kernel security, bug fix, and enhancement update

[4.18.0-425.3.1.OL8]

• Update Oracle Linux certificates (Kevin Lyons)
• Disable signing for aarch64 (Ilya Okomin)
• Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
• Update x509.genkey [Orabug: 24817676]
• Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
• Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
  [4.18.0-425.3.1]
• iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2129297]
• sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2119638]
• sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2119638]
• netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2047366]
• netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2047366]
• netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2047366]
• netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2047366]
• netfilter: conntrack: remove pr_debug callsites from tcp tracker (Florian Westphal) [2047366]
• netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2047366]
• netfilter: conntrack: improve RST handling when tuple is re-used (Florian Westphal) [2047366]
• netfilter: conntrack: avoid misleading invalid in log message (Florian Westphal) [2047366]
• netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2047366]
• iavf: Detach device during reset task (Petr Oros) [2069206]
  [4.18.0-425.2.1]
• EDAC/ghes: Set the DIMM label unconditionally (Aristeu Rozanski) [2109712]
• configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2123508]
  [4.18.0-425.1.1]
• i40e: Fix kernel crash during module removal (Ivan Vecera) [2091489]
• redhat: enable zstream release numbering for rhel 8.7 (Jarod Wilson)
• ice: Allow operation with reduced device MSI-X (Petr Oros) [2102844]
  [4.18.0-425]
• EDAC/amd64: Add new register offset support and related changes (Aristeu Rozanski) [2048792]
• EDAC/amd64: Set memory type per DIMM (Aristeu Rozanski) [2048792]
• Revert ixgbevf: Mailbox improvements (Ken Cox) [2120545]
• Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120545]
• drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2118755]
  [4.18.0-424]
• redhat: configs: add CONFIG_SERIAL_MULTI_INSTANTIATE=m for x86_64 (Jaroslav Kysela) [2005073]
• ACPI: scan: Add CLSA0101 Laptop Support (Jaroslav Kysela) [2005073]
• platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (Jaroslav Kysela) [2005073]
• platform/x86: serial-multi-instantiate: Sort ACPI IDs by HID (Jaroslav Kysela) [2005073]
• platform/x86: serial-multi-instantiate: Get rid of redundant else (Jaroslav Kysela) [2005073]
• platform/x86: serial-multi-instantiate: Use while (i–) pattern to clean up (Jaroslav Kysela) [2005073]
• platform/x86: serial-multi-instantiate: Improve dev_err_probe() messaging (Jaroslav Kysela) [2005073]
• platform/x86: serial-multi-instantiate: Drop duplicate check (Jaroslav Kysela) [2005073]
• platform/x86: serial-multi-instantiate: Improve autodetection (Jaroslav Kysela) [2005073]
• ACPI / scan: Create platform device for CS35L41 (Jaroslav Kysela) [2005073]
• ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (Jaroslav Kysela) [2005073]
• platform/x86: serial-multi-instantiate: Add SPI support (Jaroslav Kysela) [2005073]
• platform/x86: serial-multi-instantiate: Reorganize I2C functions (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Use the new i2c_acpi_client_count() helper (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Use device_get_match_data() to get driver data (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Simplify with dev_err_probe() (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Drop redundant ACPI_PTR() (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Replace zero-length array with flexible-array member (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Derive the device name from parent (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Use struct_size() helper (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Allow to have same slaves (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Introduce IOAPIC IRQ support (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Distinguish IRQ resource type (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Count I2cSerialBus() resources (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Get rid of obsolete conditional (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Defer probe when no adapter found (Jaroslav Kysela) [2005073]
• platform/x86: i2c-multi-instantiate: Accept errors of i2c_acpi_new_device() (Jaroslav Kysela) [2005073]
• serdev: Fix detection of UART devices on Apple machines. (Jaroslav Kysela) [2005073]
• serdev: Add ACPI devices by ResourceSource field (Jaroslav Kysela) [2005073]
• spi: Return deferred probe error when controller isnt yet available (Jaroslav Kysela) [2005073]
• spi/acpi: avoid spurious matches during slave enumeration (Jaroslav Kysela) [2005073]
• spi: Add API to count spi acpi resources (Jaroslav Kysela) [2005073]
• spi: Support selection of the index of the ACPI Spi Resource before alloc (Jaroslav Kysela) [2005073]
• ACPI: Test for ACPI_SUCCESS rather than !ACPI_FAILURE (Jaroslav Kysela) [2005073]
• spi/acpi: fix incorrect ACPI parent check (Jaroslav Kysela) [2005073]
• spi: Create helper API to lookup ACPI info for spi device (Jaroslav Kysela) [2005073]
• spi/acpi: enumerate all SPI slaves in the namespace (Jaroslav Kysela) [2005073]
• spi: kill useless initializer in spi_register_controller() (Jaroslav Kysela) [2005073]
• spi: fix ctrl->num_chipselect constraint (Jaroslav Kysela) [2005073]
• spi: Dont call spi_get_gpio_descs() before device name is set (Jaroslav Kysela) [2005073]
• spi: Avoid undefined behaviour when counting unused native CSs (Jaroslav Kysela) [2005073]
• spi: Allow to have all native CSs in use along with GPIOs (Jaroslav Kysela) [2005073]
• spi: Add missing error handling for CS GPIOs (Jaroslav Kysela) [2005073]
• spi: export tracepoint symbols to modules (Jaroslav Kysela) [2005073]
• spi: Fix zero length xfer bug (Jaroslav Kysela) [2005073]
• spi: Add generic support for unused native cs with cs-gpios (Jaroslav Kysela) [2005073]
• spi: Reduce kthread priority (Jaroslav Kysela) [2005073]
• spi: core: Use DEVICE_ATTR_RW() for SPI slave control sysfs attribute (Jaroslav Kysela) [2005073]
• i2c: acpi: Add an i2c_acpi_client_count() helper function (Jaroslav Kysela) [2005073]
• s390/qeth: cache link_info for ethtool (Michal Schmidt) [2117098]
• nfp: amend removal of MODULE_VERSION (Stefan Assmann) [1955769]
• x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115080] {CVE-2022-26373}
• x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115080] {CVE-2022-26373}
• tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]
• tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]
• x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2115080]
• x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115080]
• x86/amd: Use IBPB for firmware calls (Waiman Long) [2115080]
• x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115080]
• iavf: Fix reset error handling (Petr Oros) [2119759]
• iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2119759]
• iavf: Fix adminq error handling (Petr Oros) [2119759]
• iavf: Fix missing state logs (Petr Oros) [2119759]
• ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [1978613]
  [4.18.0-423]
• netfilter: ipset: fix suspicious RCU usage in find_set_and_id (Florian Westphal) [2118526]
• net/mlx5e: Update netdev features after changing XDP state (Amir Tzin) [2049440]
• net/mlx5e: CT: Use own workqueue instead of mlx5e priv (Amir Tzin) [2049440]
• net/mlx5e: CT: Add ct driver counters (Amir Tzin) [2049440]
• net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (Amir Tzin) [2049440]
• net/mlx5e: Align mlx5e_cleanup_uplink_rep_tx() with upstream code. (Amir Tzin) [2049440]
• net/mlx5e: Correct the calculation of max channels for rep (Amir Tzin) [2049440]
• Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Amir Tzin) [2049440]
• net/mlx5: fs, fail conflicting actions (Amir Tzin) [2049440]
• net/mlx5: Rearm the FW tracer after each tracer event (Amir Tzin) [2049440]
• net/mlx5: correct ECE offset in query qp output (Amir Tzin) [2049440]
• net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (Amir Tzin) [2049440]
• net/mlx5e: TC NIC mode, fix tc chains miss table (Amir Tzin) [2049440]
• net/mlx5: Dont use already freed action pointer (Amir Tzin) [2049440]
• net/mlx5: fix typo in comment (Amir Tzin) [2049440]
• IB/mlx5: Fix undefined behavior due to shift overflowing the constant (Amir Tzin) [2049440]
• net/mlx5e: Force ethertype usage in mlx5_ct_fs_smfs_fill_mask() (Amir Tzin) [2049440]
• net/mlx5: Drain fw_reset when removing device (Amir Tzin) [2049440]
• net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Amir Tzin) [2049440]
• net/mlx5e: CT: Fix support for GRE tuples (Amir Tzin) [2049440]
• net/mlx5e: Remove HW-GRO from reported features (Amir Tzin) [2049440]
• net/mlx5e: Properly block HW GRO when XDP is enabled (Amir Tzin) [2049440]
• net/mlx5e: Properly block LRO when XDP is enabled (Amir Tzin) [2049440]
• net/mlx5e: Block rx-gro-hw feature in switchdev mode (Amir Tzin) [2049440]
• net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Amir Tzin) [2049440]
• net/mlx5: Initialize flow steering during driver probe (Amir Tzin) [2049440]
• net/mlx5: Fix matching on inner TTC (Amir Tzin) [2049440]
• net/mlx5: Avoid double clear or set of sync reset requested (Amir Tzin) [2049440]
• net/mlx5: Fix deadlock in sync reset flow (Amir Tzin) [2049440]
• net/mlx5e: Fix trust state reset in reload (Amir Tzin) [2049440]
• net/mlx5e: Avoid checking offload capability in post_parse action (Amir Tzin) [2049440]
• net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Amir Tzin) [2049440]
• net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2049440]
• net/mlx5e: Lag, Dont skip fib events on current dst (Amir Tzin) [2049440]
• net/mlx5e: Lag, Fix fib_info pointer assignment (Amir Tzin) [2049440]
• net/mlx5e: Lag, Fix use-after-free in fib event handler (Amir Tzin) [2049440]
• net/mlx5e: Fix the calling of update_buffer_lossy() API (Amir Tzin) [2049440]
• net/mlx5e: Dont match double-vlan packets if cvlan is not set (Amir Tzin) [2049440]
• net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Amir Tzin) [2049440]
• RDMA/mlx5: Add a missing update of cache->last_add (Amir Tzin) [2049440]
• RDMA/mlx5: Dont remove cache MRs when a delay is needed (Amir Tzin) [2049440]
• net/mlx5e: HTB, remove unused function declaration (Amir Tzin) [2049440]
• net/mlx5e: Statify function mlx5_cmd_trigger_completions (Amir Tzin) [2049440]
• net/mlx5: Remove unused fill page array API function (Amir Tzin) [2049440]
• net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Amir Tzin) [2049440]
• net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Amir Tzin) [2049440]
• net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Amir Tzin) [2049440]
• net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Amir Tzin) [2049440]
• net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Amir Tzin) [2049440]
• net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Amir Tzin) [2049440]
• net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Amir Tzin) [2049440]
• net/mlx5: DR, Adjust structure member to reduce memory hole (Amir Tzin) [2049440]
• net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Amir Tzin) [2049440]
• net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Amir Tzin) [2049440]
• net/mlx5e: RX, Test the XDP program existence out of the handler (Amir Tzin) [2049440]
• net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Amir Tzin) [2049440]
• net/mlx5e: Add headroom only to the first fragment in legacy RQ (Amir Tzin) [2049440]
• net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Amir Tzin) [2049440]
• net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Amir Tzin) [2049440]
• net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Amir Tzin) [2049440]
• RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (Amir Tzin) [2049440]
• net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Amir Tzin) [2049440]
• net/mlx5e: Remove overzealous validations in netlink EEPROM query (Amir Tzin) [2049440]
• net/mlx5: Parse module mapping using mlx5_ifc (Amir Tzin) [2049440]
• net/mlx5: Query the maximum MCIA register read size from firmware (Amir Tzin) [2049440]
• net/mlx5: CT: Create smfs dr matchers dynamically (Amir Tzin) [2049440]
• net/mlx5: CT: Add software steering ct flow steering provider (Amir Tzin) [2049440]
• net/mlx5: Add smfs lib to export direct steering API to CT (Amir Tzin) [2049440]
• net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Amir Tzin) [2049440]
• net/mlx5: CT: Introduce a platform for multiple flow steering providers (Amir Tzin) [2049440]
• net/mlx5: Node-aware allocation for the doorbell pgdir (Amir Tzin) [2049440]
• net/mlx5: Node-aware allocation for UAR (Amir Tzin) [2049440]
• net/mlx5: Node-aware allocation for the EQs (Amir Tzin) [2049440]
• net/mlx5: Node-aware allocation for the EQ table (Amir Tzin) [2049440]
• net/mlx5: Node-aware allocation for the IRQ table (Amir Tzin) [2049440]
• net/mlx5: Delete useless module.h include (Amir Tzin) [2049440]
• net/mlx5: DR, Add support for ConnectX-7 steering (Amir Tzin) [2049440]
• net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Amir Tzin) [2049440]
• net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Amir Tzin) [2049440]
• net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Amir Tzin) [2049440]
• net/mlx5: DR, Remove unneeded comments (Amir Tzin) [2049440]
• net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Amir Tzin) [2049440]
• net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Amir Tzin) [2049440]
• net/mlx5: Add debugfs counters for page commands failures (Amir Tzin) [2049440]
• net/mlx5: Add pages debugfs (Amir Tzin) [2049440]
• net/mlx5: Move debugfs entries to separate struct (Amir Tzin) [2049440]
• net/mlx5: Change release_all_pages cap bit location (Amir Tzin) [2049440]
• net/mlx5: Remove redundant error on reclaim pages (Amir Tzin) [2049440]
• net/mlx5: Remove redundant error on give pages (Amir Tzin) [2049440]
• net/mlx5: Remove redundant notify fail on give pages (Amir Tzin) [2049440]
• net/mlx5: Add command failures data to debugfs (Amir Tzin) [2049440]
• net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Amir Tzin) [2049440]
• net/mlx5: Support GRE conntrack offload (Amir Tzin) [2049440]
• mlx5: add support for page_pool_get_stats (Amir Tzin) [2049440]
• net/mlx5: Add migration commands definitions (Amir Tzin) [2049440]
• net/mlx5: Introduce migration bits and structures (Amir Tzin) [2049440]
• net/mlx5: Expose APIs to get/put the mlx5 core device (Amir Tzin) [2049440]
• net/mlx5: Disable SRIOV before PF removal (Amir Tzin) [2049440]
• net/mlx5: Reuse exported virtfn index function call (Amir Tzin) [2049440]
• net/mlx5: Add clarification on sync reset failure (Amir Tzin) [2049440]
• net/mlx5: Add reset_state field to MFRL register (Amir Tzin) [2049440]
• RDMA/mlx5: Use new command interface API (Amir Tzin) [2049440]
• net/mlx5: cmdif, Refactor error handling and reporting of async commands (Amir Tzin) [2049440]
• net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Amir Tzin) [2049440]
• net/mlx5: cmdif, Add new api for command execution (Amir Tzin) [2049440]
• net/mlx5: cmdif, cmd_check refactoring (Amir Tzin) [2049440]
• net/mlx5: cmdif, Return value improvements (Amir Tzin) [2049440]
• net/mlx5: Lag, offload active-backup drops to hardware (Amir Tzin) [2049440]
• net/mlx5: Lag, record inactive state of bond device (Amir Tzin) [2049440]
• net/mlx5: Lag, dont use magic numbers for ports (Amir Tzin) [2049440]
• net/mlx5: Lag, use local variable already defined to access E-Switch (Amir Tzin) [2049440]
• net/mlx5: E-switch, add drop rule support to ingress ACL (Amir Tzin) [2049440]
• net/mlx5: E-switch, remove special uplink ingress ACL handling (Amir Tzin) [2049440 2049580]
• net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Amir Tzin) [2049440 2049580]
• net/mlx5: Add ability to insert to specific flow group (Amir Tzin) [2049440]
• mlx5: remove unused static inlines (Amir Tzin) [2049440]
• RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() (Amir Tzin) [2049440]
• RDMA/mlx5: Store ndescs instead of the translation table size (Amir Tzin) [2049440]
• RDMA/mlx5: Merge similar flows of allocating MR from the cache (Amir Tzin) [2049440]
• RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (Amir Tzin) [2049440]
• RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent (Amir Tzin) [2049440]
• net/mlx5e: TC, Allow sample action with CT (Amir Tzin) [2049440 2049659]
• net/mlx5e: TC, Make post_act parse CT and sample actions (Amir Tzin) [2049440 2049659]
• net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Amir Tzin) [2049440 2049659]
• net/mlx5e: Use multi table support for CT and sample actions (Amir Tzin) [2049440 2049659]
• net/mlx5e: Create new flow attr for multi table actions (Amir Tzin) [2049440 2049659]
• net/mlx5e: Add post act offload/unoffload API (Amir Tzin) [2049440 2049659]
• net/mlx5e: Pass actions param to actions_match_supported() (Amir Tzin) [2049440 2049659]
• net/mlx5e: TC, Move flow hashtable to be per rep (Amir Tzin) [2049440]
• net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Amir Tzin) [2049440]
• net/mlx5e: E-Switch, Add PTP counters for uplink representor (Amir Tzin) [2049440]
• net/mlx5e: RX, Restrict bulk size for small Striding RQs (Amir Tzin) [2049440]
• net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Amir Tzin) [2049440]
• net/mlx5e: Generalize packet merge error message (Amir Tzin) [2049440]
• net/mlx5e: Add support for using xdp->data_meta (Amir Tzin) [2049440]
• net/mlx5e: Fix spelling mistake supoported -> supported (Amir Tzin) [2049440]
• net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Amir Tzin) [2049440]
• net/mlx5e: Optimize modulo in mlx5e_select_queue (Amir Tzin) [2049440]
• net/mlx5e: Optimize mlx5e_select_queue (Amir Tzin) [2049440]
• net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Amir Tzin) [2049440]
• net/mlx5e: Move repeating code that gets TC prio into a function (Amir Tzin) [2049440]
• net/mlx5e: Use select queue parameters to sync with control flow (Amir Tzin) [2049440]
• net/mlx5e: Move mlx5e_select_queue to en/selq.c (Amir Tzin) [2049440]
• net/mlx5e: Introduce select queue parameters (Amir Tzin) [2049440]
• net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Amir Tzin) [2049440]
• net/mlx5e: Use a barrier after updating txq2sq (Amir Tzin) [2049440]
• net/mlx5e: Disable TX queues before registering the netdev (Amir Tzin) [2049440]
• net/mlx5e: Cleanup of start/stop all queues (Amir Tzin) [2049440]
• net/mlx5e: Use FW limitation for max MPW WQEBBs (Amir Tzin) [2049440]
• net/mlx5e: Read max WQEBBs on the SQ from firmware (Amir Tzin) [2049440]
• net/mlx5e: Remove unused tstamp SQ field (Amir Tzin) [2049440]
• RDMA/mlx5: Delete useless module.h include (Amir Tzin) [2049440]
• RDMA/mlx5: Delete get_num_static_uars function (Amir Tzin) [2049440]
• net/mlx5: VLAN push on RX, pop on TX (Amir Tzin) [2049440 2049616]
• net/mlx5: Introduce software defined steering capabilities (Amir Tzin) [2049440 2049616]
• net/mlx5: Remove unused TIR modify bitmask enums (Amir Tzin) [2049440]
• net/mlx5e: CT, Remove redundant flow args from tc ct calls (Amir Tzin) [2049440 2049659]
• net/mlx5e: TC, Store mapped tunnel id on flow attr (Amir Tzin) [2049440 2049659]
• net/mlx5e: Test CT and SAMPLE on flow attr (Amir Tzin) [2049440 2049580 2049659]
• net/mlx5e: Refactor eswitch attr flags to just attr flags (Amir Tzin) [2049440 2049580 2049659]
• net/mlx5e: CT, Dont set flow flag CT for ct clear flow (Amir Tzin) [2049440 2049659]
• net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Amir Tzin) [2049440 2049580 2049659]
• net/mlx5e: TC, Reject rules with multiple CT actions (Amir Tzin) [2049440 2049659]
• net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Amir Tzin) [2049440 2049659]
• net/mlx5e: TC, Pass attr to tc_act can_offload() (Amir Tzin) [2049440 2049659]
• net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Amir Tzin) [2049440 2049659]
• net/mlx5e: TC, Move pedit_headers_action to parse_attr (Amir Tzin) [2049440 2049659]
• net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Amir Tzin) [2049440 2049659]
• net/mlx5e: Pass attr arg for attaching/detaching encaps (Amir Tzin) [2049440 2049659]
• net/mlx5e: Move code chunk setting encap dests into its own function (Amir Tzin) [2049440 2049659]
• net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2116328] {CVE-2022-2588}
• netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Florian Westphal) [2116356] {CVE-2022-2586}
• netfilter: nf_tables: do not allow SET_ID to refer to another table (Florian Westphal) [2116356] {CVE-2022-2586}
• netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) [2116159] {CVE-2022-36946}
• net: let flow have same hash in two directions (Ivan Vecera) [2111094]
• ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Ivan Vecera) [2111094]
• net: Add notifications when multipath hash field change (Ivan Vecera) [2111094]
• selftests: forwarding: Add test for custom multipath hash with IPv6 GRE (Ivan Vecera) [2111094]
• selftests: forwarding: Add test for custom multipath hash with IPv4 GRE (Ivan Vecera) [2111094]
• selftests: forwarding: Add test for custom multipath hash (Ivan Vecera) [2111094]
• ipv6: Add custom multipath hash policy (Ivan Vecera) [2111094]
• ipv6: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]
• ipv6: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]
• ipv6: Use a more suitable label name (Ivan Vecera) [2111094]
• ipv4: Add custom multipath hash policy (Ivan Vecera) [2111094]
• ipv4: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]
• ipv4: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]
• ipv6: Use math to point per net sysctls into the appropriate struct net (Ivan Vecera) [2111094]
• selftest/net/forwarding: declare NETIFS p9 p10 (Ivan Vecera) [2111094]
• ipv6: Fix sysctl max for fib_multipath_hash_policy (Ivan Vecera) [2111094]
• selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]
• ipv6: Support multipath hashing on inner IP pkts (Ivan Vecera) [2111094]
• ipv4: Multipath hashing on inner L3 needs to consider inner IPv6 pkts (Ivan Vecera) [2111094]
• ipv4: Support multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]
• ipv4: Initialize flowi4_multipath_hash in data path (Ivan Vecera) [2111094]
• net: ipv4: Fix NULL pointer dereference in route lookup (Ivan Vecera) [2111094]
• route: Add multipath_hash in flowi_common to make user-define hash (Ivan Vecera) [2111094]
  [4.18.0-422]
• drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2097647]
• rpm: convert gcc and libelf to Recommends (Jarod Wilson) [2114900]
• redhat: add ca7 to redhat/git/files (Jarod Wilson)