[Deepin-Kernel-SIG] [linux 6.18-y] [Upstream] arm64: mm: Add PTE_DIRTY back to PAGE_KERNEL* to fix kexec/hibernation

[opsiff]

Commit 143937c ("arm64, mm: avoid always making PTE dirty in pte_mkwrite()") changed pte_mkwrite_novma() to only clear PTE_RDONLY when PTE_DIRTY is set. This was to allow writable-clean PTEs for swap pages that haven't actually been written.

However, this broke kexec and hibernation for some platforms. Both go through trans_pgd_create_copy() -> _copy_pte(), which calls pte_mkwrite_novma() to make the temporary linear-map copy fully writable. With the updated pte_mkwrite_novma(), read-only kernel pages (without PTE_DIRTY) remain read-only in the temporary mapping. While such behaviour is fine for user pages where hardware DBM or trapping will make them writeable, subsequent in-kernel writes by the kexec relocation code will fault.

Add PTE_DIRTY back to all _PAGE_KERNEL* protection definitions. This was the case prior to 5.4, commit aa57157 ("arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default"). With the kernel linear-map PTEs always having PTE_DIRTY set, pte_mkwrite_novma() correctly clears PTE_RDONLY.

Fixes: 143937c ("arm64, mm: avoid always making PTE dirty in pte_mkwrite()")

Cc: stable@vger.kernel.org
Reported-by: Jianpeng Chang jianpeng.chang.cn@windriver.com
Link: https://lore.kernel.org/r/20251204062722.3367201-1-jianpeng.chang.cn@windriver.com
Cc: Will Deacon will@kernel.org
Cc: Huang, Ying ying.huang@linux.alibaba.com
Cc: Guenter Roeck linux@roeck-us.net
Reviewed-by: Huang Ying ying.huang@linux.alibaba.com

(cherry picked from commit c25c4aa3f79a488cc270507935a29c07dc6bddfc)

Summary by Sourcery

Bug Fixes:

• Fix kexec and hibernation failures on arm64 platforms by marking kernel PTEs dirty so pte_mkwrite_novma() correctly clears read-only protection bits.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR updates the arm64 kernel page table protection macros so that all kernel linear-map PAGE_KERNEL* PTEs are created with the PTE_DIRTY bit set, restoring pre-5.4 behavior to ensure pte_mkwrite_novma() can correctly make temporary mappings writable for kexec/hibernation paths.

Sequence diagram for kexec temporary mapping with updated PAGE_KERNEL PTE_DIRTY behavior

sequenceDiagram
    participant CPU
    participant kexec_reloc as kexec_relocation_code
    participant trans_pgd as trans_pgd_create_copy
    participant copy_pte as _copy_pte
    participant pte_mkwrite as pte_mkwrite_novma

    CPU->>kexec_reloc: Start kexec or hibernation restore
    kexec_reloc->>trans_pgd: Create temporary linear map
    trans_pgd->>copy_pte: Copy kernel PTE into trans PGD
    copy_pte->>pte_mkwrite: Make PTE writable

    alt Before_fix_PAGE_KERNEL_without_PTE_DIRTY
        pte_mkwrite-->>copy_pte: Sees PTE without PTE_DIRTY
        note over pte_mkwrite: Only clears PTE_RDONLY if PTE_DIRTY is set
        pte_mkwrite-->>copy_pte: PTE remains read_only
        copy_pte-->>trans_pgd: Temporary PTE is still read_only
        trans_pgd-->>kexec_reloc: Map used for relocation
        kexec_reloc->>CPU: Attempt in_kernel write to temp mapping
        CPU-->>kexec_reloc: Page fault due to read_only PTE
    else After_fix_PAGE_KERNEL_with_PTE_DIRTY
        pte_mkwrite-->>copy_pte: Sees PTE with PTE_DIRTY set
        pte_mkwrite-->>copy_pte: Clears PTE_RDONLY, keeps PTE_DIRTY
        copy_pte-->>trans_pgd: Temporary PTE is writable
        trans_pgd-->>kexec_reloc: Map used for relocation
        kexec_reloc->>CPU: In_kernel write to temp mapping
        CPU-->>kexec_reloc: Write succeeds, no fault
    end

Loading

Flow diagram for pte_mkwrite_novma behavior with PAGE_KERNEL PTE_DIRTY change

flowchart TD
    A[Start: _copy_pte calls pte_mkwrite_novma] --> B[Input PTE from PAGE_KERNEL* mapping]
    B --> C{Does PTE have PTE_DIRTY set?}

    subgraph Before_fix_PAGE_KERNEL_without_PTE_DIRTY
        direction TB
        C -- No --> D[Leave PTE_RDONLY set]
        D --> E[Result: PTE stays read_only]
        E --> F[Temporary linear map may fault on in_kernel writes]
    end

    subgraph After_fix_PAGE_KERNEL_with_PTE_DIRTY
        direction TB
        C -- Yes --> G[Clear PTE_RDONLY bit]
        G --> H[Keep PTE_DIRTY set]
        H --> I[Result: PTE becomes writable]
        I --> J[Temporary linear map allows kexec/hibernation writes]
    end

    F --> K[End]
    J --> K[End]

Loading

File-Level Changes

Change	Details	Files
Ensure all PAGE_KERNEL* PTEs include PTE_DIRTY so pte_mkwrite_novma() can clear PTE_RDONLY for temporary kernel mappings used by kexec and hibernation.	Modify _PAGE_KERNEL to OR in PTE_DIRTY on top of PROT_NORMAL so default kernel mappings are marked dirty. Modify _PAGE_KERNEL_RO to retain read-only semantics (clear PTE_WRITE, set PTE_RDONLY) while also setting PTE_DIRTY. Modify _PAGE_KERNEL_ROX to keep read-only, executable semantics (no PTE_WRITE, no PTE_PXN) while also setting PTE_DIRTY. Modify _PAGE_KERNEL_EXEC to keep executable, non-privileged-execute-never semantics (clear PTE_PXN) while also setting PTE_DIRTY. Modify _PAGE_KERNEL_EXEC_CONT to keep contiguous executable semantics (set PTE_CONT, clear PTE_PXN) while also setting PTE_DIRTY.	arch/arm64/include/asm/pgtable-prot.h

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from opsiff. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}