Merge tag 'seccomp-v6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees...

Pull seccomp updates from Kees Cook:

 - interrupt SECCOMP_IOCTL_NOTIF_RECV when all users exit (Andrei Vagin)

 - Update selftests to check for expected NOTIF_RECV exits (Andrei
   Vagin)

* tag 'seccomp-v6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  selftests/seccomp: check that a zombie leader doesn't affect others
  selftests/seccomp: add test for NOTIF_RECV and unused filters
  seccomp: release task filters when the task exits
  seccomp: interrupt SECCOMP_IOCTL_NOTIF_RECV when all users have exited

diff --combined kernel/exit.c
index 81fcee45d6302e9a4dce57613323d0bfe6758344,b945ab81eb92315866a70f859710ca9d62d7bee9..be81342caf1bb6f600af7fe78cdab221177b5a28
--- 1/kernel/exit.c
--- 2/kernel/exit.c
+++ b/kernel/exit.c
@@@ -277,7 -277,6 +277,6 @@@ repeat
        }
  
        write_unlock_irq(&tasklist_lock);
-       seccomp_filter_release(p);
        proc_flush_pid(thread_pid);
        put_pid(thread_pid);
        release_thread(p);
@@@ -484,8 -483,6 +483,8 @@@ retry
         * Search through everything else, we should not get here often.
         */
        for_each_process(g) {
 +              if (atomic_read(&mm->mm_users) <= 1)
 +                      break;
                if (g->flags & PF_KTHREAD)
                        continue;
                for_each_thread(g, c) {
@@@ -834,6 -831,8 +833,8 @@@ void __noreturn do_exit(long code
        io_uring_files_cancel();
        exit_signals(tsk);  /* sets PF_EXITING */
  
+       seccomp_filter_release(tsk);
+ 
        acct_update_integrals(tsk);
        group_dead = atomic_dec_and_test(&tsk->signal->live);
        if (group_dead) {