[PATCH] ARM: mm: fix kexec and hibernation with CONFIG_CPU_TTBR0_PAN

Linus Walleij linusw at kernel.org
Mon May 25 06:35:47 PDT 2026 

Hi Florian,

thanks for digging in and finding this!

On Sat, May 23, 2026 at 2:08 AM Florian Fainelli
<florian.fainelli at broadcom.com> wrote:

> Commit 7af5b901e847 ("ARM: 9358/2: Implement PAN for LPAE by TTBR0
> page table walks disablement") implemented PAN for LPAE kernels by
> setting TTBCR.EPD0 on every kernel entry, disabling TTBR0 page-table
> walks while running in kernel mode. The commit correctly updated
> cpu_suspend() in arch/arm/kernel/suspend.c, but missed two other code
> paths that switch the CPU to the identity mapping before jumping to
> low-PA (TTBR0-range) physical addresses:
>
> 1. setup_mm_for_reboot() in arch/arm/mm/idmap.c, used by the kexec
>    reboot path. With TTBCR.EPD0 still set, the subsequent branch to
>    the identity-mapped cpu_v7_reset causes a PrefetchAbort because the
>    TTBR0 page-table walk needed to resolve the identity-mapped address
>    is disabled. This manifests as a hard hang or "bad PC value" panic
>    on LPAE kernels booted on CPUs that strictly enforce EPD0 for
>    instruction fetch (e.g. Cortex-A53 in AArch32 mode) while the same
>    image may accidentally work on Cortex-A15 due to microarchitectural
>    differences in EPD0 enforcement.
>
> 2. arch_restore_image() in arch/arm/kernel/hibernate.c, which calls
>    cpu_switch_mm(idmap_pgd, &init_mm) directly without going through
>    setup_mm_for_reboot(), leaving TTBCR.EPD0 set while the identity
>    mapping is active.
>
> Fix both sites by calling uaccess_save_and_enable() before switching
> to the identity mapping, mirroring what the original commit did for
> cpu_suspend().
>
> Fixes: 7af5b901e847 ("ARM: 9358/2: Implement PAN for LPAE by TTBR0 page table walks disablement")
> Cc: Catalin Marinas <catalin.marinas at arm.com>
> Cc: Linus Walleij <linus.walleij at linaro.org>
> Assisted-by: Cursor:claude-sonnet-4.6
> Signed-off-by: Florian Fainelli <florian.fainelli at broadcom.com>

Reviewed-by: Linus Walleij <linusw at kernel.org>

Please put this patch into Russell's patch tracker.

Yours,
Linus Walleij

More information about the linux-arm-kernel mailing list