From nobody Mon Feb 9 08:19:58 2026 Received: from SHSQR01.spreadtrum.com (unknown [222.66.158.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7C9812BEFE8 for ; Wed, 14 Jan 2026 01:39:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=222.66.158.135 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768354757; cv=none; b=JPZqN596DNIYtBp2LXa8IEzVnGQcp8CM70ojY5nivLkWQrlzEbECcce/m+/4xCL2YznUKPCy6sJjf1ntw51+ZCkHT/RIzRh3EnQmCnb2QhicSzUEJyekfG/3DorKNeCD2wjUHEq3Kce6AgnbWnZ9lO4GQCFaI2H3nWn6EblvLbE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768354757; c=relaxed/simple; bh=dtIY87qZurpuCqSJMStbUMivopIrqRWq7mqfr5BbH38=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=W1NtBGHUaczyLxzTEi6eGdFY9Vc0VpYJo75Bh7gn5ML8UNcJPfu64d0j7NxG0YD1fkCOkyuUDUrVjDWuFRK0+1b6j1bWWRjcR/21n8ZBXKVcz+4Y/sR9tp37Poucl1G2bH/c6lt+JQv34QKlALrECO7pMhIlCZIImcnhBkhth70= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=unisoc.com; spf=pass smtp.mailfrom=unisoc.com; dkim=pass (2048-bit key) header.d=unisoc.com header.i=@unisoc.com header.b=GNoBQbyC; arc=none smtp.client-ip=222.66.158.135 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=unisoc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=unisoc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=unisoc.com header.i=@unisoc.com header.b="GNoBQbyC" Received: from dlp.unisoc.com ([10.29.3.86]) by SHSQR01.spreadtrum.com with ESMTP id 60E1c4L1027006; Wed, 14 Jan 2026 09:38:04 +0800 (+08) (envelope-from zhaoyang.huang@unisoc.com) Received: from SHDLP.spreadtrum.com (BJMBX01.spreadtrum.com [10.0.64.7]) by dlp.unisoc.com (SkyGuard) with ESMTPS id 4drTBX0zgTz2K5hqn; Wed, 14 Jan 2026 09:32:36 +0800 (CST) Received: from bj03382pcu03.spreadtrum.com (10.0.73.40) by BJMBX01.spreadtrum.com (10.0.64.7) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 14 Jan 2026 09:38:01 +0800 From: "zhaoyang.huang" To: Catalin Marinas , Will Deacon , , , Zhaoyang Huang , CC: , Subject: [PATCH] arch: arm64: set __nocfi on swsusp_arch_resume Date: Wed, 14 Jan 2026 09:37:45 +0800 Message-ID: <20260114013745.133439-1-zhaoyang.huang@unisoc.com> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SHCAS03.spreadtrum.com (10.0.1.207) To BJMBX01.spreadtrum.com (10.0.64.7) X-MAIL: SHSQR01.spreadtrum.com 60E1c4L1027006 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unisoc.com; s=default; t=1768354697; bh=1uTh0EQC6lqkCsAgQhRjn3zfEKwMUYjvrAvQXQocgsA=; h=From:To:CC:Subject:Date; b=GNoBQbyCAwOT+dApA46MSE8J1k4LJ0YSKj0MORbWAgkNfgbPDpkCv0lsS0k5JV9T5 NAmLuO/jGWfTXJyPGutJD7Q1cbQxKgWQLufPp1MpWs4zN3XauULOAqlJUqfBJCbtuQ RAIp2gId80ScnZa8CipBaGoyelcLpKiYn2ZFV8P6m36pdh4QYkIPh+amozE6lGa5b8 V3+4I2bum/TN23JJqWwOVSCezV1L9RVTOJ0VkyLyqUJTfqddyOE4o/Sozsw3xXuEi6 SNbKJ7BtGDH0wzszRPFRzwFV+h/5gQzblN1gXQBvAB6pxsM6RObsgTHU/KUi+0njur zLlXaO2k73NSw== Content-Type: text/plain; charset="utf-8" From: Zhaoyang Huang A DABT is reported[1] on an android based system when resume from hiberate, which is root caused as CFI will plant stub code[2] to verify the swsusp_arch_suspend_exit's authentication, where the hash value is stored before the page that alloced by create_safe_exec_page. We also have tried to copy the hash value together with the function but get failed since the value is not on the desired position(src_start - 4). So we solve this issue by setting __nocfi on swsusp_arch_resume and it works. [1] [ 22.991934][ T1] Unable to handle kernel paging request at virtual ad= dress 0000000109170ffc [ 22.991934][ T1] Mem abort info: [ 22.991934][ T1] ESR =3D 0x0000000096000007 [ 22.991934][ T1] EC =3D 0x25: DABT (current EL), IL =3D 32 bits [ 22.991934][ T1] SET =3D 0, FnV =3D 0 [ 22.991934][ T1] EA =3D 0, S1PTW =3D 0 [ 22.991934][ T1] FSC =3D 0x07: level 3 translation fault [ 22.991934][ T1] Data abort info: [ 22.991934][ T1] ISV =3D 0, ISS =3D 0x00000007, ISS2 =3D 0x00000000 [ 22.991934][ T1] CM =3D 0, WnR =3D 0, TnD =3D 0, TagAccess =3D 0 [ 22.991934][ T1] GCS =3D 0, Overlay =3D 0, DirtyBit =3D 0, Xs =3D 0 [ 22.991934][ T1] [0000000109170ffc] user address but active_mm is swa= pper [ 22.991934][ T1] Internal error: Oops: 0000000096000007 [#1] PREEMPT = SMP [ 22.991934][ T1] Dumping ftrace buffer: [ 22.991934][ T1] (ftrace buffer empty) [ 22.991934][ T1] Modules linked in: [ 22.991934][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.98-and= roid15-8-g0b1d2aee7fc3-dirty-4k #1 688c7060a825a3ac418fe53881730b355915a419 [ 22.991934][ T1] Hardware name: Unisoc UMS9360-base Board (DT) [ 22.991934][ T1] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSB= S BTYPE=3D--) [ 22.991934][ T1] pc : swsusp_arch_resume+0x2ac/0x344 [ 22.991934][ T1] lr : swsusp_arch_resume+0x294/0x344 [ 22.991934][ T1] sp : ffffffc08006b960 [ 22.991934][ T1] x29: ffffffc08006b9c0 x28: 0000000000000000 x27: 000= 0000000000000 [ 22.991934][ T1] x26: 0000000000000000 x25: 0000000000000000 x24: 000= 0000000000820 [ 22.991934][ T1] x23: ffffffd0817e3000 x22: ffffffd0817e3000 x21: 000= 0000000000000 [ 22.991934][ T1] x20: ffffff8089171000 x19: ffffffd08252c8c8 x18: fff= fffc080061058 [ 22.991934][ T1] x17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 000= 0000000000004 [ 22.991934][ T1] x14: ffffff8178c88000 x13: 0000000000000006 x12: 000= 0000000000000 [ 22.991934][ T1] x11: 0000000000000015 x10: 0000000000000001 x9 : fff= fffd082533000 [ 22.991934][ T1] x8 : 0000000109171000 x7 : 205b5d3433393139 x6 : 392= e32322020205b [ 22.991934][ T1] x5 : 000000010916f000 x4 : 000000008164b000 x3 : fff= fff808a4e0530 [ 22.991934][ T1] x2 : ffffffd08058e784 x1 : 0000000082326000 x0 : 000= 000010a283000 [ 22.991934][ T1] Call trace: [ 22.991934][ T1] swsusp_arch_resume+0x2ac/0x344 [ 22.991934][ T1] hibernation_restore+0x158/0x18c [ 22.991934][ T1] load_image_and_restore+0xb0/0xec [ 22.991934][ T1] software_resume+0xf4/0x19c [ 22.991934][ T1] software_resume_initcall+0x34/0x78 [ 22.991934][ T1] do_one_initcall+0xe8/0x370 [ 22.991934][ T1] do_initcall_level+0xc8/0x19c [ 22.991934][ T1] do_initcalls+0x70/0xc0 [ 22.991934][ T1] do_basic_setup+0x1c/0x28 [ 22.991934][ T1] kernel_init_freeable+0xe0/0x148 [ 22.991934][ T1] kernel_init+0x20/0x1a8 [ 22.991934][ T1] ret_from_fork+0x10/0x20 [ 22.991934][ T1] Code: a9400a61 f94013e0 f9438923 f9400a64 (b85fc110) [2] 0xffffffd08064a878 : mov x0, x24 0xffffffd08064a87c : mov x1, x20 0xffffffd08064a880 : mov x2, x21 0xffffffd08064a884 : mov x3, x22 0xffffffd08064a888 : mov x4, x23 0xffffffd08064a88c : ldur w16, [x25, #-4] 0xffffffd08064a890 : movk w17, #0x5d7b 0xffffffd08064a894 : movk w17, #0xb6ad, lsl #16 0xffffffd08064a898 : cmp w16, w17 0xffffffd08064a89c : b.eq 0xffffffd08064a8a4 // b.none 0xffffffd08064a8a0 : brk #0x8239 0xffffffd08064a8a4 : blr x25 Signed-off-by: Zhaoyang Huang --- arch/arm64/kernel/hibernate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c index 18749e9a6c2d..9717568518ba 100644 --- a/arch/arm64/kernel/hibernate.c +++ b/arch/arm64/kernel/hibernate.c @@ -402,7 +402,7 @@ int swsusp_arch_suspend(void) * Memory allocated by get_safe_page() will be dealt with by the hibernate= code, * we don't need to free it here. */ -int swsusp_arch_resume(void) +int __nocfi swsusp_arch_resume(void) { int rc; void *zero_page; --=20 2.25.1