--- /dev/null
+From 238064f13d057390a8c5e1a6a80f4f0a0ec46499 Mon Sep 17 00:00:00 2001
+From: Dexuan Cui <decui@microsoft.com>
+Date: Tue, 27 Mar 2018 15:01:02 -0700
+Subject: Drivers: hv: vmbus: do not mark HV_PCIE as perf_device
+
+From: Dexuan Cui <decui@microsoft.com>
+
+commit 238064f13d057390a8c5e1a6a80f4f0a0ec46499 upstream.
+
+The pci-hyperv driver's channel callback hv_pci_onchannelcallback() is not
+really a hot path, so we don't need to mark it as a perf_device, meaning
+with this patch all HV_PCIE channels' target_cpu will be CPU0.
+
+Signed-off-by: Dexuan Cui <decui@microsoft.com>
+Cc: stable@vger.kernel.org
+Cc: Stephen Hemminger <sthemmin@microsoft.com>
+Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hv/channel_mgmt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hv/channel_mgmt.c
++++ b/drivers/hv/channel_mgmt.c
+@@ -70,7 +70,7 @@ static const struct vmbus_device vmbus_d
+ /* PCIE */
+ { .dev_type = HV_PCIE,
+ HV_PCIE_GUID,
+- .perf_device = true,
++ .perf_device = false,
+ },
+
+ /* Synthetic Frame Buffer */
--- /dev/null
+From 615b2665fd20c327b631ff1e79426775de748094 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sun, 25 Mar 2018 23:53:22 +0200
+Subject: parisc: Fix out of array access in match_pci_device()
+
+From: Helge Deller <deller@gmx.de>
+
+commit 615b2665fd20c327b631ff1e79426775de748094 upstream.
+
+As found by the ubsan checker, the value of the 'index' variable can be
+out of range for the bc[] array:
+
+UBSAN: Undefined behaviour in arch/parisc/kernel/drivers.c:655:21
+index 6 is out of range for type 'char [6]'
+Backtrace:
+ [<104fa850>] __ubsan_handle_out_of_bounds+0x68/0x80
+ [<1019d83c>] check_parent+0xc0/0x170
+ [<1019d91c>] descend_children+0x30/0x6c
+ [<1059e164>] device_for_each_child+0x60/0x98
+ [<1019cd54>] parse_tree_node+0x40/0x54
+ [<1019d86c>] check_parent+0xf0/0x170
+ [<1019d91c>] descend_children+0x30/0x6c
+ [<1059e164>] device_for_each_child+0x60/0x98
+ [<1019d938>] descend_children+0x4c/0x6c
+ [<1059e164>] device_for_each_child+0x60/0x98
+ [<1019cd54>] parse_tree_node+0x40/0x54
+ [<1019cffc>] hwpath_to_device+0xa4/0xc4
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/parisc/kernel/drivers.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/parisc/kernel/drivers.c
++++ b/arch/parisc/kernel/drivers.c
+@@ -648,6 +648,10 @@ static int match_pci_device(struct devic
+ (modpath->mod == PCI_FUNC(devfn)));
+ }
+
++ /* index might be out of bounds for bc[] */
++ if (index >= 6)
++ return 0;
++
+ id = PCI_SLOT(pdev->devfn) | (PCI_FUNC(pdev->devfn) << 5);
+ return (modpath->bc[index] == id);
+ }
--- /dev/null
+From 621b6d2ea297d0fb6030452c5bcd221f12165fcf Mon Sep 17 00:00:00 2001
+From: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
+Date: Mon, 9 Apr 2018 19:03:46 +0900
+Subject: perf/core: Fix use-after-free in uprobe_perf_close()
+
+From: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
+
+commit 621b6d2ea297d0fb6030452c5bcd221f12165fcf upstream.
+
+A use-after-free bug was caught by KASAN while running usdt related
+code (BCC project. bcc/tests/python/test_usdt2.py):
+
+ ==================================================================
+ BUG: KASAN: use-after-free in uprobe_perf_close+0x222/0x3b0
+ Read of size 4 at addr ffff880384f9b4a4 by task test_usdt2.py/870
+
+ CPU: 4 PID: 870 Comm: test_usdt2.py Tainted: G W 4.16.0-next-20180409 #215
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
+ Call Trace:
+ dump_stack+0xc7/0x15b
+ ? show_regs_print_info+0x5/0x5
+ ? printk+0x9c/0xc3
+ ? kmsg_dump_rewind_nolock+0x6e/0x6e
+ ? uprobe_perf_close+0x222/0x3b0
+ print_address_description+0x83/0x3a0
+ ? uprobe_perf_close+0x222/0x3b0
+ kasan_report+0x1dd/0x460
+ ? uprobe_perf_close+0x222/0x3b0
+ uprobe_perf_close+0x222/0x3b0
+ ? probes_open+0x180/0x180
+ ? free_filters_list+0x290/0x290
+ trace_uprobe_register+0x1bb/0x500
+ ? perf_event_attach_bpf_prog+0x310/0x310
+ ? probe_event_disable+0x4e0/0x4e0
+ perf_uprobe_destroy+0x63/0xd0
+ _free_event+0x2bc/0xbd0
+ ? lockdep_rcu_suspicious+0x100/0x100
+ ? ring_buffer_attach+0x550/0x550
+ ? kvm_sched_clock_read+0x1a/0x30
+ ? perf_event_release_kernel+0x3e4/0xc00
+ ? __mutex_unlock_slowpath+0x12e/0x540
+ ? wait_for_completion+0x430/0x430
+ ? lock_downgrade+0x3c0/0x3c0
+ ? lock_release+0x980/0x980
+ ? do_raw_spin_trylock+0x118/0x150
+ ? do_raw_spin_unlock+0x121/0x210
+ ? do_raw_spin_trylock+0x150/0x150
+ perf_event_release_kernel+0x5d4/0xc00
+ ? put_event+0x30/0x30
+ ? fsnotify+0xd2d/0xea0
+ ? sched_clock_cpu+0x18/0x1a0
+ ? __fsnotify_update_child_dentry_flags.part.0+0x1b0/0x1b0
+ ? pvclock_clocksource_read+0x152/0x2b0
+ ? pvclock_read_flags+0x80/0x80
+ ? kvm_sched_clock_read+0x1a/0x30
+ ? sched_clock_cpu+0x18/0x1a0
+ ? pvclock_clocksource_read+0x152/0x2b0
+ ? locks_remove_file+0xec/0x470
+ ? pvclock_read_flags+0x80/0x80
+ ? fcntl_setlk+0x880/0x880
+ ? ima_file_free+0x8d/0x390
+ ? lockdep_rcu_suspicious+0x100/0x100
+ ? ima_file_check+0x110/0x110
+ ? fsnotify+0xea0/0xea0
+ ? kvm_sched_clock_read+0x1a/0x30
+ ? rcu_note_context_switch+0x600/0x600
+ perf_release+0x21/0x40
+ __fput+0x264/0x620
+ ? fput+0xf0/0xf0
+ ? do_raw_spin_unlock+0x121/0x210
+ ? do_raw_spin_trylock+0x150/0x150
+ ? SyS_fchdir+0x100/0x100
+ ? fsnotify+0xea0/0xea0
+ task_work_run+0x14b/0x1e0
+ ? task_work_cancel+0x1c0/0x1c0
+ ? copy_fd_bitmaps+0x150/0x150
+ ? vfs_read+0xe5/0x260
+ exit_to_usermode_loop+0x17b/0x1b0
+ ? trace_event_raw_event_sys_exit+0x1a0/0x1a0
+ do_syscall_64+0x3f6/0x490
+ ? syscall_return_slowpath+0x2c0/0x2c0
+ ? lockdep_sys_exit+0x1f/0xaa
+ ? syscall_return_slowpath+0x1a3/0x2c0
+ ? lockdep_sys_exit+0x1f/0xaa
+ ? prepare_exit_to_usermode+0x11c/0x1e0
+ ? enter_from_user_mode+0x30/0x30
+ random: crng init done
+ ? __put_user_4+0x1c/0x30
+ entry_SYSCALL_64_after_hwframe+0x3d/0xa2
+ RIP: 0033:0x7f41d95f9340
+ RSP: 002b:00007fffe71e4268 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
+ RAX: 0000000000000000 RBX: 000000000000000d RCX: 00007f41d95f9340
+ RDX: 0000000000000000 RSI: 0000000000002401 RDI: 000000000000000d
+ RBP: 0000000000000000 R08: 00007f41ca8ff700 R09: 00007f41d996dd1f
+ R10: 00007fffe71e41e0 R11: 0000000000000246 R12: 00007fffe71e4330
+ R13: 0000000000000000 R14: fffffffffffffffc R15: 00007fffe71e4290
+
+ Allocated by task 870:
+ kasan_kmalloc+0xa0/0xd0
+ kmem_cache_alloc_node+0x11a/0x430
+ copy_process.part.19+0x11a0/0x41c0
+ _do_fork+0x1be/0xa20
+ do_syscall_64+0x198/0x490
+ entry_SYSCALL_64_after_hwframe+0x3d/0xa2
+
+ Freed by task 0:
+ __kasan_slab_free+0x12e/0x180
+ kmem_cache_free+0x102/0x4d0
+ free_task+0xfe/0x160
+ __put_task_struct+0x189/0x290
+ delayed_put_task_struct+0x119/0x250
+ rcu_process_callbacks+0xa6c/0x1b60
+ __do_softirq+0x238/0x7ae
+
+ The buggy address belongs to the object at ffff880384f9b480
+ which belongs to the cache task_struct of size 12928
+
+It occurs because task_struct is freed before perf_event which refers
+to the task and task flags are checked while teardown of the event.
+perf_event_alloc() assigns task_struct to hw.target of perf_event,
+but there is no reference counting for it.
+
+As a fix we get_task_struct() in perf_event_alloc() at above mentioned
+assignment and put_task_struct() in _free_event().
+
+Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
+Reviewed-by: Oleg Nesterov <oleg@redhat.com>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: <stable@kernel.org>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Fixes: 63b6da39bb38e8f1a1ef3180d32a39d6 ("perf: Fix perf_event_exit_task() race")
+Link: http://lkml.kernel.org/r/20180409100346.6416-1-bhole_prashant_q7@lab.ntt.co.jp
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/events/core.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -4091,6 +4091,9 @@ static void _free_event(struct perf_even
+ if (event->ctx)
+ put_ctx(event->ctx);
+
++ if (event->hw.target)
++ put_task_struct(event->hw.target);
++
+ exclusive_event_destroy(event);
+ module_put(event->pmu->module);
+
+@@ -9214,6 +9217,7 @@ perf_event_alloc(struct perf_event_attr
+ * and we cannot use the ctx information because we need the
+ * pmu before we get a ctx.
+ */
++ get_task_struct(task);
+ event->hw.target = task;
+ }
+
+@@ -9331,6 +9335,8 @@ err_ns:
+ perf_detach_cgroup(event);
+ if (event->ns)
+ put_pid_ns(event->ns);
++ if (event->hw.target)
++ put_task_struct(event->hw.target);
+ kfree(event);
+
+ return ERR_PTR(err);
--- /dev/null
+From 1c196a6c771c47a2faa63d38d913e03284f73a16 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 7 Mar 2018 16:02:23 +0200
+Subject: perf intel-pt: Fix error recovery from missing TIP packet
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 1c196a6c771c47a2faa63d38d913e03284f73a16 upstream.
+
+When a TIP packet is expected but there is a different packet, it is an
+error. However the unexpected packet might be something important like a
+TSC packet, so after the error, it is necessary to continue from there,
+rather than the next packet. That is achieved by setting pkt_step to
+zero.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/1520431349-30689-4-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -1522,6 +1522,7 @@ static int intel_pt_walk_fup_tip(struct
+ case INTEL_PT_PSBEND:
+ intel_pt_log("ERROR: Missing TIP after FUP\n");
+ decoder->pkt_state = INTEL_PT_STATE_ERR3;
++ decoder->pkt_step = 0;
+ return -ENOENT;
+
+ case INTEL_PT_OVF:
--- /dev/null
+From 117db4b27bf08dba412faf3924ba55fe970c57b8 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 7 Mar 2018 16:02:21 +0200
+Subject: perf intel-pt: Fix overlap detection to identify consecutive buffers correctly
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 117db4b27bf08dba412faf3924ba55fe970c57b8 upstream.
+
+Overlap detection was not not updating the buffer's 'consecutive' flag.
+Marking buffers consecutive has the advantage that decoding begins from
+the start of the buffer instead of the first PSB. Fix overlap detection
+to identify consecutive buffers correctly.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/1520431349-30689-2-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 62 +++++++++-----------
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 2
+ tools/perf/util/intel-pt.c | 5 +
+ 3 files changed, 34 insertions(+), 35 deletions(-)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -2182,14 +2182,6 @@ const struct intel_pt_state *intel_pt_de
+ return &decoder->state;
+ }
+
+-static bool intel_pt_at_psb(unsigned char *buf, size_t len)
+-{
+- if (len < INTEL_PT_PSB_LEN)
+- return false;
+- return memmem(buf, INTEL_PT_PSB_LEN, INTEL_PT_PSB_STR,
+- INTEL_PT_PSB_LEN);
+-}
+-
+ /**
+ * intel_pt_next_psb - move buffer pointer to the start of the next PSB packet.
+ * @buf: pointer to buffer pointer
+@@ -2278,6 +2270,7 @@ static unsigned char *intel_pt_last_psb(
+ * @buf: buffer
+ * @len: size of buffer
+ * @tsc: TSC value returned
++ * @rem: returns remaining size when TSC is found
+ *
+ * Find a TSC packet in @buf and return the TSC value. This function assumes
+ * that @buf starts at a PSB and that PSB+ will contain TSC and so stops if a
+@@ -2285,7 +2278,8 @@ static unsigned char *intel_pt_last_psb(
+ *
+ * Return: %true if TSC is found, false otherwise.
+ */
+-static bool intel_pt_next_tsc(unsigned char *buf, size_t len, uint64_t *tsc)
++static bool intel_pt_next_tsc(unsigned char *buf, size_t len, uint64_t *tsc,
++ size_t *rem)
+ {
+ struct intel_pt_pkt packet;
+ int ret;
+@@ -2296,6 +2290,7 @@ static bool intel_pt_next_tsc(unsigned c
+ return false;
+ if (packet.type == INTEL_PT_TSC) {
+ *tsc = packet.payload;
++ *rem = len;
+ return true;
+ }
+ if (packet.type == INTEL_PT_PSBEND)
+@@ -2346,6 +2341,8 @@ static int intel_pt_tsc_cmp(uint64_t tsc
+ * @len_a: size of first buffer
+ * @buf_b: second buffer
+ * @len_b: size of second buffer
++ * @consecutive: returns true if there is data in buf_b that is consecutive
++ * to buf_a
+ *
+ * If the trace contains TSC we can look at the last TSC of @buf_a and the
+ * first TSC of @buf_b in order to determine if the buffers overlap, and then
+@@ -2358,33 +2355,41 @@ static int intel_pt_tsc_cmp(uint64_t tsc
+ static unsigned char *intel_pt_find_overlap_tsc(unsigned char *buf_a,
+ size_t len_a,
+ unsigned char *buf_b,
+- size_t len_b)
++ size_t len_b, bool *consecutive)
+ {
+ uint64_t tsc_a, tsc_b;
+ unsigned char *p;
+- size_t len;
++ size_t len, rem_a, rem_b;
+
+ p = intel_pt_last_psb(buf_a, len_a);
+ if (!p)
+ return buf_b; /* No PSB in buf_a => no overlap */
+
+ len = len_a - (p - buf_a);
+- if (!intel_pt_next_tsc(p, len, &tsc_a)) {
++ if (!intel_pt_next_tsc(p, len, &tsc_a, &rem_a)) {
+ /* The last PSB+ in buf_a is incomplete, so go back one more */
+ len_a -= len;
+ p = intel_pt_last_psb(buf_a, len_a);
+ if (!p)
+ return buf_b; /* No full PSB+ => assume no overlap */
+ len = len_a - (p - buf_a);
+- if (!intel_pt_next_tsc(p, len, &tsc_a))
++ if (!intel_pt_next_tsc(p, len, &tsc_a, &rem_a))
+ return buf_b; /* No TSC in buf_a => assume no overlap */
+ }
+
+ while (1) {
+ /* Ignore PSB+ with no TSC */
+- if (intel_pt_next_tsc(buf_b, len_b, &tsc_b) &&
+- intel_pt_tsc_cmp(tsc_a, tsc_b) < 0)
+- return buf_b; /* tsc_a < tsc_b => no overlap */
++ if (intel_pt_next_tsc(buf_b, len_b, &tsc_b, &rem_b)) {
++ int cmp = intel_pt_tsc_cmp(tsc_a, tsc_b);
++
++ /* Same TSC, so buffers are consecutive */
++ if (!cmp && rem_b >= rem_a) {
++ *consecutive = true;
++ return buf_b + len_b - (rem_b - rem_a);
++ }
++ if (cmp < 0)
++ return buf_b; /* tsc_a < tsc_b => no overlap */
++ }
+
+ if (!intel_pt_step_psb(&buf_b, &len_b))
+ return buf_b + len_b; /* No PSB in buf_b => no data */
+@@ -2398,6 +2403,8 @@ static unsigned char *intel_pt_find_over
+ * @buf_b: second buffer
+ * @len_b: size of second buffer
+ * @have_tsc: can use TSC packets to detect overlap
++ * @consecutive: returns true if there is data in buf_b that is consecutive
++ * to buf_a
+ *
+ * When trace samples or snapshots are recorded there is the possibility that
+ * the data overlaps. Note that, for the purposes of decoding, data is only
+@@ -2408,7 +2415,7 @@ static unsigned char *intel_pt_find_over
+ */
+ unsigned char *intel_pt_find_overlap(unsigned char *buf_a, size_t len_a,
+ unsigned char *buf_b, size_t len_b,
+- bool have_tsc)
++ bool have_tsc, bool *consecutive)
+ {
+ unsigned char *found;
+
+@@ -2420,7 +2427,8 @@ unsigned char *intel_pt_find_overlap(uns
+ return buf_b; /* No overlap */
+
+ if (have_tsc) {
+- found = intel_pt_find_overlap_tsc(buf_a, len_a, buf_b, len_b);
++ found = intel_pt_find_overlap_tsc(buf_a, len_a, buf_b, len_b,
++ consecutive);
+ if (found)
+ return found;
+ }
+@@ -2435,28 +2443,16 @@ unsigned char *intel_pt_find_overlap(uns
+ }
+
+ /* Now len_b >= len_a */
+- if (len_b > len_a) {
+- /* The leftover buffer 'b' must start at a PSB */
+- while (!intel_pt_at_psb(buf_b + len_a, len_b - len_a)) {
+- if (!intel_pt_step_psb(&buf_a, &len_a))
+- return buf_b; /* No overlap */
+- }
+- }
+-
+ while (1) {
+ /* Potential overlap so check the bytes */
+ found = memmem(buf_a, len_a, buf_b, len_a);
+- if (found)
++ if (found) {
++ *consecutive = true;
+ return buf_b + len_a;
++ }
+
+ /* Try again at next PSB in buffer 'a' */
+ if (!intel_pt_step_psb(&buf_a, &len_a))
+ return buf_b; /* No overlap */
+-
+- /* The leftover buffer 'b' must start at a PSB */
+- while (!intel_pt_at_psb(buf_b + len_a, len_b - len_a)) {
+- if (!intel_pt_step_psb(&buf_a, &len_a))
+- return buf_b; /* No overlap */
+- }
+ }
+ }
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h
+@@ -103,7 +103,7 @@ const struct intel_pt_state *intel_pt_de
+
+ unsigned char *intel_pt_find_overlap(unsigned char *buf_a, size_t len_a,
+ unsigned char *buf_b, size_t len_b,
+- bool have_tsc);
++ bool have_tsc, bool *consecutive);
+
+ int intel_pt__strerror(int code, char *buf, size_t buflen);
+
+--- a/tools/perf/util/intel-pt.c
++++ b/tools/perf/util/intel-pt.c
+@@ -194,14 +194,17 @@ static void intel_pt_dump_event(struct i
+ static int intel_pt_do_fix_overlap(struct intel_pt *pt, struct auxtrace_buffer *a,
+ struct auxtrace_buffer *b)
+ {
++ bool consecutive = false;
+ void *start;
+
+ start = intel_pt_find_overlap(a->data, a->size, b->data, b->size,
+- pt->have_tsc);
++ pt->have_tsc, &consecutive);
+ if (!start)
+ return -EINVAL;
+ b->use_size = b->data + b->size - start;
+ b->use_data = start;
++ if (b->use_size && consecutive)
++ b->consecutive = true;
+ return 0;
+ }
+
--- /dev/null
+From 63d8e38f6ae6c36dd5b5ba0e8c112e8861532ea2 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 7 Mar 2018 16:02:22 +0200
+Subject: perf intel-pt: Fix sync_switch
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 63d8e38f6ae6c36dd5b5ba0e8c112e8861532ea2 upstream.
+
+sync_switch is a facility to synchronize decoding more closely with the
+point in the kernel when the context actually switched.
+
+The flag when sync_switch is enabled was global to the decoding, whereas
+it is really specific to the CPU.
+
+The trace data for different CPUs is put on different queues, so add
+sync_switch to the intel_pt_queue structure and use that in preference
+to the global setting in the intel_pt structure.
+
+That fixes problems decoding one CPU's trace because sync_switch was
+disabled on a different CPU's queue.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/1520431349-30689-3-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt.c | 32 +++++++++++++++++++++++++-------
+ 1 file changed, 25 insertions(+), 7 deletions(-)
+
+--- a/tools/perf/util/intel-pt.c
++++ b/tools/perf/util/intel-pt.c
+@@ -131,6 +131,7 @@ struct intel_pt_queue {
+ bool stop;
+ bool step_through_buffers;
+ bool use_buffer_pid_tid;
++ bool sync_switch;
+ pid_t pid, tid;
+ int cpu;
+ int switch_state;
+@@ -931,10 +932,12 @@ static int intel_pt_setup_queue(struct i
+ if (pt->timeless_decoding || !pt->have_sched_switch)
+ ptq->use_buffer_pid_tid = true;
+ }
++
++ ptq->sync_switch = pt->sync_switch;
+ }
+
+ if (!ptq->on_heap &&
+- (!pt->sync_switch ||
++ (!ptq->sync_switch ||
+ ptq->switch_state != INTEL_PT_SS_EXPECTING_SWITCH_EVENT)) {
+ const struct intel_pt_state *state;
+ int ret;
+@@ -1336,7 +1339,7 @@ static int intel_pt_sample(struct intel_
+ if (pt->synth_opts.last_branch)
+ intel_pt_update_last_branch_rb(ptq);
+
+- if (!pt->sync_switch)
++ if (!ptq->sync_switch)
+ return 0;
+
+ if (intel_pt_is_switch_ip(ptq, state->to_ip)) {
+@@ -1417,6 +1420,21 @@ static u64 intel_pt_switch_ip(struct int
+ return switch_ip;
+ }
+
++static void intel_pt_enable_sync_switch(struct intel_pt *pt)
++{
++ unsigned int i;
++
++ pt->sync_switch = true;
++
++ for (i = 0; i < pt->queues.nr_queues; i++) {
++ struct auxtrace_queue *queue = &pt->queues.queue_array[i];
++ struct intel_pt_queue *ptq = queue->priv;
++
++ if (ptq)
++ ptq->sync_switch = true;
++ }
++}
++
+ static int intel_pt_run_decoder(struct intel_pt_queue *ptq, u64 *timestamp)
+ {
+ const struct intel_pt_state *state = ptq->state;
+@@ -1433,7 +1451,7 @@ static int intel_pt_run_decoder(struct i
+ if (pt->switch_ip) {
+ intel_pt_log("switch_ip: %"PRIx64" ptss_ip: %"PRIx64"\n",
+ pt->switch_ip, pt->ptss_ip);
+- pt->sync_switch = true;
++ intel_pt_enable_sync_switch(pt);
+ }
+ }
+ }
+@@ -1449,9 +1467,9 @@ static int intel_pt_run_decoder(struct i
+ if (state->err) {
+ if (state->err == INTEL_PT_ERR_NODATA)
+ return 1;
+- if (pt->sync_switch &&
++ if (ptq->sync_switch &&
+ state->from_ip >= pt->kernel_start) {
+- pt->sync_switch = false;
++ ptq->sync_switch = false;
+ intel_pt_next_tid(pt, ptq);
+ }
+ if (pt->synth_opts.errors) {
+@@ -1477,7 +1495,7 @@ static int intel_pt_run_decoder(struct i
+ state->timestamp, state->est_timestamp);
+ ptq->timestamp = state->est_timestamp;
+ /* Use estimated TSC in unknown switch state */
+- } else if (pt->sync_switch &&
++ } else if (ptq->sync_switch &&
+ ptq->switch_state == INTEL_PT_SS_UNKNOWN &&
+ intel_pt_is_switch_ip(ptq, state->to_ip) &&
+ ptq->next_tid == -1) {
+@@ -1624,7 +1642,7 @@ static int intel_pt_sync_switch(struct i
+ return 1;
+
+ ptq = intel_pt_cpu_to_ptq(pt, cpu);
+- if (!ptq)
++ if (!ptq || !ptq->sync_switch)
+ return 1;
+
+ switch (ptq->switch_state) {
--- /dev/null
+From 91d29b288aed3406caf7c454bf2b898c96cfd177 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 7 Mar 2018 16:02:24 +0200
+Subject: perf intel-pt: Fix timestamp following overflow
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 91d29b288aed3406caf7c454bf2b898c96cfd177 upstream.
+
+timestamp_insn_cnt is used to estimate the timestamp based on the number of
+instructions since the last known timestamp.
+
+If the estimate is not accurate enough decoding might not be correctly
+synchronized with side-band events causing more trace errors.
+
+However there are always timestamps following an overflow, so the
+estimate is not needed and can indeed result in more errors.
+
+Suppress the estimate by setting timestamp_insn_cnt to zero.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/1520431349-30689-5-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -1300,6 +1300,7 @@ static int intel_pt_overflow(struct inte
+ intel_pt_clear_tx_flags(decoder);
+ decoder->have_tma = false;
+ decoder->cbr = 0;
++ decoder->timestamp_insn_cnt = 0;
+ decoder->pkt_state = INTEL_PT_STATE_ERR_RESYNC;
+ decoder->overflow = true;
+ return -EOVERFLOW;
--- /dev/null
+From c02216acf4177c4411d33735c81cad687790fa59 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Fri, 16 Feb 2018 16:26:57 +0100
+Subject: radeon: hide pointless #warning when compile testing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit c02216acf4177c4411d33735c81cad687790fa59 upstream.
+
+In randconfig testing, we sometimes get this warning:
+
+drivers/gpu/drm/radeon/radeon_object.c: In function 'radeon_bo_create':
+drivers/gpu/drm/radeon/radeon_object.c:242:2: error: #warning Please enable CONFIG_MTRR and CONFIG_X86_PAT for better performance thanks to write-combining [-Werror=cpp]
+ #warning Please enable CONFIG_MTRR and CONFIG_X86_PAT for better performance \
+
+This is rather annoying since almost all other code produces no build-time
+output unless we have found a real bug. We already fixed this in the
+amdgpu driver in commit 31bb90f1cd08 ("drm/amdgpu: shut up #warning for
+compile testing") by adding a CONFIG_COMPILE_TEST check last year and
+agreed to do the same here, but both Michel and I then forgot about it
+until I came across the issue again now.
+
+For stable kernels, as this is one of very few remaining randconfig
+warnings in 4.14.
+
+Cc: stable@vger.kernel.org
+Link: https://patchwork.kernel.org/patch/9550009/
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/radeon/radeon_object.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/radeon/radeon_object.c
++++ b/drivers/gpu/drm/radeon/radeon_object.c
+@@ -238,9 +238,10 @@ int radeon_bo_create(struct radeon_devic
+ * may be slow
+ * See https://bugs.freedesktop.org/show_bug.cgi?id=88758
+ */
+-
++#ifndef CONFIG_COMPILE_TEST
+ #warning Please enable CONFIG_MTRR and CONFIG_X86_PAT for better performance \
+ thanks to write-combining
++#endif
+
+ if (bo->flags & RADEON_GEM_GTT_WC)
+ DRM_INFO_ONCE("Please enable CONFIG_MTRR and CONFIG_X86_PAT for "
media-v4l2-compat-ioctl32-don-t-oops-on-overlay.patch
+parisc-fix-out-of-array-access-in-match_pci_device.patch
+drivers-hv-vmbus-do-not-mark-hv_pcie-as-perf_device.patch
+perf-intel-pt-fix-overlap-detection-to-identify-consecutive-buffers-correctly.patch
+perf-intel-pt-fix-sync_switch.patch
+perf-intel-pt-fix-error-recovery-from-missing-tip-packet.patch
+perf-intel-pt-fix-timestamp-following-overflow.patch
+perf-core-fix-use-after-free-in-uprobe_perf_close.patch
+radeon-hide-pointless-warning-when-compile-testing.patch
+x86-apic-fix-restoring-boot-irq-mode-in-reboot-and-kexec-kdump.patch
--- /dev/null
+From 339b2ae0cd5d4a58f9efe06e4ee36adbeca59228 Mon Sep 17 00:00:00 2001
+From: Baoquan He <bhe@redhat.com>
+Date: Wed, 14 Feb 2018 13:46:53 +0800
+Subject: x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump
+
+From: Baoquan He <bhe@redhat.com>
+
+commit 339b2ae0cd5d4a58f9efe06e4ee36adbeca59228 upstream.
+
+This is a regression fix.
+
+Before, to fix erratum AVR31, the following commit:
+
+ 522e66464467 ("x86/apic: Disable I/O APIC before shutdown of the local APIC")
+
+... moved the lapic_shutdown() call to after disable_IO_APIC() in the reboot
+and kexec/kdump code paths.
+
+This introduced the following regression: disable_IO_APIC() not only clears
+the IO-APIC, but it also restores boot IRQ mode by setting the
+LAPIC/APIC/IMCR, calling lapic_shutdown() after disable_IO_APIC() will
+disable LAPIC and ruin the possible virtual wire mode setting which
+the code has been trying to do all along.
+
+The consequence is that a KVM guest kernel always prints the warning below
+during kexec/kdump as the kernel boots up:
+
+ [ 0.001000] WARNING: CPU: 0 PID: 0 at arch/x86/kernel/apic/apic.c:1467 setup_local_APIC+0x228/0x330
+ [ ........]
+ [ 0.001000] Call Trace:
+ [ 0.001000] apic_bsp_setup+0x56/0x74
+ [ 0.001000] x86_late_time_init+0x11/0x16
+ [ 0.001000] start_kernel+0x3c9/0x486
+ [ 0.001000] secondary_startup_64+0xa5/0xb0
+ [ ........]
+ [ 0.001000] masked ExtINT on CPU#0
+
+To fix this, just call clear_IO_APIC() to stop the IO-APIC where
+disable_IO_APIC() was called, and call restore_boot_irq_mode() to
+restore boot IRQ mode before a reboot or a kexec/kdump jump.
+
+Signed-off-by: Baoquan He <bhe@redhat.com>
+Reviewed-by: Eric W. Biederman <ebiederm@xmission.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: douly.fnst@cn.fujitsu.com
+Cc: joro@8bytes.org
+Cc: prarit@redhat.com
+Cc: stable@vger.kernel.org
+Cc: uobergfe@redhat.com
+Fixes: commit 522e66464467 ("x86/apic: Disable I/O APIC before shutdown of the local APIC")
+Link: http://lkml.kernel.org/r/20180214054656.3780-4-bhe@redhat.com
+[ Rewrote the changelog. ]
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/crash.c | 3 ++-
+ arch/x86/kernel/reboot.c | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/crash.c
++++ b/arch/x86/kernel/crash.c
+@@ -198,9 +198,10 @@ void native_machine_crash_shutdown(struc
+ #ifdef CONFIG_X86_IO_APIC
+ /* Prevent crash_kexec() from deadlocking on ioapic_lock. */
+ ioapic_zap_locks();
+- disable_IO_APIC();
++ clear_IO_APIC();
+ #endif
+ lapic_shutdown();
++ restore_boot_irq_mode();
+ #ifdef CONFIG_HPET_TIMER
+ hpet_disable();
+ #endif
+--- a/arch/x86/kernel/reboot.c
++++ b/arch/x86/kernel/reboot.c
+@@ -665,7 +665,7 @@ void native_machine_shutdown(void)
+ * Even without the erratum, it still makes sense to quiet IO APIC
+ * before disabling Local APIC.
+ */
+- disable_IO_APIC();
++ clear_IO_APIC();
+ #endif
+
+ #ifdef CONFIG_SMP
+@@ -679,6 +679,7 @@ void native_machine_shutdown(void)
+ #endif
+
+ lapic_shutdown();
++ restore_boot_irq_mode();
+
+ #ifdef CONFIG_HPET_TIMER
+ hpet_disable();
projects / thirdparty / kernel / stable-queue.git / commitdiff
