Merge remote-tracking branch 'origin/f27' into f27-user-thl-vanilla-fedora

27 files changed, 118 insertions, 310 deletions

diff --git a/0001-platform-x86-peaq-wmi-Add-DMI-check-before-binding-t.patch b/0001-platform-x86-peaq-wmi-Add-DMI-check-before-binding-t.patch
new file mode 100644
index 000000000..e8376331d
--- /dev/null
+++ b/0001-platform-x86-peaq-wmi-Add-DMI-check-before-binding-t.patch
@@ -0,0 +1,71 @@
+From 0e9df6a74f9573409e5a2fbe29c1389188280bfc Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Thu, 5 Oct 2017 16:02:33 +0200
+Subject: [PATCH] platform/x86: peaq-wmi: Add DMI check before binding to the
+ WMI interface
+
+It seems that the WMI GUID used by the PEAQ 2-in-1 WMI hotkeys is not
+as unique as a GUID should be and is used on some other devices too.
+
+This is causing spurious key-press reports on these other devices.
+
+This commits adds a DMI check to the PEAQ 2-in-1 WMI hotkeys driver to
+ensure that it is actually running on a PEAQ 2-in-1, fixing the
+spurious key-presses on these other devices.
+
+BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1497861
+BugLink: https://bugzilla.suse.com/attachment.cgi?id=743182
+Cc: stable@vger.kernel.org
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ drivers/platform/x86/peaq-wmi.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/drivers/platform/x86/peaq-wmi.c b/drivers/platform/x86/peaq-wmi.c
+index bc98ef95514a..67fa3fa32011 100644
+--- a/drivers/platform/x86/peaq-wmi.c
++++ b/drivers/platform/x86/peaq-wmi.c
+@@ -8,6 +8,7 @@
+  */
+ 
+ #include <linux/acpi.h>
++#include <linux/dmi.h>
+ #include <linux/input-polldev.h>
+ #include <linux/kernel.h>
+ #include <linux/module.h>
+@@ -64,8 +65,22 @@ static void peaq_wmi_poll(struct input_polled_dev *dev)
+ 	}
+ }
+ 
++/* Some other devices (Shuttle XS35) use the same WMI GUID for other purposes */
++static const struct dmi_system_id peaq_dmi_table[] = {
++	{
++		.matches = {
++			DMI_MATCH(DMI_SYS_VENDOR, "PEAQ"),
++			DMI_MATCH(DMI_PRODUCT_NAME, "PEAQ PMM C1010 MD99187"),
++		},
++	},
++};
++
+ static int __init peaq_wmi_init(void)
+ {
++	/* WMI GUID is not unique, also check for a DMI match */
++	if (!dmi_check_system(peaq_dmi_table))
++		return -ENODEV;
++
+ 	if (!wmi_has_guid(PEAQ_DOLBY_BUTTON_GUID))
+ 		return -ENODEV;
+ 
+@@ -86,6 +101,9 @@ static int __init peaq_wmi_init(void)
+ 
+ static void __exit peaq_wmi_exit(void)
+ {
++	if (!dmi_check_system(peaq_dmi_table))
++		return;
++
+ 	if (!wmi_has_guid(PEAQ_DOLBY_BUTTON_GUID))
+ 		return;
+ 
+-- 
+2.14.2
+
diff --git a/KEYS-prevent-KEYCTL_READ-on-negative-key.patch b/KEYS-prevent-KEYCTL_READ-on-negative-key.patch
deleted file mode 100644
index d80176e66..000000000
--- a/KEYS-prevent-KEYCTL_READ-on-negative-key.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From patchwork Mon Sep 18 18:37:23 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: KEYS: prevent KEYCTL_READ on negative key
-From: Eric Biggers <ebiggers3@gmail.com>
-X-Patchwork-Id: 9957387
-Message-Id: <20170918183723.114253-1-ebiggers3@gmail.com>
-To: keyrings@vger.kernel.org
-Cc: David Howells <dhowells@redhat.com>, Michael Halcrow <mhalcrow@google.com>,
- linux-security-module@vger.kernel.org,
- linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@google.com>,
- stable@vger.kernel.org
-Date: Mon, 18 Sep 2017 11:37:23 -0700
-
-From: Eric Biggers <ebiggers@google.com>
-
-Because keyctl_read_key() looks up the key with no permissions
-requested, it may find a negatively instantiated key.  If the key is
-also possessed, we went ahead and called ->read() on the key.  But the
-key payload will actually contain the ->reject_error rather than the
-normal payload.  Thus, the kernel oopses trying to read the
-user_key_payload from memory address (int)-ENOKEY = 0x00000000ffffff82.
-
-Fortunately the payload data is stored inline, so it shouldn't be
-possible to abuse this as an arbitrary memory read primitive...
-
-Reproducer:
-    keyctl new_session
-    keyctl request2 user desc '' @s
-    keyctl read $(keyctl show | awk '/user: desc/ {print $1}')
-
-It causes a crash like the following:
-     BUG: unable to handle kernel paging request at 00000000ffffff92
-     IP: user_read+0x33/0xa0
-     PGD 36a54067 P4D 36a54067 PUD 0
-     Oops: 0000 [#1] SMP
-     CPU: 0 PID: 211 Comm: keyctl Not tainted 4.14.0-rc1 #337
-     Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
-     task: ffff90aa3b74c3c0 task.stack: ffff9878c0478000
-     RIP: 0010:user_read+0x33/0xa0
-     RSP: 0018:ffff9878c047bee8 EFLAGS: 00010246
-     RAX: 0000000000000001 RBX: ffff90aa3d7da340 RCX: 0000000000000017
-     RDX: 0000000000000000 RSI: 00000000ffffff82 RDI: ffff90aa3d7da340
-     RBP: ffff9878c047bf00 R08: 00000024f95da94f R09: 0000000000000000
-     R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
-     R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
-     FS:  00007f58ece69740(0000) GS:ffff90aa3e200000(0000) knlGS:0000000000000000
-     CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-     CR2: 00000000ffffff92 CR3: 0000000036adc001 CR4: 00000000003606f0
-     Call Trace:
-      keyctl_read_key+0xac/0xe0
-      SyS_keyctl+0x99/0x120
-      entry_SYSCALL_64_fastpath+0x1f/0xbe
-     RIP: 0033:0x7f58ec787bb9
-     RSP: 002b:00007ffc8d401678 EFLAGS: 00000206 ORIG_RAX: 00000000000000fa
-     RAX: ffffffffffffffda RBX: 00007ffc8d402800 RCX: 00007f58ec787bb9
-     RDX: 0000000000000000 RSI: 00000000174a63ac RDI: 000000000000000b
-     RBP: 0000000000000004 R08: 00007ffc8d402809 R09: 0000000000000020
-     R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffc8d402800
-     R13: 00007ffc8d4016e0 R14: 0000000000000000 R15: 0000000000000000
-     Code: e5 41 55 49 89 f5 41 54 49 89 d4 53 48 89 fb e8 a4 b4 ad ff 85 c0 74 09 80 3d b9 4c 96 00 00 74 43 48 8b b3 20 01 00 00 4d 85 ed <0f> b7 5e 10 74 29 4d 85 e4 74 24 4c 39 e3 4c 89 e2 4c 89 ef 48
-     RIP: user_read+0x33/0xa0 RSP: ffff9878c047bee8
-     CR2: 00000000ffffff92
-
-Fixes: 61ea0c0ba904 ("KEYS: Skip key state checks when checking for possession")
-Cc: <stable@vger.kernel.org>	[v3.13+]
-Signed-off-by: Eric Biggers <ebiggers@google.com>
----
- security/keys/keyctl.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
-index ab0b337c84b4..6a82090c7fc1 100644
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -766,6 +766,11 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
- 
- 	key = key_ref_to_ptr(key_ref);
- 
-+	if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
-+		ret = -ENOKEY;
-+		goto error2;
-+	}
-+
- 	/* see if we can read it directly */
- 	ret = key_permission(key_ref, KEY_NEED_READ);
- 	if (ret == 0)
diff --git a/baseconfig/CONFIG_CRYPTO_GCM b/baseconfig/CONFIG_CRYPTO_GCM
index 0cb7edc79..8b509be56 100644
--- a/baseconfig/CONFIG_CRYPTO_GCM
+++ b/baseconfig/CONFIG_CRYPTO_GCM
@@ -1 +1 @@
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
diff --git a/baseconfig/CONFIG_CRYPTO_GHASH b/baseconfig/CONFIG_CRYPTO_GHASH
index b94cd971d..2104f2f02 100644
--- a/baseconfig/CONFIG_CRYPTO_GHASH
+++ b/baseconfig/CONFIG_CRYPTO_GHASH
@@ -1 +1 @@
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config
index 0b67e4f6d..c12a5be0b 100644
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@@ -1010,11 +1010,11 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
 CONFIG_CRYPTO_GHASH_ARM64_CE=m
 CONFIG_CRYPTO_GHASH_ARM_CE=m
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index 60b736513..975087e0c 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -1009,11 +1009,11 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
 CONFIG_CRYPTO_GHASH_ARM64_CE=m
 CONFIG_CRYPTO_GHASH_ARM_CE=m
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config
index 472881e5b..432dd7734 100644
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@@ -1064,10 +1064,10 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
 CONFIG_CRYPTO_GHASH_ARM_CE=m
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config
index 63db6ead7..bd5134b5a 100644
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@@ -1012,10 +1012,10 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
 CONFIG_CRYPTO_GHASH_ARM_CE=m
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config
index b7fbbb78f..1e93c9195 100644
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@@ -1010,10 +1010,10 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
 CONFIG_CRYPTO_GHASH_ARM_CE=m
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index 304cbb7dc..bdb41cc97 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -1062,10 +1062,10 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
 CONFIG_CRYPTO_GHASH_ARM_CE=m
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config
index 857341b84..3e923e8d6 100644
--- a/kernel-i686-PAE.config
+++ b/kernel-i686-PAE.config
@@ -870,9 +870,9 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config
index e300a78b8..dc0d0f59a 100644
--- a/kernel-i686-PAEdebug.config
+++ b/kernel-i686-PAEdebug.config
@@ -872,9 +872,9 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config
index 7cba83e63..3dc57b37c 100644
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@@ -872,9 +872,9 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-i686.config b/kernel-i686.config
index 716993137..96c697ea6 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -870,9 +870,9 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config
index 86745699d..60528f85b 100644
--- a/kernel-ppc64-debug.config
+++ b/kernel-ppc64-debug.config
@@ -852,9 +852,9 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-ppc64.config b/kernel-ppc64.config
index ba4c699be..58e03fd12 100644
--- a/kernel-ppc64.config
+++ b/kernel-ppc64.config
@@ -850,9 +850,9 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index d00d68bda..4818e1809 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -806,9 +806,9 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index e33adfbfa..72e713014 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -804,9 +804,9 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index 36d04c269..c3a96b666 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -797,10 +797,10 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
 CONFIG_CRYPTO_GHASH_S390=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-s390x.config b/kernel-s390x.config
index 4685bc0c5..a76883031 100644
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@@ -795,10 +795,10 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
-CONFIG_CRYPTO_GHASH=m
 CONFIG_CRYPTO_GHASH_S390=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 5fa587c8d..f4b826b28 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -896,10 +896,10 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index 0dcddee27..5d3f82fb1 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -894,10 +894,10 @@ CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_ECHAINIV=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_FIPS=y
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_GF128MUL=y
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KEYWRAP=m
diff --git a/kernel.spec b/kernel.spec
index 5f5c44d0a..aca25c2f7 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -672,12 +672,6 @@ Patch617: Fix-for-module-sig-verification.patch
 # rhbz 1485086
 Patch619: pci-mark-amd-stoney-gpu-ats-as-broken.patch
 
-# CVE-2017-12154 rhbz 1491224 1491231
-Patch620: kvm-nVMX-Don-t-allow-L2-to-access-the-hardware-CR8.patch
-
-# CVE-2017-12153 rhbz 1491046 1491057
-Patch621: nl80211-check-for-the-required-netlink-attributes-presence.patch
-
 # Should fix our QXL issues
 Patch622: qxl-fixes.patch
 
@@ -685,14 +679,14 @@ Patch622: qxl-fixes.patch
 Patch623: HID-rmi-Make-sure-the-HID-device-is-opened-on-resume.patch
 Patch624: input-rmi4-remove-the-need-for-artifical-IRQ.patch
 
-# rhbz 1493435 1493436
-Patch625: KEYS-prevent-KEYCTL_READ-on-negative-key.patch
-
 # rhbz 1432684
 Patch626: 1-3-net-set-tb--fast_sk_family.patch
 Patch627: 2-3-net-use-inet6_rcv_saddr-to-compare-sockets.patch
 Patch628: 3-3-inet-fix-improper-empty-comparison.patch
 
+# rhbz 1497861
+Patch629: 0001-platform-x86-peaq-wmi-Add-DMI-check-before-binding-t.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2250,6 +2244,11 @@ fi
 #
 #
 %changelog
+* Thu Oct 05 2017 Laura Abbott <labbott@fedoraproject.org> - 4.13.5-300
+- Linux v4.13.5
+- Fix for peaq_wmi nul spew (rhbz 1497861)
+- Fixes CVE-2017-14954 (rhbz 1497745 1497747)
+
 * Thu Sep 28 2017 Laura Abbott <labbott@redhat.com> - 4.13.4-300
 - Linux v4.13.4
 
diff --git a/kvm-nVMX-Don-t-allow-L2-to-access-the-hardware-CR8.patch b/kvm-nVMX-Don-t-allow-L2-to-access-the-hardware-CR8.patch
deleted file mode 100644
index 978401257..000000000
--- a/kvm-nVMX-Don-t-allow-L2-to-access-the-hardware-CR8.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From patchwork Tue Sep 12 20:02:54 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: kvm: nVMX: Don't allow L2 to access the hardware CR8
-From: Jim Mattson <jmattson@google.com>
-X-Patchwork-Id: 9950035
-Message-Id: <20170912200254.111560-1-jmattson@google.com>
-To: kvm@vger.kernel.org, P J P <ppandit@redhat.com>,
- Paolo Bonzini <pbonzini@redhat.com>
-Cc: Jim Mattson <jmattson@google.com>
-Date: Tue, 12 Sep 2017 13:02:54 -0700
-
-If L1 does not specify the "use TPR shadow" VM-execution control in
-vmcs12, then L0 must specify the "CR8-load exiting" and "CR8-store
-exiting" VM-execution controls in vmcs02. Failure to do so will give
-the L2 VM unrestricted read/write access to the hardware CR8.
-
-This fixes CVE-2017-12154.
-
-Signed-off-by: Jim Mattson <jmattson@google.com>
----
- arch/x86/kvm/vmx.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index c6efc1f88b25..885b7eed4320 100644
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -10525,6 +10525,11 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
- 	if (exec_control & CPU_BASED_TPR_SHADOW) {
- 		vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, -1ull);
- 		vmcs_write32(TPR_THRESHOLD, vmcs12->tpr_threshold);
-+	} else {
-+#ifdef CONFIG_X86_64
-+		exec_control |= CPU_BASED_CR8_LOAD_EXITING |
-+				CPU_BASED_CR8_STORE_EXITING;
-+#endif
- 	}
- 
- 	/*
diff --git a/nl80211-check-for-the-required-netlink-attributes-presence.patch b/nl80211-check-for-the-required-netlink-attributes-presence.patch
deleted file mode 100644
index 3b52fae87..000000000
--- a/nl80211-check-for-the-required-netlink-attributes-presence.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From patchwork Tue Sep 12 22:21:21 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: nl80211: check for the required netlink attributes presence
-From: Vladis Dronov <vdronov@redhat.com>
-X-Patchwork-Id: 9950281
-Message-Id: <20170912222121.5032-1-vdronov@redhat.com>
-To: Johannes Berg <johannes.berg@intel.com>,
- Johannes Berg <johannes@sipsolutions.net>,
- linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org
-Cc: Vladis Dronov <vdronov@redhat.com>, "# v3 . 1-rc1" <stable@vger.kernel.org>
-Date: Wed, 13 Sep 2017 00:21:21 +0200
-
-nl80211_set_rekey_data() does not check if the required attributes
-NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing
-NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by
-users with CAP_NET_ADMIN privilege and may result in NULL dereference
-and a system crash. Add a check for the required attributes presence.
-This patch is based on the patch by bo Zhang.
-
-This fixes CVE-2017-12153.
-
-References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046
-Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload")
-Cc: <stable@vger.kernel.org> # v3.1-rc1
-Reported-by: bo Zhang <zhangbo5891001@gmail.com>
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- net/wireless/nl80211.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
-index 0df8023..fbd5593 100644
---- a/net/wireless/nl80211.c
-+++ b/net/wireless/nl80211.c
-@@ -10903,6 +10903,9 @@ static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
- 	if (err)
- 		return err;
- 
-+	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
-+	    !tb[NL80211_REKEY_DATA_KCK])
-+		return -EINVAL;
- 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
- 		return -ERANGE;
- 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
diff --git a/qxl-fixes.patch b/qxl-fixes.patch
index 0b39c6f01..c8bd4b9fb 100644
--- a/qxl-fixes.patch
+++ b/qxl-fixes.patch
@@ -1,90 +1,3 @@
-From c463b4ad6b2ac5a40c959e6c636eafc7edb1a63b Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 6 Sep 2017 11:31:51 +0200
-Subject: qxl: fix primary surface handling
-
-The atomic conversion of the qxl driver didn't got the primary surface
-handling completely right.  It works in the common simple cases, but
-fails for example when changing the display resolution using xrandr or
-in multihead setups.
-
-The rules are simple:  There is one primary surface.  Before defining a
-new one you have to destroy the old one.
-
-This patch makes qxl_primary_atomic_update() destroy the primary surface
-before defining a new one.  It fixes is_primary flag updates.  It adds
-is_primary checks so we don't try to update the primary surface in case
-it already has the state we want it being in.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- drivers/gpu/drm/qxl/qxl_display.c | 34 +++++++++++++++++++---------------
- 1 file changed, 19 insertions(+), 15 deletions(-)
-
-diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c
-index 03fe182..7babdd8f 100644
---- a/drivers/gpu/drm/qxl/qxl_display.c
-+++ b/drivers/gpu/drm/qxl/qxl_display.c
-@@ -512,23 +512,25 @@ static void qxl_primary_atomic_update(struct drm_plane *plane,
- 	    .y2 = qfb->base.height
- 	};
- 
--	if (!old_state->fb) {
--		qxl_io_log(qdev,
--			   "create primary fb: %dx%d,%d,%d\n",
--			   bo->surf.width, bo->surf.height,
--			   bo->surf.stride, bo->surf.format);
-+	if (old_state->fb) {
-+		qfb_old = to_qxl_framebuffer(old_state->fb);
-+		bo_old = gem_to_qxl_bo(qfb_old->obj);
-+	} else {
-+		bo_old = NULL;
-+	}
- 
--		qxl_io_create_primary(qdev, 0, bo);
--		bo->is_primary = true;
-+	if (bo == bo_old)
- 		return;
- 
--	} else {
--		qfb_old = to_qxl_framebuffer(old_state->fb);
--		bo_old = gem_to_qxl_bo(qfb_old->obj);
-+	if (bo_old && bo_old->is_primary) {
-+		qxl_io_destroy_primary(qdev);
- 		bo_old->is_primary = false;
- 	}
- 
--	bo->is_primary = true;
-+	if (!bo->is_primary) {
-+		qxl_io_create_primary(qdev, 0, bo);
-+		bo->is_primary = true;
-+	}
- 	qxl_draw_dirty_fb(qdev, qfb, bo, 0, 0, &norect, 1, 1);
- }
- 
-@@ -537,13 +539,15 @@ static void qxl_primary_atomic_disable(struct drm_plane *plane,
- {
- 	struct qxl_device *qdev = plane->dev->dev_private;
- 
--	if (old_state->fb)
--	{	struct qxl_framebuffer *qfb =
-+	if (old_state->fb) {
-+		struct qxl_framebuffer *qfb =
- 			to_qxl_framebuffer(old_state->fb);
- 		struct qxl_bo *bo = gem_to_qxl_bo(qfb->obj);
- 
--		qxl_io_destroy_primary(qdev);
--		bo->is_primary = false;
-+		if (bo->is_primary) {
-+			qxl_io_destroy_primary(qdev);
-+			bo->is_primary = false;
-+		}
- 	}
- }
- 
--- 
-cgit v0.12
-
 From 05026e6e19b29104ddba4e8979e6c7af17944695 Mon Sep 17 00:00:00 2001
 From: Gerd Hoffmann <kraxel@redhat.com>
 Date: Fri, 15 Sep 2017 12:46:15 +0200
diff --git a/sources b/sources
index 51a0f6eb9..fedd63a3b 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 SHA512 (linux-4.13.tar.xz) = a557c2f0303ae618910b7106ff63d9978afddf470f03cb72aa748213e099a0ecd5f3119aea6cbd7b61df30ca6ef3ec57044d524b7babbaabddf8b08b8bafa7d2
 SHA512 (perf-man-4.13.tar.gz) = 9bcc2cd8e56ec583ed2d8e0b0c88e7a94035a1915e40b3177bb02d6c0f10ddd4df9b097b1f5af59efc624226b613e240ddba8ddc2156f3682f992d5455fc5c03
-SHA512 (patch-4.13.4.xz) = 37aa8add92ae23b627c166b878b6d8191b75c2aca3a2eb2d7ae4f55262644731ab51a3ee171186fc0b011c6c8e537686377c3e73e8928797323b0a958eeb4b6b
+SHA512 (patch-4.13.5.xz) = de55b07e52e88e3bc5af54c619933a81f535393f20712f38000bffa77ded22c7a16e70e43c28daf576bcc6cd3ad39387b8e1f430e3d22222f572113d2345df48