizeof(buf)); - if (sz > len) return -ENOBUFS; + if (unlikely(sz > len)) return -ENOBUFS; sz = compat_copy_to_user(names, buf, len); return sz; } @@ -121,10 +121,10 @@ static long call_kpm_info(const char *__user uname, char *__user out_info, int o char name[64]; char buf[2048]; int len = compat_strncpy_from_user(name, uname, sizeof(name)); - if (len <= 0) return -EINVAL; + if (unlikely(len <= 0)) return -EINVAL; int sz = get_module_info(name, buf, sizeof(buf)); if (sz < 0) return sz; - if (sz > out_len) return -ENOBUFS; + if (unlikely(sz > out_len)) return -ENOBUFS; sz = compat_copy_to_user(out_info, buf, sz); return sz; } @@ -132,7 +132,7 @@ static long call_kpm_info(const char *__user uname, char *__user out_info, int o static long call_su(struct su_profile *__user uprofile) { struct su_profile *profile = memdup_user(uprofile, sizeof(struct su_profile)); - if (!profile || IS_ERR(profile)) return PTR_ERR(profile); + if (unlikely(!profile) || unlikely(IS_ERR(profile))) return PTR_ERR(profile); profile->scontext[sizeof(profile->scontext) - 1] = '\0'; int rc = commit_su(profile->to_uid, profile->scontext); kvfree(profile); @@ -250,8 +250,8 @@ static void before(hook_fargs6_t *args, void *udata) char key[MAX_KEY_LEN]; long len = compat_strncpy_from_user(key, ukey, MAX_KEY_LEN); - if (len <= 0) return; - if (auth_superkey(key)) return; + if (unlikely(len <= 0)) return; + if (likely(auth_superkey(key))) return; long a1 = (long)syscall_argn(args, 2); long a2 = (long)syscall_argn(args, 3); diff --git a/kernel/patch/common/syscall.c b/kernel/patch/common/syscall.c index c83130b0..9a3e3acb 100644 --- a/kernel/patch/common/syscall.c +++ b/kernel/patch/common/syscall.c @@ -253,10 +253,10 @@ int syscall_init() { int rc = 0; sys_call_table = (typeof(sys_call_table))kallsyms_lookup_name("sys_call_table"); - if (!sys_call_table) { + if (unlikely(!sys_call_table)) { sys_call_table = (typeof(sys_call_table))search_sys_call_table_addr(); } - if (!sys_call_table) { + if (unlikely(!sys_call_table)) { rc = -ENOENT; log_boot("no symbol sys_call_table\n"); goto out; diff --git a/user/CMakeLists.txt b/user/CMakeLists.txt index e23282c4..d8330b8d 100644 --- a/user/CMakeLists.txt +++ b/user/CMakeLists.txt @@ -3,8 +3,14 @@ project("kpatch") include_directories(${CMAKE_CURRENT_BINARY_DIR}) -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11") +if(ANDROID) +set(OPT_FLAGS "-ffunction-sections -fdata-sections -fvisibility=hidden -fvisibility-inlines-hidden -mllvm -polly -O3 -flto") +else() +set(OPT_FLAGS "-O3") +endif() + +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 ${OPT_FLAGS}") +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11 ${OPT_FLAGS}") if(ANDROID) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DANDROID") @@ -22,10 +28,12 @@ if(ANDROID) list(APPEND SRCS ${ANDROID_SRCS}) endif() - add_library(kp STATIC ${SRCS}) - add_executable(kpatch ${SRCS} main.c) +if(ANDROID) +target_link_options(kp PRIVATE "-Wl,--build-id=none" "-Wl,-icf=safe,--lto-O3" "-Wl,-s,-x,--gc-sections" "-Wl,--no-undefined") +target_link_options(kpatch PRIVATE "-Wl,--build-id=none" "-Wl,-icf=safe,--lto-O3" "-Wl,-s,-x,--gc-sections" "-Wl,--no-undefined") +endif() if(ANDROID) add_library( @@ -33,6 +41,6 @@ add_library( SHARED android/apjni.cpp ) -find_library(lib-log log) -target_link_libraries(apjni ${lib-log}) +target_link_libraries(apjni log) +target_link_options(apjni PRIVATE "-Wl,--build-id=none" "-Wl,-icf=safe,--lto-O3" "-Wl,-s,-x,--gc-sections" "-Wl,--no-undefined") endif() \ No newline at end of file