--- /dev/null
+From 90f601b497d76f40fa66795c3ecf625b6aced9fd Mon Sep 17 00:00:00 2001
+From: Zilin Guan <zilin@seu.edu.cn>
+Date: Wed, 5 Nov 2025 02:29:23 +0000
+Subject: binfmt_misc: restore write access before closing files opened by open_exec()
+
+From: Zilin Guan <zilin@seu.edu.cn>
+
+commit 90f601b497d76f40fa66795c3ecf625b6aced9fd upstream.
+
+bm_register_write() opens an executable file using open_exec(), which
+internally calls do_open_execat() and denies write access on the file to
+avoid modification while it is being executed.
+
+However, when an error occurs, bm_register_write() closes the file using
+filp_close() directly. This does not restore the write permission, which
+may cause subsequent write operations on the same file to fail.
+
+Fix this by calling exe_file_allow_write_access() before filp_close() to
+restore the write permission properly.
+
+Fixes: e7850f4d844e ("binfmt_misc: fix possible deadlock in bm_register_write")
+Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
+Link: https://patch.msgid.link/20251105022923.1813587-1-zilin@seu.edu.cn
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+[ Use allow_write_access() instead of exe_file_allow_write_access()
+according to commit 0357ef03c94ef
+("fs: don't block write during exec on pre-content watched files"). ]
+Signed-off-by: Robert Garcia <rob_garcia@163.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/binfmt_misc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/binfmt_misc.c
++++ b/fs/binfmt_misc.c
+@@ -816,8 +816,10 @@ out:
+ inode_unlock(d_inode(root));
+
+ if (err) {
+- if (f)
++ if (f) {
++ allow_write_access(f);
+ filp_close(f, NULL);
++ }
+ kfree(e);
+ return err;
+ }
--- /dev/null
+From 9abf79c8d7b40db0e5a34aa8c744ea60ff9a3fcf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?H=C3=A5kon=20Bugge?= <haakon.bugge@oracle.com>
+Date: Thu, 29 Jan 2026 18:52:33 +0100
+Subject: PCI/ACPI: Restrict program_hpx_type2() to AER bits
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Håkon Bugge <haakon.bugge@oracle.com>
+
+commit 9abf79c8d7b40db0e5a34aa8c744ea60ff9a3fcf upstream.
+
+Previously program_hpx_type2() applied PCIe settings unconditionally,
+which could incorrectly change bits like Extended Tag Field Enable and
+Enable Relaxed Ordering.
+
+When _HPX was added to ACPI r3.0, the intent of the PCIe Setting
+Record (Type 2) in sec 6.2.7.3 was to configure AER registers when the
+OS does not own the AER Capability:
+
+ The PCI Express setting record contains ... [the AER] Uncorrectable
+ Error Mask, Uncorrectable Error Severity, Correctable Error Mask
+ ... to be used when configuring registers in the Advanced Error
+ Reporting Extended Capability Structure ...
+
+ OSPM [1] will only evaluate _HPX with Setting Record – Type 2 if
+ OSPM is not controlling the PCI Express Advanced Error Reporting
+ capability.
+
+ACPI r3.0b, sec 6.2.7.3, added more AER registers, including registers
+in the PCIe Capability with AER-related bits, and the restriction that
+the OS use this only when it owns PCIe native hotplug:
+
+ ... when configuring PCI Express registers in the Advanced Error
+ Reporting Extended Capability Structure *or PCI Express Capability
+ Structure* ...
+
+ An OS that has assumed ownership of native hot plug but does not
+ ... have ownership of the AER register set must use ... the Type 2
+ record to program the AER registers ...
+
+ However, since the Type 2 record also includes register bits that
+ have functions other than AER, the OS must ignore values ... that
+ are not applicable.
+
+Restrict program_hpx_type2() to only the intended purpose:
+
+ - Apply settings only when OS owns PCIe native hotplug but not AER,
+
+ - Only touch the AER-related bits (Error Reporting Enables) in Device
+ Control
+
+ - Don't touch Link Control at all, since nothing there seems AER-related,
+ but log _HPX settings for debugging purposes
+
+Note that Read Completion Boundary is now configured elsewhere, since it is
+unrelated to _HPX.
+
+[1] Operating System-directed configuration and Power Management
+
+Fixes: 40abb96c51bb ("[PATCH] pciehp: Fix programming hotplug parameters")
+Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Link: https://patch.msgid.link/20260129175237.727059-3-haakon.bugge@oracle.com
+[ Conflict in drivers/pci.h because the context has changed. ]
+Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/pci-acpi.c | 59 +++++++++++++++++++------------------------------
+ drivers/pci/pci.h | 3 ++
+ drivers/pci/pcie/aer.c | 3 --
+ 3 files changed, 27 insertions(+), 38 deletions(-)
+
+--- a/drivers/pci/pci-acpi.c
++++ b/drivers/pci/pci-acpi.c
+@@ -246,21 +246,6 @@ static acpi_status decode_type1_hpx_reco
+ return AE_OK;
+ }
+
+-static bool pcie_root_rcb_set(struct pci_dev *dev)
+-{
+- struct pci_dev *rp = pcie_find_root_port(dev);
+- u16 lnkctl;
+-
+- if (!rp)
+- return false;
+-
+- pcie_capability_read_word(rp, PCI_EXP_LNKCTL, &lnkctl);
+- if (lnkctl & PCI_EXP_LNKCTL_RCB)
+- return true;
+-
+- return false;
+-}
+-
+ /* _HPX PCI Express Setting Record (Type 2) */
+ struct hpx_type2 {
+ u32 revision;
+@@ -286,6 +271,7 @@ static void program_hpx_type2(struct pci
+ {
+ int pos;
+ u32 reg32;
++ const struct pci_host_bridge *host;
+
+ if (!hpx)
+ return;
+@@ -293,6 +279,15 @@ static void program_hpx_type2(struct pci
+ if (!pci_is_pcie(dev))
+ return;
+
++ host = pci_find_host_bridge(dev->bus);
++
++ /*
++ * Only do the _HPX Type 2 programming if OS owns PCIe native
++ * hotplug but not AER.
++ */
++ if (!host->native_pcie_hotplug || host->native_aer)
++ return;
++
+ if (hpx->revision > 1) {
+ pci_warn(dev, "PCIe settings rev %d not supported\n",
+ hpx->revision);
+@@ -300,33 +295,27 @@ static void program_hpx_type2(struct pci
+ }
+
+ /*
+- * Don't allow _HPX to change MPS or MRRS settings. We manage
+- * those to make sure they're consistent with the rest of the
+- * platform.
++ * We only allow _HPX to program DEVCTL bits related to AER, namely
++ * PCI_EXP_DEVCTL_CERE, PCI_EXP_DEVCTL_NFERE, PCI_EXP_DEVCTL_FERE,
++ * and PCI_EXP_DEVCTL_URRE.
++ *
++ * The rest of DEVCTL is managed by the OS to make sure it's
++ * consistent with the rest of the platform.
+ */
+- hpx->pci_exp_devctl_and |= PCI_EXP_DEVCTL_PAYLOAD |
+- PCI_EXP_DEVCTL_READRQ;
+- hpx->pci_exp_devctl_or &= ~(PCI_EXP_DEVCTL_PAYLOAD |
+- PCI_EXP_DEVCTL_READRQ);
++ hpx->pci_exp_devctl_and |= ~PCI_EXP_AER_FLAGS;
++ hpx->pci_exp_devctl_or &= PCI_EXP_AER_FLAGS;
+
+ /* Initialize Device Control Register */
+ pcie_capability_clear_and_set_word(dev, PCI_EXP_DEVCTL,
+ ~hpx->pci_exp_devctl_and, hpx->pci_exp_devctl_or);
+
+- /* Initialize Link Control Register */
++ /* Log if _HPX attempts to modify Link Control Register */
+ if (pcie_cap_has_lnkctl(dev)) {
+-
+- /*
+- * If the Root Port supports Read Completion Boundary of
+- * 128, set RCB to 128. Otherwise, clear it.
+- */
+- hpx->pci_exp_lnkctl_and |= PCI_EXP_LNKCTL_RCB;
+- hpx->pci_exp_lnkctl_or &= ~PCI_EXP_LNKCTL_RCB;
+- if (pcie_root_rcb_set(dev))
+- hpx->pci_exp_lnkctl_or |= PCI_EXP_LNKCTL_RCB;
+-
+- pcie_capability_clear_and_set_word(dev, PCI_EXP_LNKCTL,
+- ~hpx->pci_exp_lnkctl_and, hpx->pci_exp_lnkctl_or);
++ if (hpx->pci_exp_lnkctl_and != 0xffff ||
++ hpx->pci_exp_lnkctl_or != 0)
++ pci_info(dev, "_HPX attempts Link Control setting (AND %#06x OR %#06x)\n",
++ hpx->pci_exp_lnkctl_and,
++ hpx->pci_exp_lnkctl_or);
+ }
+
+ /* Find Advanced Error Reporting Enhanced Capability */
+--- a/drivers/pci/pci.h
++++ b/drivers/pci/pci.h
+@@ -11,6 +11,9 @@
+
+ #define PCI_VSEC_ID_INTEL_TBT 0x1234 /* Thunderbolt */
+
++#define PCI_EXP_AER_FLAGS (PCI_EXP_DEVCTL_CERE | PCI_EXP_DEVCTL_NFERE | \
++ PCI_EXP_DEVCTL_FERE | PCI_EXP_DEVCTL_URRE)
++
+ extern const unsigned char pcie_link_speed[];
+ extern bool pci_early_dump;
+
+--- a/drivers/pci/pcie/aer.c
++++ b/drivers/pci/pcie/aer.c
+@@ -214,9 +214,6 @@ void pcie_ecrc_get_policy(char *str)
+ }
+ #endif /* CONFIG_PCIE_ECRC */
+
+-#define PCI_EXP_AER_FLAGS (PCI_EXP_DEVCTL_CERE | PCI_EXP_DEVCTL_NFERE | \
+- PCI_EXP_DEVCTL_FERE | PCI_EXP_DEVCTL_URRE)
+-
+ int pcie_aer_is_native(struct pci_dev *dev)
+ {
+ struct pci_host_bridge *host = pci_find_host_bridge(dev->bus);
projects / thirdparty / kernel / stable-queue.git / commitdiff
