fix: preload on some systems; update: rollback global module on_load

This commit fixes the preload on some systems by opening modules before system server is forked. For that, we need to handle the solist early on to avoid gaps due to libraries being opened after that. And, because of that, we also deal with the deconstructors manually. It also rolls back the commit that made module "on load" be called in preload stage/globally, as initializators can be used instead, and makes it behave the same way as other Zygisks.

Author: ThePedroo

loader/src/injector/hook.cpp

@@ -98,7 +98,6 @@ struct ZygiskContext {
     ~ZygiskContext();
 
     /* Zygisksu changed: Load module fds */
-    bool load_modules_only();
     void run_modules_pre();
     void run_modules_post();
     DCL_PRE_POST(fork)
@@ -696,7 +695,7 @@ void ZygiskContext::fork_post() {
     g_ctx = nullptr;
 }
 
-bool ZygiskContext::load_modules_only() {
+bool load_modules_only() {
   struct zygisk_modules ms;
   if (rezygiskd_read_modules(&ms) == false) {
     LOGE("Failed to read modules from zygiskd");
@@ -738,14 +737,33 @@ bool ZygiskContext::load_modules_only() {
     zygisk_modules[zygisk_module_length].handle = handle;
     zygisk_modules[zygisk_module_length].zygisk_module_entry = (void (*)(void *, void *))entry;
 
+    zygisk_modules[zygisk_module_length].base = solist_get_base(entry);
+    zygisk_modules[zygisk_module_length].size = solist_get_size(entry);
+
+    zygisk_modules[zygisk_module_length].deconstructors = solist_get_deconstructors(entry);
+    zygisk_modules[zygisk_module_length].gap = solist_get_gap_info(entry);
+
+    LOGD("Loaded module [%s]. Entry: %p, Base: %p, Size: %zu, Deconstructors: fini_func=%p, fini_array=%p (size: %zu), Gap: %p (size: %zu)",
+         lib_path,
+         entry,
+         zygisk_modules[zygisk_module_length].base,
+         zygisk_modules[zygisk_module_length].size,
+         zygisk_modules[zygisk_module_length].deconstructors.fini_func,
+         zygisk_modules[zygisk_module_length].deconstructors.fini_array,
+         zygisk_modules[zygisk_module_length].deconstructors.fini_array_size,
+         zygisk_modules[zygisk_module_length].gap.start,
+         zygisk_modules[zygisk_module_length].gap.size);
+
     zygisk_modules[zygisk_module_length].unload = false;
 
-    zygisk_module_length++;
+    /* INFO: Early removal to avoid gaps in solist */
+    solist_drop_so_path(entry, false);
 
-    /* INFO: The module will call register module function, so by then, it must be fully registered. */
-    rezygisk_module_call_on_load(&zygisk_modules[zygisk_module_length - 1], env);
+    zygisk_module_length++;
   }
 
+  solist_reset_counters(zygisk_module_length, zygisk_module_length);
+
   free_modules(&ms);
 
   return true;
@@ -754,6 +772,8 @@ bool ZygiskContext::load_modules_only() {
 /* Zygisksu changed: Load module fds */
 void ZygiskContext::run_modules_pre() {
   for (size_t i = 0; i < zygisk_module_length; i++) {
+    rezygisk_module_call_on_load(&zygisk_modules[i], env);
+
     if (flags[APP_SPECIALIZE]) rezygisk_module_call_pre_app_specialize(&zygisk_modules[i], args.app);
     else if (flags[SERVER_FORK_AND_SPECIALIZE]) rezygisk_module_call_pre_server_specialize(&zygisk_modules[i], args.server);
   }
@@ -771,24 +791,28 @@ void ZygiskContext::run_modules_post() {
 
         /* INFO: If module is unloaded by dlclose, there's no need to
                    hide it from soinfo manually. */
-        if (m->unload && dlclose(m->handle) == 0) modules_unloaded++;
-        else if (m->unload) {
-            PLOGE("Failed to unload module %zu", i);
-        } else {
-            bool has_dropped = solist_drop_so_path((void *)m->zygisk_module_entry, false);
-            if (!has_dropped) continue;
+        if (m->unload) {
+            /* INFO: Deconstructors are called in the inverted order, and following fini array then fini
+                       function order. It must not change. */
+            for (size_t j = m->deconstructors.fini_array_size; j > 0; j--) {
+                void (*destructor)(void) = m->deconstructors.fini_array[j - 1];
+                if (destructor) {
+                    LOGD("Calling destructor %p for module %p", (void *)destructor, (void *)m->zygisk_module_entry);
+
+                    destructor();
+                }
+            }
+
+            if (m->deconstructors.fini_func) m->deconstructors.fini_func();
 
-            LOGD("Dropped solist record for %p", (void *)m->zygisk_module_entry);
+            solist_unload_lib(&m->gap, m->base, m->size);
+
+            modules_unloaded++;
         }
     }
 
-    if (zygisk_module_length > 0) {
+    if (zygisk_module_length > 0)
         LOGD("Modules unloaded: %zu/%zu", modules_unloaded, zygisk_module_length);
-
-        solist_reset_counters(zygisk_module_length, modules_unloaded);
-
-        LOGD("Returned global counters to their original values");
-    }
 }
 
 /* Zygisksu changed: Load module fds */
@@ -936,11 +960,6 @@ void ZygiskContext::nativeForkSystemServer_pre() {
     LOGV("pre forkSystemServer");
     flags[SERVER_FORK_AND_SPECIALIZE] = true;
 
-    if (!modules_loaded) {
-        load_modules_only();
-        modules_loaded = true;
-    }
-
     fork_pre();
     if (!is_child())
       return;
@@ -1140,6 +1159,13 @@ static void hook_unloader() {
     }
 
     lsplt_free_maps(map_infos);
+
+    /* INFO: Load modules early on (before system server fork) to spread through all Zygotes */
+    if (!modules_loaded) {
+        if (!load_modules_only()) {
+            LOGE("Failed to load modules in hook_unloader");
+        } else modules_loaded = true;
+    }
 }
 
 static void unhook_functions() {

loader/src/injector/module.h

@@ -2,6 +2,7 @@
 #define MODULE_H
 
 #include "logging.h"
+#include "solist.h"
 
 #define REZYGISK_API_VERSION 5
 
@@ -148,6 +149,12 @@ struct rezygisk_module {
   void *handle;
   void (*zygisk_module_entry)(void *, void *);
 
+  void *base;
+  size_t size;
+
+  struct soinfo_deconstructor deconstructors;
+  struct soinfo_gap gap;
+
   bool unload;
 };