Unbreakable Enterprise kernel security update

[4.14.35-2047.502.4]

• Revert ‘rds: ib: Remove two ib_modify_qp() calls’ (Sharath Srinivasan) [Orabug: 32715567]
• uek-rpm: Update SecureBoot Digicert 2021 certificates (Somasundaram Krishnasamy) [Orabug: 32532514]
  [4.14.35-2047.502.3]
• video: hyperv_fb: Fix the mmap() regression for v5.4.y and older (Dexuan Cui) [Orabug: 32620797]
• video: hyperv_fb: Fix the cache type when mapping the VRAM (Dexuan Cui) [Orabug: 32620797]
• RDMA/core: Fix corrupted SL on passive side (Hakon Bugge) [Orabug: 32644356]
  [4.14.35-2047.502.2]
• EDAC: skx_common: downgrade message importance on missing PCI device (Aristeu Rozanski) [Orabug: 32651294]
• Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651477] {CVE-2021-28038}
• KVM: kvmclock: Fix vCPUs > 64 can’t be online/hotpluged (Wanpeng Li) [Orabug: 32633928]
• xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32640132]
  [4.14.35-2047.502.1]
• mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32619973]
• scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
• scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
• scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
• sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
• scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
• uek-rpm: add opbmc to nano-kernel (Eric Snowberg) [Orabug: 32555678]
• ovl: restore creds in all return paths of ovl_iterate (Somasundaram Krishnasamy) [Orabug: 32608965]
  [4.14.35-2047.502.0]
• rds: rds_drop_egress events should be enabled as part of RDS_RTD_SND (Alan Maguire) [Orabug: 32586918]
• rds: use dedicated rds_send_lock_contention tracepoint instead of drop (Alan Maguire) [Orabug: 32586918]
• rds: ensure saddr/daddr for tracepoints is not NULL (Alan Maguire) [Orabug: 32580944]
• hsr: use netdev_err() instead of WARN_ONCE() (Taehee Yoo) [Orabug: 32576073]
• vhost: do not try to access device IOTLB when not initialized (Jason Wang) [Orabug: 31906788]
• uek-rpm: config-aarch-embedded2 update for Feb 2021 Elba patches (Dave Kleikamp) [Orabug: 32544715]
• huge page support for device memory (Neel Patel) [Orabug: 32544715]
• mmc: sdhci-cadence-elba.c: Remove SDHCI_QUIRK_BROKEN_TIMEOUT_VAL (David Clear) [Orabug: 32544715]
• KVM: nVMX: use correct clean fields when copying from eVMCS (Vitaly Kuznetsov) [Orabug: 32544092]
• net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32492971]
• net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32492971]
• PCI: hotplug: Add module parameter to allow user control of LEDs (James Puthukattukaran) [Orabug: 32527186]
• net/rds: Reject error code change (Ka-Cheong Poon) [Orabug: 32565543]
• rds: ib: Remove two ib_modify_qp() calls (Hakon Bugge) [Orabug: 32519917]
• arm64: kexec: add support for kexec with spin-table (Henry Willard) [Orabug: 32546040]
• x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 32543800]
• x86/kvm/hyper-v: remove stale evmcs_already_enabled check from nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 32543800]
• net/rds: Need to check shutdown progress in rds_conn_path_destroy() (Ka-Cheong Poon) [Orabug: 32536002]
• A/A Bonding: In rdmaip synchronize access to ip_config[].rdmaip_dev (Sharath Srinivasan) [Orabug: 32050122]
• net/rds: In rds_send_xmit() use sg_next() to get the next sg entry (Sharath Srinivasan) [Orabug: 32125836]
• net/rds: increase 1MB MR pool size for RDS (Manjunath Patil) [Orabug: 32551377]