qemu security update

[15:4.2.1-18.el7]

• block: introduce max_hw_iov for use in scsi-generic (Paolo Bonzini) [Orabug: 33785156]
• file-posix: try BLKSECTGET on block devices too, do not round to power of 2 (Paolo Bonzini) [Orabug: 33785156]
• block: add max_hw_transfer to BlockLimits (Paolo Bonzini) [Orabug: 33785156]
• block-backend: align max_transfer to request alignment (Paolo Bonzini) [Orabug: 33785156]
• osdep: provide ROUND_DOWN macro (Paolo Bonzini) [Orabug: 33785156]
• scsi-generic: pass max_segments via max_iov field in BlockLimits (Paolo Bonzini) [Orabug: 33785156]
• file-posix: fix max_iov for /dev/sg devices (Paolo Bonzini) [Orabug: 33785156]
• display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34049511] {CVE-2021-4207}
• ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34049509] {CVE-2021-4206}
• hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) (Philippe Mathieu-Daude) [Orabug: 32860387] {CVE-2021-3507}
• pc: q35: Bump max_cpus to 512 (Suravee Suthikulpanit) [Orabug: 34314249]
• tests/qtest: fix pvpanic-pci-test (Mark Kanda) [Orabug: 34284763]
• libqos: pci-pc: use 32-bit write for EJ register (Paolo Bonzini) [Orabug: 34284758]
• libqos: usb-hcd-ehci: use 32-bit write for config register (Paolo Bonzini) [Orabug: 34284768]
• target/i386/kvm: Fix disabling MPX on ‘-cpu host’ with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615]
• i386: Mask SVM features if nested SVM is disabled (Eduardo Habkost) [Orabug: 33860224]
• ide: Cap LBA28 capacity announcement to 2^28-1 (Samuel Thibault) [Orabug: 25327652]
• tests/acpi: update expected arm/virt tables (Mark Kanda) [Orabug: 34132842]