diff --git a/.gitignore b/.gitignore
index 8278bdc..bc6622b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
-SOURCES/kernel-abi-stablelists-4.18.0-331.tar.bz2
-SOURCES/kernel-kabi-dw-4.18.0-331.tar.bz2
-SOURCES/linux-4.18.0-331.el8.tar.xz
+SOURCES/kernel-abi-stablelists-4.18.0-338.tar.bz2
+SOURCES/kernel-kabi-dw-4.18.0-338.tar.bz2
+SOURCES/linux-4.18.0-338.el8.tar.xz
 SOURCES/rheldup3.x509
 SOURCES/rhelkpatch1.x509
diff --git a/.kernel.metadata b/.kernel.metadata
index 1a9a47d..0c8d869 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,5 +1,5 @@
-cdeb2dbe094413c4c8b48bf199320c30c6ee5089 SOURCES/kernel-abi-stablelists-4.18.0-331.tar.bz2
-109f15ce9699bfa93bd9dc4f8e88013ce341e0e7 SOURCES/kernel-kabi-dw-4.18.0-331.tar.bz2
-cc9c392ae340c91303cb8dc60aa08a347791027c SOURCES/linux-4.18.0-331.el8.tar.xz
+adf5f8cf1290a84875a5b7fc0cb6dc41b670d037 SOURCES/kernel-abi-stablelists-4.18.0-338.tar.bz2
+109f15ce9699bfa93bd9dc4f8e88013ce341e0e7 SOURCES/kernel-kabi-dw-4.18.0-338.tar.bz2
+4e94aa5884a3e8106860d98bb586530ed29a7794 SOURCES/linux-4.18.0-338.el8.tar.xz
 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der
deleted file mode 100644
index 44a2563..0000000
Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ
diff --git a/SOURCES/centos-dup.x509 b/SOURCES/centos-dup.x509
deleted file mode 100644
index 9c65dd3..0000000
Binary files a/SOURCES/centos-dup.x509 and /dev/null differ
diff --git a/SOURCES/centos-kpatch.x509 b/SOURCES/centos-kpatch.x509
deleted file mode 100644
index ca57a43..0000000
Binary files a/SOURCES/centos-kpatch.x509 and /dev/null differ
diff --git a/SOURCES/centos.pem b/SOURCES/centos.pem
deleted file mode 100644
index 82ad817..0000000
--- a/SOURCES/centos.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDgTCCAmmgAwIBAgIJALYWFXFy+zGAMA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV
-BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB
-FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjA0MFoXDTM4MDEwMTE0
-MjA0MFowVTEvMC0GA1UEAwwmQ2VudE9TIExpbnV4IERyaXZlciB1cGRhdGUgc2ln
-bmluZyBrZXkxIjAgBgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5ECuosQ4HKRRf+Kxfm+BcICBK
-PGqB+E/qalqQ3CCM3LWezq0ns/GZTD0CtSAzmOObqJb3gJ9S5gcbaMVBc3JxLlQ+
-RwVy0oNy91uy9TKhYQ3lpHDyujxiFmXPSJLMKOYbOBNObJ7qF6+ptnmDWMu7GWDc
-4UGdBdU/evt92LIxsi9ZQCEoZIqdyKBE/Y3V9gBZIZa/4oXMHfW9dWxhy9UszmR9
-hT7ZdgLFpWMFmJW+SS5QEWtp5CpRlcui4QJZl42bMp5JOrVWc+BlKPIsLdY8TqLp
-9FdhQ5Ih4auT7zn2V89YgYpq6VMZnPsn/v5piB6i6RK8Falr6SP5SV0cwV/jAgMB
-AAGjXTBbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQpvUwN
-BtLpkRBEtdyXMwkTm1HW1TAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q6
-8zANBgkqhkiG9w0BAQsFAAOCAQEAK+f4c4aP9TQDiQM4TDyw8iDapr7eBc+Yr0M5
-ELkWEQu55/OwLQrgCA5bdD86diaAXQAlUOXCtFRrbUQHQACEL77/32YdooHfVZZ7
-04CeE+JWxF/cQ3M5hhJnkyxaqFKC+B+bn7Z6eloMnYUPsXwfQEOuyxKaKergAJdq
-KnC0pEG3NGgwlwvnD0dwUqbbEUUqL3UQh96hCYDidhCUmuap1E2OGoxGex3ekszf
-ErCgwVYb46cv91ba2KqXVWl1FoO3c5MyZcxL46ihQgiY0BI975+HDFjpUZ69n+Um
-OhSscRUiKeEQKMVtHzyQUp5t+HCeaZBRPy3rFoIjTEqijKZ6tQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDejCCAmKgAwIBAgIJALYWFXFy+zF/MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV
-BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB
-FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjAwMloXDTM4MDEwMTE0
-MjAwMlowTjEoMCYGA1UEAwwfQ2VudE9TIExpbnV4IGtwYXRjaCBzaWduaW5nIGtl
-eTEiMCAGCSqGSIb3DQEJARYTc2VjdXJpdHlAY2VudG9zLm9yZzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMG+5OclqB0NE5azrGkSitqUFcZjpRk/rS2P
-CetB6jwxOn06TrLGzqnhcE9VBKyEs7CXBLy6lfnORcYOybcR2XvrgqGa1txOZggl
-hc8zCj9X7ZCMK2UsWglxQCOtbo0m/vdor/VO3SFbrf/W9+PXhvNtcxMP9yjydbP+
-lS1St8uQv952hu7C1TevyOQN3jpvWRD7DSJIU/2uRFcdIo2QCGokuB/xESXeuGJ2
-F2P9w0h74V18AlVTxtGp/RSJqZaQ2Gi5h4Oa7UsRmhmCoLdmdBe7xnYJrJ4GhxKQ
-yG0kU1ikEhZW3YjoVPgBJzTsIhCAzFrOUq0d67a1wTVMiyL60fUCAwEAAaNdMFsw
-DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFLSfCGIFkJ3E2iz6
-mTdvsZHS8J54MB8GA1UdIwQYMBaAFFTsgYWJPuka2wj3RIhUfo4/dDrzMA0GCSqG
-SIb3DQEBCwUAA4IBAQBcDnjWh8Mx6yaS/OvBOYZprYy5Su0tn+YHiN0czpjVw+zl
-NUt2YmRSA/g6xks04CYx+UAL/xnvRcxXd17Ni7eWiROxvgQvBo5nScVkFPq2IIP5
-8aj7LoHR1MUeXfiNqf1JoSlgpRV47wv/+jZD0hmbt1rC2NJp0ZU8OHmt2GWk0jmM
-MK72D/pyCUfHetBzPpU9M0cNiukjMUdIL+U7+CXDgKsfdFHcQ76ebWyka7vRSXTs
-lBMa2g20Atwz2Hj7tEEAZ74ioQ9029RAlUSNipACe31YdT4/BBWIqHPpeDFkp8W0
-9v4jeTX/2kMBXkjzMfKjhpooa+bFFFLogLeX3P4W
------END CERTIFICATE-----
diff --git a/SOURCES/centossecureboot001.der b/SOURCES/centossecureboot001.der
deleted file mode 100644
index e8216b1..0000000
Binary files a/SOURCES/centossecureboot001.der and /dev/null differ
diff --git a/SOURCES/centossecureboot201.der b/SOURCES/centossecureboot201.der
deleted file mode 100644
index ca3c134..0000000
Binary files a/SOURCES/centossecureboot201.der and /dev/null differ
diff --git a/SOURCES/centossecurebootca2.der b/SOURCES/centossecurebootca2.der
deleted file mode 100644
index 42bdfcf..0000000
Binary files a/SOURCES/centossecurebootca2.der and /dev/null differ
diff --git a/SOURCES/generate_bls_conf.sh b/SOURCES/generate_bls_conf.sh
index bdb52a6..f8415db 100755
--- a/SOURCES/generate_bls_conf.sh
+++ b/SOURCES/generate_bls_conf.sh
@@ -19,7 +19,7 @@ else
 fi
 
 cat >${output} <<EOF
-title ${NAME% *} (${kernelver}) ${VERSION}${debugname}
+title ${NAME} (${kernelver}) ${VERSION}${debugname}
 version ${kernelver}${debugid}
 linux ${bootprefix}/vmlinuz-${kernelver}
 initrd ${bootprefix}/initramfs-${kernelver}.img
diff --git a/SOURCES/kernel-aarch64-debug.config b/SOURCES/kernel-aarch64-debug.config
index 5b48a79..f27e0f1 100644
--- a/SOURCES/kernel-aarch64-debug.config
+++ b/SOURCES/kernel-aarch64-debug.config
@@ -2758,10 +2758,11 @@ CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CHARGER_SMB347=m
 CONFIG_CHECKPOINT_RESTORE=y
-CONFIG_CHELSIO_IPSEC_INLINE=y
+CONFIG_CHELSIO_INLINE_CRYPTO=y
+CONFIG_CHELSIO_IPSEC_INLINE=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
-CONFIG_CHELSIO_TLS_DEVICE=y
+CONFIG_CHELSIO_TLS_DEVICE=m
 CONFIG_CHROME_PLATFORMS=y
 CONFIG_CHR_DEV_SCH=m
 CONFIG_CHR_DEV_SG=m
diff --git a/SOURCES/kernel-aarch64.config b/SOURCES/kernel-aarch64.config
index 0fa4bd4..fbcc8a3 100644
--- a/SOURCES/kernel-aarch64.config
+++ b/SOURCES/kernel-aarch64.config
@@ -2822,10 +2822,11 @@ CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CHARGER_SMB347=m
 CONFIG_CHECKPOINT_RESTORE=y
-CONFIG_CHELSIO_IPSEC_INLINE=y
+CONFIG_CHELSIO_INLINE_CRYPTO=y
+CONFIG_CHELSIO_IPSEC_INLINE=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
-CONFIG_CHELSIO_TLS_DEVICE=y
+CONFIG_CHELSIO_TLS_DEVICE=m
 CONFIG_CHROME_PLATFORMS=y
 CONFIG_CHR_DEV_SCH=m
 CONFIG_CHR_DEV_SG=m
diff --git a/SOURCES/kernel-ppc64le-debug.config b/SOURCES/kernel-ppc64le-debug.config
index aecd45e..f8d3615 100644
--- a/SOURCES/kernel-ppc64le-debug.config
+++ b/SOURCES/kernel-ppc64le-debug.config
@@ -2448,10 +2448,11 @@ CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CHARGER_SMB347=m
 CONFIG_CHECKPOINT_RESTORE=y
-CONFIG_CHELSIO_IPSEC_INLINE=y
+CONFIG_CHELSIO_INLINE_CRYPTO=y
+CONFIG_CHELSIO_IPSEC_INLINE=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
-CONFIG_CHELSIO_TLS_DEVICE=y
+CONFIG_CHELSIO_TLS_DEVICE=m
 CONFIG_CHR_DEV_SCH=m
 CONFIG_CHR_DEV_SG=m
 CONFIG_CHR_DEV_ST=m
diff --git a/SOURCES/kernel-ppc64le.config b/SOURCES/kernel-ppc64le.config
index b42ca49..f51af3a 100644
--- a/SOURCES/kernel-ppc64le.config
+++ b/SOURCES/kernel-ppc64le.config
@@ -2511,10 +2511,11 @@ CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CHARGER_SMB347=m
 CONFIG_CHECKPOINT_RESTORE=y
-CONFIG_CHELSIO_IPSEC_INLINE=y
+CONFIG_CHELSIO_INLINE_CRYPTO=y
+CONFIG_CHELSIO_IPSEC_INLINE=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
-CONFIG_CHELSIO_TLS_DEVICE=y
+CONFIG_CHELSIO_TLS_DEVICE=m
 CONFIG_CHR_DEV_SCH=m
 CONFIG_CHR_DEV_SG=m
 CONFIG_CHR_DEV_ST=m
diff --git a/SOURCES/kernel-s390x-debug.config b/SOURCES/kernel-s390x-debug.config
index 0059f13..df6dc97 100644
--- a/SOURCES/kernel-s390x-debug.config
+++ b/SOURCES/kernel-s390x-debug.config
@@ -2576,10 +2576,11 @@ CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CHECKPOINT_RESTORE=y
 CONFIG_CHECK_STACK=y
-CONFIG_CHELSIO_IPSEC_INLINE=y
+CONFIG_CHELSIO_INLINE_CRYPTO=y
+CONFIG_CHELSIO_IPSEC_INLINE=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
-CONFIG_CHELSIO_TLS_DEVICE=y
+CONFIG_CHELSIO_TLS_DEVICE=m
 CONFIG_CHR_DEV_SCH=m
 CONFIG_CHR_DEV_SG=m
 CONFIG_CHR_DEV_ST=m
diff --git a/SOURCES/kernel-s390x-zfcpdump.config b/SOURCES/kernel-s390x-zfcpdump.config
index e0fa874..1609a0a 100644
--- a/SOURCES/kernel-s390x-zfcpdump.config
+++ b/SOURCES/kernel-s390x-zfcpdump.config
@@ -2799,10 +2799,11 @@ CONFIG_CGROUP_PERF=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_SCHED=y
-CONFIG_CHELSIO_IPSEC_INLINE=y
+CONFIG_CHELSIO_INLINE_CRYPTO=y
+CONFIG_CHELSIO_IPSEC_INLINE=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
-CONFIG_CHELSIO_TLS_DEVICE=y
+CONFIG_CHELSIO_TLS_DEVICE=m
 CONFIG_CIFS=m
 CONFIG_CIFS_ACL=y
 CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y
diff --git a/SOURCES/kernel-s390x.config b/SOURCES/kernel-s390x.config
index d129215..46b235e 100644
--- a/SOURCES/kernel-s390x.config
+++ b/SOURCES/kernel-s390x.config
@@ -2638,10 +2638,11 @@ CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CHECKPOINT_RESTORE=y
 CONFIG_CHECK_STACK=y
-CONFIG_CHELSIO_IPSEC_INLINE=y
+CONFIG_CHELSIO_INLINE_CRYPTO=y
+CONFIG_CHELSIO_IPSEC_INLINE=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
-CONFIG_CHELSIO_TLS_DEVICE=y
+CONFIG_CHELSIO_TLS_DEVICE=m
 CONFIG_CHR_DEV_SCH=m
 CONFIG_CHR_DEV_SG=m
 CONFIG_CHR_DEV_ST=m
diff --git a/SOURCES/kernel-x86_64-debug.config b/SOURCES/kernel-x86_64-debug.config
index 6ef0df4..842c502 100644
--- a/SOURCES/kernel-x86_64-debug.config
+++ b/SOURCES/kernel-x86_64-debug.config
@@ -2504,10 +2504,11 @@ CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CHARGER_SMB347=m
 CONFIG_CHECKPOINT_RESTORE=y
-CONFIG_CHELSIO_IPSEC_INLINE=y
+CONFIG_CHELSIO_INLINE_CRYPTO=y
+CONFIG_CHELSIO_IPSEC_INLINE=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
-CONFIG_CHELSIO_TLS_DEVICE=y
+CONFIG_CHELSIO_TLS_DEVICE=m
 CONFIG_CHR_DEV_SCH=m
 CONFIG_CHR_DEV_SG=m
 CONFIG_CHR_DEV_ST=m
diff --git a/SOURCES/kernel-x86_64.config b/SOURCES/kernel-x86_64.config
index b75eac2..bdc813d 100644
--- a/SOURCES/kernel-x86_64.config
+++ b/SOURCES/kernel-x86_64.config
@@ -2566,10 +2566,11 @@ CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CHARGER_SMB347=m
 CONFIG_CHECKPOINT_RESTORE=y
-CONFIG_CHELSIO_IPSEC_INLINE=y
+CONFIG_CHELSIO_INLINE_CRYPTO=y
+CONFIG_CHELSIO_IPSEC_INLINE=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
-CONFIG_CHELSIO_TLS_DEVICE=y
+CONFIG_CHELSIO_TLS_DEVICE=m
 CONFIG_CHR_DEV_SCH=m
 CONFIG_CHR_DEV_SG=m
 CONFIG_CHR_DEV_ST=m
diff --git a/SOURCES/redhatsecureboot003.cer b/SOURCES/redhatsecureboot003.cer
new file mode 100644
index 0000000..439b75b
Binary files /dev/null and b/SOURCES/redhatsecureboot003.cer differ
diff --git a/SOURCES/redhatsecureboot401.cer b/SOURCES/redhatsecureboot401.cer
new file mode 100644
index 0000000..247666c
Binary files /dev/null and b/SOURCES/redhatsecureboot401.cer differ
diff --git a/SOURCES/redhatsecurebootca2.cer b/SOURCES/redhatsecurebootca2.cer
new file mode 100644
index 0000000..43502d6
Binary files /dev/null and b/SOURCES/redhatsecurebootca2.cer differ
diff --git a/SOURCES/redhatsecurebootca4.cer b/SOURCES/redhatsecurebootca4.cer
new file mode 100644
index 0000000..8cb32e6
Binary files /dev/null and b/SOURCES/redhatsecurebootca4.cer differ
diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey
index dbfe9a7..b1bbe38 100644
--- a/SOURCES/x509.genkey
+++ b/SOURCES/x509.genkey
@@ -5,9 +5,9 @@ prompt = no
 x509_extensions = myexts
 
 [ req_distinguished_name ]
-O = CentOS
-CN = CentOS kernel signing key
-emailAddress = security@centos.org
+O = Red Hat
+CN = Red Hat Enterprise Linux kernel signing key
+emailAddress = secalert@redhat.com
 
 [ myexts ]
 basicConstraints=critical,CA:FALSE
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 1d1e727..20ebde4 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -16,10 +16,10 @@
 # For internal testing builds during development, it should be 0.
 %global released_kernel 0
 
-%global distro_build 331
+%global distro_build 338
 
 # Sign the x86_64 kernel for secure boot authentication
-%ifarch x86_64 aarch64
+%ifarch x86_64 aarch64 s390x ppc64le
 %global signkernel 1
 %else
 %global signkernel 0
@@ -42,10 +42,10 @@
 # define buildid .local
 
 %define rpmversion 4.18.0
-%define pkgrelease 331.el8
+%define pkgrelease 338.el8
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 331%{?dist}
+%define specrelease 338%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -448,34 +448,44 @@ Source9: x509.genkey
 
 %if %{?released_kernel}
 
-Source10: centossecurebootca2.der
-Source11: centos-ca-secureboot.der
-Source12: centossecureboot201.der
-Source13: centossecureboot001.der
+Source10: redhatsecurebootca5.cer
+Source11: redhatsecurebootca3.cer
+Source12: redhatsecureboot501.cer
+Source13: redhatsecureboot301.cer
+Source14: secureboot_s390.cer
+Source15: secureboot_ppc.cer
 
 %define secureboot_ca_0 %{SOURCE11}
 %define secureboot_ca_1 %{SOURCE10}
 %ifarch x86_64 aarch64
 %define secureboot_key_0 %{SOURCE13}
-%define pesign_name_0 centossecureboot001
+%define pesign_name_0 redhatsecureboot301
 %define secureboot_key_1 %{SOURCE12}
-%define pesign_name_1 centossecureboot201
+%define pesign_name_1 redhatsecureboot501
+%endif
+%ifarch s390x
+%define secureboot_key_0 %{SOURCE14}
+%define pesign_name_0 redhatsecureboot302
+%endif
+%ifarch ppc64le
+%define secureboot_key_0 %{SOURCE15}
+%define pesign_name_0 redhatsecureboot303
 %endif
 
 # released_kernel
 %else
 
-Source11: centossecurebootca2.der
-Source12: centos-ca-secureboot.der
-Source13: centossecureboot201.der
-Source14: centossecureboot001.der
+Source11: redhatsecurebootca4.cer
+Source12: redhatsecurebootca2.cer
+Source13: redhatsecureboot401.cer
+Source14: redhatsecureboot003.cer
 
 %define secureboot_ca_0 %{SOURCE12}
 %define secureboot_ca_1 %{SOURCE11}
 %define secureboot_key_0 %{SOURCE14}
-%define pesign_name_0 centossecureboot001
+%define pesign_name_0 redhatsecureboot003
 %define secureboot_key_1 %{SOURCE13}
-%define pesign_name_1 centossecureboot201
+%define pesign_name_1 redhatsecureboot401
 
 # released_kernel
 %endif
@@ -507,8 +517,8 @@ Source43: generate_bls_conf.sh
 
 Source44: mod-internal.list
 
-Source100: centos-dup.x509
-Source101: centos-kpatch.x509
+Source100: rheldup3.x509
+Source101: rhelkpatch1.x509
 
 %if %{with_kabichk}
 Source200: check-kabi
@@ -536,8 +546,6 @@ Source2000: cpupower.service
 Source2001: cpupower.config
 Source2002: kvm_stat.logrotate
 
-Source9000: centos.pem
-
 ## Patches needed for building this package
 
 # empty final patch to facilitate testing of kernel patches
@@ -548,8 +556,8 @@ Patch999999: linux-kernel-test.patch
 BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
 
 %description
-This is the package which provides the Linux %{name} for CentOS.
-It is based on upstream Linux at version %{version} and maintains kABI
+This is the package which provides the Linux %{name} for Red Hat Enterprise
+Linux. It is based on upstream Linux at version %{version} and maintains kABI
 compatibility of a set of approved symbols, however it is heavily modified with
 backports and fixes pulled from newer upstream Linux %{name} releases. This means
 this is not a %{version} kernel anymore: it includes several components which come
@@ -557,7 +565,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
 core. Some of the components/backports that may be pulled in are: changes like
 updates to the core kernel (eg.: scheduler, cgroups, memory management, security
 fixes and features), updates to block layer, supported filesystems, major driver
-updates for supported hardware in CentOS, enhancements for
+updates for supported hardware in Red Hat Enterprise Linux, enhancements for
 enterprise customers, etc.
 
 #
@@ -798,14 +806,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
 %endif
 
 %package -n %{name}-abi-stablelists
-Summary: The CentOS kernel ABI symbol stablelists
+Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
 Group: System Environment/Kernel
 AutoReqProv: no
 Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
 Provides: %{name}-abi-whitelists
 %description -n %{name}-abi-stablelists
-The kABI package contains information pertaining to the CentOS
-kernel ABI, including lists of kernel symbols that are needed by
+The kABI package contains information pertaining to the Red Hat Enterprise
+Linux kernel ABI, including lists of kernel symbols that are needed by
 external Linux kernel modules, and a yum plugin to aid enforcement.
 
 %if %{with_kabidw_base}
@@ -814,8 +822,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
 Group: System Environment/Kernel
 AutoReqProv: no
 %description kernel-kabidw-base-internal
-The package contains data describing the current ABI of the CentOS
-kernel, suitable for the kabi-dw tool.
+The package contains data describing the current ABI of the Red Hat Enterprise
+Linux kernel, suitable for the kabi-dw tool.
 %endif
 
 #
@@ -887,7 +895,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
 AutoReq: no\
 AutoProv: yes\
 %description %{?1:%{1}-}modules-internal\
-This package provides kernel modules for the %{?2:%{2} }kernel package for CentOS internal usage.\
+This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
 %{nil}
 
 #
@@ -1085,7 +1093,6 @@ ApplyOptionalPatch()
 }
 
 %setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c
-cp -v %{SOURCE9000} linux-%{rpmversion}-%{pkgrelease}/certs/rhel.pem
 mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL}
 
 cd linux-%{KVERREL}
@@ -2621,6 +2628,627 @@ fi
 #
 #
 %changelog
+* Thu Aug 26 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-338.el8]
+- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) (Jon Maloy) [1985413] {CVE-2021-3653}
+- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) (Jon Maloy) [1985430] {CVE-2021-3656}
+- drm/i915/rkl: Remove require_force_probe protection (Lyude Paul) [1985159]
+- drm/i915/display: support ddr5 mem types (Lyude Paul) [1992233]
+- drm/i915/adl_s: Update ddi buf translation tables (Lyude Paul) [1992233]
+- drm/i915/adl_s: Wa_14011765242 is also needed on A1 display stepping (Lyude Paul) [1992233]
+- drm/i915/adl_s: Extend Wa_1406941453 (Lyude Paul) [1992233]
+- drm/i915: Implement Wa_1508744258 (Lyude Paul) [1992233]
+- drm/i915/adl_s: Fix dma_mask_size to 39 bit (Lyude Paul) [1992233]
+- drm/i915: Add the missing adls vswing tables (Lyude Paul) [1992233]
+- drm/i915: Add Wa_14011060649 (Lyude Paul) [1992233]
+- drm/i915/adl_s: Add Interrupt Support (Lyude Paul) [1992233]
+- drm/amdgpu: add another Renoir DID (Lyude Paul) [1980900]
+
+* Wed Aug 25 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-337.el8]
+- net/mlx5: Fix flow table chaining (Amir Tzin) [1987139]
+- openvswitch: fix sparse warning incorrect type (Mark Gray) [1992773]
+- openvswitch: fix alignment issues (Mark Gray) [1992773]
+- openvswitch: update kdoc OVS_DP_ATTR_PER_CPU_PIDS (Mark Gray) [1992773]
+- openvswitch: Introduce per-cpu upcall dispatch (Mark Gray) [1992773]
+- KVM: X86: Expose bus lock debug exception to guest (Paul Lai) [1842322]
+- KVM: X86: Add support for the emulation of DR6_BUS_LOCK bit (Paul Lai) [1842322]
+- scsi: libfc: Fix array index out of bound exception (Chris Leech) [1972643]
+- scsi: libfc: FDMI enhancements (Chris Leech) [1972643]
+- scsi: libfc: Add FDMI-2 attributes (Chris Leech) [1972643]
+- scsi: qedf: Add vendor identifier attribute (Chris Leech) [1972643]
+- scsi: libfc: Initialisation of RHBA and RPA attributes (Chris Leech) [1972643]
+- scsi: libfc: Correct the condition check and invalid argument passed (Chris Leech) [1972643]
+- scsi: libfc: Work around -Warray-bounds warning (Chris Leech) [1972643]
+- scsi: fc: FDMI enhancement (Chris Leech) [1972643]
+- scsi: libfc: Move scsi/fc_encode.h to libfc (Chris Leech) [1972643]
+- scsi: fc: Correct RHBA attributes length (Chris Leech) [1972643]
+- block: return ELEVATOR_DISCARD_MERGE if possible (Ming Lei) [1991976]
+- x86/fpu: Prevent state corruption in __fpu__restore_sig() (Terry Bowman) [1970086]
+- x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer (Terry Bowman) [1970086]
+- x86/pkru: Write hardware init value to PKRU when xstate is init (Terry Bowman) [1970086]
+- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (Terry Bowman) [1970086]
+- x86/fpu: Add address range checks to copy_user_to_xstate() (Terry Bowman) [1970086]
+- selftests/x86: Test signal frame XSTATE header corruption handling (Terry Bowman) [1970086]
+- Bump DRM backport version to 5.12.14 (Lyude Paul) [1944405]
+- drm/i915: Use the correct max source link rate for MST (Lyude Paul) [1944405 1966599]
+- drm/dp_mst: Use Extended Base Receiver Capability DPCD space (Lyude Paul) [1944405 1966599]
+- drm/i915/display: Defeature PSR2 for RKL and ADL-S (Lyude Paul) [1944405]
+- drm/i915/adl_s: ADL-S platform Update PCI ids for Mobile BGA (Lyude Paul) [1944405]
+- drm/amdgpu: wait for moving fence after pinning (Lyude Paul) [1944405]
+- drm/radeon: wait for moving fence after pinning (Lyude Paul) [1944405]
+- drm/nouveau: wait for moving fence after pinning v2 (Lyude Paul) [1944405]
+- radeon: use memcpy_to/fromio for UVD fw upload (Lyude Paul) [1944405]
+- drm/amd/amdgpu:save psp ring wptr to avoid attack (Lyude Paul) [1944405]
+- drm/amd/display: Fix potential memory leak in DMUB hw_init (Lyude Paul) [1944405]
+- drm/amdgpu: refine amdgpu_fru_get_product_info (Lyude Paul) [1944405]
+- drm/amd/display: Allow bandwidth validation for 0 streams. (Lyude Paul) [1944405]
+- drm: Lock pointer access in drm_master_release() (Lyude Paul) [1944405]
+- drm: Fix use-after-free read in drm_getunique() (Lyude Paul) [1944405]
+- drm/amdgpu: make sure we unpin the UVD BO (Lyude Paul) [1944405]
+- drm/amdgpu: Don't query CE and UE errors (Lyude Paul) [1944405]
+- drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
+- drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
+- drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
+- amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (Lyude Paul) [1944405]
+- drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (Lyude Paul) [1944405]
+- drm/amdgpu: stop touching sched.ready in the backend (Lyude Paul) [1944405]
+- drm/amd/amdgpu: fix a potential deadlock in gpu reset (Lyude Paul) [1944405]
+- drm/amdgpu: Fix a use-after-free (Lyude Paul) [1944405]
+- drm/amd/amdgpu: fix refcount leak (Lyude Paul) [1944405]
+- drm/amd/display: Disconnect non-DP with no EDID (Lyude Paul) [1944405]
+- drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
+- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
+- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
+- drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (Lyude Paul) [1944405]
+- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
+- drm/amd/pm: correct MGpuFanBoost setting (Lyude Paul) [1944405]
+- drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 (Lyude Paul) [1944405]
+- drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (Lyude Paul) [1944405]
+- dma-buf: fix unintended pin/unpin warnings (Lyude Paul) [1944405]
+- drm/amdgpu: update sdma golden setting for Navi12 (Lyude Paul) [1944405]
+- drm/amdgpu: update gc golden setting for Navi12 (Lyude Paul) [1944405]
+- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (Lyude Paul) [1944405]
+- drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (Lyude Paul) [1944405]
+- drm/radeon: use the dummy page for GART if needed (Lyude Paul) [1944405]
+- drm/amd/display: Use the correct max downscaling value for DCN3.x family (Lyude Paul) [1944405]
+- drm/i915/gem: Pin the L-shape quirked object as unshrinkable (Lyude Paul) [1944405]
+- drm/ttm: Do not add non-system domain BO into swap list (Lyude Paul) [1944405]
+- drm/amd/display: Fix two cursor duplication when using overlay (Lyude Paul) [1944405]
+- amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID (Lyude Paul) [1944405]
+- drm/i915/display: fix compiler warning about array overrun (Lyude Paul) [1944405]
+- drm/i915: Fix crash in auto_retire (Lyude Paul) [1944405]
+- drm/i915/overlay: Fix active retire callback alignment (Lyude Paul) [1944405]
+- drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (Lyude Paul) [1944405]
+- drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp (Lyude Paul) [1944405]
+- drm/i915/dp: Use slow and wide link training for everything (Lyude Paul) [1944405]
+- drm/i915: Avoid div-by-zero on gen2 (Lyude Paul) [1944405]
+- drm/amd/display: Initialize attribute for hdcp_srm sysfs file (Lyude Paul) [1944405]
+- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (Lyude Paul) [1944405]
+- drm/radeon: Avoid power table parsing memory leaks (Lyude Paul) [1944405]
+- drm/radeon: Fix off-by-one power_state index heap overwrite (Lyude Paul) [1944405]
+- drm/amdgpu: Add mem sync flag for IB allocated by SA (Lyude Paul) [1944405]
+- drm/amd/display: add handling for hdcp2 rx id list validation (Lyude Paul) [1944405]
+- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (Lyude Paul) [1944405]
+- drm/amd/display: Force vsync flip when reconfiguring MPCC (Lyude Paul) [1944405]
+- arm64: enable tlbi range instructions (Jeremy Linton) [1861872]
+- arm64: tlb: Use the TLBI RANGE feature in arm64 (Jeremy Linton) [1861872]
+- arm64: tlb: Detect the ARMv8.4 TLBI RANGE feature (Jeremy Linton) [1861872]
+- arm64/cpufeature: Add remaining feature bits in ID_AA64ISAR0 register (Jeremy Linton) [1861872]
+- arm64: tlbflush: Ensure start/end of address range are aligned to stride (Jeremy Linton) [1861872]
+- arm64: Detect the ARMv8.4 TTL feature (Jeremy Linton) [1861872]
+- arm64: tlbi: Set MAX_TLBI_OPS to PTRS_PER_PTE (Jeremy Linton) [1861872]
+
+* Tue Aug 24 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-336.el8]
+- bpf: Fix integer overflow involving bucket_size (Jiri Olsa) [1992588]
+- bpf: Fix leakage due to insufficient speculative store bypass mitigation (Jiri Olsa) [1992588]
+- bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (Jiri Olsa) [1992588]
+- bpf: Fix OOB read when printing XDP link fdinfo (Jiri Olsa) [1992588]
+- bpf, test: fix NULL pointer dereference on invalid expected_attach_type (Jiri Olsa) [1992588]
+- bpf: Fix tail_call_reachable rejection for interpreter when jit failed (Jiri Olsa) [1992588]
+- bpf: Track subprog poke descriptors correctly and fix use-after-free (Jiri Olsa) [1992588]
+- bpf: Fix null ptr deref with mixed tail calls and subprogs (Jiri Olsa) [1992588]
+- bpf: Fix leakage under speculation on mispredicted branches (Jiri Olsa) [1992588]
+- bpf: Set mac_len in bpf_skb_change_head (Jiri Olsa) [1992588]
+- bpf: Prevent writable memory-mapping of read-only ringbuf pages (Jiri Olsa) [1992588]
+- bpf: Fix alu32 const subreg bound tracking on bitwise operations (Jiri Olsa) [1992588]
+- xsk: Fix broken Tx ring validation (Jiri Olsa) [1992588]
+- xsk: Fix for xp_aligned_validate_desc() when len == chunk_size (Jiri Olsa) [1992588]
+- bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (Jiri Olsa) [1992588]
+- bpf: Refcount task stack in bpf_get_task_stack (Jiri Olsa) [1992588]
+- bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG (Jiri Olsa) [1992588]
+- selftest/bpf: Add a test to check trampoline freeing logic. (Jiri Olsa) [1992588]
+- bpf: Fix fexit trampoline. (Jiri Olsa) [1992588]
+- ftrace: Fix modify_ftrace_direct. (Jiri Olsa) [1992588]
+- ftrace: Add a helper function to modify_ftrace_direct() to allow arch optimization (Jiri Olsa) [1992588]
+- ftrace: Add helper find_direct_entry() to consolidate code (Jiri Olsa) [1992588]
+- bpf: Fix truncation handling for mod32 dst reg wrt zero (Jiri Olsa) [1992588]
+- bpf: Fix an unitialized value in bpf_iter (Jiri Olsa) [1992588]
+- bpf_lru_list: Read double-checked variable once without lock (Jiri Olsa) [1992588]
+- mt76: validate rx A-MSDU subframes (Íñigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}
+- ath11k: Drop multicast fragments (Íñigo Huguet) [1991459] {CVE-2020-26145}
+- ath11k: Clear the fragment cache during key install (Íñigo Huguet) [1991459] {CVE-2020-24587}
+- ath10k: Validate first subframe of A-MSDU before processing the list (Íñigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}
+- ath10k: Fix TKIP Michael MIC verification for PCIe (Íñigo Huguet) [1991459] {CVE-2020-26141}
+- ath10k: drop MPDU which has discard flag set by firmware for SDIO (Íñigo Huguet) [1991459] {CVE-2020-24588}
+- ath10k: drop fragments with multicast DA for SDIO (Íñigo Huguet) [1991459] {CVE-2020-26145}
+- ath10k: drop fragments with multicast DA for PCIe (Íñigo Huguet) [1991459] {CVE-2020-26145}
+- ath10k: add CCMP PN replay protection for fragmented frames for PCIe (Íñigo Huguet) [1991459]
+- mac80211: extend protection against mixed key and fragment cache attacks (Íñigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}
+- mac80211: do not accept/forward invalid EAPOL frames (Íñigo Huguet) [1991459] {CVE-2020-26139}
+- mac80211: prevent attacks on TKIP/WEP as well (Íñigo Huguet) [1991459] {CVE-2020-26141}
+- mac80211: check defrag PN against current frame (Íñigo Huguet) [1991459]
+- mac80211: add fragment cache to sta_info (Íñigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}
+- mac80211: drop A-MSDUs on old ciphers (Íñigo Huguet) [1991459] {CVE-2020-24588}
+- cfg80211: mitigate A-MSDU aggregation attacks (Íñigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}
+- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Íñigo Huguet) [1991459]
+- mac80211: prevent mixed key and fragment cache attacks (Íñigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}
+- mac80211: assure all fragments are encrypted (Íñigo Huguet) [1991459] {CVE-2020-26147}
+- tipc: call tipc_wait_for_connect only when dlen is not 0 (Xin Long) [1989361]
+- mptcp: remove tech preview warning (Florian Westphal) [1985120]
+- tcp: consistently disable header prediction for mptcp (Florian Westphal) [1985120]
+- selftests: mptcp: fix case multiple subflows limited by server (Florian Westphal) [1985120]
+- selftests: mptcp: turn rp_filter off on each NIC (Florian Westphal) [1985120]
+- selftests: mptcp: display proper reason to abort tests (Florian Westphal) [1985120]
+- mptcp: properly account bulk freed memory (Florian Westphal) [1985120]
+- mptcp: fix 'masking a bool' warning (Florian Westphal) [1985120]
+- mptcp: refine mptcp_cleanup_rbuf (Florian Westphal) [1985120]
+- mptcp: use fast lock for subflows when possible (Florian Westphal) [1985120]
+- mptcp: avoid processing packet if a subflow reset (Florian Westphal) [1985120]
+- mptcp: add sk parameter for mptcp_get_options (Florian Westphal) [1985120]
+- mptcp: fix syncookie process if mptcp can not_accept new subflow (Florian Westphal) [1985120]
+- mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join (Florian Westphal) [1985120]
+- mptcp: avoid race on msk state changes (Florian Westphal) [1985120]
+- mptcp: fix 32 bit DSN expansion (Florian Westphal) [1985120]
+- mptcp: fix bad handling of 32 bit ack wrap-around (Florian Westphal) [1985120]
+- tcp: parse mptcp options contained in reset packets (Florian Westphal) [1985120]
+- ionic: count csum_none when offload enabled (Jonathan Toppins) [1991646]
+- ionic: fix up dim accounting for tx and rx (Jonathan Toppins) [1991646]
+- ionic: remove intr coalesce update from napi (Jonathan Toppins) [1991646]
+- ionic: catch no ptp support earlier (Jonathan Toppins) [1991646]
+- ionic: make all rx_mode work threadsafe (Jonathan Toppins) [1991646]
+- dmaengine: idxd: Fix missing error code in idxd_cdev_open() (Jerry Snitselaar) [1990637]
+- dmaengine: idxd: add missing dsa driver unregister (Jerry Snitselaar) [1990637]
+- dmaengine: idxd: add engine 'struct device' missing bus type assignment (Jerry Snitselaar) [1990637]
+- dmaengine: idxd: remove MSIX masking for interrupt handlers (Jerry Snitselaar) [1990637]
+- dmaengine: idxd: Use cpu_feature_enabled() (Jerry Snitselaar) [1990637]
+- dmaengine: idxd: enable SVA feature for IOMMU (Jerry Snitselaar) [1990637]
+- dmagenine: idxd: Don't add portal offset in idxd_submit_desc (Jerry Snitselaar) [1990637]
+- ethtool: strset: fix message length calculation (Balazs Nemeth) [1989003]
+- net: add strict checks in netdev_name_node_alt_destroy() (Andrea Claudi) [1859038]
+- net: rtnetlink: fix bugs in rtnl_alt_ifname() (Andrea Claudi) [1859038]
+- net: rtnetlink: add linkprop commands to add and delete alternative ifnames (Andrea Claudi) [1859038]
+- net: check all name nodes in __dev_alloc_name (Andrea Claudi) [1859038]
+- net: fix a leak in register_netdevice() (Andrea Claudi) [1859038]
+- tun: fix memory leak in error path (Andrea Claudi) [1859038]
+- net: propagate errors correctly in register_netdevice() (Andrea Claudi) [1859038]
+- net: introduce name_node struct to be used in hashlist (Andrea Claudi) [1859038]
+- net: procfs: use index hashlist instead of name hashlist (Andrea Claudi) [1859038]
+- configs: Enable CONFIG_CHELSIO_INLINE_CRYPTO (Raju Rangoju) [1961368]
+- cxgb4/ch_ktls: Clear resources when pf4 device is removed (Raju Rangoju) [1961374]
+- ch_ktls: Remove redundant variable result (Raju Rangoju) [1961374]
+- ch_ktls: do not send snd_una update to TCB in middle (Raju Rangoju) [1961374]
+- ch_ktls: tcb close causes tls connection failure (Raju Rangoju) [1961374]
+- ch_ktls: fix device connection close (Raju Rangoju) [1961374]
+- ch_ktls: Fix kernel panic (Raju Rangoju) [1961374]
+- ch_ktls: fix enum-conversion warning (Raju Rangoju) [1961374]
+- net: ethernet: chelsio: inline_crypto: Mundane typos fixed throughout the file chcr_ktls.c (Raju Rangoju) [1961374]
+- ch_ipsec: Remove initialization of rxq related data (Raju Rangoju) [1961388]
+- ch_ktls: fix build warning for ipv4-only config (Raju Rangoju) [1961374]
+- ch_ktls: lock is not freed (Raju Rangoju) [1961374]
+- ch_ktls: stop the txq if reaches threshold (Raju Rangoju) [1961374]
+- ch_ktls: tcb update fails sometimes (Raju Rangoju) [1961374]
+- ch_ktls/cxgb4: handle partial tag alone SKBs (Raju Rangoju) [1961374]
+- ch_ktls: don't free skb before sending FIN (Raju Rangoju) [1961374]
+- ch_ktls: packet handling prior to start marker (Raju Rangoju) [1961374]
+- ch_ktls: Correction in middle record handling (Raju Rangoju) [1961374]
+- ch_ktls: missing handling of header alone (Raju Rangoju) [1961374]
+- ch_ktls: Correction in trimmed_len calculation (Raju Rangoju) [1961374]
+- cxgb4/ch_ktls: creating skbs causes panic (Raju Rangoju) [1961374]
+- ch_ktls: Update cheksum information (Raju Rangoju) [1961374]
+- ch_ktls: Correction in finding correct length (Raju Rangoju) [1961374]
+- cxgb4/ch_ktls: decrypted bit is not enough (Raju Rangoju) [1961374]
+- cxgb4/ch_ipsec: Replace the module name to ch_ipsec from chcr (Raju Rangoju) [1961388]
+- cxgb4/ch_ktls: ktls stats are added at port level (Raju Rangoju) [1961374]
+- ch_ktls: Issue if connection offload fails (Raju Rangoju) [1961374]
+- chelsio/chtls: Re-add dependencies on CHELSIO_T4 to fix modular CHELSIO_T4 (Raju Rangoju) [1961388]
+- chelsio/chtls: CHELSIO_INLINE_CRYPTO should depend on CHELSIO_T4 (Raju Rangoju) [1961388]
+- crypto: chelsio - fix minor indentation issue (Raju Rangoju) [1961368]
+- crypto/chcr: move nic TLS functionality to drivers/net (Raju Rangoju) [1961368]
+- cxgb4/ch_ipsec: Registering xfrmdev_ops with cxgb4 (Raju Rangoju) [1961388]
+- crypto/chcr: Moving chelsio's inline ipsec functionality to /drivers/net (Raju Rangoju) [1961368]
+- chelsio/chtls: separate chelsio tls driver from crypto driver (Raju Rangoju) [1961368]
+- crypto: chelsio - Fix some pr_xxx messages (Raju Rangoju) [1961368]
+- crypto: chelsio - Avoid some code duplication (Raju Rangoju) [1961368]
+- crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY (Raju Rangoju) [1961368]
+- crypto: aead - remove useless setting of type flags (Raju Rangoju) [1961368]
+- crypto: Replace zero-length array with flexible-array (Raju Rangoju) [1961368]
+- [Crypto] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961368]
+- Crypto/chcr: Checking cra_refcnt before unregistering the algorithms (Raju Rangoju) [1961368]
+- Crypto/chcr: Calculate src and dst sg lengths separately for dma map (Raju Rangoju) [1961368]
+- Crypto/chcr: Fixes a coccinile check error (Raju Rangoju) [1961368]
+- Crypto/chcr: Fixes compilations warnings (Raju Rangoju) [1961368]
+- crypto/chcr: IPV6 code needs to be in CONFIG_IPV6 (Raju Rangoju) [1961368]
+- crypto: lib/sha1 - remove unnecessary includes of linux/cryptohash.h (Raju Rangoju) [1961368]
+- Crypto/chcr: fix for hmac(sha) test fails (Raju Rangoju) [1961368]
+- Crypto/chcr: fix for ccm(aes) failed test (Raju Rangoju) [1961368]
+- Crypto/chcr: fix ctr, cbc, xts and rfc3686-ctr failed tests (Raju Rangoju) [1961368]
+- crypto: chelsio - remove redundant assignment to variable error (Raju Rangoju) [1961368]
+- chcr: Fix CPU hard lockup (Raju Rangoju) [1961368]
+- crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN (Raju Rangoju) [1961368]
+- crypto: chelsio - switch to skcipher API (Raju Rangoju) [1961368]
+- crypto: chelsio - Remove VLA usage of skcipher (Raju Rangoju) [1961368]
+
+* Mon Aug 23 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-335.el8]
+- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (Chris von Recklinghausen) [1989485] {CVE-2021-3679}
+- vmlinux.lds.h: Keep .ctors.* with .ctors (Jan Stancek) [1993208]
+- spi: pxa2xx: Add support for Intel Alder Lake PCH-P (Steve Best) [1978463]
+- bnxt_en: allow promiscuous mode for trusted VFs (Jonathan Toppins) [1730616]
+- arm64: memory: Add missing brackets to untagged_addr() macro (Chris von Recklinghausen) [1955809]
+- arm64: tags: Preserve tags for addresses translated via TTBR1 (Chris von Recklinghausen) [1955809]
+- arm64: entry: Move ct_user_exit before any other exception (Chris von Recklinghausen) [1955809]
+- arm64: memory: Implement __tag_set() as common function (Chris von Recklinghausen) [1955809]
+- arm64: mm: Really fix sparse warning in untagged_addr() (Chris von Recklinghausen) [1955809]
+- arm64: untag user pointers in access_ok and __uaccess_mask_ptr (Chris von Recklinghausen) [1955809]
+- arm64/mm: fix variable 'tag' set but not used (Chris von Recklinghausen) [1955809]
+- arm64: entry: SP Alignment Fault doesn't write to FAR_EL1 (Chris von Recklinghausen) [1955809]
+- arm64: compat: Add separate CP15 trapping hook (Chris von Recklinghausen) [1955809]
+- arm64: don't restore GPRs when context tracking (Chris von Recklinghausen) [1955809]
+
+* Fri Aug 20 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-334.el8]
+- bareudp: Fix invalid read beyond skb's linear data (Guillaume Nault) [1990938]
+- perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (Michael Petlan) [1990695]
+- net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands (Balazs Nemeth) [1956825]
+- net: dcb: Validate netlink message in DCB handler (Balazs Nemeth) [1956825]
+- xfrm: Fix RCU vs hash_resize_mutex lock inversion (Sabrina Dubroca) [1988405]
+- Revert "xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype" (Sabrina Dubroca) [1988405]
+- xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (Sabrina Dubroca) [1988405]
+- [s390] s390/AP: support new dynamic AP bus size limit (Claudio Imbrenda) [1974581]
+- net: sched: act_mirred: Reset ct info when mirror/redirect skb (Hangbin Liu) [1980532]
+- ucounts: Move max_time_namespace according to ucount_type (Alex Gladkov) [1982954]
+- perf vendor events power10: Adds 24x7 nest metric events for power10 platform (Diego Domingos) [1946650]
+- perf/core: fix backport of PERF_SAMPLE_WEIGHT_STRUCT (Diego Domingos) [1946650]
+- perf/core: Add support for PERF_SAMPLE_CODE_PAGE_SIZE (Diego Domingos) [1946650]
+- perf vendor events powerpc: Fix eventcode of power10 JSON events (Diego Domingos) [1946650]
+- perf vendor events: Initial JSON/events list for power10 platform (Diego Domingos) [1946650]
+- powerpc/perf: Fix sampled instruction type for larx/stcx (Diego Domingos) [1946650]
+- powerpc/perf: Fix the threshold event selection for memory events in power10 (Diego Domingos) [1946650]
+- perf sort: Display sort dimension p_stage_cyc only on supported archs (Diego Domingos) [1946650]
+- perf tools: Support pipeline stage cycles for powerpc (Diego Domingos) [1946650]
+- perf powerpc: Add support for PERF_SAMPLE_WEIGHT_STRUCT (Diego Domingos) [1946650]
+- perf sort: Add dynamic headers for perf report columns (Diego Domingos) [1946650]
+- powerpc/perf: Expose processor pipeline stage cycles using PERF_SAMPLE_WEIGHT_STRUCT (Diego Domingos) [1946650]
+- Documentation/admin-guide: kernel-parameters: fix "disable_ddw" wording (Diego Domingos) [1946650]
+- powerpc/perf: Support PERF_SAMPLE_DATA_PAGE_SIZE (Diego Domingos) [1946650]
+- perf/core: Add PERF_SAMPLE_DATA_PAGE_SIZE (Diego Domingos) [1946650]
+- powerpc/perf: Infrastructure to support checking of attr.config* (Diego Domingos) [1946650]
+- powerpc/perf: Add platform specific check_attr_config (Diego Domingos) [1946650]
+- ice: add support for auxiliary input/output pins (Jonathan Toppins) [1956913]
+- ice: enable transmit timestamps for E810 devices (Jonathan Toppins) [1944818]
+- ice: enable receive hardware timestamping (Jonathan Toppins) [1944818]
+- ice: report the PTP clock index in ethtool .get_ts_info (Jonathan Toppins) [1944818]
+- ice: register 1588 PTP clock device object for E810 devices (Jonathan Toppins) [1944818]
+- ice: add low level PTP clock access functions (Jonathan Toppins) [1944818]
+- ice: add support for set/get of driver-stored firmware parameters (Jonathan Toppins) [1944818]
+- ice: process 1588 PTP capabilities during initialization (Jonathan Toppins) [1944818]
+- ice: add support for sideband messages (Jonathan Toppins) [1944818]
+
+* Wed Aug 18 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-333.el8]
+- bnxt_en: Fix static checker warning in bnxt_fw_reset_task() (Jonathan Toppins) [1989274]
+- bnxt_en: Check abort error state in bnxt_half_open_nic() (Jonathan Toppins) [1989274]
+- bnxt_en: fix error path of FW reset (Jonathan Toppins) [1989274]
+- bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (Jonathan Toppins) [1989274]
+- bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (Jonathan Toppins) [1989274]
+- bnxt_en: reject ETS settings that will starve a TC (Jonathan Toppins) [1989274]
+- bnxt_en: don't disable an already disabled PCI device (Jonathan Toppins) [1989274]
+- bnxt_en: Remove the read of BNXT_FW_RESET_INPROG_REG after firmware reset. (Jonathan Toppins) [1989274]
+- i40e: Fix log TC creation failure when max num of queues is exceeded (Stefan Assmann) [1920274]
+- i40e: Fix queue-to-TC mapping on Tx (Stefan Assmann) [1920274]
+- i40e: Add additional info to PHY type error (Stefan Assmann) [1920274]
+- i40e: Fix firmware LLDP agent related warning (Stefan Assmann) [1920274]
+- i40e: Fix logic of disabling queues (Stefan Assmann) [1920274]
+- i40e: add support for PTP external synchronization clock (Stefan Assmann) [1920274]
+- i40e: improve locking of mac_filter_hash (Stefan Assmann) [1920274]
+- i40e: Fix missing rtnl locking when setting up pf switch (Stefan Assmann) [1920274]
+- i40e: fix PTP on 5Gb links (Stefan Assmann) [1920274]
+- i40e: Fix autoneg disabling for non-10GBaseT links (Stefan Assmann) [1920274]
+- i40e: Fix error handling in i40e_vsi_open (Stefan Assmann) [1920274]
+- intel: Remove rcu_read_lock() around XDP program invocation (Stefan Assmann) [1920274]
+- i40e: clean up packet type lookup table (Stefan Assmann) [1920274]
+- i40e: add correct exception tracing for XDP (Stefan Assmann) [1920274]
+- i40e: Remove LLDP frame filters (Stefan Assmann) [1920274]
+- i40e: Fix PHY type identifiers for 2.5G and 5G adapters (Stefan Assmann) [1920274]
+- i40e: Fix use-after-free in i40e_client_subtask() (Stefan Assmann) [1920274]
+- i40e: fix broken XDP support (Stefan Assmann) [1920274]
+- i40e: refactor repeated link state reporting code (Stefan Assmann) [1920274]
+- i40e: optimize for XDP_REDIRECT in xsk path (Stefan Assmann) [1920274]
+- i40e: fix the panic when running bpf in xdpdrv mode (Stefan Assmann) [1920274]
+- i40e: Fix sparse warning: missing error code 'err' (Stefan Assmann) [1920274]
+- i40e: Fix sparse error: 'vsi->netdev' could be null (Stefan Assmann) [1920274]
+- i40e: Fix sparse error: uninitialized symbol 'ring' (Stefan Assmann) [1920274]
+- i40e: Fix sparse errors in i40e_txrx.c (Stefan Assmann) [1920274]
+- i40e: Fix display statistics for veb_tc (Stefan Assmann) [1920274]
+- i40e: fix receiving of single packets in xsk zero-copy mode (Stefan Assmann) [1920274]
+- i40e: Fix inconsistent indenting (Stefan Assmann) [1920274]
+- i40e: Fix oops at i40e_rebuild() (Stefan Assmann) [1920274]
+- i40e: Fix kernel oops when i40e driver removes VF's (Stefan Assmann) [1920274]
+- i40e: Added Asym_Pause to supported link modes (Stefan Assmann) [1920274]
+- net: i40e: remove repeated words (Stefan Assmann) [1920274]
+- bpf, devmap: Move drop error path to devmap for XDP_REDIRECT (Stefan Assmann) [1920274]
+- intel: clean up mismatched header comments (Stefan Assmann) [1920274]
+- intel: Update drivers to use ethtool_sprintf (Stefan Assmann) [1920274]
+- i40e: move headroom initialization to i40e_configure_rx_ring (Stefan Assmann) [1920274]
+- i40e: Fix endianness conversions (Stefan Assmann) [1920274]
+- i40e: Fix add TC filter for IPv6 (Stefan Assmann) [1920274]
+- i40e: Fix addition of RX filters after enabling FW LLDP agent (Stefan Assmann) [1920274]
+- i40e: Fix overwriting flow control settings during driver loading (Stefan Assmann) [1920274]
+- i40e: Add zero-initialization of AQ command structures (Stefan Assmann) [1920274]
+- i40e: Fix memory leak in i40e_probe (Stefan Assmann) [1920274]
+- i40e: Fix flow for IPv6 next header (extension header) (Stefan Assmann) [1920274]
+- i40e: Fix incorrect argument in call to ipv6_addr_any() (Stefan Assmann) [1920274]
+- i40e: store the result of i40e_rx_offset() onto i40e_ring (Stefan Assmann) [1920274]
+- i40e: Simplify the do-while allocation loop (Stefan Assmann) [1920274]
+- i40e: adjust i40e_is_non_eop (Stefan Assmann) [1920274]
+- i40e: drop misleading function comments (Stefan Assmann) [1920274]
+- i40e: drop redundant check when setting xdp prog (Stefan Assmann) [1920274]
+- i40e: remove the useless value assignment in i40e_clean_adminq_subtask (Stefan Assmann) [1920274]
+- i40e: VLAN field for flow director (Stefan Assmann) [1920274]
+- i40e: Add flow director support for IPv6 (Stefan Assmann) [1920274]
+- i40e: Add EEE status getting & setting implementation (Stefan Assmann) [1920274]
+- i40e: Fix uninitialized variable mfs_max (Stefan Assmann) [1920274]
+- i40e: Add netlink callbacks support for software based DCB (Stefan Assmann) [1920274]
+- i40e: Add init and default config of software based DCB (Stefan Assmann) [1920274]
+- i40e: Add hardware configuration for software based DCB (Stefan Assmann) [1920274]
+- i40e: Log error for oversized MTU on device (Stefan Assmann) [1920274]
+- i40e: consolidate handling of XDP program actions (Stefan Assmann) [1920274]
+- i40e: remove the redundant buffer info updates (Stefan Assmann) [1920274]
+- i40e: remove unnecessary cleaned_count updates (Stefan Assmann) [1920274]
+- i40e: remove unnecessary memory writes of the next to clean pointer (Stefan Assmann) [1920274]
+- i40e: Use batched xsk Tx interfaces to increase performance (Stefan Assmann) [1920274]
+- i40e: convert to new udp_tunnel infrastructure (Stefan Assmann) [1920274]
+- netfilter: nf_tables: skip module reference count bump on object updates (Fernando Fernandez Mancera) [1944487]
+- netfilter: nf_tables: fix unexpected EOPNOTSUPP error (Fernando Fernandez Mancera) [1944487]
+- netfilter: nf_tables: Fix an Oops in nf_tables_updobj() error handling (Fernando Fernandez Mancera) [1944487]
+- netfilter: nf_tables: fix possible null-pointer dereference in object update (Fernando Fernandez Mancera) [1944487]
+- netfilter: nft_quota: add quota object update support (Fernando Fernandez Mancera) [1944487]
+- netfilter: nf_tables: Introduce stateful object update operation (Fernando Fernandez Mancera) [1944487]
+- cifs: retry lookup and readdir when EAGAIN is returned. (Ronnie Sahlberg) [1972411]
+- netfilter: nf_tables: Fix dereference of null pointer flow (Florian Westphal) [1985087]
+- netfilter: nf_tables: memleak in hw offload abort path (Florian Westphal) [1985087]
+- netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols (Florian Westphal) [1985087]
+- netfilter: synproxy: Fix out of bounds when parsing TCP options (Florian Westphal) [1985087]
+- netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches (Florian Westphal) [1985087]
+- ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service (Florian Westphal) [1985087]
+- netfilter: nftables: avoid overflows in nft_hash_buckets() (Florian Westphal) [1985087]
+- netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check (Florian Westphal) [1985087]
+- netfilter: nf_tables_offload: check FLOW_DISSECTOR_KEY_BASIC in VLAN transfer logic (Florian Westphal) [1985087]
+- netfilter: nftables_offload: special ethertype handling for VLAN (Florian Westphal) [1985087]
+- netfilter: nftables_offload: VLAN id needs host byteorder in flow dissector (Florian Westphal) [1985087]
+- netfilter: nft_payload: fix C-VLAN offload support (Florian Westphal) [1985087]
+- ipvs: allow connection reuse for unconfirmed conntrack (Florian Westphal) [1985087]
+- net: fix GRO skb truesize update (Paolo Abeni) [1987391]
+- sk_buff: avoid potentially clearing 'slow_gro' field (Paolo Abeni) [1987391]
+- veth: use skb_prepare_for_gro() (Paolo Abeni) [1987391]
+- skbuff: allow 'slow_gro' for skb carring sock reference (Paolo Abeni) [1987391]
+- net: optimize GRO for the common case. (Paolo Abeni) [1987391]
+- sk_buff: track extension status in slow_gro (Paolo Abeni) [1987391]
+- sk_buff: track dst status in slow_gro (Paolo Abeni) [1987391]
+- sk_buff: introduce 'slow_gro' flags (Paolo Abeni) [1987391]
+- skbuff: Fix build with SKB extensions disabled (Paolo Abeni) [1987391]
+- skbuff: Release nfct refcount on napi stolen or re-used skbs (Paolo Abeni) [1987391]
+- selftests: net: veth: add tests for set_channel (Paolo Abeni) [1987391]
+- veth: create by default nr_possible_cpus queues (Paolo Abeni) [1987391]
+- veth: implement support for set_channel ethtool op (Paolo Abeni) [1987391]
+- veth: factor out initialization helper (Paolo Abeni) [1987391]
+- veth: always report zero combined channels (Paolo Abeni) [1987391]
+- veth: Implement ethtool's get_channelis() callback (Paolo Abeni) [1987391]
+- net: add GSO UDP L4 and GSO fraglists to the list of software-backed types (Paolo Abeni) [1987391]
+- ice: Support RSS configure removal for AVF (Jonathan Toppins) [1946726]
+- ice: Enable RSS configure for AVF (Jonathan Toppins) [1946726]
+- ice: Add helper function to get the VF's VSI (Jonathan Toppins) [1946726]
+- ice: remove redundant assignment to pointer vsi (Jonathan Toppins) [1946726]
+- ice: Advertise virtchnl UDP segmentation offload capability (Jonathan Toppins) [1946726]
+- ice: Allow ignoring opcodes on specific VF (Jonathan Toppins) [1946726]
+- ice: warn about potentially malicious VFs (Jonathan Toppins) [1946726]
+- ice: Consolidate VSI state and flags (Jonathan Toppins) [1946726]
+- ice: Refactor ice_set/get_rss into LUT and key specific functions (Jonathan Toppins) [1946726]
+- ice: Refactor get/set RSS LUT to use struct parameter (Jonathan Toppins) [1946726]
+- ice: Change ice_vsi_setup_q_map() to not depend on RSS (Jonathan Toppins) [1946726]
+- ice: Check FDIR program status for AVF (Jonathan Toppins) [1946726]
+- ice: Add more FDIR filter type for AVF (Jonathan Toppins) [1946726]
+- ice: Add GTPU FDIR filter for AVF (Jonathan Toppins) [1946726]
+- ice: Add non-IP Layer2 protocol FDIR filter for AVF (Jonathan Toppins) [1946726]
+- ice: Add new actions support for VF FDIR (Jonathan Toppins) [1946726]
+- ice: Add FDIR pattern action parser for VF (Jonathan Toppins) [1946726]
+- ice: Enable FDIR Configure for AVF (Jonathan Toppins) [1946726]
+- ice: Add support for per VF ctrl VSI enabling (Jonathan Toppins) [1946726]
+- ice: Enhanced IPv4 and IPv6 flow filter (Jonathan Toppins) [1946726]
+- ice: Support to separate GTP-U uplink and downlink (Jonathan Toppins) [1946726]
+- ice: Add more advanced protocol support in flow filter (Jonathan Toppins) [1946726]
+- ice: Support non word aligned input set field (Jonathan Toppins) [1946726]
+- ice: Add more basic protocol support for flow filter (Jonathan Toppins) [1946726]
+- sctp: move the active_key update after sh_keys is added (Xin Long) [1986966]
+- sctp: fix return value check in __sctp_rcv_asconf_lookup (Xin Long) [1986966]
+- sctp: delete addr based on sin6_scope_id (Xin Long) [1986966]
+- sctp: update active_key for asoc when old key is being replaced (Xin Long) [1986966]
+- sctp: move 198 addresses from unusable to private scope (Xin Long) [1986966]
+- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (Xin Long) [1986966]
+- sctp: validate chunk size in __rcv_asconf_lookup (Xin Long) [1986966]
+- sctp: add size validation when walking chunks (Xin Long) [1986966]
+- sctp: validate from_addr_param return (Xin Long) [1986966]
+- sctp: fix the proc_handler for sysctl encap_port (Xin Long) [1986966]
+- sctp: add the missing setting for asoc encap_port (Xin Long) [1986966]
+- sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b (Xin Long) [1986966]
+- sctp: Fix out-of-bounds warning in sctp_process_asconf_param() (Xin Long) [1986966]
+- sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms (Xin Long) [1986966]
+- bonding: allow nesting of bonding device (Antoine Tenart) [1989099]
+- bonding: avoid adding slave device with IFF_MASTER flag (Antoine Tenart) [1989099]
+- ice: don't remove netdev->dev_addr from uc sync list (Ken Cox) [1873969 1961018]
+- ice: Stop processing VF messages during teardown (Ken Cox) [1986451]
+- ice: Prevent probing virtual functions (Ken Cox) [1952810]
+- ima: extend boot_aggregate with kernel measurements (Bruno Meneguele) [1977422]
+- selftest/bpf: Verifier tests for var-off access (Jiri Olsa) [1960944] {CVE-2021-29155}
+- selftest/bpf: Adjust expected verifier errors (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: No need to simulate speculative domain for immediates (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Fix mask direction swap upon off reg sign change (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Wrap aux data inside bpf_sanitize_info container (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Fix pointer arithmetic mask tightening under state pruning (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Fix leakage of uninitialized bpf stack under speculation (Jiri Olsa) [1960944 1958070] {CVE-2021-29155 CVE-2021-31829}
+- bpf: Fix masking negation logic upon negative dst register (Jiri Olsa) [1960944 1958070] {CVE-2021-29155 CVE-2021-31829}
+- bpf: verifier: Allocate idmap scratch in verifier env (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Tighten speculative pointer arithmetic mask (Jiri Olsa) [1960944 1972496] {CVE-2021-29155 CVE-2021-33200}
+- bpf: Move sanitize_val_alu out of op switch (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Refactor and streamline bounds check into helper (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Allow variable-offset stack access (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Improve verifier error messages for users (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Rework ptr_limit into alu_limit and add common error path (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Ensure off_reg has no mixed signed bounds for all types (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Move off_reg into sanitize_ptr_alu (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Use correct permission flag for mixed signed bounds arithmetic (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Add sanity check for upper ptr_limit (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Simplify alu_limit masking for pointer arithmetic (Jiri Olsa) [1960944] {CVE-2021-29155}
+- bpf: Fix off-by-one for area size in creating mask to left (Jiri Olsa) [1960944] {CVE-2021-29155}
+- Documentation/x86: Add ratelimit in buslock.rst (Prarit Bhargava) [1948048]
+- Documentation/admin-guide: Add bus lock ratelimit (Prarit Bhargava) [1948048]
+- x86/bus_lock: Set rate limit for bus lock (Prarit Bhargava) [1948048]
+- Documentation/x86: Add buslock.rst (Prarit Bhargava) [1948048]
+- [s390] net/smc: Ensure correct state of the socket in send path (Claudio Imbrenda) [1731026]
+- [s390] net/smc: Fix ENODATA tests in smc_nl_get_fback_stats() (Claudio Imbrenda) [1731026]
+- [s390] net/smc: Make SMC statistics network namespace aware (Claudio Imbrenda) [1731026]
+- [s390] net/smc: Add netlink support for SMC fallback statistics (Claudio Imbrenda) [1731026]
+- [s390] net/smc: Add netlink support for SMC statistics (Claudio Imbrenda) [1731026]
+- [s390] net/smc: Add SMC statistics support (Claudio Imbrenda) [1731026]
+- [s390] s390/ap: Fix hanging ioctl caused by wrong msg counter (Claudio Imbrenda) [1984762]
+- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Jon Maloy) [1988226] {CVE-2021-37576}
+- NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT (Benjamin Coddington) [1983793]
+- selftests/powerpc: EBB selftest for MMCR0 control for PMU SPRs in ISA v3.1 (Desnes A. Nunes do Rosario) [1991753]
+- selftests/powerpc: Fix "no_handler" EBB selftest (Desnes A. Nunes do Rosario) [1991753]
+- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (Desnes A. Nunes do Rosario) [1991753]
+- powerpc/pmu: Make the generic compat PMU use the architected events (Desnes A. Nunes do Rosario) [1991753]
+- perf script python: Fix buffer size to report iregs in perf script (Desnes A. Nunes do Rosario) [1991753]
+- ceph: reduce contention in ceph_check_delayed_caps() (Jeff Layton) [1953430]
+
+* Mon Aug 16 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-332.el8]
+- net: mac802154: Fix general protection fault (Chris von Recklinghausen) [1984571] {CVE-2021-3659}
+- Bluetooth: fix the erroneous flush_work() order (Chris von Recklinghausen) [1964559] {CVE-2021-3564}
+- Bluetooth: use correct lock to prevent UAF of hdev object (Chris von Recklinghausen) [1968214] {CVE-2021-3573}
+- usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI (Torez Smith) [1972139]
+- usb: ehci: do not initialise static variables (Torez Smith) [1972139]
+- usb: host: move EH SINGLE_STEP_SET_FEATURE implementation to core (Torez Smith) [1972139]
+- USB: ehci: drop workaround for forced irq threading (Torez Smith) [1972139]
+- usb: ehci: add spurious flag to disable overcurrent checking (Torez Smith) [1972139]
+- perf test: Handle fd gaps in test__dso_data_reopen (Michael Petlan) [1871785]
+- tty: vt: always invoke vc->vc_sw->con_resize callback (Maxim Levitsky) [1957611]
+- iavf: fix locking of critical sections (Stefan Assmann) [1975245]
+- iavf: do not override the adapter state in the watchdog task (Stefan Assmann) [1975245]
+- ixgbe: Fix packet corruption due to missing DMA sync (Ken Cox) [1920269]
+- ixgbe: Fix an error handling path in 'ixgbe_probe()' (Ken Cox) [1920269]
+- intel: Remove rcu_read_lock() around XDP program invocation (Ken Cox) [1920269]
+- ixgbe: add correct exception tracing for XDP (Ken Cox) [1920269]
+- ixgbe: Fix out-bounds warning in ixgbe_host_interface_command() (Ken Cox) [1920269]
+- ixgbe: reduce checker warnings (Ken Cox) [1920269]
+- ixgbe: use checker safe conversions (Ken Cox) [1920269]
+- ixgbe: fix large MTU request from VF (Ken Cox) [1920269]
+- net: ethernet: intel: Fix a typo in the file ixgbe_dcb_nl.c (Ken Cox) [1920269]
+- net: intel: Remove unused function pointer typedef ixgbe_mc_addr_itr (Ken Cox) [1920269]
+- ixgbe: Support external GBE SerDes PHY BCM54616s (Ken Cox) [1920269]
+- ixgbe: fix unbalanced device enable/disable in suspend/resume (Ken Cox) [1920269]
+- ixgbe: Fix NULL pointer dereference in ethtool loopback test (Ken Cox) [1920269]
+- ixgbe: Fix fall-through warnings for Clang (Ken Cox) [1920269]
+- intel: clean up mismatched header comments (Ken Cox) [1920269]
+- bpf, devmap: Move drop error path to devmap for XDP_REDIRECT (Ken Cox) [1920269]
+- intel: Update drivers to use ethtool_sprintf (Ken Cox) [1920269]
+- ixgbe: optimize for XDP_REDIRECT in xsk path (Ken Cox) [1920269]
+- ixgbe: move headroom initialization to ixgbe_configure_rx_ring (Ken Cox) [1920269]
+- ixgbe: Fix memleak in ixgbe_configure_clsu32 (Ken Cox) [1920269]
+- ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (Ken Cox) [1920269]
+- ixgbe: store the result of ixgbe_rx_offset() onto ixgbe_ring (Ken Cox) [1920269]
+- net: ixgbe: use skb_csum_is_sctp instead of protocol check (Ken Cox) [1920269]
+- ixgbe: avoid premature Rx buffer reuse (Ken Cox) [1920269]
+- net: remove unneeded break (Ken Cox) [1920269]
+- ixgbe: add pause frame stats (Ken Cox) [1920269]
+- iavf: Set RSS LUT and key in reset handle path (Ken Cox) [1910853]
+- [netdrv] chelsio: Replace zero-length array with flexible-array member (Raju Rangoju) [1955208]
+- cxgb4: avoid collecting SGE_QBASE regs during traffic (Raju Rangoju) [1955208]
+- cxgb4: collect serial config version from register (Raju Rangoju) [1955208]
+- cxgb4: remove unused vpd_cap_addr (Raju Rangoju) [1955208]
+- cxgb4: remove bogus CHELSIO_VPD_UNIQUE_ID constant (Raju Rangoju) [1955208]
+- cxgb4: Assign boolean values to a bool variable (Raju Rangoju) [1955208]
+- cxgb4: enable interrupt based Tx completions for T5 (Raju Rangoju) [1955208]
+- cxgb4: fix the panic caused by non smac rewrite (Raju Rangoju) [1955208]
+- cxgb4: Fix the -Wmisleading-indentation warning (Raju Rangoju) [1955208]
+- cxgb4: set up filter action after rewrites (Raju Rangoju) [1955208]
+- cxgb4: handle 4-tuple PEDIT to NAT mode translation (Raju Rangoju) [1955208]
+- [netdrv] net: rename flow_action_hw_stats_types* -> flow_action_hw_stats* (Raju Rangoju) [1955208]
+- net: cxbg4: Remove pointless in_interrupt() check (Raju Rangoju) [1955208]
+- cxgb4: Avoid log flood (Raju Rangoju) [1955208]
+- cxgb4: fix memory leak during module unload (Raju Rangoju) [1955208]
+- cxgb4: Fix offset when clearing filter byte counters (Raju Rangoju) [1955208]
+- cxgb4: add error handlers to LE intr_handler (Raju Rangoju) [1955208]
+- cxgb4: insert IPv6 filter rules in next free region (Raju Rangoju) [1955208]
+- cxgb4: Fix race between loopback and normal Tx path (Raju Rangoju) [1955208]
+- cxgb4: Fix work request size calculation for loopback test (Raju Rangoju) [1955208]
+- cxgb4: add TC-MATCHALL IPv6 support (Raju Rangoju) [1955208]
+- cxgb4: fix extracting IP addresses in TC-FLOWER rules (Raju Rangoju) [1955208]
+- cxgb4: fix check for running offline ethtool selftest (Raju Rangoju) [1955208]
+- cxgb4: add loopback ethtool self-test (Raju Rangoju) [1955208]
+- net: cxgb4: reject unsupported coalescing params (Raju Rangoju) [1955208]
+- cxgb4: use eth_zero_addr() to clear mac address (Raju Rangoju) [1955208]
+- cxgb4: add missing release on skb in uld_send() (Raju Rangoju) [1955208]
+- cxgb4: convert to new udp_tunnel_nic infra (Raju Rangoju) [1955208]
+- cxgb4: fix all-mask IP address comparison (Raju Rangoju) [1955208]
+- cxgb4: add main VI to mirror VI config replication (Raju Rangoju) [1955208]
+- cxgb4: add support for mirror Rxqs (Raju Rangoju) [1955208]
+- cxgb4: add mirror action to TC-MATCHALL offload (Raju Rangoju) [1955208]
+- net: cxgb4: fix return error value in t4_prep_fw (Raju Rangoju) [1955208]
+- cxgb4: move device dump arrays in header to C file (Raju Rangoju) [1955208]
+- cxgb4: always sync access when flashing PHY firmware (Raju Rangoju) [1955208]
+- cxgb4: update kernel-doc line comments (Raju Rangoju) [1955208]
+- cxgb4: fix set but unused variable when DCB is disabled (Raju Rangoju) [1955208]
+- cxgb4: move DCB version extern to header file (Raju Rangoju) [1955208]
+- cxgb4: remove cast when saving IPv4 partial checksum (Raju Rangoju) [1955208]
+- cxgb4: fix SGE queue dump destination buffer context (Raju Rangoju) [1955208]
+- cxgb4: use correct type for all-mask IP address comparison (Raju Rangoju) [1955208]
+- cxgb4: fix endian conversions for L4 ports in filters (Raju Rangoju) [1955208]
+- cxgb4: parse TC-U32 key values and masks natively (Raju Rangoju) [1955208]
+- cxgb4: use unaligned conversion for fetching timestamp (Raju Rangoju) [1955208]
+- cxgb4: move PTP lock and unlock to caller in Tx path (Raju Rangoju) [1955208]
+- cxgb4: move handling L2T ARP failures to caller (Raju Rangoju) [1955208]
+- cxgb4: Use struct_size() helper (Raju Rangoju) [1955208]
+- cxgb4: add action to steer flows to specific Rxq (Raju Rangoju) [1955208]
+- cxgb4: add support to fetch ethtool n-tuple filters (Raju Rangoju) [1955208]
+- cxgb4: add ethtool n-tuple filter deletion (Raju Rangoju) [1955208]
+- cxgb4: add ethtool n-tuple filter insertion (Raju Rangoju) [1955208]
+- [netdrv] flow_offload: check for basic action hw stats type (Raju Rangoju) [1955208]
+- cxgb4: add skeleton for ethtool n-tuple filters (Raju Rangoju) [1955208]
+- cxgb4: add support to read serial flash (Raju Rangoju) [1955208]
+- cxgb4: add support to flash boot cfg image (Raju Rangoju) [1955208]
+- cxgb4: add support to flash boot image (Raju Rangoju) [1955208]
+- cxgb4: add support to flash PHY image (Raju Rangoju) [1955208]
+- cxgb4: update set_flash to flash different images (Raju Rangoju) [1955208]
+- cxgb4: Use kfree() instead kvfree() where appropriate (Raju Rangoju) [1955208]
+- cxgb4: Use pM format specifier for MAC addresses (Raju Rangoju) [1955208]
+- net: sock: fix in-kernel mark setting (Alexander Aring) [1509204]
+- sock: Reset dst when changing sk_mark via setsockopt (Alexander Aring) [1509204]
+- fs: dlm: fix mark setting deadlock (Alexander Aring) [1509204]
+- fs: dlm: fix mark per nodeid setting (Alexander Aring) [1509204]
+- fs: dlm: remove lock dependency warning (Alexander Aring) [1509204]
+- fs: dlm: set skb mark per peer socket (Alexander Aring) [1509204]
+- fs: dlm: set skb mark for listen socket (Alexander Aring) [1509204]
+- net: sock: add sock_set_mark (Alexander Aring) [1509204]
+- Bluetooth: btusb: Add support for GarfieldPeak controller (Gopal Tiwari) [1959110]
+- can: gw: synchronize rcu operations before removing gw job entry (Balazs Nemeth) [1986334]
+- can: bcm: fix infoleak in struct bcm_msg_head (Balazs Nemeth) [1986334]
+- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (Balazs Nemeth) [1956730]
+- can: af_can: prevent potential access of uninitialized member in can_rcv() (Balazs Nemeth) [1956730]
+- can: proc: can_remove_proc(): silence remove_proc_entry warning (Balazs Nemeth) [1956730]
+- cifs: add missing parsing of backupuid (Ronnie Sahlberg) [1987126]
+- cifs: use helpers when parsing uid/gid mount options and validate them (Ronnie Sahlberg) [1987126]
+- kernfs: dont call d_splice_alias() under kernfs node lock (Ian Kent) [1939133]
+- kernfs: use i_lock to protect concurrent inode updates (Ian Kent) [1939133]
+- kernfs: switch kernfs to use an rwsem (Ian Kent) [1939133]
+- kernfs: use VFS negative dentry caching (Ian Kent) [1939133]
+- kernfs: add a revision to identify directory node changes (Ian Kent) [1939133]
+- kernfs: move revalidate to be near lookup (Ian Kent) [1939133]
+
 * Thu Aug 12 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-331.el8]
 - mlxsw: spectrum_mr: Update egress RIF list before route's action (Ivan Vecera) [1941938]
 - selftests: mlxsw: Fix mausezahn invocation in ERSPAN scale test (Ivan Vecera) [1941938]