Merge tag 'seccomp-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull seccomp fix from Kees Cook:
 "Fix fatal signal delivery after ptrace reordering"

* tag 'seccomp-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  seccomp: Fix tracer exit notifications during fatal signals

1 files changed, 8 insertions, 4 deletions

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index ef6c6c3f9d8a..0db7c8a2afe2 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -605,12 +605,16 @@ static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd,
                 ptrace_event(PTRACE_EVENT_SECCOMP, data);
                 /*
                  * The delivery of a fatal signal during event
-                 * notification may silently skip tracer notification.
-                 * Terminating the task now avoids executing a system
-                 * call that may not be intended.
+                 * notification may silently skip tracer notification,
+                 * which could leave us with a potentially unmodified
+                 * syscall that the tracer would have liked to have
+                 * changed. Since the process is about to die, we just
+                 * force the syscall to be skipped and let the signal
+                 * kill the process and correctly handle any tracer exit
+                 * notifications.
                  */
                 if (fatal_signal_pending(current))
-                        do_exit(SIGSYS);
+                        goto skip;
                 /* Check if the tracer forced the syscall to be skipped. */
                 this_syscall = syscall_get_nr(current, task_pt_regs(current));
                 if (this_syscall < 0)