From nobody Mon Feb 9 09:21:17 2026 Received: from SHSQR01.spreadtrum.com (unknown [222.66.158.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8EF3642B738 for ; Thu, 22 Jan 2026 11:52:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=222.66.158.135 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769082766; cv=none; b=mHtxv6/4qeBSrpDQKTvqs2pF7qLLCDs1Tv0J0okpPWOMC9SMBfNRtgzZz1iDqUI+MJps6ZLzVHgeXiicx66sTyKsloTMB+xM/dFO+7R42BZMNB4j71TT+C3SKWw2BysgCWMwhESld0yFgS/SWEEgG7aXTIzXpVdsYwF0/njHMH0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769082766; c=relaxed/simple; bh=109Y7xNcohs9OXAu28QY0n17QqkPnipFnc952dchjEE=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=N0aVsrQNaLtgnB4+6RVyKKWRxIOl4/BKqk6xUrdkA+H32hbLGDtw4InHltt/uHmTU1e8dJeAZ65BhSNfOvLSMPHneFgNOvfB2s5tWQudwfpb6CJvlgRCPLCOYL5It+Drqp3DhJd8BCSi5qGbSUg5udzxR2QnLGQ4A3JW1CWNDMg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=unisoc.com; spf=pass smtp.mailfrom=unisoc.com; dkim=pass (2048-bit key) header.d=unisoc.com header.i=@unisoc.com header.b=OEXDiBZw; arc=none smtp.client-ip=222.66.158.135 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=unisoc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=unisoc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=unisoc.com header.i=@unisoc.com header.b="OEXDiBZw" Received: from dlp.unisoc.com ([10.29.3.86]) by SHSQR01.spreadtrum.com with ESMTP id 60MBneg9046666; Thu, 22 Jan 2026 19:49:40 +0800 (+08) (envelope-from zhaoyang.huang@unisoc.com) Received: from SHDLP.spreadtrum.com (BJMBX01.spreadtrum.com [10.0.64.7]) by dlp.unisoc.com (SkyGuard) with ESMTPS id 4dxfNC2RHYz2Mdt31; Thu, 22 Jan 2026 19:43:55 +0800 (CST) Received: from bj03382pcu03.spreadtrum.com (10.0.73.40) by BJMBX01.spreadtrum.com (10.0.64.7) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 22 Jan 2026 19:49:38 +0800 From: "zhaoyang.huang" To: Catalin Marinas , Will Deacon , James Morse , , , Zhaoyang Huang , CC: , Subject: [PATCH] arch: arm64: set __nocfi on swsusp_arch_resume Date: Thu, 22 Jan 2026 19:49:25 +0800 Message-ID: <20260122114925.624309-1-zhaoyang.huang@unisoc.com> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SHCAS03.spreadtrum.com (10.0.1.207) To BJMBX01.spreadtrum.com (10.0.64.7) X-MAIL: SHSQR01.spreadtrum.com 60MBneg9046666 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unisoc.com; s=default; t=1769082586; bh=iPm5vFolVch7stGt9c6SQIgR5RmbJCU/xzHlFiInPh4=; h=From:To:CC:Subject:Date; b=OEXDiBZwoztppQH5XCCkSY52J/+K9sHnEK+Hpz3V1cTbRHWIK7eDsKFIzE3nKWMFJ R42auKNelWFSM/HwNeSqk5U+/CWlVg7EAsYYmBeccDJl72yCilB6sUT4zwiFLU6cSG 24UT5H0ySPdgRgrfvgzxzP2Q1aXnVOHl+ZQ8hTG9cRv3l2pUoCA3XqFwi2J7e7i6rj 8dmmq5WlJkUzpg+g/ehtjfEEh+a/mE/0AocTt12BNTXHHbBAaU8qFz82DOazPXPOWS dQ0LWYs+TZbi+GVNUojV8Yin2qiE4y3uzAznpHMUHwEnqscXy/krO1SFMaFjvDVp6z P+QhWtudmol3w== Content-Type: text/plain; charset="utf-8" From: Zhaoyang Huang A DABT is reported[1] on an android based system when resume from hiberate, which is root caused as CFI will plant stub code[2] to verify the swsusp_arch_suspend_exit's authentication, where the hash value is stored before the page that alloced by create_safe_exec_page. We also have tried to copy the hash value together with the function but get failed since the value is not on the desired position(src_start - 4). So we solve this issue by setting __nocfi on swsusp_arch_resume and it works. [1] [ 22.991934][ T1] Unable to handle kernel paging request at virtual ad= dress 0000000109170ffc [ 22.991934][ T1] Mem abort info: [ 22.991934][ T1] ESR =3D 0x0000000096000007 [ 22.991934][ T1] EC =3D 0x25: DABT (current EL), IL =3D 32 bits [ 22.991934][ T1] SET =3D 0, FnV =3D 0 [ 22.991934][ T1] EA =3D 0, S1PTW =3D 0 [ 22.991934][ T1] FSC =3D 0x07: level 3 translation fault [ 22.991934][ T1] Data abort info: [ 22.991934][ T1] ISV =3D 0, ISS =3D 0x00000007, ISS2 =3D 0x00000000 [ 22.991934][ T1] CM =3D 0, WnR =3D 0, TnD =3D 0, TagAccess =3D 0 [ 22.991934][ T1] GCS =3D 0, Overlay =3D 0, DirtyBit =3D 0, Xs =3D 0 [ 22.991934][ T1] [0000000109170ffc] user address but active_mm is swa= pper [ 22.991934][ T1] Internal error: Oops: 0000000096000007 [#1] PREEMPT = SMP [ 22.991934][ T1] Dumping ftrace buffer: [ 22.991934][ T1] (ftrace buffer empty) [ 22.991934][ T1] Modules linked in: [ 22.991934][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.98-and= roid15-8-g0b1d2aee7fc3-dirty-4k #1 688c7060a825a3ac418fe53881730b355915a419 [ 22.991934][ T1] Hardware name: Unisoc UMS9360-base Board (DT) [ 22.991934][ T1] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSB= S BTYPE=3D--) [ 22.991934][ T1] pc : swsusp_arch_resume+0x2ac/0x344 [ 22.991934][ T1] lr : swsusp_arch_resume+0x294/0x344 [ 22.991934][ T1] sp : ffffffc08006b960 [ 22.991934][ T1] x29: ffffffc08006b9c0 x28: 0000000000000000 x27: 000= 0000000000000 [ 22.991934][ T1] x26: 0000000000000000 x25: 0000000000000000 x24: 000= 0000000000820 [ 22.991934][ T1] x23: ffffffd0817e3000 x22: ffffffd0817e3000 x21: 000= 0000000000000 [ 22.991934][ T1] x20: ffffff8089171000 x19: ffffffd08252c8c8 x18: fff= fffc080061058 [ 22.991934][ T1] x17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 000= 0000000000004 [ 22.991934][ T1] x14: ffffff8178c88000 x13: 0000000000000006 x12: 000= 0000000000000 [ 22.991934][ T1] x11: 0000000000000015 x10: 0000000000000001 x9 : fff= fffd082533000 [ 22.991934][ T1] x8 : 0000000109171000 x7 : 205b5d3433393139 x6 : 392= e32322020205b [ 22.991934][ T1] x5 : 000000010916f000 x4 : 000000008164b000 x3 : fff= fff808a4e0530 [ 22.991934][ T1] x2 : ffffffd08058e784 x1 : 0000000082326000 x0 : 000= 000010a283000 [ 22.991934][ T1] Call trace: [ 22.991934][ T1] swsusp_arch_resume+0x2ac/0x344 [ 22.991934][ T1] hibernation_restore+0x158/0x18c [ 22.991934][ T1] load_image_and_restore+0xb0/0xec [ 22.991934][ T1] software_resume+0xf4/0x19c [ 22.991934][ T1] software_resume_initcall+0x34/0x78 [ 22.991934][ T1] do_one_initcall+0xe8/0x370 [ 22.991934][ T1] do_initcall_level+0xc8/0x19c [ 22.991934][ T1] do_initcalls+0x70/0xc0 [ 22.991934][ T1] do_basic_setup+0x1c/0x28 [ 22.991934][ T1] kernel_init_freeable+0xe0/0x148 [ 22.991934][ T1] kernel_init+0x20/0x1a8 [ 22.991934][ T1] ret_from_fork+0x10/0x20 [ 22.991934][ T1] Code: a9400a61 f94013e0 f9438923 f9400a64 (b85fc110) [2] 0xffffffd08064a878 : mov x0, x24 0xffffffd08064a87c : mov x1, x20 0xffffffd08064a880 : mov x2, x21 0xffffffd08064a884 : mov x3, x22 0xffffffd08064a888 : mov x4, x23 0xffffffd08064a88c : ldur w16, [x25, #-4] 0xffffffd08064a890 : movk w17, #0x5d7b 0xffffffd08064a894 : movk w17, #0xb6ad, lsl #16 0xffffffd08064a898 : cmp w16, w17 0xffffffd08064a89c : b.eq 0xffffffd08064a8a4 // b.none 0xffffffd08064a8a0 : brk #0x8239 0xffffffd08064a8a4 : blr x25 Co-developed-by: Jeson Gao Signed-off-by: Jeson Gao Signed-off-by: Zhaoyang Huang Acked-by: Will Deacon --- arch/arm64/kernel/hibernate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c index 18749e9a6c2d..9717568518ba 100644 --- a/arch/arm64/kernel/hibernate.c +++ b/arch/arm64/kernel/hibernate.c @@ -402,7 +402,7 @@ int swsusp_arch_suspend(void) * Memory allocated by get_safe_page() will be dealt with by the hibernate= code, * we don't need to free it here. */ -int swsusp_arch_resume(void) +int __nocfi swsusp_arch_resume(void) { int rc; void *zero_page; --=20 2.25.1