[PROBLEM]: x86-32: Corrupted real-time signal frame when VDSO is disabled.
From: Dmitry Dmitriev
Date: Tue Jun 07 2011 - 05:39:44 EST
Hello,
On x86 32 bit system, real-time signal frame become corrupted when VDSO is disabled.
If we do following:
1) Disable VDSO( write 0 to the /proc/sys/vm/vdso_enabled )
2) Create new process
3) Setup handler for real-time signal in new process
4) Send real-time signal to new process.
Then new process will handle this signal and crash, because it signal frame is corrupted. This problem was observed on 2.6.35 kernel, but it seems that it still exist in 2.6.39 kernel( after examing of source code ).
The problem in __setup_rt_frame function( arch/x86/kernel/signal.c module, 2.6.39 kernel source ):
347static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
348 sigset_t *set, struct pt_regs *regs)
349{
......
380 /* Set up to return from userspace. */
381 restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
......
411 return 0;
412}
__setup_rt_frame set up return from userspace without checking of vdso( lines 380-381 ), i.e. if vdso is disabled, then process will not have VDSO context.
For non real-time signals similar action is performed in following way( __setup_frame function, arch/x86/kernel/signal.c module, 2.6.39 kernel source ):
284static int
285__setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
286 struct pt_regs *regs)
287{
.......
310 if (current->mm->context.vdso)
311 restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
312 else
313 restorer = &frame->retcode;
.......
344 return 0;
345}
I think that similar construction must be add to the __setup_rt_frame function.
Regards,
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/