Fixed another race condition in kext patcher loading code in 11.0

acidanthera · Aug 2, 2020 · 34dd31d · 34dd31d
1 parent 993d5b5
commit 34dd31d
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 7 deletions.
diff --git a/Lilu/Headers/kern_patcher.hpp b/Lilu/Headers/kern_patcher.hpp
@@ -543,7 +543,7 @@ class KernelPatcher {
 	/**
 	 *  Patcher status
 	 */
-	bool activated {false};
+	_Atomic(bool) activated = false;
 
 	/**
 	 *  Read previous jump destination from function

diff --git a/Lilu/Headers/kern_user.hpp b/Lilu/Headers/kern_user.hpp
@@ -472,7 +472,7 @@ class UserPatcher {
 	/**
 	 *  Patcher status
 	 */
-	bool activated {false};
+	_Atomic(bool) activated = false;
 
 	/**
 	 *  Validation cookie

diff --git a/Lilu/Sources/kern_patcher.cpp b/Lilu/Sources/kern_patcher.cpp
@@ -363,8 +363,6 @@ void KernelPatcher::freeFileBufferResources() {
 }
 
 void KernelPatcher::activate() {
-	activated = true;
-
 #ifdef LILU_KEXTPATCH_SUPPORT
 	if (getKernelVersion() >= KernelVersion::BigSur && waitingForAlreadyLoadedKexts) {
 		auto header = *loadedKextSummaries;
@@ -375,6 +373,8 @@ void KernelPatcher::activate() {
 		}
 	}
 #endif
+
+	atomic_store_explicit(&activated, true, memory_order_relaxed);
 }
 
 mach_vm_address_t KernelPatcher::routeFunction(mach_vm_address_t from, mach_vm_address_t to, bool buildWrapper, bool kernelRoute, bool revertible) {
@@ -711,7 +711,8 @@ void KernelPatcher::onKextSummariesUpdated() {
 
 		DBGLOG("patcher", "invoked at kext loading/unloading");
 
-		if (that->activated && that->loadedKextSummaries) {
+		if (atomic_load_explicit(&that->activated, memory_order_relaxed) &&
+			that->loadedKextSummaries) {
 			auto num = (*that->loadedKextSummaries)->base.numSummaries;
 			if (num > 0) {
 				if (that->waitingForAlreadyLoadedKexts) {

diff --git a/Lilu/Sources/kern_user.cpp b/Lilu/Sources/kern_user.cpp
@@ -101,7 +101,8 @@ kern_return_t UserPatcher::vmProtect(vm_map_t map, vm_offset_t start, vm_size_t
 
 int UserPatcher::execListener(kauth_cred_t, void *idata, kauth_action_t action, uintptr_t, uintptr_t arg1, uintptr_t, uintptr_t) {
 	// Make sure this is ours
-	if (that->activated && idata == &that->cookie && action == KAUTH_FILEOP_EXEC && arg1) {
+	if (atomic_load_explicit(&that->activated, memory_order_relaxed) &&
+		idata == &that->cookie && action == KAUTH_FILEOP_EXEC && arg1) {
 		const char *path = reinterpret_cast<const char *>(arg1);
 		that->onPath(path, static_cast<uint32_t>(strlen(path)));
 	}
@@ -1195,5 +1196,5 @@ bool UserPatcher::hookMemoryAccess() {
 }
 
 void UserPatcher::activate() {
-	activated = true;
+	atomic_store_explicit(&activated, true, memory_order_relaxed);
 }