From 6e2f1c257075b1e0114329bd9cef617b8ca1f917 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 22 Jul 2017 15:09:01 +0200
Subject: [PATCH] 4.4-stable patches

added patches:
	bluetooth-use-constant-time-memory-comparison-for-secret-values.patch
	perf-intel-pt-clear-fup-flag-on-error.patch
	perf-intel-pt-ensure-ip-is-zero-when-state-is-intel_pt_state_no_ip.patch
	perf-intel-pt-fix-missing-stack-clear.patch
	perf-intel-pt-improve-sample-timestamp.patch
	perf-intel-pt-move-decoder-error-setting-into-one-condition.patch
---
 ...-memory-comparison-for-secret-values.patch | 180 ++++++++++++++++++
 ...erf-intel-pt-clear-fup-flag-on-error.patch |  34 ++++
 ...o-when-state-is-intel_pt_state_no_ip.patch |  32 ++++
 ...erf-intel-pt-fix-missing-stack-clear.patch |  32 ++++
 ...rf-intel-pt-improve-sample-timestamp.patch | 114 +++++++++++
 ...der-error-setting-into-one-condition.patch |  48 +++++
 queue-4.4/series                              |   6 +
 7 files changed, 446 insertions(+)
 create mode 100644 queue-4.4/bluetooth-use-constant-time-memory-comparison-for-secret-values.patch
 create mode 100644 queue-4.4/perf-intel-pt-clear-fup-flag-on-error.patch
 create mode 100644 queue-4.4/perf-intel-pt-ensure-ip-is-zero-when-state-is-intel_pt_state_no_ip.patch
 create mode 100644 queue-4.4/perf-intel-pt-fix-missing-stack-clear.patch
 create mode 100644 queue-4.4/perf-intel-pt-improve-sample-timestamp.patch
 create mode 100644 queue-4.4/perf-intel-pt-move-decoder-error-setting-into-one-condition.patch

diff --git a/queue-4.4/bluetooth-use-constant-time-memory-comparison-for-secret-values.patch b/queue-4.4/bluetooth-use-constant-time-memory-comparison-for-secret-values.patch
new file mode 100644
index 00000000000..37017b2d228
--- /dev/null
+++ b/queue-4.4/bluetooth-use-constant-time-memory-comparison-for-secret-values.patch
@@ -0,0 +1,180 @@
+From 329d82309824ff1082dc4a91a5bbed8c3bec1580 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Sat, 10 Jun 2017 04:59:11 +0200
+Subject: Bluetooth: use constant time memory comparison for secret values
+
+From: Jason A. Donenfeld <Jason@zx2c4.com>
+
+commit 329d82309824ff1082dc4a91a5bbed8c3bec1580 upstream.
+
+This file is filled with complex cryptography. Thus, the comparisons of
+MACs and secret keys and curve points and so forth should not add timing
+attacks, which could either result in a direct forgery, or, given the
+complexity, some other type of attack.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/smp.c |   35 ++++++++++++++++++-----------------
+ 1 file changed, 18 insertions(+), 17 deletions(-)
+
+--- a/net/bluetooth/smp.c
++++ b/net/bluetooth/smp.c
+@@ -23,6 +23,7 @@
+ #include <linux/debugfs.h>
+ #include <linux/crypto.h>
+ #include <linux/scatterlist.h>
++#include <crypto/algapi.h>
+ #include <crypto/b128ops.h>
+ 
+ #include <net/bluetooth/bluetooth.h>
+@@ -524,7 +525,7 @@ bool smp_irk_matches(struct hci_dev *hde
+ 	if (err)
+ 		return false;
+ 
+-	return !memcmp(bdaddr->b, hash, 3);
++	return !crypto_memneq(bdaddr->b, hash, 3);
+ }
+ 
+ int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
+@@ -577,7 +578,7 @@ int smp_generate_oob(struct hci_dev *hde
+ 			/* This is unlikely, but we need to check that
+ 			 * we didn't accidentially generate a debug key.
+ 			 */
+-			if (memcmp(smp->local_sk, debug_sk, 32))
++			if (crypto_memneq(smp->local_sk, debug_sk, 32))
+ 				break;
+ 		}
+ 		smp->debug_key = false;
+@@ -991,7 +992,7 @@ static u8 smp_random(struct smp_chan *sm
+ 	if (ret)
+ 		return SMP_UNSPECIFIED;
+ 
+-	if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
++	if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) {
+ 		BT_ERR("Pairing failed (confirmation values mismatch)");
+ 		return SMP_CONFIRM_FAILED;
+ 	}
+@@ -1491,7 +1492,7 @@ static u8 sc_passkey_round(struct smp_ch
+ 			   smp->rrnd, r, cfm))
+ 			return SMP_UNSPECIFIED;
+ 
+-		if (memcmp(smp->pcnf, cfm, 16))
++		if (crypto_memneq(smp->pcnf, cfm, 16))
+ 			return SMP_CONFIRM_FAILED;
+ 
+ 		smp->passkey_round++;
+@@ -1875,7 +1876,7 @@ static u8 sc_send_public_key(struct smp_
+ 			/* This is unlikely, but we need to check that
+ 			 * we didn't accidentially generate a debug key.
+ 			 */
+-			if (memcmp(smp->local_sk, debug_sk, 32))
++			if (crypto_memneq(smp->local_sk, debug_sk, 32))
+ 				break;
+ 		}
+ 	}
+@@ -2140,7 +2141,7 @@ static u8 smp_cmd_pairing_random(struct
+ 		if (err)
+ 			return SMP_UNSPECIFIED;
+ 
+-		if (memcmp(smp->pcnf, cfm, 16))
++		if (crypto_memneq(smp->pcnf, cfm, 16))
+ 			return SMP_CONFIRM_FAILED;
+ 	} else {
+ 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
+@@ -2621,7 +2622,7 @@ static int smp_cmd_public_key(struct l2c
+ 		if (err)
+ 			return SMP_UNSPECIFIED;
+ 
+-		if (memcmp(cfm.confirm_val, smp->pcnf, 16))
++		if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16))
+ 			return SMP_CONFIRM_FAILED;
+ 	}
+ 
+@@ -2654,7 +2655,7 @@ static int smp_cmd_public_key(struct l2c
+ 	else
+ 		hcon->pending_sec_level = BT_SECURITY_FIPS;
+ 
+-	if (!memcmp(debug_pk, smp->remote_pk, 64))
++	if (!crypto_memneq(debug_pk, smp->remote_pk, 64))
+ 		set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
+ 
+ 	if (smp->method == DSP_PASSKEY) {
+@@ -2753,7 +2754,7 @@ static int smp_cmd_dhkey_check(struct l2
+ 	if (err)
+ 		return SMP_UNSPECIFIED;
+ 
+-	if (memcmp(check->e, e, 16))
++	if (crypto_memneq(check->e, e, 16))
+ 		return SMP_DHKEY_CHECK_FAILED;
+ 
+ 	if (!hcon->out) {
+@@ -3463,7 +3464,7 @@ static int __init test_ah(struct crypto_
+ 	if (err)
+ 		return err;
+ 
+-	if (memcmp(res, exp, 3))
++	if (crypto_memneq(res, exp, 3))
+ 		return -EINVAL;
+ 
+ 	return 0;
+@@ -3493,7 +3494,7 @@ static int __init test_c1(struct crypto_
+ 	if (err)
+ 		return err;
+ 
+-	if (memcmp(res, exp, 16))
++	if (crypto_memneq(res, exp, 16))
+ 		return -EINVAL;
+ 
+ 	return 0;
+@@ -3518,7 +3519,7 @@ static int __init test_s1(struct crypto_
+ 	if (err)
+ 		return err;
+ 
+-	if (memcmp(res, exp, 16))
++	if (crypto_memneq(res, exp, 16))
+ 		return -EINVAL;
+ 
+ 	return 0;
+@@ -3550,7 +3551,7 @@ static int __init test_f4(struct crypto_
+ 	if (err)
+ 		return err;
+ 
+-	if (memcmp(res, exp, 16))
++	if (crypto_memneq(res, exp, 16))
+ 		return -EINVAL;
+ 
+ 	return 0;
+@@ -3584,10 +3585,10 @@ static int __init test_f5(struct crypto_
+ 	if (err)
+ 		return err;
+ 
+-	if (memcmp(mackey, exp_mackey, 16))
++	if (crypto_memneq(mackey, exp_mackey, 16))
+ 		return -EINVAL;
+ 
+-	if (memcmp(ltk, exp_ltk, 16))
++	if (crypto_memneq(ltk, exp_ltk, 16))
+ 		return -EINVAL;
+ 
+ 	return 0;
+@@ -3620,7 +3621,7 @@ static int __init test_f6(struct crypto_
+ 	if (err)
+ 		return err;
+ 
+-	if (memcmp(res, exp, 16))
++	if (crypto_memneq(res, exp, 16))
+ 		return -EINVAL;
+ 
+ 	return 0;
+@@ -3674,7 +3675,7 @@ static int __init test_h6(struct crypto_
+ 	if (err)
+ 		return err;
+ 
+-	if (memcmp(res, exp, 16))
++	if (crypto_memneq(res, exp, 16))
+ 		return -EINVAL;
+ 
+ 	return 0;
diff --git a/queue-4.4/perf-intel-pt-clear-fup-flag-on-error.patch b/queue-4.4/perf-intel-pt-clear-fup-flag-on-error.patch
new file mode 100644
index 00000000000..e5f4e1cc177
--- /dev/null
+++ b/queue-4.4/perf-intel-pt-clear-fup-flag-on-error.patch
@@ -0,0 +1,34 @@
+From 6a558f12dbe85437acbdec5e149ea07b5554eced Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:09 +0300
+Subject: perf intel-pt: Clear FUP flag on error
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 6a558f12dbe85437acbdec5e149ea07b5554eced upstream.
+
+Sometimes a FUP packet is associated with a TSX transaction and a flag is
+set to indicate that. Ensure that flag is cleared on any error condition
+because at that point the decoder can no longer assume it is correct.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-9-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -1924,6 +1924,8 @@ static int intel_pt_sync_ip(struct intel
+ {
+ 	int err;
+ 
++	decoder->set_fup_tx_flags = false;
++
+ 	intel_pt_log("Scanning for full IP\n");
+ 	err = intel_pt_walk_to_ip(decoder);
+ 	if (err)
diff --git a/queue-4.4/perf-intel-pt-ensure-ip-is-zero-when-state-is-intel_pt_state_no_ip.patch b/queue-4.4/perf-intel-pt-ensure-ip-is-zero-when-state-is-intel_pt_state_no_ip.patch
new file mode 100644
index 00000000000..85d216f606b
--- /dev/null
+++ b/queue-4.4/perf-intel-pt-ensure-ip-is-zero-when-state-is-intel_pt_state_no_ip.patch
@@ -0,0 +1,32 @@
+From ad7167a8cd174ba7d8c0d0ed8d8410521206d104 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:05 +0300
+Subject: perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit ad7167a8cd174ba7d8c0d0ed8d8410521206d104 upstream.
+
+A value of zero is used to indicate that there is no IP. Ensure the
+value is zero when the state is INTEL_PT_STATE_NO_IP.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-5-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -2083,6 +2083,7 @@ const struct intel_pt_state *intel_pt_de
+ 			break;
+ 		case INTEL_PT_STATE_NO_IP:
+ 			decoder->last_ip = 0;
++			decoder->ip = 0;
+ 			/* Fall through */
+ 		case INTEL_PT_STATE_ERR_RESYNC:
+ 			err = intel_pt_sync_ip(decoder);
diff --git a/queue-4.4/perf-intel-pt-fix-missing-stack-clear.patch b/queue-4.4/perf-intel-pt-fix-missing-stack-clear.patch
new file mode 100644
index 00000000000..ae194b64f98
--- /dev/null
+++ b/queue-4.4/perf-intel-pt-fix-missing-stack-clear.patch
@@ -0,0 +1,32 @@
+From 12b7080609097753fd8198cc1daf589be3ec1cca Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:04 +0300
+Subject: perf intel-pt: Fix missing stack clear
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 12b7080609097753fd8198cc1daf589be3ec1cca upstream.
+
+The return compression stack must be cleared whenever there is a PSB. Fix
+one case where that was not happening.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-4-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -1898,6 +1898,7 @@ static int intel_pt_walk_to_ip(struct in
+ 			break;
+ 
+ 		case INTEL_PT_PSB:
++			intel_pt_clear_stack(&decoder->stack);
+ 			err = intel_pt_walk_psb(decoder);
+ 			if (err)
+ 				return err;
diff --git a/queue-4.4/perf-intel-pt-improve-sample-timestamp.patch b/queue-4.4/perf-intel-pt-improve-sample-timestamp.patch
new file mode 100644
index 00000000000..db1f6eb30ce
--- /dev/null
+++ b/queue-4.4/perf-intel-pt-improve-sample-timestamp.patch
@@ -0,0 +1,114 @@
+From 3f04d98e972b59706bd43d6cc75efac91f8fba50 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:03 +0300
+Subject: perf intel-pt: Improve sample timestamp
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 3f04d98e972b59706bd43d6cc75efac91f8fba50 upstream.
+
+The decoder uses its current timestamp in samples. Usually that is a
+timestamp that has already passed, but in some cases it is a timestamp
+for a branch that the decoder is walking towards, and consequently
+hasn't reached. Improve that situation by using the pkt_state to
+determine when to use the current or previous timestamp.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-3-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |   34 ++++++++++++++++++--
+ 1 file changed, 31 insertions(+), 3 deletions(-)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -64,6 +64,25 @@ enum intel_pt_pkt_state {
+ 	INTEL_PT_STATE_FUP_NO_TIP,
+ };
+ 
++static inline bool intel_pt_sample_time(enum intel_pt_pkt_state pkt_state)
++{
++	switch (pkt_state) {
++	case INTEL_PT_STATE_NO_PSB:
++	case INTEL_PT_STATE_NO_IP:
++	case INTEL_PT_STATE_ERR_RESYNC:
++	case INTEL_PT_STATE_IN_SYNC:
++	case INTEL_PT_STATE_TNT:
++		return true;
++	case INTEL_PT_STATE_TIP:
++	case INTEL_PT_STATE_TIP_PGD:
++	case INTEL_PT_STATE_FUP:
++	case INTEL_PT_STATE_FUP_NO_TIP:
++		return false;
++	default:
++		return true;
++	};
++}
++
+ #ifdef INTEL_PT_STRICT
+ #define INTEL_PT_STATE_ERR1	INTEL_PT_STATE_NO_PSB
+ #define INTEL_PT_STATE_ERR2	INTEL_PT_STATE_NO_PSB
+@@ -98,6 +117,7 @@ struct intel_pt_decoder {
+ 	uint64_t timestamp;
+ 	uint64_t tsc_timestamp;
+ 	uint64_t ref_timestamp;
++	uint64_t sample_timestamp;
+ 	uint64_t ret_addr;
+ 	uint64_t ctc_timestamp;
+ 	uint64_t ctc_delta;
+@@ -140,6 +160,7 @@ struct intel_pt_decoder {
+ 	unsigned int fup_tx_flags;
+ 	unsigned int tx_flags;
+ 	uint64_t timestamp_insn_cnt;
++	uint64_t sample_insn_cnt;
+ 	uint64_t stuck_ip;
+ 	int no_progress;
+ 	int stuck_ip_prd;
+@@ -896,6 +917,7 @@ static int intel_pt_walk_insn(struct int
+ 
+ 	decoder->tot_insn_cnt += insn_cnt;
+ 	decoder->timestamp_insn_cnt += insn_cnt;
++	decoder->sample_insn_cnt += insn_cnt;
+ 	decoder->period_insn_cnt += insn_cnt;
+ 
+ 	if (err) {
+@@ -2035,7 +2057,7 @@ static int intel_pt_sync(struct intel_pt
+ 
+ static uint64_t intel_pt_est_timestamp(struct intel_pt_decoder *decoder)
+ {
+-	uint64_t est = decoder->timestamp_insn_cnt << 1;
++	uint64_t est = decoder->sample_insn_cnt << 1;
+ 
+ 	if (!decoder->cbr || !decoder->max_non_turbo_ratio)
+ 		goto out;
+@@ -2043,7 +2065,7 @@ static uint64_t intel_pt_est_timestamp(s
+ 	est *= decoder->max_non_turbo_ratio;
+ 	est /= decoder->cbr;
+ out:
+-	return decoder->timestamp + est;
++	return decoder->sample_timestamp + est;
+ }
+ 
+ const struct intel_pt_state *intel_pt_decode(struct intel_pt_decoder *decoder)
+@@ -2099,11 +2121,17 @@ const struct intel_pt_state *intel_pt_de
+ 	if (err) {
+ 		decoder->state.err = intel_pt_ext_err(err);
+ 		decoder->state.from_ip = decoder->ip;
++		decoder->sample_timestamp = decoder->timestamp;
++		decoder->sample_insn_cnt = decoder->timestamp_insn_cnt;
+ 	} else {
+ 		decoder->state.err = 0;
++		if (intel_pt_sample_time(decoder->pkt_state)) {
++			decoder->sample_timestamp = decoder->timestamp;
++			decoder->sample_insn_cnt = decoder->timestamp_insn_cnt;
++		}
+ 	}
+ 
+-	decoder->state.timestamp = decoder->timestamp;
++	decoder->state.timestamp = decoder->sample_timestamp;
+ 	decoder->state.est_timestamp = intel_pt_est_timestamp(decoder);
+ 	decoder->state.cr3 = decoder->cr3;
+ 	decoder->state.tot_insn_cnt = decoder->tot_insn_cnt;
diff --git a/queue-4.4/perf-intel-pt-move-decoder-error-setting-into-one-condition.patch b/queue-4.4/perf-intel-pt-move-decoder-error-setting-into-one-condition.patch
new file mode 100644
index 00000000000..3cba527c60e
--- /dev/null
+++ b/queue-4.4/perf-intel-pt-move-decoder-error-setting-into-one-condition.patch
@@ -0,0 +1,48 @@
+From 22c06892332d8916115525145b78e606e9cc6492 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:02 +0300
+Subject: perf intel-pt: Move decoder error setting into one condition
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 22c06892332d8916115525145b78e606e9cc6492 upstream.
+
+Move decoder error setting into one condition.
+
+Cc'ed to stable because later fixes depend on it.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-2-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |   11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -2096,15 +2096,18 @@ const struct intel_pt_state *intel_pt_de
+ 		}
+ 	} while (err == -ENOLINK);
+ 
+-	decoder->state.err = err ? intel_pt_ext_err(err) : 0;
++	if (err) {
++		decoder->state.err = intel_pt_ext_err(err);
++		decoder->state.from_ip = decoder->ip;
++	} else {
++		decoder->state.err = 0;
++	}
++
+ 	decoder->state.timestamp = decoder->timestamp;
+ 	decoder->state.est_timestamp = intel_pt_est_timestamp(decoder);
+ 	decoder->state.cr3 = decoder->cr3;
+ 	decoder->state.tot_insn_cnt = decoder->tot_insn_cnt;
+ 
+-	if (err)
+-		decoder->state.from_ip = decoder->ip;
+-
+ 	return &decoder->state;
+ }
+ 
diff --git a/queue-4.4/series b/queue-4.4/series
index 68bf7fbe12d..e09015ca7e9 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -12,3 +12,9 @@ nfc-nfcmrvl-fix-firmware-management-initialisation.patch
 nfc-ensure-presence-of-required-attributes-in-the-activate_target-handler.patch
 nfc-fix-the-sockaddr-length-sanitization-in-llcp_sock_connect.patch
 nfc-add-sockaddr-length-checks-before-accessing-sa_family-in-bind-handlers.patch
+perf-intel-pt-move-decoder-error-setting-into-one-condition.patch
+perf-intel-pt-improve-sample-timestamp.patch
+perf-intel-pt-fix-missing-stack-clear.patch
+perf-intel-pt-ensure-ip-is-zero-when-state-is-intel_pt_state_no_ip.patch
+perf-intel-pt-clear-fup-flag-on-error.patch
+bluetooth-use-constant-time-memory-comparison-for-secret-values.patch
-- 
2.47.3