Re: [PATCH] ARM: mm: fix kexec and hibernation with CONFIG_CPU_TTBR0_PAN

[Florian Fainelli]

On 5/25/2026 6:35 AM, Linus Walleij wrote:
> Hi Florian,
>
> thanks for digging in and finding this!
>
> On Sat, May 23, 2026 at 2:08 AM Florian Fainelli
> <florian.fainelli@xxxxxxxxxxxx> wrote:
>
> > Commit 7af5b901e847 ("ARM: 9358/2: Implement PAN for LPAE by TTBR0
> > page table walks disablement") implemented PAN for LPAE kernels by
> > setting TTBCR.EPD0 on every kernel entry, disabling TTBR0 page-table
> > walks while running in kernel mode. The commit correctly updated
> > cpu_suspend() in arch/arm/kernel/suspend.c, but missed two other code
> > paths that switch the CPU to the identity mapping before jumping to
> > low-PA (TTBR0-range) physical addresses:
> >
> > 1. setup_mm_for_reboot() in arch/arm/mm/idmap.c, used by the kexec
> >     reboot path. With TTBCR.EPD0 still set, the subsequent branch to
> >     the identity-mapped cpu_v7_reset causes a PrefetchAbort because the
> >     TTBR0 page-table walk needed to resolve the identity-mapped address
> >     is disabled. This manifests as a hard hang or "bad PC value" panic
> >     on LPAE kernels booted on CPUs that strictly enforce EPD0 for
> >     instruction fetch (e.g. Cortex-A53 in AArch32 mode) while the same
> >     image may accidentally work on Cortex-A15 due to microarchitectural
> >     differences in EPD0 enforcement.
> >
> > 2. arch_restore_image() in arch/arm/kernel/hibernate.c, which calls
> >     cpu_switch_mm(idmap_pgd, &init_mm) directly without going through
> >     setup_mm_for_reboot(), leaving TTBCR.EPD0 set while the identity
> >     mapping is active.
> >
> > Fix both sites by calling uaccess_save_and_enable() before switching
> > to the identity mapping, mirroring what the original commit did for
> > cpu_suspend().
> >
> > Fixes: 7af5b901e847 ("ARM: 9358/2: Implement PAN for LPAE by TTBR0 page table walks disablement")
> > Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
> > Cc: Linus Walleij <linus.walleij@xxxxxxxxxx>
> > Assisted-by: Cursor:claude-sonnet-4.6
> > Signed-off-by: Florian Fainelli <florian.fainelli@xxxxxxxxxxxx>
>
> Reviewed-by: Linus Walleij <linusw@xxxxxxxxxx>
>
> Please put this patch into Russell's patch tracker.

Thank you, now done:

https://www.armlinux.org.uk/developer/patches/viewpatch.php?id=9476/1
--
Florian