kernel security and bug fix update

[3.10.0-1160.36.2.OL7]

• Update Oracle Linux certificates (Ilya Okomin)
• Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected])
• Update x509.genkey [Orabug: 24817676]
• Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
• Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)
  [3.10.0-1160.36.2]
• seq_file: Disallow extremely large seq buffer allocations (Ian Kent) [1975251]
  [3.10.0-1160.36.1]
• cipso,calipso: resolve a number of problems with the DOI refcounts (Antoine Tenart) [1967720]
• net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Alaa Hleihel) [1962406]
• sched/debug: Fix cgroup_path[] serialization (Waiman Long) [1912221]
• sched/debug: Reset watchdog on all CPUs while processing sysrq-t (Waiman Long) [1912221]
• vt: vt_ioctl: fix use-after-free in vt_in_use() (Vladis Dronov) [1872778]
• vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Vladis Dronov) [1872778]
• vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (Vladis Dronov) [1872778]
• vt: selection, introduce vc_is_sel (Vladis Dronov) [1872778]
• redhat: genspec: generate changelog entries since last release (Augusto Caringi)
  [3.10.0-1160.35.1]
• CI: Merge configuration (Veronika Kabatova)
• [pci/aer] Work around use-after-free in pcie_do_fatal_recovery() (Al Stone) [1933663]
• [pci/aer] do not invoke error recovery with non-fatal errors (Al Stone) [1933663]
  [3.10.0-1160.34.1]
• futex: remove lockdep_assert_held() in pi_state_update_owner() (Donghai Qiao) [1965495]
• video: hyperv_fb: Add ratelimit on error message (Mohammed Gamal) [1957803]
• Drivers: hv: vmbus: Increase wait time for VMbus unload (Mohammed Gamal) [1957803]
• Drivers: hv: vmbus: Initialize unload_event statically (Mohammed Gamal) [1957803]
• blk-mq: always allow reserved allocation in hctx_may_queue (Ming Lei) [1926825]
• s390/pci: fix out of bounds access during irq setup (Philipp Rudo) [1917943]
• s390/pci: improve irq number check for msix (Philipp Rudo) [1917943]
  [3.10.0-1160.33.1]
• CI: Disable result checking for realtime check (Veronika Kabatova)
• CI: Explicitly disable result checking for private CI (Veronika Kabatova)
• CI: Rename variable (Veronika Kabatova)
• mm: memcontrol: switch to rcu protection in drain_all_stock() (Waiman Long) [1957719]
• sctp: Don’t add the shutdown timer if its already been added (Xin Long) [1953052]
• media: xirlink_cit: add missing descriptor sanity checks (Mark Langsdorf) [1826877] {CVE-2020-11668}
  [3.10.0-1160.32.1]
• Bluetooth: verify AMP hci_chan before amp_destroy (Gopal Tiwari) [1962532] {CVE-2021-33034}
• net: ipv4: route: Fix sending IGMP messages with link address (Hangbin Liu) [1958339]
• hv_netvsc: remove ndo_poll_controller (Mohammed Gamal) [1953075]
• Fix double free in nvme_trans_log_temperature (Gopal Tiwari) [1946793]
• rcu: Call touch_nmi_watchdog() while printing stall warnings (Artem Savkov) [1924688]
• sched/fair: Use RCU accessors consistently for ->numa_group (Rafael Aquini) [1915635] {CVE-2019-20934}
• sched/fair: Don’t free p->numa_faults with concurrent readers (Rafael Aquini) [1915635] {CVE-2019-20934}
• sched/numa: Simplify task_numa_compare() (Rafael Aquini) [1915635] {CVE-2019-20934}
• sched/numa: Fix task_numa_free() lockdep splat (Rafael Aquini) [1915635] {CVE-2019-20934}
• sched/numa: Move task_numa_free() to __put_task_struct() (Rafael Aquini) [1915635] {CVE-2019-20934}
• [s390] s390/dasd: fix diag 0x250 inline assembly (Philipp Rudo) [1910395]
• vsock/vmci: log once the failed queue pair allocation (Stefano Garzarella) [1892237]
• VMCI: Stop log spew when qp allocation isn’t possible (Stefano Garzarella) [1892237]