From 7257d68ab9e354471e533801f5c9cbcc9c006fd2 Mon Sep 17 00:00:00 2001 From: Kernel Build Daemon Date: Apr 29 2023 05:26:36 +0000 Subject: Merge branch 'SLE12-SP5' into SLE12-SP5-AZURE --- diff --git a/blacklist.conf b/blacklist.conf index 7972ade..f73ec54 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -2728,3 +2728,69 @@ e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb # not applicable dc8d37ed304eeeea47e65fb9edc1c6c8b0093386 # we have CONFIG_SYSFS=y 16fe10cf92783ed9ceb182d6ea2b8adf5e8ec1b8 # already applied 747569b0a7c537d680bc94a988be6caad9960488 # adds a comment +06f3d71ea071b70e62bcc146cd9ff7ed1f9d4e43 # no nvme core/fabric fixes to missing infrastructure +510a405d945bc985abc513fafe45890cac34fafa # no nvme core/fabric fixes to missing infrastructure +cb9e0e5006064a807b5d722c7e3c42f307193792 # no nvme core/fabric fixes to missing infrastructure +bc4f6e06a90ea016855fc67212b4d500145f0b8a # no nvme core/fabric fixes to missing infrastructure +9ad9e8d6ca29c1446d81c6518ae634a2141dfd22 # no nvme core/fabric fixes to missing infrastructure +0b87a2b795d66be7b54779848ef0f3901c5e46fc # no nvme core/fabric fixes to missing infrastructure +1a3f540d63152b8db0a12de508bfa03776217d83 # no nvme core/fabric fixes to missing infrastructure +3b7830904e17202524bad1974505a9bfc718d31f # no nvme core/fabric fixes to missing infrastructure +2a5bcfdd41d68559567cec3c124a75e093506cc1 # no nvme core/fabric fixes to missing infrastructure +386e5e6e1aa90b479fcf0467935922df8524393d # no nvme core/fabric fixes to missing infrastructure +64f5e9cdd711b030b05062c17b2ecfbce890cf4c # no nvme core/fabric fixes to missing infrastructure +489dd102a2c7c94d783a35f9412eb085b8da1aa4 # no nvme core/fabric fixes to missing infrastructure +e164471dcf19308d154adb69e7760d8ba426a77f # no nvme core/fabric fixes to missing infrastructure +d8a22f85609fadb46ba699e0136cc3ebdeebff79 # no nvme core/fabric fixes to missing infrastructure +adc99fd378398f4c58798a1c57889872967d56a6 # no nvme core/fabric fixes to missing infrastructure +ecca390e80561debbfdb4dc96bf94595136889fa # no nvme core/fabric fixes to missing infrastructure +f34448cd0dc697723fb5f4118f8431d9233b370d # no nvme core/fabric fixes to missing infrastructure +70e37988db94aba607d5491a94f80ba08e399b6b # no nvme core/fabric fixes to missing infrastructure +46d2613eae51d527ecaf0e8248a9bfcc0b92aa7e # no nvme core/fabric fixes to missing infrastructure +65c5a055b0d567b7e7639d942c0605da9cc54c5e # no nvme core/fabric fixes to missing infrastructure +ca1ff67d0fb14f39cf0cc5102b1fbcc3b14f6fb9 # no nvme core/fabric fixes to missing infrastructure +cb8563f5c735a042ea2dd7df1ad55ae06d63ffeb # no nvme core/fabric fixes to missing infrastructure +fda871c0ba5d2eed2cd1c881573168129da70058 # no nvme core/fabric fixes to missing infrastructure +0fbcfb089a3f2f2a731d01f0aec8f7697a849c28 # no nvme core/fabric fixes to missing infrastructure +fd0823f405090f9f410fc3e3ff7efb52e7b486fa # no nvme core/fabric fixes to missing infrastructure +d218a8a3003e84ab136e69a4e30dd4ec7dab2d22 # no nvme core/fabric fixes to missing infrastructure +8b73b45d54a14588f86792869bfb23098ea254cb # no nvme core/fabric fixes to missing infrastructure +b5332a9f3f3d884a1b646ce155e664cc558c1722 # no nvme core/fabric fixes to missing infrastructure +dd8f7fa908f66dd44abcd83cbb50410524b9f8ef # no nvme core/fabric fixes to missing infrastructure +bdaf13279192c60b2b1fc99badef53b494fec055 # no nvme core/fabric fixes to missing infrastructure +608a969046e6e0567d05a166be66c77d2dd8220b # no nvme core/fabric fixes to missing infrastructure +03504e3b54cc8118cc26c064e60a0b00c2308708 # no nvme core/fabric fixes to missing infrastructure +522af60cb2f8e3658bda1902fb7f200dcf888a5c # no nvme core/fabric fixes to missing infrastructure +251ef6f71be2adfd09546a26643426fe62585173 # no nvme core/fabric fixes to missing infrastructure +298ba0e3d4af539cc37f982d4c011a0f07fca48c # no nvme core/fabric fixes to missing infrastructure +d89b9f3bbb58e9e378881209756b0723694f22ff # no nvme core/fabric fixes to missing infrastructure +e790de54e94a7a15fb725b34724d41d41cbaa60c # no nvme core/fabric fixes to missing infrastructure +09748122009aed7bfaa7acc33c10c083a4758322 # no nvme core/fabric fixes to missing infrastructure +102110efdff6beedece6ab9b51664c32ac01e2db # no nvme core/fabric fixes to missing infrastructure +c024b226a417c4eb9353ff500b1c823165d4d508 # no nvme core/fabric fixes to missing infrastructure +e2724cb9f0c406b8fb66efd3aa9e8b3edfd8d5c8 # no nvme core/fabric fixes to missing infrastructure +1fc766b5c08417248e0008bca14c3572ac0f1c26 # no nvme core/fabric fixes to missing infrastructure +23c9cd56007e90b2c2317c5eab6ab12921b4314a # no nvme core/fabric fixes to missing infrastructure +6a02a61e81c231cc5c680c5dbf8665275147ac52 # no nvme core/fabric fixes to missing infrastructure +160f3549a907a50e51a8518678ba2dcf2541abea # no nvme core/fabric fixes to missing infrastructure +c292a337d0e45a292c301e3cd51c35aa0ae91e95 # no nvme core/fabric fixes to missing infrastructure +c4abd8757189c7ca5803828f9c892328d7d94943 # no nvme core/fabric fixes to missing infrastructure +ddd2b8de9f85b388925e7dc46b3890fc1a0d8d24 # no nvme core/fabric fixes to missing infrastructure +83e1226b0ee2d7e3fb6e002fbbfc6ab36aabdc35 # no nvme core/fabric fixes to missing infrastructure +6f2d71524bcfdeb1fcbd22a4a92a5b7b161ab224 # no nvme core/fabric fixes to missing infrastructure +fa8f9ac42350edd3ce82d0d148a60f0fa088f995 # no nvme core/fabric fixes to missing infrastructure +c89a529e823d51dd23c7ec0c047c7a454a428541 # no nvme core/fabric fixes to missing infrastructure +841734234a28fd5cd0889b84bd4d93a0988fa11e # no nvme core/fabric fixes to missing infrastructure +685e6311637e46f3212439ce2789f8a300e5050f # no nvme core/fabric fixes to missing infrastructure +37f0dc2ec78af0c3f35dd05578763de059f6fe77 # no nvme core/fabric fixes to missing infrastructure +6173a77b7e9d3e202bdb9897b23f2a8afe7bf286 # no nvme core/fabric fixes to missing infrastructure +6622b76fe922b94189499a90ccdb714a4a8d0773 # no nvme core/fabric fixes to missing infrastructure +9ff6774b9718d1a72d1b7c580fc579f1d9d7071f # cosmetic +a17b9841152e7f4621619902b347e2cc39c32996 # alters behavior in a way that could cause regressions +fe5b6aaef72a0f7daa06e7960e0bee45c2984e41 # relevant only on SPARC +754ff5060daf5a1cf4474eff9b4edeb6c17ef7ab # irrelevant with our Makefile +2bfbe7881ee03d12bbedb05f804d139c88df30a0 # kABI +4bed9306050497f49cbe77b842f0d812f4f27593 # cleanup, not fix +a157802359f7451ed8046b2b6dbaca187797e062 # build cleanup +03f5eb300ad1241f854269a3e521b119189a4493 # build cleanup +7e7e1541c91615e9950d0b96bcd1806d297e970e # build cleanup diff --git a/kabi/severities b/kabi/severities index cb2b32e..14798d1 100644 --- a/kabi/severities +++ b/kabi/severities @@ -112,6 +112,9 @@ drivers/scsi/qedf/* PASS drivers/scsi/qedi/* PASS drivers/infiniband/hw/qedr/* PASS +drivers/nvme/host/nvme-fc* FAIL +drivers/nvme/host/* PASS + # qla2xxx only has local symbols drivers/scsi/qla2xxx/* PASS diff --git a/patches.suse/keys-Change-keyring_serialise_link_sem-to-a-mutex.patch b/patches.suse/keys-Change-keyring_serialise_link_sem-to-a-mutex.patch new file mode 100644 index 0000000..faaa7e8 --- /dev/null +++ b/patches.suse/keys-Change-keyring_serialise_link_sem-to-a-mutex.patch @@ -0,0 +1,73 @@ +From: David Howells +Date: Thu, 30 May 2019 11:40:24 +0100 +Subject: keys: Change keyring_serialise_link_sem to a mutex +Git-commit: 3be59f74512e37f4d4243a5d0831970e2a009206 +Patch-mainline: v5.3-rc1 +References: bsc#1207088 + +Change keyring_serialise_link_sem to a mutex as it's only ever +write-locked. + +Signed-off-by: David Howells +Acked-by: Petr Pavlu +--- + security/keys/keyring.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/security/keys/keyring.c b/security/keys/keyring.c +index 5b218b270598..ca6694ba1773 100644 +--- a/security/keys/keyring.c ++++ b/security/keys/keyring.c +@@ -100,7 +100,7 @@ EXPORT_SYMBOL(key_type_keyring); + * Semaphore to serialise link/link calls to prevent two link calls in parallel + * introducing a cycle. + */ +-static DECLARE_RWSEM(keyring_serialise_link_sem); ++static DEFINE_MUTEX(keyring_serialise_link_lock); + + /* + * Publish the name of a keyring so that it can be found by name (if it has +@@ -1206,7 +1206,7 @@ int __key_link_begin(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit **_edit) + __acquires(&keyring->sem) +- __acquires(&keyring_serialise_link_sem) ++ __acquires(&keyring_serialise_link_lock) + { + struct assoc_array_edit *edit; + int ret; +@@ -1228,7 +1228,7 @@ int __key_link_begin(struct key *keyring, + /* serialise link/link calls to prevent parallel calls causing a cycle + * when linking two keyring in opposite orders */ + if (index_key->type == &key_type_keyring) +- down_write(&keyring_serialise_link_sem); ++ mutex_lock(&keyring_serialise_link_lock); + + /* Create an edit script that will insert/replace the key in the + * keyring tree. +@@ -1260,7 +1260,7 @@ int __key_link_begin(struct key *keyring, + assoc_array_cancel_edit(edit); + error_sem: + if (index_key->type == &key_type_keyring) +- up_write(&keyring_serialise_link_sem); ++ mutex_unlock(&keyring_serialise_link_lock); + error_krsem: + up_write(&keyring->sem); + kleave(" = %d", ret); +@@ -1307,13 +1307,13 @@ void __key_link_end(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit *edit) + __releases(&keyring->sem) +- __releases(&keyring_serialise_link_sem) ++ __releases(&keyring_serialise_link_lock) + { + BUG_ON(index_key->type == NULL); + kenter("%d,%s,", keyring->serial, index_key->type->name); + + if (index_key->type == &key_type_keyring) +- up_write(&keyring_serialise_link_sem); ++ mutex_unlock(&keyring_serialise_link_lock); + + if (edit) { + if (!edit->dead_leaf) { + diff --git a/patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch b/patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch new file mode 100644 index 0000000..f23406e --- /dev/null +++ b/patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch @@ -0,0 +1,173 @@ +From 24cba457a9c8768c8979199db782588da6aca4ec Mon Sep 17 00:00:00 2001 +From: Petr Pavlu +Date: Wed, 22 Mar 2023 10:31:37 +0100 +Subject: [PATCH] keys: Fix linking a duplicate key to a keyring's assoc_array +Patch-mainline: Submitted, https://lore.kernel.org/keyrings/20230323130412.32097-1-petr.pavlu@suse.com/ +References: bsc#1207088 + +When making a DNS query inside the kernel using dns_query(), the request +code can in rare cases end up creating a duplicate index key in the +assoc_array of the destination keyring. It is eventually found by +a BUG_ON() check in the assoc_array implementation and results in +a crash. + +Example report: +[2158499.700025] kernel BUG at ../lib/assoc_array.c:652! +[2158499.700039] invalid opcode: 0000 [#1] SMP PTI +[2158499.700065] CPU: 3 PID: 31985 Comm: kworker/3:1 Kdump: loaded Not tainted 5.3.18-150300.59.90-default #1 SLE15-SP3 +[2158499.700096] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 +[2158499.700351] Workqueue: cifsiod cifs_resolve_server [cifs] +[2158499.700380] RIP: 0010:assoc_array_insert+0x85f/0xa40 +[2158499.700401] Code: ff 74 2b 48 8b 3b 49 8b 45 18 4c 89 e6 48 83 e7 fe e8 95 ec 74 00 3b 45 88 7d db 85 c0 79 d4 0f 0b 0f 0b 0f 0b e8 41 f2 be ff <0f> 0b 0f 0b 81 7d 88 ff ff ff 7f 4c 89 eb 4c 8b ad 58 ff ff ff 0f +[2158499.700448] RSP: 0018:ffffc0bd6187faf0 EFLAGS: 00010282 +[2158499.700470] RAX: ffff9f1ea7da2fe8 RBX: ffff9f1ea7da2fc1 RCX: 0000000000000005 +[2158499.700492] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 +[2158499.700515] RBP: ffffc0bd6187fbb0 R08: ffff9f185faf1100 R09: 0000000000000000 +[2158499.700538] R10: ffff9f1ea7da2cc0 R11: 000000005ed8cec8 R12: ffffc0bd6187fc28 +[2158499.700561] R13: ffff9f15feb8d000 R14: ffff9f1ea7da2fc0 R15: ffff9f168dc0d740 +[2158499.700585] FS: 0000000000000000(0000) GS:ffff9f185fac0000(0000) knlGS:0000000000000000 +[2158499.700610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[2158499.700630] CR2: 00007fdd94fca238 CR3: 0000000809d8c006 CR4: 00000000003706e0 +[2158499.700702] Call Trace: +[2158499.700741] ? key_alloc+0x447/0x4b0 +[2158499.700768] ? __key_link_begin+0x43/0xa0 +[2158499.700790] __key_link_begin+0x43/0xa0 +[2158499.700814] request_key_and_link+0x2c7/0x730 +[2158499.700847] ? dns_resolver_read+0x20/0x20 [dns_resolver] +[2158499.700873] ? key_default_cmp+0x20/0x20 +[2158499.700898] request_key_tag+0x43/0xa0 +[2158499.700926] dns_query+0x114/0x2ca [dns_resolver] +[2158499.701127] dns_resolve_server_name_to_ip+0x194/0x310 [cifs] +[2158499.701164] ? scnprintf+0x49/0x90 +[2158499.701190] ? __switch_to_asm+0x40/0x70 +[2158499.701211] ? __switch_to_asm+0x34/0x70 +[2158499.701405] reconn_set_ipaddr_from_hostname+0x81/0x2a0 [cifs] +[2158499.701603] cifs_resolve_server+0x4b/0xd0 [cifs] +[2158499.701632] process_one_work+0x1f8/0x3e0 +[2158499.701658] worker_thread+0x2d/0x3f0 +[2158499.701682] ? process_one_work+0x3e0/0x3e0 +[2158499.701703] kthread+0x10d/0x130 +[2158499.701723] ? kthread_park+0xb0/0xb0 +[2158499.701746] ret_from_fork+0x1f/0x40 + +The situation occurs as follows: +* Some kernel facility invokes dns_query() to resolve a hostname, for + example, "abcdef". The function registers its global DNS resolver + cache as current->cred.thread_keyring and passes the query to + request_key_net() -> request_key_tag() -> request_key_and_link(). +* Function request_key_and_link() creates a keyring_search_context + object. Its match_data.cmp method gets set via a call to + type->match_preparse() (resolves to dns_resolver_match_preparse()) to + dns_resolver_cmp(). +* Function request_key_and_link() continues and invokes + search_process_keyrings_rcu() which returns that a given key was not + found. The control is then passed to request_key_and_link() -> + construct_alloc_key(). +* Concurrently to that, a second task similarly makes a DNS query for + "abcdef." and its result gets inserted into the DNS resolver cache. +* Back on the first task, function construct_alloc_key() first runs + __key_link_begin() to determine an assoc_array_edit operation to + insert a new key. Index keys in the array are compared exactly as-is, + using keyring_compare_object(). The operation finds that "abcdef" is + not yet present in the destination keyring. +* Function construct_alloc_key() continues and checks if a given key is + already present on some keyring by again calling + search_process_keyrings_rcu(). This search is done using + dns_resolver_cmp() and "abcdef" gets matched with now present key + "abcdef.". +* The found key is linked on the destination keyring by calling + __key_link() and using the previously calculated assoc_array_edit + operation. This inserts the "abcdef." key in the array but creates + a duplicity because the same index key is already present. + +Fix the problem by postponing __key_link_begin() in +construct_alloc_key() until an actual key which should be linked into +the destination keyring is determined. + +Signed-off-by: Petr Pavlu +--- + security/keys/request_key.c | 35 ++++++++++++++++++++++++----------- + 1 file changed, 24 insertions(+), 11 deletions(-) + +diff --git a/security/keys/request_key.c b/security/keys/request_key.c +index 2da4404276f0..04eb7e4cedad 100644 +--- a/security/keys/request_key.c ++++ b/security/keys/request_key.c +@@ -398,17 +398,21 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); + + if (dest_keyring) { +- ret = __key_link_lock(dest_keyring, &ctx->index_key); ++ ret = __key_link_lock(dest_keyring, &key->index_key); + if (ret < 0) + goto link_lock_failed; +- ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit); +- if (ret < 0) +- goto link_prealloc_failed; + } + +- /* attach the key to the destination keyring under lock, but we do need ++ /* ++ * Attach the key to the destination keyring under lock, but we do need + * to do another check just in case someone beat us to it whilst we +- * waited for locks */ ++ * waited for locks. ++ * ++ * The caller might specify a comparison function which looks for keys ++ * that do not exactly match but are still equivalent from the caller's ++ * perspective. The __key_link_begin() operation must be done only after ++ * an actual key is determined. ++ */ + mutex_lock(&key_construction_mutex); + + key_ref = search_process_keyrings(ctx); +@@ -417,12 +421,16 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + if (!IS_ERR(key_ref)) + goto key_already_present; + +- if (dest_keyring) ++ if (dest_keyring) { ++ ret = __key_link_begin(dest_keyring, &key->index_key, &edit); ++ if (ret < 0) ++ goto link_alloc_failed; + __key_link(key, &edit); ++ } + + mutex_unlock(&key_construction_mutex); + if (dest_keyring) +- __key_link_end(dest_keyring, &ctx->index_key, edit); ++ __key_link_end(dest_keyring, &key->index_key, edit); + mutex_unlock(&user->cons_lock); + *_key = key; + kleave(" = 0 [%d]", key_serial(key)); +@@ -435,10 +443,13 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + mutex_unlock(&key_construction_mutex); + key = key_ref_to_ptr(key_ref); + if (dest_keyring) { ++ ret = __key_link_begin(dest_keyring, &key->index_key, &edit); ++ if (ret < 0) ++ goto link_alloc_failed_unlocked; + ret = __key_link_check_live_key(dest_keyring, key); + if (ret == 0) + __key_link(key, &edit); +- __key_link_end(dest_keyring, &ctx->index_key, edit); ++ __key_link_end(dest_keyring, &key->index_key, edit); + if (ret < 0) + goto link_check_failed; + } +@@ -453,8 +464,10 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + kleave(" = %d [linkcheck]", ret); + return ret; + +-link_prealloc_failed: +- __key_link_end(dest_keyring, &ctx->index_key, edit); ++link_alloc_failed: ++ mutex_unlock(&key_construction_mutex); ++link_alloc_failed_unlocked: ++ __key_link_end(dest_keyring, &key->index_key, edit); + link_lock_failed: + mutex_unlock(&user->cons_lock); + key_put(key); +-- +2.35.3 + diff --git a/patches.suse/keys-Hoist-locking-out-of-__key_link_begin.patch b/patches.suse/keys-Hoist-locking-out-of-__key_link_begin.patch new file mode 100644 index 0000000..1cca813 --- /dev/null +++ b/patches.suse/keys-Hoist-locking-out-of-__key_link_begin.patch @@ -0,0 +1,298 @@ +From: David Howells +Date: Thu, 30 May 2019 11:37:39 +0100 +Subject: keys: Hoist locking out of __key_link_begin() +Git-commit: df593ee23e05cdda16c8c995e5818779431bb29f +Patch-mainline: v5.3-rc1 +References: bsc#1207088 + +Hoist the locking of out of __key_link_begin() and into its callers. This +is necessary to allow the upcoming key_move() operation to correctly order +taking of the source keyring semaphore, the destination keyring semaphore +and the keyring serialisation lock. + +Signed-off-by: David Howells +Acked-by: Petr Pavlu +--- + security/keys/internal.h | 2 ++ + security/keys/key.c | 27 ++++++++++++---- + security/keys/keyring.c | 78 +++++++++++++++++++++++++++------------------ + security/keys/request_key.c | 7 +++- + 4 files changed, 76 insertions(+), 38 deletions(-) + +diff --git a/security/keys/internal.h b/security/keys/internal.h +index 8f533c81aa8d..25cdd0cbdc06 100644 +--- a/security/keys/internal.h ++++ b/security/keys/internal.h +@@ -93,6 +93,8 @@ extern wait_queue_head_t request_key_conswq; + extern struct key_type *key_type_lookup(const char *type); + extern void key_type_put(struct key_type *ktype); + ++extern int __key_link_lock(struct key *keyring, ++ const struct keyring_index_key *index_key); + extern int __key_link_begin(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit **_edit); +diff --git a/security/keys/key.c b/security/keys/key.c +index 696f1c092c50..bba71acec886 100644 +--- a/security/keys/key.c ++++ b/security/keys/key.c +@@ -500,7 +500,7 @@ int key_instantiate_and_link(struct key *key, + struct key *authkey) + { + struct key_preparsed_payload prep; +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + int ret; + + memset(&prep, 0, sizeof(prep)); +@@ -515,10 +515,14 @@ int key_instantiate_and_link(struct key *key, + } + + if (keyring) { +- ret = __key_link_begin(keyring, &key->index_key, &edit); ++ ret = __key_link_lock(keyring, &key->index_key); + if (ret < 0) + goto error; + ++ ret = __key_link_begin(keyring, &key->index_key, &edit); ++ if (ret < 0) ++ goto error_link_end; ++ + if (keyring->restrict_link && keyring->restrict_link->check) { + struct key_restriction *keyres = keyring->restrict_link; + +@@ -570,7 +574,7 @@ int key_reject_and_link(struct key *key, + struct key *keyring, + struct key *authkey) + { +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + struct timespec now; + int ret, awaken, link_ret = 0; + +@@ -583,7 +587,12 @@ int key_reject_and_link(struct key *key, + if (keyring->restrict_link) + return -EPERM; + +- link_ret = __key_link_begin(keyring, &key->index_key, &edit); ++ link_ret = __key_link_lock(keyring, &key->index_key); ++ if (link_ret == 0) { ++ link_ret = __key_link_begin(keyring, &key->index_key, &edit); ++ if (link_ret < 0) ++ __key_link_end(keyring, &key->index_key, edit); ++ } + } + + mutex_lock(&key_construction_mutex); +@@ -810,7 +819,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, + .description = description, + }; + struct key_preparsed_payload prep; +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + const struct cred *cred = current_cred(); + struct key *keyring, *key = NULL; + key_ref_t key_ref; +@@ -860,12 +869,18 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, + } + index_key.desc_len = strlen(index_key.description); + +- ret = __key_link_begin(keyring, &index_key, &edit); ++ ret = __key_link_lock(keyring, &index_key); + if (ret < 0) { + key_ref = ERR_PTR(ret); + goto error_free_prep; + } + ++ ret = __key_link_begin(keyring, &index_key, &edit); ++ if (ret < 0) { ++ key_ref = ERR_PTR(ret); ++ goto error_link_end; ++ } ++ + if (restrict_link && restrict_link->check) { + ret = restrict_link->check(keyring, index_key.type, + &prep.payload, restrict_link->key); +diff --git a/security/keys/keyring.c b/security/keys/keyring.c +index 6990c7761eaa..12acad3db6cf 100644 +--- a/security/keys/keyring.c ++++ b/security/keys/keyring.c +@@ -1199,14 +1199,34 @@ static int keyring_detect_cycle(struct key *A, struct key *B) + return PTR_ERR(ctx.result) == -EAGAIN ? 0 : PTR_ERR(ctx.result); + } + ++/* ++ * Lock keyring for link. ++ */ ++int __key_link_lock(struct key *keyring, ++ const struct keyring_index_key *index_key) ++ __acquires(&keyring->sem) ++ __acquires(&keyring_serialise_link_lock) ++{ ++ if (keyring->type != &key_type_keyring) ++ return -ENOTDIR; ++ ++ down_write(&keyring->sem); ++ ++ /* Serialise link/link calls to prevent parallel calls causing a cycle ++ * when linking two keyring in opposite orders. ++ */ ++ if (index_key->type == &key_type_keyring) ++ mutex_lock(&keyring_serialise_link_lock); ++ ++ return 0; ++} ++ + /* + * Preallocate memory so that a key can be linked into to a keyring. + */ + int __key_link_begin(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit **_edit) +- __acquires(&keyring->sem) +- __acquires(&keyring_serialise_link_lock) + { + struct assoc_array_edit *edit; + int ret; +@@ -1215,20 +1235,13 @@ int __key_link_begin(struct key *keyring, + keyring->serial, index_key->type->name, index_key->description); + + BUG_ON(index_key->desc_len == 0); ++ BUG_ON(*_edit != NULL); + +- if (keyring->type != &key_type_keyring) +- return -ENOTDIR; +- +- down_write(&keyring->sem); ++ *_edit = NULL; + + ret = -EKEYREVOKED; + if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) +- goto error_krsem; +- +- /* serialise link/link calls to prevent parallel calls causing a cycle +- * when linking two keyring in opposite orders */ +- if (index_key->type == &key_type_keyring) +- mutex_lock(&keyring_serialise_link_lock); ++ goto error; + + /* Create an edit script that will insert/replace the key in the + * keyring tree. +@@ -1239,7 +1252,7 @@ int __key_link_begin(struct key *keyring, + NULL); + if (IS_ERR(edit)) { + ret = PTR_ERR(edit); +- goto error_sem; ++ goto error; + } + + /* If we're not replacing a link in-place then we're going to need some +@@ -1258,11 +1271,7 @@ int __key_link_begin(struct key *keyring, + + error_cancel: + assoc_array_cancel_edit(edit); +-error_sem: +- if (index_key->type == &key_type_keyring) +- mutex_unlock(&keyring_serialise_link_lock); +-error_krsem: +- up_write(&keyring->sem); ++error: + kleave(" = %d", ret); + return ret; + } +@@ -1312,9 +1321,6 @@ void __key_link_end(struct key *keyring, + BUG_ON(index_key->type == NULL); + kenter("%d,%s,", keyring->serial, index_key->type->name); + +- if (index_key->type == &key_type_keyring) +- mutex_unlock(&keyring_serialise_link_lock); +- + if (edit) { + if (!edit->dead_leaf) { + key_payload_reserve(keyring, +@@ -1323,6 +1329,9 @@ void __key_link_end(struct key *keyring, + assoc_array_cancel_edit(edit); + } + up_write(&keyring->sem); ++ ++ if (index_key->type == &key_type_keyring) ++ mutex_unlock(&keyring_serialise_link_lock); + } + + /* +@@ -1358,7 +1367,7 @@ static int __key_link_check_restriction(struct key *keyring, struct key *key) + */ + int key_link(struct key *keyring, struct key *key) + { +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + int ret; + + kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage)); +@@ -1366,17 +1375,24 @@ int key_link(struct key *keyring, struct key *key) + key_check(keyring); + key_check(key); + ++ ret = __key_link_lock(keyring, &key->index_key); ++ if (ret < 0) ++ goto error; ++ + ret = __key_link_begin(keyring, &key->index_key, &edit); +- if (ret == 0) { +- kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage)); +- ret = __key_link_check_restriction(keyring, key); +- if (ret == 0) +- ret = __key_link_check_live_key(keyring, key); +- if (ret == 0) +- __key_link(key, &edit); +- __key_link_end(keyring, &key->index_key, edit); +- } ++ if (ret < 0) ++ goto error_end; ++ ++ kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage)); ++ ret = __key_link_check_restriction(keyring, key); ++ if (ret == 0) ++ ret = __key_link_check_live_key(keyring, key); ++ if (ret == 0) ++ __key_link(key, &edit); + ++error_end: ++ __key_link_end(keyring, &key->index_key, edit); ++error: + kleave(" = %d {%d,%d}", ret, keyring->serial, refcount_read(&keyring->usage)); + return ret; + } +diff --git a/security/keys/request_key.c b/security/keys/request_key.c +index 1f234b019437..857da65e1940 100644 +--- a/security/keys/request_key.c ++++ b/security/keys/request_key.c +@@ -343,7 +343,7 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + struct key_user *user, + struct key **_key) + { +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + struct key *key; + key_perm_t perm; + key_ref_t key_ref; +@@ -372,6 +372,9 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); + + if (dest_keyring) { ++ ret = __key_link_lock(dest_keyring, &ctx->index_key); ++ if (ret < 0) ++ goto link_lock_failed; + ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit); + if (ret < 0) + goto link_prealloc_failed; +@@ -423,6 +426,8 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + return ret; + + link_prealloc_failed: ++ __key_link_end(dest_keyring, &ctx->index_key, edit); ++link_lock_failed: + mutex_unlock(&user->cons_lock); + key_put(key); + kleave(" = %d [prelink]", ret); + diff --git a/patches.suse/nvme-pci-fix-doorbell-buffer-value-endianness.patch b/patches.suse/nvme-pci-fix-doorbell-buffer-value-endianness.patch new file mode 100644 index 0000000..75f5c09 --- /dev/null +++ b/patches.suse/nvme-pci-fix-doorbell-buffer-value-endianness.patch @@ -0,0 +1,93 @@ +From: Klaus Jensen +Date: Tue, 13 Dec 2022 09:58:07 +0100 +Subject: nvme-pci: fix doorbell buffer value endianness +Patch-mainline: v6.2-rc2 +Git-commit: b5f96cb719d8ba220b565ddd3ba4ac0d8bcfb130 +References: git-fixes + +When using shadow doorbells, the event index and the doorbell values are +written to host memory. Prior to this patch, the values written would +erroneously be written in host endianness. This causes trouble on +big-endian platforms. Fix this by adding missing endian conversions. + +This issue was noticed by Guenter while testing various big-endian +platforms under QEMU[1]. A similar fix required for hw/nvme in QEMU is +up for review as well[2]. + + [1]: https://lore.kernel.org/qemu-devel/20221209110022.GA3396194@roeck-us.net/ + [2]: https://lore.kernel.org/qemu-devel/20221212114409.34972-4-its@irrelevant.dk/ + +Fixes: f9f38e33389c ("nvme: improve performance for virtual NVMe devices") +Reported-by: Guenter Roeck +Signed-off-by: Klaus Jensen +Signed-off-by: Christoph Hellwig +Acked-by: Daniel Wagner +--- + drivers/nvme/host/pci.c | 25 +++++++++++++------------ + 1 file changed, 13 insertions(+), 12 deletions(-) + +--- a/drivers/nvme/host/pci.c ++++ b/drivers/nvme/host/pci.c +@@ -110,9 +110,9 @@ struct nvme_dev { + mempool_t *iod_mempool; + + /* shadow doorbell buffer support: */ +- u32 *dbbuf_dbs; ++ __le32 *dbbuf_dbs; + dma_addr_t dbbuf_dbs_dma_addr; +- u32 *dbbuf_eis; ++ __le32 *dbbuf_eis; + dma_addr_t dbbuf_eis_dma_addr; + + /* host memory buffer support: */ +@@ -172,10 +172,10 @@ struct nvme_queue { + u16 last_cq_head; + u16 qid; + u8 cq_phase; +- u32 *dbbuf_sq_db; +- u32 *dbbuf_cq_db; +- u32 *dbbuf_sq_ei; +- u32 *dbbuf_cq_ei; ++ __le32 *dbbuf_sq_db; ++ __le32 *dbbuf_cq_db; ++ __le32 *dbbuf_sq_ei; ++ __le32 *dbbuf_cq_ei; + }; + + /* +@@ -301,11 +301,11 @@ static inline int nvme_dbbuf_need_event( + } + + /* Update dbbuf and return true if an MMIO is required */ +-static bool nvme_dbbuf_update_and_check_event(u16 value, u32 *dbbuf_db, +- volatile u32 *dbbuf_ei) ++static bool nvme_dbbuf_update_and_check_event(u16 value, __le32 *dbbuf_db, ++ volatile __le32 *dbbuf_ei) + { + if (dbbuf_db) { +- u16 old_value; ++ u16 old_value, event_idx; + + /* + * Ensure that the queue is written before updating +@@ -313,8 +313,8 @@ static bool nvme_dbbuf_update_and_check_ + */ + wmb(); + +- old_value = *dbbuf_db; +- *dbbuf_db = value; ++ old_value = le32_to_cpu(*dbbuf_db); ++ *dbbuf_db = cpu_to_le32(value); + + /* + * Ensure that the doorbell is updated before reading the event +@@ -324,7 +324,8 @@ static bool nvme_dbbuf_update_and_check_ + */ + mb(); + +- if (!nvme_dbbuf_need_event(*dbbuf_ei, value, old_value)) ++ event_idx = le32_to_cpu(*dbbuf_ei); ++ if (!nvme_dbbuf_need_event(event_idx, value, old_value)) + return false; + } + diff --git a/patches.suse/nvme-retain-split-access-workaround-for-capability-r.patch b/patches.suse/nvme-retain-split-access-workaround-for-capability-r.patch new file mode 100644 index 0000000..24fcd68 --- /dev/null +++ b/patches.suse/nvme-retain-split-access-workaround-for-capability-r.patch @@ -0,0 +1,50 @@ +From: Ard Biesheuvel +Date: Thu, 3 Oct 2019 13:57:29 +0200 +Subject: nvme: retain split access workaround for capability reads +Patch-mainline: v5.4-rc4 +Git-commit: 3a8ecc935efabdad106b5e06d07b150c394b4465 +References: git-fixes + +Commit 7fd8930f26be4 + + "nvme: add a common helper to read Identify Controller data" + +has re-introduced an issue that we have attempted to work around in the +past, in commit a310acd7a7ea ("NVMe: use split lo_hi_{read,write}q"). + +The problem is that some PCIe NVMe controllers do not implement 64-bit +outbound accesses correctly, which is why the commit above switched +to using lo_hi_[read|write]q for all 64-bit BAR accesses occuring in +the code. + +In the mean time, the NVMe subsystem has been refactored, and now calls +into the PCIe support layer for NVMe via a .reg_read64() method, which +fails to use lo_hi_readq(), and thus reintroduces the problem that the +workaround above aimed to address. + +Given that, at the moment, .reg_read64() is only used to read the +capability register [which is known to tolerate split reads], let's +switch .reg_read64() to lo_hi_readq() as well. + +This fixes a boot issue on some ARM boxes with NVMe behind a Synopsys +DesignWare PCIe host controller. + +Fixes: 7fd8930f26be4 ("nvme: add a common helper to read Identify Controller data") +Signed-off-by: Ard Biesheuvel +Signed-off-by: Sagi Grimberg +Acked-by: Daniel Wagner +--- + drivers/nvme/host/pci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/nvme/host/pci.c ++++ b/drivers/nvme/host/pci.c +@@ -2381,7 +2381,7 @@ static int nvme_pci_reg_write32(struct n + + static int nvme_pci_reg_read64(struct nvme_ctrl *ctrl, u32 off, u64 *val) + { +- *val = readq(to_nvme_dev(ctrl)->bar + off); ++ *val = lo_hi_readq(to_nvme_dev(ctrl)->bar + off); + return 0; + } + diff --git a/patches.suse/scsi-qla2xxx-Fix-memory-leak-in-qla2x00_probe_one.patch b/patches.suse/scsi-qla2xxx-Fix-memory-leak-in-qla2x00_probe_one.patch new file mode 100644 index 0000000..122c664 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-memory-leak-in-qla2x00_probe_one.patch @@ -0,0 +1,51 @@ +From: Li Zetao +Date: Sat, 25 Mar 2023 11:00:04 +0000 +Subject: scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() +Patch-mainline: v6.3-rc6 +Git-commit: 85ade4010e13ef152ea925c74d94253db92e5428 +References: git-fixes + +There is a memory leak reported by kmemleak: + + unreferenced object 0xffffc900003f0000 (size 12288): + comm "modprobe", pid 19117, jiffies 4299751452 (age 42490.264s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [<00000000629261a8>] __vmalloc_node_range+0xe56/0x1110 + [<0000000001906886>] __vmalloc_node+0xbd/0x150 + [<000000005bb4dc34>] vmalloc+0x25/0x30 + [<00000000a2dc1194>] qla2x00_create_host+0x7a0/0xe30 [qla2xxx] + [<0000000062b14b47>] qla2x00_probe_one+0x2eb8/0xd160 [qla2xxx] + [<00000000641ccc04>] local_pci_probe+0xeb/0x1a0 + +The root cause is traced to an error-handling path in qla2x00_probe_one() +when the adapter "base_vha" initialize failed. The fab_scan_rp "scan.l" is +used to record the port information and it is allocated in +qla2x00_create_host(). However, it is not released in the error handling +path "probe_failed". + +Fix this by freeing the memory of "scan.l" when an error occurs in the +adapter initialization process. + +Fixes: a4239945b8ad ("scsi: qla2xxx: Add switch command to simplify fabric discovery") +Signed-off-by: Li Zetao +Link: https://lore.kernel.org/r/20230325110004.363898-1-lizetao1@huawei.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_os.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -3624,6 +3624,7 @@ qla2x00_probe_one(struct pci_dev *pdev, + probe_failed: + qla_enode_stop(base_vha); + qla_edb_stop(base_vha); ++ vfree(base_vha->scan.l); + if (base_vha->gnl.l) { + dma_free_coherent(&ha->pdev->dev, base_vha->gnl.size, + base_vha->gnl.l, base_vha->gnl.ldma); diff --git a/patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-.patch b/patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-.patch new file mode 100644 index 0000000..9f0dfbb --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-.patch @@ -0,0 +1,76 @@ +From: Nilesh Javali +Date: Sun, 12 Mar 2023 21:37:10 -0700 +Subject: scsi: qla2xxx: Perform lockless command completion in abort path +Patch-mainline: v6.3-rc4 +Git-commit: 0367076b0817d5c75dfb83001ce7ce5c64d803a9 +References: git-fixes + +While adding and removing the controller, the following call trace was +observed: + +WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 +CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1 +RIP: 0010:dma_free_attrs+0x33/0x50 + +Call Trace: + qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] + qla2x00_abort_srb+0x8e/0x250 [qla2xxx] + ? ql_dbg+0x70/0x100 [qla2xxx] + __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx] + qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx] + qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx] + qla2x00_remove_one+0x364/0x400 [qla2xxx] + pci_device_remove+0x36/0xa0 + __device_release_driver+0x17a/0x230 + device_release_driver+0x24/0x30 + pci_stop_bus_device+0x68/0x90 + pci_stop_and_remove_bus_device_locked+0x16/0x30 + remove_store+0x75/0x90 + kernfs_fop_write_iter+0x11c/0x1b0 + new_sync_write+0x11f/0x1b0 + vfs_write+0x1eb/0x280 + ksys_write+0x5f/0xe0 + do_syscall_64+0x5c/0x80 + ? do_user_addr_fault+0x1d8/0x680 + ? do_syscall_64+0x69/0x80 + ? exc_page_fault+0x62/0x140 + ? asm_exc_page_fault+0x8/0x30 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +The command was completed in the abort path during driver unload with a +lock held, causing the warning in abort path. Hence complete the command +without any lock held. + +Reported-by: Lin Li +Tested-by: Lin Li +Cc: stable@vger.kernel.org +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20230313043711.13500-2-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Reviewed-by: John Meneghini +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_os.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -1885,6 +1885,17 @@ static void + for (cnt = 1; cnt < req->num_outstanding_cmds; cnt++) { + sp = req->outstanding_cmds[cnt]; + if (sp) { ++ /* ++ * perform lockless completion during driver unload ++ */ ++ if (qla2x00_chip_is_down(vha)) { ++ req->outstanding_cmds[cnt] = NULL; ++ spin_unlock_irqrestore(qp->qp_lock_ptr, flags); ++ sp->done(sp, res); ++ spin_lock_irqsave(qp->qp_lock_ptr, flags); ++ continue; ++ } ++ + switch (sp->cmd_type) { + case TYPE_SRB: + qla2x00_abort_srb(qp, sp, res, &flags); diff --git a/series.conf b/series.conf index c8210ce..5f4e34e 100644 --- a/series.conf +++ b/series.conf @@ -50882,6 +50882,8 @@ patches.suse/perf-x86-intel-uncore-Cosmetic-renames-in-response-t.patch patches.suse/perf-x86-intel-rapl-Cosmetic-rename-internal-variabl.patch patches.suse/tpm-Fix-TPM-1.2-Shutdown-sequence-to-prevent-future-.patch + patches.suse/keys-Change-keyring_serialise_link_sem-to-a-mutex.patch + patches.suse/keys-Hoist-locking-out-of-__key_link_begin.patch patches.suse/crypto-ccp-AES-CFB-mode-is-a-stream-cipher.patch patches.suse/crypto-ccp-fix-AES-CFB-error-exposed-by-new-test-vec.patch patches.suse/crypto-ccp-Fix-3DES-complaint-from-ccp-crypto-module.patch @@ -53272,6 +53274,7 @@ patches.suse/ceph-just-skip-unrecognized-info-in-ceph_reply_info_extra.patch patches.suse/filldir-remove-WARN_ON_ONCE-for-bad-directory-entries.patch patches.suse/0001-md-raid0-fix-warning-message-for-parameter-default_l.patch + patches.suse/nvme-retain-split-access-workaround-for-capability-r.patch patches.suse/nvme-Restart-request-timers-in-resetting-state.patch patches.suse/drivers-base-memory.c-don-t-access-uninitialized-mem.patch patches.suse/ocfs2-fix-panic-due-to-ocfs2_wq-is-null.patch @@ -63142,6 +63145,7 @@ patches.suse/powerpc-pseries-eeh-use-correct-API-for-error-log-si.patch patches.suse/nfsd-under-NFSv4.1-fix-double-svc_xprt_put-on-rpc_cr.patch patches.suse/scsi-qla2xxx-Fix-crash-when-I-O-abort-times-out.patch + patches.suse/nvme-pci-fix-doorbell-buffer-value-endianness.patch patches.suse/arm64-Discard-.note.GNU-stack-section.patch patches.suse/nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upc.patch patches.suse/x86-bugs-Flush-IBP-in-ib_prctl_set.patch @@ -63227,6 +63231,7 @@ patches.suse/hwmon-xgene-Fix-use-after-free-bug-in-xgene_hwmon_remove-d.patch patches.suse/ring-buffer-remove-obsolete-comment-for-free_buffer_page.patch patches.suse/tracing-hwlat-Replace-sched_setaffinity-with-set_cpus_allowed_ptr.patch + patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-.patch patches.suse/scsi-qla2xxx-Synchronize-the-IOCB-count-to-be-in-ord.patch patches.suse/net-usb-smsc95xx-Limit-packet-length-to-skb-len.patch patches.suse/net-usb-lan78xx-Limit-packet-length-to-skb-len.patch @@ -63236,6 +63241,7 @@ patches.suse/NFSv4-Fix-hangs-when-recovering-open-state-after-a-s.patch patches.suse/ring-buffer-Fix-race-while-reader-and-writer-are-on-the-same-page.patch patches.suse/ftrace-Mark-get_lock_parent_ip-__always_inline.patch + patches.suse/scsi-qla2xxx-Fix-memory-leak-in-qla2x00_probe_one.patch patches.suse/cgroup-cpuset-Wake-up-cpuset_attach_wq-tasks-in-cpuset_cancel_attach.patch patches.suse/cifs-fix-negotiate-context-parsing.patch patches.suse/powerpc-papr_scm-Update-the-NUMA-distance-table-for-.patch @@ -63269,6 +63275,7 @@ patches.suse/net-tipc-validate-domain-record-count-on-input.patch patches.suse/netfilter-nf_conntrack_irc-Tighten-matching-on-DCC-m.patch patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch + patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch ######################################################## # end of sorted patches