diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-29 11:18:15 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-29 11:18:15 +0100 |
| commit | 6e0c5c33438e5e898bd075c33a45b3abf9d1b26b (patch) | |
| tree | c7387db08eaf33f55eb7f1e3cca331f92fbce9be /run_onchange_after_deploy-etc.sh.tmpl | |
| parent | ad8e14860fa0ca978f5ef6e02860d24f5e39c361 (diff) | |
| download | dotfiles-6e0c5c33438e5e898bd075c33a45b3abf9d1b26b.tar.gz dotfiles-6e0c5c33438e5e898bd075c33a45b3abf9d1b26b.tar.bz2 dotfiles-6e0c5c33438e5e898bd075c33a45b3abf9d1b26b.zip | |
feat(suspend): re-enable suspend on s2idle, drop diagnostic scaffolding
Confirmed root cause: this hardware's S3 (deep) firmware path triggers a
fatal wake-from-suspend hang only on linux-hardened. INIT_ON_FREE + slab
hardening + tighter locking turn a latent driver race that stock linux
gets away with into an unrecoverable panic so early the journal isn't
even flushed. mem_sleep_default=s2idle bypasses the BIOS S3 path
entirely (s0ix is a pure-kernel low-power state) and suspends/resumes
reliably under hardened.
This is a widespread Lenovo S3 firmware issue across post-2018
ThinkPads (see Ubuntu T560, X1C9/10/11 reports). Lenovo themselves
moved newer firmwares to s2idle-only. Not a linux-hardened bug per se;
just hardened being a strict enough kernel to make the bug fatal.
Keep:
* mem_sleep_default=s2idle in etc/kernel/cmdline-linux-hardened.tmpl
(only the hardened UKI; stock linux keeps unchanged shared cmdline)
Revert (all the diagnostic / speculative scaffolding from the last
few commits):
* MODULES=(intel_lpss_pci) → MODULES=() — Arch wiki touchpad fix was
not the cause here
* nmi_watchdog=panic softlockup_panic=1 panic=10 — only needed to
auto-reboot during diagnosis
* no_console_suspend — diagnostic-only
* etc/systemd/logind.conf.d/20-no-suspend.conf — masking workaround
* sleep-target masking block in run_onchange_after_deploy-etc.sh.tmpl,
replaced with a one-shot cleanup that removes any leftover
/dev/null symlinks from systems that ran the previous version
* systemd-pstore.service from systemd-units/system.txt — added only to
catch the diagnostic panic
* diagnose-suspend.sh helper (and its .gitignore/.chezmoiignore entries)
* sway suspend → lock-session keybind workaround
* power-menu.sh Suspend entry restoration
* KEYBINDS.md docs
Diffstat (limited to 'run_onchange_after_deploy-etc.sh.tmpl')
| -rwxr-xr-x | run_onchange_after_deploy-etc.sh.tmpl | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl index a60d833..5b60972 100755 --- a/run_onchange_after_deploy-etc.sh.tmpl +++ b/run_onchange_after_deploy-etc.sh.tmpl @@ -30,15 +30,15 @@ done # sudo-rs: /etc/pam.d/sudo-i is a symlink to /etc/pam.d/sudo sudo ln -sfT sudo /etc/pam.d/sudo-i -# Mask sleep/suspend/hibernate at the unit level. See -# etc/systemd/logind.conf.d/20-no-suspend.conf for context. This blocks -# `systemctl suspend` from any source (manual, scripts, GUI menus) in -# addition to the logind key/lid handler overrides. To re-enable: -# remove these symlinks (and revert the logind drop-in) then -# `sudo systemctl daemon-reload`. +# Clean up sleep-target masks from the earlier hardened-suspend +# workaround. Now that mem_sleep_default=s2idle resolves the wake hang, +# suspend is enabled again. Remove any leftover /dev/null symlinks. for target in sleep.target suspend.target hibernate.target \ hybrid-sleep.target suspend-then-hibernate.target; do - sudo ln -sfT /dev/null "/etc/systemd/system/$target" + link="/etc/systemd/system/$target" + if [ -L "$link" ] && [ "$(readlink "$link")" = "/dev/null" ]; then + sudo rm -f "$link" + fi done sudo systemctl daemon-reload |