Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 61b5ebd6 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'seccomp-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull seccomp fix from Kees Cook:
 "Fix fatal signal delivery after ptrace reordering"

* tag 'seccomp-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  seccomp: Fix tracer exit notifications during fatal signals
parents 86a16798 485a252a

kernel/seccomp.c

+8 −4
Original line number Original line Diff line number Diff line
@@ -605,12 +605,16 @@ static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd, 
		ptrace_event(PTRACE_EVENT_SECCOMP, data);

		ptrace_event(PTRACE_EVENT_SECCOMP, data);

		/*

		/*

		 * The delivery of a fatal signal during event

		 * The delivery of a fatal signal during event

		 * notification may silently skip tracer notification.

		 * notification may silently skip tracer notification,

		 * Terminating the task now avoids executing a system

		 * which could leave us with a potentially unmodified

		 * call that may not be intended.

		 * syscall that the tracer would have liked to have

		 * changed. Since the process is about to die, we just

		 * force the syscall to be skipped and let the signal

		 * kill the process and correctly handle any tracer exit

		 * notifications.

		 */

		 */

		if (fatal_signal_pending(current))

		if (fatal_signal_pending(current))

			do_exit(SIGSYS);

			goto skip;

		/* Check if the tracer forced the syscall to be skipped. */

		/* Check if the tracer forced the syscall to be skipped. */

		this_syscall = syscall_get_nr(current, task_pt_regs(current));

		this_syscall = syscall_get_nr(current, task_pt_regs(current));

		if (this_syscall < 0)

		if (this_syscall < 0)