3 files changed, 56 insertions, 26 deletions

diff --git a/fs/exec.c b/fs/exec.c
index 643019585574..ffd7a813ad3d 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1135,13 +1135,6 @@ void setup_new_exec(struct linux_binprm * bprm)
                         set_dumpable(current->mm, suid_dumpable);
         }
 
-        /*
-         * Flush performance counters when crossing a
-         * security domain:
-         */
-        if (!get_dumpable(current->mm))
-                perf_event_exit_task(current);
-
         /* An exec changes our domain. We are no longer part of the thread
            group */
 
@@ -1205,6 +1198,15 @@ void install_exec_creds(struct linux_binprm *bprm)
 
         commit_creds(bprm->cred);
         bprm->cred = NULL;
+
+        /*
+         * Disable monitoring for regular users
+         * when executing setuid binaries. Must
+         * wait until new credentials are committed
+         * by commit_creds() above
+         */
+        if (get_dumpable(current->mm) != SUID_DUMP_USER)
+                perf_event_exit_task(current);
         /*
          * cred_guard_mutex must be held at least to this point to prevent
          * ptrace_attach() from altering our determination of the task's
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index e570081f9f76..35f281033142 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2470,13 +2470,16 @@ static long fuse_file_fallocate(struct file *file, int mode, loff_t offset,
                 .mode = mode
         };
         int err;
+        bool lock_inode = !(mode & FALLOC_FL_KEEP_SIZE) ||
+                           (mode & FALLOC_FL_PUNCH_HOLE);
 
         if (fc->no_fallocate)
                 return -EOPNOTSUPP;
 
-        if (mode & FALLOC_FL_PUNCH_HOLE) {
+        if (lock_inode) {
                 mutex_lock(&inode->i_mutex);
-                fuse_set_nowrite(inode);
+                if (mode & FALLOC_FL_PUNCH_HOLE)
+                        fuse_set_nowrite(inode);
         }
 
         req = fuse_get_req_nopages(fc);
@@ -2511,8 +2514,9 @@ static long fuse_file_fallocate(struct file *file, int mode, loff_t offset,
         fuse_invalidate_attr(inode);
 
 out:
-        if (mode & FALLOC_FL_PUNCH_HOLE) {
-                fuse_release_nowrite(inode);
+        if (lock_inode) {
+                if (mode & FALLOC_FL_PUNCH_HOLE)
+                        fuse_release_nowrite(inode);
                 mutex_unlock(&inode->i_mutex);
         }
 
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
index de08c92f2e23..605af512aec2 100644
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -349,31 +349,50 @@ static unsigned int vfs_dent_type(uint8_t type)
 static int ubifs_readdir(struct file *file, void *dirent, filldir_t filldir)
 {
         int err, over = 0;
+        loff_t pos = file->f_pos;
         struct qstr nm;
         union ubifs_key key;
         struct ubifs_dent_node *dent;
         struct inode *dir = file_inode(file);
         struct ubifs_info *c = dir->i_sb->s_fs_info;
 
-        dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, file->f_pos);
+        dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, pos);
 
-        if (file->f_pos > UBIFS_S_KEY_HASH_MASK || file->f_pos == 2)
+        if (pos > UBIFS_S_KEY_HASH_MASK || pos == 2)
                 /*
                  * The directory was seek'ed to a senseless position or there
                  * are no more entries.
                  */
                 return 0;
 
+        if (file->f_version == 0) {
+                /*
+                 * The file was seek'ed, which means that @file->private_data
+                 * is now invalid. This may also be just the first
+                 * 'ubifs_readdir()' invocation, in which case
+                 * @file->private_data is NULL, and the below code is
+                 * basically a no-op.
+                 */
+                kfree(file->private_data);
+                file->private_data = NULL;
+        }
+
+        /*
+         * 'generic_file_llseek()' unconditionally sets @file->f_version to
+         * zero, and we use this for detecting whether the file was seek'ed.
+         */
+        file->f_version = 1;
+
         /* File positions 0 and 1 correspond to "." and ".." */
-        if (file->f_pos == 0) {
+        if (pos == 0) {
                 ubifs_assert(!file->private_data);
                 over = filldir(dirent, ".", 1, 0, dir->i_ino, DT_DIR);
                 if (over)
                         return 0;
-                file->f_pos = 1;
+                file->f_pos = pos = 1;
         }
 
-        if (file->f_pos == 1) {
+        if (pos == 1) {
                 ubifs_assert(!file->private_data);
                 over = filldir(dirent, "..", 2, 1,
                                parent_ino(file->f_path.dentry), DT_DIR);
@@ -389,7 +408,7 @@ static int ubifs_readdir(struct file *file, void *dirent, filldir_t filldir)
                         goto out;
                 }
 
-                file->f_pos = key_hash_flash(c, &dent->key);
+                file->f_pos = pos = key_hash_flash(c, &dent->key);
                 file->private_data = dent;
         }
 
@@ -397,17 +416,16 @@ static int ubifs_readdir(struct file *file, void *dirent, filldir_t filldir)
         if (!dent) {
                 /*
                  * The directory was seek'ed to and is now readdir'ed.
-                 * Find the entry corresponding to @file->f_pos or the
-                 * closest one.
+                 * Find the entry corresponding to @pos or the closest one.
                  */
-                dent_key_init_hash(c, &key, dir->i_ino, file->f_pos);
+                dent_key_init_hash(c, &key, dir->i_ino, pos);
                 nm.name = NULL;
                 dent = ubifs_tnc_next_ent(c, &key, &nm);
                 if (IS_ERR(dent)) {
                         err = PTR_ERR(dent);
                         goto out;
                 }
-                file->f_pos = key_hash_flash(c, &dent->key);
+                file->f_pos = pos = key_hash_flash(c, &dent->key);
                 file->private_data = dent;
         }
 
@@ -419,7 +437,7 @@ static int ubifs_readdir(struct file *file, void *dirent, filldir_t filldir)
                              ubifs_inode(dir)->creat_sqnum);
 
                 nm.len = le16_to_cpu(dent->nlen);
-                over = filldir(dirent, dent->name, nm.len, file->f_pos,
+                over = filldir(dirent, dent->name, nm.len, pos,
                                le64_to_cpu(dent->inum),
                                vfs_dent_type(dent->type));
                 if (over)
@@ -435,9 +453,17 @@ static int ubifs_readdir(struct file *file, void *dirent, filldir_t filldir)
                 }
 
                 kfree(file->private_data);
-                file->f_pos = key_hash_flash(c, &dent->key);
+                file->f_pos = pos = key_hash_flash(c, &dent->key);
                 file->private_data = dent;
                 cond_resched();
+
+                if (file->f_version == 0)
+                        /*
+                         * The file was seek'ed meanwhile, lets return and start
+                         * reading direntries from the new position on the next
+                         * invocation.
+                         */
+                        return 0;
         }
 
 out:
@@ -448,15 +474,13 @@ out:
 
         kfree(file->private_data);
         file->private_data = NULL;
+        /* 2 is a special value indicating that there are no more direntries */
         file->f_pos = 2;
         return 0;
 }
 
-/* If a directory is seeked, we have to free saved readdir() state */
 static loff_t ubifs_dir_llseek(struct file *file, loff_t offset, int whence)
 {
-        kfree(file->private_data);
-        file->private_data = NULL;
         return generic_file_llseek(file, offset, whence);
 }