diff options
Diffstat (limited to 'kernel/seccomp.c')
| -rw-r--r-- | kernel/seccomp.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index ef6c6c3f9d8a..0db7c8a2afe2 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c | |||
| @@ -605,12 +605,16 @@ static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd, | |||
| 605 | ptrace_event(PTRACE_EVENT_SECCOMP, data); | 605 | ptrace_event(PTRACE_EVENT_SECCOMP, data); |
| 606 | /* | 606 | /* |
| 607 | * The delivery of a fatal signal during event | 607 | * The delivery of a fatal signal during event |
| 608 | * notification may silently skip tracer notification. | 608 | * notification may silently skip tracer notification, |
| 609 | * Terminating the task now avoids executing a system | 609 | * which could leave us with a potentially unmodified |
| 610 | * call that may not be intended. | 610 | * syscall that the tracer would have liked to have |
| 611 | * changed. Since the process is about to die, we just | ||
| 612 | * force the syscall to be skipped and let the signal | ||
| 613 | * kill the process and correctly handle any tracer exit | ||
| 614 | * notifications. | ||
| 611 | */ | 615 | */ |
| 612 | if (fatal_signal_pending(current)) | 616 | if (fatal_signal_pending(current)) |
| 613 | do_exit(SIGSYS); | 617 | goto skip; |
| 614 | /* Check if the tracer forced the syscall to be skipped. */ | 618 | /* Check if the tracer forced the syscall to be skipped. */ |
| 615 | this_syscall = syscall_get_nr(current, task_pt_regs(current)); | 619 | this_syscall = syscall_get_nr(current, task_pt_regs(current)); |
| 616 | if (this_syscall < 0) | 620 | if (this_syscall < 0) |