fix: module list mismatch between ReZygiskd and libzygisk.so

ThePedroo · ThePedroo · commit ff13ff3d9664 · 2026-03-25T00:19:49.000-03:00
This commit fixes a bug where if a module failed to load, or didn't have an entry, ReZygisk Zygote library would exclude it from the "zygisk_modules" list, making the index for future modules shift from place when compared to the list in ReZygiskd. This would make Zygiskd calls return the response from the wrong module, e.g. module 0 is the one that failed to load. If the new module 0 requested a companion, it would get the companion for the old module 0, causing issues. This commit addresses it by allowing ReZygisk Zygote library to ask ReZygiskd to remove its from its list.
diff --git a/loader/src/common/daemon.c b/loader/src/common/daemon.c
@@ -355,3 +355,22 @@ bool rezygiskd_update_mns(enum mount_namespace_state nms_state, char *buf, size_
 
   return true;
 }
+
+bool rezygiskd_remove_module(size_t index) {
+  int fd = rezygiskd_connect(1);
+  if (fd == -1) {
+    PLOGE("connection to ReZygiskd");
+
+    return false;
+  }
+
+  write_uint8_t(fd, (uint8_t)RemoveModule);
+  write_size_t(fd, index);
+
+  uint8_t res = 0;
+  read_uint8_t(fd, &res);
+
+  close(fd);
+
+  return res == 1;
+}
diff --git a/loader/src/include/daemon.h b/loader/src/include/daemon.h
@@ -22,7 +22,8 @@ enum rezygiskd_actions {
   GetModuleDir,
   ZygoteRestart,
   SystemServerStarted,
-  UpdateMountNamespace
+  UpdateMountNamespace,
+  RemoveModule
 };
 
 struct zygisk_modules {
@@ -79,4 +80,6 @@ void rezygiskd_system_server_started();
 
 bool rezygiskd_update_mns(enum mount_namespace_state nms_state, char *buf, size_t buf_size);
 
+bool rezygiskd_remove_module(size_t index);
+
 #endif /* DAEMON_H */
diff --git a/loader/src/injector/hook.c b/loader/src/injector/hook.c
@@ -881,6 +881,13 @@ static bool load_modules_only(void) {
     if (!csoloader_load(&zygisk_modules[zygisk_module_length].lib, lib_path)) {
       LOGE("Failed to load module [%s]", lib_path);
 
+      /* INFO: In case a module failed to load, update the list of available modules
+           in ReZygiskd to avoid a mismatch between the loaded modules in ReZygisk
+           Zygote library and the available modules in ReZygiskd. */
+      /* TODO: Update the list of modules for ReZygisk monitor, so that it can update
+                 for WebUI. That is simply cosmetic, though. */
+      rezygiskd_remove_module(i);
+
       continue;
     }
 
@@ -890,6 +897,8 @@ static bool load_modules_only(void) {
 
       csoloader_unload(&zygisk_modules[zygisk_module_length].lib);
 
+      rezygiskd_remove_module(i);
+
       continue;
     }
 
@@ -951,7 +960,6 @@ static void rz_run_modules_post(struct zygisk_context *ctx) {
 static void rz_app_specialize_pre(struct zygisk_context *ctx) {
   FLAG_SET(ctx, APP_SPECIALIZE);
 
-
   /* INFO: Isolated services have different UIDs than the main apps. Because
               numerous root implementations base themselves in the UID of the
               app, we need to ensure that the UID sent to ReZygiskd to search
diff --git a/zygiskd/src/constants.h b/zygiskd/src/constants.h
@@ -27,7 +27,8 @@ enum DaemonSocketAction {
   GetModuleDir           = 5,
   ZygoteRestart          = 6,
   SystemServerStarted    = 7,
-  UpdateMountNamespace   = 8
+  UpdateMountNamespace   = 8,
+  RemoveModule           = 9
 };
 
 enum ProcessFlags: uint32_t {
diff --git a/zygiskd/src/zygiskd.c b/zygiskd/src/zygiskd.c
@@ -627,6 +627,42 @@ void zygiskd_start(char *restrict argv[]) {
         ret = write_uint32_t(client_fd, (uint32_t)ns_fd);
         ASSURE_SIZE_WRITE_BREAK("UpdateMountNamespace", "ns_fd", ret, sizeof(ns_fd));
 
+        break;
+      }
+      case RemoveModule: {
+        size_t index = 0;
+        ssize_t ret = read_size_t(client_fd, &index);
+        ASSURE_SIZE_READ_BREAK("RemoveModule", "index", ret, sizeof(index));
+
+        if (index >= context.len) {
+          LOGE("Invalid module index: %zu\n", index);
+
+          ret = write_uint8_t(client_fd, 0);
+          ASSURE_SIZE_WRITE_BREAK("RemoveModule", "response", ret, sizeof(uint8_t));
+
+          close(client_fd);
+
+          break;
+        }
+
+        struct Module *module = &context.modules[index];
+        if (module->companion >= 0) {
+          close(module->companion);
+          module->companion = -1;
+        }
+
+        free(module->name);
+        module->name = NULL;
+
+        close(module->lib_fd);
+        module->lib_fd = -1;
+
+        memmove(&context.modules[index], &context.modules[index + 1], (context.len - index - 1) * sizeof(struct Module));
+        context.len--;
+
+        ret = write_uint8_t(client_fd, 1);
+        ASSURE_SIZE_WRITE_BREAK("RemoveModule", "response", ret, sizeof(uint8_t));
+
         break;
       }
     }
