diff options
Diffstat (limited to 'kernel/seccomp.c')
| -rw-r--r-- | kernel/seccomp.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 9c3830692a0..d9db6ec46bc 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -24,6 +24,7 @@ #ifdef CONFIG_SECCOMP_FILTER #include <asm/syscall.h> #include <linux/filter.h> +#include <linux/ptrace.h> #include <linux/security.h> #include <linux/slab.h> #include <linux/tracehook.h> @@ -408,6 +409,21 @@ int __secure_computing(int this_syscall) /* Let the filter pass back 16 bits of data. */ seccomp_send_sigsys(this_syscall, data); goto skip; + case SECCOMP_RET_TRACE: + /* Skip these calls if there is no tracer. */ + if (!ptrace_event_enabled(current, PTRACE_EVENT_SECCOMP)) + goto skip; + /* Allow the BPF to provide the event message */ + ptrace_event(PTRACE_EVENT_SECCOMP, data); + /* + * The delivery of a fatal signal during event + * notification may silently skip tracer notification. + * Terminating the task now avoids executing a system + * call that may not be intended. + */ + if (fatal_signal_pending(current)) + break; + return 0; case SECCOMP_RET_ALLOW: return 0; case SECCOMP_RET_KILL: |