Home Home > GIT Browse > SLE11-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichal Hocko <mhocko@suse.com>2019-01-03 10:47:20 +0100
committerMichal Hocko <mhocko@suse.com>2019-01-03 10:47:20 +0100
commitdbc7e6c4a49adf9e6b1a3c7341344aa6b8d9eb38 (patch)
treeb807e963af8f24d9e42367f47d0a624612c48ecd
parent72d8c14b276b35428747a548222b0dea5c3d30d5 (diff)
parent337b67ec27b1541b05472712c6f8bbde5e7ba7a1 (diff)
Merge remote-tracking branch 'origin/users/mbenes/SLE11-SP4/for-next' into users/mhocko/SLE11-SP4/for-next
-rw-r--r--blacklist.conf12
-rw-r--r--patches.fixes/ring-buffer-always-reset-iterator-to-reader-page.patch132
-rw-r--r--patches.fixes/ring-buffer-fix-first-commit-on-sub-buffer-having-non-zero-delta.patch48
-rw-r--r--patches.fixes/ring-buffer-fix-infinite-spin-in-reading-buffer.patch55
-rw-r--r--patches.fixes/ring-buffer-have-ring_buffer_iter_empty-return-true-when-empty.patch87
-rw-r--r--patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch54
-rw-r--r--patches.fixes/ring-buffer-up-rb_iter_peek-loop-count-to-3.patch99
-rw-r--r--patches.fixes/tracepoints-do-not-trace-when-cpu-is-offline.patch88
-rw-r--r--patches.fixes/tracing-add-undef-to-fix-compile-error.patch40
-rw-r--r--patches.fixes/tracing-allow-events-to-have-null-strings.patch87
-rw-r--r--patches.fixes/tracing-do-not-add-event-files-for-modules-that-fail-tracepoints.patch61
-rw-r--r--patches.fixes/tracing-fix-check-for-cpu-online-when-event-is-disabled.patch70
-rw-r--r--patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch41
-rw-r--r--patches.fixes/tracing-kprobes-allow-to-create-probe-with-a-module-name-starting-with-a-digit.patch73
-rw-r--r--patches.fixes/tracing-move-mutex-to-protect-against-resetting-of-seq-data.patch51
-rw-r--r--patches.fixes/tracing-probeevent-fix-to-support-minus-offset-from-symbol.patch79
-rw-r--r--series.conf17
17 files changed, 1094 insertions, 0 deletions
diff --git a/blacklist.conf b/blacklist.conf
index 4c68176844..be3be6f4f5 100644
--- a/blacklist.conf
+++ b/blacklist.conf
@@ -310,3 +310,15 @@ c4ac4496e835b78a45dfbf74f6173932217e4116 # unlikely error case
a3ed5f213b8f4708be73df595c2e6709ede416c2 # depends on support for newer firmware
2e01280d2801c72878cf3a7119eac30077b463d5 # false positive
ac3e233d29f7f77f28243af0132057d378d3ea58 # SLE11 doesn't care about LLD
+67b84999b1a8b1af5625b1eabe92146c5eb42932 # cleanup only
+8a56d7761d2d041ae5e8215d20b4167d8aa93f51 # function graph tracer is disabled
+a4c35ed241129dd142be4cadb1e5a474a56d5464 # function tracer is disabled
+97b8ee845393701edc06e27ccec2876ff9596019 # we don't have 15693458c4bc0693fd63a50d60f35b628fcf4e29, bsc#1120093
+cb86e05390debcc084cfdb0a71ed4c5dbbec517d # preempt and irqsoff tracers are disabled
+82cc4fc2e70ec5baeff8f776f2773abc8b2cc0ae # function tracer is disabled
+acceb72e90624ec6c3f2fc62e72dab892cd075da # duplicate of 82cc4fc2e70ec5baeff8f776f2773abc8b2cc0ae
+46320a6acc4fb58f04bcf78c4c942cc43b20f986 # ftrace selftests
+8dd33bcb7050dd6f8c1432732f930932c9d3a33e # irqsoff tracer is disabled, also not applicable
+90e406f96f630c07d631a021fd4af10aac913e77 # memory optimization
+6b7e633fe9c24682df550e5311f47fb524701586 # optimization
+1fe4293f4b8de75824935f8d8e9a99c7fc6873da # function graph tracer is disabled
diff --git a/patches.fixes/ring-buffer-always-reset-iterator-to-reader-page.patch b/patches.fixes/ring-buffer-always-reset-iterator-to-reader-page.patch
new file mode 100644
index 0000000000..009918f509
--- /dev/null
+++ b/patches.fixes/ring-buffer-always-reset-iterator-to-reader-page.patch
@@ -0,0 +1,132 @@
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Wed, 6 Aug 2014 14:11:33 -0400
+Subject: ring-buffer: Always reset iterator to reader page
+Git-commit: 651e22f2701b4113989237c3048d17337dd2185c
+Patch-mainline: v3.17-rc1
+References: bsc#1120107
+
+When performing a consuming read, the ring buffer swaps out a
+page from the ring buffer with a empty page and this page that
+was swapped out becomes the new reader page. The reader page
+is owned by the reader and since it was swapped out of the ring
+buffer, writers do not have access to it (there's an exception
+to that rule, but it's out of scope for this commit).
+
+When reading the "trace" file, it is a non consuming read, which
+means that the data in the ring buffer will not be modified.
+When the trace file is opened, a ring buffer iterator is allocated
+and writes to the ring buffer are disabled, such that the iterator
+will not have issues iterating over the data.
+
+Although the ring buffer disabled writes, it does not disable other
+reads, or even consuming reads. If a consuming read happens, then
+the iterator is reset and starts reading from the beginning again.
+
+My tests would sometimes trigger this bug on my i386 box:
+
+WARNING: CPU: 0 PID: 5175 at kernel/trace/trace.c:1527 __trace_find_cmdline+0x66/0xaa()
+Modules linked in:
+CPU: 0 PID: 5175 Comm: grep Not tainted 3.16.0-rc3-test+ #8
+Hardware name: /DG965MQ, BIOS MQ96510J.86A.0372.2006.0605.1717 06/05/2006
+ 00000000 00000000 f09c9e1c c18796b3 c1b5d74c f09c9e4c c103a0e3 c1b5154b
+ f09c9e78 00001437 c1b5d74c 000005f7 c10bd85a c10bd85a c1cac57c f09c9eb0
+ ed0e0000 f09c9e64 c103a185 00000009 f09c9e5c c1b5154b f09c9e78 f09c9e80^M
+Call Trace:
+ [<c18796b3>] dump_stack+0x4b/0x75
+ [<c103a0e3>] warn_slowpath_common+0x7e/0x95
+ [<c10bd85a>] ? __trace_find_cmdline+0x66/0xaa
+ [<c10bd85a>] ? __trace_find_cmdline+0x66/0xaa
+ [<c103a185>] warn_slowpath_fmt+0x33/0x35
+ [<c10bd85a>] __trace_find_cmdline+0x66/0xaa^M
+ [<c10bed04>] trace_find_cmdline+0x40/0x64
+ [<c10c3c16>] trace_print_context+0x27/0xec
+ [<c10c4360>] ? trace_seq_printf+0x37/0x5b
+ [<c10c0b15>] print_trace_line+0x319/0x39b
+ [<c10ba3fb>] ? ring_buffer_read+0x47/0x50
+ [<c10c13b1>] s_show+0x192/0x1ab
+ [<c10bfd9a>] ? s_next+0x5a/0x7c
+ [<c112e76e>] seq_read+0x267/0x34c
+ [<c1115a25>] vfs_read+0x8c/0xef
+ [<c112e507>] ? seq_lseek+0x154/0x154
+ [<c1115ba2>] SyS_read+0x54/0x7f
+ [<c188488e>] syscall_call+0x7/0xb
+---[ end trace 3f507febd6b4cc83 ]---
+>>>> ##### CPU 1 buffer started ####
+
+Which was the __trace_find_cmdline() function complaining about the pid
+in the event record being negative.
+
+After adding more test cases, this would trigger more often. Strangely
+enough, it would never trigger on a single test, but instead would trigger
+only when running all the tests. I believe that was the case because it
+required one of the tests to be shutting down via delayed instances while
+a new test started up.
+
+After spending several days debugging this, I found that it was caused by
+the iterator becoming corrupted. Debugging further, I found out why
+the iterator became corrupted. It happened with the rb_iter_reset().
+
+As consuming reads may not read the full reader page, and only part
+of it, there's a "read" field to know where the last read took place.
+The iterator, must also start at the read position. In the rb_iter_reset()
+code, if the reader page was disconnected from the ring buffer, the iterator
+would start at the head page within the ring buffer (where writes still
+happen). But the mistake there was that it still used the "read" field
+to start the iterator on the head page, where it should always start
+at zero because readers never read from within the ring buffer where
+writes occur.
+
+I originally wrote a patch to have it set the iter->head to 0 instead
+of iter->head_page->read, but then I questioned why it wasn't always
+setting the iter to point to the reader page, as the reader page is
+still valid. The list_empty(reader_page->list) just means that it was
+successful in swapping out. But the reader_page may still have data.
+
+There was a bug report a long time ago that was not reproducible that
+had something about trace_pipe (consuming read) not matching trace
+(iterator read). This may explain why that happened.
+
+Anyway, the correct answer to this bug is to always use the reader page
+an not reset the iterator to inside the writable ring buffer.
+
+Cc: stable@vger.kernel.org # 2.6.28+
+Fixes: d769041f8653 "ring_buffer: implement new locking"
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/ring_buffer.c | 17 ++++++-----------
+ 1 file changed, 6 insertions(+), 11 deletions(-)
+
+diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
+index 31a9edd7aa93..b95381ebdd5e 100644
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -3357,21 +3357,16 @@ static void rb_iter_reset(struct ring_buffer_iter *iter)
+ struct ring_buffer_per_cpu *cpu_buffer = iter->cpu_buffer;
+
+ /* Iterator usage is expected to have record disabled */
+- if (list_empty(&cpu_buffer->reader_page->list)) {
+- iter->head_page = rb_set_head_page(cpu_buffer);
+- if (unlikely(!iter->head_page))
+- return;
+- iter->head = iter->head_page->read;
+- } else {
+- iter->head_page = cpu_buffer->reader_page;
+- iter->head = cpu_buffer->reader_page->read;
+- }
++ iter->head_page = cpu_buffer->reader_page;
++ iter->head = cpu_buffer->reader_page->read;
++
++ iter->cache_reader_page = iter->head_page;
++ iter->cache_read = iter->head;
++
+ if (iter->head)
+ iter->read_stamp = cpu_buffer->read_stamp;
+ else
+ iter->read_stamp = iter->head_page->page->time_stamp;
+- iter->cache_reader_page = cpu_buffer->reader_page;
+- iter->cache_read = cpu_buffer->read;
+ }
+
+ /**
+
diff --git a/patches.fixes/ring-buffer-fix-first-commit-on-sub-buffer-having-non-zero-delta.patch b/patches.fixes/ring-buffer-fix-first-commit-on-sub-buffer-having-non-zero-delta.patch
new file mode 100644
index 0000000000..b737425956
--- /dev/null
+++ b/patches.fixes/ring-buffer-fix-first-commit-on-sub-buffer-having-non-zero-delta.patch
@@ -0,0 +1,48 @@
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Tue, 11 Feb 2014 13:38:54 -0500
+Subject: ring-buffer: Fix first commit on sub-buffer having non-zero delta
+Git-commit: d651aa1d68a2f0a7ee65697b04c6a92f8c0a12f2
+Patch-mainline: v3.14-rc3
+References: bsc#1120077
+
+Each sub-buffer (buffer page) has a full 64 bit timestamp. The events on
+that page use a 27 bit delta against that timestamp in order to save on
+bits written to the ring buffer. If the time between events is larger than
+what the 27 bits can hold, a "time extend" event is added to hold the
+entire 64 bit timestamp again and the events after that hold a delta from
+that timestamp.
+
+As a "time extend" is always paired with an event, it is logical to just
+allocate the event with the time extend, to make things a bit more efficient.
+
+Unfortunately, when the pairing code was written, it removed the "delta = 0"
+from the first commit on a page, causing the events on the page to be
+slightly skewed.
+
+Fixes: 69d1b839f7ee "ring-buffer: Bind time extend and data events together"
+Cc: stable@vger.kernel.org # 2.6.37+
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/ring_buffer.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
+index 294b8a271a04..fc4da2d97f9b 100644
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -2397,6 +2397,13 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+ write &= RB_WRITE_MASK;
+ tail = write - length;
+
++ /*
++ * If this is the first commit on the page, then it has the same
++ * timestamp as the page itself.
++ */
++ if (!tail)
++ delta = 0;
++
+ /* See if we shot pass the end of this buffer page */
+ if (unlikely(write > BUF_PAGE_SIZE))
+ return rb_move_tail(cpu_buffer, length, tail,
+
diff --git a/patches.fixes/ring-buffer-fix-infinite-spin-in-reading-buffer.patch b/patches.fixes/ring-buffer-fix-infinite-spin-in-reading-buffer.patch
new file mode 100644
index 0000000000..121bd90cb5
--- /dev/null
+++ b/patches.fixes/ring-buffer-fix-infinite-spin-in-reading-buffer.patch
@@ -0,0 +1,55 @@
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Thu, 2 Oct 2014 16:51:18 -0400
+Subject: ring-buffer: Fix infinite spin in reading buffer
+Git-commit: 24607f114fd14f2f37e3e0cb3d47bce96e81e848
+Patch-mainline: v3.17
+References: bsc#1120107
+
+Commit 651e22f2701b "ring-buffer: Always reset iterator to reader page"
+fixed one bug but in the process caused another one. The reset is to
+update the header page, but that fix also changed the way the cached
+reads were updated. The cache reads are used to test if an iterator
+needs to be updated or not.
+
+A ring buffer iterator, when created, disables writes to the ring buffer
+but does not stop other readers or consuming reads from happening.
+Although all readers are synchronized via a lock, they are only
+synchronized when in the ring buffer functions. Those functions may
+be called by any number of readers. The iterator continues down when
+its not interrupted by a consuming reader. If a consuming read
+occurs, the iterator starts from the beginning of the buffer.
+
+The way the iterator sees that a consuming read has happened since
+its last read is by checking the reader "cache". The cache holds the
+last counts of the read and the reader page itself.
+
+Commit 651e22f2701b changed what was saved by the cache_read when
+the rb_iter_reset() occurred, making the iterator never match the cache.
+Then if the iterator calls rb_iter_reset(), it will go into an
+infinite loop by checking if the cache doesn't match, doing the reset
+and retrying, just to see that the cache still doesn't match! Which
+should never happen as the reset is suppose to set the cache to the
+current value and there's locks that keep a consuming reader from
+having access to the data.
+
+Fixes: 651e22f2701b "ring-buffer: Always reset iterator to reader page"
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/ring_buffer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
+index b38fb2b9e237..2d75c94ae87d 100644
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -3359,7 +3359,7 @@ static void rb_iter_reset(struct ring_buffer_iter *iter)
+ iter->head = cpu_buffer->reader_page->read;
+
+ iter->cache_reader_page = iter->head_page;
+- iter->cache_read = iter->head;
++ iter->cache_read = cpu_buffer->read;
+
+ if (iter->head)
+ iter->read_stamp = cpu_buffer->read_stamp;
+
diff --git a/patches.fixes/ring-buffer-have-ring_buffer_iter_empty-return-true-when-empty.patch b/patches.fixes/ring-buffer-have-ring_buffer_iter_empty-return-true-when-empty.patch
new file mode 100644
index 0000000000..c03dbf35f2
--- /dev/null
+++ b/patches.fixes/ring-buffer-have-ring_buffer_iter_empty-return-true-when-empty.patch
@@ -0,0 +1,87 @@
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Wed, 19 Apr 2017 14:29:46 -0400
+Subject: ring-buffer: Have ring_buffer_iter_empty() return true when empty
+Git-commit: 78f7a45dac2a2d2002f98a3a95f7979867868d73
+Patch-mainline: v4.11-rc8
+References: bsc#1120107
+
+I noticed that reading the snapshot file when it is empty no longer gives a
+status. It suppose to show the status of the snapshot buffer as well as how
+to allocate and use it. For example:
+
+ ># cat snapshot
+ # tracer: nop
+ #
+ #
+ # * Snapshot is allocated *
+ #
+ # Snapshot commands:
+ # echo 0 > snapshot : Clears and frees snapshot buffer
+ # echo 1 > snapshot : Allocates snapshot buffer, if not already allocated.
+ # Takes a snapshot of the main buffer.
+ # echo 2 > snapshot : Clears snapshot buffer (but does not allocate or free)
+ # (Doesn't have to be '2' works with any number that
+ # is not a '0' or '1')
+
+But instead it just showed an empty buffer:
+
+ ># cat snapshot
+ # tracer: nop
+ #
+ # entries-in-buffer/entries-written: 0/0 #P:4
+ #
+ # _-----=> irqs-off
+ # / _----=> need-resched
+ # | / _---=> hardirq/softirq
+ # || / _--=> preempt-depth
+ # ||| / delay
+ # TASK-PID CPU# |||| TIMESTAMP FUNCTION
+ # | | | |||| | |
+
+What happened was that it was using the ring_buffer_iter_empty() function to
+see if it was empty, and if it was, it showed the status. But that function
+was returning false when it was empty. The reason was that the iter header
+page was on the reader page, and the reader page was empty, but so was the
+buffer itself. The check only tested to see if the iter was on the commit
+page, but the commit page was no longer pointing to the reader page, but as
+all pages were empty, the buffer is also.
+
+Cc: stable@vger.kernel.org
+Fixes: 651e22f2701b ("ring-buffer: Always reset iterator to reader page")
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/ring_buffer.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
+index 54e7a90db848..ca47a4fa2986 100644
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -3405,11 +3405,23 @@ EXPORT_SYMBOL_GPL(ring_buffer_iter_reset);
+ int ring_buffer_iter_empty(struct ring_buffer_iter *iter)
+ {
+ struct ring_buffer_per_cpu *cpu_buffer;
++ struct buffer_page *reader;
++ struct buffer_page *head_page;
++ struct buffer_page *commit_page;
++ unsigned commit;
+
+ cpu_buffer = iter->cpu_buffer;
+
+- return iter->head_page == cpu_buffer->commit_page &&
+- iter->head == rb_commit_index(cpu_buffer);
++ /* Remember, trace recording is off when iterator is in use */
++ reader = cpu_buffer->reader_page;
++ head_page = cpu_buffer->head_page;
++ commit_page = cpu_buffer->commit_page;
++ commit = rb_page_commit(commit_page);
++
++ return ((iter->head_page == commit_page && iter->head == commit) ||
++ (iter->head_page == reader && commit_page == head_page &&
++ head_page->read == commit &&
++ iter->head == rb_page_commit(cpu_buffer->reader_page)));
+ }
+ EXPORT_SYMBOL_GPL(ring_buffer_iter_empty);
+
+
diff --git a/patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch b/patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch
new file mode 100644
index 0000000000..77c35d2a82
--- /dev/null
+++ b/patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch
@@ -0,0 +1,54 @@
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Fri, 22 Dec 2017 20:32:35 -0500
+Subject: ring-buffer: Mask out the info bits when returning buffer page length
+Git-commit: 45d8b80c2ac5d21cd1e2954431fb676bc2b1e099
+Patch-mainline: v4.15-rc6
+References: bsc#1120094
+
+Two info bits were added to the "commit" part of the ring buffer data page
+when returned to be consumed. This was to inform the user space readers that
+events have been missed, and that the count may be stored at the end of the
+page.
+
+What wasn't handled, was the splice code that actually called a function to
+return the length of the data in order to zero out the rest of the page
+before sending it up to user space. These data bits were returned with the
+length making the value negative, and that negative value was not checked.
+It was compared to PAGE_SIZE, and only used if the size was less than
+PAGE_SIZE. Luckily PAGE_SIZE is unsigned long which made the compare an
+unsigned compare, meaning the negative size value did not end up causing a
+large portion of memory to be randomly zeroed out.
+
+Cc: stable@vger.kernel.org
+Fixes: 66a8cb95ed040 ("ring-buffer: Add place holder recording of dropped events")
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/ring_buffer.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
+index c87766c1c204..e06cde093f76 100644
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -280,6 +280,8 @@ EXPORT_SYMBOL_GPL(ring_buffer_event_data);
+ /* Missed count stored at end */
+ #define RB_MISSED_STORED (1 << 30)
+
++#define RB_MISSED_FLAGS (RB_MISSED_EVENTS|RB_MISSED_STORED)
++
+ struct buffer_data_page {
+ u64 time_stamp; /* page time stamp */
+ local_t commit; /* write committed index */
+@@ -331,7 +333,9 @@ static void rb_init_page(struct buffer_data_page *bpage)
+ */
+ size_t ring_buffer_page_len(void *page)
+ {
+- return local_read(&((struct buffer_data_page *)page)->commit)
++ struct buffer_data_page *bpage = page;
++
++ return (local_read(&bpage->commit) & ~RB_MISSED_FLAGS)
+ + BUF_PAGE_HDR_SIZE;
+ }
+
+
diff --git a/patches.fixes/ring-buffer-up-rb_iter_peek-loop-count-to-3.patch b/patches.fixes/ring-buffer-up-rb_iter_peek-loop-count-to-3.patch
new file mode 100644
index 0000000000..41d5a7f6d7
--- /dev/null
+++ b/patches.fixes/ring-buffer-up-rb_iter_peek-loop-count-to-3.patch
@@ -0,0 +1,99 @@
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Wed, 6 Aug 2014 15:36:31 -0400
+Subject: ring-buffer: Up rb_iter_peek() loop count to 3
+Git-commit: 021de3d904b88b1771a3a2cfc5b75023c391e646
+Patch-mainline: v3.17-rc1
+References: bsc#1120105
+
+After writting a test to try to trigger the bug that caused the
+ring buffer iterator to become corrupted, I hit another bug:
+
+ WARNING: CPU: 1 PID: 5281 at kernel/trace/ring_buffer.c:3766 rb_iter_peek+0x113/0x238()
+ Modules linked in: ipt_MASQUERADE sunrpc [...]
+ CPU: 1 PID: 5281 Comm: grep Tainted: G W 3.16.0-rc3-test+ #143
+ Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS SDBLI944.86P 05/08/2007
+ 0000000000000000 ffffffff81809a80 ffffffff81503fb0 0000000000000000
+ ffffffff81040ca1 ffff8800796d6010 ffffffff810c138d ffff8800796d6010
+ ffff880077438c80 ffff8800796d6010 ffff88007abbe600 0000000000000003
+ Call Trace:
+ [<ffffffff81503fb0>] ? dump_stack+0x4a/0x75
+ [<ffffffff81040ca1>] ? warn_slowpath_common+0x7e/0x97
+ [<ffffffff810c138d>] ? rb_iter_peek+0x113/0x238
+ [<ffffffff810c138d>] ? rb_iter_peek+0x113/0x238
+ [<ffffffff810c14df>] ? ring_buffer_iter_peek+0x2d/0x5c
+ [<ffffffff810c6f73>] ? tracing_iter_reset+0x6e/0x96
+ [<ffffffff810c74a3>] ? s_start+0xd7/0x17b
+ [<ffffffff8112b13e>] ? kmem_cache_alloc_trace+0xda/0xea
+ [<ffffffff8114cf94>] ? seq_read+0x148/0x361
+ [<ffffffff81132d98>] ? vfs_read+0x93/0xf1
+ [<ffffffff81132f1b>] ? SyS_read+0x60/0x8e
+ [<ffffffff8150bf9f>] ? tracesys+0xdd/0xe2
+
+Debugging this bug, which triggers when the rb_iter_peek() loops too
+many times (more than 2 times), I discovered there's a case that can
+cause that function to legitimately loop 3 times!
+
+rb_iter_peek() is different than rb_buffer_peek() as the rb_buffer_peek()
+only deals with the reader page (it's for consuming reads). The
+rb_iter_peek() is for traversing the buffer without consuming it, and as
+such, it can loop for one more reason. That is, if we hit the end of
+the reader page or any page, it will go to the next page and try again.
+
+That is, we have this:
+
+ 1. iter->head > iter->head_page->page->commit
+ (rb_inc_iter() which moves the iter to the next page)
+ try again
+
+ 2. event = rb_iter_head_event()
+ event->type_len == RINGBUF_TYPE_TIME_EXTEND
+ rb_advance_iter()
+ try again
+
+ 3. read the event.
+
+But we never get to 3, because the count is greater than 2 and we
+cause the WARNING and return NULL.
+
+Up the counter to 3.
+
+Cc: stable@vger.kernel.org # 2.6.37+
+Fixes: 69d1b839f7ee "ring-buffer: Bind time extend and data events together"
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/ring_buffer.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -1611,7 +1611,7 @@ rb_add_time_stamp(struct ring_buffer_eve
+
+ /**
+ * ring_buffer_update_event - update event type and data
+- * @event: the even to update
++ * @event: the event to update
+ * @type: the type of event
+ * @length: the size of the event field in the ring buffer
+ *
+@@ -3166,12 +3166,14 @@ rb_iter_peek(struct ring_buffer_iter *it
+ return NULL;
+
+ /*
+- * We repeat when a time extend is encountered.
+- * Since the time extend is always attached to a data event,
+- * we should never loop more than once.
+- * (We never hit the following condition more than twice).
++ * We repeat when a time extend is encountered or we hit
++ * the end of the page. Since the time extend is always attached
++ * to a data event, we should never loop more than three times.
++ * Once for going to next page, once on time extend, and
++ * finally once to get the event.
++ * (We never hit the following condition more than thrice).
+ */
+- if (RB_WARN_ON(cpu_buffer, ++nr_loops > 2))
++ if (RB_WARN_ON(cpu_buffer, ++nr_loops > 3))
+ return NULL;
+
+ if (rb_per_cpu_empty(cpu_buffer))
+
diff --git a/patches.fixes/tracepoints-do-not-trace-when-cpu-is-offline.patch b/patches.fixes/tracepoints-do-not-trace-when-cpu-is-offline.patch
new file mode 100644
index 0000000000..8d676e93b1
--- /dev/null
+++ b/patches.fixes/tracepoints-do-not-trace-when-cpu-is-offline.patch
@@ -0,0 +1,88 @@
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Mon, 15 Feb 2016 12:36:14 -0500
+Subject: tracepoints: Do not trace when cpu is offline
+Git-commit: f37755490fe9bf76f6ba1d8c6591745d3574a6a6
+Patch-mainline: v4.5-rc5
+References: bsc#1120109
+
+The tracepoint infrastructure uses RCU sched protection to enable and
+disable tracepoints safely. There are some instances where tracepoints are
+used in infrastructure code (like kfree()) that get called after a CPU is
+going offline, and perhaps when it is coming back online but hasn't been
+registered yet.
+
+This can probuce the following warning:
+
+ [ INFO: suspicious RCU usage. ]
+ 4.4.0-00006-g0fe53e8-dirty #34 Tainted: G S
+ -------------------------------
+ include/trace/events/kmem.h:141 suspicious rcu_dereference_check() usage!
+
+ other info that might help us debug this:
+
+ RCU used illegally from offline CPU! rcu_scheduler_active = 1, debug_locks = 1
+ no locks held by swapper/8/0.
+
+ stack backtrace:
+ CPU: 8 PID: 0 Comm: swapper/8 Tainted: G S 4.4.0-00006-g0fe53e8-dirty #34
+ Call Trace:
+ [c0000005b76c78d0] [c0000000008b9540] .dump_stack+0x98/0xd4 (unreliable)
+ [c0000005b76c7950] [c00000000010c898] .lockdep_rcu_suspicious+0x108/0x170
+ [c0000005b76c79e0] [c00000000029adc0] .kfree+0x390/0x440
+ [c0000005b76c7a80] [c000000000055f74] .destroy_context+0x44/0x100
+ [c0000005b76c7b00] [c0000000000934a0] .__mmdrop+0x60/0x150
+ [c0000005b76c7b90] [c0000000000e3ff0] .idle_task_exit+0x130/0x140
+ [c0000005b76c7c20] [c000000000075804] .pseries_mach_cpu_die+0x64/0x310
+ [c0000005b76c7cd0] [c000000000043e7c] .cpu_die+0x3c/0x60
+ [c0000005b76c7d40] [c0000000000188d8] .arch_cpu_idle_dead+0x28/0x40
+ [c0000005b76c7db0] [c000000000101e6c] .cpu_startup_entry+0x50c/0x560
+ [c0000005b76c7ed0] [c000000000043bd8] .start_secondary+0x328/0x360
+ [c0000005b76c7f90] [c000000000008a6c] start_secondary_prolog+0x10/0x14
+
+This warning is not a false positive either. RCU is not protecting code that
+is being executed while the CPU is offline.
+
+Instead of playing "whack-a-mole(TM)" and adding conditional statements to
+the tracepoints we find that are used in this instance, simply add a
+cpu_online() test to the tracepoint code where the tracepoint will be
+ignored if the CPU is offline.
+
+Use of raw_smp_processor_id() is fine, as there should never be a case where
+the tracepoint code goes from running on a CPU that is online and suddenly
+gets migrated to a CPU that is offline.
+
+Link: http://lkml.kernel.org/r/1455387773-4245-1-git-send-email-kda@linux-powerpc.org
+
+Reported-by: Denis Kirjanov <kda@linux-powerpc.org>
+Fixes: 97e1c18e8d17b ("tracing: Kernel Tracepoints")
+Cc: stable@vger.kernel.org # v2.6.28+
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ include/linux/tracepoint.h | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/include/linux/tracepoint.h
++++ b/include/linux/tracepoint.h
+@@ -14,8 +14,10 @@
+ * See the file COPYING for more details.
+ */
+
++#include <linux/smp.h>
+ #include <linux/errno.h>
+ #include <linux/types.h>
++#include <linux/cpumask.h>
+ #include <linux/rcupdate.h>
+ #include <linux/jump_label.h>
+
+@@ -123,6 +125,9 @@ void tracepoint_update_probe_range(struc
+ void *it_func; \
+ void *__data; \
+ \
++ if (!cpu_online(raw_smp_processor_id())) \
++ return; \
++ \
+ if (!(cond)) \
+ return; \
+ rcu_read_lock_sched_notrace(); \
+
diff --git a/patches.fixes/tracing-add-undef-to-fix-compile-error.patch b/patches.fixes/tracing-add-undef-to-fix-compile-error.patch
new file mode 100644
index 0000000000..7a9a2f8aac
--- /dev/null
+++ b/patches.fixes/tracing-add-undef-to-fix-compile-error.patch
@@ -0,0 +1,40 @@
+From: Rik van Riel <riel@redhat.com>
+Date: Wed, 28 Sep 2016 22:55:54 -0400
+Subject: tracing: Add #undef to fix compile error
+Git-commit: bf7165cfa23695c51998231c4efa080fe1d3548d
+Patch-mainline: v4.11-rc2
+References: bsc#1120226
+
+There are several trace include files that define TRACE_INCLUDE_FILE.
+
+Include several of them in the same .c file (as I currently have in
+some code I am working on), and the compile will blow up with a
+"warning: "TRACE_INCLUDE_FILE" redefined #define TRACE_INCLUDE_FILE syscalls"
+
+Every other include file in include/trace/events/ avoids that issue
+by having a #undef TRACE_INCLUDE_FILE before the #define; syscalls.h
+should have one, too.
+
+Link: http://lkml.kernel.org/r/20160928225554.13bd7ac6@annuminas.surriel.com
+
+Cc: stable@vger.kernel.org
+Fixes: b8007ef74222 ("tracing: Separate raw syscall from syscall tracer")
+Signed-off-by: Rik van Riel <riel@redhat.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ include/trace/events/syscalls.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/trace/events/syscalls.h b/include/trace/events/syscalls.h
+index 14e49c798135..b35533b94277 100644
+--- a/include/trace/events/syscalls.h
++++ b/include/trace/events/syscalls.h
+@@ -1,5 +1,6 @@
+ #undef TRACE_SYSTEM
+ #define TRACE_SYSTEM raw_syscalls
++#undef TRACE_INCLUDE_FILE
+ #define TRACE_INCLUDE_FILE syscalls
+
+ #if !defined(_TRACE_EVENTS_SYSCALLS_H) || defined(TRACE_HEADER_MULTI_READ)
+
diff --git a/patches.fixes/tracing-allow-events-to-have-null-strings.patch b/patches.fixes/tracing-allow-events-to-have-null-strings.patch
new file mode 100644
index 0000000000..820e769cec
--- /dev/null
+++ b/patches.fixes/tracing-allow-events-to-have-null-strings.patch
@@ -0,0 +1,87 @@
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Tue, 26 Nov 2013 09:22:54 -0500
+Subject: tracing: Allow events to have NULL strings
+Git-commit: 4e58e54754dc1fec21c3a9e824bc108b05fdf46e
+Patch-mainline: v3.13-rc2
+References: bsc#1120056
+
+If an TRACE_EVENT() uses __assign_str() or __get_str on a NULL pointer
+then the following oops will happen:
+
+BUG: unable to handle kernel NULL pointer dereference at (null)
+IP: [<c127a17b>] strlen+0x10/0x1a
+*pde = 00000000 ^M
+Oops: 0000 [#1] PREEMPT SMP
+Modules linked in:
+CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.13.0-rc1-test+ #2
+Hardware name: /DG965MQ, BIOS MQ96510J.86A.0372.2006.0605.1717 06/05/2006^M
+task: f5cde9f0 ti: f5e5e000 task.ti: f5e5e000
+EIP: 0060:[<c127a17b>] EFLAGS: 00210046 CPU: 1
+EIP is at strlen+0x10/0x1a
+EAX: 00000000 EBX: c2472da8 ECX: ffffffff EDX: c2472da8
+ESI: c1c5e5fc EDI: 00000000 EBP: f5e5fe84 ESP: f5e5fe80
+ DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
+CR0: 8005003b CR2: 00000000 CR3: 01f32000 CR4: 000007d0
+Stack:
+ f5f18b90 f5e5feb8 c10687a8 0759004f 00000005 00000005 00000005 00200046
+ 00000002 00000000 c1082a93 f56c7e28 c2472da8 c1082a93 f5e5fee4 c106bc61^M
+ 00000000 c1082a93 00000000 00000000 00000001 00200046 00200082 00000000
+Call Trace:
+ [<c10687a8>] ftrace_raw_event_lock+0x39/0xc0
+ [<c1082a93>] ? ktime_get+0x29/0x69
+ [<c1082a93>] ? ktime_get+0x29/0x69
+ [<c106bc61>] lock_release+0x57/0x1a5
+ [<c1082a93>] ? ktime_get+0x29/0x69
+ [<c10824dd>] read_seqcount_begin.constprop.7+0x4d/0x75
+ [<c1082a93>] ? ktime_get+0x29/0x69^M
+ [<c1082a93>] ktime_get+0x29/0x69
+ [<c108a46a>] __tick_nohz_idle_enter+0x1e/0x426
+ [<c10690e8>] ? lock_release_holdtime.part.19+0x48/0x4d
+ [<c10bc184>] ? time_hardirqs_off+0xe/0x28
+ [<c1068c82>] ? trace_hardirqs_off_caller+0x3f/0xaf
+ [<c108a8cb>] tick_nohz_idle_enter+0x59/0x62
+ [<c1079242>] cpu_startup_entry+0x64/0x192
+ [<c102299c>] start_secondary+0x277/0x27c
+Code: 90 89 c6 89 d0 88 c4 ac 38 e0 74 09 84 c0 75 f7 be 01 00 00 00 89 f0 48 5e 5d c3 55 89 e5 57 66 66 66 66 90 83 c9 ff 89 c7 31 c0 <f2> ae f7 d1 8d 41 ff 5f 5d c3 55 89 e5 57 66 66 66 66 90 31 ff
+EIP: [<c127a17b>] strlen+0x10/0x1a SS:ESP 0068:f5e5fe80
+CR2: 0000000000000000
+---[ end trace 01bc47bf519ec1b2 ]---
+
+New tracepoints have been added that have allowed for NULL pointers
+being assigned to strings. To fix this, change the TRACE_EVENT() code
+to check for NULL and if it is, it will assign "(null)" to it instead
+(similar to what glibc printf does).
+
+Reported-by: Shuah Khan <shuah.kh@samsung.com>
+Reported-by: Jovi Zhangwei <jovi.zhangwei@gmail.com>
+Link: http://lkml.kernel.org/r/CAGdX0WFeEuy+DtpsJzyzn0343qEEjLX97+o1VREFkUEhndC+5Q@mail.gmail.com
+Link: http://lkml.kernel.org/r/528D6972.9010702@samsung.com
+Fixes: 9cbf117662e2 ("tracing/events: provide string with undefined size support")
+Cc: stable@vger.kernel.org # 2.6.31+
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ include/trace/ftrace.h | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/include/trace/ftrace.h
++++ b/include/trace/ftrace.h
+@@ -389,7 +389,8 @@ ftrace_define_fields_##call(struct ftrac
+ __data_size += (len) * sizeof(type);
+
+ #undef __string
+-#define __string(item, src) __dynamic_array(char, item, strlen(src) + 1)
++#define __string(item, src) __dynamic_array(char, item, \
++ strlen((src) ? (const char *)(src) : "(null)") + 1)
+
+ #undef __file_p
+ #define __file_p(item, src) \
+@@ -524,7 +525,7 @@ static inline notrace int ftrace_get_off
+
+ #undef __assign_str
+ #define __assign_str(dst, src) \
+- strcpy(__get_str(dst), src);
++ strcpy(__get_str(dst), (src) ? (const char *)(src) : "(null)");
+
+ #undef __assign_file_p
+ #define __assign_file_p(dst, src) \
diff --git a/patches.fixes/tracing-do-not-add-event-files-for-modules-that-fail-tracepoints.patch b/patches.fixes/tracing-do-not-add-event-files-for-modules-that-fail-tracepoints.patch
new file mode 100644
index 0000000000..ac69003514
--- /dev/null
+++ b/patches.fixes/tracing-do-not-add-event-files-for-modules-that-fail-tracepoints.patch
@@ -0,0 +1,61 @@
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Wed, 26 Feb 2014 13:37:38 -0500
+Subject: tracing: Do not add event files for modules that fail tracepoints
+Git-commit: 45ab2813d40d88fc575e753c38478de242d03f88
+Patch-mainline: v3.14-rc6
+References: bsc#1120086
+
+If a module fails to add its tracepoints due to module tainting, do not
+create the module event infrastructure in the debugfs directory. As the events
+will not work and worse yet, they will silently fail, making the user wonder
+why the events they enable do not display anything.
+
+Having a warning on module load and the events not visible to the users
+will make the cause of the problem much clearer.
+
+Link: http://lkml.kernel.org/r/20140227154923.265882695@goodmis.org
+
+Fixes: 6d723736e472 "tracing/events: add support for modules to TRACE_EVENT"
+Acked-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: stable@vger.kernel.org # 2.6.31+
+Cc: Rusty Russell <rusty@rustcorp.com.au>
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ include/linux/tracepoint.h | 5 +++++
+ kernel/trace/trace_events.c | 10 ++++++++++
+ 2 files changed, 15 insertions(+)
+
+--- a/include/linux/tracepoint.h
++++ b/include/linux/tracepoint.h
+@@ -56,6 +56,11 @@ extern void tracepoint_probe_update_all(
+
+ #ifdef CONFIG_MODULES
+ bool trace_module_has_bad_taint(struct module *mod);
++#else
++static inline bool trace_module_has_bad_taint(struct module *mod)
++{
++ return false;
++}
+ #endif
+
+ struct tracepoint_iter {
+--- a/kernel/trace/trace_events.c
++++ b/kernel/trace/trace_events.c
+@@ -1401,6 +1401,16 @@ static void trace_module_add_events(stru
+ struct ftrace_module_file_ops *file_ops = NULL;
+ struct ftrace_event_call **call, **start, **end;
+
++ if (!mod->num_trace_events)
++ return;
++
++ /* Don't add infrastructure for mods without tracepoints */
++ if (trace_module_has_bad_taint(mod)) {
++ pr_err("%s: module has bad taint, not creating trace events\n",
++ mod->name);
++ return;
++ }
++
+ start = mod->trace_events;
+ end = mod->trace_events + mod->num_trace_events;
+
diff --git a/patches.fixes/tracing-fix-check-for-cpu-online-when-event-is-disabled.patch b/patches.fixes/tracing-fix-check-for-cpu-online-when-event-is-disabled.patch
new file mode 100644
index 0000000000..042995d0ff
--- /dev/null
+++ b/patches.fixes/tracing-fix-check-for-cpu-online-when-event-is-disabled.patch
@@ -0,0 +1,70 @@
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Wed, 9 Mar 2016 11:58:41 -0500
+Subject: tracing: Fix check for cpu online when event is disabled
+Git-commit: dc17147de328a74bbdee67c1bf37d2f1992de756
+Patch-mainline: v4.5
+References: bsc#1120109
+
+Commit f37755490fe9b ("tracepoints: Do not trace when cpu is offline") added
+a check to make sure that tracepoints only get called when the cpu is
+online, as it uses rcu_read_lock_sched() for protection.
+
+Commit 3a630178fd5f3 ("tracing: generate RCU warnings even when tracepoints
+are disabled") added lockdep checks (including rcu checks) for events that
+are not enabled to catch possible RCU issues that would only be triggered if
+a trace event was enabled. Commit f37755490fe9b only stopped the warnings
+when the trace event was enabled but did not prevent warnings if the trace
+event was called when disabled.
+
+To fix this, the cpu online check is moved to where the condition is added
+to the trace event. This will place the cpu online check in all places that
+it may be used now and in the future.
+
+Cc: stable@vger.kernel.org # v3.18+
+Fixes: f37755490fe9b ("tracepoints: Do not trace when cpu is offline")
+Fixes: 3a630178fd5f3 ("tracing: generate RCU warnings even when tracepoints are disabled")
+Reported-by: Sudeep Holla <sudeep.holla@arm.com>
+Tested-by: Sudeep Holla <sudeep.holla@arm.com>
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ include/linux/tracepoint.h | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+--- a/include/linux/tracepoint.h
++++ b/include/linux/tracepoint.h
+@@ -125,9 +125,6 @@ void tracepoint_update_probe_range(struc
+ void *it_func; \
+ void *__data; \
+ \
+- if (!cpu_online(raw_smp_processor_id())) \
+- return; \
+- \
+ if (!(cond)) \
+ return; \
+ rcu_read_lock_sched_notrace(); \
+@@ -239,15 +236,19 @@ void tracepoint_update_probe_range(struc
+ * "void *__data, proto" as the callback prototype.
+ */
+ #define DECLARE_TRACE_NOARGS(name) \
+- __DECLARE_TRACE(name, void, , 1, void *__data, __data)
++ __DECLARE_TRACE(name, void, , \
++ cpu_online(raw_smp_processor_id()), \
++ void *__data, __data)
+
+ #define DECLARE_TRACE(name, proto, args) \
+- __DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), 1, \
+- PARAMS(void *__data, proto), \
+- PARAMS(__data, args))
++ __DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), \
++ cpu_online(raw_smp_processor_id()), \
++ PARAMS(void *__data, proto), \
++ PARAMS(__data, args))
+
+ #define DECLARE_TRACE_CONDITION(name, proto, args, cond) \
+- __DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), PARAMS(cond), \
++ __DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), \
++ cpu_online(raw_smp_processor_id()) && (PARAMS(cond)), \
+ PARAMS(void *__data, proto), \
+ PARAMS(__data, args))
+
diff --git a/patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch b/patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch
new file mode 100644
index 0000000000..187c9e48fe
--- /dev/null
+++ b/patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch
@@ -0,0 +1,41 @@
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Wed, 9 May 2018 11:59:32 -0400
+Subject: tracing: Fix regex_match_front() to not over compare the test string
+Git-commit: dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d
+Patch-mainline: v4.17-rc5
+References: bsc#1120223
+
+The regex match function regex_match_front() in the tracing filter logic,
+was fixed to test just the pattern length from testing the entire test
+string. That is, it went from strncmp(str, r->pattern, len) to
+strcmp(str, r->pattern, r->len).
+
+The issue is that str is not guaranteed to be nul terminated, and if r->len
+is greater than the length of str, it can access more memory than is
+allocated.
+
+The solution is to add a simple test if (len < r->len) return 0.
+
+Cc: stable@vger.kernel.org
+Fixes: 285caad415f45 ("tracing/filters: Fix MATCH_FRONT_ONLY filter matching")
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/trace_events_filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
+index 1f951b3df60c..7d306b74230f 100644
+--- a/kernel/trace/trace_events_filter.c
++++ b/kernel/trace/trace_events_filter.c
+@@ -762,6 +762,9 @@ static int regex_match_full(char *str, struct regex *r, int len)
+
+ static int regex_match_front(char *str, struct regex *r, int len)
+ {
++ if (len < r->len)
++ return 0;
++
+ if (strncmp(str, r->pattern, r->len) == 0)
+ return 1;
+ return 0;
+
diff --git a/patches.fixes/tracing-kprobes-allow-to-create-probe-with-a-module-name-starting-with-a-digit.patch b/patches.fixes/tracing-kprobes-allow-to-create-probe-with-a-module-name-starting-with-a-digit.patch
new file mode 100644
index 0000000000..82ad842892
--- /dev/null
+++ b/patches.fixes/tracing-kprobes-allow-to-create-probe-with-a-module-name-starting-with-a-digit.patch
@@ -0,0 +1,73 @@
+From: Sabrina Dubroca <sd@queasysnail.net>
+Date: Thu, 22 Jun 2017 11:24:42 +0200
+Subject: tracing/kprobes: Allow to create probe with a module name starting
+ with a digit
+Git-commit: 9e52b32567126fe146f198971364f68d3bc5233f
+Patch-mainline: v4.12
+References: bsc#1120336
+
+Always try to parse an address, since kstrtoul() will safely fail when
+given a symbol as input. If that fails (which will be the case for a
+symbol), try to parse a symbol instead.
+
+This allows creating a probe such as:
+
+ p:probe/vlan_gro_receive 8021q:vlan_gro_receive+0
+
+Which is necessary for this command to work:
+
+ perf probe -m 8021q -a vlan_gro_receive
+
+Link: http://lkml.kernel.org/r/fd72d666f45b114e2c5b9cf7e27b91de1ec966f1.1498122881.git.sd@queasysnail.net
+
+Cc: stable@vger.kernel.org
+Fixes: 413d37d1e ("tracing: Add kprobe-based event tracer")
+Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/trace_kprobe.c | 21 ++++++++-------------
+ 1 file changed, 8 insertions(+), 13 deletions(-)
+
+--- a/kernel/trace/trace_kprobe.c
++++ b/kernel/trace/trace_kprobe.c
+@@ -1070,30 +1070,25 @@ static int create_trace_probe(int argc,
+ pr_info("Probe point is not specified.\n");
+ return -EINVAL;
+ }
+- if (isdigit(argv[1][0])) {
+- if (is_return) {
+- pr_info("Return probe point must be a symbol.\n");
+- return -EINVAL;
+- }
+- /* an address specified */
+- ret = strict_strtoul(&argv[1][0], 0, (unsigned long *)&addr);
+- if (ret) {
+- pr_info("Failed to parse address.\n");
+- return ret;
+- }
+- } else {
++
++ /* try to parse an address. if that fails, try to read the
++ * input as a symbol. */
++ if (strict_strtoul(argv[1], 0, (unsigned long *)&addr)) {
+ /* a symbol specified */
+ symbol = argv[1];
+ /* TODO: support .init module functions */
+ ret = split_symbol_offset(symbol, &offset);
+ if (ret) {
+- pr_info("Failed to parse symbol.\n");
++ pr_info("Failed to parse either an address or a symbol.\n");
+ return ret;
+ }
+ if (offset && is_return) {
+ pr_info("Return probe must be used without offset.\n");
+ return -EINVAL;
+ }
++ } else if (is_return) {
++ pr_info("Return probe point must be a symbol.\n");
++ return -EINVAL;
+ }
+ argc -= 2; argv += 2;
+
diff --git a/patches.fixes/tracing-move-mutex-to-protect-against-resetting-of-seq-data.patch b/patches.fixes/tracing-move-mutex-to-protect-against-resetting-of-seq-data.patch
new file mode 100644
index 0000000000..b106579d89
--- /dev/null
+++ b/patches.fixes/tracing-move-mutex-to-protect-against-resetting-of-seq-data.patch
@@ -0,0 +1,51 @@
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Fri, 23 Sep 2016 22:57:13 -0400
+Subject: tracing: Move mutex to protect against resetting of seq data
+Git-commit: 1245800c0f96eb6ebb368593e251d66c01e61022
+Patch-mainline: v4.8-rc8
+References: bsc#1120217
+
+The iter->seq can be reset outside the protection of the mutex. So can
+reading of user data. Move the mutex up to the beginning of the function.
+
+Fixes: d7350c3f45694 ("tracing/core: make the read callbacks reentrants")
+Cc: stable@vger.kernel.org # 2.6.30+
+Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/trace.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -3200,13 +3200,6 @@ tracing_read_pipe(struct file *filp, cha
+ static struct tracer *old_tracer;
+ ssize_t sret;
+
+- /* return any leftover data */
+- sret = trace_seq_to_user(&iter->seq, ubuf, cnt);
+- if (sret != -EBUSY)
+- return sret;
+-
+- trace_seq_init(&iter->seq);
+-
+ /* copy the tracer to avoid using a global lock all around */
+ mutex_lock(&trace_types_lock);
+ if (unlikely(old_tracer != current_trace && current_trace)) {
+@@ -3221,6 +3214,14 @@ tracing_read_pipe(struct file *filp, cha
+ * is protected.
+ */
+ mutex_lock(&iter->mutex);
++
++ /* return any leftover data */
++ sret = trace_seq_to_user(&iter->seq, ubuf, cnt);
++ if (sret != -EBUSY)
++ goto out;
++
++ trace_seq_init(&iter->seq);
++
+ if (iter->trace->read) {
+ sret = iter->trace->read(iter, filp, ubuf, cnt, ppos);
+ if (sret)
+
diff --git a/patches.fixes/tracing-probeevent-fix-to-support-minus-offset-from-symbol.patch b/patches.fixes/tracing-probeevent-fix-to-support-minus-offset-from-symbol.patch
new file mode 100644
index 0000000000..b74e61dc04
--- /dev/null
+++ b/patches.fixes/tracing-probeevent-fix-to-support-minus-offset-from-symbol.patch
@@ -0,0 +1,79 @@
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Sat, 17 Mar 2018 21:38:10 +0900
+Subject: tracing: probeevent: Fix to support minus offset from symbol
+Git-commit: c5d343b6b7badd1f5fe0873eff2e8d63a193e732
+Patch-mainline: v4.16-rc7
+References: bsc#1120347
+
+In Documentation/trace/kprobetrace.txt, it says
+
+ @SYM[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol)
+
+However, the parser doesn't parse minus offset correctly, since
+commit 2fba0c8867af ("tracing/kprobes: Fix probe offset to be
+unsigned") drops minus ("-") offset support for kprobe probe
+address usage.
+
+This fixes the traceprobe_split_symbol_offset() to parse minus
+offset again with checking the offset range, and add a minus
+offset check in kprobe probe address usage.
+
+Link: http://lkml.kernel.org/r/152129028983.31874.13419301530285775521.stgit@devbox
+
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
+Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
+Cc: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
+Cc: stable@vger.kernel.org
+Fixes: 2fba0c8867af ("tracing/kprobes: Fix probe offset to be unsigned")
+Acked-by: Namhyung Kim <namhyung@kernel.org>
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/trace_kprobe.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+--- a/kernel/trace/trace_kprobe.c
++++ b/kernel/trace/trace_kprobe.c
+@@ -766,7 +766,7 @@ end:
+ }
+
+ /* Split symbol and offset. */
+-static int split_symbol_offset(char *symbol, unsigned long *offset)
++static int split_symbol_offset(char *symbol, long *offset)
+ {
+ char *tmp;
+ int ret;
+@@ -774,10 +774,9 @@ static int split_symbol_offset(char *sym
+ if (!offset)
+ return -EINVAL;
+
+- tmp = strchr(symbol, '+');
++ tmp = strpbrk(symbol, "+-");
+ if (tmp) {
+- /* skip sign because strict_strtol doesn't accept '+' */
+- ret = strict_strtoul(tmp + 1, 0, offset);
++ ret = strict_strtol(tmp, 0, offset);
+ if (ret)
+ return ret;
+ *tmp = '\0';
+@@ -1011,7 +1010,7 @@ static int create_trace_probe(int argc,
+ int is_return = 0, is_delete = 0;
+ char *symbol = NULL, *event = NULL, *group = NULL;
+ char *arg;
+- unsigned long offset = 0;
++ long offset = 0;
+ void *addr = NULL;
+ char buf[MAX_EVENT_NAME_LEN];
+
+@@ -1078,7 +1077,7 @@ static int create_trace_probe(int argc,
+ symbol = argv[1];
+ /* TODO: support .init module functions */
+ ret = split_symbol_offset(symbol, &offset);
+- if (ret) {
++ if (ret || offset < 0 || offset > UINT_MAX) {
+ pr_info("Failed to parse either an address or a symbol.\n");
+ return ret;
+ }
+
diff --git a/series.conf b/series.conf
index ebf0cb0da5..6c13546725 100644
--- a/series.conf
+++ b/series.conf
@@ -23179,6 +23179,21 @@
# bsc#1104901
patches.fixes/perf-x86-intel-Add-cpu_-prepare-starting-dying-for-c.patch
+ patches.fixes/tracing-allow-events-to-have-null-strings.patch
+ patches.fixes/ring-buffer-fix-first-commit-on-sub-buffer-having-non-zero-delta.patch
+ patches.fixes/ring-buffer-up-rb_iter_peek-loop-count-to-3.patch
+ patches.fixes/ring-buffer-always-reset-iterator-to-reader-page.patch
+ patches.fixes/ring-buffer-fix-infinite-spin-in-reading-buffer.patch
+ patches.fixes/ring-buffer-have-ring_buffer_iter_empty-return-true-when-empty.patch
+ patches.fixes/tracepoints-do-not-trace-when-cpu-is-offline.patch
+ patches.fixes/tracing-fix-check-for-cpu-online-when-event-is-disabled.patch
+ patches.fixes/tracing-move-mutex-to-protect-against-resetting-of-seq-data.patch
+ patches.fixes/tracing-add-undef-to-fix-compile-error.patch
+ patches.fixes/tracing-kprobes-allow-to-create-probe-with-a-module-name-starting-with-a-digit.patch
+ patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch
+ patches.fixes/tracing-probeevent-fix-to-support-minus-offset-from-symbol.patch
+ patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch
+
########################################################
# KVM patches
########################################################
@@ -25043,6 +25058,8 @@
patches.suse/Use-E-instead-of-X-for-unsigned-module-taint-flag
patches.suse/ignore-selected-taints-for-tracepoint-modules.patch
+ patches.fixes/tracing-do-not-add-event-files-for-modules-that-fail-tracepoints.patch
+
########################################################
# support for be2iscsi, FATE#313820, bnc#777566
########################################################