From f520f04563fbb287f45438268c23ba9a59054f69 Mon Sep 17 00:00:00 2001 From: Denis Kirjanov Date: Apr 28 2023 15:58:37 +0000 Subject: Merge branch 'users/ppavlu/SLE12-SP5/for-next' into SLE12-SP5 Pull keys fixes from Petr Pavlu --- diff --git a/patches.suse/keys-Change-keyring_serialise_link_sem-to-a-mutex.patch b/patches.suse/keys-Change-keyring_serialise_link_sem-to-a-mutex.patch new file mode 100644 index 0000000..faaa7e8 --- /dev/null +++ b/patches.suse/keys-Change-keyring_serialise_link_sem-to-a-mutex.patch @@ -0,0 +1,73 @@ +From: David Howells +Date: Thu, 30 May 2019 11:40:24 +0100 +Subject: keys: Change keyring_serialise_link_sem to a mutex +Git-commit: 3be59f74512e37f4d4243a5d0831970e2a009206 +Patch-mainline: v5.3-rc1 +References: bsc#1207088 + +Change keyring_serialise_link_sem to a mutex as it's only ever +write-locked. + +Signed-off-by: David Howells +Acked-by: Petr Pavlu +--- + security/keys/keyring.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/security/keys/keyring.c b/security/keys/keyring.c +index 5b218b270598..ca6694ba1773 100644 +--- a/security/keys/keyring.c ++++ b/security/keys/keyring.c +@@ -100,7 +100,7 @@ EXPORT_SYMBOL(key_type_keyring); + * Semaphore to serialise link/link calls to prevent two link calls in parallel + * introducing a cycle. + */ +-static DECLARE_RWSEM(keyring_serialise_link_sem); ++static DEFINE_MUTEX(keyring_serialise_link_lock); + + /* + * Publish the name of a keyring so that it can be found by name (if it has +@@ -1206,7 +1206,7 @@ int __key_link_begin(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit **_edit) + __acquires(&keyring->sem) +- __acquires(&keyring_serialise_link_sem) ++ __acquires(&keyring_serialise_link_lock) + { + struct assoc_array_edit *edit; + int ret; +@@ -1228,7 +1228,7 @@ int __key_link_begin(struct key *keyring, + /* serialise link/link calls to prevent parallel calls causing a cycle + * when linking two keyring in opposite orders */ + if (index_key->type == &key_type_keyring) +- down_write(&keyring_serialise_link_sem); ++ mutex_lock(&keyring_serialise_link_lock); + + /* Create an edit script that will insert/replace the key in the + * keyring tree. +@@ -1260,7 +1260,7 @@ int __key_link_begin(struct key *keyring, + assoc_array_cancel_edit(edit); + error_sem: + if (index_key->type == &key_type_keyring) +- up_write(&keyring_serialise_link_sem); ++ mutex_unlock(&keyring_serialise_link_lock); + error_krsem: + up_write(&keyring->sem); + kleave(" = %d", ret); +@@ -1307,13 +1307,13 @@ void __key_link_end(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit *edit) + __releases(&keyring->sem) +- __releases(&keyring_serialise_link_sem) ++ __releases(&keyring_serialise_link_lock) + { + BUG_ON(index_key->type == NULL); + kenter("%d,%s,", keyring->serial, index_key->type->name); + + if (index_key->type == &key_type_keyring) +- up_write(&keyring_serialise_link_sem); ++ mutex_unlock(&keyring_serialise_link_lock); + + if (edit) { + if (!edit->dead_leaf) { + diff --git a/patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch b/patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch new file mode 100644 index 0000000..f23406e --- /dev/null +++ b/patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch @@ -0,0 +1,173 @@ +From 24cba457a9c8768c8979199db782588da6aca4ec Mon Sep 17 00:00:00 2001 +From: Petr Pavlu +Date: Wed, 22 Mar 2023 10:31:37 +0100 +Subject: [PATCH] keys: Fix linking a duplicate key to a keyring's assoc_array +Patch-mainline: Submitted, https://lore.kernel.org/keyrings/20230323130412.32097-1-petr.pavlu@suse.com/ +References: bsc#1207088 + +When making a DNS query inside the kernel using dns_query(), the request +code can in rare cases end up creating a duplicate index key in the +assoc_array of the destination keyring. It is eventually found by +a BUG_ON() check in the assoc_array implementation and results in +a crash. + +Example report: +[2158499.700025] kernel BUG at ../lib/assoc_array.c:652! +[2158499.700039] invalid opcode: 0000 [#1] SMP PTI +[2158499.700065] CPU: 3 PID: 31985 Comm: kworker/3:1 Kdump: loaded Not tainted 5.3.18-150300.59.90-default #1 SLE15-SP3 +[2158499.700096] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 +[2158499.700351] Workqueue: cifsiod cifs_resolve_server [cifs] +[2158499.700380] RIP: 0010:assoc_array_insert+0x85f/0xa40 +[2158499.700401] Code: ff 74 2b 48 8b 3b 49 8b 45 18 4c 89 e6 48 83 e7 fe e8 95 ec 74 00 3b 45 88 7d db 85 c0 79 d4 0f 0b 0f 0b 0f 0b e8 41 f2 be ff <0f> 0b 0f 0b 81 7d 88 ff ff ff 7f 4c 89 eb 4c 8b ad 58 ff ff ff 0f +[2158499.700448] RSP: 0018:ffffc0bd6187faf0 EFLAGS: 00010282 +[2158499.700470] RAX: ffff9f1ea7da2fe8 RBX: ffff9f1ea7da2fc1 RCX: 0000000000000005 +[2158499.700492] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 +[2158499.700515] RBP: ffffc0bd6187fbb0 R08: ffff9f185faf1100 R09: 0000000000000000 +[2158499.700538] R10: ffff9f1ea7da2cc0 R11: 000000005ed8cec8 R12: ffffc0bd6187fc28 +[2158499.700561] R13: ffff9f15feb8d000 R14: ffff9f1ea7da2fc0 R15: ffff9f168dc0d740 +[2158499.700585] FS: 0000000000000000(0000) GS:ffff9f185fac0000(0000) knlGS:0000000000000000 +[2158499.700610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[2158499.700630] CR2: 00007fdd94fca238 CR3: 0000000809d8c006 CR4: 00000000003706e0 +[2158499.700702] Call Trace: +[2158499.700741] ? key_alloc+0x447/0x4b0 +[2158499.700768] ? __key_link_begin+0x43/0xa0 +[2158499.700790] __key_link_begin+0x43/0xa0 +[2158499.700814] request_key_and_link+0x2c7/0x730 +[2158499.700847] ? dns_resolver_read+0x20/0x20 [dns_resolver] +[2158499.700873] ? key_default_cmp+0x20/0x20 +[2158499.700898] request_key_tag+0x43/0xa0 +[2158499.700926] dns_query+0x114/0x2ca [dns_resolver] +[2158499.701127] dns_resolve_server_name_to_ip+0x194/0x310 [cifs] +[2158499.701164] ? scnprintf+0x49/0x90 +[2158499.701190] ? __switch_to_asm+0x40/0x70 +[2158499.701211] ? __switch_to_asm+0x34/0x70 +[2158499.701405] reconn_set_ipaddr_from_hostname+0x81/0x2a0 [cifs] +[2158499.701603] cifs_resolve_server+0x4b/0xd0 [cifs] +[2158499.701632] process_one_work+0x1f8/0x3e0 +[2158499.701658] worker_thread+0x2d/0x3f0 +[2158499.701682] ? process_one_work+0x3e0/0x3e0 +[2158499.701703] kthread+0x10d/0x130 +[2158499.701723] ? kthread_park+0xb0/0xb0 +[2158499.701746] ret_from_fork+0x1f/0x40 + +The situation occurs as follows: +* Some kernel facility invokes dns_query() to resolve a hostname, for + example, "abcdef". The function registers its global DNS resolver + cache as current->cred.thread_keyring and passes the query to + request_key_net() -> request_key_tag() -> request_key_and_link(). +* Function request_key_and_link() creates a keyring_search_context + object. Its match_data.cmp method gets set via a call to + type->match_preparse() (resolves to dns_resolver_match_preparse()) to + dns_resolver_cmp(). +* Function request_key_and_link() continues and invokes + search_process_keyrings_rcu() which returns that a given key was not + found. The control is then passed to request_key_and_link() -> + construct_alloc_key(). +* Concurrently to that, a second task similarly makes a DNS query for + "abcdef." and its result gets inserted into the DNS resolver cache. +* Back on the first task, function construct_alloc_key() first runs + __key_link_begin() to determine an assoc_array_edit operation to + insert a new key. Index keys in the array are compared exactly as-is, + using keyring_compare_object(). The operation finds that "abcdef" is + not yet present in the destination keyring. +* Function construct_alloc_key() continues and checks if a given key is + already present on some keyring by again calling + search_process_keyrings_rcu(). This search is done using + dns_resolver_cmp() and "abcdef" gets matched with now present key + "abcdef.". +* The found key is linked on the destination keyring by calling + __key_link() and using the previously calculated assoc_array_edit + operation. This inserts the "abcdef." key in the array but creates + a duplicity because the same index key is already present. + +Fix the problem by postponing __key_link_begin() in +construct_alloc_key() until an actual key which should be linked into +the destination keyring is determined. + +Signed-off-by: Petr Pavlu +--- + security/keys/request_key.c | 35 ++++++++++++++++++++++++----------- + 1 file changed, 24 insertions(+), 11 deletions(-) + +diff --git a/security/keys/request_key.c b/security/keys/request_key.c +index 2da4404276f0..04eb7e4cedad 100644 +--- a/security/keys/request_key.c ++++ b/security/keys/request_key.c +@@ -398,17 +398,21 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); + + if (dest_keyring) { +- ret = __key_link_lock(dest_keyring, &ctx->index_key); ++ ret = __key_link_lock(dest_keyring, &key->index_key); + if (ret < 0) + goto link_lock_failed; +- ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit); +- if (ret < 0) +- goto link_prealloc_failed; + } + +- /* attach the key to the destination keyring under lock, but we do need ++ /* ++ * Attach the key to the destination keyring under lock, but we do need + * to do another check just in case someone beat us to it whilst we +- * waited for locks */ ++ * waited for locks. ++ * ++ * The caller might specify a comparison function which looks for keys ++ * that do not exactly match but are still equivalent from the caller's ++ * perspective. The __key_link_begin() operation must be done only after ++ * an actual key is determined. ++ */ + mutex_lock(&key_construction_mutex); + + key_ref = search_process_keyrings(ctx); +@@ -417,12 +421,16 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + if (!IS_ERR(key_ref)) + goto key_already_present; + +- if (dest_keyring) ++ if (dest_keyring) { ++ ret = __key_link_begin(dest_keyring, &key->index_key, &edit); ++ if (ret < 0) ++ goto link_alloc_failed; + __key_link(key, &edit); ++ } + + mutex_unlock(&key_construction_mutex); + if (dest_keyring) +- __key_link_end(dest_keyring, &ctx->index_key, edit); ++ __key_link_end(dest_keyring, &key->index_key, edit); + mutex_unlock(&user->cons_lock); + *_key = key; + kleave(" = 0 [%d]", key_serial(key)); +@@ -435,10 +443,13 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + mutex_unlock(&key_construction_mutex); + key = key_ref_to_ptr(key_ref); + if (dest_keyring) { ++ ret = __key_link_begin(dest_keyring, &key->index_key, &edit); ++ if (ret < 0) ++ goto link_alloc_failed_unlocked; + ret = __key_link_check_live_key(dest_keyring, key); + if (ret == 0) + __key_link(key, &edit); +- __key_link_end(dest_keyring, &ctx->index_key, edit); ++ __key_link_end(dest_keyring, &key->index_key, edit); + if (ret < 0) + goto link_check_failed; + } +@@ -453,8 +464,10 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + kleave(" = %d [linkcheck]", ret); + return ret; + +-link_prealloc_failed: +- __key_link_end(dest_keyring, &ctx->index_key, edit); ++link_alloc_failed: ++ mutex_unlock(&key_construction_mutex); ++link_alloc_failed_unlocked: ++ __key_link_end(dest_keyring, &key->index_key, edit); + link_lock_failed: + mutex_unlock(&user->cons_lock); + key_put(key); +-- +2.35.3 + diff --git a/patches.suse/keys-Hoist-locking-out-of-__key_link_begin.patch b/patches.suse/keys-Hoist-locking-out-of-__key_link_begin.patch new file mode 100644 index 0000000..1cca813 --- /dev/null +++ b/patches.suse/keys-Hoist-locking-out-of-__key_link_begin.patch @@ -0,0 +1,298 @@ +From: David Howells +Date: Thu, 30 May 2019 11:37:39 +0100 +Subject: keys: Hoist locking out of __key_link_begin() +Git-commit: df593ee23e05cdda16c8c995e5818779431bb29f +Patch-mainline: v5.3-rc1 +References: bsc#1207088 + +Hoist the locking of out of __key_link_begin() and into its callers. This +is necessary to allow the upcoming key_move() operation to correctly order +taking of the source keyring semaphore, the destination keyring semaphore +and the keyring serialisation lock. + +Signed-off-by: David Howells +Acked-by: Petr Pavlu +--- + security/keys/internal.h | 2 ++ + security/keys/key.c | 27 ++++++++++++---- + security/keys/keyring.c | 78 +++++++++++++++++++++++++++------------------ + security/keys/request_key.c | 7 +++- + 4 files changed, 76 insertions(+), 38 deletions(-) + +diff --git a/security/keys/internal.h b/security/keys/internal.h +index 8f533c81aa8d..25cdd0cbdc06 100644 +--- a/security/keys/internal.h ++++ b/security/keys/internal.h +@@ -93,6 +93,8 @@ extern wait_queue_head_t request_key_conswq; + extern struct key_type *key_type_lookup(const char *type); + extern void key_type_put(struct key_type *ktype); + ++extern int __key_link_lock(struct key *keyring, ++ const struct keyring_index_key *index_key); + extern int __key_link_begin(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit **_edit); +diff --git a/security/keys/key.c b/security/keys/key.c +index 696f1c092c50..bba71acec886 100644 +--- a/security/keys/key.c ++++ b/security/keys/key.c +@@ -500,7 +500,7 @@ int key_instantiate_and_link(struct key *key, + struct key *authkey) + { + struct key_preparsed_payload prep; +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + int ret; + + memset(&prep, 0, sizeof(prep)); +@@ -515,10 +515,14 @@ int key_instantiate_and_link(struct key *key, + } + + if (keyring) { +- ret = __key_link_begin(keyring, &key->index_key, &edit); ++ ret = __key_link_lock(keyring, &key->index_key); + if (ret < 0) + goto error; + ++ ret = __key_link_begin(keyring, &key->index_key, &edit); ++ if (ret < 0) ++ goto error_link_end; ++ + if (keyring->restrict_link && keyring->restrict_link->check) { + struct key_restriction *keyres = keyring->restrict_link; + +@@ -570,7 +574,7 @@ int key_reject_and_link(struct key *key, + struct key *keyring, + struct key *authkey) + { +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + struct timespec now; + int ret, awaken, link_ret = 0; + +@@ -583,7 +587,12 @@ int key_reject_and_link(struct key *key, + if (keyring->restrict_link) + return -EPERM; + +- link_ret = __key_link_begin(keyring, &key->index_key, &edit); ++ link_ret = __key_link_lock(keyring, &key->index_key); ++ if (link_ret == 0) { ++ link_ret = __key_link_begin(keyring, &key->index_key, &edit); ++ if (link_ret < 0) ++ __key_link_end(keyring, &key->index_key, edit); ++ } + } + + mutex_lock(&key_construction_mutex); +@@ -810,7 +819,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, + .description = description, + }; + struct key_preparsed_payload prep; +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + const struct cred *cred = current_cred(); + struct key *keyring, *key = NULL; + key_ref_t key_ref; +@@ -860,12 +869,18 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, + } + index_key.desc_len = strlen(index_key.description); + +- ret = __key_link_begin(keyring, &index_key, &edit); ++ ret = __key_link_lock(keyring, &index_key); + if (ret < 0) { + key_ref = ERR_PTR(ret); + goto error_free_prep; + } + ++ ret = __key_link_begin(keyring, &index_key, &edit); ++ if (ret < 0) { ++ key_ref = ERR_PTR(ret); ++ goto error_link_end; ++ } ++ + if (restrict_link && restrict_link->check) { + ret = restrict_link->check(keyring, index_key.type, + &prep.payload, restrict_link->key); +diff --git a/security/keys/keyring.c b/security/keys/keyring.c +index 6990c7761eaa..12acad3db6cf 100644 +--- a/security/keys/keyring.c ++++ b/security/keys/keyring.c +@@ -1199,14 +1199,34 @@ static int keyring_detect_cycle(struct key *A, struct key *B) + return PTR_ERR(ctx.result) == -EAGAIN ? 0 : PTR_ERR(ctx.result); + } + ++/* ++ * Lock keyring for link. ++ */ ++int __key_link_lock(struct key *keyring, ++ const struct keyring_index_key *index_key) ++ __acquires(&keyring->sem) ++ __acquires(&keyring_serialise_link_lock) ++{ ++ if (keyring->type != &key_type_keyring) ++ return -ENOTDIR; ++ ++ down_write(&keyring->sem); ++ ++ /* Serialise link/link calls to prevent parallel calls causing a cycle ++ * when linking two keyring in opposite orders. ++ */ ++ if (index_key->type == &key_type_keyring) ++ mutex_lock(&keyring_serialise_link_lock); ++ ++ return 0; ++} ++ + /* + * Preallocate memory so that a key can be linked into to a keyring. + */ + int __key_link_begin(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit **_edit) +- __acquires(&keyring->sem) +- __acquires(&keyring_serialise_link_lock) + { + struct assoc_array_edit *edit; + int ret; +@@ -1215,20 +1235,13 @@ int __key_link_begin(struct key *keyring, + keyring->serial, index_key->type->name, index_key->description); + + BUG_ON(index_key->desc_len == 0); ++ BUG_ON(*_edit != NULL); + +- if (keyring->type != &key_type_keyring) +- return -ENOTDIR; +- +- down_write(&keyring->sem); ++ *_edit = NULL; + + ret = -EKEYREVOKED; + if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) +- goto error_krsem; +- +- /* serialise link/link calls to prevent parallel calls causing a cycle +- * when linking two keyring in opposite orders */ +- if (index_key->type == &key_type_keyring) +- mutex_lock(&keyring_serialise_link_lock); ++ goto error; + + /* Create an edit script that will insert/replace the key in the + * keyring tree. +@@ -1239,7 +1252,7 @@ int __key_link_begin(struct key *keyring, + NULL); + if (IS_ERR(edit)) { + ret = PTR_ERR(edit); +- goto error_sem; ++ goto error; + } + + /* If we're not replacing a link in-place then we're going to need some +@@ -1258,11 +1271,7 @@ int __key_link_begin(struct key *keyring, + + error_cancel: + assoc_array_cancel_edit(edit); +-error_sem: +- if (index_key->type == &key_type_keyring) +- mutex_unlock(&keyring_serialise_link_lock); +-error_krsem: +- up_write(&keyring->sem); ++error: + kleave(" = %d", ret); + return ret; + } +@@ -1312,9 +1321,6 @@ void __key_link_end(struct key *keyring, + BUG_ON(index_key->type == NULL); + kenter("%d,%s,", keyring->serial, index_key->type->name); + +- if (index_key->type == &key_type_keyring) +- mutex_unlock(&keyring_serialise_link_lock); +- + if (edit) { + if (!edit->dead_leaf) { + key_payload_reserve(keyring, +@@ -1323,6 +1329,9 @@ void __key_link_end(struct key *keyring, + assoc_array_cancel_edit(edit); + } + up_write(&keyring->sem); ++ ++ if (index_key->type == &key_type_keyring) ++ mutex_unlock(&keyring_serialise_link_lock); + } + + /* +@@ -1358,7 +1367,7 @@ static int __key_link_check_restriction(struct key *keyring, struct key *key) + */ + int key_link(struct key *keyring, struct key *key) + { +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + int ret; + + kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage)); +@@ -1366,17 +1375,24 @@ int key_link(struct key *keyring, struct key *key) + key_check(keyring); + key_check(key); + ++ ret = __key_link_lock(keyring, &key->index_key); ++ if (ret < 0) ++ goto error; ++ + ret = __key_link_begin(keyring, &key->index_key, &edit); +- if (ret == 0) { +- kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage)); +- ret = __key_link_check_restriction(keyring, key); +- if (ret == 0) +- ret = __key_link_check_live_key(keyring, key); +- if (ret == 0) +- __key_link(key, &edit); +- __key_link_end(keyring, &key->index_key, edit); +- } ++ if (ret < 0) ++ goto error_end; ++ ++ kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage)); ++ ret = __key_link_check_restriction(keyring, key); ++ if (ret == 0) ++ ret = __key_link_check_live_key(keyring, key); ++ if (ret == 0) ++ __key_link(key, &edit); + ++error_end: ++ __key_link_end(keyring, &key->index_key, edit); ++error: + kleave(" = %d {%d,%d}", ret, keyring->serial, refcount_read(&keyring->usage)); + return ret; + } +diff --git a/security/keys/request_key.c b/security/keys/request_key.c +index 1f234b019437..857da65e1940 100644 +--- a/security/keys/request_key.c ++++ b/security/keys/request_key.c +@@ -343,7 +343,7 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + struct key_user *user, + struct key **_key) + { +- struct assoc_array_edit *edit; ++ struct assoc_array_edit *edit = NULL; + struct key *key; + key_perm_t perm; + key_ref_t key_ref; +@@ -372,6 +372,9 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); + + if (dest_keyring) { ++ ret = __key_link_lock(dest_keyring, &ctx->index_key); ++ if (ret < 0) ++ goto link_lock_failed; + ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit); + if (ret < 0) + goto link_prealloc_failed; +@@ -423,6 +426,8 @@ static int construct_alloc_key(struct keyring_search_context *ctx, + return ret; + + link_prealloc_failed: ++ __key_link_end(dest_keyring, &ctx->index_key, edit); ++link_lock_failed: + mutex_unlock(&user->cons_lock); + key_put(key); + kleave(" = %d [prelink]", ret); + diff --git a/series.conf b/series.conf index 8efb9fe..60f2407 100644 --- a/series.conf +++ b/series.conf @@ -50882,6 +50882,8 @@ patches.suse/perf-x86-intel-uncore-Cosmetic-renames-in-response-t.patch patches.suse/perf-x86-intel-rapl-Cosmetic-rename-internal-variabl.patch patches.suse/tpm-Fix-TPM-1.2-Shutdown-sequence-to-prevent-future-.patch + patches.suse/keys-Change-keyring_serialise_link_sem-to-a-mutex.patch + patches.suse/keys-Hoist-locking-out-of-__key_link_begin.patch patches.suse/crypto-ccp-AES-CFB-mode-is-a-stream-cipher.patch patches.suse/crypto-ccp-fix-AES-CFB-error-exposed-by-new-test-vec.patch patches.suse/crypto-ccp-Fix-3DES-complaint-from-ccp-crypto-module.patch @@ -63273,6 +63275,7 @@ patches.suse/net-tipc-validate-domain-record-count-on-input.patch patches.suse/netfilter-nf_conntrack_irc-Tighten-matching-on-DCC-m.patch patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch + patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch ######################################################## # end of sorted patches