Ckb custom#258
Closed
hugoxue1 wants to merge 4 commits into
Closed
Conversation
New upstream aarch64-linux-gnu- toolchain requires explicit flags to disable stack protector and PIC. Without these, linker fails with undefined __stack_chk_guard/fail and Unexpected GOT entries.
KernelPatch b084d75 引入了 APK 签名认证机制,trusted_managers[] 原来存储 官方 APatch 签名证书的 SHA256,自定义签名 APK 无法通过认证导致「内核补丁未安装」。 修复:将 me.bmax.apatch 的 trusted digest 替换为: SHA256(ApatchMaster.jks DER cert) = 4a49a2f744a0...fce728 [CKB-MOD]
G3: syscall 45 — ARM64 ASM trampoline with magic cookie check - Fast path: bit[16:31] of ver_and_cmd != 0x1158 → tail-call original (zero overhead) - Slow path: magic matches → C auth + dispatch (real APatch supercalls only) - Eliminates transit-framework overhead for Hunter/FingerprintCheck test probes - g_orig_wrapper/nowrap/compat: non-static for adrp PC-relative addressing - Direct adrp+ldr access avoids storage-indirection bug (kpimg init = compile offsets) G5: fstatat/faccessat — fp_hook + uid precheck - uid not in allow list → tail-call original (zero overhead, ~15 cycles) - uid in allow list → su-path substitution (slow path, same logic as before) - Eliminates transit overhead for detection apps not in allow list G7: execve — fp_hook + KPM callback registry - sucompat_execve_g7: calls handle_before_execve + registered KPM callbacks - register_execve_before_hook/unregister_execve_before_hook: KP_EXPORT_SYMBOL - KPMs (IO_Redirect) call register_execve_before_hook() instead of hook_syscalln - All execve logic runs in one call stack without transit-framework overhead - Note: NO uid precheck on execve (APatch Manager needs SUPERCMD path on 1st call) New files: kernel/patch/common/supercall_trampoline.S (G3 ARM64 ASM) Modified files: kernel/patch/common/supercall.c (G3: fp_hook install + slow-path C functions) kernel/patch/common/sucompat.c (G5+G7: fp_hook wrappers + callback registry) kernel/patch/include/syscall.h (extern sys_call_table/compat_sys_call_table) kernel/Makefile (wildcard patch/common/*.S) Condition: #define ANTI_SIDECHANNEL_V4G in supercall.c and sucompat.c #else branch preserves original hook_syscalln code for easy revert Expected result: syscall 45 in/out ratio: ~1.0 (Hunter/FingerprintCheck test probes: zero overhead) fstatat/faccessat ratio: ~1.0 (uid-excluded apps: zero overhead) execve ratio: ~1.4 (handle_before_execve strncpy unavoidable bottleneck) Branch: ckb-custom
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.