kernel security and bug fix update

[4.18.0-305.17.1_4.OL8]

• Update Oracle Linux certificates (Kevin Lyons)
• Disable signing for aarch64 (Ilya Okomin)
• Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
• Update x509.genkey [Orabug: 24817676]
• Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
  [4.18.0-305.17.1_4]
• ucounts: Move max_time_namespace according to ucount_type (Alex Gladkov) [1998002 1982954]
• netfilter: conntrack: remove offload_pickup sysctl again (Florian Westphal) [1995555 1987101]
• netfilter: flowtable: Set offload timeouts according to proto values (Phil Sutter) [1995554 1979184]
• netfilter: conntrack: Introduce udp offload timeout configuration (Phil Sutter) [1995554 1979184]
• netfilter: conntrack: Introduce tcp offload timeout configuration (Phil Sutter) [1995554 1979184]
• powerpc/64s: Fix crashes when toggling stf barrier (Desnes A. Nunes do Rosario) [1989174 1964484]
• iavf: fix locking of critical sections (Stefan Assmann) [1997534 1975245]
• iavf: do not override the adapter state in the watchdog task (Stefan Assmann) [1997534 1975245]
  [4.18.0-305.16.1_4]
• kernfs: dont call d_splice_alias() under kernfs node lock (Ian Kent) [1994879 1939133]
• kernfs: use i_lock to protect concurrent inode updates (Ian Kent) [1994879 1939133]
• kernfs: switch kernfs to use an rwsem (Ian Kent) [1994879 1939133]
• kernfs: use VFS negative dentry caching (Ian Kent) [1994879 1939133]
• kernfs: add a revision to identify directory node changes (Ian Kent) [1994879 1939133]
• kernfs: move revalidate to be near lookup (Ian Kent) [1994879 1939133]
• scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (Jan Stancek) [1948608 1923762]
• net: sched: act_mirred: Reset ct info when mirror/redirect skb (C. Erastus Toe) [1992226 1980532]
• usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI (Torez Smith) [1993894 1972139]
• usb: ehci: do not initialise static variables (Torez Smith) [1993894 1972139]
• usb: host: move EH SINGLE_STEP_SET_FEATURE implementation to core (Torez Smith) [1993894 1972139]
• USB: ehci: drop workaround for forced irq threading (Torez Smith) [1993894 1972139]
• usb: ehci: add spurious flag to disable overcurrent checking (Torez Smith) [1993894 1972139]
• NFS: Only change the cookie verifier if the directory page cache is empty (Benjamin Coddington) [1993895 1982825]
• NFS: Fix handling of cookie verifier in uncached_readdir() (Benjamin Coddington) [1993895 1982825]
• nfs: Subsequent READDIR calls should carry non-zero cookieverifier (Benjamin Coddington) [1993895 1982825]
• KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Jon Maloy) [1988225 1988226] {CVE-2021-37576}
  [4.18.0-305.15.1_4]
• sched: Fix data-race in wakeup (Phil Auld) [1987296 1937103]
• mm/page_alloc: bail out on fatal signal during reclaim/compaction retry attempt (Aaron Tomlin) [1984085 1919765]
• sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base() (Benjamin Coddington) [1990404 1969751]
  [4.18.0-305.14.1_4]
• tick/nohz: Kick only queued task whose tick dependency is updated (Waiman Long) [1981336 1922901]
• tick/nohz: Change signal tick dependency to wake up CPUs of member tasks (Waiman Long) [1981336 1922901]
• tick/nohz: Only wake up a single target cpu when kicking a task (Waiman Long) [1981336 1922901]
• tick/nohz: Narrow down noise while setting current task’s tick dependency (Waiman Long) [1981336 1922901]
• mlx5: net: zero-initialize tc skb extension on allocation (Jan Stancek) [1982220 1965418]
• scsi: qedf: Update the max_id value in host structure (Nilesh Javali) [1989097 1954876]
• scsi: qla2xxx: Reserve extra IRQ vectors (Nilesh Javali) [1986156 1964834]
  [4.18.0-305.13.1_4]
• xfrm: Fix wraparound in xfrm_policy_addr_delta() (Sabrina Dubroca) [1981840 1951965]
• VMCI: Release resource if the work is already queued (Cathy Avery) [1982042 1978518]