From 1853d9decf3a684a547f97b81c8551edfad05ca4 Mon Sep 17 00:00:00 2001
From: AlexLiuDev233 <wzylin11@outlook.com>
Date: Tue, 4 Nov 2025 01:08:49 +0800
Subject: [PATCH] feat: try manual reboot hook (#521)

* feat: try manual reboot hook

* refactor: move ksu_handle_reboot to supercalls.c for ShirkNeko

---------
---
 Website/docs/zh/guide/how-to-integrate.md | 30 +++++++++++++++++++++++
 kernel/core_hook.c                        | 13 +++-------
 kernel/supercalls.c                       | 11 +++++++++
 3 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/Website/docs/zh/guide/how-to-integrate.md b/Website/docs/zh/guide/how-to-integrate.md
index 3e52abe1..93d78888 100644
--- a/Website/docs/zh/guide/how-to-integrate.md
+++ b/Website/docs/zh/guide/how-to-integrate.md
@@ -63,6 +63,36 @@ curl -LSs "https://raw.githubusercontent.com/SukiSU-Ultra/SukiSU-Ultra/main/kern
 
 请参考此文档 [https://github.com/~ (non-GKI 内核集成)](https://github.com/tiann/KernelSU/blob/main/website/docs/guide/how-to-integrate-for-non-gki.md#manually-modify-the-kernel-source) 和 [https://github.com/~ (GKI 内核构建)](https://kernelsu.org/zh_CN/guide/how-to-build.html) 进行手动集成。虽然第一个链接的标题是“适用于 non-GKI”，但它也适用于 GKI。两者都可以正常工作。
 
+并且手动修改 kernel/reboot.c, 进行手动 reboot hook
+
+```diff[reboot.c]
+diff --git a/kernel/reboot.c b/kernel/reboot.c
+index 8f08af3a7d04..3809b8aa6213 100644
+--- a/kernel/reboot.c
++++ b/kernel/reboot.c
+@@ -302,6 +302,9 @@ EXPORT_SYMBOL_GPL(kernel_power_off);
+
+ DEFINE_MUTEX(system_transition_mutex);
+
++#ifdef CONFIG_KSU
++extern void ksu_handle_reboot(int magic1, int magic2, void __user * arg);
++#endif
+ /*
+  * Reboot system call: for obvious reasons only root may call it,
+  * and even root needs to set up some magic numbers in the registers
+@@ -317,6 +320,10 @@ SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
+        char buffer[256];
+        int ret = 0;
+
++#ifdef CONFIG_KSU
++       ksu_handle_reboot(magic1, magic2, arg);
++#endif
++
+        /* We only trust the superuser with rebooting the system. */
+        if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT))
+                return -EPERM;
+```
+
 还有另一种集成方法，但是仍在开发中。
 
 <!-- 这是 backslashxx 的syscall manual hook，但目前无法使用。 -->
diff --git a/kernel/core_hook.c b/kernel/core_hook.c
index 2d689804..ff0cf57f 100644
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -649,6 +649,8 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
     return 0;
 }
 
+extern void ksu_handle_reboot(int magic1, int magic2, void __user * arg); // supercalls.c
+
 // Init functons - kprobe hooks
 
 // 1. Reboot hook for installing fd
@@ -660,15 +662,8 @@ static int reboot_handler_pre(struct kprobe *p, struct pt_regs *regs)
     unsigned long arg4;
 
     // Check if this is a request to install KSU fd
-    if (magic1 == KSU_INSTALL_MAGIC1 && magic2 == KSU_INSTALL_MAGIC2) {
-        int fd = ksu_install_fd();
-        pr_info("[%d] install ksu fd: %d\n", current->pid, fd);
-
-        arg4 = (unsigned long)PT_REGS_SYSCALL_PARM4(real_regs);
-        if (copy_to_user((int *)arg4, &fd, sizeof(fd))) {
-            pr_err("install ksu fd reply err\n");
-        }
-    }
+    arg4 = (unsigned long)PT_REGS_SYSCALL_PARM4(real_regs);
+    ksu_handle_reboot(magic1, magic2, (void __user *) arg4);
 
     return 0;
 }
diff --git a/kernel/supercalls.c b/kernel/supercalls.c
index 35c1629b..f6cc2fc8 100644
--- a/kernel/supercalls.c
+++ b/kernel/supercalls.c
@@ -69,6 +69,17 @@ static void init_uid_scanner(void)
     }
 }
 
+void ksu_handle_reboot(int magic1, int magic2, void __user * arg) {
+    if (magic1 == KSU_INSTALL_MAGIC1 && magic2 == KSU_INSTALL_MAGIC2) {
+        int fd = ksu_install_fd();
+        pr_info("[%d] install ksu fd: %d\n", current->pid, fd);
+
+        if (copy_to_user(arg, &fd, sizeof(fd))) {
+            pr_err("install ksu fd reply err\n");
+        }
+    }
+}
+
 static int do_grant_root(void __user *arg)
 {
     // Check if current UID is allowed