From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 Description of problem: The way that the kernel handles rt_sigframe, and the unwind information for rt_sigreturn in the kernel-supplied vDSO, inhibits user virtualization of signal handling. The rt_sigframe becomes a large block that must be preserved, which breaks existing virtualizations that move only the four scalars {pretcode, sig, pinfo, puc}. The most common symptom is SIGSEGV in thread kill during pthread_cond_wait or when returning from signal handler. The attached patch allows such user virtualizations. First, the patch corrects the declaration of puc in arch/i386/kernel/sigframe.h to be "struct ucontext __user *" instead of "void __user *", and adds a comment that the pointers at the beginning of struct rt_sigframe should be used to access the structures at the end. Although rt_sigframe is how the kernel constructs the frame, all accesses should be indirect through the pointers in the initial part. Second, the patch changes the unwind information in arch/i386/kernel/vsyscall-sigreturn.S to use the pointers instead of accessing the structs directly. There is one more indirection, which costs 20 bytes: two bytes times ten items. Each item now has three more elements, but an offset is less than 128, so is shorter in the leb128 encoding. These first two changes allow signals to be unwound successfully by the code in ld-linux.so from glibc-2.3.90, even if the virtualized handler moves only {pretcode, sig, pinfo, puc}. Third, the patch changes arch/i386/kernel/signal.c so that rt_sigreturn uses the pointers at the beginning of rt_sigframe. This allows successful return from signal when user virtualization moves the pointers at the beginning of rt_sigframe. Strictly speaking, the declaration of user signal handler must add 'const' to prevent the compiler from changing the pointers: void handler(int sig, struct siginfo *info, struct ucontext const *puc) In practice current compilers do not require such a change yet, and any potential impact is also mitigated by scant user documentation which results in low usage. Version-Release number of selected component (if applicable): 2.6.15-1.1826.2.10_FC5 and later How reproducible: Always Steps to Reproduce: 1. Receive a signal when SA_SIGINFO requires using struct rt_sigframe. 2. Call an inner handler with a new virtualized frame using only the {pretcode, sig, pinfo, puc} at the beginning of rt_sigframe. 3. Unwind past the signal frame, or return directly to the kernel from the inner virtualized frame. Actual Results: SIGSEGV. Expected Results: Successful unwind or return from signal. Additional info:
Created attachment 124320 [details] patch to vDSO signal unwind and rt_sigreturn Patch allows user virtualization (moving the signal frame) by using the pointers already present at the beginning of struct rt_sigframe.
The patch was tested successfully by running the complete glibc-2.3.90-35 test suite, including all nptl/tst-* cases that use thread-kill cancellation of pthread_cond_wait(), on a system with the kernel patch applied.
These bugs are being closed since a large number of updates have been released after the FC5 test1 and test2 releases. Kindly update your system by running yum update as root user or try out the third and final test version of FC5 being released in a short while and verify if the bugs are still present on the system .Reopen or file new bug reports as appropriate after confirming the presence of this issue. Thanks
A new kernel update has been released (Version: 2.6.18-1.2200.fc5) based upon a new upstream kernel release. Please retest against this new kernel, as a large number of patches go into each upstream release, possibly including changes that may address this problem. This bug has been placed in NEEDINFO state. Due to the large volume of inactive bugs in bugzilla, if this bug is still in this state in two weeks time, it will be closed. Should this bug still be relevant after this period, the reporter can reopen the bug at any time. Any other users on the Cc: list of this bug can request that the bug be reopened by adding a comment to the bug. In the last few updates, some users upgrading from FC4->FC5 have reported that installing a kernel update has left their systems unbootable. If you have been affected by this problem please check you only have one version of device-mapper & lvm2 installed. See bug 207474 for further details. If this bug is a problem preventing you from installing the release this version is filed against, please see bug 169613. If this bug has been fixed, but you are now experiencing a different problem, please file a separate bug for the new problem. Thank you.
This bug has been mass-closed along with all other bugs that have been in NEEDINFO state for several months. Due to the large volume of inactive bugs in bugzilla, this is the only method we have of cleaning out stale bug reports where the reporter has disappeared. If you can reproduce this bug after installing all the current updates, please reopen this bug. If you are not the reporter, you can add a comment requesting it be reopened, and someone will get to it asap. Thank you.