kernel security, bug fix, and enhancement update

[3.10.0-862.2.3.OL7]

• Oracle Linux certificates (Alexey Petrenko)
• Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected])
• Update x509.genkey [bug 24817676]
  [3.10.0-862.2.3]
• [x86] kvm: fix icebp instruction handling (Paolo Bonzini) [1566849 1566845] {CVE-2018-1087}
• [x86] entry/64: Don’t use IST entry for #BP stack (Paolo Bonzini) [1567084 1567083] {CVE-2018-8897}
  [3.10.0-862.2.2]
• [kernel] perf/hwbp: Simplify the perf-hwbp code, fix documentation (Eugene Syromiatnikov) [1569878 1569874] {CVE-2018-1000199}
  [3.10.0-862.2.1]
• [md] dm: fix dropped return code from dm_get_bdev_for_ioctl (Mike Snitzer) [1567746 1562962]
• [crypto] aesni: Add support for 192 & 256 bit keys to AESNI RFC4106 (Bruno Eduardo de Oliveira Meneguele) [1570537 1568167]
  [3.10.0-862.1.1]
• [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1565700 1540061]
• [x86] pti: Rework the UEFI data corruption fix (Waiman Long) [1565700 1540061]
• [powerpc] tm: Flush TM only if CPU has TM feature (David Gibson) [1563773 1544676] {CVE-2018-1091}
• [gpu] drm/i915/glk: IPC linetime watermark workaround for GLK (Lyude Paul) [1563711 1548651]
• [x86] apic: Remove the (now) unused disable_IO_APIC() function (Baoquan He) [1563108 1521003]
• [x86] apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (Baoquan He) [1563108 1521003]
• [x86] apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (Baoquan He) [1563108 1521003]
• [x86] apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (Baoquan He) [1563108 1521003]
• [netdrv] i40e: Close client on suspend and restore client MSIx on resume (Stefan Assmann) [1563106 1538847]
• [fs] nfs: Fix unstable write completion (Scott Mayhew) [1563103 1544647]
• [x86] kvm: Fix device passthrough when SME is active (Suravee Suthikulpanit) [1563098 1557911]
• [powerpc] powernv: Support firmware disable of RFI flush (Mauricio Oliveira) [1563096 1553927]
• [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1563096 1553927]
• [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1563096 1553927]
• [nvme] fixup nvme_sysfs_delete() (David Milburn) [1563092 1543716]
• [x86] smpboot: Fix uncore_pci_remove() indexing bug when hot-removing a physical CPU (Prarit Bhargava) [1563091 1527731]
• [x86] tsc: Fix erroneous TSC rate on Skylake Xeon (Prarit Bhargava) [1563088 1466058]
• [x86] tsc: Print tsc_khz, when it differs from cpu_khz (Prarit Bhargava) [1563088 1466058]
• [x86] tsc: Future-proof native_calibrate_tsc() (Prarit Bhargava) [1563088 1466058]
• [scsi] csiostor: add support for 32 bit port capabilities (Arjun Vynipadath) [1561906 1526163]
• [netdrv] cxgb4/cxgbvf: Handle 32-bit fw port capabilities (Arjun Vynipadath) [1561906 1526163]
• [netdrv] cxgb4vf: define get_fecparam ethtool callback (Arjun Vynipadath) [1561906 1526163]
• [netdrv] cxgb4: ethtool forward error correction management support (Arjun Vynipadath) [1561906 1526163]
• [netdrv] cxgb4: core hardware/firmware support for Forward Error Correction on a link (Arjun Vynipadath) [1561906 1526163]
• [iscsi-target] Fix panic when adding second TCP connection to iSCSI session (Maurizio Lombardi) [1561900 1544670]
• [crypto] chelsio: Fix src buffer dma length (Arjun Vynipadath) [1561899 1548047]
• [crypto] chelsio: Move DMA un/mapping to chcr from lld cxgb4 driver (Arjun Vynipadath) [1561899 1548047]
• [crypto] chelsio: Remove unused parameter (Arjun Vynipadath) [1561899 1548047]
• [crypto] chelsio: Remove allocation of sg list to implement 2K limit of dsgl header (Arjun Vynipadath) [1561899 1548047]
• [crypto] chelsio: introduce __skb_put_zero() (Arjun Vynipadath) [1561899 1548047]
• [crypto] chelsio: make skb_put & friends return void pointers (Arjun Vynipadath) [1561899 1548047]
• [gpu] drm/i915/cfl: Remove alpha support protection (Rob Clark) [1561897 1464911]
• [gpu] drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin (Rob Clark) [1561897 1464911]
• [gpu] drm/i915: Add retries for LSPCON detection (Rob Clark) [1561897 1464911]
• [gpu] drm/i915: Don’t give up waiting on INVALID_MODE (Rob Clark) [1561897 1464911]
• [nvme] pci: Fix EEH failure on ppc (Mauricio Oliveira) [1561894 1558499]
• [net] netfilter: ebtables: fix erroneous reject of last rule (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
• [net] netfilter: ebtables: CONFIG_COMPAT: don’t trust userland offsets (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
• [net] netfilter: bridge: ebt_among: add more missing match size checks (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
• [net] netfilter: bridge: ebt_among: add missing match size checks (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
• [net] ipsec: Fix aborted xfrm policy dump crash (Bruno Eduardo de Oliveira Meneguele) [1517292 1517290] {CVE-2017-16939}