Open hmtheboy154 opened 1 month ago
hansalemaos
commented
1 month ago Same problem here. It seems like something in the shell is "cloaking" the su call If I pipe something to toybox, I can call su.
Maybe it is releated to:
# interesting detail of KernelSU - it doesn't actually place a su file in
# /system/bin, but hook execve(2) call in kernel to redirect it to kernel
# impl when executing /system/bin/su.
tiann
commented
1 month ago exec strace su and observe the output
Xtr126
commented
1 month ago /system/bin/strace su says faccessat(AT_FDCWD, "/system/bin/su", X_OK) = -1 ENOENT (No such file or directory)
strace.txt
tiann
commented
1 month ago It seems that this kprobe failed: https://github.com/tiann/KernelSU/blob/main/kernel/sucompat.c#L265 is there any dmesg log?
Xtr126
commented
1 month ago Looks like it has succeeded dmesg:
[ 0.621438] KernelSU: sucompat: execve_kp: 0
[ 0.622879] KernelSU: sucompat: newfstatat_kp: 0
[ 0.624354] KernelSU: sucompat: faccessat_kp: 0
[ 0.626269] KernelSU: sucompat: devpts_kp: 0
[ 0.626359] KernelSU: ksud: execve_kp: 0
[ 0.628102] KernelSU: ksud: vfs_read_kp: 0
[ 0.630275] KernelSU: ksud: input_event_kp: 0
[ 19.383064] KernelSU: on_post_fs_data!
[ 19.383068] KernelSU: unregister input kprobe: 1!
[ 19.383072] KernelSU: devpts sid: 741
[ 19.383073] KernelSU: unregister execve kprobe: 1!
hmtheboy154
commented
1 month ago [ 19.383068] KernelSU: unregister input kprobe: 1!
[ 19.383072] KernelSU: devpts sid: 741
[ 19.383073] KernelSU: unregister execve kprobe: 1!this indicate it failed to unregister ?
hmtheboy154
commented
1 month ago @tiann I just remember something: When I test https://github.com/tiann/KernelSU/pull/2041 , I test it in kernel 6.1.84. And it work perfectly fine from granting apps to using modules. After the PR got merged I upstream the kernel and then I have reports about KSU bugging. So something in the upstream kernel is causing this. Which explain why stable branch affected the same even if using 0.9.2.
I am currently narrowing down to see up until which version does the bug happen, currently it's around 6.1.84 ~ 6.1.89
hmtheboy154
commented
1 month ago 6.1.85 is when it happen
Xtr126
commented
1 month ago I just thought, it could be that ksud init broke because modules also don't work, modules.img does not get mounted.
hmtheboy154
commented
1 month ago I just thought, it could be that ksud init broke because modules also don't work, modules.img does not get mounted.
6.1.84 works perfectly fine with 1.0.1, here's an image for you to test https://drive.google.com/file/d/1Z9Fc0v25gf19n-6ia3JUm8UBQGM_LuIa/view?usp=sharing
Xtr126
commented
1 month ago I just thought, it could be that ksud init broke because modules also don't work, modules.img does not get mounted.
6.1.84 works perfectly fine with 1.0.1, here's an image for you to test https://drive.google.com/file/d/1Z9Fc0v25gf19n-6ia3JUm8UBQGM_LuIa/view?usp=sharing
I have tested 6.1.84 and can confirm everything works there, but I meant in the builds with newer kernel, modules don't work or even get mounted.
hmtheboy154
commented
1 month ago I just thought, it could be that ksud init broke because modules also don't work, modules.img does not get mounted.
6.1.84 works perfectly fine with 1.0.1, here's an image for you to test https://drive.google.com/file/d/1Z9Fc0v25gf19n-6ia3JUm8UBQGM_LuIa/view?usp=sharing
I have tested 6.1.84 and can confirm everything works there, but I meant in the builds with newer kernel, modules don't work or even get mounted.
try to get log, maybe there are more clue than faccessat() is broken
Xtr126
commented
1 month ago I tried even with loglevel=7 and checked in logcat but no clue yet. The dmesg doesn't differ much from that of the working version (6.1.84). But I saw that KernelSU has CONFIG_KSU_DEBUG, it could possibly help in getting more logs.
I just thought, it could be that ksud init broke because modules also don't work, modules.img does not get mounted.
6.1.84 works perfectly fine with 1.0.1, here's an image for you to test https://drive.google.com/file/d/1Z9Fc0v25gf19n-6ia3JUm8UBQGM_LuIa/view?usp=sharing
I have tested 6.1.84 and can confirm everything works there, but I meant in the builds with newer kernel, modules don't work or even get mounted.
try to get log, maybe there are more clue than faccessat() is broken
hmtheboy154
commented
1 month ago @tiann found the commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1e3ad78334a69b36e107232e337f9d693dcc9df2
Revert this and it KSU work as expected now. And I even test this on kernel 6.11.2
hmtheboy154
commented
1 month ago so this seems affected all x86 platform not just Android-x86 based like us
tiann
commented
1 month ago please check cat /proc/kallsyms and dump the symbols
hmtheboy154
commented
1 month ago please check
cat /proc/kallsymsand dump the symbols
when KSU broke or when it's working ?
tiann
commented
1 month ago please check
cat /proc/kallsymsand dump the symbolswhen KSU broke or when it's working ?
broken, and the kernel image
hmtheboy154
commented
1 month ago hmtheboy154
commented
1 month ago So as a workaround, I saw this patch in LKML: https://lore.kernel.org/lkml/20240417164514.66hgypzxgqxt3ssk@desk/T/
I applied it and test on my kernel 6.11 and it's working so far https://github.com/android-generic/kernel-zenith/commit/0c2e19c58680393806bb133b1e9a07020eff7fe7
However, I still think that we should fix KSU itself.
hmtheboy154
commented
1 month ago So as a workaround, I saw this patch in LKML: https://lore.kernel.org/lkml/20240417164514.66hgypzxgqxt3ssk@desk/T/
I applied it and test on my kernel 6.11 and it's working so far android-generic/kernel-zenith@0c2e19c
However, I still think that we should fix KSU itself.
Build this on 6.1 requires disabling BHI mitigations by setting spectre_bhi=off though
hmtheboy154
commented
1 month ago @tiann I found this post : https://blog.hakuya.moe/post/13
hmtheboy154
commented
1 month ago So as a workaround, I saw this patch in LKML: https://lore.kernel.org/lkml/20240417164514.66hgypzxgqxt3ssk@desk/T/
I applied it and test on my kernel 6.11 and it's working so far android-generic/kernel-zenith@0c2e19c
However, I still think that we should fix KSU itself.
Finalize the temp fix: https://github.com/android-generic/kernel-zenith/commit/5648396f6c5fa039deb3e024d63520f6de9e2cfc
Because I don't want to fully revert, I put the option under a cmdline syscall_hardening=off . Until there's a new way to hook into x86_64 syscall, I guess this is what I can do.
hansalemaos
commented
1 month ago So as a workaround, I saw this patch in LKML: https://lore.kernel.org/lkml/20240417164514.66hgypzxgqxt3ssk@desk/T/ I applied it and test on my kernel 6.11 and it's working so far android-generic/kernel-zenith@0c2e19c However, I still think that we should fix KSU itself.
Finalize the temp fix: android-generic/kernel-zenith@5648396
Because I don't want to fully revert, I put the option under a cmdline
syscal_hardening=off. Until there's a new way to hook into x86_64 syscall, I guess this is what I can do.
Nice, any idea when the updated BlissOs will be online?
hmtheboy154
commented
1 month ago So as a workaround, I saw this patch in LKML: https://lore.kernel.org/lkml/20240417164514.66hgypzxgqxt3ssk@desk/T/ I applied it and test on my kernel 6.11 and it's working so far android-generic/kernel-zenith@0c2e19c However, I still think that we should fix KSU itself.
Finalize the temp fix: android-generic/kernel-zenith@5648396 Because I don't want to fully revert, I put the option under a cmdline
syscal_hardening=off. Until there's a new way to hook into x86_64 syscall, I guess this is what I can do.Nice, any idea when the updated BlissOs will be online?
updated, please check
hansalemaos
commented
1 month ago Thx, I will check that today!!
hansalemaos
commented
1 month ago Did not work :( Only with the Toybox trick I used before. I downloaded Bliss-v16.9.7-x86_64-OFFICIAL-gapps-20241011.iso
hmtheboy154
commented
1 month ago
Did not work :( Only with the Toybox trick I used before. I downloaded Bliss-v16.9.7-x86_64-OFFICIAL-gapps-20241011.iso
have you boot with syscall_hardening=off cmdline yet ?
hansalemaos
commented
1 month ago nope, I should have read your old post, let me try
hansalemaos
commented
1 month ago WORKING! THX SO MUCH!
ZewZack
commented
3 weeks ago
Did not work :( Only with the Toybox trick I used before. I downloaded Bliss-v16.9.7-x86_64-OFFICIAL-gapps-20241011.iso
have you boot with
syscall_hardening=offcmdline yet ?
bro thank you sooo much u save my day <3 (⁀ ͜ʖ⁀)
harryxmin
commented
2 weeks ago I have to put syscall_hardening=off in the grub terminal or termux?
Xtr126
commented
2 weeks ago I have to put syscall_hardening=off in the grub terminal or termux?
In grub.
harryxmin
commented
2 weeks ago Thank you. It worked. I can grant root now. Is it possible to use a VPN app that is running in bliss OS on a proxmox host to be accessible by other proxmox containers?
AFFAN129
commented
4 days ago
have you boot with
syscall_hardening=offcmdline yet ?
bro how to fix ksu i don't understand even though i've read it,I want to fix in bliss os version 14.10.3
harryxmin
commented
3 days ago yeah i got it to work. when the device boots and you see the OS bootloader or recovery page, press "e". You will see the grub menu. Just add the line after "linux" for eg: starting from /android-boot if your grub does not already have it.
Add syscall_hardening=off:
Add the parameter to the line starting with linux:
linux /android-boot quiet androidboot.selinux=permissive syscall_hardening=off
On Fri, Nov 22, 2024 at 4:11 PM AFFAN129 @.***> wrote:
[image: 2024-10-13 09_42_33-Window] https://private-user-images.githubusercontent.com/77182807/376035289-85cbff54-0b75-423b-9df6-98e2c46f1c3f.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3Mjg4MjM5MDcsIm5iZiI6MTcyODgyMzYwNywicGF0aCI6Ii83NzE4MjgwNy8zNzYwMzUyODktODVjYmZmNTQtMGI3NS00MjNiLTlkZjYtOThlMmM0NmYxYzNmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDEwMTMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQxMDEzVDEyNDY0N1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWI2OGU4MDc0ZDZlYjUzNDVjYjI4YmUyZWVmY2ExZWM2ZmJjY2ZkMDBmOTIxM2FiMGM1OWQyYWEzMDEwNzk5ZmQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.ZyxCr_riCQ6-yyd5NLJgY5f1Ideq7a_68s0IzXKVZnY Did not work :( Only with the Toybox trick I used before. I downloaded Bliss-v16.9.7-x86_64-OFFICIAL-gapps-20241011.iso
have you boot with syscall_hardening=off cmdline yet ?
bro how to fix ksu i don't understand even though i've read it
— Reply to this email directly, view it on GitHub https://github.com/tiann/KernelSU/issues/2113#issuecomment-2493337548, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANJX6UDJECLSEE6VIYGR52L2B334DAVCNFSM6AAAAABPIUQDZWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJTGMZTONJUHA . You are receiving this because you commented.Message ID: @.***>
AFFAN129
commented
3 days ago Ok I'll try
Pada Sab, 23 Nov 2024 10.26, harryxmin @.***> menulis:
yeah i got it to work. when the device boots and you see the OS bootloader or recovery page, press "e". You will see the grub menu. Just add the line after "linux" for eg: starting from /android-boot if your grub does not already have it.
Add syscall_hardening=off:
- Add the parameter to the line starting with linux:
linux /android-boot quiet androidboot.selinux=permissive syscall_hardening=off
On Fri, Nov 22, 2024 at 4:11 PM AFFAN129 @.***> wrote:
Did not work :( Only with the Toybox trick I used before. I downloaded Bliss-v16.9.7-x86_64-OFFICIAL-gapps-20241011.iso
have you boot with syscall_hardening=off cmdline yet ?
bro how to fix ksu i don't understand even though i've read it
— Reply to this email directly, view it on GitHub https://github.com/tiann/KernelSU/issues/2113#issuecomment-2493337548,
or unsubscribe < https://github.com/notifications/unsubscribe-auth/ANJX6UDJECLSEE6VIYGR52L2B334DAVCNFSM6AAAAABPIUQDZWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJTGMZTONJUHA>
. You are receiving this because you commented.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/tiann/KernelSU/issues/2113#issuecomment-2495270379, or unsubscribe https://github.com/notifications/unsubscribe-auth/AYBN2YR2NBGYA27JEQLTOQ32B7YWBAVCNFSM6AAAAABPIUQDZWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJVGI3TAMZXHE . You are receiving this because you commented.Message ID: @.***>
AFFAN129
commented
3 days ago I have added the cmd but after that I want to boot it happens like this
Pada Sab, 23 Nov 2024 10.26, harryxmin @.***> menulis:
yeah i got it to work. when the device boots and you see the OS bootloader or recovery page, press "e". You will see the grub menu. Just add the line after "linux" for eg: starting from /android-boot if your grub does not already have it.
Add syscall_hardening=off:
- Add the parameter to the line starting with linux:
linux /android-boot quiet androidboot.selinux=permissive syscall_hardening=off
On Fri, Nov 22, 2024 at 4:11 PM AFFAN129 @.***> wrote:
Did not work :( Only with the Toybox trick I used before. I downloaded Bliss-v16.9.7-x86_64-OFFICIAL-gapps-20241011.iso
have you boot with syscall_hardening=off cmdline yet ?
bro how to fix ksu i don't understand even though i've read it
— Reply to this email directly, view it on GitHub https://github.com/tiann/KernelSU/issues/2113#issuecomment-2493337548,
or unsubscribe < https://github.com/notifications/unsubscribe-auth/ANJX6UDJECLSEE6VIYGR52L2B334DAVCNFSM6AAAAABPIUQDZWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJTGMZTONJUHA>
. You are receiving this because you commented.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/tiann/KernelSU/issues/2113#issuecomment-2495270379, or unsubscribe https://github.com/notifications/unsubscribe-auth/AYBN2YR2NBGYA27JEQLTOQ32B7YWBAVCNFSM6AAAAABPIUQDZWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJVGI3TAMZXHE . You are receiving this because you commented.Message ID: @.***>
AFFAN129
commented
3 days ago So as a workaround, I saw this patch in LKML: https://lore.kernel.org/lkml/20240417164514.66hgypzxgqxt3ssk@desk/T/
I applied it and test on my kernel 6.11 and it's working so far https://github.com/android-generic/kernel-zenith/commit/0c2e19c58680393806bb133b1e9a07020eff7fe7
However, I still think that we should fix KSU itself.
I have tried cmd but it is like this
Please check before submitting an issue
Describe the bug
(This issue may look like https://github.com/tiann/KernelSU/issues/2095, but I can't verify yet) Currently with latest KSU on BlissOS, tested on kernel 6.1 & 6.6 & 6.9 & 6.11, there are some bugs that I started to notice: While some apps like Aurora Store, Neo Store & FoxLog can be able to grant root and use normally, some are broken in functions or just straight up not working:
suif using/system/bin/su, and when in su no $PATH is set other than Termux or KSU own path.Allow Rooteven set withrootexplorer.rootorsystemtemplate. I tried another app Amaze File Manager with theirRoot Explorer&Use legacy listing for rootand it can do things like show the whole/databut can't access anything in/data/app.suor/system/bin/suAll recent BlissOS builds with KernelSU 1.0.1 have this issue. And currently they are on kernel 6.1. I bumped kernel to 6.6 to test locally and it show the same behaviour. For newer kernel that are on stable branch, the same behaviour can be seen on this PR I made . Recently I do try to build for kernel 6.11 and it also have the same behaviour (here is my fork for 6.11).
To Reproduce
Expected behavior
Apps can be able to grant root and work as expected
Screenshots
An example of Termux can't use
sucan be seen here : https://github.com/tiann/KernelSU/pull/1785#issuecomment-2143743204Logs
will provide soon
Device info
Additional context
One last thing that I tested is to downgrade to 0.9.2 as some people suggested , it only work with kernel 6.1 & 6.6. If you port it to higher kernel like 6.9, it will have the exact same issue.