1 files changed, 16 insertions, 2 deletions
diff --git a/kernel/signal.c b/kernel/signal.c
index 8f3debc77c5b..c89821b69ae3 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -24,6 +24,7 @@
 #include <linux/ptrace.h>
 #include <linux/posix-timers.h>
 #include <linux/signal.h>
+#include <linux/audit.h>
 #include <asm/param.h>
 #include <asm/uaccess.h>
 #include <asm/unistd.h>
@@ -522,7 +523,16 @@ static int __dequeue_signal(struct sigpending *pending, sigset_t *mask,
 {
        int sig = 0;
-        sig = next_signal(pending, mask);
+        /* SIGKILL must have priority, otherwise it is quite easy
+         * to create an unkillable process, sending sig < SIGKILL
+         * to self */
+        if (unlikely(sigismember(&pending->signal, SIGKILL))) {
+                if (!sigismember(mask, SIGKILL))
+                        sig = SIGKILL;
+        }
+        if (likely(!sig))
+                sig = next_signal(pending, mask);
        if (sig) {
                if (current->notifier) {
                        if (sigismember(current->notifier_mask, sig)) {
@@ -658,7 +668,11 @@ static int check_kill_permission(int sig, struct siginfo *info,
            && (current->uid ^ t->suid) && (current->uid ^ t->uid)
            && !capable(CAP_KILL))
                return error;
-        return security_task_kill(t, info, sig);
+        error = security_task_kill(t, info, sig);
+        if (!error)
+                audit_signal_info(sig, t); /* Let audit system see the signal */
+        return error;
 }
 /* forward decl */

diff --git a/kernel/signal.c b/kernel/signal.c index 8f3debc77c5b..c89821b69ae3 100644 --- a/kernel/signal.c +++ b/kernel/signal.c
@@ -24,6 +24,7 @@
24	#include <linux/ptrace.h>	24	#include <linux/ptrace.h>
25	#include <linux/posix-timers.h>	25	#include <linux/posix-timers.h>
26	#include <linux/signal.h>	26	#include <linux/signal.h>
		27	#include <linux/audit.h>
27	#include <asm/param.h>	28	#include <asm/param.h>
28	#include <asm/uaccess.h>	29	#include <asm/uaccess.h>
29	#include <asm/unistd.h>	30	#include <asm/unistd.h>
@@ -522,7 +523,16 @@ static int __dequeue_signal(struct sigpending pending, sigset_t mask,
522	{	523	{
523	int sig = 0;	524	int sig = 0;
524		525
525	sig = next_signal(pending, mask);	526	/* SIGKILL must have priority, otherwise it is quite easy
		527	* to create an unkillable process, sending sig < SIGKILL
		528	* to self */
		529	if (unlikely(sigismember(&pending->signal, SIGKILL))) {
		530	if (!sigismember(mask, SIGKILL))
		531	sig = SIGKILL;
		532	}
		533
		534	if (likely(!sig))
		535	sig = next_signal(pending, mask);
526	if (sig) {	536	if (sig) {
527	if (current->notifier) {	537	if (current->notifier) {
528	if (sigismember(current->notifier_mask, sig)) {	538	if (sigismember(current->notifier_mask, sig)) {
@@ -658,7 +668,11 @@ static int check_kill_permission(int sig, struct siginfo *info,
658	&& (current->uid ^ t->suid) && (current->uid ^ t->uid)	668	&& (current->uid ^ t->suid) && (current->uid ^ t->uid)
659	&& !capable(CAP_KILL))	669	&& !capable(CAP_KILL))
660	return error;	670	return error;
661	return security_task_kill(t, info, sig);	671
		672	error = security_task_kill(t, info, sig);
		673	if (!error)
		674	audit_signal_info(sig, t); /* Let audit system see the signal */
		675	return error;
662	}	676	}
663		677
664	/* forward decl */	678	/* forward decl */