diff --git a/SOURCES/rhbz1558350.patch b/SOURCES/rhbz1558350.patch
new file mode 100644
index 0000000..d9b7b55
--- /dev/null
+++ b/SOURCES/rhbz1558350.patch
@@ -0,0 +1,21 @@
+commit 4b308597838f0fbfdcc3d11845c3065ba61eb57b
+Author: Serhei Makarov <smakarov@redhat.com>
+Date: Tue Apr 10 16:13:36 2018 -0400
+
+ RHBZ1558350: fix typo in linux/nfsd.stp
+
+ * linux/nfsd.stp (probe nfsd.proc2.create): fix typo.
+
+diff --git a/tapset/linux/nfsd.stp b/tapset/linux/nfsd.stp
+index 5a70e84..74124df 100644
+--- a/tapset/linux/nfsd.stp
++++ b/tapset/linux/nfsd.stp
+@@ -901,7 +901,7 @@ probe nfsd.proc2.create = kernel.function("nfsd_proc_create") !,
+
+ if (@defined($rqstp->rq_argp)) {
+ fh = & @nfsd2_createargs($rqstp->rq_argp)->fh
+- filelen = @nfsd2_createargs($rqstp->rq_argp->len)
++ filelen = @nfsd2_createargs($rqstp->rq_argp)->len
+ filename = kernel_string_n(@nfsd2_createargs($rqstp->rq_argp)->name,
+ @nfsd2_createargs($rqstp->rq_argp)->len)
+ }
diff --git a/SOURCES/rhbz1563052.patch b/SOURCES/rhbz1563052.patch
new file mode 100644
index 0000000..2d752dc
--- /dev/null
+++ b/SOURCES/rhbz1563052.patch
@@ -0,0 +1,60 @@
+commit 3b2cf9012d600bf61aaeff855e9dc95200859b1d
+Author: Serhei Makarov <smakarov@redhat.com>
+Date: Tue Apr 10 14:40:19 2018 -0400
+
+ RHBZ1563052: fix off-by-one error in loc2c-runtime.h
+
+ The new version of kderef_string (added along with the new eBPF
+ runtime) copies an additional character compared to the old version.
+
+ * runtime/linux/loc2c-runtime.h (_stp_deref_string_nofault): reduce len by 1 to leave room for NUL terminator.
+ * testsuite/systemtap.base/set_kernel.stp: testcase for this bug.
+
+diff --git a/runtime/linux/loc2c-runtime.h b/runtime/linux/loc2c-runtime.h
+index 39dece0..fd736bd 100644
+--- a/runtime/linux/loc2c-runtime.h
++++ b/runtime/linux/loc2c-runtime.h
+@@ -722,7 +722,7 @@ static inline char *kderef_buffer_(char *dst, void *addr, size_t len)
+ *
+ * dst: read the string into this address
+ * addr: address to read from
+- * len: maximum number of bytes to read
++ * len: maximum number of bytes to store in dst, including the trailing NUL
+ * seg: memory segment to use, either kernel (KERNEL_DS) or user
+ * (USER_DS)
+ *
+@@ -745,7 +745,8 @@ static inline long _stp_deref_string_nofault(char *dst, const char *addr,
+ err = 1;
+ else
+ {
+- for (i = 0; i < len; ++i)
++ /* Reduce len by 1 to leave room for '\0' terminator. */
++ for (i = 0; i + 1 < len; ++i)
+ {
+ u8 v;
+ err = __stp_get_user(v, (u8 *)addr + i);
+diff --git a/testsuite/systemtap.base/set_kernel.stp b/testsuite/systemtap.base/set_kernel.stp
+index 729b477..dc93582 100644
+--- a/testsuite/systemtap.base/set_kernel.stp
++++ b/testsuite/systemtap.base/set_kernel.stp
+@@ -62,6 +62,20 @@ probe end(1)
+ assert_not_reached(test)
+ } catch {}
+
++ /* Be sure to also test in the other direction: */
++ test = "kernel_string_n"
++ addr = get_buffer()
++ if (assert_string(test, "", kernel_string_n(addr, 0))) {
++ set_kernel_string_n(addr, 7, "potatoe")
++ if (assert_string(test, "potatoe", kernel_string_n(addr, 7))) {
++ assert_string(test, "potato", kernel_string_n(addr, 6))
++ }
++ }
++ try {
++ println(kernel_string_n(-1, 10))
++ assert_not_reached(test)
++ } catch {}
++
+ test = "set_kernel_long"
+ addr = get_buffer()
+ long_val = %( CONFIG_64BIT == "y" %? 0x123456789ABCDEF0 %: 0x12345678 %)
diff --git a/SOURCES/rhbz1566422.patch b/SOURCES/rhbz1566422.patch
new file mode 100644
index 0000000..494e4c9
--- /dev/null
+++ b/SOURCES/rhbz1566422.patch
@@ -0,0 +1,46 @@
+commit db9c9d6e30c6cfd7b85475b5c79ee2cc51201934
+Author: Serhei Makarov <smakarov@redhat.com>
+Date: Tue Apr 17 11:35:00 2018 -0400
+
+ RHBZ1566422 - fix spurious Build-id mismatch when probing reinserted kernel module
+
+ Code for newer kernels did not clear the address of the notes-section
+ when a probed module was unloaded. This caused spurious Build-id mismatch
+ when the module was reinserted as new addresses are not computed for
+ dynamically loaded modules (see also: PR23068) and the Build-id check
+ was trying to read the notes section at the no-longer-valid old address.
+
+ * runtime/sym.c (_stp_module_notifier): clear addresses on
+ MODULE_STATE_GOING in newer kernels (>=3.10) too.
+ * runtime/transport/symbols.c (_stp_kmodule_update_address): fix logic
+ error and clear notes section addr when reloc=NULL (aka. 'all').
+
+diff --git a/runtime/sym.c b/runtime/sym.c
+index c11a35a..b6e0fd6 100644
+--- a/runtime/sym.c
++++ b/runtime/sym.c
+@@ -1045,7 +1045,7 @@ static void _stp_kmodule_update_address(const char* module,
+ if (strcmp (_stp_modules[mi]->name, module))
+ continue;
+
+- if (reloc && !strcmp (note_sectname, reloc)) {
++ if (!reloc || !strcmp (note_sectname, reloc)) {
+ dbug_sym(1, "module %s special section %s address %#lx\n",
+ _stp_modules[mi]->name,
+ note_sectname,
+diff --git a/runtime/transport/symbols.c b/runtime/transport/symbols.c
+index 64c2aeb..076c562 100644
+--- a/runtime/transport/symbols.c
++++ b/runtime/transport/symbols.c
+@@ -167,6 +167,11 @@ static int _stp_module_notifier (struct notifier_block * nb,
+ /* Verify build-id. */
+ _stp_kmodule_check (mod->name);
+ }
++ else if (val == MODULE_STATE_GOING) {
++ /* Unregister all sections. */
++ dbug_sym(2, "unregister sections\n");
++ _stp_kmodule_update_address(mod->name, NULL, 0);
++ }
+ else if (val != MODULE_STATE_GOING) {
+ return NOTIFY_DONE;
+ }
diff --git a/SOURCES/rhbz1567356.patch b/SOURCES/rhbz1567356.patch
new file mode 100644
index 0000000..cf8fd2c
--- /dev/null
+++ b/SOURCES/rhbz1567356.patch
@@ -0,0 +1,272 @@
+commit 553b6df07c9b7ab30ed468a6a4374cbdf73d1c0d
+Author: Mark Wielaard <mark@klomp.org>
+Date: Tue Apr 17 14:36:13 2018 +0200
+
+ linux runtime: Add support for new kernel unwind fallback.
+
+ In newer kernels dump_trace got replaced by a new unwind infrastructure.
+ Add a new autoconf-unwind-stack-trace.c to detect whether we can use it.
+ Extend the runtime/stack.c _stp_stack_print_fallback with a new pt_regs*
+ argument. Update all callers and add dbug_unwind output to show which
+ fallback unwinder we are selecting (or if we are just giving up).
+ Rename the struct unwind_state in unwind.c and unwind.h to uw_state
+ because the old name now conflicts with the one used in the kernel.
+
+diff --git a/buildrun.cxx b/buildrun.cxx
+index 403fa71..59b9e88 100644
+--- a/buildrun.cxx
++++ b/buildrun.cxx
+@@ -365,6 +365,8 @@ compile_pass (systemtap_session& s)
+ "STAPCONF_KERNEL_STACKTRACE", NULL);
+ output_autoconf(s, o, "autoconf-save-stack-trace-no-bp.c",
+ "STAPCONF_KERNEL_STACKTRACE_NO_BP", NULL);
++ output_autoconf(s, o, "autoconf-unwind-stack-trace.c",
++ "STAPCONF_KERNEL_UNWIND_STACK", NULL);
+ output_autoconf(s, o, "autoconf-asm-syscall.c",
+ "STAPCONF_ASM_SYSCALL_H", NULL);
+ output_autoconf(s, o, "autoconf-ring_buffer-flags.c", "STAPCONF_RING_BUFFER_FLAGS", NULL);
+diff --git a/runtime/linux/autoconf-unwind-stack-trace.c b/runtime/linux/autoconf-unwind-stack-trace.c
+new file mode 100644
+index 0000000..2ec399e
+--- /dev/null
++++ b/runtime/linux/autoconf-unwind-stack-trace.c
+@@ -0,0 +1,16 @@
++#include <linux/sched.h>
++#include <asm/unwind.h>
++
++void unwind_stack_trace (void)
++{
++ struct unwind_state state;
++ unwind_start (&state, current, 0, 0);
++ while (! unwind_done (&state))
++ {
++ unsigned long addr = unwind_get_return_address (&state);
++ if (addr == 0)
++ break;
++ unwind_next_frame (&state);
++ }
++}
++
+diff --git a/runtime/stack.c b/runtime/stack.c
+index c9d2c0c..43f98ef 100644
+--- a/runtime/stack.c
++++ b/runtime/stack.c
+@@ -43,7 +43,11 @@
+ #include <asm/stacktrace.h>
+ #endif
+
+-static void _stp_stack_print_fallback(unsigned long, int, int, int);
++#if defined(STAPCONF_KERNEL_UNWIND_STACK)
++#include <asm/unwind.h>
++#endif
++
++static void _stp_stack_print_fallback(unsigned long, struct pt_regs*, int, int, int);
+
+ #ifdef STP_USE_DWARF_UNWINDER
+ #ifdef STAPCONF_LINUX_UACCESS_H
+@@ -128,7 +132,7 @@ static const struct stacktrace_ops print_stack_ops = {
+ };
+
+ /* Used for kernel backtrace printing when other mechanisms fail. */
+-static void _stp_stack_print_fallback(unsigned long stack,
++static void _stp_stack_print_fallback(unsigned long stack, struct pt_regs *regs,
+ int sym_flags, int levels, int skip)
+ {
+ struct print_stack_data print_data;
+@@ -136,20 +140,55 @@ static void _stp_stack_print_fallback(unsigned long stack,
+ print_data.levels = levels;
+ print_data.skip = skip;
+ #if defined(STAPCONF_KERNEL_STACKTRACE)
++ dbug_unwind(1, "fallback kernel stacktrace\n");
+ dump_trace(current, NULL, (long *)stack, 0, &print_stack_ops,
+ &print_data);
+ #else
+ /* STAPCONF_KERNEL_STACKTRACE_NO_BP */
++ dbug_unwind(1, "fallback kernel stacktrace (no bp)\n");
+ dump_trace(current, NULL, (long *)stack, &print_stack_ops,
+ &print_data);
+ #endif
+ }
+ #else
+-static void _stp_stack_print_fallback(unsigned long s, int v, int l, int k) {
++#if defined(STAPCONF_KERNEL_UNWIND_STACK)
++static void _stp_stack_print_fallback(unsigned long sp, struct pt_regs *regs,
++ int sym_flags,
++ int levels, int skip) {
++ struct unwind_state state;
++ unwind_start (&state, current, regs, (unsigned long *) sp);
++ dbug_unwind(1, "fallback kernel stacktrace (unwind)\n");
++ while (levels > 0 && ! unwind_done (&state))
++ {
++ if (skip == 0)
++ {
++ unsigned long addr = unwind_get_return_address (&state);
++ /* When we have frame pointers, the unwind addresses can be
++ (mostly) trusted, otherwise it is all guesswork. */
++#ifdef CONFIG_FRAME_POINTER
++ _stp_print_addr(addr, sym_flags, NULL);
++#else
++ _stp_print_addr(addr, sym_flags | _STP_SYM_INEXACT, NULL);
++#endif
++ if (addr == 0)
++ break;
++ levels--;
++ }
++ else
++ {
++ dbug_unwind(1, "skipping frame\n");
++ skip--;
++ }
++ unwind_next_frame(&state);
++ }
++}
++#else /* no new unwind */
++static void _stp_stack_print_fallback(unsigned long s, struct pt_regs *r, int v, int l, int k) {
+ /* Don't guess, just give up. */
++ dbug_unwind(1, "no fallback kernel stacktrace (giving up)\n");
+ _stp_print_addr(0, v | _STP_SYM_INEXACT, NULL);
+ }
+-
++#endif /* new unwind */
+ #endif /* defined(STAPCONF_KERNEL_STACKTRACE) || defined(STAPCONF_KERNEL_STACKTRACE_NO_BP) */
+
+
+@@ -382,6 +421,7 @@ static void _stp_stack_kernel_print(struct context *c, int sym_flags)
+ if (l == 0) {
+ remaining = MAXBACKTRACE - n;
+ _stp_stack_print_fallback(UNW_SP(&c->uwcontext_kernel.info),
++ &c->uwcontext_kernel.info.regs,
+ sym_flags, remaining, 0);
+ break;
+ } else {
+@@ -408,7 +448,7 @@ static void _stp_stack_kernel_print(struct context *c, int sym_flags)
+ sp = 0;
+ skip = 5; /* yes, that many framework frames. */
+ #endif
+- _stp_stack_print_fallback(sp, sym_flags,
++ _stp_stack_print_fallback(sp, NULL, sym_flags,
+ MAXBACKTRACE, skip);
+ #else
+ if (sym_flags & _STP_SYM_SYMBOL)
+diff --git a/runtime/unwind.c b/runtime/unwind.c
+index ec7cd58..3a2d991 100644
+--- a/runtime/unwind.c
++++ b/runtime/unwind.c
+@@ -235,7 +235,7 @@ static int parse_fde_cie(const u32 *fde, const u32 *cie,
+
+ #define REG_STATE state->reg[state->stackDepth]
+
+-static int advance_loc(unsigned long delta, struct unwind_state *state)
++static int advance_loc(unsigned long delta, struct uw_state *state)
+ {
+ state->loc += delta * state->codeAlign;
+ dbug_unwind(1, "state->loc=%lx\n", state->loc);
+@@ -244,7 +244,7 @@ static int advance_loc(unsigned long delta, struct unwind_state *state)
+
+ /* Set Same or Nowhere rule for register. */
+ static void set_no_state_rule(uleb128_t reg, enum item_location where,
+- struct unwind_state *state)
++ struct uw_state *state)
+ {
+ dbug_unwind(1, "reg=%lx, where=%d\n", reg, where);
+ if (reg < ARRAY_SIZE(REG_STATE.regs)) {
+@@ -254,7 +254,7 @@ static void set_no_state_rule(uleb128_t reg, enum item_location where,
+
+ /* Memory or Value rule */
+ static void set_offset_rule(uleb128_t reg, enum item_location where,
+- sleb128_t svalue, struct unwind_state *state)
++ sleb128_t svalue, struct uw_state *state)
+ {
+ dbug_unwind(1, "reg=%lx, where=%d, svalue=%lx\n", reg, where, svalue);
+ if (reg < ARRAY_SIZE(REG_STATE.regs)) {
+@@ -265,7 +265,7 @@ static void set_offset_rule(uleb128_t reg, enum item_location where,
+
+ /* Register rule. */
+ static void set_register_rule(uleb128_t reg, uleb128_t value,
+- struct unwind_state *state)
++ struct uw_state *state)
+ {
+ dbug_unwind(1, "reg=%lx, value=%lx\n", reg, value);
+ if (reg < ARRAY_SIZE(REG_STATE.regs)) {
+@@ -277,7 +277,7 @@ static void set_register_rule(uleb128_t reg, uleb128_t value,
+ /* Expr or ValExpr rule. */
+ static void set_expr_rule(uleb128_t reg, enum item_location where,
+ const u8 **expr, const u8 *end,
+- struct unwind_state *state)
++ struct uw_state *state)
+ {
+ const u8 *const start = *expr;
+ uleb128_t len = get_uleb128(expr, end);
+@@ -296,7 +296,7 @@ static void set_expr_rule(uleb128_t reg, enum item_location where,
+ #define MAX_CFI 512
+
+ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc,
+- signed ptrType, int user, struct unwind_state *state, int compat_task)
++ signed ptrType, int user, struct uw_state *state, int compat_task)
+ {
+ union {
+ const u8 *p8;
+@@ -1169,7 +1169,7 @@ static int unwind_frame(struct unwind_context *context,
+ unsigned i;
+ signed ptrType = -1, call_frame = 1;
+ uleb128_t retAddrReg = 0;
+- struct unwind_state *state = &context->state;
++ struct uw_state *state = &context->state;
+ unsigned long addr;
+
+ if (unlikely(table_len == 0)) {
+diff --git a/runtime/unwind/unwind.h b/runtime/unwind/unwind.h
+index 9d66732..b3ff786 100644
+--- a/runtime/unwind/unwind.h
++++ b/runtime/unwind/unwind.h
+@@ -492,7 +492,7 @@ struct unwind_reg_state {
+ unsigned cfa_is_expr:1;
+ };
+
+-struct unwind_state {
++struct uw_state {
+ uleb128_t loc;
+ uleb128_t codeAlign;
+ sleb128_t dataAlign;
+@@ -503,7 +503,7 @@ struct unwind_state {
+
+ struct unwind_context {
+ struct unwind_frame_info info;
+- struct unwind_state state;
++ struct uw_state state;
+ };
+
+ static const struct cfa badCFA = { ARRAY_SIZE(reg_info), 1 };
+
+commit 17ee540dd61113fe4f557f191db3480db875cca1
+Author: Mark Wielaard <mark@klomp.org>
+Date: Wed Apr 18 15:00:24 2018 +0200
+
+ Make kernel DWARF unwinder work with ksalr.
+
+ The .debug_frame loaded from disk is already relocated against the
+ expected load offset of the kernel, but the actual static (load)
+ address might be different (with kaslr). So adjust the startLoc
+ for that difference when reading any address from the unwind table.
+
+diff --git a/runtime/unwind.c b/runtime/unwind.c
+index 3a2d991..4c360d2 100644
+--- a/runtime/unwind.c
++++ b/runtime/unwind.c
+@@ -724,10 +724,15 @@ adjustStartLoc (unsigned long startLoc,
+ dbug_unwind(2, "adjustStartLoc=%lx, ptrType=%s, m=%s, s=%s eh=%d\n",
+ startLoc, _stp_eh_enc_name(ptrType), m->path, s->name, is_ehframe);
+ if (startLoc == 0
+- || strcmp (m->name, "kernel") == 0
+ || (strcmp (s->name, ".absolute") == 0 && !is_ehframe))
+ return startLoc;
+
++ /* The .debug_frame loaded from disk is already relocated against the
++ expected load offset of the kernel, but the actual static (load)
++ address might be different (with kaslr). */
++ if (strcmp (m->name, "kernel") == 0)
++ return startLoc - s->sec_load_offset + s->static_addr;
++
+ /* eh_frame data has been loaded in the kernel, so readjust offset. */
+ if (is_ehframe) {
+ dbug_unwind(2, "eh_frame=%lx, eh_frame_addr=%lx\n", (unsigned long) m->eh_frame, m->eh_frame_addr);
diff --git a/SPECS/systemtap.spec b/SPECS/systemtap.spec
index e350aa2..041f42c 100644
--- a/SPECS/systemtap.spec
+++ b/SPECS/systemtap.spec
@@ -79,13 +79,17 @@
Name: systemtap
Version: 3.2
-Release: 4%{?dist}
+Release: 8%{?dist}
# for version, see also configure.ac
Patch10: rhbz1504009.patch
Patch11: rhbz1506230.patch
Patch12: rhbz1490862.patch
Patch13: rhbz1527809.patch
+Patch14: rhbz1558350.patch
+Patch15: rhbz1567356.patch
+Patch16: rhbz1566422.patch
+Patch17: rhbz1563052.patch
# Packaging abstract:
#
@@ -492,6 +496,10 @@ cd ..
%patch11 -p1
%patch12 -p1
%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
%build
@@ -1172,6 +1180,18 @@ done
# PRERELEASE
%changelog
+* Tue Apr 24 2018 Frank Ch. Eigler <fche@redhat.com> - 3.2-8
+- rhbz1563052 (stp_deref string truncation off-by-one error)
+
+* Tue Apr 24 2018 Frank Ch. Eigler <fche@redhat.com> - 3.2-7
+- rhbz1566422 (module build-id checking broken on unload)
+
+* Tue Apr 24 2018 Frank Ch. Eigler <fche@redhat.com> - 3.2-6
+- rhbz1567356 (backtraces broken w/ kaslr)
+
+* Tue Apr 24 2018 Frank Ch. Eigler <fche@redhat.com> - 3.2-5
+- rhbz1558350 (nfsd.proc.create typo fix)
+
* Mon Jan 29 2018 Frank Ch. Eigler <fche@redhat.com> - 3.2-4
- rhbz1527809 (staprun detach with SIGQUIT)