fix: passing invalid address to reply_ok in KernelSU prctl

This commit fixes an issue that was caused by ReZygiskd passing NULL (an invalid address) in "reply_ok" to KernelSU driver, which expects it to be a valid address to pass if the request was successful, causing it to spam the dmesg with error logs.
2025-09-06 06:37:01 +00:00 · 2025-07-15 05:12:33 -03:00
parent 872ba693a1
commit 90da42a10b
1 changed files with 8 additions and 5 deletions
--- a/zygiskd/src/root_impl/kernelsu.c
+++ b/zygiskd/src/root_impl/kernelsu.c
@@ -27,8 +27,10 @@ static enum kernelsu_variants variant = KOfficial;
 static bool supports_manager_uid_retrieval = false;

 void ksu_get_existence(struct root_impl_state *state) {
+  int reply_ok = 0;
+
  int version = 0;
-  prctl((signed int)KERNEL_SU_OPTION, CMD_GET_VERSION, &version, 0, 0);
+  prctl((signed int)KERNEL_SU_OPTION, CMD_GET_VERSION, &version, 0, &reply_ok);

  if (version == 0) state->state = Abnormal;
  else if (version >= MIN_KSU_VERSION && version <= MAX_KSU_VERSION) {
@@ -50,7 +52,7 @@ void ksu_get_existence(struct root_impl_state *state) {
    state->state = Supported;

    char mode[16] = { 0 };
-    prctl((signed int)KERNEL_SU_OPTION, CMD_HOOK_MODE, mode, 0, 0);
+    prctl((signed int)KERNEL_SU_OPTION, CMD_HOOK_MODE, mode, NULL, &reply_ok);

    if (mode[0] != '\0') state->variant = KNext;
    else state->variant = KOfficial;
@@ -60,8 +62,7 @@ void ksu_get_existence(struct root_impl_state *state) {
    /* INFO: CMD_GET_MANAGER_UID is a KernelSU Next feature, however we won't 
               limit to KernelSU Next only in case other forks wish to implement
               it. */
-    int reply_ok = 0;
-    prctl((signed int)KERNEL_SU_OPTION, CMD_GET_MANAGER_UID, 0, 0, &reply_ok);
+    prctl((signed int)KERNEL_SU_OPTION, CMD_GET_MANAGER_UID, NULL, NULL, &reply_ok);

    if (reply_ok == KERNEL_SU_OPTION) {
      LOGI("KernelSU implementation supports CMD_GET_MANAGER_UID.\n");
@@ -100,8 +101,10 @@ bool ksu_uid_is_manager(uid_t uid) {
             KernelSU Next have different package names.
  */
  if (supports_manager_uid_retrieval) {
+    int reply_ok = 0;
+
    uid_t manager_uid = 0;
-    prctl(KERNEL_SU_OPTION, CMD_GET_MANAGER_UID, &manager_uid, NULL, NULL);
+    prctl(KERNEL_SU_OPTION, CMD_GET_MANAGER_UID, &manager_uid, NULL, &reply_ok);

    return uid == manager_uid;
  }