25 files changed, 67 insertions, 41 deletions
diff --git a/0001-Revert-debugfs-inode-debugfs_create_dir-uses-mode-pe.patch b/0001-Revert-debugfs-inode-debugfs_create_dir-uses-mode-pe.patch
deleted file mode 100644
index 7297c8bff..000000000
--- a/0001-Revert-debugfs-inode-debugfs_create_dir-uses-mode-pe.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 9c625d3a4eb215369b10b075b2006f9c3035c93f Mon Sep 17 00:00:00 2001
-From: Laura Abbott <labbott@redhat.com>
-Date: Tue, 12 Jun 2018 08:48:18 -0700
-Subject: [PATCH] Revert "debugfs: inode: debugfs_create_dir uses mode
- permission from parent"
-
-This reverts commit 95cde3c59966f6371b6bcd9e4e2da2ba64ee9775.
-
-A custom revert due to secure boot lockdown conflicts.
-
-Signed-off-by: Laura Abbott <labbott@redhat.com>
----
- fs/debugfs/inode.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index e392ca19bdd4..4daec17b8215 100644
---- a/fs/debugfs/inode.c
-+++ b/fs/debugfs/inode.c
-@@ -538,9 +538,7 @@ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
- 	if (unlikely(!inode))
- 		return failed_creating(dentry);
- 
--	if (!parent)
--		parent = debugfs_mount->mnt_root;
--	inode->i_mode = S_IFDIR | ((d_inode(parent)->i_mode & 0770));
-+	inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
- 	inode->i_op = &debugfs_dir_inode_operations;
- 	inode->i_fop = &simple_dir_operations;
- 
--- 
-2.17.0
-
diff --git a/configs/fedora/generic/CONFIG_DM_WRITECACHE b/configs/fedora/generic/CONFIG_DM_WRITECACHE
new file mode 100644
index 000000000..fddeed5b0
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_DM_WRITECACHE
@@ -0,0 +1 @@
+# CONFIG_DM_WRITECACHE is not set
diff --git a/efi-lockdown.patch b/efi-lockdown.patch
index cee6ec7f5..a12721802 100644
--- a/efi-lockdown.patch
+++ b/efi-lockdown.patch
@@ -1737,9 +1737,9 @@ index 13b01351dd1c..4daec17b8215 100644
  	dentry->d_fsdata = (void *)((unsigned long)real_fops |
  				DEBUGFS_FSDATA_IS_REAL_FOPS_BIT);
 @@ -515,7 +541,7 @@ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
- 	if (!parent)
- 		parent = debugfs_mount->mnt_root;
- 	inode->i_mode = S_IFDIR | ((d_inode(parent)->i_mode & 0770));
+ 		return failed_creating(dentry);
+ 
+ 	inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
 -	inode->i_op = &simple_dir_inode_operations;
 +	inode->i_op = &debugfs_dir_inode_operations;
  	inode->i_fop = &simple_dir_operations;
diff --git a/gitrev b/gitrev
index 8f79e552a..aea81c99f 100644
--- a/gitrev
+++ b/gitrev
@@ -1 +1 @@
-8efcf34a263965e471e3999904f94d1f6799d42a
+be779f03d563981c65cc7417cc5e0dbbc5b89d30
diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config
index ffbd66421..adace21bd 100644
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@@ -1356,6 +1356,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index 25c8d1649..abe46bac5 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -1346,6 +1346,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config
index f34e9c1e5..a5c52f219 100644
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@@ -1413,6 +1413,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config
index c81fc9623..c91840295 100644
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@@ -1357,6 +1357,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config
index 135d6d35b..75f9f67f5 100644
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@@ -1347,6 +1347,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index 0bfdb8c8b..63d361ba6 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -1403,6 +1403,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config
index d669d910c..b52536412 100644
--- a/kernel-i686-PAE.config
+++ b/kernel-i686-PAE.config
@@ -1181,6 +1181,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config
index d6ff03e68..81d602b42 100644
--- a/kernel-i686-PAEdebug.config
+++ b/kernel-i686-PAEdebug.config
@@ -1194,6 +1194,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config
index f98911f1d..9bdef8840 100644
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@@ -1194,6 +1194,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-i686.config b/kernel-i686.config
index d7f3bd510..f58803618 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -1181,6 +1181,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config
index e4108e807..4c74f4063 100644
--- a/kernel-ppc64-debug.config
+++ b/kernel-ppc64-debug.config
@@ -1161,6 +1161,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-ppc64.config b/kernel-ppc64.config
index 380293563..7c49fe715 100644
--- a/kernel-ppc64.config
+++ b/kernel-ppc64.config
@@ -1148,6 +1148,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index bc918aa5c..3734c0915 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -1116,6 +1116,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index fc2b38444..e260709c8 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -1103,6 +1103,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index 69b449fa5..c01f7229f 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -1116,6 +1116,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 # CONFIG_DNET is not set
diff --git a/kernel-s390x.config b/kernel-s390x.config
index d4474b15d..e608451bf 100644
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@@ -1103,6 +1103,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 # CONFIG_DNET is not set
diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 4e9040041..cc27a1df6 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -1241,6 +1241,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index b72351703..54372cd10 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -1228,6 +1228,7 @@ CONFIG_DM_UEVENT=y
 CONFIG_DM_UNSTRIPED=m
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY=m
+# CONFIG_DM_WRITECACHE is not set
 CONFIG_DM_ZERO=y
 CONFIG_DM_ZONED=m
 CONFIG_DNET=m
diff --git a/kernel.spec b/kernel.spec
index d56797d16..366cf0e15 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -77,7 +77,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %global rcrev 0
 # The git snapshot level
-%define gitrev 7
+%define gitrev 8
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@@ -618,8 +618,8 @@ Patch501: Fix-for-module-sig-verification.patch
 # rhbz 1431375
 Patch502: input-rmi4-remove-the-need-for-artifical-IRQ.patch
 
-# rhbz 1589855
-Patch503: 0001-Revert-debugfs-inode-debugfs_create_dir-uses-mode-pe.patch
+# rhbz 1470995
+Patch504: kexec-bzimage-verify-pe-signature-fix.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1859,6 +1859,12 @@ fi
 #
 #
 %changelog
+* Wed Jun 13 2018 Laura Abbott <labbott@redhat.com> - 4.18.0-0.rc0.git8.1
+- Linux v4.17-11782-gbe779f03d563
+
+* Wed Jun 13 2018 Jeremy Cline <jeremy@jcline.org>
+- Fix kexec_file_load pefile signature verification (rhbz 1470995)
+
 * Tue Jun 12 2018 Laura Abbott <labbott@redhat.com> - 4.18.0-0.rc0.git7.1
 - Linux v4.17-11346-g8efcf34a2639
 
diff --git a/kexec-bzimage-verify-pe-signature-fix.patch b/kexec-bzimage-verify-pe-signature-fix.patch
new file mode 100644
index 000000000..6c8a51b95
--- /dev/null
+++ b/kexec-bzimage-verify-pe-signature-fix.patch
@@ -0,0 +1,34 @@
+From: Dave Young <dyoung@redhat.com>
+
+Fix kexec_file_load pefile signature verification
+
+Similar with Fix-for-module-sig-verification.patch, kexec_file syscall also
+need pass 1UL to verify_pefile_signature so that secondary keys can be used.
+
+Fedora bug
+https://bugzilla.redhat.com/show_bug.cgi?id=1470995
+
+Latest upstream effort is below:
+https://www.spinics.net/lists/kernel/msg2825184.html
+
+Ideally this need an upstream fix, but since nobody response we can workaround
+it like the module code did.
+
+Signed-off-by: Dave Young <dyoung@redhat.com>
+---
+ arch/x86/kernel/kexec-bzimage64.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- linux-x86.orig/arch/x86/kernel/kexec-bzimage64.c
++++ linux-x86/arch/x86/kernel/kexec-bzimage64.c
+@@ -533,7 +533,7 @@ static int bzImage64_cleanup(void *loade
+ static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
+ {
+ 	return verify_pefile_signature(kernel, kernel_len,
+-				       NULL,
++				       (void *)1UL,
+ 				       VERIFYING_KEXEC_PE_SIGNATURE);
+ }
+ #endif
+-- 
+2.17.0
diff --git a/sources b/sources
index db3631f9e..623041e0b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db
-SHA512 (patch-4.17-git7.xz) = 5f191dfe18e0de3433aec757a994d768ce67e2661c15feb06ddf64bbe0074436ddf6c21354b95c7eebd725dc8b5bfe82555212a431a937909d55d2afd122757e
+SHA512 (patch-4.17-git8.xz) = 6e8f3ee0536d5c4250b7709a7c67f918721da75f7afbbf205c5af5a33bd350f0ad95e0a30d5a06f852e381dd13a89101344364463ee6c1004c308acdb6cf0329