kernel security, bug fix, and enhancement update

[4.18.0-240.15.1_3.OL8]

• Oracle Linux certificates (Kevin Lyons)
• Disable signing for aarch64 (Ilya Okomin)
• Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
• Update x509.genkey [Orabug: 24817676]
• Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7
  [4.18.0-240.15.1_3]
• [x86] kvm: svm: Initialize prev_ga_tag before use (Vitaly Kuznetsov) [1919885 1909254]
• [net] tls: move mark_tech_preview to tls_init (Sabrina Dubroca) [1918743 1907477]
• [video] hyperv_fb: Fix the cache type when mapping the VRAM (Mohammed Gamal) [1917711 1908893]
• [video] hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (Mohammed Gamal) [1917711 1908893]
• [net] esp: select CRYPTO_SEQIV (Vladis Dronov) [1912872 1905088]
• [crypto] treewide: Use fallthrough pseudo-keyword (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: drbg - always try to free Jitter RNG instance (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: drbg - should select CTR (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: ctr - no longer needs CRYPTO_SEQIV (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: drbg - always seeded with SP800-90B compliant noise source (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: jitter - SP800-90B compliance (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: jitter - add header to fix buildwarnings (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: jitter - fix comments (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: jitter - update implementation to 2.1.2 (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: drbg - in-place cipher operation for CTR (Vladis Dronov) [1912872 1905088]
• [crypto] crypto: drbg - eliminate constant reinitialization of SGL (Vladis Dronov) [1912872 1905088]
• [netdrv] ionic: start queues before announcing link up (Jonathan Toppins) [1918372 1906250]
• [drm] drm/i915: Enable Tigerlake support by default (Lyude Paul) [1882620 1877005]
• [drm] drm/i915: Simplify intel_set_cdclk_{pre, post}_plane_update() calling convention (Lyude Paul) [1882620 1877005]
• [drm] drm/i915/psr: Program default IO buffer Wake and Fast Wake (Lyude Paul) [1882620 1877005]
• [kernel] rcu: Force on tick when invoking lots of callbacks (Waiman Long) [1915638 1862812]
• [kernel] nohz: Add TICK_DEP_BIT_RCU (Waiman Long) [1915638 1862812]
• [pci] PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (Myron Stowe) [1906516 1888310]
  [4.18.0-240.14.1_3]
• [netdrv] net: usb: lan78xx: Disable interrupts before calling generic_handle_irq() (Waiman Long) [1915814 1904213]
• [mm] x86/mm/cpa: Prevent large page split when ftrace flips RW on kernel text (Waiman Long) [1915814 1904213]
• [mm] x86/mm/cpa: Fix cpa_flush_array() TLB invalidation (Waiman Long) [1915814 1904213]
• [hv] hv: vmbus: Add timeout to vmbus_wait_for_unload (Mohammed Gamal) [1913528 1888980]
• [kernel] perf/core: Fix race in the perf_mmap_close() function (Michael Petlan) [1897016 1869925] {CVE-2020-14351}
• [kernel] perf: Make struct ring_buffer less ambiguous (Michael Petlan) [1897016 1869925] {CVE-2020-14351}
• [tty] tty: Fix ->pgrp locking in tiocspgrp() (Waiman Long) [1908196 1908197] {CVE-2020-29661}
• [x86] x86/tboot: Don’t disable swiotlb when iommu is forced on (Tony Camuso) [1911555 1883395]
• [iommu] iommu/vt-d: Avoid panic if iommu init fails in tboot system (Tony Camuso) [1911555 1883395]
• [kernel] sched/deadline: Fix priority inheritance with multiple scheduling classes (Phil Auld) [1908731 1780490]
• [kernel] locking/rwsem: Remove reader optimistic spinning (Waiman Long) [1908519 1895046]
• [kernel] locking/rwsem: Enable reader optimistic lock stealing (Waiman Long) [1908519 1895046]
• [kernel] locking/rwsem: Prevent potential lock starvation (Waiman Long) [1908519 1895046]
• [kernel] locking/rwsem: Pass the current atomic count to rwsem_down_read_slowpath() (Waiman Long) [1908519 1895046]
• [kernel] locking/rwsem: Fold _down{read,write}*() (Waiman Long) [1908519 1895046]
• [kernel] locking/rwsem: Introduce rwsem_write_trylock() (Waiman Long) [1908519 1895046]
• [kernel] locking/rwsem: Better collate rwsem_read_trylock() (Waiman Long) [1908519 1895046]
• [kernel] rwsem: Implement down_read_interruptible (Waiman Long) [1908519 1895046]
• [kernel] rwsem: Implement down_read_killable_nested (Waiman Long) [1908519 1895046]
• [firmware] efi/esrt: Only call efi_mem_reserve() for boot services memory (Kairui Song) [1907775 1878024]
• [firmware] efi: Drop type and attribute checks in efi_mem_desc_lookup() (Kairui Song) [1907775 1878024]
• [scsi] scsi: core: Don’t start concurrent async scan on same host (Ming Lei) [1905214 1874501]
  [4.18.0-240.13.1_3]
• [arm64] arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (Andrew Jones) [1909577 1908439]
• [arm64] arm64: pgtable: Fix pte_accessible() (Andrew Jones) [1909577 1908439]
• [net] icmp: randomize the global rate limiter (Guillaume Nault) [1906371 1896516] {CVE-2020-25705}
• [tools] kvm: x86: do not attempt TSC synchronization on guest writes (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: x86: fix MSR_IA32_TSC read for nested migration (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: nsvm: delay MSR permission processing to first nested VM run (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: x86: rename KVM_REQ_GET_VMCS12_PAGES (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: svm: use __GFP_ZERO instead of clear_page (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: svm: refactor msr permission bitmap allocation (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: svm: rename a variable in the svm_create_vcpu (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: nsvm: Avoid freeing uninitialized pointers in svm_set_nested_state() (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: svm: nested: Don’t allocate VMCB structures on stack (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: nsvm: more strict SMM checks when returning to nested guest (Paolo Bonzini) [1905084 1898018]
• [x86] svm: nsvm: setup nested msr permission bitmap on nested state load (Paolo Bonzini) [1905084 1898018]
• [x86] svm: nsvm: correctly restore GIF on vmexit from nesting after migration (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: svm: avoid emulation with stale next_rip (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: nsvm: remove nonsensical EXITINFO1 adjustment on nested NPF (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: svm: Rename svm_nested_virtualize_tpr() to nested_svm_virtualize_tpr() (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: svm: Add svm_ prefix to set/clr/is_intercept() (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: svm: Add vmcb_ prefix to mark_*() functions (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: svm: Rename struct nested_state to svm_nested_state (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: nsvm: Check that DR6[63:32] and DR7[64:32] are not set on vmrun of nested guests (Paolo Bonzini) [1905084 1898018]
• [x86] kvm: x86: Move the check for upper 32 reserved bits of DR6 to separate function (Paolo Bonzini) [1905084 1898018]
• [netdrv] net/mlx5e: Add IPv6 traffic class (DSCP) header rewrite support (Alaa Hleihel) [1897688 1889981]
• [netdrv] net/mlx5e: Fix endianness when calculating pedit mask first bit (Alaa Hleihel) [1897688 1889981]
• [net] openvswitch: fix to make sure flow_lookup() is not preempted (Eelco Chaudron) [1893281 1888237]
  [4.18.0-240.12.1_3]
• [net] SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (Steve Dickson) [1912478 1884361]
• [net] SUNRPC: Fix (‘SUNRPC: Add ‘@len’ parameter to gss_unwrap()’) (Steve Dickson) [1912478 1884361]
• [mm] x86/ioremap: Map EFI runtime services data as encrypted for SEV (Lenny Szubowicz) [1909243 1883134]
• [kernel] sched/deadline: Unthrottle PI boosted threads while enqueuing (Daniel Bristot de Oliveira) [1913964 1869760]
• [kernel] sched/deadline: Fix stale throttling on de-/boosted tasks (Daniel Bristot de Oliveira) [1913964 1869760]
• [fs] NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (Scott Mayhew) [1908313 1881550]
• [fs] NFS: Fix interrupted slots by sending a solo SEQUENCE operation (Scott Mayhew) [1908312 1887577]
• [net] netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal (Antoine Tenart) [1907576 1901026]
• [powerpc] powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (Diego Domingos) [1907301 1891822]
• [powerpc] powerpc/powernv/dump: Handle multiple writes to ack attribute (Diego Domingos) [1907301 1891822]
• [powerpc] powerpc/powernv/dump: Fix race while processing OPAL dump (Diego Domingos) [1907301 1891822]
• [powerpc] powerpc/opal_elog: Handle multiple writes to ack attribute (Diego Domingos) [1907301 1891822]
• [powerpc] powerpc/powernv/elog: Fix race while processing OPAL error log event (Diego Domingos) [1907301 1891822]
• [block] block: fix incorrect branching in blk_max_size_offset() (Mike Snitzer) [1905136 1903722]
• [md] dm: fix IO splitting (Mike Snitzer) [1905136 1903722]
• [block] block: fix get_max_io_size() (Mike Snitzer) [1905136 1903722]
• [block] block: Improve physical block alignment of split bios (Mike Snitzer) [1905136 1903722]
• [block] block: use gcd() to fix chunk_sectors limit stacking (Mike Snitzer) [1905136 1903722]
• [netdrv] net/mlx5e: Add LAG warning if bond slave is not lag master (Alaa Hleihel) [1892344 1851709]
• [netdrv] net/mlx5e: Add LAG warning for unsupported tx type (Alaa Hleihel) [1892344 1851709]
• [netdrv] net/mlx5e: Return a valid errno if can’t get lag device index (Alaa Hleihel) [1892344 1851709]
• [net] openvswitch: handle DNAT tuple collision (Dumitru Ceara) [1892744 1877128]
• [mm] mm/page_idle.c: skip offline pages (Chris von Recklinghausen) [1903019 1867490]
• [include] mm/hotplug: invalid PFNs from pfn_to_online_page() (Waiman Long) [1903019 1878006]
  [4.18.0-240.11.1_3]
• [scsi] scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (Ewan Milne) [1900112 1867264]
• [scsi] scsi: scsi_dh_alua: Set ‘transitioning’ state on Unit Attention (Ewan Milne) [1900112 1867264]
• [scsi] scsi: scsi_dh_alua: Return BLK_STS_AGAIN for ALUA transitioning state (Ewan Milne) [1900112 1867264]
• [block] scsi: block: Return status code in blk_mq_end_request() (Ewan Milne) [1900112 1867264]
• [include] compiler_attributes.h: Add ‘fallthrough’ pseudo keyword for switch/case use (Ivan Vecera) [1900112 1867168]
• [net] net: sctp: Rename fallthrough label to unhandled (Ivan Vecera) [1900112 1867168]
• [idle] intel_idle: Customize IceLake server support (David Arcari) [1897183 1881620]