fix: ptrace_message leaking ReZygisk existence (zygote pid)

This commit fixes a trace left due to a kernel bug. In some cases (and all of them here), the sequence of events may lead to "ptrace_message" not be properly reset/not represent the actual state. This happens here, as when TRACEFORK is set in "monitor.c", setting "ptrace_message" as the PID of the new process, persists even when not tracing anymore, causing leaks. This fix has been given by @nampud, in #171.
2025-09-06 06:37:01 +00:00 · 2025-05-27 19:29:59 -03:00
parent 6261466e44
commit 70697be9a5
1 changed files with 10 additions and 0 deletions
--- a/loader/src/ptracer/ptracer.c
+++ b/loader/src/ptracer/ptracer.c
@@ -418,6 +418,16 @@ bool trace_zygote(int pid) {
      if (STOPPED_WITH(SIGCONT, 0)) {
        LOGD("received SIGCONT");

+        /* INFO: Due to kernel bugs, fixed in 5.16+, ptrace_message (msg of
+             PTRACE_GETEVENTMSG) may not represent the current state of
+             the process. Because we set some options, which alters the
+             ptrace_message, we need to call PTRACE_SYSCALL to reset the
+             ptrace_message to 0, the default/normal state.
+        */
+        ptrace(PTRACE_SYSCALL, pid, 0, 0);
+
+        WAIT_OR_DIE
+
        ptrace(PTRACE_DETACH, pid, 0, SIGCONT);
      }
    } else {